I need to provide password for keystore in my EJB but I don't want it to be visible to developers. My idea was to create Authentication Alias in Websphere Console and later lookup for MY_ALIAS and obtain password from alias. I found some discussion related to subject at: http://www.coderanch.com/t/79439/Websphere/Authentication-Data

Do anybody knows can alias be lookuped? What is your suggested method to achieve my goal?

Thank you very much!

You can use the following code to obtain credentials from J2C authentication data entry:

import com.ibm.wsspi.security.auth.callback.Constants;
import com.ibm.wsspi.security.auth.callback.WSMappingCallbackHandlerFactory;
import javax.resource.spi.security.PasswordCredential;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginContext;

Map map = new HashMap();
map.put(Constants.MAPPING_ALIAS, "YOUR_J2C_DATA_ALIAS");
CallbackHandler callbackHandler = WSMappingCallbackHandlerFactory.getInstance().getCallbackHandler(map, null);

LoginContext loginContext = new LoginContext("DefaultPrincipalMapping", callbackHandler);
loginContext.login();

Subject subject = loginContext.getSubject();
Set credentials = subject.getPrivateCredentials();

PasswordCredential passwordCredential = (PasswordCredential) credentials.iterator().next();

String user = passwordCredential.getUserName();
String password = new String(passwordCredential.getPassword());