+

Search Tips   |   Advanced Search

J2C connection factories settings



Overview

To specify settings for a connection factory, go to either...


Settings

Scope

Scope of the resource adapter that connects applications to an enterprise information system through this connection factory. Only applications that are installed within this scope can use this connection factory.

Provider

Resource adapter that WAS uses for this connection factory.

Provider is displayed in this location only when creating a new connection factory. The list shows all of the existing resource adapters defined at the relevant scope. Select one from the list to use an existing resource adapter as Provider.

Create new provider

Provides the option of configuring a new resource adapter for the new connection factory.

Create New Provider is displayed only when creating, rather than edit, a connection factory.

Clicking Create New Provider triggers the console to display the resource adapter configuration page, where you create a new adapter. After you click OK to save the settings, you see the connection factory collection page. Click New to define a new connection factory for use with the new resource adapter; the console now displays a configuration page that lists the resource adapter as the new connection factory Provider.

Name

Name of this connection factory.

This is a required property.

Data type String

JNDI name

JNDI name of this connection factory.

For example...

eis/myECIConnection

After you set this value, save it and restart the server. We can see this string when you run the dumpNameSpace tool. This is a required property. If we do not specify a JNDI name, it is filled in by default using the Name field.

Data type String
Default eis/display name

Adhere to the following requirements for JNDI names:

  • Do not assign duplicate JNDI names across different resource types (such as data sources versus J2C connection factories or JMS connection factories).

  • Do not assign duplicate JNDI names for multiple resources of the same type in the same scope.

Description

Text description of this connection factory.

Data type String

Connection factory interface

Fully qualified name of the Connection Factory interfaces supported by the resource adapter.

Required.

For new objects, the list of available classes is provided by the resource adapter in a drop-down list. After you create the connection factory, the field is a read only text field.

Data type Drop-down list or text

Category

String that we can use to classify or group this connection factory.

Data type String

Component-managed authentication alias

Authentication data for component-managed signon to the resource.

Select an alias from the list.

To define a new alias not displayed in the list:

  • Click...

    Apply | [Related Items] J2EE Connector Architecture (J2C) authentication data entries | New

  • Define an alias.

  • Click OK.

    The console now displays an alias collection page. This page contains a table that lists all of the configured aliases. Before the table, this page also displays the name of the connection factory.

  • Click the name of the J2C connection factory. You now see the configuration page for the connection factory.

  • Select the new alias in the Component-managed authentication alias list.

  • Click Apply.

If we have defined security domains in the appserver, we can click Browse... to select an authentication alias for the resource that we are configuring. Security domains allow us to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that will be able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when we cannot use them.

Data type List

The alias that you configure for component-managed authentication does not apply to all clients that must access the secured resource. External Java clients with JNDI access can look up a J2C resource such as a data source or JMS queue. However, they are not permitted to take advantage of the component-managed authentication alias defined on the resource. This alias is the default value used when the getConnection() method does not specify any authentication data, like user and password, or a value for ConnectionSpec. If an external client needs to get a connection, it must assume responsibility for the authentication by passing it through arguments on the getConnection() call.

However, if clients such as servlets or enterprise beans run in processes within the same cell of the appserver, and the clients can look up a resource in the JNDI namespace, these clients can obtain connections without explicitly providing authentication data on the getConnection() call. In this case, if the component’s res-auth setting is Application, authentication is taken from the component-managed authentication alias that is defined on the connection factory. When you set res-auth to Container, authentication is taken from the login configuration that is defined on the component’s resource-reference. If the resource reference for the component does not define a login configuration, authentication will be taken from the Container-managed authentication alias that is defined on the connection factory.

Avoid trouble: The J2C authentication alias is per cell. An enterprise bean or servlet in one appserver cannot look up a resource in another server process that is in a different cell, because the alias would not be resolved.

Authentication alias for XA recovery

Authentication alias that should be used during XA recovery processing. If this alias name is changed after a server failure, the subsequent XA recovery processing will use the original setting that was in effect before the failure.

If the resource adapter does not support XA transactions, then this field will not be displayed. The default value will come from the selected alias for application authentication (if specified).

If we have defined security domains in the appserver, we can click Browse... to select an authentication alias for the resource that we are configuring. Security domains allow us to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that will be able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when we cannot use them.

Data type Drop-down list

Mapping-configuration alias

Authentication alias for the Java Authentication and Authorization Service (JAAS) mapping configuration used by this connection factory.

Click Security > Global security > Java Authentication and Authorization Service > Application logins, and select an alias from the table.

The DefaultPrincipalMapping JAAS configuration maps the authentication alias to the userid and password. You may define and use other mapping configurations.

Avoid trouble: Some mapping-configuration aliases do not use a container-managed authentication aliases, so you will not be able to select a container-managed authentication alias if one of those mapping-configuration aliases is selected.

Data type Pick-list

Container-managed authentication alias

Authentication data, which is a JAAS - J2C authentication data entry, for container-managed signon to the resource.

Select an alias from the list.

To define a new alias not displayed in the list:

  1. Click...

    Apply | [Under Related Items] | J2EE Connector Architecture (J2C) authentication data entries | New

  2. Define an alias.

  3. Click OK.

    The console now displays an alias collection page. This panel contains a table that lists all of the configured aliases. Before the table, this page also displays the name of the connection factory.

  4. Click the name of the J2C connection factory. You now see the configuration panel for the connection factory.

  5. Select the new alias in the container-managed authentication alias list.

  6. Click Apply.

If we have defined security domains in the appserver, we can click Browse... to select an authentication alias for the resource that we are configuring. Security domains allow us to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that will be able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when we cannot use them.

Data type Pick-list

Authentication preference (deprecated)

Authentication mechanisms defined for this connection factory.

Beginning with WAS V6.0, the authentication preference is superseded by the combination of the <res-auth> application component deployment descriptor setting and the spec of a login configuration on the resource-reference mapping at deployment time.

This setting specifies which of the authentication mechanisms defined for the corresponding resource adapter applies to this connection factory. Common values, depending on the capabilities of the resource adapter, are: KERBEROS, BASIC_PASSWORD, and None.

If None is chosen, the application component is expected to manage authentication (<res-auth>Application</res-auth>). In this case, the user ID and password are taken from one of the following:

For example, if two authentication mechanism entries are defined for a resource adapter in the ra.xml document:

  • <authentication-mechanism-type>BasicPassword</authentication-mechanism-type>

  • <authentication-mechanism-type>Kerbv5</authentication-mechanism-type>

the authentication preference specifies the mechanism to use for container-managed authentication. An exception is issued during server startup if a mechanism not supported by the resource adapter is selected.

Data type Pick-list
Default BASIC_PASSWORD





 

Related concepts


Relational resource adapters and JCA
JDBC providers

 

Related tasks


Set Java EE Connector connection factories in the admin console