Configuring authentication aliases for Liberty

You can configure an authentication data alias to use with a resource reference for authentication in Liberty.

About this task

To avoid having to code user IDs and passwords for data sources in your applications, you can configure the application server to use authentication data to provide the user IDs and passwords. For resources that use container authentication, you can configure authentication data and aliases in several ways, some of which include:

Create a unique authentication data element (authData) with the proper credentials and refer to it in your application bindings file.
Create a container default authentication element (containerAuthData) with the necessary credentials. You don't need to refer to the alias or the name of the authData element in your application bindings file.
Create a unique authentication data element (authData) with the proper credentials and make it the default container authentication for a data source by referring to it with containerAuthDataRef on the dataSource element.

Creating an authData element enables each resource reference to a data source to use different authentication credentials. The containerAuthData element establishes default credentials for container authentication in the absence of an authentication alias in the bindings for a resource reference.

Note: Unlike WebSphere® Application Server traditional, Liberty has no authentication alias principal mapping module support.

Configuring authentication data and aliases with authData and a resource reference

Create an authentication data element (authData) with the proper credentials and refer to it in your application bindings file.

Add the following elements to the server configuration file, server.xml.
1. Add the wanted version of the JDBC feature to the feature manager element.
```
<featureManager>
  <feature>jdbc-4.1</feature>
</featureManager>
```
2. Add an authData element. If the authData element is a top-level configuration element, you must set the id attribute value to a unique authentication alias.
```
<authData id="auth1" user="dbuser1" password="dbuser1pwd"/>
```
3. Add a data source element.
```
<dataSource jndiName="jdbc/mydbresource">
  ...
</dataSource>
```
Configure the IBM deployment descriptor bindings file of your application, for example, the ibm-web-bnd.xml file. Use the authentication-alias element in the resource reference. The name attribute value must match the id attribute in the server.xml file.
```
<resource-ref name="jdbc/mydbresource" binding-name="jdbc/mydbresource">
  <authentication-alias name="auth1"/>
</resource-ref>
```
Add a Resource annotation to your application to enable the application server to inject the resource reference or add the resource to your application deployment descriptor.
```
@Resource (lookup="jdbc/mydbresource")
DataSource mydbresource;
```

Configuring authentication data and aliases with containerAuthData

Use a nested container default authentication data element without needing to reference an authData alias in your application bindings file.

Add the following elements to the server configuration file, server.xml.

Add the wanted version of the JDBC feature to the feature manager element.
```
<featureManager>
  <feature>jdbc-4.1</feature>
</featureManager>
```

Create a data source with a nested container authentication data element.


<dataSource id="myDS" jndiName="jdbc/mydbresource" >
  <containerAuthData user="myUserid" password="myPassword"></containerAuthData>
  ...
</dataSource>

Add a Resource annotation to your application to enable the application server to inject the resource reference or add the resource to your application deployment descriptor.
```
@Resource (lookup="jdbc/mydbresource")
DataSource mydbresource;
```

Configuring authentication data and aliases with authData and containerAuthDataRef

Create an authData element with the proper credentials and make it the default container authentication for a data source by referring to it with containerAuthDataRef on the dataSource element.

Add the following elements to the server configuration file, server.xml.

Add the wanted version of the JDBC feature to the feature manager element.
```
<featureManager>
  <feature>jdbc-4.1</feature>
</featureManager>
```

Create a data source with a container authentication reference to an authData element.


<authData id="auth1" user="dbuser1" password="dbuser1pwd"/>
<dataSource id="myDS" jndiName="jdbc/mydbresource" containerAuthDataRef="auth1">
...
</dataSource>

Add a Resource annotation to your application to enable the application server to inject the resource reference or add the resource to your application deployment descriptor.
```
@Resource (lookup="jdbc/mydbresource")
DataSource mydbresource;
```