Using WOLA in Liberty WebApp to access CICS

Using WOLA in Liberty WebApp to access CICS - java

Trying to use WOLA direct from a webapp in Liberty to CICS. Using same CICS region successfully with z/OS Connect V2 (zCEE). With Liberty, I have configured:
<featureManager>
<feature>servlet-3.1</feature>
<feature>jndi-1.0</feature>
<feature>jaxrs-1.1</feature>
<feature>zosLocalAdapters-1.0</feature>
</featureManager>
and
<!-- WOLA group to which others register -->
<zosLocalAdapters wolaGroup="GROUP" wolaName2="LIBRTOLA" wolaName3="WOLA3" />
<connectionFactory id="wolaCF" jndiName="eis/ola">
<properties.ola RegisterName=CICSMLAW/>
</connectionFactory>
<resourceAdapter location="/usr/lpp/IBM/zosconnect/v2r0/wlp/lib/ola.rar"/>
In the messages.log, I see good and bad items there:
CWWKB0103I: Authorized service group WOLA is available The WebSphere Optimized Local Adapter channel registered with the Liberty profile server using the following name: GROUP LIBRTOLA WOLA3
and the bad:
com.ibm.ws.app.manager.AppMessageHelper E CWWKZ0013E: It is not possible to start two applications called ola.
So the failure on registration: Requestlgth: 97
Requestparms data 1: BBOC START_SRVR RGN=CICSMLA DGN=GROUP NDN=LIBRTOLA
Requestparms data 2: SVN=WOLA3 SVC= MNC=1 MXC=10 TXN=N SEC=N REU=N
Requestparms data 3:
Processing a START SERVER request.
Starting WAS adapters Server task ...
Server transaction id will be: BBO$
Link transaction defaults to: BBO#
Service name will be:
Trace TDQ: BBOQ
Processing a REGISTER API request.
Register name: CICSMLA string len: 7
WAS Daemon: GROUP WAS Node: LIBRTOLA WAS Server: WOLA3
Min. connections: 1
Max. connections: 10
Transactional: N string len: 1
Security propagation: N string len: 1
Invoking OLA Register API for CICSMLA .
on with the Liberty profile server was not successful. The return code is 8, and the reason code 8.
And the failure in the JNDI call:
Context ctx = new InitialContext();
ConnectionFactory cf = (com.ibm.ws390.ola.jca.ConnectionFactoryImpl)ctx.lookup("java:comp/env/eis/ola");
Results in error:
[err] javax.naming.NameNotFoundException: javax.naming.NameNotFoundException: java:comp/env/eis/ola
[err] at com.ibm.ws.jndi.url.contexts.javacolon.internal.JavaURLContext.lookup(JavaURLContext.java:356) [err] at [internal classes]
[err] at javax.naming.InitialContext.lookup(InitialContext.java:428)
[err] at com.ibm.ctl.bank.impls.CTLBankWolaImpl.(CTLBankWolaImpl.java:51)
[err] at com.ibm.ctl.bank.web.OLTPBankRest.setImpl(OLTPBankRest.java:235)
Thanks

