IBM Support

SINotAuthorizedException when a JMS application attempts to access Websphere Application Server Service Integration Bus

Troubleshooting


Problem

Your JMS application fails to connect to WebSphere Application Server (WAS) Service Integration Bus (SIBus) and throws CWSII0212W errors when security is configured for WAS SIBus with the user added to the bus connector role and a connection factory configured with "container-managed" authentication alias.

Symptom

The following errors are written to WAS SystemOut.log:

CWSII0212W: The bus XXX.Bus denied an anonymous user access to the bus.

javax.jms.JMSSecurityException: CWSIA0006E: The authorization for the supplied user name was not successful.


Caused by: javax.jms.JMSSecurityException: CWSIA0006E: The authorization for the supplied user name was not successful.
at com.ibm.ws.sib.api.jms.impl.JmsManagedConnectionFactoryImpl.createConnection(JmsManagedConnectionFactoryImpl.java:183)
at com.ibm.ws.sib.api.jms.impl.JmsManagedConnectionFactoryImpl.createConnection(JmsManagedConnectionFactoryImpl.java:135)
.......

Caused by: com.ibm.wsspi.sib.core.exception.SINotAuthorizedException: CONTAINER_AUTHORIZATION_EXCEPTION_1071
at com.ibm.ws.sib.api.jmsra.impl.JmsJcaConnectionFactoryImpl.createConnection(JmsJcaConnectionFactoryImpl.java:429)
at com.ibm.ws.sib.api.jms.impl.JmsManagedConnectionFactoryImpl.createConnection(JmsManagedConnectionFactoryImpl.java:162)

FFDC shows:
FFDC Exception:com.ibm.wsspi.sib.core.exception.SINotAuthorizedException
SourceId:com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnectionFactoryImpl.createManagedConnection
ProbeId:1
Reporter:com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedQueueConnectionFactoryImpl@56365636
com.ibm.wsspi.sib.core.exception.SINotAuthorizedException: CWSIP0303E: No user specified when creating a connection to secure messaging engine AAA-XXX.Bus on bus XXX.Bus.

at
com.ibm.ws.sib.processor.impl.MessageProcessor.createConnection(MessageProcessor.java:789)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.localAttach(TrmSICoreConnectionFactoryImpl.java:451)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.connectFromInsideServer(TrmSICoreConnectionFactoryImpl.java:406)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.localBootstrap(TrmSICoreConnectionFactoryImpl.java:323)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.createConnection(TrmSICoreConnectionFactoryImpl.java:304)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.createConnection(TrmSICoreConnectionFactoryImpl.java:222)

Cause

Even though container- managed authentication alias was set on the connection factory and the resource reference was created for the application (that is, res-auth being set to CONTAINER in the application deployment descriptor) a direct JNDI lookup on the connection factory was performed .

Resolving The Problem

Perform an indirect JNDI lookup on the connection factory

Important Notes:
1. If the application does a direct JNDI lookup of the connection factory then by default res-auth gets set to "APPLICATION" even though it is set to "CONTAINER" in the application deployment descriptor. When res-auth is set to "APPLICATION", the authentication data is picked up in the following order:

    1) The user ID and password that are passed to the getConnection method
    2) The component-managed authentication alias in the connection factory or the data source
      Note: component-managed authentication alias is no longer available for the default messaging provider(SIB) in WAS adminconsole for WAS 7.0 and later versions .
    3) The custom properties user name and password in the data source

2. If the application does indirect JNDI lookup then resource references for the application must be created and the res-auth must be set to "CONTAINER" in the application deployment descriptor and container-managed authentication alias must be set on the connection factory.

Example for direct jndi lookup:                                          
javax.jms.QueueConnectionFactory qcf =                                    
    (javax.jms.QueueConnectionFactory)                                    
initCtx.lookup("jms/MyJMSQueueConnectionFactory");                    
                         
Example for indirect jndi lookup:
javax.jms.QueueConnectionFactory qcf =                                    
    (javax.jms.QueueConnectionFactory)                                        
initCtx.lookup("java:comp/env/jms/MyJMSQueueConnectionFactory");    
 

[{"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Service Integration Technology","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"8.5;8.0;7.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFTBX","label":"IBM Business Process Manager Express"},"Business Unit":{"code":"BU053","label":"Cloud \u0026 Data Platform"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SS7J6S","label":"WebSphere Enterprise Service Bus"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSFKSJ","label":"WebSphere MQ"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSWLGF","label":"WebSphere Service Registry and Repository"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSQH9M","label":"WebSphere Process Server"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}},{"Product":{"code":"SSDKML","label":"WebSphere Partner Gateway - Express"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]

Historical Number

14478 021 724 ;10385 003 756;61099 999 738 ;75314 000 738

Product Synonym

WebSphere Application Server WAS SIB SIBUS SI BUS

Document Information

Modified date:
19 October 2022

UID

swg21625948

Page Feedback