New: MQ Standard Security Exit v2.4.0

May 28, 2018 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Standard Security Exit v2.4.0. This is a FREE upgrade for ALL licensed users of MQ Standard Security Exit. MQ Standard Security Exit is a solution that allows a MQAdmin to control and restrict who is accessing an IBM MQ resource.

For more information about MQ Standard Security Exit go to:
https://www.capitalware.com/mqssx_overview.html

    Changes for MQ Standard Security Exit v2.4.0:

  • Fixed an issue in the logging framework where a constant was being modified.

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Standard Security Exit, Security, Unix, Windows Comments Off on New: MQ Standard Security Exit v2.4.0

New: MQ Standard Security Exit for z/OS v2.4.0

May 28, 2018 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Standard Security Exit for z/OS v2.4.0. This is a FREE upgrade for ALL licensed users of MQ Standard Security Exit for z/OS. MQ Standard Security Exit for z/OS is a solution that allows a MQAdmin to control and restrict who is accessing an IBM MQ resource.

For more information about MQ Standard Security Exit for z/OS go to:
https://www.capitalware.com/mqssx_zos_overview.html

    Changes for MQ Standard Security Exit for z/OS v2.4.0:

  • Fixed an issue in the logging framework where a constant was being modified.

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM MQ, Security, z/OS Comments Off on New: MQ Standard Security Exit for z/OS v2.4.0

New: MQ Auditor v3.0.0

May 24, 2018 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Auditor v3.0.0. This is a FREE upgrade for ALL licensed users of MQ Auditor. MQ Auditor is a solution that allows a company to audit/track all MQ API calls performed by MQ applications that are connected to a queue manager.

For more information about MQ Auditor go to:
https://www.capitalware.com/mqa_overview.html

    Changes for MQ Auditor v3.0.0:

  • Added Topics keyword to control what topics will be audited.
  • Added UseExcludeTopics and ExcludeTopics keywords to explicitly exclude topics from being audited.
  • Enhanced the processing for Subscriptions.
  • Fixed an issue with large usr folder for an MQRFH2 (JMS) messsage
  • Fixed an issue with formatting of some MQCHARV fields for MQSD structure
  • Fixed an issue with MQPut1 using the correct audit file.
  • Fixed an issue with PMO ‘NewMsgHandle’ string being in the wrong location.
  • Fixed an issue with determining the application name.
  • Fixed an issue with PCF messages being converted to human-readable large than 10KB.
  • Fixed an issue with PCF messages not being handled for MQCALLBACK.
  • Fixed an issue in the logging framework where a constant was being modified.
  • Removed MQAPILevel keyword as it is no longer needed.

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Auditor, Unix, Windows Comments Off on New: MQ Auditor v3.0.0

IBM MQ for HPE NonStop V8.0.3 is now available

May 24, 2018 Roger Lacroix

IBM MQ for HPE NonStop 8.0.3 is the second Continuous Delivery (CD) update for MQ NonStop version 8. IBM MQ for HPE NonStop V8.0.3 is the third Continuous Delivery (CD) update for MQ NonStop version 8. This release provides another security update for OpenSSL, with V8.0.3 now using OpenSSL 1.0.2o.
https://developer.ibm.com/messaging/2018/05/21/ibm-mq-hpe-nonstop-v8-0-3-now-available/

Regards,
Roger Lacroix
Capitalware Inc.

Fix Packs for MQ, HPE NonStop, IBM MQ Comments Off on IBM MQ for HPE NonStop V8.0.3 is now available

New: MQ Channel Connection Inspector v1.0.0

May 17, 2018 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Channel Connection Inspector v1.0.0.

MQ Channel Connection Inspector (MQCCI) is a solution that allows a company to track and/or audit what information a client application or remote queue manager is exchanging with the local queue manager when a connection is made.

MQCCI is comprised of an MQ Channel Security Exit. A channel security exit is ONLY invoked/called by the queue manager’s MCA (Message Channel Agent) for MQCONN/X and MQDISC API calls (so it is very light-weight).

MQCCI will operate with IBM MQ v7.0, v7.1, v7.5, v8.0 and v9.0 in Windows, Unix, IBM i and Linux environments. It works with Server Connection, Receiver, Requester, Sender, Server, Cluster-Sender and Cluster-Receiver channels of IBM MQ queue manager.

MQCCI is designed to provide the MQAdmin with any or all of the fields of the MQCD and MQCXP structures in a “human readable” format. Human readable implies that it will convert binary fields into their MQ defined names (i.e. SSLClientAuth=MQSCA_REQUIRED). The user can control the fields that are outputted for each of the following MQ structures: MQCD and MQCXP.

