background image

Authentication Mechanisms

<< Configuring Resource Adapter Security | Mapping an Application Principal >>
<< Configuring Resource Adapter Security | Mapping an Application Principal >>

Authentication Mechanisms

You can find out more about the options for configuring resource adapter security by reviewing
as-install/lib/dtds/connector_1_0.dtd. You can configure the following elements in the
resource adapter deployment descriptor file:
Authentication mechanisms
Use the authentication-mechanism element to specify an authentication mechanism
supported by the resource adapter. This support is for the resource adapter and not for the
underlying EIS instance.
There are two supported mechanism types:
BasicPassword
: This mechanism supports the interface
javax.resource.spi.security.PasswordCredential
.
Kerbv5
: This mechanism supports the interface
javax.resource.spi.security.GenericCredential
. The Application Server does not
currently support this mechanism type.
Reauthentication support
Use the reauthentication-support element to specify whether the resource adapter
implementation supports re-authentication of existing Managed-Connection instances.
Options are true or false.
Security permissions
Use the security-permission element to specify a security permission that is required by
the resource adapter code. Support for security permissions is optional and is not supported
in the current release of the Application Server. You can, however, manually update the
server.policy
file to add the relevant permissions for the resource adapter, as described in
the Developing and Deploying Applications section of the Sun Java System Application
Server 9.1 Developer's Guide.
The security permissions listed in the deployment descriptor are ones that are different from
those required by the default permission set as specified in the connector specification.
Refer to the following URL for more information on Sun's implementation of the security
permission specification:
http://java.sun.com/
javase/6/docs/technotes/guides/security/PolicyFiles.html#FileSyntax
.
In addition to specifying resource adapter security in the ra.xml file, you can create a security
map for a connector connection pool to map an application principal or a user group to a back
end EIS principal. The security map is usually used in situations where one or more EIS back
end principals are used to execute operations (on the EIS) initiated by various principals or user
groups in the application. You can find out more about security maps in the Configuring
Security chapter section of the Sun Java System Application Server 9.1 Administration Guide.
Securing EIS Applications
The Java EE 5 Tutorial · September 2007
836