RE: "General Security Error" obtaining AS400 object from AS400ConnectionPool -- JAVA400-L

First, I've never used AS400ConnectionPool the way you're using it. I've always considered connection pools to be a JNDI effect and only used AS400ConnectionPool in that context, like this in Tomcat app configuration xml file context:
<Resource auth="Application" description="" name="jdbc/rjsworkflow" scope="Unshareable" type="javax.sql.DataSource"
driverClassName="com.ibm.as400.access.AS400JDBCDriver"
url="jdbc:as400://10.8.1.54/rjsflow ;user=DKIMMEL;password=xxxx;date format=iso;time format=iso;prompt=no;driver=toolbox;naming=sql; prefetch=true;block size=512;"
initialSize="5"
maxIdle="5"
maxActive="5"
maxWait="-1"
removeAbandoned="true"
logAbandoned="true"
removeAbandonedTimeout="60"
/>

Tomcat connection pool implementation then gets the specific connection pool class from the driver class, as it's supposed to since all this JDBC stuff is intended to be very abstract to avoid implementation dependencies. Then to get the connection:

private static DataSource ds = (DataSource)ctx.lookup("jdbc/rjsworkflow");
private Connection con=null;
private void checkCon() throws Exception{
if (con==null){
con=ds.getConnection();
con.setAutoCommit(true);
}
}

Notice that the only time the userid and password are referenced is in the jdbc url connection string.

The only time I've had unexpected results with this setup is one customer who had StandGuard installed on their machine. StandGuard puts exit programs on the database server exit points that can be used to block or allow specific users or groups of users. I imagine there are other IBMi security packages that do the same thing. Open up the StandGuard user restrictions and away you go.

-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-
bounces@xxxxxxxxxxxx] On Behalf Of Matt Pryor
Sent: Tuesday, November 12, 2013 11:23 AM
To: java400-l@xxxxxxxxxxxx
Subject: "General Security Error" obtaining AS400 object from
AS400ConnectionPool

Hi there,

Here is my code snippet:

String system = args[0];
String username = args[1];
String password = args[2];
int serviceType = Integer.parseInt (args[3]);
AS400ConnectionPool pool = new AS400ConnectionPool();
pool.setMaxConnections(32);
pool.setMaxLifetime(1000L*60L*30L);
try {
AS400 as400 = pool.getSecureConnection(system, username, password,
serviceType );
System.out.println("Connected to: "+as400.getSystemName());
} catch (ConnectionPoolException ex) {
ex.printStackTrace();
}

If I pass in QSECOFR with password in args 2 and 3, I get a connection. If
I pass in the user profile I'd like to run as (TLXDRIVER) I get "general
security error" ConnectionPoolException.

The user id and password are valid (tested this by changing them and got
the expected error messages).

This is only happening on one customer site, never been a problem before.
Can anyone point me in the right direction on what to suggest to the
customer? I wasn't aware that there was any particular permissions required
to allow a user profile to connect via the java toolkit and the IBM FAQs
don't really help much.

As an aside, if I run the jt400 driver in native mode (as TLXDRIVER) I get
a different error message ("Connection refused")

Many thanks
--
This is the Java Programming on and around the IBM i (JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.