If an EJB requests a connection to the EIS with a ConnectionFactory.getConnection() call, this connection is set up in the security context of BeanConnect. In particular, the authentication data (user name and password) required for the EJB to access the EIS is assigned when the connection is set up.

EJBs can authenticate themselves to the EIS in two ways:

• Application-managed authentication

• Container-managed authentication

It is recommended that container-managed authentication is used.

The basic procedure for application- and container-managed authentication is explained below.

Application-managed authentication

In this case, the authentication data must be provided in the program code of the EJB (see Interfaces and programming ). For EJBs which perform authentication themselves, the <res-auth> tag of the associated EJB deployment descriptor must be specified as follows:

<res-auth>Application</res-auth>

Example of setting by EJB:

getConnection(new PasswordCredential(user, password));

Container-managed authentication

In this case, the application server regulates the transfer of authentication data. For EJBs which allow the application server to perform authentication, the <res-auth> tag of the associated EJB deployment descriptor must be specified as follows:

<res-auth>Container</res-auth>

The configuration for container-managed authentication is specific to the different type of application server.