WebSphere Application Server Version 6.1 Feature Pack for Web Services
             Operating Systems: AIX, HP-UX, i5/OS, Linux, Solaris, Windows, z/OS

             Personalize the table of contents and search results

Enabling trusted context for DB2 databases

Enable trusted context in your applications to improve how the application server interacts with DB2 database servers. Use trusted connections to preserve the identity records of clients that are connecting to a DB2 database through your applications; trusted connections can provide a more secure environment by granting access based on the identity of those users.

Before you begin

Ensure that the following prerequisites are met before enabling trusted connections:

About this task

With trusted connections you can:
Supported configurations: Non-trusted connections cannot be used as trusted connections. If the connection pool contains only non-trusted connections and a request comes in for a trusted connection, a new request will be sent to the database for the non-trusted connection.sptcfg

Procedure

  1. Run the addTrustedConnection.jacl script or the addTrustedConnection.py script in the profile_root/bin directory. Run this script one time only.
    For example, from the profile_root/bin directory, run the following command from a command prompt:
    wsadmin -conntype NONE -f addTrustedConnection.jacl

    There is also a removeTrustedConnection.jacl script and a removeTrustedConnection.py script that is available for removing the trusted context functionality.

  2. Add the propagateClientIdentityUsingTrustedContext custom property for the DB2 data source.
    1. Click JDBC > Data sources
    2. Click the name of the data source that you want to configure.
    3. Click Custom properties from the Additional Properties heading.
    4. Click New.
    5. Complete the required fields. Use the following information:
      Table 1. Custom property panel
      Name Value
      propagateClientIdentityUsingTrustedContext true
  3. Enable trusted context for your applications.
    • Enable trusted context when you are installing a new application.
      1. Perform a typical installation for the application until you reach Step 7: Map resource references to resources in the installation wizard.
      2. In Step 7: Map resource references to resources, select Use trusted connections (one-to-one mapping) in the Specify authentication method section.
      3. Select an authentication alias from the list that matches an alias that is already defined in the DB2 data source. If you do not have an alias defined that is suitable, continue with the installation, and enable trusted context after the application is installed.
        Supported configurations: You can specify a default user (UNAUTHENTICATED) to be used if no client identity is available, but that default ID (UNAUTHENTICATED) must also exist in the DB2 database. If the com.ibm.mapping.unauthenticatedUser is set to null or an empty string, then the application server will use the default user (UNAUTHENTICATED). Read about setting the com.ibm.mapping.unauthenticatedUser property.sptcfg
      4. Select a data source from the table that has trusted context enabled.
      5. Click Apply.
      6. Edit the properties of the custom login configuration. Read Setting the security properties for trusted connections.
      7. Finish the installation wizard.
    • Enable trusted context on an application that is already installed.
      1. Click Enterprise Applications > application_name.
      2. Click Resource references from the Resources heading.
      3. Select Use trusted connections (one-to-one mapping) in the Specify authentication method section.
      4. Select an authentication alias from the list that matches an alias that is already defined in the DB2 data source. If you do not have an alias defined that is suitable, define a new alias.
        1. Click JDBC > Data sources > data_source_name.
        2. Click JAAS - J2C authentication data from the Related Items heading.
        3. Click New.
        4. Define the properties for the alias in General properties.
        5. Click OK.
        Supported configurations: You can specify a default user (UNAUTHENTICATED) to be used if no client identity is available, but that default ID (UNAUTHENTICATED) must also exist in the DB2 database. If the com.ibm.mapping.unauthenticatedUser is set to null or an empty string, then the application server will use the default user (UNAUTHENTICATED). Read about setting the com.ibm.mapping.unauthenticatedUser property.sptcfg
      5. Select a data source from the table that has trusted context enabled.
      6. Click Apply.
      7. Edit the properties of the custom login configuration. Read Setting the security properties for trusted connections.

What to do next

Be aware of the following error conditions that can occur if trusted context is not configured properly:



In this information ...


Related concepts

IBM Redbooks, demos, education, and more


Use IBM Suggests to retrieve related content from ibm.com and beyond, identified for your convenience.

This feature requires Internet access.

IBM Suggests
Task topic    

Terms of Use | Feedback

Last updated: Nov 25, 2008 2:35:59 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.wsfep.multiplatform.doc/info/ae/ae/tdat_trustedcontext.html