Lookup security with component managed authentication

External Java clients (stand alone clients or servers from other cells) with Java Naming and Directory Interface (JNDI) access can look up a Java 2 Connector (J2C) resource such as a data source or Java Message Service (JMS) queue. However, they are not permitted to take advantage of the component managed authentication alias defined on the resource. This alias is a default value used when the user and password are not supplied on the getConnection call. Therefore, if an external client needs to get a connection, it must assume responsibility for the authentication data. It can either pass user and password on the getConnection call, or it can use the no-argument getConnection() call and define the alias with the corresponding user and password in a file on each system where the client is expected to run.

Any client that runs in a WAS process, such as a servlet or an enterprise bean, can look up a resource in the JNDI namespace and obtain connections without providing authentication data as long as they are within the same cell. Note that J2C authentication alias is per cell. An enterprise bean or servlet in one application server cannot look up a resource in another server process that is in a different cell, because the alias would not be resolved.

See the following topics for detailed information on managing lookup security:

Pass user and password on the getConnection call
This topic explains the necessary prerequisites before the user and and password can be passed on the getConnection call.

Use the no-argument getConnection call
This topic provides instructions on how to bypass the getConnection call using a remote client text file, if the client runs outside the WAS process and does not pass the user and password on the getConnection call.

Disable lookup security
Although it is not recommended, it is possible to turn off the secure mode for a particular data source or connection factory.