You have a lot going on here.
I'm not sure why you're starting ola.rar from the z/OS Connect v2 product, inside of a Liberty server. The zosLocalAdapters-1.0 feature already loads the ola.rar that ships with Liberty. You should remove the configuration from server.xml. That should resolve the CWWKZ0013E error.
You should see two CWWKB0103I messages in messages.log, one for WOLA (which you included) and one for CLIENT.WOLA. Please be sure you see both. It's possible you're on a very old version of Liberty that doesn't print the second CWWKB0103I message, so if this is true, please disregard that part.
I don't think you would have gotten this far without finding the WOLA configuration instructions for the Liberty server in the knowledge center, but here they are for other's benefits:
https://www.ibm.com/support/knowledgecenter/en/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_dat_enableconnector.html
OK next, I can't see your application to know whether you've got a resource-reference to a connection factory configured. I assume you do because you're doing a java:comp/env lookup. You do not need to cast to com.ibm.ws390.ola.jca.ConnectionFactoryImpl, and actually I highly recommend removing that since that is an internal class and subject to change at any time. It may be that the application class loader doesn't have access to that class, and that may be part of the problem.
Finally, you have a problem in CICS starting the link server. You are getting RC=8 RSN=8. A list of services and return/reason codes can be found here:
https://www.ibm.com/support/knowledgecenter/en/was_beta_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/rwlp_dat_olaapis.html
An 8/8 on BBOA1REG (register) indicates the register token is already in use. Basically, the RGN= name you picked is already in use. Are you sure there isn't a PLTPI transaction or something else in the CICS region that is already registered with that name? Perhaps try a different name just to see if it works, and if it does, maybe try BBOC LIST_SRVR to see what it is? It's difficult to say how it's getting started without knowing more about your system.
I hope this helps. Take care!

Related

How to use secret manager endpoint in lambda handler?

I want to make a write to RDS from lambda. As they both are in different accounts, I created a peering connection between them and also created a secret endpoint to access it. I have a non-rotational secret manager endpoint, I have a lambda handler like
LambdaHandler:
Type: AWS::Serverless::Function
Properties:
Handler: 'com.handle.lambda.handler.LambdaHandler::handleInputFeed'
Runtime: java8
CodeUri:
# Why are we using this instead of BATS::SAM::CodeS3Bucket
Bucket: {'Fn::If' : ['UseBatsKey', 'BATS::SAM::CodeS3Bucket', {"Fn::ImportValue" : {Ref: 'DeploymentBucketImportName'}}]}
Key: BATS::SAM::CodeS3Key
Description: Example lambda that takes an x and y value and returns the result of adding them.
Timeout: 20
Role:
Fn::GetAtt: [LambdaRole, Arn]
VpcConfig:
Fn::If:
- RunLambdaInVPC
- SecurityGroupIds: [{Ref: LambdaSecurityGroup}]
SubnetIds:
- {'Fn::ImportValue': PrivateSubnet01}
- {'Fn::ImportValue': PrivateSubnet02}
- {Ref: 'AWS::NoValue'}
How the secret endpoint will be used in this handler and how can I refer to the tables via that? As I am new to this any sample code or doc would be helpful. Not able to find.

You don't need to do anything1 , if the Lambda function is running inside the VPC with the endpoint accessible. Depending on the kind of Endpoint (Interface or Gateway) there are some DNS-tricks (Private Hosted Zones set up for you by AWS) employed by AWS to make this seem seamless.
Essentially the code doesn't need to know it's talking to a VPC endpoint, that's handled in the background. There are a couple exceptions that have bitten me in the past - see the footnote. If it doesn't work, make sure the security groups of the endpoint allow connections from the Lambda functions on Port 443.
1: The exception being IAM and other global services, here you should specify a regional endpoint when instantiating the client.

Why does my liberty configuration result in an unknown object name error?

We are trying to make our project which currently runs on WebSphere also work on Liberty.
In trying to get an MDB to work I get the following error: JMSCMQ0001: IBM MQ call failed with compcode '2' ('MQCC_FAILED') reason '2085' ('MQRC_UNKNOWN_OBJECT_NAME')
The relevant portion of the server.xml:
<jmsQueue id="jms/incomingRequestQueue" jndiName="jms/incomingRequestQueue">
<properties.mqJms baseQueueName="QUEUEIN" />
</jmsQueue>
<jmsActivationSpec id="application-ear/application-war/InboundMDB"
authDataRef="mqJms.auth">
<properties.mqJms destinationRef="jms/incomingRequestQueue" destinationType="javax.jms.Queue"
transportType="CLIENT"
hostName="${mqconnection.hostName}" port="${mqconnection.port}"
channel="${mqconnection.channel}"
messageCompression="NONE"
rescanInterval="5000"
sslCipherSuite="${mqconnection.sslCipherSuite}"
brokerControlQueue="${mqconnection.brokerControlQueue}" brokerSubQueue="${mqconnection.brokerSubQueue}"
brokerCCSubQueue="${mqconnection.brokerCCSubQueue}" brokerCCDurSubQueue="${mqconnection.brokerCCDurSubQueue}"/>
</jmsActivationSpec>
The values in the Liberty configuration were taken from WebSphere.
My question is if the reason for this error can only be that the queue name is incorrect, or if something could be missing from the configuration.
Update: the solution turned out to be to change destinationRef to destination and add useJNDI="true"

