Sun ONE Application Server 7 J2EE CA Service Provider Implementation Administrator's Guide |
Chapter 3
Administering the Resource AdapterThe J2EE CA SPI Implementation administrative tasks are explained inthis chapter.
This chapter describes the following topics:
OverviewThe J2EE CA spec describes deployment of connectors but does not address the issue of administration of resource adapters.
After deploying a resource adapter, you may need to modify the parameters of an existing resource adapter.
Administrative TasksYou can modify all the resource adapter’s parameters, such as pooling, configuration, and security using either one of the following methods:
- Edit/modify the ra.xml and/or sun-ra.xml file in the .rar file and redeploy the resource adapter.
- Edit/modify the deployed ra.xml and/or sun-ra.xml file located in <AS_inst_dir>/SUNWappserver7/domains/<domain>/<server>/ applications/j2ee_modules/<connector_name>/META-INF and restart the server.
For more information see The Connector Deployment Descriptor Files in Administering the Resource Adapter.
Creating Multiple Instances of a Resource Adapter
If you have multiple backend systems of the same type, for example 5 different CICS systems, you need to deploy the resource adapter for each backend system.
Be certain that each resource adapter has a unique application server name, jndi name and connection parameters specific to the backend.
Security Configuration
According to the J2EE CA specification, the resource adapter needs to have the necessary permissions to read private credentials. AS7 ships with a default server (security) policy that allows the default user, ANONYMOUS, to read private credentials. If you are planning on using the resource adapter with container managed security and users other then ANONYMOUS, you need to modify the server.policy file so that the resource adapter will be able to read the private credentials for the connector users. See Sun ONE Application Server J2EE CA SPI Developer’s Guide for more information concerning server policy.
There are two options that can be used depending on the number of users:
Numerous users
Add the following permission to the server.policy
grant codeBase "file:/AS_inst_dir>/SUNWappserver7/domains/<domain>/<server>/ applications/j2ee-modules/<Connector_directory>/-"{
permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential
com.sun.enterprise.security.PrincipalImpl \"*\"", "read";
};
This will allow just the connector code to read the private credentials for any user.
Limited Number of Users
If there will be only a limited set of users of the connector, permission can be restricted to only those users as shown in the following:
Add the following permission to the server.policy for every user:
grant codeBase "file:/AS_inst_dir>/SUNWappserver7/domains/<domain>/<server>/ applications/j2ee-modules/<Connector_directory>/-"{
permission javax.security.auth.PrivateCredentialPermission "javax.resource.spi.security.PasswordCredential
com.sun.enterprise.security.PrincipalImpl \"<user_name>\"", "read";
};