I am writing a new application using spring and JMS. Myintent is to use Spring's Asynchronous Reception - Message-Driven POJOs. I get the following error.
org.springframework.jms.listener.DefaultMessageListenerContainer.refreshConnectionUntilSuccessful[904] -
Could not refresh JMS Connection for destination
'xyz_Module!xyz_Queue' - retrying in 5000 ms. Cause:
[Security:090398]Invalid Subject: principals=[user, groupa, groupb]
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[user, groupa, groupb]
I have the following spring definition
<bean id="jmsContainer" class="org.springframework.jms.listener.DefaultMessageListenerContainer">
<property name="connectionFactory" ref="connectionFactory" />
<property name="destination" ref="destination" />
<property name="messageListener" ref="messageAdapter" />
</bean>
<bean id="connectionFactory" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jms/xxxxx" />
<property name="resourceRef" value="true"></property>
</bean>
<bean id="destination" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName" value="jms/yyyyy" />
</bean>
<bean id="messageAdapter" class="org.springframework.jms.listener.adapter.MessageListenerAdapter">
<property name="delegate" ref="messageReceiverDelegate" />
<property name="defaultListenerMethod" value="receive" />
</bean>
I read in several posts that we have to enable cross domain security. I was not convinced that we need to enable Cross Domain Security because several other applications in my company that are MDBs are working just fine by reading from a remote queue. These applications do not have cross domain security enabled in their weblogic servers.
I spent some time digging and by some fortune I discovered that if I restarted the weblogic servers after I deployed my application, I don't see the security error anymore. I am able to get notified of the message in the remote queue.
Although my problem is solved, I am curious to know why I get the error if I just deploy the app and not restart the JVM.
Adding more log information
12/15/2014 08:58:15,079PM ERROR org.springframework.jms.listener.DefaultMessageListenerContainer.refreshConnectionUntilSuccessful[904] -
Could not refresh JMS Connection for destination 'XXXXXXXXXXXXXXXXXXXXX' - retrying in 5000 ms. Cause: [Security:090398]Invalid Subject: principals=[weblogic, Administrators, super_users]
java.lang.SecurityException: **[Security:090398]**Invalid Subject: principals=[weblogic, Administrators, super_users]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at weblogic.jms.frontend.FEConnectionFactoryImpl_1034_WLStub.connectionCreateRequest(Unknown Source)
at weblogic.jms.client.JMSConnectionFactory.setupJMSConnection(JMSConnectionFactory.java:224)
at weblogic.jms.client.JMSConnectionFactory.createConnectionInternal(JMSConnectionFactory.java:285)
at weblogic.jms.client.JMSConnectionFactory.createConnection(JMSConnectionFactory.java:191)
at org.springframework.jms.support.JmsAccessor.createConnection(JmsAccessor.java:184)
at org.springframework.jms.listener.AbstractJmsListeningContainer.createSharedConnection(AbstractJmsListeningContainer.java:405)
at org.springframework.jms.listener.AbstractJmsListeningContainer.refreshSharedConnection(AbstractJmsListeningContainer.java:390)
at org.springframework.jms.listener.DefaultMessageListenerContainer.refreshConnectionUntilSuccessful(DefaultMessageListenerContainer.java:885)
at org.springframework.jms.listener.DefaultMessageListenerContainer.recoverAfterListenerSetupFailure(DefaultMessageListenerContainer.java:861)
at org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker.run(DefaultMessageListenerContainer.java:1012)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[weblogic, Administrators, super_users]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:833)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:522)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:349)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:953)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:351)
at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:243)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1141)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1023)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:888)
at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:512)
at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:330)
at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:950)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:898)
