|
Problem(Abstract) |
JMSSecuritySe E MSGS0508E: The JMS Server security service
was unable to authenticate userid: <user>
FreePool E J2CA0046E: Method createManagedConnctionWithMCWrapper caught an
exception during creation of the ManagedConnection for resource
<resource>, throwing ResourceAllocationException. Original
exception: javax.resource.spi.ResourceAdapterInternalException:
createQueueConnection failed
at com.ibm.ejs.jms.JMSCMUtils.mapToResourceException(JMSCMUtils.java:125)
at
com.ibm.ejs.jms.JMSManagedQueueConnection.createConnection(JMSManagedQueueConnection.java:174)
at com.ibm.ejs.jms.JMSManagedConnection.(JMSManagedConnection.java:166)
Next Linked Exception:
javax.jms.JMSSecurityException: MQJMS2013: invalid security authentication
supplied for MQQueueManager
at com.ibm.mq.jms.MQConnection.createQM(MQConnection.java:1685)
at com.ibm.mq.jms.MQConnection.createQMXA(MQConnection.java:1077)
at com.ibm.mq.jms.MQQueueConnection.(MQQueueConnection.java:123) |
|
|
|
Cause |
When WebSphere® Application Server Global Security is
enabled, any attempts to access an embedded messaging resource (such as a
queue manager or queue) causes the Java™ Messaging Service (JMS) Server to
validate the user who is making the access attempt. This validation is a
two stage process:
- Authenticate the user. To do this, the JMS Security Service checks
that the user ID defined in the Connection Factory's Authentication Alias
is defined in the User Registry that is being used by the Application
Server.
- Check if the user has the authority to access the JMS resource, by
looking at the file:
WAS_HOME\config\cells\<cell_name>\integral-jms-authorizations.xml.
|
|
|
Resolving the
problem |
To solve this problem, use the Administrative Console that
allows you to specify an Authentication Alias when defining Queue and
Topic Connection Factories. The alias maps to a username and password.
When WebSphere Application Server Global Security is switched on and an
application attempts to use the Connection Factory, the username and
password are passed to the JMS Security Service.
The Authentication Alias must map to a username and password that are
known to the Active User Registry that is used by the Application Server.
If the alias does not map to a valid username/password, the exception
shown above results.
To find out what Active User Registry is being used:
- Start the Application Server.
- Open the administrative console, and log in.
- In the left pane, expand Security, then click on Global Security
- Look at the value of the Active User Registry property.
Possible values are Local OS, LDAP and Custom. Ensure that the username
specified in the alias also exists in this User Registry.
|
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|