Parent topic: Connecting to other systems
SDK uses Credential Store (aka Token Store), to persist information related to a particular endpoint's security like Access token in case of OAuth endpoint.
Credential store comes into play when SDK tries to issue a network call to an authenticated resource. For executing this request successfully network layer of SDK checks for presence of security tokens in configured credential store for specific user. In case these tokens are missing SDK initiates authentication process depending on authentication type supported by endpoint. If authentication is successful, the security tokens are persisted in credential store for subsequent requests.
Currently following types of credential store are supported by SDK
Memory Credential Store : Saves all the details related to endpoint and authentication related token in memory. Since all the information is persisted in memory, information is lost when SDK (web application) is shutdown or restarted. It is simpler to configure and is recommended in case you are getting started with using SDK. Below is the definition of memory credential store and its usage in an endpoint.
1. Defining the bean for declaring the credential store
<managed-bean>
<managed-bean-name>SampleCredMemoryStore</managed-bean-name>
<managed-bean-class>com.ibm.sbt.security.credential.store.MemoryStore</managed-bean-class>
<managed-bean-scope>application</managed-bean-scope>
</managed-bean>
2. Use the defined credential store in the endpoint definition
<managed-bean>
<managed-bean-name>connections</managed-bean-name>
....
....
<managed-property>
<property-name>credentialStore</property-name>
<value>SampleCredMemoryStore</value>
</managed-property>
<managed-bean-name>
DB Credential Store : Saves all the details related to endpoint and authentication related token in a configured database. Details of database could be provided through JNDI.
Below is the definition of DB Credential store and its usage in an endpoint.
1. Defining the bean for declaring the credential store
<managed-bean>
<managed-bean-name>SampleCredDBStore</managed-bean-name>
<managed-bean-class>com.ibm.sbt.security.credential.store.DBCredentialStore</managed-bean-class>
<managed-property>
<property-name>jndiName</property-name>
<value>jdbc/ibmsbt-dbtokenstore</value>
</managed-property>
<managed-property>
<property-name>tableName</property-name>
<value>SBTKREP</value>
</managed-property>
<managed-bean-scope>application</managed-bean-scope>
</managed-bean>
2. Use the defined credential store in the endpoint definition
<managed-bean>
<managed-bean-name>connections</managed-bean-name>
....
....
<managed-property>
<property-name>credentialStore</property-name>
<value>SampleCredDBStore</value>
</managed-property>
<managed-bean-name>
For setting up credential store you can refer to the CreateTable.sql (\src\dbscripts) file shipped along with SDK. For SDK to use DB Credential store, application server level security should be enabled for consuming web application. This is to enable SDK to uniquely identify the user for which security tokens are to be persisted.
Reference : To configure a datasource using JNDI on Tomcat kindly refer to this link
JNDI Datasource HOW-TO
For WebSphere kindly refer to this link :
Configuring a JDBC provider and data source