If you look at the logs on MQ and it appears to be trying to open an MQ object called jms/incomingRequestQueue, try replacing destinationRef with destinationLookup. Some methods of specifying the destination for an activation spec just pass the value straight to MQ instead of doing a lookup in the JNDI context for an admin object and fetching the right property.
See the notes in this table about the relationship between destination and destinationLookup. DestinationRef is a property that Liberty adds and I'm not sure how it all relates to the properties the resource adapter actually exposes but may be making this switch unnecessary. It all depends on what string you're trying to look up as a queue on the queue manager.
Additionally, for those who might have this issue and are using the destination property (likely in conjuntion with JMS 1.1/Java EE 6), where destinationLookup doesn't exist, you can specify useJNDI="true" as a property on the activation spec to resolve this, see the table linked above.

I was doing a migration to Open Liberty some time ago and also had some troubles. I managed to make it work, but cannot guarantee this will work for you as your case might be a bit different.
First, check carefully if baseQueueName="QUEUEIN" is correct (perhaps it is case-sensitive and does not match or something e.g. some prefix is missing).
Maybe setting a correct queueManager will help.
Here is my setup that works and it is almost the same as yours.
<resourceAdapter id="mqJMS" location="..../wmq.jmsra-9.1.4.0.rar"/>
<authData id="mqAlias" password="${env.MQ_PWD}" user="${env.MQ_USER}"/>
<jmsActivationSpec authDataRef="mqAlias" id="app-name/MyMessageBean">
<properties.mqJms destinationRef="jms/MyQ"
destinationType="javax.jms.Queue"
sslCipherSuite="${env.MQ_SSL_CIPHER_SUITE}"
channel="${env.MQ_CHANNEL}"
queueManager="${env.MQ_QUEUE_MANAGER}"
hostName="${env.MQ_HOST}" port="${env.MQ_PORT}"
transportType="CLIENT" />
</jmsActivationSpec>
<jmsQueue id="jms/MyQ" jndiName="jms/MyQ">
<properties.mqJms baseQueueName="${env.MY_QUEUE}"
baseQueueManagerName="${env.MQ_QUEUE_MANAGER}" />
</jmsQueue>
</server>
In general, the reason code 2085 means that the referenced queue could not be found on the Queue Manager.
There is this IBM Article that can be useful, especially Resolving The Problem section where you can see a short description of what they recommend to do in this case.