MQCCI is designed to output 1 line per API call (1 long line). The output information is written to plain text CSV (Comma Separate Value) files. The user can choose to have the output information written to a local or remote queue rather than to a file.

On IBM i, Linux, Unix and Windows, MQCCI can be configured and used with a non-default installation of MQ in a multi-install MQ environment.

For more information about MQCCI, please go to:
https://www.capitalware.com/mqcci_overview.html

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Channel Connection Inspector, Unix, Windows Comments Off on New: MQ Channel Connection Inspector v1.0.0

New: MQ Channel Connection Inspector for z/OS v1.0.0

May 17, 2018 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Channel Connection Inspector for z/OS v1.0.0.

MQ Channel Connection Inspector for z/OS (z/MQCCI) is a solution that allows a company to track and/or audit what information a client application or remote queue manager is exchanging with the local queue manager when a connection is made.

z/MQCCI is comprised of an MQ Channel Security Exit. A channel security exit is ONLY invoked/called by the queue manager’s MCA (Message Channel Agent) for MQCONN/X and MQDISC API calls (so it is very light-weight).

z/MQCCI will operate with IBM MQ v5.3.1, v6.0, v7.0, v7.1, v8.0 and v9.0 for z/OS environments. It works with Server Connection, Receiver, Requester, Sender, Server, Cluster-Sender and Cluster-Receiver channels of IBM MQ queue manager.

z/MQCCI is designed to provide the MQAdmin with any or all of the fields of the MQCD and MQCXP structures in a “human readable” format. Human readable implies that it will convert binary fields into their MQ defined names (i.e. SSLClientAuth=MQSCA_REQUIRED). The user can control the fields that are outputted for each of the following MQ structures: MQCD and MQCXP.

z/MQCCI is designed to output 1 line per API call (1 long line). The output information is written to plain text CSV (Comma Separate Value) files. The user can choose to have the output information written to a local or remote queue rather than to a file.

For more information about z/MQCCI, please go to:
https://www.capitalware.com/mqcci_zos_overview.html

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM MQ, MQ Channel Connection Inspector, z/OS Comments Off on New: MQ Channel Connection Inspector for z/OS v1.0.0

Code to Show the IBM MQ JMS Message Named Property Issue

May 17, 2018 Roger Lacroix

I’m getting comments/questions about the blog posting I made yesterday: IBM MQ JMS Message Named Property Issues.

There are 2 ways to create a JMS message with a non-JMS Java program:

  • You can use the MQRFH2 class
  • You can use Named Properties and specify “mcd.Msd”, “jms.Dst” and “jms.Pri” properties.

Here is a simple non-JMS Java program called MQTest11NP that will create a JMS message using Named Properties. You can download the source code from here.

Here is just a snippet of code, the important part (see download for complete code):

String msgData = "This is a test message from MQTest11NP";

qMgr = new MQQueueManager(qMgrName, mqht);
queue = qMgr.accessQueue(outputQName, openOptions);

MQMessage sendmsg = new MQMessage();
sendmsg.format = CMQC.MQFMT_STRING;

sendmsg.writeString(msgData);

/**
 * Set named properties aka message properties
 * that will create a JMS message.
 */
sendmsg.setStringProperty("mcd.Msd", "jms_text");
sendmsg.setStringProperty("jms.Dst", "queue:///"+outputQName);
sendmsg.setStringProperty("jms.Pri", "0");
sendmsg.setIntProperty("SomeNum", 123);
sendmsg.setStringProperty("SomeText", "TEST");

// put the message on the queue
queue.put(sendmsg, pmo);

Here are the IBM MQ Java JAR file releases, I tested:

IBM MQ Release Result
MQ v7.1.0.2 Failed
MQ v7.5.0.0 Failed
MQ v7.5.0.2 Failed
MQ v7.5.0.5 Failed
MQ v7.5.0.7 Failed
MQ v7.5.0.8 Failed
MQ v8.0.0.0 Correct
MQ v8.0.0.4 Correct
MQ v8.0.0.5 Correct
MQ v8.0.0.6 Correct
MQ v8.0.0.9 Correct
MQ v9.0.2.0 Correct
MQ v9.0.4.0 Correct
MQ v9.0.5.0 Correct

And to show everyone that this has nothing to do with MQ Visual Edit, here are screenshots from MQ Explorer shows an MQTest11NP message on the queue when using MQ v7.5.0.8 JAR files.

MQ Explorer Named Properties window:

MQ Explorer Data Properties window:

Now using MQTest11NP with MQ v8.0.0.9 JAR files.

