Configure authentication aliases for Liberty

We can configure an authentication data alias to use with a resource reference for authentication in Liberty.

To avoid having to code user IDs and passwords for data sources in the applications, we can configure the application server to use authentication data to provide the user IDs and passwords. For resources that use container authentication, we can configure authentication data and aliases in several ways, some of which include:

Create a unique authentication data element (authData) with the proper credentials and refer to it in your application bindings file.
Create a container default authentication element (containerAuthData) with the necessary credentials. We don't need to refer to the alias or the name of the authData element in your application bindings file.
Create a unique authentication data element (authData) with the proper credentials and make it the default container authentication for a data source by referring to it with containerAuthDataRef on the dataSource element.

Create an authData element enables each resource reference to a data source to use different authentication credentials. The containerAuthData element establishes default credentials for container authentication in the absence of an authentication alias in the bindings for a resource reference.

Note: Unlike WebSphere Application Server traditional, Liberty has no authentication alias principal mapping module support.

Configure authentication data and aliases with authData and a resource reference

Create an authentication data element (authData) with the proper credentials and refer to it in your application bindings file.

Add the following elements to the server configuration file, server.xml.
1. Add the wanted version of the JDBC feature to the feature manager element.
2. Add an authData element. If the authData element is a top-level configuration element, set the id attribute value to a unique authentication alias.
3. Add a data source element.
Configure the IBM deployment descriptor bindings file of the application, for example, the ibm-web-bnd.xml file. Use the authentication-alias element in the resource reference. The name attribute value must match the id attribute in server.xml.
Add a Resource annotation to the application to enable the application server to inject the resource reference or add the resource to the application deployment descriptor.

Configure authentication data and aliases with containerAuthData

Use a nested container default authentication data element without needing to reference an authData alias in your application bindings file.

Add the following elements to the server configuration file, server.xml.

Add the wanted version of the JDBC feature to the feature manager element.

Create a data source with a nested container authentication data element.

<dataSource id="myDS" jndiName="jdbc/mydbresource" >
  <containerAuthData user="myUserid" password="myPassword"></containerAuthData>
  ...
</dataSource>

Add a Resource annotation to the application to enable the application server to inject the resource reference or add the resource to the application deployment descriptor.

Configure authentication data and aliases with authData and containerAuthDataRef

Create an authData element with the proper credentials and make it the default container authentication for a data source by referring to it with containerAuthDataRef on the dataSource element.

Add the following elements to the server configuration file, server.xml.
1. Add the wanted version of the JDBC feature to the feature manager element.
2. Create a data source with a container authentication reference to an authData element.
Add a Resource annotation to the application to enable the application server to inject the resource reference or add the resource to the application deployment descriptor.