JAAS on the client  Samples and debugging

Chapter 11: Using the JAAS API

JAAS for connectors

The J2EE connector architecture enables you to write portable Java applications that can access multiple transactional enterprise information systems. A resource adapter is a specialized connection factory that provides connections for: EJBs, Java servlets, JSPs, and CORBA-Java components.

Each resource adapter has a set of managed connection factories with their own property files. The Java Connection Manager (JCM) classes create the connection factories and manage a pool of connections for a resource adapter. You can use JAAS to authenticate a resource adapter, resource principal, or the application component’s caller principal when accessing enterprise information systems.

See “Configuring connectors” in the EAServer System Administration Guide for more information about connectors.

Container-managed authentication

EAServer is responsible for connector security when a component accessing enterprise information systems requests container-managed authentication. In this case, “container-managed” means “EAServer-managed.”

To enable container-managed authentication from EAServer Manager:

  1. Highlight the Component folder.

  2. Highlight the component for which you are establishing container-managed authentication.

  3. Select File | properties.

  4. Select the Advanced tab.

  5. Set the deployment property of the component to container managed:

    res-auth=Container
    

    Container is the default setting.

    If res-auth=Application, a null subject is passed to the connector and connection security is handled by the application.

Basic password authentication

EAServer 4.0 supports basic password authentication. For connectors, this means establishing a user name and password for the resource adapter’s managed connection factory (MCF). To set basic password authentication from the Advanced tab, click com.sybase.jaguar.connector.auth-mechanism and set auth-mech-type to “basic-password.”

To establish a user name and password for the resource adapter’s MCF from EAServer Manager:

  1. Select the Connectors folder.

  2. Select the connector for which you are setting a user name and password authentication.

  3. Select the MCF for which you are enabling authentication.

  4. Select File | Managed Connection Factory Properties.

  5. Select the Security Properties tab and enter the user name and password for the MCF.

If you do not supply a user name and password in the resource adapter’s MCF, they are obtained from the CallerPrincipal (the user name and password that are retrieved from the calling component).

Enabling JAAS-based authentication for connectors

To use JAAS for authentication, you must enable JAAS on the EAServer where the resource adapter is located. See “JAAS in EAServer”.

An entry in the login configuration file is identified by the name of the resource adapter for which JAAS is used. If container-managed authentication is set, any component that tries to obtain a connection from resource adapter’s connection factory is authenticated by the login module defined by the configuration file entry.





Copyright © 2005. Sybase Inc. All rights reserved. Samples and debugging