search

ibm-messaging / mq-jms-spring

Components to assist MQ JMS integration with Spring frameworks
Apache License 2.0
190 stars 102 forks source link

AMQ9557E: Queue Manager User ID initialization failed for 'worker' #104

Open mohammadrsh opened 11 months ago

mohammadrsh commented 11 months ago

Hello, I am using this implementation in our JmsConfig file:

@Bean
    fun mqQueueConnectionFactory(): MQQueueConnectionFactory {
        logger.info("Try to initialise jms template ...")
        val mqQueueConnectionFactory = MQQueueConnectionFactory().apply {
            queueManager = properties.queueManager
            hostName = properties.hostName
            transportType = WMQConstants.WMQ_CM_CLIENT
            channel = properties.channel
            port = properties.port
            appName = properties.applicationName
            setStringProperty(WMQConstants.USERID, properties.user)
            setStringProperty(WMQConstants.PASSWORD, properties.password)
        }
        logger.info("Finished initialisation of jms template ...")
        return mqQueueConnectionFactory
    }

    @Bean
    @Primary
    fun cachingConnectionFactory(mqQueueConnectionFactory: MQQueueConnectionFactory): CachingConnectionFactory =
        CachingConnectionFactory().apply {
            targetConnectionFactory = mqQueueConnectionFactory
            isCacheConsumers = false
            isCacheProducers = false
            sessionCacheSize = 500
        }

    @Bean
    fun jmsOperations(cachingConnectionFactory: CachingConnectionFactory): JmsOperations =
        JmsTemplate(cachingConnectionFactory).apply {
            receiveTimeout = 20000
        }

    @Bean
    fun jmsListenerContainerFactory(
        errorHandler: JmsErrorHandler,
        cachingConnectionFactory: CachingConnectionFactory
    ): DefaultJmsListenerContainerFactory? =
        DefaultJmsListenerContainerFactory().apply {
            setConnectionFactory(cachingConnectionFactory)
            setErrorHandler(errorHandler)
        }

Every property is set correctly from application.yml, the issue I have is that the connectionFactory trying to connect with a different user in the header as I see in the log here:

----- cmqxrsrv.c : 7795 -------------------------------------------------------
12/13/2023 08:18:58 AM - Process(42448.58374) User(mqm) Program(amqrmppa)
                    Host() Installation(Installation1)
                    VRMF(9.3.0.6) QMgr(QM1)
                    Time(2023-12-13T07:18:58.711Z)
                    ArithInsert1(2) ArithInsert2(2035)
                    CommentInsert1(worker)
                    CommentInsert2(admin)
                    CommentInsert3(worker)

AMQ9557E: Queue Manager User ID initialization failed for 'worker'.

EXPLANATION:
The call to initialize the User ID 'worker' failed with CompCode 2 and Reason
2035. If an MQCSP block was used, the User ID in the MQCSP block was
'admin'. If a userID flow was used, the User ID in the UID header was
'worker' and any CHLAUTH rules applied prior to user adoption were evaluated
case-sensitively against this value.
ACTION:
Correct the error and try again.

I don't know from where we see this user 'worker' in the header, the only user we use in config file is admin. Can you help with that to see if it's a client issue or related to CHLAUTH rules on IBM MQ Server.

ibmmqmet commented 11 months ago

"worker" will be the userid associated with the channel before authentication is done.

You'd need to look at the MCAUSER setting on the channel, which userid is actually executing the qmgr processes, which userid is executing the client program, and any CHLAUTH rules that might have been defined to map userids. there's no way of telling from here what precisely might have applied that identity.

mohammadrsh commented 11 months ago

Thanks for the reply, Here is the CHLAUTH config:

CHLAUTH Rules:

  CHLAUTH(SC.CLIENT)                   TYPE(USERMAP)
   ADDRESS(100.127.130.*)                  CLNTUSER(admin)
   MCAUSER(mqm)

Chl Config:

  CHANNEL(SC.CLIENT)                   CHLTYPE(SVRCONN)
   ALTDATE(2023-08-18)                     ALTTIME(11.26.43)
   CERTLABL( )                             COMPHDR(NONE)
   COMPMSG(NONE)                           DESCR( )
   DISCINT(0)                              HBINT(300)
   KAINT(AUTO)                             MAXINST(999999999)
   MAXINSTC(999999999)                     MAXMSGL(4194304)
   MCAUSER( )                              MONCHL(QMGR)
   RCVDATA( )                              RCVEXIT( )
   SCYDATA( )                              SCYEXIT( )
   SENDDATA( )                             SENDEXIT( )
   SHARECNV(10)                            SSLCAUTH(REQUIRED)
   SSLCIPH( )                              SSLPEER( )
   TRPTYPE(TCP)

Connauth:
QMNAME(QM1)
   CONNAUTH(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)

Authinfo:
   AUTHINFO(SYSTEM.DEFAULT.AUTHINFO.IDPWOS)
   AUTHTYPE(IDPWOS)                        ADOPTCTX(YES)
   DESCR( )                                CHCKCLNT(NONE)
   CHCKLOCL(OPTIONAL)                      FAILDLAY(1)
   AUTHENMD(OS)                            ALTDATE(2023-12-14)
   ALTTIME(13.12.56)

Is the issue related to this config?

ibmmqmet commented 11 months ago

MQ isn't inventing the "worker" ID. It must be coming from something running in your environment. Your AUTHINFO rule has "NONE" for CHCKCLNT so any userid/password is being ignored.

Have you got Authorisation Events enabled on the qmgr? Those events can give a lot more information than error log entries.

mohammadrsh commented 11 months ago

Thanks, Is there a way to debug mqQueueConnectionFactory properties before it tries to authenticate? I tried this:

        val map = mqQueueConnectionFactory.keys.associateWith { mqQueueConnectionFactory[it] }.toSortedMap()
        map.forEach { entry ->
            logger.info("JMS config: ${entry.key} : ${entry.value}")
        }

And I didn't see any user 'worker', It is also not a default value or configured anywhere in the project.