mq-container icon indicating copy to clipboard operation
mq-container copied to clipboard
verified publisher icon ibm-messaging

JMSWMQ2013: The security authentication was not valid error since icr.io/ibm-messaging/mq:9.3.4.1-r1

Open theangrydev opened this issue 1 year ago • 2 comments

I used to be able to start the container like:

docker run \
--env LICENSE=accept \
--env MQ_QMGR_NAME= QM1 \
--publish 1414:1414 \
--detach icr.io/ibm-messaging/mq:9.3.3.3-r2

And connect successfully using:

JmsConnectionFactory factory = JmsFactoryFactory
    .getInstance("com.ibm.msg.client.wmq")
    .createConnectionFactory();
factory.setIntProperty("XMSC_WMQ_CONNECTION_MODE", 1);
factory.setStringProperty("XMSC_WMQ_HOST_NAME", "localhost");
factory.setIntProperty("XMSC_WMQ_PORT", 1414);
factory.setStringProperty("XMSC_WMQ_QUEUE_MANAGER", "QM1");
factory.setStringProperty("XMSC_WMQ_CHANNEL", "DEV.APP.SVRCONN");
factory.setBooleanProperty("XMSC_USER_AUTHENTICATION_MQCSP", false);
return factory.createConnection("app", "");

With either empty string or null for the password.

But since icr.io/ibm-messaging/mq:9.3.4.1-r1 (or 9.3.4.0-r1) I get this error on Linux:

Caused by: com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for queue manager 'QM1' with connection mode 'Client' and host name 'localhost(1414)'.
Please check if the supplied username and password are correct on the queue manager to which you are connecting.  For further information, review the queue manager error logs and the Securing IBM MQ topic within IBM Documentation.
  at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:531)
  at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:215)
  at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:482)
  at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:9009)
  at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:8349)
  at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl._createConnection(JmsConnectionFactoryImpl.java:322)
  at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:242)
  at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6193)
  at com.ibm.mq.jms.MQConnectionFactory.createConnection(MQConnectionFactory.java:6256)
  ...<snip>...
Caused by: com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
  at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203)
  ... 13 more

theangrydev avatar Apr 17 '24 17:04 theangrydev

The MQ Advanced for Developers offers additional developer configuration to help you get started, which includes the "app" and "admin" users. Previously, the admin user had a default password ("passw0rd"), and the app user could connect with no password. Both of these were identified as potential security issues, and that they shouldn't apply by default. So now the user won't be available unless you explicitly set the password by using an environment variable: MQ_APP_PASSWORD for the app user; MQ_ADMIN_PASSWORD for the admin user.

arthurbarr avatar Apr 18 '24 07:04 arthurbarr

Makes sense, is this in the release notes somewhere I must have missed it?

theangrydev avatar Apr 19 '24 11:04 theangrydev