MQ Explorer Named Properties window:

MQ Explorer Data Properties window:

Regards,
Roger Lacroix
Capitalware Inc.

HPE NonStop, IBM i (OS/400), IBM MQ, Java, JMS, Linux, macOS (Mac OS X), Programming, Unix, Windows, z/OS 2 Comments

Airbus A350 near Vertical Takeoff

May 16, 2018 Roger Lacroix

OMG. I want to take a ride. Pleeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeease.

Regards,
Roger Lacroix

General, Video Comments Off on Airbus A350 near Vertical Takeoff

IBM MQ JMS Message Named Property Issues

May 16, 2018 Roger Lacroix

Ah, the joys of writing applications for IBM MQ and inevitable customer support that goes with it. 🙂

Late last week, a customer contacted me with an issue with MQ Visual Edit (MQVE) saying after adding Named Properties (i.e. mcd.Msd, etc.) to a regular message which should turn it into a JMS message, they could no longer edit the message.

In MQVE, the user has ‘Show message properties as Named Properties’ set rather than ‘Show message properties as an MQRFH2 structure in message body’ under ‘MQ General’ settings for Preferences.

I followed their description and was able to reproduce it. Near the bottom of the MQVE logfile, I found the following:

np.getName()=JMSPriority                    
MQJE001: Completion Code '2', Reason '2471'.
np.getName()=JMSDestination                 
MQJE001: Completion Code '2', Reason '2471'.

Reason Code of 2471 is MQRC_PROPERTY_NOT_AVAILABLE.

The error message was only written to the logfile because the exception happened in the ‘model’ code of the standard Model-View-Controller design pattern.

I know I tested this feature several years ago when I was beta testing MQVE version 2, I started to wonder what has changed. Of course, MQVE is now built against a different release of IBM MQ (a light slowly starts to brighten over my head).

MQVE is a Java (non-JMS) application but I treat my Java code just like my C code. I purchased and use Excelsior Jet to create native applications from my Java code. I have makefiles that do builds of my code using Excelsior Jet’s compiler which turns MQVE into a native executable. I do this for Windows, Linux and macOS (Mac OS X). I’ve upgraded MQ (and applied FixPacks) since my original beta testing.

So, why was MQVE getting Reason Code of 2471 for the Named Properties ‘JMSPriority’ and ‘JMSDestination’? A quick Google search took me to the MQ Knowledge Center’s Property name restrictions page. There are 15 Named Properties on that page that are restricted and of course, ‘JMSPriority’ and ‘JMSDestination’ are on the list. I don’t understand why the MQ Library would use a Named Property that the application could not reuse – more on this later.

I have many releases (not all) of MQ Java JAR files for compatibility testing. Since, my testing was years ago, I would have been testing against some MQ version of either v7.1 or v7.5. No matter what release of MQ I tried, MQVE always received ‘JMSPriority’ and ‘JMSDestination’ Named Properties. I started to bang my head against the wall!!! I know I tested JMS messages but I cannot recreate my tests. Ahhhhhh!

And to make matters worst, with MQ v7.1 and MQ v7.5 JAR files, now I was getting another exception: Reason Code of 6114 which is MQRC_INSUFFICIENT_DATA. My day was just getting better and better, NOT!!!

From the MQ Knowledge Center:

There is insufficient data after the data pointer to accommodate the request. This Reason Code occurs in the IBM MQ C++ environment.

MQVE is a Java application not C++ and it is connecting in ‘client mode’ to the remote queue manager, so there is NO native MQ code being executed locally.

Oh, the other weird part of the Reason Code of 6114 was that there was no exception being thrown by MQ. The MQ library was simply writing ‘MQJE001: Completion Code ‘2’, Reason ‘6114’.’ to stderr (standard error).

Anther weird thing I noticed was that the message’s Encoding was set to 1 (rather than 273) and the CCSID was set to 1208 (rather than 819).

Reason Code of 6114 only happened when I used MQ JAR files from either v7.1 and/or v7.5 (MQ v8 & v9 was fine). I figured I better fix the original error and maybe the rest would go away (spoiler alert – it didn’t).

I have no clue why the MQ Library has a need to use restricted name properties for a non-JMS Java application. I mean, I understand why IBM is restricting applications from using ‘JMS****’ as a Named Property and that is fine with me. But why in the world, would the MQ Library pass ‘JMSPriority’ and ‘JMSDestination’ Named Properties to a non-JMS Java application. It is just odd, really, really odd. The MQ Library could have simply used ‘jms.Pri’ and ‘jms.Dst’ rather than ‘JMSPriority’ and ‘JMSDestination’.

