Table of Contents
This chapter describes JEUS's security management function, and explains how to add the jeus-connector-dd.xml file to a resource adapter, and what you need to know for deployment.
For information about packaging a resource adapter, refer to the section "20. Packaging Requirements" of the JCA standard 1.6.
This section describes JEUS's features provided for authentication and authority check of resource adapter.
As stated in the JCA standard, based on the description in ejb-jar.xml and web.xml files, you can determine who is going to authenticate a connection.
<resource-ref>
<res-ref-name>jca/pool</res-ref-name>
<res-type>javax.resource.cci.ConnectionFactory</res-type>
<res-sharing-scope>Unshareable</res-sharing-scope>
<res-auth>Container</res-auth>
</resource-ref>
Specify either a container or application to determine which one will authenticate each application components. (Default value: container)
Container
The container authenticates the connection. If <res-auth> element is set to 'container,' specify a username and password in the jeus-connector-dd.xml file. An encrypted value can be used for the password.
See the following example.
{DES}FQrLbQ/D8O1lDVS71L28rw==
A specified username and password are used as the authentication information that will be passed to a resource adapter when creating a connection. If a user does not specify such information in the jeus-connector-dd.xml file, the javax.security.auth.Subject object containing no contents will be passed to the resource adapter.
For details about password encryption, refer to JEUS Domain Guide. "Chapter 7. Security Management".
Application
If <res-auth> value is set to 'Application', JEUS will not be involved in authenticating the connection when requested by an application. Instead, the application will exchange authentication information with the resource adapter. Such information normally uses the resource adapter class that implements the javax.resource.spi.ConnectionRequestInfo interface.
In order to deploy a resource adapter to JEUS, a jeus-connector-dd.xml file should be created as a DD (Deployment Descriptor) in addition to the ra.xml file. In the file, you should specify the following:
Work Manager: "3.1.2. Work Manager Configuration"
Outbound connection pool: "2.1.4. Connection Pool Configuration"
After configuring these items, locate the jeus-connector-dd.xml file in the META-INF directory of the rar file.
xxx.rar/META-INF
A resource adapter can be deployed as either of the following two modules.
Stand-alone module: Can be used by all applications in JEUS.
Module included in Java EE application(EAR): Can be used only within EAR.
For information about how to deploy an application in JEUS, refer to "JEUS Applications & Deployment Guide".
Since a resource adapter, according to the JCA standard, deployed as a stand-alone module can be used by all applications, JEUS supports class loading in the SHARED mode. Thus, a resource adapter is always deployed in the SHARED mode regardless of the user settings.
1. For details about class loading in the SHARED mode, refer to JEUS Server Guide. "1.4. Class Loader Structure".
2. For further information about deployment, refer to "JEUS Applications & Deployment Guide".
A resource adapter can be registered with JEUS as a type of JDBC driver. The JDBC driver is registered as a class path of the server when the jar file is saved in the JEUS_HOME/lib/datasource directory. In this case, since changes are not applied when the jar file is updated, you need to restart JEUS.
On the other hand, since a resource adapter is an application managed by JEUS, its version can be updated and redeployed without restarting JEUS.
Redeployment has the following limitations.
To redeploy a resource adapter module, all applications using the resource adapter should also be redeployed.
Applications that have already used the resource adapter do not need to look up the classes of the redeployed resource adapter as the classes have been cached.
In JEUS, when EJB modules deployed in the SHARED mode are redeployed, web modules that use the EJB modules are also automatically redeployed. However, resource adapter modules cannot be redeployed automatically, and so they need to be redeployed manually.
A resource adapter module is considered as a driver shared and used by all the applications rather than as an independent application. JEUS enables a resource adapter module to be registered with a domain as a connector resource.
Registering a resource adapter module with a domain as a connector resource is done through the WebAdmin. The configuration information of the resource adapter registered with the domain is similar to that of the jeus-connector-dd.xml file of the resource adapter module. The resource adapter is deployed as follows.
The resource adapter is deployed in the following configuration priority order.
WebAdmin configuration
This has higher priority than jeus-connector-dd.xml configuration. If this configuration exists, the resource adapters can be used as connector resources in the domain after deployment.
jeus-connector-dd.xml configuration
The configuration is applied when there is no resource adapter configuration through the WebAdmin. The Resource adapter will only perform its basic role as a module.
The following describes a process of registering resource adapters with a domain as connector resources through WebAdmin.
Choose [Resources] > [External Source] from the left menu in WebAdmin and External Source will show on the screen. Click [LocK & Edit] at the bottom of the menu and then click [Add] under the list of Connectors. Connector resources configuration screen will appear.
Connector resource configuration consists of Resource Adapter Module Id, Worker Pool configuration, and Connection Pool configuration. First, enter the 'Resource Adapter Module Id' which is going to be registered as the connector resource, if necessary adjust the Worker Pool configuration, then click [OK].
If connection pool configuration is necessary, click the ID of the resource adapter that was just added as the connector resource.
Connector resource configuration screen will reappear. Click [Add] under the Connection Pool section to add a Connection Pool configuration.
Input the necessary Connection Pool settings and then click [OK].
Click [Apply Changes] in order to confirm the final registration of the connector resource with the domain.
Once the information registered on the server is applied, a message will be shown on the screen as follows.
Although the messages indicate that the registry of a connector resource is complete, the registry are not applied dynamically. In order to use the registered connector resources, restart the server and redeploy the resource adapter module.