background image

Securing EIS Applications

<< Using Programmatic Login | Configuring Resource Adapter Security >>
<< Using Programmatic Login | Configuring Resource Adapter Security >>

Securing EIS Applications

Securing EIS Applications
In EIS applications, components request a connection to an EIS resource. As part of this
connection, the EIS can require a sign-on for the requester to access the resource. The
application component provider has two choices for the design of the EIS sign-on:
In the container-managed sign-on approach, the application component lets the container
take the responsibility of configuring and managing the EIS sign-on. The container
determines the user name and password for establishing a connection to an EIS instance.
For more information, read
"Container-Managed Sign-On" on page 834
.
In the component-managed sign-on approach, the application component code manages
EIS sign-on by including code that performs the sign-on process to an EIS. For more
information, read
"Component-Managed Sign-On" on page 834
.
You can also configure security for resource adapters. Read
"Configuring Resource Adapter
Security" on page 835
for more information.
Container-Managed Sign-On
In container-managed sign-on, an application component does not have to pass any sign-on
security information to the getConnection() method. The security information is supplied by
the container, as shown in the following example.
// Business method in an application component
Context initctx = new InitialContext();
// Perform JNDI lookup to obtain a connection factory
javax.resource.cci.ConnectionFactory cxf =
(javax.resource.cci.ConnectionFactory)initctx.lookup(
"java:comp/env/eis/MainframeCxFactory");
// Invoke factory to obtain a connection. The security
// information is not passed in the getConnection method
javax.resource.cci.Connection cx = cxf.getConnection();
...
Component-Managed Sign-On
In component-managed sign-on, an application component is responsible for passing the
needed sign-on security information to the resource to the getConnection method. For
example, security information might be a user name and password, as shown here:
// Method in an application component
Context initctx = new InitialContext();
// Perform JNDI lookup to obtain a connection factory
Securing EIS Applications
The Java EE 5 Tutorial · September 2007
834