The security CONTRACT enables the application server to connect to an EIS system using security properties. The application server authenticates with the EIS system by using security properties composed of a principle (a user id) and credentials (a PASSWORD, a certificate, and so on). An application server can employ two methods to authenticate to an EIS system (via a resource adapter). With the first method, container-managed sign-on, the security credentials configure when the resource adapter is deployed on the application server. You can choose from several ways to configure security properties when using container-managed sign-on. First, with CONFIGURED Identity, all resource adapter connections use the same identity when connecting to the EIS system.

Second, with Principal Mapping, the principal used when connecting to the EIS system is based on a combination of the current principal in the application server and the mapping (which maps how the principal in the application server will map to a principal in the EIS system). The third is Caller IMPERSONATION, where the principal used in the EIS system exactly matches the principal in the application server. The fourth is Credentials Mapping, which is similar to Caller Impersonation, EXCEPT the type of credentials must be mapped from application server credentials to EIS credentials.

While it's easiest to configure the security properties at deployment time, such a strategy proves slightly less flexible because the security properties cannot change at runtime. As an alternative, you can configure security properties by component-managed sign-on, which allows you to pass security properties each time a connection is acquired from the resource adapter.

The security contract enables the application server to connect to an EIS system using security properties. The application server authenticates with the EIS system by using security properties composed of a principle (a user id) and credentials (a password, a certificate, and so on). An application server can employ two methods to authenticate to an EIS system (via a resource adapter). With the first method, container-managed sign-on, the security credentials configure when the resource adapter is deployed on the application server. You can choose from several ways to configure security properties when using container-managed sign-on. First, with Configured Identity, all resource adapter connections use the same identity when connecting to the EIS system.

Second, with Principal Mapping, the principal used when connecting to the EIS system is based on a combination of the current principal in the application server and the mapping (which maps how the principal in the application server will map to a principal in the EIS system). The third is Caller Impersonation, where the principal used in the EIS system exactly matches the principal in the application server. The fourth is Credentials Mapping, which is similar to Caller Impersonation, except the type of credentials must be mapped from application server credentials to EIS credentials.

While it's easiest to configure the security properties at deployment time, such a strategy proves slightly less flexible because the security properties cannot change at runtime. As an alternative, you can configure security properties by component-managed sign-on, which allows you to pass security properties each time a connection is acquired from the resource adapter.