In the EIS tier, an application component requests a connection to an EIS resource. As part of this connection, the EIS may require a sign-on to the resource. The application component provider has two choices for the design of the EIS sign-on:
- With the container-managed sign-on approach, the application component lets the container take the responsibility of configuring and managing the EIS sign-on. The container determines the user name and password for establishing a connection to an EIS instance.
- With the component-managed sign-on approach, the application component code manages EIS sign-on by including code that performs the sign-on process to an EIS.
The component provider can use
deploytoolto choose the type of sign-on.
Use the following procedure in
deploytoolto configure the type of sign-on.
- Select the component.
- Select the Resource Refs tab.
- Click Add.
- In the Authentication combo box, select either Container for container-managed sign-on or Application for component-managed sign-on.
With container-managed sign-on, an application component does not have to pass any security information for signing on to the resource to the
getConnection()method. The security information is supplied by the container, as shown in the following example.// Business method in an application component Context initctx = new InitialContext(); // perform JNDI lookup to obtain a connection factory javax.resource.cci.ConnectionFactory cxf = (javax.resource.cci.ConnectionFactory)initctx.lookup( "java:comp/env/eis/MainframeCxFactory"); // Invoke factory to obtain a connection. The security // information is not passed in the getConnection method javax.resource.cci.Connection cx = cxf.getConnection(); ...
With component-managed sign-on, an application component is responsible for passing the security information that is needed for signing on to the resource to the
getConnection()method. Security information could be a user name and password, for example, as shown in the following example.// Method in an application component Context initctx = new InitialContext(); // perform JNDI lookup to obtain a connection factory javax.resource.cci.ConnectionFactory cxf = (javax.resource.cci.ConnectionFactory)initctx.lookup( "java:comp/env/eis/MainframeCxFactory"); // Invoke factory to obtain a connection com.myeis.ConnectionSpecImpl properties = //.. // get a new ConnectionSpec properties.setUserName("..."); properties.setPassword("..."); javax.resource.cci.Connection cx = cxf.getConnection(properties); ...
Configuring Resource Adapter Security
In addition to configuring the sign-on, you must also configure the resource adapter security. To add security to a resource adapter, complete the following steps:
- Select the resource adapter RAR (Resource Adapter Archive).
- Select the Security tab. In the Authentication Mechanisms pane, select the authentication mechanisms that this resource adapter supports:
- Password: A user and password is required to connect to an EIS.
- Kerberos Version 5.0: The resource adapter supports the Kerberos authentication mechanism. See RFC-1510, The Kerberos Network Authentication Service (V5), for details. This specification can be found at
- You can select no mechanism, one mechanism, or multiple mechanisms. If you do not select a mechanism, no security authentication will be supported.
Select Reauthentication Supported if the resource adapter supports performing reauthentication on an existing physical connection. Reauthentication will be performed when an application server calls the
getConnection()method with a security context that is different from the one that was used to establish the connection.
In the Security Permissions pane, click the Add button to add a security permission that your resource adapter needs to access system resources in your operational environment. Specify only permissions that are not included in the default set, which are listed in Table 2 of Section 11.2 in the J2EE Connector Architecture Specification 1.0. For each security permission, click the rightmost column labeled with a folded paper icon to enter a description for the permission.
To delete a security permission, select the permission in the table and click Delete.