I have a MQ spring jms application that has been working fine using SSL channel. However after a recent java security patch that was applied the application stopped working with below error.
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:209) ~[com.ibm.mqjms-7.5.0.0.jar:7.5.0.0 - p000-L120604]
... 45 common frames omitted
Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
at sun.security.ssl.Handshaker.activate(Handshaker.java:438) ~[na:1.6.0_34]
at sun.security.ssl.SSLSocketImpl.kickstartHandshake(SSLSocketImpl.java:1414) ~[na:1.6.0_34]
I notice that the new java security file has this line added that is causing this failure in SSL connection to MQ.
jdk.tls.disabledAlgorithms=SSLv3
I can not get this line removed as this is shared environment, what are my options to make this work. I am using MQQueueConnectionFactory configured and injected into my spring JMS components.
Thank you
Can you not use this -
java.security.Security.setProperty("jdk.tls.disabledAlgorithms","")
This change was introduced in JDK8.
For reactive support purposes where you have to get this working (as soon as possible), comment/disable that policy in that security file. This will allow the Spring application to continue as it is before.
But you need to work towards a permanent fix either by using the TLS version of the same cipher or moving to a new TLS cipher.
You need to set matching SipherSpecs suited for TLS on both the server connection channel on the queue manager and your client.
This should help with the client side:
http://www-01.ibm.com/support/knowledgecenter/SSFKSJ_8.0.0/com.ibm.mq.dev.doc/q113220_.htm
While doing the QM side is easiest by using MQ Explorer, and just looking at the SSL properties of the server connection channel specified in the connection factory.
Related
We have an IBM WebSphere AS 9.0.0.7 and when we want to deploy an application containing an MDB - which listens to a remote WebShpere MQ server - while the MQ server is down, then WAS reports an error
Caused by: com.ibm.mq.connector.DetailedResourceAdapterInternalException: MQJCA1011: Failed to allocate a JMS connection., error code: MQJCA1011 An internalerror caused an attempt to allocate a connection to fail. See the linked exception for details of the failure.
and stops the deployment, i.e. application does not start. Which is a big problem as it is a critical hub for other operations. We want to force WAS to start the application and retry the JMS connection later. Is it possible?
You can try setting custom property WAS_EndpointInitialState property to INACTIVE, see here and here, and also may want to look through here.
We've found a solution here: Configuring properties for the IBM MQ resource adapter
Trick was to set startupRetryCount and startupRetryInterval. When the MQ server is not available, the app starts, however it is reported as "Partial start". All other parts of the application seems to be running just fine.
I am trying to consume messages from WebSphere SIB (default message provider). I did not find many articles related to this topic on the internet. I have tried configuration as described here but i get the below exception:
com.ibm.websphere.ms.Wnsinitalcontextfacotry is not of type javax.jms.ConnectionFactory
Has anybody integrated JMS with WebShphere Default message provider? If yes, can you please provide sample code?
I would like to know how to configure connection factory and topic.
CURRENT Status is Below:
I was able to configure JMS connection factory and topic but hit below exception
The security exception CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_CLIENT_SOCKET: JSSL0130E: java.io.IOException: signals that an I/O exception of some sort has occurred.
Check this post. It provides steps and piece of plain Java code, how to access WebSphere Default messaging. You should be able to configure your Spring app based on that.
I have developped a Worklight (v6) Application. The Worklight server runs on a Websphere Application Server 8.5.5 (JMS provider).
When I invoke my adapter, I get this exception in the WAS log :
[12/13/13 13:20:02:860 CET] 00000093 JMSConnection E com.worklight.adapters.jms.JMSConnectionManager onException FWLSE0005W: JMS connection exception received: com.ibm.ws.sib.api.jms.impl.JmsManagedConnectionFactoryImpl incompatible with javax.jms.ConnectionFactory. Closing the connection. [project testJMS]
I have followed 2 ways to make my JMS queue, connection factory, etc.
http://pic.dhe.ibm.com/infocenter/iisinfsv/v8r7/index.jsp?topic=%2Fcom.ibm.swg.im.iis.infoservdir.user.doc%2Ftopics%2Ft_isd_user_creating_jms_que_cx_fact.html (from topic 1 to 5)
and this one :
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Worklight%20and%20Application%20Center%20advanced%20tutorials/page/Worklight%20JMS%20adapter%20-%20Using%20the%20Liberty%20Profile%20integration%20with%20the%20WAS%20full%20profile%20SIBus
two tutorials are similars (using WAS full profile). In my case, the queue is local (Woklight ans the queue are in the WAS). So, I let under commentary "namingConnection" tag in my JMS adapter.
