Component Authentication is not supported in Liberty

This rule flags connection factories or data sources that are configured with both a container-managed authentication alias and a component-managed authentication alias. Component-managed authentication is not supported in Liberty, instead container-managed or application-managed authentication must be used. A component-managed authentication alias is a default set of credentials to be used by any application that accesses a data source or connection factory and creates a connection without specifying its own credentials. Using component-managed authentication is less preferable than specifying authentication on a per application basis. Component-managed authentication does not restrict who can access the data source or connection factory beyond who can access the JNDI namespace. Liberty does have an option for allowing container-managed authentication to be used for direct lookups, which is similar to how component-managed authentication functions in WebSphere traditional. To enable that behavior configure the enableContainerAuthForDirectLookups connection manager property with a value of true.

To use container-managed authentication, look up the connection factory or data source by using a resource reference with the resource authentication type set to container in the application. This can be done using annotations by setting authenticationType to AuthenticationType.CONTAINER or using a bindings file or bindings overrides in the server.xml file by setting the res-auth to Container. The authData alias in the server.xml file with the appropriate credentials can then be specified in the bindings or added as a default container-managed authentication alias to be used when one is not specified in the bindings. To set an authData alias as the default container-managed authentication alias specify it as the contianerAuthDataRef attribute on the data source or connection factory. In the configuration migrated by the binary scanner, the component-managed authentication alias is specified as the default container-managed authentication alias if the data source or connection factory does not have a specified container-managed authentication alias. The enableContainerAuthForDirectLookups connection manager property is also configured so that the data source or connection factory behaves the same in Liberty as it did in WebSphere traditional.

To use application-managed authentication, specify the username and password on the getConnection, createConnection, createQueueConnection, or createTopicConnection method calls.