我正在尝试在下面发布和订阅示例代码段,我无法使用Node JS 6和mqlight v2.0运行
// Receive:
var mqlight = require('mqlight');
var recvClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'});
recvClient.on('started', function() {
recvClient.subscribe('/TEST/#','sub1');
recvClient.on('message', function(data, delivery) {
console.log(data);
});
});
// Send:
var sendClient = mqlight.createClient({service: 'amqp://user:user@localhost:5672'});
sendClient.on('started', function() {
sendClient.send('TEST');
});
我使用节点js v6运行示例代码mqlight 2.0
$node mqlight_sample.js
events.js:160
throw er; // Unhandled 'error' event
^
SecurityError: AMQXR0100E: A connection from 172.17.0.1 was not authorized.
at lookupError (/media/Data/mqlight/node_modules/mqlight/mqlight.js:1034:11)
at AMQPClient.<anonymous> (/media/anonim/Data/mqlight/node_modules/mqlight/mqlight.js:1925:13)
at emitOne (events.js:96:13)
at AMQPClient.emit (events.js:188:7)
at Connection.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/amqp_client.js:388:10)
at emitOne (events.js:96:13)
at Connection.emit (events.js:188:7)
at Connection._processCloseFrame (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:495:10)
at Connection._receiveAny (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:423:12)
at Connection._receiveData (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:357:8)
at NetTransport.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/connection.js:515:38)
at emitOne (events.js:96:13)
at NetTransport.emit (events.js:188:7)
at Socket.<anonymous> (/media/anonim/Data/mqlight/node_modules/amqp10/lib/transport/net_transport.js:26:49)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
来自MQ Server的这一个错误日志
# tail -100f /var/mqm/qmgrs/QM1/errors/amqp_0.log
3/31/17 19:14:44.115 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED
3/31/17 19:14:45.142 AMQXR0041E: A connection was not authorized for channel SYSTEM.DEF.AMQP received from 172.17.0.1. MQRC 2035 MQRC_NOT_AUTHORIZED
如果需要将CONNAUTH和CHCKCLNT更改为禁用,则启用AMQP的实际身份验证我可以与Node JS 6连接
START SERVICE(SYSTEM.AMQP.SERVICE)
SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(BLOCKUSER) USERLIST('nobody')
SET CHLAUTH(SYSTEM.DEF.AMQP) TYPE(ADDRESSMAP) ADDRESS(*) USERSRC(CHANNEL) CHCKCLNT(REQUIRED)
REFRESH SECURITY TYPE(CONNAUTH)
START CHANNEL(SYSTEM.DEF.AMQP)
DISPLAY CHSTATUS(SYSTEM.DEF.AMQP) CHLTYPE(AMQP)
04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5534: User ID 'user' authentication failed
EXPLANATION:
The user ID and password supplied by the 'AMQP' program could not be
authenticated.
Additional information: 'N/A'.
ACTION:
Ensure that the correct user ID and password are provided by the application.
Ensure that the authentication repository is correctly configured. Look at
previous error messages for any additional information.
----- amqzfuca.c : 4486 -------------------------------------------------------
04/02/17 07:10:16 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.
EXPLANATION:
The user ID 'user' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM).
This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information.
Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server.
If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
not passing a user ID across the channel. For example, by omitting the MQCSP
structure from the client MQCONNX API call.
To avoid the authentication check, you can amend the authentication
configuration of the queue manager connection, but you should generally not
allow unauthenticated remote access.
-------------------------------------------------------------------------------
04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5534: User ID 'user' authentication failed
EXPLANATION:
The user ID and password supplied by the 'AMQP' program could not be
authenticated.
Additional information: 'N/A'.
ACTION:
Ensure that the correct user ID and password are provided by the application.
Ensure that the authentication repository is correctly configured. Look at
previous error messages for any additional information.
----- amqzfuca.c : 4486 -------------------------------------------------------
04/02/17 07:10:17 - Process(587.6) User(mqm) Program(java)
Host(770e29171038) Installation(Installation1)
VRMF(9.0.1.0) QMgr(QM1)
AMQ5542: The failed authentication check was caused by the queue manager
CONNAUTH CHCKCLNT(REQDADM) configuration.
EXPLANATION:
The user ID 'user' and its password were checked because the queue manager
connection authority (CONNAUTH) configuration refers to an authentication
information (AUTHINFO) object named 'USE.OS' with CHCKCLNT(REQDADM).
This message accompanies a previous error to clarify the reason for the user ID
and password check.
ACTION:
Refer to the previous error for more information.
Ensure that a password is specified by the client application and that the
password is correct for the user ID. The authentication configuration of the
queue manager connection determines the user ID repository. For example, the
local operating system user database or an LDAP server.
If the CHCKCLNT setting is OPTIONAL, the authentication check can be avoided by
not passing a user ID across the channel. For example, by omitting the MQCSP
structure from the client MQCONNX API call.
To avoid the authentication check, you can amend the authentication
configuration of the queue manager connection, but you should generally not
allow unauthenticated remote access.
-------------------------------------------------------------------------------
答案 0 :(得分:1)
在查看队列管理器的错误日志时,似乎MQ无法通过mqlight_sample.js程序验证传递给AMQP通道的用户。
请尝试以下两个命令并记下输出:
echo 'goodpassword' | /opt/mqm/bin/security/amqoamax user ; echo $?
echo 'badpassword' | /opt/mqm/bin/security/amqoamax user ; echo $?
OP注意到上述命令的输出为0和1。这意味着MQ可以正确地验证UserId&#34; user&#34;使用正确的密码,因为它返回0。
接下来请在队列管理器上创建一个普通的SVRCONN通道并尝试以下示例程序,这将再次排除MQ和CONNAUTH是一个问题。
echo 'goodpassword' | amqscnxc -x 'localhost(5672)' -c SVRCONN.CHANNEL -u user QM1; echo $?
如果好的输出应该如下所示:
Sample AMQSCNXC start
Connecting to queue manager QM1
using the server connection channel SVRCONN.CHANNEL
on connection name localhost(5672).
Enter password: Connection established to queue manager QM1
Sample AMQSCNXC end
0
如果失败则输出如下:
Sample AMQSCNXC start
Connecting to queue manager QM1
using the server connection channel SVRCONN.CHANNEL
on connection name localhost(5672).
Enter password: MQCONNX ended with reason code 2035
243
如果上述测试也成功,请验证mqlight_sample.js是否具有与两个测试相同的用户和goodpassword值。
如果您发现UserID和密码正确,那么amqp程序似乎没有正确传递密码,而其他具有更多AMQP知识的人需要帮助。
更新2017-04-28
OP @dhaavhincy发布了一个新的答案,每个IBM的问题是由于Node JS v6中的SASL流程被更改并与IBM MQ AMQP不兼容。 IBM已经规定,这将通过尚未发布到网上的APAR IT20283进行修复。
更新2017-06-20
APAR IT20283于5月22日左右在网上发布。
答案 1 :(得分:1)
SASL流程已在新的Node JS客户端版本中更改。 IBM AMQP服务器当前不支持新的SASL流。 AMQP服务器认为此时它应该已经有足够的数据用于客户端用户的身份验证和授权。但是,由于新Node JS客户端的更改,当服务器尝试对客户端进行身份验证时,尚未发送其余所需数据。这就是为什么日志显示只有用户'mqm'已设置且没有密码提供给QMgr的原因。因此导致授权错误APAR IT20283