| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Invoke WPS from WMB with Security enabled |
« View previous topic :: View next topic » |
| Author |
Message
|
| brokerDev |
 Posted: Fri Dec 28, 2007 6:54 am Post subject: Invoke WPS from WMB with Security enabled |
 |
|
Acolyte
Joined: 21 Jun 2006
Posts: 53
|
Hi,
I am attempting to send a SOAP/JMS message from WMB to WPS with security enabled on the appserver.
From reading the information in the Infocenter, LTPA is the only authentication mechanism supported in WPS. I thought I could still make it work by exporting the LTPA token from WAS and then using that in the SecurityBinaryToken field in the SOAP header. It seems not! Whenever I send a message, I get the following error in systemout.log -
0000005c SibMessage A [:] CWSII0155I: The Platform Messaging Component denied user ID access to destination <qname> on bus <bus name> for operation SEND
In the ffdc logs I get - "SIMPNotAuthorizedException"
In my ESQL, I am setting the JMSXUserID field and have given that user access rights via wsadmin -
AdminTask addUserToDestinationRole{ ....
for Sender, Reciever, and Browser.
Is it simply the case that it is not possible to send from WMB to WPS when security is enabled without using other apps like Tivoli???
I am using WID 6.0.2.2 (Embedded WAS 6.0.2.17), WMB 6.0.0.5 on Windows XP.
Would appreciate any thoughts or suggestions.
Thanks |
|
| Back to top |
|
 |
| JLRowe |
| Posted: Sat Dec 29, 2007 4:51 am Post subject: |
|
|
Yatiri
Joined: 25 May 2002
Posts: 664
Location: South East London
|
You need to provide a userid and password for the JMS connection, this should be an option on the JMS ouptut node in the WMB flow.
As WPS 6.0.2.2 is based on WAS 6.0, you have to set authorities to SIB destinations using wsadmin scripts, you can do this in the console with was 6.1 (and wps 6.1 thats runs on top of it) |
|
| Back to top |
|
|
| brokerDev |
| Posted: Sun Dec 30, 2007 10:06 am Post subject: |
|
|
Acolyte
Joined: 21 Jun 2006
Posts: 53
|
Thanks for the respnse.
I am using WMB Toolkit 6.0.2 FP9 and there is no option in the JMS nodes supplied in the palette with this version to set a userid/password. What I have done is to set the userid/password in ESQL and placed this in the usr folder of the MQRFH2 header. I then use a MQJMS transform node to convert this so that these details are placed in the appropriate location in the JMS header before sending to WPS.
Regarding setting authorities, I have set these using wsadmin. I set sender,receiver,connector,browser authorities for the user but I get the error I mentioned.
Regards, |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sun Dec 30, 2007 12:34 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| brokerDev wrote: |
Thanks for the respnse.
I am using WMB Toolkit 6.0.2 FP9 and there is no option in the JMS nodes supplied in the palette with this version to set a userid/password. What I have done is to set the userid/password in ESQL and placed this in the usr folder of the MQRFH2 header. I then use a MQJMS transform node to convert this so that these details are placed in the appropriate location in the JMS header before sending to WPS.
Regarding setting authorities, I have set these using wsadmin. I set sender,receiver,connector,browser authorities for the user but I get the error I mentioned.
Regards, |
Check the resulting message. I believe you should set the userid on the MQMD before transform. 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| brokerDev |
| Posted: Mon Dec 31, 2007 8:33 am Post subject: |
|
|
Acolyte
Joined: 21 Jun 2006
Posts: 53
|
Hi fjb_saper,
Thanks for taking the time to respond. I tried what you suggested but it didn't make a difference. I kept on getting tghe same error.
The good news though is that I now have my setup working! What I did was to alter the custom properies of the activation spec and connection factory on the wasadmin console
(Resources>ResourceAdapter>SIB JMS RA). I added username and password properties.
To anyone else interested, my broker flowsetup is MQInput>Compute>MQJMSXForm>SOAPEnvelope>Compute>RCD>JMSOutput
In the first compute node, I add a usr folder under MQRFH2 and set the endpointURL and targetservice. In the second compute node, I construct the WS-Security username token. The JMSOutput node properties are as follow -
DestinationQ - As defined on SIBus
InitCtxFact: com.ibm.websphere.naming.WsnInitialContextFactory
Loc JNDI: corbaloc:iiop:localhost:<bootstrap port of appserver>
QCF: As defined on SIBus
There's probably other ways to implement this, but this worked for me!
Regards, |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
