Package com.ibm.as400.security.auth

Provides user profile swapping using IBM i profile token and credential classes.

See: Description

Interface Summary

Interface	Description
AS400BasicAuthenticationCredential	The AS400BasicAuthenticationCredential interface defines IBM i credentials that can be exploited by authentication services that rely on basic user and password authentication.
AS400BasicAuthenticationPrincipal	The AS400BasicAuthenticationPrincipal interface defines IBM i principals that can be exploited by authentication services that rely on basic user and password authentication.
AS400CredentialListener	The AS400CredentialListener interface provides an interface for receiving AS400CredentialEvents.
AS400SwappableCredential	The AS400SwappableCredential interface defines IBM i credentials that can be exploited by authentication services to swap the operating system thread identity when running on the local IBM i system.
ProfileHandleImpl	The ProfileHandleImpl interface provides the template for classes implementing behavior delegated by a ProfileHandleCredential.
ProfileTokenImpl	The ProfileTokenImpl interface provides the template for classes implementing behavior delegated by a ProfileTokenCredential.
ProfileTokenProvider	Defines an interface for providing a ProfileTokenCredential to an AS400 object.

Class Summary

Class	Description
AS400Credential	Provides an abstract superclass for representations of IBM i system security-related attributes.
AS400CredentialBeanInfo	Bean information for the AS400Credential class.
AS400CredentialEvent	The AS400CredentialEvent class represents a credential event.
AS400Principal	The AS400Principal class provides an abstract superclass for representations of IBM i system security-related identities.
AS400PrincipalBeanInfo	Bean information for the AS400Principal class.
DefaultProfileTokenProvider	A default implementation of the ProfileTokenProvider interface.
ProfileHandleCredential	Represents an IBM i system profile handle.
ProfileHandleCredentialBeanInfo	Bean information for the ProfileHandleCredential class.
ProfileTokenCredential	The ProfileTokenCredential class represents an IBM i system profile token.
ProfileTokenCredentialBeanInfo	Bean information for the ProfileTokenCredential class.
Swapper	Provides utility methods to perform credential swaps for existing remote connections.
UserProfilePrincipal	The UserProfilePrincipal class represents an IBM i system user profile.
UserProfilePrincipalBeanInfo	Bean information for the UserProfilePrincipal class.

Exception Summary

Exception	Description
AS400AuthenticationException	The AS400AuthenticationException class and subclasses represent exceptions issued when errors occur during system authentication.
DestroyFailedException	The DestroyFailedException class represents an exception issued when error occur when destroying IBM i system authentication information.
RefreshFailedException	The RefreshFailedException class represents an exception issued when errors occur while refreshing system authentication information.
RetrieveFailedException	The RetrieveFailedException class represents an exception issued when errors occur while retrieving system authentication information.
SwapFailedException	The SwapFailedException class represents an exception issued when errors occur while attempting to change thread identity on the IBM i system.

Package com.ibm.as400.security.auth Description

Provides user profile swapping using IBM i profile token and credential classes.

These classes interact with the security services provided by IBM i. Specifically, support is provided to authenticate a user identity, sometimes referred to as a principal, and password against the native IBM i user registry. A credential representing the authenticated user can then be established. You can use the credential to alter the identity of the current IBM i thread to perform work under the authorities and permissions of the authenticated user. In effect, this identity swap results in the thread acting as if a sign-on was performed by the authenticated user.

Note: The services to establish and swap credentials are only supported for OS/400 release V4R5M0 or greater.

The AS400 class in the com.ibm.as400.access package now provides authentication for a given user profile and password against the IBM i system. You can also retrieve credentials representing authenticated user profiles and passwords for the system. These credentials, known as profile tokens, represent an authenticated user profile and password for a specific system. Profile tokens expire based on time, up to one hour, but can be refreshed in certain cases to provide an extended life span.

Note: While inherently more secure than passing a user profile and password due to limited life span, profile tokens should still be considered sensitive information by the application and handled accordingly. Since the token represents an authenticated user and password, it could potentially be exploited by a hostile application to perform work on behalf of that user. It is ultimately the responsibility of the application to ensure that credentials are accessed in a secure manner.

Related Documentation

For overviews, tutorials, examples, guides, and tool documentation, please see:

• IBM Toolbox for Java Document
• JTOpen (open source Toolbox) official Web site
• IBM Toolbox for Java Forums
• IBM Support for Toolbox/JTOpen
• The IBM Toolbox for Java Programmer's Guide