Choosing an authentication alias type for Java™ 2 Connector Architecture (J2C) resource connection factory
 Technote (troubleshooting)
 
Problem(Abstract)
IBM® WebSphere® Application Server V5 offers two choices for authentication alias. These aliases provide the authentication mechanism for access to J2C resources. This technote could help you decide which one to use with your application.
 
Resolving the problem
Application Server V5 offers the following two choices for authentication alias:
  • Container managed authentication defined as res-auth=Container in the deployment descriptor

    A user ID and password are specified once for the data source (or J2C connection factory) that is configured on the application server. This user ID and password is always used for that data source. If being limited to a single user ID and password is undesirable, a custom Java™ Authentication and Authorization Service (JAAS) mapping module can be used. More information on this is located in the WebSphere Application Server V5.0 and 5.1 Information Centers. Search on "Developing your own J2C principal mapping module".
  • Component managed authentication defined as res-auth=Application, or res-auth=Per Connection Factory in the deployment descriptor

    The user ID and password must be passed in as parameters when the application calls getConnection( ). For convenience, WebSphere Application Server provides a mechanism to set a default user ID and password to be used if explicit user IDs and passwords are not specified. Nevertheless, there are some issues with this, because the default user ID and password are set on the underlying data source or ManagedConnectionFactory only the first time it is looked up from Java Naming and Directory Interface (JNDI). Depending on the underlying implementation, subsequent calls to method getConnection (user ID, password) have been known to override this default; some versions of IBM® DB2® behave this way. Also, the default user ID and password are not stored and used for recovery. If the backend requires a user ID and password for recovery, you might want to avoid using res-auth=Application.

Selection Criteria
The main criteria for choosing one alias type over the other depends on the application design. If the application uses only one user ID to access the backend database, res-auth=Container makes sense. If the application needs to use different user IDs depending on the situation, then you must use res-auth=Application.

More information on the res-auth settings is located in the J2EE Connector Architecture (JCA) specification (V5 data sources use the J2C/JCA Connection Manager). WebSphere Application Server V5.0 and V5.1 support JCA 1.0 and the specification details can be downloaded and viewed at http://java.sun.com/j2ee/connector/download.html sections 8.4.1 and 8.4.2.
 
 
Cross Reference information
Segment Product Component Platform Version Edition
Application Servers Runtimes for Java Technology Java SDK
 
 


Document Information


Product categories: Software > Application Servers > Distributed Application & Web Servers > WebSphere Application Server > Java 2 Connectivity (J2C)
Operating system(s): Windows
Software version: 5.1.1.3
Software edition:
Reference #: 1154924
IBM Group: Software Group
Modified date: Mar 8, 2005