4

我刚刚重构了一些发布到 JMS 主题的代码以使用 Spring 的 JmsTemplate 类,现在我收到一个异常,说明我没有经过身份验证。

以前我创建了工厂,建立了连接,然后进行了会话等,如下所示:

MQTopicConnectionFactory factory = new MQTopicConnectionFactory();
factory.setQueueManager(qMgr);   
factory.setTransportType(JMSC.MQJMS_TP_CLIENT_MQ_TCPIP);
factory.setHostName(hostname);
factory.setPort(listenerPort);
factory.setChannel(channel);
// setting username and password to be empty string ==> no authentication
connection = factory.createConnection("", "");   
...
connection.start();

我在 JmsTemplate 中看不到将用户名和密码设置为空字符串的任何地方。我的配置如下所示:

<bean id="jmsFactory" class="com.ibm.mq.jms.MQTopicConnectionFactory">
    <property name="queueManager">
        <value>ACT01</value>
    </property>
    <property name="hostName">
        <value>xx.xx.xx.xx</value>
    </property>
    <property name="port">
        <value>15004</value>
    </property>
    <property name="transportType">
        <value>1</value>
    </property>
    <property name="channel">
        <value>CONDUCTOR.ACT01</value>
    </property>
</bean>

<bean id="impactJmsTemplate" class="org.springframework.jms.core.JmsTemplate">
    <property name="connectionFactory">
        <bean class="org.springframework.jms.connection.SingleConnectionFactory">
            <property name="targetConnectionFactory">
                <ref local="jmsFactory" />
            </property>
        </bean>
    </property>
</bean>

我还尝试将 jmsFactory 包装在一个UserCredentialsConnectionFactoryAdapter对象中,但无济于事:

<bean id="jmsConnectionFactory" class="org.springframework.jms.connection.UserCredentialsConnectionFactoryAdapter">
    <property name="targetConnectionFactory" ref="jmsFactory"/>
    <property name="username" value=""/>
    <property name="password" value=""/>
</bean>

堆栈跟踪:

Caused by: com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'LOROL' with connection mode 'Client' and host name 'xx.xx.xx.xx'. Please check if the supplied username and password are correct on the QueueManager you are connecting to
at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:531)
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:219)
at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:410)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:7855)
at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:7331)
at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:276)
at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6055)
at com.ibm.mq.jms.MQTopicConnectionFactory.createTopicConnection(MQTopicConnectionFactory.java:114)
at com.ibm.mq.jms.MQTopicConnectionFactory.createConnection(MQTopicConnectionFactory.java:197)
at org.springframework.jms.connection.SingleConnectionFactory.doCreateConnection(SingleConnectionFactory.java:343)
at org.springframework.jms.connection.SingleConnectionFactory.initConnection(SingleConnectionFactory.java:290)
at org.springframework.jms.connection.SingleConnectionFactory.createConnection(SingleConnectionFactory.java:227)
at org.springframework.jms.support.JmsAccessor.createConnection(JmsAccessor.java:184)
at org.springframework.jms.core.JmsTemplate.execute(JmsTemplate.java:461)
... 25 more
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:206)
... 37 more
4

2 回答 2

2

这里有几个选项...

  • 您之前设置的属性导致通道以管理员身份运行。要获得相同的功能,您可以将通道的 MCAUSER 设置为 QMgr 正在运行的任何 ID(通常是 UNIX 的 mqm 和 Windows 的 MUSR_MQADMIN)。繁荣。完毕。鲍勃的叔叔。
  • Yes, this does mean that anyone connecting to that channel is an administrator. On the other hand, this is no worse than it was before as demonstrated by your previous code working the way it did.
  • You can still use Spring and pass in the ID and password as described in this forum post. Just keep in mind the password is not actually checked. Whatever ID you pass in is accepted at face value unless you use a channel exit to validate it.

有关客户端连接上的 WMQ 安全性的更多信息,请参阅强化 WebSphere MQ 演示文稿。如果您想真正保护对 QMgr 的访问,您需要将 MCAUSER 设置为低权限用户 ID,执行 setmqaut 命令来授权该 ID 的组,然后锁定所有其他通道,如 SYSTEM.AUTO.* 和 SYSTEM。 DEF.* 所以他们无法运行。

于 2010-07-08T04:39:12.357 回答
0

我在本地 Windows 机器上运行 Websphere 并在 Unix 机器上连接到 MQ 服务器。对我来说,只有第三种选择有效。从控制台设置用户 ID 不起作用。我尝试了 mqm 和 MUSR_MQADMIN。

//使用用户名和密码创建的连接 QueueConnection connection = factory.createQueueConnection("mqm","mqm");

于 2012-01-10T20:48:03.247 回答