at weblogic.socket.EPollSocketMuxer.dataReceived(EPollSocketMuxer.java:215)
at weblogic.socket.EPollSocketMuxer.processSockets(EPollSocketMuxer.java:177)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:43)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
12/15/2014 08:58:20,095PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.shutdown[211] - Shutting down JMS listener container
12/15/2014 08:58:20,095PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.doShutdown[534] - Waiting for shutdown of message listener invokers
12/15/2014 08:58:20,111PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.shutdown[211] - Shutting down JMS listener container
12/15/2014 08:58:20,111PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.doShutdown[534] - Waiting for shutdown of message listener invokers
12/15/2014 08:58:55,595PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.establishSharedConnection[374] - Established shared JMS Connection
12/15/2014 08:58:55,611PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.resumePausedTasks[541] - Resumed paused task: org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker#189f205
12/15/2014 08:58:55,642PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.establishSharedConnection[374] - Established shared JMS Connection
12/15/2014 08:58:55,642PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.resumePausedTasks[541] - Resumed paused task: org.springframework.jms.listener.DefaultMessageListenerContainer$AsyncMessageListenerInvoker#18fd51b
12/15/2014 08:59:52,740PM DEBUG org.springframework.jms.listener.DefaultMessageListenerContainer.doReceiveAndExecute[313] - Received message of type [class weblogic.jms.common.TextMessageImpl] from consumer [weblogic.jms.client.WLConsumerImpl#2506f03] of session [weblogic.jms.client.WLSessionImpl#2506efd]
if you look at the logs you will see that I restarted the server and when the server came up it consumed the message # 08:58:55
Either we will have to enable cross domain security or you will have to restart the JVM
You can authenticate a subject for each weblogic services.
More information https://github.com/dmacdonald2013/weblogic-jms-spring
import weblogic.jndi.Environment;
import weblogic.security.auth.Authenticate;
import javax.security.auth.Subject;
for(JmsComponentConfig config : this.config.jmsComponents()){
Environment environment = new Environment();
environment.setProviderUrl(config.url());
environment.setSecurityPrincipal(config.username());
environment.setSecurityCredentials(config.password());
Subject subject = new Subject();
Authenticate.authenticate(environment, subject);
}
Related
AppConfig.xml settings:
<bean id="connectionFactory" class="com.ibm.mq.jms.MQQueueConnectionFactory">
<property name="hostName" value="abchost.com />
<property name="port" value="1414" />
<property name="queueManager" value="ABC_DEV" />
<property name="transportType" value="1" />
<jms:listener-container acknowledge="transacted">
<jms:listener destination="abc.queue.abc"
ref="someComplexServiceImpl"
method="doSomething" />
</jms:listener-container>
<bean id="jmsTemplate" class="org.springframework.jms.core.JmsTemplate">
<property name="connectionFactory" ref="connectionFactory" />
<property name="defaultDestinationName" value="abc.queue.abc"/>
</bean>
I get the following errors:
Caused by: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED').
[9/26/16 13:13:35:758 CST] 000000aa SystemErr R at com.ibm.msg.client.wmq.common.internal.Reason.createException(Reason.java:204)
[9/26/16 13:13:35:758 CST] 000000aa SystemErr R ... 98 more
Cause: JMSWMQ2013: The security authentication was not valid that was supplied for QueueManager 'ABC_DEV' with connection mode 'Client' and host name 'abchost.com(1414)'.; nested exception is com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2035' ('MQRC_NOT_AUTHORIZED')
What I like to find out is, is there problem in the codes or in some setting in Websphere MQ we need to configure? I wanna make sure this is not a fault in the program before I raise the problem to our Websphere MQ administrator (who by the way is just new to Websphere MQ)
We are using:
Websphere MQ version 9
Spring JMS Version 4.2.4.RELEASE
I used MQ Client to connect to MQ, and I was able to connect (via command line):
C:\Users\me>set MQSERVER=CH.ABC_DEV/TCP/abchost.com(1414)
C:\Users\me>set MQSAMP_USER_ID=someuser
C:\Users\me>c:\IBM\MQ\Tools\c\Samples\Bin\amqsbcgc.exe abc.queue.abc ABC_DEV
Enter password: p#ssword
--connected!
but why cant the same user work when connecting through WAS?
