J2C connection factories settings

Use this page to specify settings for a connection factory.

You can access this administrative console page in one of two ways:
  • Resources > Resource Adapters > J2C connection factories > J2C_connection_factory
  • Resources > Resource Adapters > Resource adapters > resource_adapter > J2C connection factories > J2C_connection_factory

Scope

Specifies the scope of the resource adapter that connects applications to an enterprise information system (EIS) through this connection factory. Only applications that are installed within this scope can use this connection factory.

Provider

Specifies the resource adapter that WebSphere® Application Server uses for this connection factory.

Provider can be set only when you create a new connection factory. The list shows all of the existing resource adapters that are defined at the relevant scope. Select one from the list if you want to use an existing resource adapter as Provider.

Create new provider

Provides the option of configuring a new resource adapter for the new connection factory.

Create New Provider is displayed only when you create, rather than edit, a connection factory.

Clicking Create New Provider triggers the console to display the resource adapter configuration page, where you create a new adapter. After you click OK to save your settings, you see the connection factory collection page. Click New to define a new connection factory for use with the new resource adapter; the console now displays a configuration page that lists the resource adapter as the new connection factory Provider.

Name

Specifies the name of this connection factory.

This is a required property.

Information Value
Data type String

JNDI name

Specifies the JNDI name of this connection factory.

For example, the name could be eis/myECIConnection.

After you set this value, save it and restart the server. You can see this string when you run the dumpNameSpace tool. This is a required property. If you do not specify a JNDI name, it is completed by default using the Name field.

Information Value
Data type String
Default eis/display name
Important: Adhere to the following requirements for JNDI names:
  • Do not assign duplicate JNDI names across different resource types (such as data sources versus J2C connection factories or JMS connection factories).
  • Do not assign duplicate JNDI names for multiple resources of the same type in the same scope.

Description

Specifies a text description of this connection factory.

Information Value
Data type String

Connection factory interface

Specifies the fully qualified name of the Connection Factory Interfaces supported by the resource adapter.

This is a required property. For new objects, the list of available classes is provided by the resource adapter in a drop-down list. After you create the connection factory, the field is a read only text field.

Information Value
Data type Drop-down list or text

Category

Specifies a string that you can use to classify or group this connection factory.

Information Value
Data type String

Authentication alias for XA recovery

Specifies the authentication alias that is used during XA recovery processing. If this alias name is changed after a server failure, the subsequent XA recovery processing uses the original setting that was in effect before the failure.

Select an alias from the list.

To define a new alias that is not displayed in the list:
  1. Click Apply. Under Related Items, you now see a listing for Java™ Platform, Enterprise Edition (Java EE) Connector Architecture (J2C) authentication data entries.
  2. Click JAAS - J2C authentication data.
  3. Click New.
  4. Define an alias.
  5. Click OK and Save. The console now displays an alias collection page that lists all configured aliases. Before the table, this page also displays the name of your connection factory in the breadcrumb path.
  6. Click the name of your J2C connection factory to return to the configuration page for the connection factory that you are creating.
  7. Select the new alias in the container-managed authentication alias list.
  8. Click Apply.

If the resource adapter does not support XA transactions, this field is not displayed. The default value comes from the selected alias for application authentication, if specified.

If you have defined multiple security domains and multiple authentication aliases in the application server, you can click Browse... to select an authentication alias for the resource that you are configuring. Security domains allow you to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that is able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when you cannot use them.

The browse button is only accessible if at least one security domain is defined and assigned a scope that is applicable to the resource that is being edited. Additionally, that security domain must contain at least one JAAS J2C Authentication alias.

Information Value
Data type Drop-down list

Component-managed authentication alias

Specifies authentication data for component-managed signon to the resource.

Select an alias from the list.

To define a new alias that is not displayed in the list:
  1. Click Apply. Under Related Items, you now see a listing for Java Platform, Enterprise Edition (Java EE) Connector Architecture (J2C) authentication data entries.
  2. Click JAAS - J2C authentication data.
  3. Click New.
  4. Define an alias.
  5. Click OK and Save. The console now displays an alias collection page that lists all configured aliases. Before the table, this page also displays the name of your connection factory in the breadcrumb path.
  6. Click the name of your J2C connection factory to return to the configuration page for the connection factory that you are creating.
  7. Select the new alias in the container-managed authentication alias list.
  8. Click Apply.

If you have defined multiple security domains and multiple authentication aliases in the application server, you can click Browse... to select an authentication alias for the resource that you are configuring. Security domains allow you to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that is able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when you cannot use them.

