Configuring trusted context in a cluster configurationAdded by IBM on May 19, 2011 | Version 1 (Original)
|To configure DB2® trusted context in a cluster configuration, you create the JNDI data source for the cluster, create a resource reference for the cluster, map the resource reference to the JNDI datasource, and enable trusted context with authentication in WebSphere® Application Server.
To configure DB2® trusted context in a cluster configuration, you create the JNDI data source for the cluster, create a resource reference for the cluster, map the resource reference to the JNDI datasource, and enable trusted context with authentication in WebSphere® Application Server.
About this task
- DB2 database: DB2 Version 9.5 or later for AIX®, HP-UX, Linux™, Solaris, or Windows™ operating systems or DB2 Version 9.1 or later for z/OS®
- Trusted context is enabled for the DB2 database
- Global security is enabled on the WebSphere Application Server
- Use the Deployment Manager administrative console to create the JNDI data source for the cluster:
- Go to Resource -> JDBC providers and create a JDBC Provider for DB2 with cluster scope.
- Go to Resource -> Data sources and create the JNDI datasource with cluster scope.
- Create a JAAS-J2C user identity.
- Save the changes and verify that the synchronization across nodes succeeds.
- Shut down the cluster and the node agents.
- Shut down the Deployment Manager.
- Create one or more resource references for the cluster:
A resource reference is a logical name used by MashupHub to access a resource such as a data source. When a resource reference is bound to a data source, MashupHub users can access the data source using the resource reference name instead of directly using the data source name. In a cluster, the Deployment Manager console creates the JNDI data source, which in turn is used for resource mapping. For example, after a resource reference reftotestdb
is mapped to a WebSphere data source jdbc/testdb
, the data source can be accessed using the JNDI name for the resource reference java:comp/env/reftotestdb
. You need to define a data source and map a resource reference to that data source for each database that is set up with trusted context.
To create a resource reference, edit the web.xml
files in each
of the following locations:
Follow these steps to edit the web.xml
files to add a resource reference. Before proceeding, make a backup copy of the web.xml
- Open the web.xml file in a text editor.
- Add the following code for each resource reference:
<description>Trusted Context 1</description>
The content in the <description>
tag is optional.
The tag <res-ref-name>
is required. You will use the contents of this tag when you map the resource reference to the data source.
Do not change the code or the content of these tags: <res-type>
, and <res-sharing-scope>
- Close and save the web.xml file.
- Start the Deployment Manager.
- Start the node agents and cluster.
- Map the resource reference to the JNDI datasource:
- Log in to the Deployment Manager console.
- Go to Enterprise Applications -> Mashup Hub.
- Click the Resource Reference link to map the resource to the JNDI data source that you created.
- Follow the steps in this topic in the WebSphere Application Server information center Enabling trusted context for DB2 databases, beginning with the section Enable trusted context on an application that is already installed
- Save the changes and restart WebSphere Application Server.
- If you created the trusted context for the DB2 database using the WITH AUTHENTICATION option, you must configure the WebSphere Application Server to use trusted connections with authentication.
This configuration requires creating a custom DataStoreHelper class that implements a "getPasswordForUseWithTrustedContextWithAuthentication" method to return the password that is used to authenticate the user when switching identities.
- To set up trusted context with authentication, follow the procedures in these WebSphere Application Server information center topics:
- Save and confirm the changes.
- Verify that the synchronization across nodes succeeds.
- Stop cluster and all node agents.
- Stop the Deployment Manager.
- Start the Deployment Manager, node agents, and cluster.
- Create a feed from a DB2 database with trusted connections.
Trusted users can create feeds using the JNDI name for the resource reference mapped to the data source that is enabled for trusted context. For example, if the resource reference name is trusted_context1, the JNDI name to use when you create the feed will be java:comp/env/trusted_context1. When making the database connection, the WebSphere Application Server uses the identity of the logged-in user, provided that user is one of the trusted users.
If a trusted user has been defined with the WITH AUTHENTICATION option, WebSphere Application Server uses the custom DataStoreHelper class to pass in the user's password.
Parent topic: Configuring DB2 trusted context for feeds