I have an application which uses the WebSphere MQ V7.1 classes for Java™ to interact with a WebSphere MQ queue manager. What user identifier does the application use when it connects to the queue manager using the CLIENT transport?
When a WebSphere MQ classes for Java application creates a new MQQueueManager object, the classes for Java will use the information in the MQEnvironment object to create a connection to a specified queue manager.
One of the fields in MQEnvironment is userID, which specifies the identifier for the user running the application.
The default value for this property is the empty string ("").
If the application is connecting to a queue manager using the CLIENT transport, and is using a channel which does not have a security exit defined, then the WebSphere MQ classes for Java will flow a user identifier to the queue manager for authorization as part of the MQQueueManager constructor. The user identifier depends upon the value of the MQEnvironment.userID field:
- If the property is set to a non default value, the WebSphere MQ classes for Java will pass this value to the queue manager for authorization.
- If the property is set to the default value, then the WebSphere MQ classes for Java will query the Java system property user.name, and pass this value to the queue manager for authorization. Note that this behaviour is different to the WebSphere MQ V7.0.1 classes for Java (and earlier), which would not pass any user identifier to the queue manager in this situation.
If the application has been configured to use a channel that has a security exit defined, then the security exit will be responsible for performing any application specific security logic. The value of the MQEnvironment.userID field will not be passed to the queue manager for authorization, and is not made available to the security exit.
If an unexpected or incorrect (wrong) userID is passed then you may see an MQException reporting
MQJE001: Completion Code '2', Reason '2035'
MQRC 2035 MQRC_NOT_AUTHORIZED
For a similar problem refer to technote:
WMQ 7.1 / 7.5 queue manager - RC 2035 MQRC_NOT_AUTHORIZED when using client connection as an MQ Administrator
For similar problems at WebSphere MQ V6 or V7.0 refer to technote:
2035 MQRC_NOT_AUTHORIZED Java or JMS applications fail after upgrading from MQ V5.3 to V6 or V7.
For similar problems in JMS refer to technote:
MQJMS2013 (V6) JMSWMQ2013 (V7) invalid security authentication (RC 2035)
For similar problems in a WebSphere Application Server MDB refer to technote:
What userid is passed from WAS MDB application to MQ queue manager when using the WebSphere MQ classes for JMS (MQ as messaging provider)
For details on how to collect additional error information for similar problems refer to technotes:
MQS_REPORT_NOAUTH environment variable can be used to better diagnose return code 2035 (MQRC_NOT_AUTHORIZED)
Using MQSAUTHERRORS to generate FDC files related to RC 2035 (MQRC_NOT_AUTHORIZED)
WebSphere MQ WMQ