RE: "General Security Error" obtaining AS400 object from AS400ConnectionPool -- JAVA400-L

After a little more research, I'm more sure the message is coming from a security exit program. See here for more explanation: http://publib.boulder.ibm.com/infocenter/iseries/v5r3/topic/ddm/rbae5exitpgms.htm#rbae5exitpgms from that document:

<quote>
If the exit program returns a RTNCODE value of '0', and the Application Requester system type is iSeries, then the message indicating the connection failure to the user will be SQ30060, 'User is not authorized to relational database ....'. In general, the response to a denial of access by the exit program is the DDM RDBATHRM reply message, which indicates that the user is not authorized to the relational database.
</quote>

With the native driver you should be getting that SQ30060 message. With the toolbox driver, you'll get something else.

If the exit program is really doing its job, there should be messages logged somewhere. Some of these security packages have their own log files. Some will put messages in the job log. If in the job log, it's going to be the QZDASOINIT (for secure, QZDASSINIT) job associated with the connection. With your pooling parameters, there could be up to 32 of these jobs connected to the one java app. I've had the best results finding the one I want by using WRKOBJLCK on the user's *USRPRF object. You can't use WRKUSRJOB as all these jobs run as QUSER.

-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-
bounces@xxxxxxxxxxxx] On Behalf Of Matt Pryor
Sent: Tuesday, November 12, 2013 11:23 AM
To: java400-l@xxxxxxxxxxxx
Subject: "General Security Error" obtaining AS400 object from
AS400ConnectionPool

Hi there,

Here is my code snippet:

String system = args[0];
String username = args[1];
String password = args[2];
int serviceType = Integer.parseInt (args[3]);
AS400ConnectionPool pool = new AS400ConnectionPool();
pool.setMaxConnections(32);
pool.setMaxLifetime(1000L*60L*30L);
try {
AS400 as400 = pool.getSecureConnection(system, username, password,
serviceType );
System.out.println("Connected to: "+as400.getSystemName());
} catch (ConnectionPoolException ex) {
ex.printStackTrace();
}

If I pass in QSECOFR with password in args 2 and 3, I get a connection. If
I pass in the user profile I'd like to run as (TLXDRIVER) I get "general
security error" ConnectionPoolException.

The user id and password are valid (tested this by changing them and got
the expected error messages).

This is only happening on one customer site, never been a problem before.
Can anyone point me in the right direction on what to suggest to the
customer? I wasn't aware that there was any particular permissions required
to allow a user profile to connect via the java toolkit and the IBM FAQs
don't really help much.

As an aside, if I run the jt400 driver in native mode (as TLXDRIVER) I get
a different error message ("Connection refused")

Many thanks
--
This is the Java Programming on and around the IBM i (JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.