J2C connection factories settings
Use this page to specify settings for a connection factory.
We can access this administrative console page in one of two ways:
- Resources > Resource Adapters > J2C connection factories > J2C_connection_factory
- Resources > Resource Adapters > Resource adapters > resource_adapter > J2C connection factories > J2C_connection_factory
Scope
Scope of the resource adapter that connects applications to an enterprise information system (EIS) through this connection factory. Only applications that are installed within this scope can use this connection factory.
Provider
Resource adapter that WAS uses for this connection factory.
Provider can be set only when creating a new connection factory. The list shows all of the existing resource adapters defined at the relevant scope. Select one from the list to use an existing resource adapter as Provider.
Create new provider
Provides the option of configuring a new resource adapter for the new connection factory.
Create New Provider is displayed only when creating, rather than edit, a connection factory.Clicking Create New Provider triggers the console to display the resource adapter configuration page, where we create a new adapter. After you click OK to save the settings, you see the connection factory collection page. Click New to define a new connection factory for use with the new resource adapter; the console now displays a configuration page that lists the resource adapter as the new connection factory Provider.
Name
Name of this connection factory.
This is a required property.
Information Value Data type String
JNDI name
Specifies the JNDI name of this connection factory.
For example, the name could be eis/myECIConnection.
After setting this value, save it and restart the server. We can see this string when you run the dumpNameSpace tool. This is a required property. If we do not specify a JNDI name, it is completed by default using the Name field.
Information Value Data type String Default eis/display name Important: Adhere to the following requirements for JNDI names:
- Do not assign duplicate JNDI names across different resource types (such as data sources versus J2C connection factories or JMS connection factories).
- Do not assign duplicate JNDI names for multiple resources of the same type in the same scope.
Description
Specifies a text description of this connection factory.
Information Value Data type String
Connection factory interface
Fully qualified name of the Connection Factory Interfaces supported by the resource adapter.
This is a required property. For new objects, the list of available classes is provided by the resource adapter in a drop-down list. After we create the connection factory, the field is a read only text field.
Information Value Data type Drop-down list or text
Category
Specifies a string that we can use to classify or group this connection factory.
Information Value Data type String
Authentication alias for XA recovery
Authentication alias used during XA recovery processing. If this alias name is changed after a server failure, the subsequent XA recovery processing uses the original setting that was in effect before the failure.
Select an alias from the list.
To define a new alias that is not displayed in the list:
- Click Apply. Under Related Items, you now see a listing for Java EE Connector Architecture (J2C) authentication data entries.
- Click JAAS - J2C authentication data.
- Click New.
- Define an alias.
- Click OK and Save. The console now displays an alias collection page that lists all configured aliases. Above the table, this page also displays the name of your connection factory in the breadcrumb path.
- Click the name of the J2C connection factory to return to the configuration page for the connection factory that you are creating.
- Select the new alias in the container-managed authentication alias list.
- Click Apply.
If the resource adapter does not support XA transactions, this field is not displayed. The default value comes from the selected alias for application authentication, if specified.
If we have defined multiple security domains and multiple authentication aliases in the application server, we can click Browse... to select an authentication alias for the resource that you are configuring. Security domains allow you to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that is able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when we cannot use them.
The browse button is only accessible if at least one security domain is defined and assigned a scope that is applicable to the resource that is being edited. Additionally, that security domain must contain at least one JAAS J2C Authentication alias.
Information Value Data type Drop-down list
Component-managed authentication alias
Specifies authentication data for component-managed signon to the resource.
Select an alias from the list.
To define a new alias that is not displayed in the list:
- Click Apply. Under Related Items, you now see a listing for Java EE Connector Architecture (J2C) authentication data entries.
- Click JAAS - J2C authentication data.
- Click New.
- Define an alias.
- Click OK and Save. The console now displays an alias collection page that lists all configured aliases. Above the table, this page also displays the name of your connection factory in the breadcrumb path.
- Click the name of the J2C connection factory to return to the configuration page for the connection factory that you are creating.
- Select the new alias in the container-managed authentication alias list.
- Click Apply.
If we have defined multiple security domains and multiple authentication aliases in the application server, we can click Browse... to select an authentication alias for the resource that you are configuring. Security domains allow you to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that is able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when we cannot use them.
