Component-managed EIS signon is specified during application development
and configured during application deployment.
When you create a J2EE application using an IDE such as Rational® Application
Developer, you are able to select either component-managed or container-managed
EIS signon. Setting the Authentication directive in
the resource reference of your application's deployment descriptor to Application configures
your application for component-managed EIS signon. Similar steps would be
used for other resources and other IDEs.
The following example explains
how to verify or change this setting for an EJB Project in Rational Application
Developer.
- Set the value of the element to Application.
- In the J2EE perspective, of Rational Application Developer's Project
Explorer view, expand your EJB project in EJB
Projects.
- Right-click Deployment Descriptor: <your_EJB_project> and
select Open With > Deployment Descriptor Editor.
- In the EJB Deployment Descriptor view, click the References tab,
expand the name of the EJB used by your application, and select the resource
reference for the EJB. When you select the resource reference for the EJB,
fields on the right side of the EJB Deployment Descriptor view will be displayed
with values.
- Select Application, if it is not already selected, in the Authentication field,
which maps to the <res-auth> element.
- When you close the EJB Deployment Descriptor Editor and click Yes to
save your changes; the following code is added to the deployment descriptor
of your EJB application:
<res-auth>Application</res-auth>
- Typically, component-managed signon does not require
further configuration because the security information is provided by the
application in the IMSConnectionSpec object. However, if your application
does not provide an IMSConnectionSpec object, or the user ID is not specified
in the IMSConnectionSpec object that is provided, the IMS™ TM Resource Adapter will obtain default
security values from the connection factory used by your application.
The
default security values used for component-managed EIS signon (the values
that would be used if the application component did not provide a userID or
the userID provided was null or blanks) are specified in the connection factory
and can be provided in two ways:
- Specify a component-managed Authentication Alias.
- To use a Component-managed Authentication Alias, you must define a JAAS
authentication alias.
- In the Servers view, right-click the server and select Run
administrative console.
- Expand Resources and select Resource Adapters.
- Click the resource adapter you want to modify.
- Under Additional Properties, click J2C Connection factories.
- Under Related Items, click J2C Authentication Data Entries.
- Above the list of aliases, click New.
- Enter an alias name, your user ID, password, and optional description.
Select OK.
- Select the JAAS authentication alias for the Component-managed Authentication
Alias property of the J2C Connection Factory used by your application. You
can do this when you first create the connection factory or later by editing
the connection factory. To edit the connection factory:
- In the Administrative Console for the server, navigate to the connection
factory that you wish to modify by selecting Resource Adapters
> server_name > J2C connection factories > connection_factory_name.
- In the Component-managed Authentication Alias drop down list, select the
JAAS authentication alias to be used for component-managed authentication
by applications using that connection factory.
- Select OK.
The user ID and password associated with the Component-managed Authentication
Alias will be used to set (or override if applicable) the default values in
the custom properties of the associated connection factory during application
server startup.
- Define default values in the connection factory custom properties.
- If you do not assign a valid JAAS authentication alias to the Component-managed
Authentication Alias field of your J2C connection factory, you can assign
values for the userName, password, and groupName fields on the Custom Properties
page of your J2C connection factory.
- For instructions on creating a connection factory, see Connection
Properties. Using a Component-managed Authentication Alias is preferred
over specifying values in the custom properties of your J2C connection factory
because the Component-managed Authentication Alias provides greater security
for the user ID and password (the user name and password values of a JAAS
authentication alias are visible only to server administrators).
The process for configuring component-managed signon in the test
environment of an IDE such as Rational Application Developer and
the process for configuring component-managed signon in a standalone WebSphere® Application
Server are similar.