search

ibm-messaging / mq-container

Container images for IBM® MQ
Apache License 2.0
247 stars 186 forks source link

JMSWMQ2013: The security authentication was not valid error since icr.io/ibm-messaging/mq:9.3.4.1-r1 #559

Open theangrydev opened 5 months ago

theangrydev commented 5 months ago

I used to be able to start the container like:

docker run \
--env LICENSE=accept \
--env MQ_QMGR_NAME= QM1 \
--publish 1414:1414 \
--detach icr.io/ibm-messaging/mq:9.3.3.3-r2

And connect successfully using:

JmsConnectionFactory factory = JmsFactoryFactory
    .getInstance("com.ibm.msg.client.wmq")
    .createConnectionFactory();
factory.setIntProperty("XMSC_WMQ_CONNECTION_MODE", 1);
factory.setStringProperty("XMSC_WMQ_HOST_NAME", "localhost");
factory.setIntProperty("XMSC_WMQ_PORT", 1414);
factory.setStringProperty("XMSC_WMQ_QUEUE_MANAGER", "QM1");
factory.setStringProperty("XMSC_WMQ_CHANNEL", "DEV.APP.SVRCONN");
factory.setBooleanProperty("XMSC_USER_AUTHENTICATION_MQCSP", false);
return factory.createConnection("app", "");

With either empty string or null for the password.

But since icr.io/ibm-messaging/mq:9.3.4.1-r1 (or 9.3.4.0-r1) I get this error on Linux:

Caused by: com.ibm.msg.client.jms.DetailedJMSSecurityException: JMSWMQ2013: The security authentication was not valid that was supplied for queue manager 'QM1' with connection mode 'Client' and host name 'localhost(1414)'.
Please check if the supplied username and password are correct on the queue manager to which you are connecting.  For further information, review the queue manager error logs and the Securing IBM MQ topic within IBM Documentation.
  at com.ibm.msg.client.wmq.common.internal.Reason.reasonToException(Reason.java:531)
  at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:215)
  at com.ibm.msg.client.wmq.internal.WMQConnection.<init>(WMQConnection.java:482)
  at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createV7ProviderConnection(WMQConnectionFactory.java:9009)
  at com.ibm.msg.client.wmq.factories.WMQConnectionFactory.createProviderConnection(WMQConnectionFactory.java:8349)
  at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl._createConnection(JmsConnectionFactoryImpl.java:322)
  at com.ibm.msg.client.jms.admin.JmsConnectionFactoryImpl.createConnection(JmsConnectionFactoryImpl.java:242)
  at com.ibm.mq.jms.MQConnectionFactory.createCommonConnection(MQConnectionFactory.java:6193)
  at com.ibm.mq.jms.MQConnectionFactory.createConnection(MQConnectionFactory.java:6256)
  ...<snip>...
Caused by: com.ibm.mq.MQException: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
  at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:203)
  ... 13 more
arthurbarr commented 5 months ago

The MQ Advanced for Developers offers additional developer configuration to help you get started, which includes the "app" and "admin" users. Previously, the admin user had a default password ("passw0rd"), and the app user could connect with no password. Both of these were identified as potential security issues, and that they shouldn't apply by default. So now the user won't be available unless you explicitly set the password by using an environment variable: MQ_APP_PASSWORD for the app user; MQ_ADMIN_PASSWORD for the admin user.

theangrydev commented 5 months ago

Makes sense, is this in the release notes somewhere I must have missed it?