WebSphere Application Server: Component vs Container Managed Authentication Alias

When defining the usage of an authentication alias in a resource in the administration console of WebSphere Application Server, there are two places the data can be specified:

  1. Component Managed Authentication
  2. Container Managed Authentication

Component Managed Authentication is used when the resource configured in the EJB’s deployment descriptor res-auth property is set to ‘Application’.

Container Managed Authentication is used when the resource configured in the EJB’s deployment descriptor res-auth property is set to ‘Container’.

The WebSphere v6 Administration Console notes that Container managed is deprecated and that component should be used.

EDIT #1: Thanks to David Currie for pointing out that it’s actually the specification of the authentication alias directly in the resource that is deprecated.

You should verify the res-auth setting of your jndi resources if you find that you configured an authentication aliasbut recieve an exception about null username at runtime.

Author: dan

Comments

  1. The admin console deprecation warning is very misleading. The use of container managed authentication is actually preferred over component managed authentication! What is deprecated is specifying the alias for container managed authentication on the resource itself. It should instead be defined on the resource-reference. In this manner the credentials only apply to a particular usage of the resource rather than to any application in the cell that can retrieve the resource from JNDI.

  2. Thank you for your enlightenment on the topic David. It helps to put that deprecation message in context.

  3. What is the basic difference between container and component-managed authentication alias in websphere?

Leave a Reply

Your email address will not be published. Required fields are marked *