My application was also not able to connect to MQ although I provided the correct credentials. Enabling the authentication compatibility mode solved the issue.
See also: IBM MQ Connection authentication
If you are using mq-jms-spring-boot-starter you can add this in application.properties:
ibm.mq.userAuthenticationMQCP=false
Internally this will apply this to the connection factory:
cf.setBooleanProperty(WMQConstants.USER_AUTHENTICATION_MQCSP, false);
As the message at the bottom clearly says, the connection attempt was rejected with reason code 2035, not authorized. Your MQ administrator must check the MQ error log on the queue manager side for the specific reason. There are multiple ways of setting up the connection authentication and authorization, you need to consult MQ documentation. Additionally, chances are after setting up the connection authorization the application will fail with 2035 when opening the queue(s), so keep reading.
I am working on ActiveMQ JMS Spring application. I am using ActiveMQ instance which is present in Cloud server and i trying to read message from queue. In a configuration file i have configured broker URL as
<bean id="connectionFactory" class="org.apache.activemq.ActiveMQConnectionFactory">
<!-- brokerURL, You may have different IP or port -->
<constructor-arg index="0" value="tcp://ip address:8161" />
</bean>
but when i try to connect it gives me error
Caused by: org.apache.activemq.transport.InactivityIOException: Cannot send, channel has already failed: tcp://ip address:8161
at org.apache.activemq.transport.AbstractInactivityMonitor.doOnewaySend(AbstractInactivityMonitor.java:297)
at org.apache.activemq.transport.AbstractInactivityMonitor.oneway(AbstractInactivityMonitor.java:286)
at org.apache.activemq.transport.TransportFilter.oneway(TransportFilter.java:85)
at org.apache.activemq.transport.WireFormatNegotiator.oneway(WireFormatNegotiator.java:104)
at org.apache.activemq.transport.MutexTransport.oneway(MutexTransport.java:68)
at org.apache.activemq.transport.ResponseCorrelator.asyncRequest(ResponseCorrelator.java:81)
at org.apache.activemq.transport.ResponseCorrelator.request(ResponseCorrelator.java:86)
at org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1409)
... 21 more
Can you please suggest me is am i missing something here?
I have been facing this issue for a while now. My config is as following
<!-- Load Properties Files -->
<context:property-placeholder location="classpath:*-${environment}.properties" ignore-unresolvable="true"/>
<bean id="dataSource" class="com.jolbox.bonecp.BoneCPDataSource" destroy-method="close">
<property name="driverClass" value="${jdbc.driverClassName}" />
<property name="jdbcUrl" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}"/>
<property name="password" value="${jdbc.password}"/>
<property name="idleConnectionTestPeriodInMinutes" value="${boneCP.idleConnectionTestPeriodInMinutes}"/>
<property name="idleMaxAgeInMinutes" value="${boneCP.idleMaxAgeInMinutes}"/>
<property name="maxConnectionsPerPartition" value="${boneCP.maxConnectionsPerPartition}"/>
<property name="minConnectionsPerPartition" value="${boneCP.minConnectionsPerPartition}"/>
<property name="partitionCount" value="${boneCP.partitionCount}"/>
<property name="acquireIncrement" value="${boneCP.acquireIncrement}"/>
<property name="statementsCacheSize" value="${boneCP.statementsCacheSize}"/>
<property name="lazyInit" value="true"/>
<property name="maxConnectionAgeInSeconds" value="${boneCP.maxConnectionAgeInSeconds}"/>
</bean>
The project is running on Tomcat 7
On the local machine, the project deploy with no error as well as for the dev server. Unfortunately, the project cannot be deployed on dev server any more (server configuration remain same) while local machine is still fine. Every time I deploy the project on the dev server, Tomcat just hang at INFO: Deploying web application archive /etc/tomcat/webapps/project.war. But if I config BoneCP with real values, everything is fine.
Could any one tell me what's wrong with it?
