Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

resource manager sign-on

 
Charles O'Leary
Ranch Hand
Posts: 54
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm confused on resource manager sign-on.

The Bean Provider has two choices with respect to dealing with associating a principal with the
resource manager access:
• Allow the Deployer to set up principal mapping or resource manager sign-on information. In
this case, the enterprise bean code invokes a resource manager connection factory method that
has no security-related parameters.
• Sign on to the resource manager from the bean code. In this case, the enterprise bean invokes
the appropriate resource manager connection factory method that takes the sign-on information
as method parameters.

The Bean Provider uses the authenticationType annotation element or the res-auth deployment
descriptor element to indicate which of the two resource manager authentication approaches is
used.



In the next two examples, the same one line of example code is provided:

// Invoke factory to obtain a connection. The security
// principal is not given, and therefore
// it will be configured by the Deployer.
java.sql.Connection con = ds.getConnection();


Granted the context of the example is obtaining a JDBC Connection, I noticed that "authenticationType" is never mentioned in the given example(s).
Is the text "The Bean Provider uses the authenticationType annotation element or the res-auth deployment
descriptor element to indicate which of the two resource manager authentication approaches is
used." actually misplaced and/or would it convey the message better somewhere else possibly?



The res-auth element
indicates whether the enterprise bean code performs resource manager sign-on programmatically,
or whether the container signs on to the resource manager using the principal mapping information supplied
by the Deployer. The Bean Provider indicates the sign-on responsibility by setting the value of the
res-auth element to Application or Container. If the res-auth element is not specified,
Container sign-on is assumed.


How does the latter quote regarding container sign-on to the resource manager when res-auth is Container differ/related/same as both above (seemingly "Application?") cases where the former quote regarding bean invocation of the resource manager connection factory method? Essentially, does configuring principal equate to setting of the authenticationType? (I would imagine that principal has to be configured before setting of the authenticationType to Container, but one precedes the other and are both necessary?)
 
Charles O'Leary
Ranch Hand
Posts: 54
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ranchers, perhaps this is a better way of asking my initial question:

Isn't the Bean Provider ultimately in the driver's seat when determining resource manager sign-on? My interpretation is that regardless of what principal the deployer may have mapped, unless the Bean Provider "allows" the deployer mapping to be used, the deployer could potentially just be wasting the deployer's own time. Correct?
 
Charles O'Leary
Ranch Hand
Posts: 54
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'll attempt to answer my own question while hopefully explaining my difficulty in initially understanding this fully.

The (application assembler's or) deployer's ability to override and/or customize the enterprise bean's business logic, without the need to alter source code, gave me the initial impression that under very general conditions, the deployer's role was a more "senior" role, and/or the deployer's role was more important (particularly for the target operational environment).

The above could be true (I imagine). However just like in other areas, this is also an area where each role plays a vital part in the world of EJBs. (I do acknowledge that each of these roles may be ultimately fulfilled by a single person depending upon application needs.) Thus as previously quoted, it is correct:


The Bean Provider has two choices with respect to dealing with associating a principal with the
resource manager access:
...
The Bean Provider uses the authenticationType annotation element or the res-auth deployment
descriptor element to indicate which of the two resource manager authentication approaches is
used.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic