javaauthenticationibm-midrangejt400

Connection with TN5250j works while IBMi access v1r1 (and JT400 library) does not

Few days ago my correctly working java application stated to throw "General security error" while connecting to AS400. I use JT400 library for connect. After some debugging I also find out I cannot connect with IBMi access v1r1 (5250 emulator from IBM). System i Navigator also does not work. This is print screen from login (errors are same for java application): enter image description here

But connecting with TN5250J emulator works! I guess problem is with "Not authorized to object /QSYS.LIB/EN_US.LOCALE". I tried connecting with two users. One is my programming user and it works normally when connected through TN5250J. Other one is database access user that I cannot check because it has disabled access through terminal. Using same application on different system (V5R4) works correctly. Looking into job log I found nothing.

Why is /QSYS.LIB/EN_US.LOCALE accessed during signon (and it is not accessed from TN5250J)? What could affect signon process so that it no longer works with IBM emulator/library while it still works with TN5250J? Are there some connection properties in JT400 library that could affect what happens during signon so I could connect like with TN5250J?

Also please someone create tag TN5250J. I think it should be here and I have no reputation to create it!

Solution

  • Solution in article suggested by JamesA works. Our admin did it and I have my access back. But our admin has no idea how issue was created in the first place.
    Solution from article:

    1. Execute the Work with Object Links command (WRKLNK) to view the Root (/) directory of the AS/400 IFS. WRKLNK OBJ('/')
    2. In front of the AS/400 IFS directory object (specified by a single '/'), enter a '9' to work with the Root (/) object's authority.
    3. If *PUBLIC authority is equal to *EXCLUDE, place a '2' in front of the *PUBLIC entry, press enter and add the following authorities for the *PUBLIC user: Under the New Data Authorities parameter (DTAAUT), enter *RWX so that the user has read, write, and execute in the Root (/) directory. Under the New Object Authorities parameter (OBJAUT), enter the following authorities: *OBJMGT: Object management authority *OBJEXIST: Object existence authority *OBJALTER: Object alter authority *OBJREF: Object reference authority
    4. Press Enter and save your changes.

    TN5250J worked because error does not happen during login (for example through green screen) but instead it happens during initialization - when you start IBMi Access and GUI window will sometimes prompt for login. Since TN5250j does not do this it works. In IBMi Access when in first prompt I specify user with *ALLOBJ authority I can then login through green screen normally with my normal user. JT400 library probably just combines logic for initialization and login!