IBM Support

IT40502: Security exit user data (SCYDATA) is not passed to a security exit when using the MQ classes for Java and a CCDT

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • A client connection channel (CLNTCONN) has been defined on a
queue manager which has:

- The security exit name (SCYEXIT) attribute set to the name of
a security exit.
- And the security exit user data (SCYDATA) attribute set to a
string.

An MQ classes for Java application uses the CLNTCONN definition
in the queue manager's client channel definition table (CCDT)
when creating an MQQueueManager object. When the application is
run using the IBM MQ 9.1 (or earlier) classes for Java, the
string specified in the SCYDATA attribute within the CLNTCONN
definition is passed to the security exit as expected and the
MQQueueManager object is successfully created.

However, when the application is run using the IBM MQ 9.2
classes for Java, the string passed to the security exit
contains 32 spaces rather than the data in the SCYDATA
attribute. As a result, the security exit does not work as
expected.

Local fix

  • 



Problem summary


    

  • ****************************************************************
USERS AFFECTED:
This issue affects users of the IBM MQ classes for Java who have
applications that create MQQueueManager objects using an entry
in a client channel definition table (CCDT), where the entry has
the security exit user data (SCYDATA) attribute set.


Platforms affected:
MultiPlatform

****************************************************************
PROBLEM DESCRIPTION:
In MQ 9.2, the Java Message Queueing Interface (JMQI - the
component used by the IBM MQ classes for Java and classes for
JMS to communicate with a queue manager) was updated to store
security exit user data in a 32 character string. If the
security exit user data was less than 32 characters in length,
the JMQI would pad it out with spaces before passing it to the
exit.

Due to the way that this logic was implemented

- If an MQ classes for Java application tried to create an
MQQueueManager object for a queue manager using an entry in a
client channel definition table (CCDT)
- And the entry had the security exit user data (SCYDATA)
attribute set to a string.

then the JMQI would incorrectly overwrite the security data set
in the SCYDATA attribute with 32 spaces. As a result, the
security exit would be called with user data containing 32
spaces, rather than the expected string.

    



Problem conclusion


    

  • To resolve this issue, the JMQI has been updated to ensure that:

- If an MQ classes for Java application creates an
MQQueueManager object for a queue manager using an entry in a
client channel definition table (CCDT)
- And the entry has the security exit user data (SCYDATA)
attribute set to a string.

then the value of the attribute is correctly passed to the
security exit.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v9.2 LTS   9.2.0.7
v9.3 LTS   9.3.0.1
v9.x CD    9.3.1

The latest available maintenance can be obtained from
'WebSphere MQ Recommended Fixes'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006037

If the maintenance level is not yet available information on
its planned availability can be found in 'WebSphere MQ
Planned Maintenance Release Dates'
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg27006309
---------------------------------------------------------------

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT40502
    • 

  • Reported component name
    MQ BASE V9.2
    • 

  • Reported component ID
    5724H7281
    • 

  • Reported release
    920
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2022-04-04
    • 

  • Closed date
    2022-05-12
    • 

  • Last modified date
    2022-09-08
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    MQ BASE V9.2
    • 

  • Fixed component ID
    5724H7281
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYHRD","label":"IBM MQ"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"920","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 September 2022
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback