Hi all,
thanks to Dovetail documentation and to Steve Goetze help I correctly installed Tomcat (whose job runs under my user) in my Z/OS environment (Z/OS 1.4 with JVM 1.4.2). I tested all the sample servlets provided by JZOS: all of them are working but the one (named JdbcTest) which tests JDBC connection. I faced the following error: com.ibm.db2.jcc.DB2SQLException: DB2SQLJConnection error in native method: constructor: CONNECT 00F30089 SQLSTATE=42505 and SQLCODE=-922
The error is reported at http://www-1.ibm.com/support/docview.ws ... wg21180143
The problem is that no error appears in DB2 logs nor does any in any Tomcat logs (even when setting '+T' to enable tracing) and please note that my user (which is the OWNER of Tomcat job) has sufficient authority to connect to DB2!!
I tried to change the OWNER of Tomcat to an userid which has wide authorizations. I faced the following error: java.sql.SQLException: DB2SQLJConnection error in native method: constructor: RRS "IDENTIFY" failed using DB2 system:D200, RC=08 and REASON=00f30013 SQLSTATE=FFFFF and RETURN CODE=-1
The meaning is the same: somewhere there's a lack in authorization. Also in this second case we find nothing wrong in SYSLOG message nor do we find anything in DB2 logs. However I found this error message in Tomcat log:
ICH408I USER(theuserIchose...) GROUP(SYICHRIN) NAME(STARTED TASK
D210.RRSAF CL(DSNR )
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
ICH408I USER(theuserIchose...) GROUP(SYICHRIN) NAME(STARTED TASK
D220.RRSAF CL(DSNR )
INSUFFICIENT ACCESS AUTHORITY
ACCESS INTENT(READ ) ACCESS ALLOWED(NONE )
So I created a specific user for Tomcat job and I grant it the RRSAF authorization.
I tested JdbcTest servlet once more and I saw the error: com.ibm.db2.jcc.DB2SQLException: DB2SQLJConnection error in native method: constructor: CONNECT 00F30089 SQLSTATE=42505 and SQLCODE=-922
This is the same error I faced when I ran Tomcat job under my user.
Also in this case I found nothing in SYSLOG, nothing in DB2 logs and nothing in Tomcat logs (I mean the DD SYSOUTS of Tomcat job running in SDSF) as well. I didn't find any error even using DETECTOR tool (it's a DB2 Monitor).
I think that JdbcTest servlet uses an anonymous-like user within the code and this could be the problem...
Would anyone give some help please?
Regards,
Michele
Authorization problem while running JDBC test servlet
Are you using the DB2 Universal driver (db2jcc) ?
Can you post how you have configured the datasource?
I assuming that you are using a type-4 driver ("thin" network connection).
The error messages that you are getting seem to indicate that the DB2 network server process is getting a security error. From the error description:
If not, I would recommend that you get DB2 connect (remote tcp/ip) connections working first before you try connecting with the type-4 Java driver (which uses the same communications transport).
For DB2-specific problems, you might want to try asking specific questions on the DB2 newsgroup: comp.databases.ibm-db2
Can you post how you have configured the datasource?
I assuming that you are using a type-4 driver ("thin" network connection).
The error messages that you are getting seem to indicate that the DB2 network server process is getting a security error. From the error description:
Does this DB2 system work with remote tcp/ip connections at all? (can you connect with DB2 connect using tcp/ip from a workstation?)If this error occurred during
a remote connection request, examine the communications database to
determine the security controls in effect for a remote connection
request. Refer to Part 3 (Volume 1) of DB2 Administration Guide for
examples of how to set up the security controls for remote connection
requests in the communications database.
If not, I would recommend that you get DB2 connect (remote tcp/ip) connections working first before you try connecting with the type-4 Java driver (which uses the same communications transport).
For DB2-specific problems, you might want to try asking specific questions on the DB2 newsgroup: comp.databases.ibm-db2
-
Michele Modolo
- Posts: 10
- Joined: Fri Feb 10, 2006 6:04 am
Thank you for your answer dovetail, this is my reply:
Yes, I'm using DB2 Universal driver (db2jcc).
This is my datasource configuration:
<Resource type="com.ibm.db2.jcc.DB2SimpleDataSource" name="jdbc/mydb2"/>
<ResourceParams name="jdbc/mydb2">
<parameter>
<name>factory</name>
<value>com.ibm.db2.jcc.DB2DataSourceFactory</value>
</parameter>
<parameter>
<name>database</name>
<value>my DB2 member name...</value>
</parameter>
<parameter>
<name>username</name>
<value>myusername...</value>
</parameter>
<parameter>
<name>password</name>
<value>mypassword...</value>
</parameter>
<parameter>
<name>type</name>
<value>4</value>
</parameter>
</ResourceParams>
Yes, as you see above, I'm using a type-4 driver.
Yes, the error messages that I'm getting seem to indicate that the DB2 network server process is getting a security error. I've already seen the complete error messages explanation but the problem is that I don't see any specific error message ANYWHERE in DB2 logs!
Yes, my DB2 system correctly works with remote tcp/ip connections.
Let me give you an abstract from DB2 MSTR log:
DSNL003I -D210 DDF IS STARTING
DSNL512I -D210 DSNLILNR TCP/IP SOCKET FAILED WITH 231
RETURN CODE=112 AND REASON CODE=743C0296
DSNL004I -D210 DDF START COMPLETE 239
LOCATION D200
LU ITCSO001.D210
GENERICLU -NONE
DOMAIN -NONE
TCPPORT 5000
RESPORT 5001
DSN9022I -D210 DSNYASCP 'START DB2' NORMAL COMPLETION
DSNL523I -D210 DSNLILNR TCP/IP SERVICES AVAILABLE 852
FOR VIPA 53.212.1.63 AND PORT 5000
DSNL523I -D210 DSNLIRSY TCP/IP SERVICES AVAILABLE 857
FOR VIPA 53.212.1.61 AND PORT 5001
Yes I can connect DB2 from workstation without any problem.
Moreover I can correctly connect DB2 from a Java program running from Z/OS shell.
Let me give you the evidence as follows:
/u/db00974 >java EzJava //mvs00.mvsvi.debis.it:5000/D200
**** Enter class EzJava
**** Loaded the JDBC driver
**** Created a JDBC connection to the data source
**** Created JDBC Statement object
**** Creaed JDBC ResultSet object
QCLU
QCLUX
QCLUX1
**** Fetched all rows from JDBC ResultSet
**** Closed JDBC ResultSet
**** Closed JDBC Statement
**** Transaction committed
**** Disconnected from data source
**** JDBC Exit from class EzJava - no errors
As you can see this seems to be tough problem....
Futhermore I'm also unable to test JDBC connection via Dreamweaver (I get an "UNDEFINED error"!!). I already post a help message in Macromedia forum.
Well...I hope I'll see the light as soon as possible he, he, he...
Regards,
Michele Modolo
Yes, I'm using DB2 Universal driver (db2jcc).
This is my datasource configuration:
<Resource type="com.ibm.db2.jcc.DB2SimpleDataSource" name="jdbc/mydb2"/>
<ResourceParams name="jdbc/mydb2">
<parameter>
<name>factory</name>
<value>com.ibm.db2.jcc.DB2DataSourceFactory</value>
</parameter>
<parameter>
<name>database</name>
<value>my DB2 member name...</value>
</parameter>
<parameter>
<name>username</name>
<value>myusername...</value>
</parameter>
<parameter>
<name>password</name>
<value>mypassword...</value>
</parameter>
<parameter>
<name>type</name>
<value>4</value>
</parameter>
</ResourceParams>
Yes, as you see above, I'm using a type-4 driver.
Yes, the error messages that I'm getting seem to indicate that the DB2 network server process is getting a security error. I've already seen the complete error messages explanation but the problem is that I don't see any specific error message ANYWHERE in DB2 logs!
Yes, my DB2 system correctly works with remote tcp/ip connections.
Let me give you an abstract from DB2 MSTR log:
DSNL003I -D210 DDF IS STARTING
DSNL512I -D210 DSNLILNR TCP/IP SOCKET FAILED WITH 231
RETURN CODE=112 AND REASON CODE=743C0296
DSNL004I -D210 DDF START COMPLETE 239
LOCATION D200
LU ITCSO001.D210
GENERICLU -NONE
DOMAIN -NONE
TCPPORT 5000
RESPORT 5001
DSN9022I -D210 DSNYASCP 'START DB2' NORMAL COMPLETION
DSNL523I -D210 DSNLILNR TCP/IP SERVICES AVAILABLE 852
FOR VIPA 53.212.1.63 AND PORT 5000
DSNL523I -D210 DSNLIRSY TCP/IP SERVICES AVAILABLE 857
FOR VIPA 53.212.1.61 AND PORT 5001
Yes I can connect DB2 from workstation without any problem.
Moreover I can correctly connect DB2 from a Java program running from Z/OS shell.
Let me give you the evidence as follows:
/u/db00974 >java EzJava //mvs00.mvsvi.debis.it:5000/D200
**** Enter class EzJava
**** Loaded the JDBC driver
**** Created a JDBC connection to the data source
**** Created JDBC Statement object
**** Creaed JDBC ResultSet object
QCLU
QCLUX
QCLUX1
**** Fetched all rows from JDBC ResultSet
**** Closed JDBC ResultSet
**** Closed JDBC Statement
**** Transaction committed
**** Disconnected from data source
**** JDBC Exit from class EzJava - no errors
As you can see this seems to be tough problem....
Futhermore I'm also unable to test JDBC connection via Dreamweaver (I get an "UNDEFINED error"!!). I already post a help message in Macromedia forum.
Well...I hope I'll see the light as soon as possible he, he, he...
Regards,
Michele Modolo
Ahh.... if you have the type-4 driver running under the z/OS shell, then it should work... (but maybe you aren't using the same JDBC driver??)
Can you dump your environment (with an ENV command) before running the java "EzJava" shell command and post it?
Also, can you post the portion of the EzJava program source that creates a JDBC connection?
For complete comparision, run Tomcat from the JZOS batch launcher with LOGLVL="+D" and post the output from //SYSOUT. This will include the complete environment.
If your problem is only with using the type-4 universal driver, you might look at the README file in db2home/jcc directory.
Can you dump your environment (with an ENV command) before running the java "EzJava" shell command and post it?
Also, can you post the portion of the EzJava program source that creates a JDBC connection?
For complete comparision, run Tomcat from the JZOS batch launcher with LOGLVL="+D" and post the output from //SYSOUT. This will include the complete environment.
If your problem is only with using the type-4 universal driver, you might look at the README file in db2home/jcc directory.
To have your Tomcat DataSource definition match the working URL in your command line example, you would need to add the following parameters:
The complete list of parameters for the Universal Driver DataSource is here:
http://publib.boulder.ibm.com/infocente ... vdsprp.htm
Code: Select all
<parameter>
<name>databaseName</name>
<value>D200</value>
</parameter>
<parameter>
<name>serverName</name>
<value>mvs00.mvsvi.debis.it</value>
</parameter>
<parameter>
<name>portNumber</name>
<value>5000</value>
</parameter>
<parameter>
<name>username</name>
<value>myusername...</value>
</parameter>
<parameter>
<name>password</name>
<value>mypassword...</value>
</parameter>
http://publib.boulder.ibm.com/infocente ... vdsprp.htm
Michele,
I've done some testing on this and have the following suggested changes:
1.) You will want to have db2jcc_license_cisuz.jar rather than db2jcc_license_c.jar in your CATALINA_HOME/common/lib directory. db2jcc_license_c.jar is for Cloudscape only. My earlier note to you on this was incorrect.
2.) You'll need to change your type and username parameters above to driverType and user respectively.
So, your ResourceParams should look like this:
This should work for you, given that you have the type 4 driver running outside of Tomcat.
I've done some testing on this and have the following suggested changes:
1.) You will want to have db2jcc_license_cisuz.jar rather than db2jcc_license_c.jar in your CATALINA_HOME/common/lib directory. db2jcc_license_c.jar is for Cloudscape only. My earlier note to you on this was incorrect.
2.) You'll need to change your type and username parameters above to driverType and user respectively.
So, your ResourceParams should look like this:
Code: Select all
<ResourceParams name="jdbc/mydb2">
<parameter>
<name>factory</name>
<value>com.ibm.db2.jcc.DB2DataSourceFactory</value>
</parameter>
<parameter>
<name>serverName</name>
<value>mvs00.mvsvi.debis.it</value>
</parameter>
<parameter>
<name>portNumber</name>
<value>5000</value>
</parameter>
<parameter>
<name>databaseName</name>
<value>D200</value>
</parameter>
<parameter>
<name>user</name>
<value>myusername...</value>
</parameter>
<parameter>
<name>password</name>
<value>mypassword...</value>
</parameter>
<parameter>
<name>driverType</name>
<value>4</value>
</parameter>
</ResourceParams>
-
Michele Modolo
- Posts: 10
- Joined: Fri Feb 10, 2006 6:04 am
Eventually it worked!!
Great Steve!,
JdbcTest finally worked as follows:
----------------------------------------------------
Testing JDBC...
**** JDBC Statement Created
**** JDBC Result Set Created
**** Number of SYSIBM.SYSTABLES = 2393
**** JDBC Statement Closed
**** JDBC Disconnect from DB2 for OS/390.
Test Successful!
-----------------------------------------------------
Thank you very much for your great help Steve!!
Now I'm looking forward to using Tomcat deeper...
Best regards,
Michele
JdbcTest finally worked as follows:
----------------------------------------------------
Testing JDBC...
**** JDBC Statement Created
**** JDBC Result Set Created
**** Number of SYSIBM.SYSTABLES = 2393
**** JDBC Statement Closed
**** JDBC Disconnect from DB2 for OS/390.
Test Successful!
-----------------------------------------------------
Thank you very much for your great help Steve!!
Now I'm looking forward to using Tomcat deeper...
Best regards,
Michele