JBoss Teiid both source model table preview and VDB test failed

Sorry, I'm no Java person. Currently I'm playing with JBoss Teiid hoping that the tool can provide us a data virtualization layer among multiple data sources. I managed to install Teiid 10.2.1 on Wildfly 11. I started to set up various source models from multiple flavor of data sources.
First I created a flat file source model. I can preview the table fine. Next I created a MySQL source model. When I tried to preview the table, it gave me
Error deploying "PREVIEW-9b7b127a-cc80-4751-be77-2053c495daa8" - please check the server log for more details
By looking into the log, the problem seems to be
2018-08-19 19:38:53,878 WARN [org.teiid.RUNTIME] (Worker1_async-teiid-threads2) TEIID50036 VDB PREVIEW-9b7b127a-cc80-4751-be77-2053c495daa8.1.0.0 model "MySQLSourceModel" metadata failed to load. Reason:TEIID31259 In the statement ending with token teiid_mysql5 on line 2 column 61 the ddl is not valid: TEIID60017 Invalid prefix teiid_mysql5, teiid_ is reserved for Teiid use.: org.teiid.metadata.ParseException: TEIID31259 In the statement ending with token teiid_mysql5 on line 2 column 61 the ddl is not valid: TEIID60017 Invalid prefix teiid_mysql5, teiid_ is reserved for Teiid use.
I exported the model into Teiid DDL, it appears containing the fol,lowing
SET NAMESPACE 'http://www.teiid.org/ext/relational/2012' AS teiid_mysql5
But I can't find anywhere that allows me to change the namespace setting. Then I create an VDB from the model hoping that I can preview the table by executing the VDB. But I still got an error stating
19:53:09,906 WARN [org.teiid.SECURITY] (NIO3) TEIID40011 Processing exception 'TEIID50072 The username "user" and/or password and/or payload token could not be authenticated by security domain teiid-security.' for session null. Exception type org.teiid.client.security.LogonException thrown from org.teiid.jboss.JBossSecurityHelper.authenticate(JBossSecurityHelper.java:152). Enable more detailed logging to see the entire stacktrace.
19:53:09,945 WARN [org.teiid.SECURITY] (NIO0) TEIID40011 Processing exception 'TEIID50072 The username "user" and/or password and/or payload token could not be authenticated by security domain teiid-security.' for session null. Exception type org.teiid.client.security.LogonException thrown from org.teiid.jboss.JBossSecurityHelper.authenticate(JBossSecurityHelper.java:152). Enable more detailed logging to see the entire stacktrace.
How can I add org.teiid.jboss.JBossSecurityHelper.java into eclipse? Thank you very much in advance for any help.

java.lang.reflect.InvocationTargetException - RabbitMQ guest login deletion implication in SpringBoot Application [duplicate]

I am getting below exception
org.springframework.amqp.AmqpAuthenticationException: com.rabbitmq.client.AuthenticationFailureException: ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.
Configuration: RabbitMQ 3.3.5 on windows
On Config file in %APPDATA%\RabbitMQ\rabbit.config
I have done below change as per https://www.rabbitmq.com/access-control.html
[{rabbit, [{loopback_users, []}]}].
I also tried creating a user/pwd - test/test doesn't seem to make it work.
Tried the Steps from this post.
Other Configuration Details are as below:
Tomcat hosted Spring Application Context:
<!-- Rabbit MQ configuration Start -->
<!-- Connection Factory -->
<rabbit:connection-factory id="rabbitConnFactory" virtual-host="/" username="guest" password="guest" port="5672"/>
<!-- Spring AMQP Template -->
<rabbit:template id="rabbitTemplate" connection-factory="rabbitConnFactory" routing-key="ecl.down.queue" queue="ecl.down.queue" />
<!-- Spring AMQP Admin -->
<rabbit:admin id="admin" connection-factory="rabbitConnFactory"/>
<rabbit:queue id="ecl.down.queue" name="ecl.down.queue" />
<rabbit:direct-exchange name="ecl.down.exchange">
<rabbit:bindings>
<rabbit:binding key="ecl.down.key" queue="ecl.down.queue"/>
</rabbit:bindings>
</rabbit:direct-exchange>
In my Controller Class
#Autowired
RmqMessageSender rmqMessageSender;
//Inside a method
rmqMessageSender.submitToECLDown(orderInSession.getOrderNo());
In My Message sender:
import org.springframework.amqp.core.AmqpTemplate;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
#Component("messageSender")
public class RmqMessageSender {
#Autowired
AmqpTemplate rabbitTemplate;
public void submitToRMQ(String orderId){
try{
rabbitTemplate.convertAndSend("Hello World");
} catch (Exception e){
LOGGER.error(e.getMessage());
}
}
}
Above exception Block gives below Exception
org.springframework.amqp.AmqpAuthenticationException: com.rabbitmq.client.AuthenticationFailureException: ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.
Error Log
=ERROR REPORT==== 7-Nov-2014::18:04:37 ===
closing AMQP connection <0.489.0> (10.1.XX.2XX:52298 -> 10.1.XX.2XX:5672):
{handshake_error,starting,0,
{amqp_error,access_refused,
"PLAIN login refused: user 'guest' can only connect via localhost",
'connection.start_ok'}}
Pls find below the pom.xml entry
<dependency>
<groupId>org.springframework.amqp</groupId>
<artifactId>spring-rabbit</artifactId>
<version>1.3.6.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.integration</groupId>
<artifactId>spring-integration-amqp</artifactId>
<version>4.0.4.RELEASE</version>
</dependency>
Please let me know if you have any thoughts/suggestions

