Update for MQ 9.4.0

CHANGES.md

@@ -1,6 +1,12 @@
 # Changelog
 Newest updates are at the top of this file
 
+## 3.3.1 (2024-06-20)
+- Update Spring dependencies
+- Update to MQ 9.4.0.0
+- Add "sslCertificateValPolicy" property
+- Add samples s4,s4a showing JTA/XA and configuration multiple connections
+
 ## 3.2.4 (2024-04-02)
 - Update Spring dependencies
 
@@ -14,8 +20,8 @@ Newest updates are at the top of this file
 
 ## 2.7.18 and 3.2.1 (2024-01-10)
 - Update Spring dependencies
-  NOTE: Spring Boot 2 has now reached its end of non-commercial service life. 
-  So this will be the last update based on Spring 2. Further updates will 
+  NOTE: Spring Boot 2 has now reached its end of non-commercial service life.
+  So this will be the last update based on Spring 2. Further updates will
   follow the Spring 3 path only.
 
 ## 2.7.17 and 3.1.5 (2023-10-20)
@@ -57,13 +63,13 @@ Newest updates are at the top of this file
 
 ## 2.7.6 and 3.0.0 (2022-11-24)
 - Update dependencies to Spring Boot 2.7.6/3.0.0
-- Add "ibm.mq.jks.*" attributes to set keystore/truststore 
+- Add "ibm.mq.jks.*" attributes to set keystore/truststore
   environment variables instead of using -D command line flags
 
 ## 2.7.5 and 0.3.0-RC1 (2022-10-20)
 - Update dependencies to Spring Boot 2.7.5/3.0.0-RC1
 - Add "ibm.mq.autoConfigure" property to permit disabling bean (#86)
-- Spring 3 no longer uses spring.factories for AutoConfiguration 
+- Spring 3 no longer uses spring.factories for AutoConfiguration
 
 ## 2.7.4 and 0.3.0-M5 (2022-09-23)
 - Update dependencies to Spring Boot 2.7.4/3.0.0-M5
@@ -82,13 +88,13 @@ Newest updates are at the top of this file
   but both names work
 
 ## 2.6.7 (2022-04-22)
-- Update dependencies to Spring Boot 2.6.7 
+- Update dependencies to Spring Boot 2.6.7
 
 ## 2.6.6.1 (2022-04-02)
-- Correct a dependency                        
+- Correct a dependency
 
 ## 2.6.6 (2022-04-01)
-- Update dependencies to Spring Boot 2.6.6 
+- Update dependencies to Spring Boot 2.6.6
 
 ## 2.6.5 (2022-03-25)
 - Update dependencies to Spring Boot 2.6.5

README.md

@@ -10,7 +10,7 @@ NOTE: Spring Boot 2 has now reached its end of non-commercial service life.
 So version 2.7.18 is the last update based on Spring 2. Further updates will
 follow the Spring 3 path only. If you want to continue to use Spring 2 with future versions of the MQ jars,
 then overriding the version inherited from the mq-jms-spring-boot in your parent pom.xml should be possible.
-However, this would not give easy access via configuration to any new features available in the MQ client. 
+However, this would not give easy access via configuration to any new features available in the MQ client.
 
 ## Installation and Usage
 
@@ -21,7 +21,7 @@ mechanism and has tasks that can push compiled jars to either a local repository
 Maven Central. When signing/authentication of modules is required, use the `gradle.properties.template` file as a
 starter for your own `gradle.properties`.
 
-Java 17 is required as the compiler level when building this package, as that is the baseline for Spring 3. 
+Java 17 is required as the compiler level when building this package, as that is the baseline for Spring 3.
 
 ### Spring Boot Applications
 
@@ -71,8 +71,8 @@ IBM MQ for Developers container which runs the server processes.
 The default options have been selected to match the
 [MQ container](https://github.com/ibm-messaging/mq-container) development configuration.
 
-This means that you can run a queue manager using that environment and connect to it without special 
-configuration. 
+This means that you can run a queue manager using that environment and connect to it without special
+configuration.
 
 This script will run the container on a Linux system.
 
@@ -201,6 +201,7 @@ We also have
 | --------------------------- | ------------------------------------------------------------------------------- |
 | ibm.mq.sslFIPSRequired      | Force FIPS-compliant algorithms to be used (default false)                      |
 | ibm.mq.sslKeyResetCount     | How many bytes to send before resetting the TLS keys                            |
+| ibm.mq.sslCertificateValPolicy | If "none", do not check the server certificate is trusted                    |
 
 and
 
@@ -211,7 +212,7 @@ and
 | ibm.mq.jks.keyStore             | Where is the keystore with a personal key and certificate                    |
 | ibm.mq.jks.keyStorePassword     | Password for the keyStore                                                    |
 
-These JKS options are an alternative to setting the `javax.net.ssl` system properties, usually done on the command line. 
+These JKS options are an alternative to setting the `javax.net.ssl` system properties, usually done on the command line.
 
