|
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |
See:
Description
Interface Summary | |
AS400CredentialListener | The AS400CredentialListener interface provides an interface for receiving AS400CredentialEvents. |
ProfileHandleImpl | The ProfileHandleImpl interface provides the template for classes implementing behavior delegated by a ProfileHandleCredential. |
ProfileTokenImpl | The ProfileTokenImpl interface provides the template for classes implementing behavior delegated by a ProfileTokenCredential. |
Class Summary | |
AS400Credential | The AS400Credential class provides an abstract superclass for representations of AS/400 security-related attributes. |
AS400CredentialEvent | The AS400CredentialEvent class represents a credential event. |
AS400Principal | The AS400Principal class provides an abstract superclass for representations of AS/400 security-related identities. |
ProfileHandleCredential | The ProfileHandleCredential class represents an AS/400 profile handle. |
ProfileTokenCredential | The ProfileTokenCredential class represents an AS/400 profile token. |
UserProfilePrincipal | The UserProfilePrincipal class represents an AS/400 user profile. |
Exception Summary | |
AS400AuthenticationException | The AS400AuthenticationException class and subclasses represent exceptions issued when errors occur during AS/400 authentication. |
DestroyFailedException | The DestroyFailedException class represents an exception issued when error occur when destroying AS/400 authentication information. |
RefreshFailedException | The RefreshFailedException class represents an exception issued when errors occur while refreshing AS/400 authentication information. |
RetrieveFailedException | The RetrieveFailedException class represents an exception issued when errors occur while retrieving AS/400 authentication information. |
SwapFailedException | The SwapFailedException class represents an exception issued when errors occur while attempting to change thread identity on the AS/400 system. |
Provides user profile swapping using iSeries or AS/400 profile token and credential classes.
These classes interact with the security services provided by OS/400. Specifically, support is provided to authenticate a user identity, sometimes referred to as a principal, and password against the native OS/400 user registry. A credential representing the authenticated user can then be established. You can use the credential to alter the identity of the current OS/400 thread to perform work under the authorities and permissions of the authenticated user. In effect, this identity swap results in the thread acting as if a sign-on was performed by the authenticated user.
Note: The services to establish and swap credentials are only supported for OS/400 release V4R5M0 or greater.
The AS400 class in the com.ibm.as400.access package now provides authentication for a given user profile and password against the iSeries or AS/400 system. You can also retrieve credentials representing authenticated user profiles and passwords for the system. These credentials, known as profile tokens, represent an authenticated user profile and password for a specific server. Profile tokens expire based on time, up to one hour, but can be refreshed in certain cases to provide an extended life span.
Note: While inherently more secure than passing a user profile and password due to limited life span, profile tokens should still be considered sensitive information by the application and handled accordingly. Since the token represents an authenticated user and password, it could potentially be exploited by a hostile application to perform work on behalf of that user. It is ultimately the responsibility of the application to ensure that credentials are accessed in a secure manner.
|
|||||||||
PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES |