Configuring component-managed EIS signon

You specify component-managed EIS signon during application development and configure it during application deployment.

About this task

When you create a Java™ EE application by using a Rational® or WebSphere® development environment, you are able to select either component-managed or container-managed EIS signon. Setting the authentication directive in the resource reference of your application deployment descriptor to Application configures your application for component-managed EIS signon. Similar steps would be used for other resources and other IDEs.

The following example explains how to verify or change this setting for an EJB Project in a Rational or WebSphere development environment:

Procedure

  1. Set the value of the element to Application.
    1. In the Java EE perspective, in the Project Explorer view, expand your EJB project in EJB Projects.
    2. Right-click Deployment Descriptor: your_EJB_project and select Open With > Deployment Descriptor Editor.
    3. In the EJB Deployment Descriptor view, click the References tab, expand the name of the EJB component used by your application, and select the resource reference for the EJB. When you select the resource reference for the EJB, fields on the right side of the EJB Deployment Descriptor view are displayed with values.
    4. Select Application, if it is not already selected, in the Authentication field. This field maps to the <res-auth> element.
    5. Close the EJB Deployment Descriptor Editor and click Yes to save your changes. The following code is added to the deployment descriptor of your EJB application: 
      
<res-auth>Application</res-auth>

    Typically, component-managed signon does not require further configuration because the security information is provided by the application in the IMSConnectionSpec object. However, if your application does not provide an IMSConnectionSpec object, or the user ID is not specified in the IMSConnectionSpec object that is provided, the IMS TM resource adapter will obtain default security values from the connection factory that is used by your application.

  2. If the application component does not provide a user ID, or the user ID provided is null or blanks, the default security values is used. The default value is specified in the connection factory and can be provided in two ways:
    • Specify a component-managed authentication alias.
      1. To use a component-managed authentication alias, you must define a JAAS authentication alias.
        1. In the Servers view, right-click the server and select Run administrative console.
        2. Expand Resources and select Resource Adapters.
        3. Click the resource adapter you want to modify.
        4. Under Additional Properties, click J2C Connection factories.
        5. Under Related Items, click J2C Authentication Data Entries.
        6. Above the list of aliases, click New.
        7. Enter an alias name, your user ID, password, and optional description. Select OK.
      2. Select the JAAS authentication alias for the component-managed authentication alias property of the J2C connection factory that is used by your application. You can select the JAAS authentication alias when you first create the connection factory, or later by editing the connection factory. To edit the connection factory:
        1. In the administrative console for the server, navigate to the connection factory that you want to modify by selecting Resource Adapters > server_name > J2C connection factories > connection_factory_name.
        2. In the Component-managed Authentication Alias drop-down list, select the JAAS authentication alias to be used for component-managed authentication by applications that use that connection factory.
        3. Select OK.
        The user ID and password that are associated with the component-managed authentication alias are used to set (or override if applicable) the default values in the custom properties of the associated connection factory during application server startup.
    • Define default values in the connection factory custom properties.
      • If you do not assign a valid JAAS authentication alias to the Component-managed Authentication Alias field of your J2C connection factory, you can assign values for the userName, password, and groupName fields on the Custom Properties page of your J2C connection factory.
      • To create a connection factory, use the IMSConnectionSpec API to specify connection properties. Using a component-managed authentication alias is preferred over specifying values in the custom properties of your J2C connection factory. The component-managed authentication alias provides greater security for the user ID and password because the user name and password values of a JAAS authentication alias are visible only to server administrators.

Results

The process for configuring component-managed signon in the test environment of an IDE and the process for configuring component-managed signon in a stand-aloneWebSphere Application Server are similar.