 An alternative preferred approach for setting the key/truststores is available from Spring 3.1, which introduced the
 concept of "SSL Bundles". This makes it possible to have different SSL configurations - keystores, truststores etc - for

build.gradle

@@ -37,7 +37,7 @@ subprojects {
   apply plugin: 'signing'
 
   // This is the MQ client version
-  ext.mqVersion = '9.3.5.0'
+  ext.mqVersion = '9.4.0.0'
   ext.mqGroup = 'com.ibm.mq'
 
   // The groupid for the compiled jars when uploaded

jms3.properties

@@ -2,13 +2,13 @@
 ext {
   // Our shipped version - should usually match the Spring Boot Version but
   // there may be reasons to make it different 
-  mqStarterVersion = '3.2.4'
+  mqStarterVersion = '3.3.1'
 
   // Direct Dependencies - give versions here
-  springVersion = '6.1.5'
-  springBootVersion = '3.2.4'
+  springVersion = '6.1.10'
+  springBootVersion = '3.3.1'
 
-  pooledJmsVersion = '3.1.4'
+  pooledJmsVersion = '3.1.6'
   jUnitVersion = '4.13.2'
 
   // MQ client has a 'jakarta' name

mq-jms-spring-boot-starter/src/main/java/com/ibm/mq/spring/boot/MQConfigurationProperties.java

@@ -211,6 +211,13 @@ public MQConfigurationProperties() {
    * The reset count of the SSL key.
    */
   private int sslKeyResetCount = -1;
+
+  /**
+   * Certificate Validation Policy. When "NONE", this allows connection 
+   * without checking if the server's cert is known/trusted. The mqclient.ini
+   * file is spelled this way: "CertificateValPolicy" in the SSL stanza. 
+   */
+  private String sslCertificateValPolicy = "";
 
   /**
    * The key to the SSL Bundle attributes available from Spring Boot 3.1
@@ -448,6 +455,22 @@ public void setSslFIPSRequired(boolean sslFIPSRequired) {
     this.sslFIPSRequired = sslFIPSRequired;
   }
 
+  public String getSslCertificateValPolicy() {
+    return this.sslCertificateValPolicy;
+  }
+
+  public void setSslCertificateValPolicy(String sslCertificateValPolicy) {
+    this.sslCertificateValPolicy = sslCertificateValPolicy;
+  }
+
+  public boolean isSslCertificateValidationNone() {
+    boolean rc = false;
+    if (this.sslCertificateValPolicy != null && this.sslCertificateValPolicy.equalsIgnoreCase("none")) {
+      rc = true;
+    }
+    return rc;
+  }
+
   public int getSslKeyResetCount() {
     return sslKeyResetCount;
   }
@@ -651,6 +674,7 @@ public void traceProperties() {
     logger.trace("sslCipherSuite  : {}", getSslCipherSuite());
     logger.trace("sslKeyresetcount: {}", getSslKeyResetCount());
     logger.trace("sslPeerName     : {}", getSslPeerName());
+
     logger.trace("sslBundle       : {}", getSslBundle());
 
     logger.trace("tempModel       : {}", getTempModel());
@@ -665,6 +689,7 @@ public void traceProperties() {
     logger.trace("token set       : {}", (getToken() != null && getToken().length() > 0) ? "YES" : "NO");
 
     logger.trace("sslFIPSRequired        : {}", isSslFIPSRequired());
+    logger.trace("sslCertValPolicy       : \'{}\'", getSslCertificateValPolicy());
     logger.trace("useIBMCipherMappings   : {}", isUseIBMCipherMappings());
     logger.trace("userAuthenticationMQCSP: {}", isUseAuthenticationMQCSP());
     logger.trace("outboundSNI            : \'{}\'", getOutboundSNI());
@@ -677,12 +702,17 @@ public void traceProperties() {
     logger.trace("jndiCF          : {}", getJndi().getProviderContextFactory());
     logger.trace("jndiProviderUrl : {}", getJndi().getProviderUrl());
 
-    String pw = getJks().getKeyStorePassword();
-    logger.trace("JKS keystore           : {}", getJks().getKeyStore());
-    logger.trace("JKS keystore pw set    : {}", (pw != null && pw.length() > 0) ? "YES" : "NO");
-    pw = getJks().getTrustStorePassword();
-    logger.trace("JKS truststore         : {}", getJks().getTrustStore());
-    logger.trace("JKS truststore pw set  : {}", (pw != null && pw.length() > 0) ? "YES" : "NO");
+    if (U.isNullOrEmpty(getSslBundle())) {
+      String pw = getJks().getKeyStorePassword();
+      logger.trace("JKS keystore           : {}", getJks().getKeyStore());
+      logger.trace("JKS keystore pw set    : {}", (pw != null && pw.length() > 0) ? "YES" : "NO");
+      pw = getJks().getTrustStorePassword();
+      logger.trace("JKS truststore         : {}", getJks().getTrustStore());
+      logger.trace("JKS truststore pw set  : {}", (pw != null && pw.length() > 0) ? "YES" : "NO");
+    }
+    else {
+      logger.trace("JKS key/truststore overridden by sslBundle");
+    }
 
     if (additionalProperties.size() > 0) {
       for (String s : additionalProperties.keySet()) {