I am sure what Artem Bilan has explained here might be one of the reasons for this error:
Caused by: com.rabbitmq.client.AuthenticationFailureException:
ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN.
For details see the
but the solution for me was that I logged in to rabbitMQ admin page (http://localhost:15672/#/users) with the default user name and password which is guest/guest then added a new user and for that new user I enabled the permission to access it from virtual host and then used the new user name and password instead of default guest and that cleared the error.

To complete #cpu-100 answer,
in case you don't want to enable/use web interface, you can create a new credentials using command line like below and use it in your code to connect to RabbitMQ.
$ rabbitmqctl add_user YOUR_USERNAME YOUR_PASSWORD
$ rabbitmqctl set_user_tags YOUR_USERNAME administrator
$ rabbitmqctl set_permissions -p / YOUR_USERNAME ".*" ".*" ".*"

user 'guest' can only connect via localhost
That's true since RabbitMQ 3.3.x. Hence you should upgrade to the same version the client library, or just upgrade Spring AMQP to the latest version (if you use dependency managent system).
Previous version of client used 127.0.0.1 as default value for the host option of ConnectionFactory.

The error
ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN. For details see the broker logfile.
can occur if the credentials that your application is trying to use to connect to RabbitMQ are incorrect or missing.
I had this happen when the RabbitMQ credentials stored in my ASP.NET application's web.config file had a value of "" for the password instead of the actual password string value.

To allow guest access remotely, write this
[{rabbit, [{loopback_users, []}]}].
to here
c:\Users\[your user name]\AppData\Roaming\RabbitMQ\rabbitmq.config
then restart the rabbitmq windows service (Source https://www.rabbitmq.com/access-control.html)

On localhost , By default use 'amqp://guest:guest#localhost:5672'
So on a remote or hosted RabbitMQ. Let's say you have the following credentials
username: niceboy
password: notnice
host: goxha.com
port : 1597
then the uri you should pass will be
amqp://niceboy:notnice#goxha.com:1597
following the template amqp://user:pass#host:10000
if you have a vhost you can do amqp://user:pass#host:10000/vhost where the trailing vhost will be the name of your vhost

New solution:
The node module can't handle : in a password properly. Even url encoded, like it would work normally, it does not work.
Don't use typicalspecial characters from an URL in the password!
Like one of the following: : . ? + %
Original, wrong answer:
The error message clearly complains about using PLAIN, it does not mean the crendentials are wrong, it means you must use encrypted data delivery (TLS) instead of plaintext.
Changing amqp:// in the connection string to amqps:// (note the s) solves this.

just add login password to connect to RabbitMq
CachingConnectionFactory connectionFactory =
new CachingConnectionFactory("rabbit_host");
connectionFactory.setUsername("login");
connectionFactory.setPassword("password");

For me the solution was simple: the user name is case sensitive. Failing to use the correct caps will also lead to the error.

if you use the number as your password, maybe you should try to change your password using string.
I can login using deltaqin:000000 on the website, but had this while running the program. then change the password to deltaiqn. and it works.

I made exactly what #grepit made.
But I had to made some changes in my Java code:
In Producer and Receiver project I altered:
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("your-host-ip");
factory.setUsername("username-you-created");
factory.setPassword("username-password");
Doing that, you are connecting an specific host as the user you have created.
It works for me!

