|
Problem(Abstract) |
When Global Security is enabled in IBM® WebSphere®
Application Server V5.0 with Embedded Messaging, the following errors may
occur when using a Queue Connection Factory (QCF) or Topic Connection
Factory (TCF) to connect to a queue or topic:
MSGS0508E: The JMS Server security service was unable to authenticate
userid: {0}
MSGS0509E: The JMS Server security service was unable to authorize userid
{0} to access resource {1} with {2} permission
These errors would not occur if the full WebSphere MQ product or a
third-party Messaging product were used. |
|
|
|
Cause |
When Global Security is enabled, the Embedded JMS Security
service will attempt to authorize the userid specified in the J2C
Authentication Alias in the Queue or Topic Connection Factory definition.
The MSGS0508E or MSGS0509E errors may occur for the following
circumstances:
- There is no Container-managed or Component-managed J2C Authentication
Alias defined on the QCF or TCF.
- A J2C Authentication Alias has been defined on the QCF or TCF, but the
user id specified in the Authentication Alias does not have the proper
permissions to access the resource. This would only occur if the
integral-jms-authorizations.xml file has been modified; by default,
permission is granted for all user ids to access all queues and
topics.
- If the user id listed in the error message is blank or null, this is
due to an existing defect that is fixed by APAR PQ89413. The fix is
included in Application Server versions 5.1.0.5 and 5.1.1.
|
|
|
Resolving the
problem |
To resolve the problem:
|
|
|
|