Binding container managed authentication alias with DataSource using jython script

1
votes

I'm using WebSphere 8.5

I've found out how to create JAASAuthData with username and password using jython script:

objServerAttrs = AdminControl.completeObjectName('WebSphere:type=Server,*')

cellName = AdminControl.getAttribute(objServerAttrs, 'cellName')
sec = AdminConfig.getid('/Cell:%s/Security:/' % cellName)
jaasAttr = [['alias', jaasAlias],['userId', jaasUser],['password', jaasPass]]
jaasAuthData = AdminConfig.create('JAASAuthData', sec, jaasAttr)

and how to create dataSource:

dsAttrs = [['name', 'myDS1'], ['jndiName','jdbc/MY/DS1']]    
newDs = AdminConfig.create('DataSource', provider, dsAttrs)

Now I need to bind that JAASAuthData with my DataSource as 'Container-managed authentication alias', unfortunatelly I can't find anything in API, inspecting attributes of existing DataSources or any example for that task. How to create such binding?

2
webspherejythonwsadmin

2 Answers

0
votes

You need to specify authDataAlias attribute:

dsAttrs = [['name', 'myDS1'], ['jndiName','jdbc/MY/DS1'], ['authDataAlias',jaasAlias]]    
newDs = AdminConfig.create('DataSource', provider, dsAttrs)
0
votes

The recommended way of configuring container-managed authentication alias is to set it on a resource reference during your application deployment.

It is still allowed (although deprecated) to configure it on DataSource level:

newDs = AdminConfig.create('DataSource', provider, dsAttrs)
mapping = AdminConfig.showAttribute(newDs, 'mapping')
AdminConfig.modify(mapping, [['mappingConfigAlias', jaasAlias], ['authDataAlias', jaasAlias]])

BTW: Your script would be more maintainable if you used WDR library http://wdr.github.io/WDR/ (I'm one of the main contributors).

jaasAlias = 'TheAuthAliasName'
provider = getid1('/JDBCProvider:TheProviderName/')
security = getid1('/Cell:/Security:/')
security.assure('JAASAuthData', {'alias':jaasAlias}, userId = 'user', password = 'password')
ds = provider.assure('DataSource', {'name':'myDS1'}, jndiName = 'jdbc/MY/DS1')
# component-managed authentication:
ds.authDataAlias = jaasAlias
# ... and container-managed authentication:
ds.mapping.mappingConfigAlias = jaasAlias
ds.mapping.authDataAlias = jaasAlias
save()
sync()

The above script can be safely re-run without failure or duplicate objects.