Configuring component-managed EIS sign-on

In most cases, when you create a J2EE application using the wizards of Rational Application Developer, the default EIS sign-on is component-managed. The component-managed configuration setting is reflected by the <res-auth>Application</res-auth> directive of the resource reference used by your application.

The following steps explain how to verify or change this setting for a Dynamic Web Project.
  1. Set the <res-auth> directive to Application
    1. In the J2EE perspective, of the Project Explorer view, expand Dynamic Web Project > PhoneBookWeb.
    2. Right-click Deployment Descriptor: PhoneBookWeb and select Open With > Deployment Descriptor Editor.
    3. In the Web Deployment Descriptor view, click the References tab and select the J2C Connection factory reference for your Web application. For example, imsCFacRef.
    4. Select Application, if it is not already selected, in the Authentication field, which maps to the <res-auth> directive.
    5. When you close the Web Deployment Descriptor Editor and click Yes to save your changes; the following code is added to the deployment descriptor of your Web application:
      <res-auth>Application</res-auth>
  2. Typically, component-managed sign-on does not require further configuration because the security information is provided by the application in the IMSConnectionSpec object. However, if your application does not provide an IMSConnectionSpec object, or the user ID is not specified in the IMSConnectionSpec object that is provided, the IMS™ resource adapter will obtain default security values from the connection factory used by your application.
    The default security values for a connection factory can be provided in two ways:
    1. When you use a component-managed authentication alias.
      • To use a component-managed authentication alias, you must define a JAAS authentication alias.
        1. In the Servers view, right-click the server and select Run administrative console.
        2. Expand Resources and select Resource Adapters.
        3. Click the resource adapter you want to modify.
        4. Under Additional Properties, click J2C Connection factories.
        5. Under Related Items, click J2EE Connector Architecture (J2C) authentication data entries.
        6. Above the list of aliases, click New.
        7. Enter an alias name, your user ID, password, and optional description. Select OK.
      • Select the JAAS authentication alias for the Component-managed authentication alias property of the J2C Connection Factory used by your application. You can do this when you first create the connection factory or later by editing the connection factory. To edit the connection factory:
        1. In the Administrative Console for the server, navigate to the connection factory that you wish to modify by selecting Resource Adapters > server_name > J2C connection factories > connection_factory_name.
        2. In the Component-managed authentication alias drop down list, select the JAAS authentication alias to be used for component-managed authentication by applications using that connection factory.
        3. Select OK.
        The user ID and password associated with the component-managed authentication alias will be used to set (over override if applicable) the default values in the custom properties of the associated connection factory during application server startup.
    2. When you create a connection factory.
      • If you do not assign a valid JAAS authentication alias to the component-managed authentication alias field of your J2C connection factory, you can assign values for the userName, password, and groupName fields on the J2C options page of your J2C connection factory.
      • For instructions on creating a connection factory, see Connection Properties. Using a component-managed authentication alias is preferred over specifying values in the custom properties of your J2C connection factory because the component-managed authentication alias provides greater security for the user ID and password.

Note: The process for configuring component-managed sign-on in a standalone WebSphere® Application Server is the same as the process for a WebSphere Application Server in a unit test environment.

Related concepts
IMS resource adapter security
Component-managed EIS sign-on
Container-managed EIS sign-on
Overview of secure socket layer (SSL)
Related tasks
Configuring container-managed EIS sign-on
Using secure socket layer (SSL) support
Terms of use | Feedback
(C) Copyright IBM Corporation 2000, 2005. All Rights Reserved.