Application token generation for trusted connections under the IBM Data Server Driver for JDBC and SQLJ
The IBM® Data Server Driver for JDBC and SQLJ provides client support for reducing auditing exceptions for configured trusted connections. This feature is available only for IBM Data Server Driver for JDBC and SQLJ type 4 connectivity to Db2 on Linux®, UNIX, and Windows systems.
To use application token generation, a JDBC application generates a token and sends it to the data server. A user-provided stored procedure at the data server validates the token. Application token generation is available with Db2 on Linux, UNIX, and Windows systems, Version 12.1 or later, and with the IBM Data Server Driver for JDBC and SQLJ, version 4.34 or later.
Before a JDBC application can use application token generation, the data server must be set up to
use trusted connections. See the following topics for information:
To register an application token, a JDBC application that uses trusted connections needs to take
one of these steps:
- Set the appTokenGenClassName property in a Properties instance, and implement the com.ibm.db2.jcc.DB2ApptokenGen
interface. The property value must include the package name for the class, followed by the class
name.Example: Setting the appTokenGenClassName property value in a Properties instance and implementing the com.ibm.db2.jcc.DB2ApptokenGen interface:
// Create a DB2ConnectionPoolDataSource instance com.ibm.db2.jcc.DB2ConnectionPoolDataSource dataSource = new com.ibm.db2.jcc.DB2ConnectionPoolDataSource(); // Set other properties using properties.put("property", "value"); // Supply the user ID and password for the connection java.util.Properties properties = new java.util.Properties(); // Create the custom implementation of App token generation by implementing // the com.ibm.db2.jcc.DB2AppTokenGen interface. // For property appTokenGenClassName, the class name must be // preceded by the package as shown below. properties.setProperty("appTokenGenClassName","com.ibm.db2.appToken.CustomDb2AppTokenGen"); Object[] objects = dataSource.getDB2TrustedPooledConnection("userid", "password", properties); - Obtain a connection using a DB2ConnectionPoolDataSource object, and set
the custom application token object in the DB2ConnectionPoolDataSource
object.Example: Setting the appTokenGen property value in a DB2ConnectionPoolDataSource object:
// Create a DB2ConnectionPoolDataSource instance com.ibm.db2.jcc.DB2ConnectionPoolDataSource dataSource = new com.ibm.db2.jcc.DB2ConnectionPoolDataSource(); // Set other properties using properties.put("property", "value"); // Supply the user ID and password for the connection // Create the custom implementation of the application token object // by implementing the com.ibm.db2.jcc.DB2AppTokenGen interface. com.ibm.db2.jcc.DB2AppTokenGen apptokengen = new CustomDb2AppTokenGen(); // Set the custom application token object in the dataSource object // using setAppTokenGen. dataSource.setAppTokenGen(apptokengen); // Call getDB2TrustedPooledConnection to get the trusted connection // instance and the cookie for the connection Object[] objects = dataSource.getDB2TrustedPooledConnection("userid", "password", properties);