|
Problem(Abstract) |
IBM® WebSphere® Application Server V5 offers two choices
for authentication alias. These aliases provide the authentication
mechanism for access to J2C resources. This technote could help you decide
which one to use with your application. |
|
|
|
Resolving the
problem |
Application Server V5 offers the following two choices for
authentication alias:
- Container managed authentication defined as
res-auth=Container in the deployment descriptor
A user ID and password are specified once for the data source (or J2C
connection factory) that is configured on the application server. This
user ID and password is always used for that data source. If being limited
to a single user ID and password is undesirable, a custom Java™
Authentication and Authorization Service (JAAS) mapping module can be
used. More information on this is located in the WebSphere
Application Server V5.0 and 5.1 Information Centers. Search on
"Developing your own J2C principal mapping module".
- Component managed authentication defined as
res-auth=Application, or res-auth=Per Connection Factory in the deployment
descriptor
The user ID and password must be passed in as parameters when the
application calls getConnection( ). For convenience, WebSphere Application
Server provides a mechanism to set a default user ID and password to be
used if explicit user IDs and passwords are not specified. Nevertheless,
there are some issues with this, because the default user ID and password
are set on the underlying data source or ManagedConnectionFactory only the
first time it is looked up from Java Naming and Directory Interface
(JNDI). Depending on the underlying implementation, subsequent calls to
method getConnection (user ID, password) have been known to override this
default; some versions of IBM® DB2® behave this way. Also, the default
user ID and password are not stored and used for recovery. If the backend
requires a user ID and password for recovery, you might want to avoid
using res-auth=Application.
Selection Criteria
The main criteria for choosing one alias type over the other depends on
the application design. If the application uses only one user ID to access
the backend database, res-auth=Container makes sense. If the
application needs to use different user IDs depending on the situation,
then you must use res-auth=Application.
More information on the res-auth settings is located in the J2EE Connector
Architecture (JCA) specification (V5 data sources use the J2C/JCA
Connection Manager). WebSphere Application Server V5.0 and V5.1 support
JCA 1.0 and the specification details can be downloaded and viewed at http://java.sun.com/j2ee/connector/download.html
sections 8.4.1 and 8.4.2. |
|
|
|
|
Cross Reference information |
Segment |
Product |
Component |
Platform |
Version |
Edition |
Application Servers |
Runtimes for Java Technology |
Java SDK |
|
|
|
|
|
|