The browse button is only accessible if at least one security domain is defined and assigned a scope that is applicable to the resource that is being edited. Additionally, that security domain must contain at least one JAAS J2C Authentication alias.

Information Value
Data type List

The alias that you configure for component-managed authentication does not apply to all clients that must access the secured resource. External Java clients with Java Naming and Directory Interface (JNDI) access can look up a Java 2 Connector (J2C) resource such as a data source or Java Message Service (JMS) queue. However, they are not permitted to take advantage of the component-managed authentication alias defined on the resource. This alias is the default value that is used when the getConnection() method does not specify any authentication data, like user and password, or a value for ConnectionSpec. If an external client needs a connection, it must assume responsibility for the authentication by passing it through arguments on the getConnection() call.

However, if clients such as servlets or enterprise beans run in processes within the same cell of the application server, and the clients can look up a resource in the JNDI namespace, these clients can obtain connections without explicitly providing authentication data on the getConnection() call. In this case, if the component res-auth setting is Application, authentication is taken from the component-managed authentication alias that is defined on the connection factory. When you set res-auth to Container, authentication is taken from the login configuration that is defined on the component resource-reference. If the resource reference for the component does not define a login configuration, authentication is taken from the Container-managed authentication alias that is defined on the connection factory.
Avoid trouble: The J2C authentication alias is per cell. An enterprise bean or servlet in one application server cannot look up a resource in another server process that is in a different cell, because the alias would not be resolved.

Mapping-configuration alias

Specifies the authentication alias for the Java Authentication and Authorization Service (JAAS) mapping configuration that is used by this connection factory.

The DefaultPrincipalMapping JAAS configuration maps the authentication alias to the user ID and password. You can define and use other mapping configurations.
Avoid trouble: Some mapping-configuration aliases do not use container-managed authentication aliases, so you cannot select a container-managed authentication alias if one of those mapping-configuration aliases is selected.
Information Value
Data type Pick-list

Container-managed authentication alias

Specifies authentication data, which is a JAAS - J2C authentication data entry, for container-managed signon to the resource. This setting can be disabled depending on the value that is selected for the Mapping-configuration alias setting.

Select an alias from the list.

To define a new alias that is not displayed in the list:
  1. Click Apply. Under Related Items, you now see a listing for Java Platform, Enterprise Edition (Java EE) Connector Architecture (J2C) authentication data entries.
  2. Click JAAS - J2C authentication data.
  3. Click New.
  4. Define an alias.
  5. Click OK and Save. The console now displays an alias collection page that lists all configured aliases and the name of your connection factory in the breadcrumb path.
  6. Click the name of your J2C connection factory to return to the configuration page for the connection factory that you are creating.
  7. Select the new alias in the container-managed authentication alias list.
  8. Click Apply.

If you have defined multiple security domains and multiple authentication aliases in the application server, you can click Browse... to select an authentication alias for the resource that you are configuring. Security domains allow you to isolate authentication aliases between servers. The tree view is useful in determining the security domain to which an alias belongs, and the tree view can help you determine the servers that are able to access each authentication alias. The tree view is tailored for each resource, so domains and aliases are hidden when you cannot use them.

The browse button is only accessible if at least one security domain is defined and assigned a scope that is applicable to the resource that is being edited. Additionally, that security domain must contain as least one JAAS J2C Authentication alias.

Information Value
Data type Pick-list

Authentication preference

Specifies the authentication mechanisms defined for this connection factory.

This setting specifies which of the authentication mechanisms defined for the corresponding resource adapter applies to this connection factory. Common values, depending on the capabilities of the resource adapter, are: KERBEROS, BASIC_PASSWORD, and None.

If None is chosen, the application component is expected to manage authentication (<res-auth>Application</res-auth>). In this case, the user ID and password are taken from one of the following:
  • The component-managed authentication alias
  • UserName, Password Custom Properties
  • Strings passed on the getConnection method
For example, if two authentication mechanism entries are defined for a resource adapter in the ra.xml document:
  • <authentication-mechanism-type>BasicPassword</authentication-mechanism-type>
  • <authentication-mechanism-type>Kerbv5</authentication-mechanism-type>
The authentication preference specifies the mechanism to use for container-managed authentication. An exception is issued during server startup if a mechanism that is not supported by the resource adapter is selected.
Information Value
Data type Pick-list
Default BASIC_PASSWORD