It turned out to be the lazyInit problem. If I comment it out, the server can start normally. But now I'm facing the new issue though. Mybatis cannot access the db at all while the local machine is 100% fine. and yet dont throw any exception. But when I stop the server, I found the following exceptions
INFO: Illegal access: this web application instance has been stopped already. Could not load com.jolbox.bonecp.PoolUtil. The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact.
java.lang.IllegalStateException
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1600)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
at com.jolbox.bonecp.DefaultConnectionStrategy.getConnectionInternal(DefaultConnectionStrategy.java:94)
at com.jolbox.bonecp.AbstractConnectionStrategy.getConnection(AbstractConnectionStrategy.java:90)
at com.jolbox.bonecp.BoneCP.getConnection(BoneCP.java:540)
at com.jolbox.bonecp.BoneCPDataSource.getConnection(BoneCPDataSource.java:131)
at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:111)
at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:77)
at org.mybatis.spring.transaction.SpringManagedTransaction.openConnection(SpringManagedTransaction.java:80)
at org.mybatis.spring.transaction.SpringManagedTransaction.getConnection(SpringManagedTransaction.java:66)
AND
INFO: Illegal access: this web application instance has been stopped already. Could not load org.apache.ibatis.reflection.ExceptionUtil. The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact.
java.lang.IllegalStateException
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1600)
at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1559)
at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:363)
at sun.proxy.$Proxy15.selectList(Unknown Source)
at org.mybatis.spring.SqlSessionTemplate.selectList(SqlSessionTemplate.java:195)
at org.apache.ibatis.binding.MapperMethod.executeForMany(MapperMethod.java:124)
at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:90)
at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:40)
at sun.proxy.$Proxy45.selectByExample(Unknown Source)
Well it could be many things but its most likely
properties are not being replaced with the values you think
the database number of connections has been exceeded or the wrong host
A combination of 1 + 2
For #1 I would a make a separate bean that needs com.jolbox.bonecp.BoneCPDataSource as a dependency and have it print out the getters of BoneCPDataSource.
For #2 I would turn on as much logging as possible (see log4j or logback or whatever your logging framework is).
I'm trying to use an Mx4j agent (and Spring Framework 3.0.5) to expose some POJOs in my Mule-ESB (Mule 3.1.2) application as an HTTP service. The agent is configured in mule-config.xml as follows:
<management:jmx-mx4j-adaptor jmxAdaptorUrl="http://0.0.0.0:9990" />
Also, I use the Spring MBeanExporter to expose the desired POJOs:
<bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
<property name="assembler" ref="assembler" />
<property name="namingStrategy" ref="namingStrategy" />
<property name="autodetect" value="true" />
</bean>
<bean id="jmxAttributeSource" class="org.springframework.jmx.export.annotation.AnnotationJmxAttributeSource" />
<bean id="assembler" class="org.springframework.jmx.export.assembler.MetadataMBeanInfoAssembler">
<property name="attributeSource" ref="jmxAttributeSource" />
</bean>
<bean id="namingStrategy" class="org.springframework.jmx.export.naming.MetadataNamingStrategy">
<property name="attributeSource" ref="jmxAttributeSource" />
</bean>
Everything works fine in my desktop environment, which runs in Jetty. When I deploy the EAR to our WebSphere 7 Server, however, the application doesn't start, raising the following exception:
[3/30/12 16:33:58:858 BRT] 00000038 webapp I com.ibm.ws.webcontainer.webapp.WebApp log SRVE0296E: [BaseApp#BaseApp.war][/context][Servlet.LOG]:.Failed to invoke lifecycle phase "start" on object: org.mule.module.management.agent.Mx4jAgent#13ef13ef:.org.mule.api.lifecycle.LifecycleException: Failed to invoke lifecycle phase "start" on object: org.mule.module.management.agent.Mx4jAgent#13ef13ef
at org.mule.lifecycle.phases.DefaultLifecyclePhase.applyLifecycle(DefaultLifecyclePhase.java:236)
at org.mule.lifecycle.RegistryLifecycleManager$RegistryLifecycleCallback.onTransition(RegistryLifecycleManager.java:276)
...
