FreeKB - IBM WebSphere JDBC data source and J2C alias
IBM WebSphere - JDBC data source and J2C alias

Let's say there is a WebSphere data source that has a JNDI of jdbc/mySQL.

 

If the data source is configured with a J2C alias in WebSphere, the username and password defined in the J2C alias will be used when making a connection to the database.

  • Use Component-managed authentication alias if the application using the data source has "Application" as the res-auth policy in the Deployment Descriptor.
  • Use Container-managed authentication alias if the application using the data source has "Container" as the res-auth policy in the Deployment Descriptor.

If the Deployment Descriptor has not specified a res-auth policy, the default is "Application", which means you would only use Container-managed authentication alias when an application has specified "Container" as the res-auth policy.

When the data source is configured with a J2C alias, the "Test connection" button can be used in the WebSphere admin console. You must have the Administrator or Operator role to be able to test conection. If the connection is successful, the following message should be displayed.

 

If the data source is not configured with a J2C alias in WebSphere, the username and password used to connect to the data source could be defined in application code, like this.

string username = "foo";
string password = "bar";

 

Or, the username and password could be stored in a properties file.

Or, the application can be coded with markup to get the username and password from the J2C alias, somelike like this.

public PasswordCredential getAliasDetails(String aliasName) throws Exception
    {
        PasswordCredential result = null;
        try
        {
            Map map = new HashMap();
            map.put(com.ibm.wsspi.security.auth.callback.Constants.MAPPING_ALIAS, aliasName);
            CallbackHandler cbh = (WSMappingCallbackHandlerFactory.getInstance()).getCallbackHandler(map, null);
            LoginContext lc = new LoginContext("DefaultPrincipalMapping", cbh);
            lc.login();
            javax.security.auth.Subject subject = lc.getSubject();
            java.util.Set creds = subject.getPrivateCredentials();
            result = (PasswordCredential) creds.toArray()[0];
        }
        catch (Exception e)
        {
            log.info("Failed to load credentials for J2C alias: " + aliasName);
            log.error(" "+e);
            throw new RuntimeException("Unable to get credentials");
        }
        return result;
    }
}

 

When the data source is not configured with a J2C alias, the "Test connection" button cannot be used in the WebSphere admin console. Attempting to use the "Test connection" button will append something like this to the deployment manager SystemOut.log.

[mm/dd/yy hh:mm:ss:sss] 000007fb MBeanHelper   E   Could not invoke an operation on object: WebSphere:name=DataSourceCfgHelper,process=nodeagent,platform=dynamicproxy,node=Node01,version=8.5.5.17,type=DataSourceCfgHelper,mbeanIdentifier=DataSourceCfgHelper,cell=Cell01,spec=1.0 because of an mbean exception: java.sql.SQLException: [jcc][t4][10205][11234][3.72.44] Null userid is not supported. ERRORCODE=-4461, SQLSTATE=42815 DSRA0010E: SQL State = 42815, Error Code = -4,461


Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 1cab2 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |