Security of lookups with component managed authentication:

Security of lookups with component managed authentication

External Java clients (stand alone clients or servers from other cells) with JNDI access can look up a Java 2 Connector (J2C) resource such as a data source or Java Message Service queue. However, they are not permitted to take advantage of the component managed authentication alias defined on the resource. This alias is a default value used when the user and password are not supplied on the getConnection call. Therefore, if an external client needs to get a connection, it must assume responsibility for the authentication data. It can either Passing user and password on the getConnection call, or it can Using the no-argument getConnection() call and define the alias with the corresponding user and password in a file on each system on which the client is expected to run.
Any client running in the WebSphere Application Server process (such as a Servlet or an enterprise bean) within the same cell that can look up a resource in the JNDI namespace can obtain connections without providing authentication data. It is important to note that J2C authentication alias is per cell. An enterprise bean or Servlet in one appserver cannot look up a resource in another server process which is in a different cell, because the alias would not be resolved.
Passing user and password on the getConnection call
Using the no-argument getConnection() call
Disabling lookup security

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.