|
| Problem | JMSSecuritySe E MSGS0508E: The JMS Server security service was unable to authenticate userid: <user>
FreePool E J2CA0046E: Method createManagedConnctionWithMCWrapper caught an exception during creation of the ManagedConnection for resource <resource>, throwing ResourceAllocationException. Original exception: javax.resource.spi.ResourceAdapterInternalException: createQueueConnection failed
at com.ibm.ejs.jms.JMSCMUtils.mapToResourceException(JMSCMUtils.java:125)
at com.ibm.ejs.jms.JMSManagedQueueConnection.createConnection(JMSManagedQueueConnection.java:174)
at com.ibm.ejs.jms.JMSManagedConnection.(JMSManagedConnection.java:166)
Next Linked Exception:
javax.jms.JMSSecurityException: MQJMS2013: invalid security authentication supplied for MQQueueManager
at com.ibm.mq.jms.MQConnection.createQM(MQConnection.java:1685)
at com.ibm.mq.jms.MQConnection.createQMXA(MQConnection.java:1077)
at com.ibm.mq.jms.MQQueueConnection.(MQQueueConnection.java:123) | | Cause | When WebSphere® Application Server Global Security is enabled, any attempts to access an embedded messaging resource (such as a queue manager or queue) causes the Java™ Messaging Service (JMS) Server to validate the user who is making the access attempt. This validation is a two stage process: - Authenticate the user. To do this, the JMS Security Service checks that the user ID defined in the Connection Factory's Authentication Alias is defined in the User Registry that is being used by the Application Server.
- Check if the user has the authority to access the JMS resource, by looking at the file:
WAS_HOME\config\cells\<cell_name>\integral-jms-authorizations.xml.
| | Solution | To solve this problem, use the Administrative Console that allows you to specify an Authentication Alias when defining Queue and Topic Connection Factories. The alias maps to a username and password. When WebSphere Application Server Global Security is switched on and an application attempts to use the Connection Factory, the username and password are passed to the JMS Security Service.
The Authentication Alias must map to a username and password that are known to the Active User Registry that is used by the Application Server. If the alias does not map to a valid username/password, the exception shown above results.
To find out what Active User Registry is being used:
- Start the Application Server.
- Open the administrative console, and log in.
- In the left pane, expand Security, then click on Global Security
- Look at the value of the Active User Registry property.
Possible values are Local OS, LDAP and Custom. Ensure that the username specified in the alias also exists in this User Registry.
| |
| | |
| |
|
Product categories: Software, Application Servers, Distributed Application & Web Servers, WebSphere Application Server, Java Message Service (JMS) Operating system(s): Multi-Platform Software version: 3.5, 4.0, 5.0, 5.1, 6.0 Reference #: 1175157 IBM Group: Software Group Modified date: 2004-07-26
(C) Copyright IBM Corporation 2000, 2004. All Rights Reserved.
|