So, I created a simple lookup tables for the reserved property names (aka Named Properties) and their synonyms as per the web page from the MQ Knowledge Center.

In case anyone else ever has a need to update a message (ok, there is no such thing as update but rather MQGET, transfer data to new MQMessage then MQPUT), here is some simple code that you can put in your application’s Constants.java file (or whatever you call your constants file).

/**
 * Keys must be in sorted order.
 */
private static final String JMSRestrictedProperties[] =
{
   "JMSCorrelationID",
   "JMSDeliveryMode",
   "JMSDestination",
   "JMSExpiration",
   "JMSMessageID",
   "JMSPriority",
   "JMSRedelivered",
   "JMSReplyTo",
   "JMSTimestamp",
   "JMSType",
   "JMSXAppID",
   "JMSXDeliveryCount",
   "JMSXGroupID",
   "JMSXGroupSeq",
   "JMSXUserID",
};

private static final String JMSSynonyms[] =
{
   "jms.Cid",
   "jms.Dlv",
   "jms.Dst",
   "jms.Exp",
   "Root.MQMD.MsgId",
   "jms.Pri",
   "Root.MQMD.BackoutCount",
   "jms.Rto",
   "jms.Tms",
   "mcd.Type",
   "Root.MQMD.PutApplName",
   "Root.MQMD.BackoutCount",
   "jms.Gid",
   "jms.Seq",
   "Root.MQMD.UserIdentifier",
};

/**
 * Get the JMS synonym for the JMS Restricted Property
 *
 * @param key
 * @return synonym
 */
public static String getJMSSynonym(String key)
{
   String synonym = null;
   int x = Arrays.binarySearch(JMSRestrictedProperties, key);

   if (x >= 0)
      synonym = JMSSynonyms[x];

   return synonym;
}

So, if you put the above code in your Constants.java file then to transfer the Named Properties from an old MQMessage to a new MQMessage then you would do:

MQMessage newMsg = new MQMessage();

try
{
   Enumeration<String> props = oldMsg.getPropertyNames("%");
   if (props != null)
   {
      String propName = null;
      String synonymName = null;

      while (props.hasMoreElements())
      {
         propName = props.nextElement();
         try
         {
            synonymName = Constants.getJMSSynonym(propName);
            if (synonymName != null)
               newMsg.setObjectProperty(synonymName, oldMsg.getObjectProperty(propName));
            else
               newMsg.setObjectProperty(propName, oldMsg.getObjectProperty(propName));
         }
         catch (MQException e)
         {
            System.err.println(e.getLocalizedMessage());
         }
      }
   }
}
catch (MQException e)
{
   System.err.println(e.getLocalizedMessage());
}

So, after updating the code in MQVE, the original error was fixed and everything was fine when I tested MQVE against MQ Java JAR files from V8 and V9 but I still received the Reason Code of 6114 (including incorrect Encoding & CCSID values) when I did the tests against MQ Java JAR files for V7.1 and V7.5.

The only conclusion that I can draw is that since MQVE (non-JMS) Java application is explicitly creating a JMS message by setting the Named Property values for ‘mcd.Msd’, ‘jms.Pri’ (aka ‘JMSPriority’) and ‘jms.Dst’ (aka ‘JMSDestination’) that there is some bug in the MQ Java JAR files for V7.1 and V7.5 that was fixed in V8 because MQ V8 and V9 Java JAR files do not produce this issue.

Finally, MQ V7.1 and V7.5 are no longer supported by IBM, therefore, there is no point in complaining and opening a PMR. Food for thought, if you are using MQ V7.1 or V7.5 with a non-JMS Java application that is explicitly creating a JMS message.

And the funniest part is that after MQVE updates a JMS message using the JMS Synonyms, when the MQVE display is refreshed, the JMS messages are again using the restricted JMS Named Properties. 🙂

Regards,
Roger Lacroix
Capitalware Inc.

HPE NonStop, IBM i (OS/400), IBM MQ, Java, JMS, Linux, macOS (Mac OS X), MQ Visual Edit, Programming, Unix, Windows, z/OS 3 Comments

Andrew Schofield will be Speaking at MQTC v2.0.1.8

May 15, 2018 Roger Lacroix

Andrew Schofield of IBM will be presenting the following sessions at MQ Technical Conference v2.0.1.8 (MQTC):

    Andrew Schofield’s Technical Session:

  • Event Streams using Apache Kafka and how it relates to MQ

For more information about MQTC, please go to:
http://www.mqtechconference.com

Regards,
Roger Lacroix
Capitalware Inc.

Education, IBM MQ, MQ Technical Conference Comments Off on Andrew Schofield will be Speaking at MQTC v2.0.1.8