what would be the best way to store IBM TAM connection parameters in JAVA? My application is built on JAVA spring and uses TAM for access management. Inorder to connect to IBM TAM i have a java file that gets value from property file which stores the following values application name, configuration url, registry suffix,tam admin username and tam admin paswword.I dont want to store all these values in java code or property file. Please suggest me whether i can store it in the web application server like storing connection strings.
You can use the server certificate within the configuration file. You will always need to specify the configuration file at minimum. It should look something like this:
Locale myLocale = new Locale("ENGLISH", "US");
PDContext myContext = new PDContext(myLocale, configFileURL);
You will need to create your configuration file using svrsslcfg:
java com.tivoli.pd.jcfg.SvrSslCfg -action config
-admin_id sec_master-admin_pwd secpw
-appsvr_id PDPermissionjapp -appsvr_pwd pw -host jsys.myco.com
-mode remote -port 999 -policysvr ampolicy.myco.com:7135:1
-authzsvr amazn.myco.com:7136:1 -cfg_file c:/am/config_file.conf
-key_file c:/am/keystore_file.ks -domain mydomain -cfg_action create
-certrefresh true
Typically in the environment I administer our developers use the PDContext method using the username+password+config file. We have never used the certificate method. I believe if you use the certificate method, the application would connect as the server's user account that is created when you use the svrsslcfg command. That account would need appropriate permissions within TAM to achieve what it needs to.
At the minimum, you will need to specify somewhere to store the configuration URL. I would strongly encourage you not to hard code the value as it limits the administrators that must maintain the application long term. You may also need a place to store the username+password if you decide that you need to connect as specific user and not the server's TAM user account.
Refer to this document for svrsslcfg options to create the configuration file: http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.isam.doc_70/ameb_authJava_guide_pdf.pdf
Look at this reference guide for information on how to use PDContext: https://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.isam.doc_70/ameb_AdminJava_guide_pdf.pdf