Configuring component-managed EIS signon

Component-managed EIS signon is specified during application development and configured during application deployment.

When you create a J2EE application using an IDE such as Rational® Application Developer, you are able to select either component-managed or container-managed EIS signon. Setting the Authentication directive in the resource reference of your application's deployment descriptor to Application configures your application for component-managed EIS signon. Similar steps would be used for other resources and other IDEs.

The following example explains how to verify or change this setting for an EJB Project in Rational Application Developer.
  1. Set the value of the element to Application.
    1. In the J2EE perspective, of Rational Application Developer's Project Explorer view, expand your EJB project in EJB Projects.
    2. Right-click Deployment Descriptor: <your_EJB_project> and select Open With > Deployment Descriptor Editor.
    3. In the EJB Deployment Descriptor view, click the References tab, expand the name of the EJB used by your application, and select the resource reference for the EJB. When you select the resource reference for the EJB, fields on the right side of the EJB Deployment Descriptor view will be displayed with values.
    4. Select Application, if it is not already selected, in the Authentication field, which maps to the <res-auth> element.
    5. When you close the EJB Deployment Descriptor Editor and click Yes to save your changes; the following code is added to the deployment descriptor of your EJB application:
      <res-auth>Application</res-auth>
  2. Typically, component-managed signon does not require further configuration because the security information is provided by the application in the IMSConnectionSpec object. However, if your application does not provide an IMSConnectionSpec object, or the user ID is not specified in the IMSConnectionSpec object that is provided, the IMS™ TM Resource Adapter will obtain default security values from the connection factory used by your application.
    The default security values used for component-managed EIS signon (the values that would be used if the application component did not provide a userID or the userID provided was null or blanks) are specified in the connection factory and can be provided in two ways:
    1. Specify a component-managed Authentication Alias.
      • To use a Component-managed Authentication Alias, you must define a JAAS authentication alias.
        1. In the Servers view, right-click the server and select Run administrative console.
        2. Expand Resources and select Resource Adapters.
        3. Click the resource adapter you want to modify.
        4. Under Additional Properties, click J2C Connection factories.
        5. Under Related Items, click J2C Authentication Data Entries.
        6. Above the list of aliases, click New.
        7. Enter an alias name, your user ID, password, and optional description. Select OK.
      • Select the JAAS authentication alias for the Component-managed Authentication Alias property of the J2C Connection Factory used by your application. You can do this when you first create the connection factory or later by editing the connection factory. To edit the connection factory:
        1. In the Administrative Console for the server, navigate to the connection factory that you wish to modify by selecting Resource Adapters > server_name > J2C connection factories > connection_factory_name.
        2. In the Component-managed Authentication Alias drop down list, select the JAAS authentication alias to be used for component-managed authentication by applications using that connection factory.
        3. Select OK.
        The user ID and password associated with the Component-managed Authentication Alias will be used to set (or override if applicable) the default values in the custom properties of the associated connection factory during application server startup.
    2. Define default values in the connection factory custom properties.
      • If you do not assign a valid JAAS authentication alias to the Component-managed Authentication Alias field of your J2C connection factory, you can assign values for the userName, password, and groupName fields on the Custom Properties page of your J2C connection factory.
      • For instructions on creating a connection factory, see Connection Properties. Using a Component-managed Authentication Alias is preferred over specifying values in the custom properties of your J2C connection factory because the Component-managed Authentication Alias provides greater security for the user ID and password (the user name and password values of a JAAS authentication alias are visible only to server administrators).

The process for configuring component-managed signon in the test environment of an IDE such as Rational Application Developer and the process for configuring component-managed signon in a standalone WebSphere® Application Server are similar.


Feedback