Troubleshooting
Problem
Your JMS application fails to connect to WebSphere Application Server (WAS) Service Integration Bus (SIBus) and throws CWSII0212W errors when security is configured for WAS SIBus with the user added to the bus connector role and a connection factory configured with "container-managed" authentication alias.
Symptom
The following errors are written to WAS SystemOut.log:
CWSII0212W: The bus XXX.Bus denied an anonymous user access to the bus.
javax.jms.JMSSecurityException: CWSIA0006E: The authorization for the supplied user name was not successful.
Caused by: javax.jms.JMSSecurityException: CWSIA0006E: The authorization for the supplied user name was not successful.
at com.ibm.ws.sib.api.jms.impl.JmsManagedConnectionFactoryImpl.createConnection(JmsManagedConnectionFactoryImpl.java:183)
at com.ibm.ws.sib.api.jms.impl.JmsManagedConnectionFactoryImpl.createConnection(JmsManagedConnectionFactoryImpl.java:135)
.......
Caused by: com.ibm.wsspi.sib.core.exception.SINotAuthorizedException: CONTAINER_AUTHORIZATION_EXCEPTION_1071
at com.ibm.ws.sib.api.jmsra.impl.JmsJcaConnectionFactoryImpl.createConnection(JmsJcaConnectionFactoryImpl.java:429)
at com.ibm.ws.sib.api.jms.impl.JmsManagedConnectionFactoryImpl.createConnection(JmsManagedConnectionFactoryImpl.java:162)
FFDC shows:
FFDC Exception:com.ibm.wsspi.sib.core.exception.SINotAuthorizedException
SourceId:com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedConnectionFactoryImpl.createManagedConnection
ProbeId:1
Reporter:com.ibm.ws.sib.api.jmsra.impl.JmsJcaManagedQueueConnectionFactoryImpl@56365636
com.ibm.wsspi.sib.core.exception.SINotAuthorizedException: CWSIP0303E: No user specified when creating a connection to secure messaging engine AAA-XXX.Bus on bus XXX.Bus.
at
com.ibm.ws.sib.processor.impl.MessageProcessor.createConnection(MessageProcessor.java:789)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.localAttach(TrmSICoreConnectionFactoryImpl.java:451)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.connectFromInsideServer(TrmSICoreConnectionFactoryImpl.java:406)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.localBootstrap(TrmSICoreConnectionFactoryImpl.java:323)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.createConnection(TrmSICoreConnectionFactoryImpl.java:304)
at
com.ibm.ws.sib.trm.client.TrmSICoreConnectionFactoryImpl.createConnection(TrmSICoreConnectionFactoryImpl.java:222)
Cause
Even though container- managed authentication alias was set on the connection factory and the resource reference was created for the application (that is, res-auth being set to CONTAINER in the application deployment descriptor) a direct JNDI lookup on the connection factory was performed .
Resolving The Problem
Perform an indirect JNDI lookup on the connection factory
Important Notes:
1. If the application does a direct JNDI lookup of the connection factory then by default res-auth gets set to "APPLICATION" even though it is set to "CONTAINER" in the application deployment descriptor. When res-auth is set to "APPLICATION", the authentication data is picked up in the following order:
- 1) The user ID and password that are passed to the getConnection method
2) The component-managed authentication alias in the connection factory or the data source
- Note: component-managed authentication alias is no longer available for the default messaging provider(SIB) in WAS adminconsole for WAS 7.0 and later versions .
2. If the application does indirect JNDI lookup then resource references for the application must be created and the res-auth must be set to "CONTAINER" in the application deployment descriptor and container-managed authentication alias must be set on the connection factory.
Example for direct jndi lookup:
javax.jms.QueueConnectionFactory qcf =
(javax.jms.QueueConnectionFactory)
initCtx.lookup("jms/MyJMSQueueConnectionFactory");
Example for indirect jndi lookup:
javax.jms.QueueConnectionFactory qcf =
(javax.jms.QueueConnectionFactory)
initCtx.lookup("java:comp/env/jms/MyJMSQueueConnectionFactory");
Related Information
Historical Number
14478 021 724 ;10385 003 756;61099 999 738 ;75314 000 738
Product Synonym
WebSphere Application Server WAS SIB SIBUS SI BUS
Was this topic helpful?
Document Information
Modified date:
19 October 2022
UID
swg21625948