In my case I had this error, cuz of wrongly set password (I tried to use 5672, when the actual one in my system was 5676).
Maybe this will help someone to double check ports...

I was facing this issue due to empty space at the end of the password(spring.rabbitmq.password=rabbit ) in spring boot application.properties got resolved on removing the empty space. Hope this checklist helps some one facing this issue.

For C# coder, I tried below code and It worked, may be this can help someone so posting here.
scenario- RabbitMQ queue is running on another system in local area network but I was having same error.
by default there is a "guest" user exists. but you can not access remote server's queue (rabbitMq) using "guest" user so you need to create new user, Here I created "tester001" user to access data of remote server's queue.
ConnectionFactory factory = new ConnectionFactory();
factory.UserName = "tester001";
factory.Password = "testing";
factory.VirtualHost = "/";
factory.HostName = "192.168.1.101";
factory.Port = AmqpTcpEndpoint.UseDefaultPort;

If you tried all of these answers for your issue but you still got "ACCESS_REFUSED - Login was refused using authentication mechanism PLAIN", maybe you should remove rabbitmq and install it with a newer version.
Newer version worked for me.

Add one user and pass and connect to them. You can add 1 user via env variables (e.g., useful when Rabbit initializes in a Docker): RABBITMQ_DEFAULT_USER and RABBITMQ_DEFAULT_PASS. See more details here:
https://stackoverflow.com/a/70676040/1200914

set ConnectionFactory or Connection hostname to localhost

Unknown Move Destination: STORESCP

I have just installed dcm4chee4-4.4.0.Beta1, following INSTALL.md instructions and everything works fine except movescu test.
When I run this test I can see an error in standalone/log/server.log (previously I launched in another console storescp -b11115). This is the error:
2015-09-13 12:48:49,105 INFO [org.dcm4che3.net.Association] (pool-6-thread-7) DCM4CHEE<-MOVESCU(7): processing 1:C-MOVE-RQ[pcid=1, prior=0
cuid=1.2.840.10008.5.1.4.1.2.2.2 - Study Root Query/Retrieve Information Model - MOVE
tsuid=1.2.840.10008.1.2 - Implicit VR Little Endian failed. Caused by: org.dcm4che3.net.service.DicomServiceException: Unknown Move Destination: STORESCP#localhost:11115
at org.dcm4chee.archive.retrieve.scp.CMoveSCP.calculateMatches(CMoveSCP.java:184) [dcm4chee-arc-retrieve-scp-4.4.0.Beta1.jar:]
I think this is because of configuration, maybe I have to add STORESCP as acceptedAET or similar, but I can find info on how to do it. I search through ldap using Apache Directory Studio, but I didn't find anything.
Thanks in advance.

Using dcm4che3, it goes like this if you're implementing an SCP and need to define which other SCPs are allowed to C-STORE things to you.
// Usual calamity creating Connection, ApplicationEntity and Device
...
ApplicationEntity ae = new ApplicationEntity("MYAETITLE");
String[] acceptedAETs = { "STORESCP", "GEPACS" }; // etc...
ae.setAcceptedCallingAETitles(acceptedAETs);
I assume that your favourite SCP (STORESCP) may need to know where to find the SCP known by MYAETITLE; identified by IP address and port. Typically you connect to an SCP as a SCU, issuing a C-MOVE (in the scenario laid out here) instructing the SCP to do a C-STORE to the AET identified in the C-MOVE.
I'm a bit confused by your choice of AE Title in your question (STORESCP) because that indicates that you kind of mix up the two SCPs involved here; the one receiving the C-MOVE (which should not be called STORESCP :) and the one implementing the C-STORE behaviour. The answer I gave above, is aimed at the SCP implementing the C-STORE behaviour.

Develop Reference

Java is a programming language and computing platform first released by Sun Microsystems in 1995.