Technote (troubleshooting)
Problem(Abstract)
Your message producer is not able to connect to the JMS destination in your Service Integration Bus for WebSphere Application Server and throws a CWSIA0069E error.
Symptom
The following errors are thrown in the JVM logs (SystemOut.log):
javax.jms.JMSSecurityException: CWSIA0006E: The authorization for the supplied user name was not successful.
Caused by: javax.jms.JMSSecurityException: CWSIA0069E: The user does not
have authorization to carry out this operation. See the linked exception
for details.
at
com.ibm.ws.sib.api.jms.impl.JmsMsgProducerImpl.<init>(JmsMsgProducerImpl.java:381) at
com.ibm.ws.sib.api.jms.impl.JmsSessionImpl.instantiateProducer(JmsSessionImpl.java:1442) at
com.ibm.ws.sib.api.jms.impl.JmsSessionImpl.createProducer(JmsSessionImpl.java:866) at
gov.fbi.sentinel.search.manager.SearchIndexJMSQueuingStrategy.publishInBulkToQueue(SearchIndexJMSQueuingStrategy.java:136)
... 134 more
Caused by: com.ibm.wsspi.sib.core.exception.SINotAuthorizedException:
CWSIK0018E: Send access to destination SearchQueue was denied for user with subject .
at
com.ibm.ws.sib.comms.common.CommsByteBuffer.parseSingleException(CommsBy teBuffer.java:1786)
Cause
CWSIA0069E indicates that the application does not have authorization to create a producer for the requested JMS destination.
The primary reason for an authorization failure on a destination is that the user is
not in the relevant role for the destination being accessed.
Resolving the problem
Make sure that user has the proper authorization to access that destination as per this table.
| Destination type | Access roles |
|---|---|
| queue | sender, receiver, browser, creator |
| port | sender, receiver, browser, creator |
| webService | sender, receiver, browser, creator |
| topicSpace | sender, receiver |
| foreignDestination | sender |
| alias | sender, receiver, browser |
After this you have to restart the messaging engine for these changes to take effect. Some times you may have to sync the servers in case of clusters to push this information to all members of the clusters. See the following sections of the Information Center for details on working with user roles in the different versions of WebSphere Application Server:
WAS V8.5: Administering destination roles
WAS V8: Administering destination roles
WAS V7: Administering destination roles
WAS V6.1: Administering destination roles through the command line
Related information
Service integration security planning
Administering authorization permissions:
Administering destination roles:
Administering topic roles
Securing service integration
| Segment | Product | Component | Platform | Version | Edition |
|---|---|---|---|---|---|
| Business Integration | WebSphere MQ | Problem Determination | AIX, HP-UX, HP Itanium, Linux, Linux on Power, Solaris, Windows, UNIX | 7.5, 7.1 | |
| Business Integration | WebSphere Enterprise Service Bus | Admin | AIX, HP-UX, Linux | ||
| Business Integration | WebSphere Enterprise Service Bus Registry Edition | ||||
| Business Integration | WebSphere Process Server |
Product Alias/Synonym
WebSphere Application Server WAS SIB SIBUS SI BUS
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.