Configuring JAAS for database authentication
You can use Java™ Authentication and Authorization Service (JAAS) for database authentication.
About this task
You can use a JAAS login context entry to specify a custom login module to use for setting the username and password to authenticate to a database.
Procedure
-
Add the
appSecurity-2.0
,jdbc-4.0
, andjca-1.6
features in the server.xml file. You can also addappSecurity-2.0
,jdbc-4.1
, andjca-1.7
. For example:<featureManager> <feature>appSecurity-2.0</feature> <feature>jdbc-4.0</feature> <feature>jca-1.6</feature> </featureManager>
Stabilized feature: Thejca-1.6
feature is stabilized. You can continue to use thejca-1.6
feature. However, consider using a later JCA feature. -
Configure a
jaasLoginContextEntry
element in the server.xml file with the login module to use. For example:<jaasLoginContextEntry id="myJAASLoginEntry" name="myJAASLoginEntry" loginModuleRef="myLoginModule" /> <jaasLoginModule id="myLoginModule" className="my.package.MyLoginModule" controlFlag="REQUIRED" libraryRef="customLoginLib"/> <library id="customLoginLib"> <fileset dir="${server.config.dir}" includes="MyLoginModule.jar"/> </library>
-
Configure the
dataSource
elementjaasLoginContextEntryRef
attribute with the ID of thejaasLoginContextEntry
element that you configured in step , as shown in the following example.<dataSource id="ds1" jndiName="jdbc/ds1" jdbcDriverRef="DB2" jaasLoginContextEntryRef="myJAASLoginEntry" .../>
However, this
jaasLoginContextEntryRef
value is used by the configuration only if the data source is identified in the EAR application.xml file or WAR web.xml file by using ares-ref
JNDI reference that specifies ares-auth
value ofContainer
. Otherwise, thejaasLoginContextEntryRef
value is ignored.The following example demonstrates the application.xml or web.xml configuration that is required when you specify a custom login module by defining ajaasLoginContextEntryRef
value in thesever.xml
file.<resource-ref> <res-ref-name>java:app/jdbc/ds1</res-ref-name> <res-type>javax.sql.DataSource</res-type> <res-auth>Container</res-auth> </resource-ref>
-
As an alternative to step 3, you can configure a
custom-login-configuration
element in the deployment descriptor ibm-web-bnd.xml file of your application. The name attribute must match theid
attribute forjaasLoginContextEntry
that is defined in the server.xml file. For example:<resource-ref name="jdbc/ds1ref" binding-name="jdbc/ds1"> <custom-login-configuration name="myJAASLoginEntry"> <property name="property1" value="value1"/> </custom-login-configuration> </resource-ref>