IBM BPM, V8.0.1, All platforms > Authoring services in Integration Designer > Services and service-related functions > Access external services with adapters > Configure and using adapters > IBM WebSphere Adapters > FTP > Plan for adapter implementation
User authentication
The adapter supports several methods for supplying the user name and password that are needed to connect to the FTP server. By understanding the features and limitations of each method, you can pick a method that provides the appropriate level of security and convenience for your application.
To integrate an adapter into your application, you must provide the user name and password for the adapter to use at run time on IBM BPM or WebSphere Enterprise Service Bus to connect to FTP server to process outbound requests and inbound events.
At run time, the adapter needs to provide the user name and password to connect to the FTP server. To connect without user intervention, the adapter must access a saved copy of the user information. In a server environment, there are several methods for saving user information. You can configure the adapter to get your user information, through any of the following methods:
- Adapter properties
- Connection specification properties
- J2C authentication alias
Saving the user name and password in adapter properties is a direct way to provide this information at run time. You provide this user name and password when you use the external service wizard to configure your module. Although directly specifying the user name and password seems the most straightforward method, it has important limitations. Adapter properties are not encrypted; the password is stored as clear text in fields that are accessible to others on the server. Also, when the password changes, you must update the password in all instances of the adapter that access that FTP server. This includes the adapters embedded in application EAR files and adapters that are separately installed on the server.
Using a data source allows you to use a connection already established for another application.
For example, if multiple applications access the same database with the same user name and password, the applications can be deployed using the same data source. The user name and password can be known only to the first person who deploys an application to that data source or who defines a data source separately.
Using a J2C authentication data entry, or authentication alias, created with the Java™ Authentication and Authorization Service (JAAS) feature of Java EE security is a robust, secure way to deploy applications. An administrator creates the authentication alias that is used by one or more applications that need to access a system. The user name and password must be known only to that administrator, who can change the password in a single place, when a change is required.
For secure communication, certain SFTP servers allow the user to configure multiple modes of authentication for a single user. When use these servers, you can configure the users to authenticate to the SFTP server using both the password and the public-private key, simultaneously.
If both the Password (user name and password authentication) and the Private key (public key authentication) values are specified in the external service wizard, the adapter then tries to authenticate to the server using one or both the authentication modes, depending on the authentication mode specified on the SFTP server. If you have specified to use both the Password and Private key as the authentication mode on the SFTP server, then the adapter can access the server only if both the values are valid.
Plan for adapter implementation
Related tasks: