For TCP/IP, the application server passes the security information in the alias to the IMS™ TM Resource Adapter. The IMS TM Resource Adapter passes the security information to IMS Connect for authentication. IMS Connect authenticates the user and passes the security information for signon to IMS. If IMS Connect cannot authenticate the user, a security failure is returned to the IMS resource adapter which, in turn, passes an exception back to the application.
For Local Option, a deprecated z/OS-only feature in which both the server and WebSphere® Application Server are running in the same MVS™ image, the application server authenticates the user based on the security information defined in the container-managed alias. The application server creates and passes a UTOKEN representing the authenticated user to the IMS TM Resource Adapter. The IMS TM Resource Adapter then passes the UTOKEN to IMS Connect which in turn passes it on to IMS OTMA for use in signing on to IMS.
Alternatively, when using the deprecated Local Option communications, you can specify in the application server configuration that the user identity associated with the current thread of execution is to be used by the application server when performing user authentication. In this case, you do not specify a JAAS container-managed authentication alias in the J2C connection factory used by your application. This option is only available if you are using Local Option communications.
Note: When using container-managed signon, if your application does pass security information to the IMS TM Resource Adapter using the userName, password or groupName properties of IMSConnectionSpec, it is ignored. However, if you pass other information in the IMSConnectionSpec object, such as clientID used with commit mode 0 interactions, this information will be used by the IMS TM Resource Adapter.