What user identifier is passed to a queue manager from an application using the WebSphere MQ V7.1 (or later) classes for Java?
You have an application which uses the WebSphere MQ V7.1 classes for Java™ to interact with a WebSphere MQ queue manager. What user identifier does the application use when it connects to the queue manager using the CLIENT transport?
When a WebSphere MQ classes for Java application creates a new MQQueueManager object, the classes for Java will use the information in the MQEnvironment object to create a connection to a specified queue manager.
One of the fields in MQEnvironment is userID, which specifies the identifier for the user running the application.
The default value for this property is the empty string ("").
If the application is connecting to a queue manager using the CLIENT transport, and is using a channel which does not have a security exit defined, then the WebSphere MQ classes for Java will flow a user identifier to the queue manager for authorization as part of the MQQueueManager constructor. The user identifier depends upon the value of the MQEnvironment.userID field:
- If the property is set to a non default value, the WebSphere MQ classes for Java will pass this value to the queue manager for authorization.
- If the property is set to the default value, then the WebSphere MQ classes for Java will query the Java system property user.name, and pass this value to the queue manager for authorization. Note that this behaviour is different to the WebSphere MQ V7.0.1 classes for Java (and earlier), which would not pass any user identifier to the queue manager in this situation.
If the application has been configured to use a channel that has a security exit defined, then the security exit will be responsible for performing any application specific security logic. The value of the MQEnvironment.userID field will not be passed to the queue manager for authorization, and is not made available to the security exit.
If an unexpected or incorrect (wrong) userID is passed then you may see an MQException reporting
MQJE001: Completion Code '2', Reason '2035'
MQRC 2035 MQRC_NOT_AUTHORIZED
For a similar problem refer to technote:
WMQ 7.1 / 7.5 queue manager - RC 2035 MQRC_NOT_AUTHORIZED when using client connection as an MQ Administrator
For similar problems in JMS refer to technote:
MQJMS2013 (V6) JMSWMQ2013 (V7) invalid security authentication (RC 2035)
For details on how to collect additional error information for similar problems refer to technotes:
MQS_REPORT_NOAUTH environment variable can be used to better diagnose return code 2035 (MQRC_NOT_AUTHORIZED)
Using MQSAUTHERRORS to generate FDC files related to RC 2035 (MQRC_NOT_AUTHORIZED)
WebSphere MQ WMQ
More support for:
Software version: 7.1, 7.5, 8.0
Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS
Reference #: 1624099
Modified date: 14 March 2016