...
Caused by: org.mule.module.management.agent.JmxManagementException: Failed to start Mx4j agent
at org.mule.module.management.agent.Mx4jAgent.start(Mx4jAgent.java:205)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:611)
at org.mule.lifecycle.phases.DefaultLifecyclePhase.applyLifecycle(DefaultLifecyclePhase.java:225)
... 67 more
Caused by: javax.management.InstanceNotFoundException: Mule.BaseApp.6:name=Mx4jHttpAdapter
at java.lang.Throwable.<init>(Throwable.java:67)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(DefaultMBeanServerInterceptor.java:1094)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBeanInfo(DefaultMBeanServerInterceptor.java:1384)
at com.sun.jmx.mbeanserver.JmxMBeanServer.getMBeanInfo(JmxMBeanServer.java:892)
at com.ibm.ws.management.AdminServiceImpl.getMBeanInfo(AdminServiceImpl.java:1524)
at com.ibm.ws.management.AdminServiceImpl.checkForOpDeprecation(AdminServiceImpl.java:2662)
at com.ibm.ws.management.AdminServiceImpl.preInvoke(AdminServiceImpl.java:2284)
at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1309)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1225)
at com.ibm.ws.management.PlatformMBeanServer.invoke(PlatformMBeanServer.java:743)
at org.mule.module.management.agent.Mx4jAgent.start(Mx4jAgent.java:201)
Looking at the second (and last) stack trace cause, there seem to be some confusion or assumption about the JMX Server Instance Name. However, I have no control on that (and I can't figure why it works fine in Jetty and not in WAS 7).
Has anyone stepped through that before? Am I doing something wrong? Am I missing something here?
Thanks a lot for any response!
For WAS using JMX is not that straightforward. Complications are:
Security - one can't access JMX endpoint by default without further security configuration (out of scope for this discussion).
Websphere's JMX server implementation actually modifies MBean domain names to be prefixed with WAS Node and Cell. There is a WAS-specific API that can get you those, but the takeaway is this can't be done without further coding.
Andrew
I am using Spring 3 and exposed an MBean through Spring, everything works fine but I see below warning message in the Log file.
WARN org.springframework.jmx.support.JmxUtils - Found more than one MBeanServer instance. Returning first from list.
Here is my configuration:
<bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
<property name="assembler" ref="assembler" />
<property name="namingStrategy" ref="namingStrategy" />
<property name="autodetect" value="true" />
<property name="registrationBehaviorName" value="REGISTRATION_REPLACE_EXISTING"/>
</bean>
<bean id="jmxAttributeSource"
class="org.springframework.jmx.export.annotation.AnnotationJmxAttributeSource" />
<bean id="assembler"
class="org.springframework.jmx.export.assembler.MetadataMBeanInfoAssembler">
<property name="attributeSource" ref="jmxAttributeSource" />
</bean>
<bean id="WASAdminService" class="com.ibm.websphere.management.AdminServiceFactory"
factory-method="getAdminService" />
<bean id="namingStrategy" class="com.xxxx.WebSphereNamingStrategy">
<constructor-arg ref="WASAdminService" />
</bean>
I put a debug point and found that it is finding 'com.ibm.ws.management.PlatformMBeanServer' and 'com.sun.jmx.mbeanserver.JmxMBeanServer' objects. Any idea why it is finding more than one? When I googled, I found that I can specify the 'agent id' to find the required MBean server, but again if we are deploying this code in multiple environments, agent id may not be same (cannot be static)...
Any inputs on this is appreciated...
Thanks, Kiran
My guess is that the two MBean servers correspond to:
the "Platform" MBean server - established by the JVM. This MBean server would have all of the builtin Mbeans, like: java.lang:type=Runtime
the WebSphere provided MBean server - which has MBeans like WebSphere:name=WebContainer,process=...
I'm new to this area, but am just about to investigate further. From my perspective, I'd like to specify the Platform Mbean server - so that it's easier to access from monitoring tools, like JConsole, etc