e-docs > WebLogic Server > Administration Console Online Help > Resource Adaptor (Connector) Deployment Descriptor Editor |
Administration Console Online Help |
Authentication Mechanism --> Configuration
Tasks Additional Documentation Attributes
Password Credential Mapping Mechanism
The J2EE Connector Specification, Version 1.0 Final Release defines two types of credentials that resource adapters can support: password credentials and generic credentials. In the previous release of WebLogic Server, you specified your password credentials in the security-principal-map element in the weblogic-ra.xml deployment descriptor file. The security-principal-map element was provided to map between the initiating principal and resource principal. BEA also provided a Password Converter Tool for encrypting the password stored in the security-principal-map element.
The storage of user names and passwords for principal maps in weblogic-ra.xml is not the most elegant nor secure storage mechanism. As a result, the security-principal-map element and Password Converter Tool have been deprecated in this release of WebLogic Server. The principal map has been moved from the security-principal-map to an internal WebLogic Server storage mechanism (a directory server).
The J2EE Connector specification, Version 1.0 Final Release requires storage of credentials in a javax.security.auth.Subject; the credentials are passed to either the createManagedConnection() or matchManagedConnection() methods of the ManagedConnectionFactory object.
WebLogic Server users must be authenticated whenever they request access to a protected WebLogic Server resource. For this reason, each user is required to provide a credential (a username/password pair or a digital certificate) to WebLogic Server. The following types of authentication mechanisms are supported by WebLogic Server:
The SSL (or HTTPS) protocol can be used to provide an additional level of security to password authentication. Because the SSL protocol encrypts the data transferred between the client and WebLogic Server, the user ID and password of the user do not flow in the clear. Therefore, WebLogic Server can authenticate the user without compromising the confidentiality of the user's ID and password.
You can also use mutual authentication. In this case, WebLogic Server not only authenticates itself, it also requires authentication from the requesting client. Clients are required to submit digital certificates issued by a trusted certificate authority. Mutual authentication is useful when you must restrict access to trusted clients only. For example, you might restrict access by accepting only clients with digital certificates provided by you.
Configuring Resource Adapters (Connectors) for Deployment
Deploying Resource Adapters (Connectors)
Viewing Deployed Resource Adapters (Connectors)
Undeploying Deployed Resource Adapters (Connectors)
Updating Deployed Resource Adapters (Connectors)
Editing Connector Deployment Descriptors
(Requires an Internet connection.)
See "Security" in Programming the WebLogic Server J2EE Connector Architecture.