But I do not understand why I get this exception. It seems that is classcast Exception. But how to solve this problem ?
Thanks in adavance
This defect is still present in the 6.0.0.20130614-0631 version of worklight. You will need to upgrade to the 6.0.0.1 (20130909-1459) Fix Pack to get the fix.
If upgrading isn't an option, there is a bit of a hacky workaround that does work with no adverse side effects.
Edit:
Use 6.0.020130926 instead of the above version as mentioned by Idan.
I am trying to use AsyncHttpClient with a proxy server configuration to connect using wss and am having no luck. I've been using async-http-client 1.7.5 and grizzly-websockets 2.2.13 My first attempt
AsyncHttpClientConfig config = new AsyncHttpClientConfig.Builder()
.setSSLContext(sc)
.setProxyServer(
new ProxyServer(Protocol.HTTP, "192.168.1.130", 3128))
.build();
NettyWebSocket w = (NettyWebSocket)c.prepareGet("wss://192.168.1.124/atmosphere-chat/chat")
.execute(handler).get();
using the default netty configuration fails to work, This attempt appears to at least go through the proxy and connect to the remote server. The exception I get there is
java.lang.IllegalArgumentException: unsupported message type: class org.jboss.netty.handler.codec.http.websocketx.TextWebSocketFrame
When I switch to using grizzly through
AsyncHttpClient c = new AsyncHttpClient(new GrizzlyAsyncHttpProvider(config), config);
Things are better/worse. In this instance it appears that grizzly fails to send the connect verb through the http proxy, and instantly starts communicating via ssl, which fails. I would think this would be a well supported situation because of the increased likelyhood that a websocket connection would work through a proxy when using SSL. ]
Exception in thread "main" java.util.concurrent.ExecutionException: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?
Am I way outside the bounds of what should be working?
Turns out this was a bug in AHC ( https://github.com/sonatype/async-http-client/issues/131#issuecomment-7745037 ) That gets fixed in 1.8.0.
I'm testing a WebLogic MDB (running on my local Windows dev environment - Eclipse/WebLogic 10.3.2) with WebSphere MQ 6.0.1.0 (running on a Linux server). The WebSphere MQ components have been previously configured and I have the correct .bindings file.
I have followed the instructions described here.
I have no problem consuming messages that are placed on the MQ queue. However, when I attempt to configure the MDB to put messages back to the MQ queue I get the following warning upon server start-up:
<Warning> <JMSPool> <BEA-169808> <There was an error while making the initial
connection to the JMS resource named jms/WLSenderQCF from the EJB "TestMDB"
inside application "EJB Test 2EAR". The server will attempt the connection
again later. The error was javax.jms.JMSException: MQJMS1068: failed to obtain
XAResource>
If I place a message on the queue, my MDB consumes the messages, but these exceptions are thrown when the MDB attempts to put the message to the MQ Queue:
javax.jms.JMSException: MQJMS1068: failed to obtain XAResource...
javax.transaction.xa.XAException: client connection not XA enabled...
java.lang.NullPointerException
Anyone run into this and knows what the problem is?
Thanks for any help.
One issue seems to be the version of MQ you're using. It is ancient. IBM took MQ 6 out of support quite a while ago (Sept '12! http://www-01.ibm.com/support/docview.wss?uid=swg21584325).
Things got a lot easier when IBM decided to include the extended transactional client in the product for free: http://www-01.ibm.com/support/docview.wss?uid=swg21584325
So one option might be to upgrade to a version which includes this out of the box:
7.0.1.12+
7.1.0.5+
7.5
8.0
Otherwise... look into the v6 documentation on how to enable the 'extended transactional client' for JMS assuming you paid for it.