The browse button is only accessible if at least one security domain is defined and assigned a scope that is applicable to the resource that is being edited. Additionally, that security domain must contain at least one JAAS J2C Authentication alias.
Information Value Data type List The alias configured for component-managed authentication does not apply to all clients that must access the secured resource. External Java clients with JNDI access can look up a Java 2 Connector (J2C) resource such as a data source or Java Message Service (JMS) queue. However, they are not permitted to take advantage of the component-managed authentication alias defined on the resource. This alias is the default value used when the getConnection() method does not specify any authentication data, like user and password, or a value for ConnectionSpec. If an external client needs a connection, it must assume responsibility for the authentication by passing it through arguments on the getConnection() call.
However, if clients such as servlets or enterprise beans run in processes within the same cell of the application server, and the clients can look up a resource in the JNDI namespace, these clients can obtain connections without explicitly providing authentication data on the getConnection() call. In this case, if the component res-auth setting is Application, authentication is taken from the component-managed authentication alias defined on the connection factory. When you set res-auth to Container, authentication is taken from the login configuration defined on the component resource-reference. If the resource reference for the component does not define a login configuration, authentication is taken from the Container-managed authentication alias defined on the connection factory.
The J2C authentication alias is per cell. An enterprise bean or servlet in one application server cannot look up a resource in another server process that is in a different cell, because the alias would not be resolved.gotcha
Mapping-configuration alias
Authentication alias for the Java Authentication and Authorization Service (JAAS) mapping configuration used by this connection factory.
The DefaultPrincipalMapping JAAS configuration maps the authentication alias to the user ID and password. We can define and use other mapping configurations.
Avoid trouble: Some mapping-configuration aliases do not use container-managed authentication aliases, so we cannot select a container-managed authentication alias if one of those mapping-configuration aliases is selected.gotcha
Information Value Data type Pick-list
Container-managed authentication alias
Specifies authentication data, which is a JAAS - J2C authentication data entry, for container-managed signon to the resource. This setting can be disabled depending on the value that is selected for the Mapping-configuration alias setting.
Select an alias from the list.
To define a new alias that is not displayed in the list:
- Click Apply. Under Related Items, you now see a listing for Java EE Connector Architecture (J2C) authentication data entries.
- Click JAAS - J2C authentication data.
- Click New.
- Define an alias.
- Click OK and Save. The console now displays an alias collection page that lists all configured aliases. Above the table, this page also displays the name of your connection factory in the breadcrumb path.
- Click the name of the J2C connection factory to return to the configuration page for the connection factory that you are creating.
- Select the new alias in the container-managed authentication alias list.
- Click Apply.
If we have defined multiple security domains and multiple authentication aliases in the application server, we can click Browse... to select an authentication alias for the resource that you are configuring. Security domains allow you to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that are able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when we cannot use them.
The browse button is only accessible if at least one security domain is defined and assigned a scope that is applicable to the resource that is being edited. Additionally, that security domain must contain as least one JAAS J2C Authentication alias.
Information Value Data type Pick-list
Authentication preference
Authentication mechanisms defined for this connection factory.
This setting specifies which of the authentication mechanisms defined for the corresponding resource adapter applies to this connection factory. Common values, depending on the capabilities of the resource adapter, are: KERBEROS, BASIC_PASSWORD, and None.
If None is chosen, the application component is expected to manage authentication (<res-auth>Application</res-auth>). In this case, the user ID and password are taken from one of the following:
- The component-managed authentication alias
- UserName, Password Custom Properties
- Strings passed on the getConnection method
For example, if two authentication mechanism entries are defined for a resource adapter in the ra.xml document:
- <authentication-mechanism-type>BasicPassword</authentication-mechanism-type>
- <authentication-mechanism-type>Kerbv5</authentication-mechanism-type>
The authentication preference specifies the mechanism to use for container-managed authentication. An exception is issued during server startup if a mechanism that is not supported by the resource adapter is selected.
Information Value Data type Pick-list Default BASIC_PASSWORD
Related concepts
Relational resource adapters and JCA JDBC providers
Related tasks
Configure Java EE Connector connection factories in the administrative console