I'm confused on resource manager sign-on.
The Bean Provider has two choices with respect to dealing with associating a principal with the
resource manager access:
• Allow the Deployer to set up principal mapping or resource manager sign-on information. In
this case, the enterprise bean code invokes a resource manager connection factory method that
has no security-related parameters.
• Sign on to the resource manager from the bean code. In this case, the enterprise bean invokes
the appropriate resource manager connection factory method that takes the sign-on information
as method parameters.
The Bean Provider uses the authenticationType annotation element or the res-auth deployment
descriptor element to indicate which of the two resource manager authentication approaches is
used.
In the next two examples, the same one line of example code is provided:
// Invoke factory to obtain a connection. The security
// principal is not given, and therefore
// it will be configured by the Deployer.
java.sql.Connection con = ds.getConnection();
Granted the context of the example is obtaining a
JDBC Connection, I noticed that "authenticationType" is never mentioned in the given example(s).
Is the text "The Bean Provider uses the authenticationType annotation element or the res-auth deployment
descriptor element to indicate which of the two resource manager authentication approaches is
used." actually misplaced and/or would it convey the message better somewhere else possibly?
The res-auth element
indicates whether the enterprise bean code performs resource manager sign-on programmatically,
or whether the container signs on to the resource manager using the principal mapping information supplied
by the Deployer. The Bean Provider indicates the sign-on responsibility by setting the value of the
res-auth element to Application or Container. If the res-auth element is not specified,
Container sign-on is assumed.
How does the latter quote regarding container sign-on to the resource manager when res-auth is Container differ/related/same as both above (seemingly "Application?") cases where the former quote regarding bean invocation of the resource manager connection factory method? Essentially, does configuring principal equate to setting of the authenticationType? (I would imagine that principal has to be configured before setting of the authenticationType to Container, but one precedes the other and are both necessary?)