ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/rzahajgssdev10.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="IBM JGSS application programming steps" />
<meta name="abstract" content="There are multiple steps required to develop a JGSS application, including using transport tokens, creating the necessary JGSS objects, establishing and deleting context, and using per-message services." />
<meta name="description" content="There are multiple steps required to develop a JGSS application, including using transport tokens, creating the necessary JGSS objects, establishing and deleting context, and using per-message services." />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev20.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1010.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1020.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1030.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1040.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1050.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1060.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1070.htm" />
<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1080.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzahajgssdev10" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>IBM JGSS
application programming steps</title>
</head>
<body id="rzahajgssdev10"><a name="rzahajgssdev10"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">IBM<sup>®</sup> JGSS
application programming steps</h1>
<div><p>There are multiple steps required to develop a JGSS application,
including using transport tokens, creating the necessary JGSS objects, establishing
and deleting context, and using per-message services.</p>
<p>Operations in a JGSS application follow the Generic Security Service Application
Programming Interface (GSS-API) operational model. For information about concepts
important to JGSS operations, see <a href="rzahajgssconcept.htm">JGSS
concepts</a>.</p>
<div class="section"><h4 class="sectiontitle">JGSS transport tokens</h4><p>Some of the important JGSS
operations generate tokens in the form of Java™ byte arrays. It is the responsibility
of the application to forward the tokens from one JGSS peer to the other.
JGSS does not constrain in any way the protocol    that the application uses
for transporting tokens. Applications may transport JGSS tokens together with
other application (that is, non-JGSS) data. However, JGSS operations accept
and use only JGSS-specific tokens.</p>
</div>
<div class="section"><h4 class="sectiontitle">Sequence of operations in a JGSS application</h4><p>JGSS
operations require certain programming constructs that you must use in the
order listed below. Each of the steps applies to both the initiator and the
acceptor.</p>
<div class="note"><span class="notetitle">Note:</span> The information includes snippets of example code that
illustrate using the high-level JGSS APIs and assume that your application
imports the org.ietf.jgss package. Although many of the high-level APIs are
overloaded, the snippets show only the most commonly used forms of those methods.
Of course, use the API mehods that best suit your needs.</div>
<ol><li><a href="rzahajgssdev1010.htm">Creating a GSSManager </a><p>An
instance of GSSManager acts as a factory for creating other JGSS object instances.</p>
</li>
<li><a href="rzahajgssdev1020.htm">Creating a GSSName</a>  <p>A GSSName
represents the identity of a JGSS principal. Some JGSS operations can locate
and use a default principal when you specify a null GSSName.</p>
   </li>
<li><a href="rzahajgssdev1030.htm">Creating a GSSCredential</a>  <p>A
GSSCredential embodies the mechanism-specific credentials of the principal.</p>
 
  </li>
<li><a href="rzahajgssdev1040.htm">Creating a GSSContext</a><p>A GSSContext
is used for context establishment and subsequent per-message services.</p>
 
    </li>
<li><a href="rzahajgssdev1050.htm">Selecting optional services on the
context</a> <p>Your application must explicitly request optional services,
such as mutual authentication.</p>
          </li>
<li><a href="rzahajgssdev1060.htm">Establishing context</a> <p> The
initiator authenticates itself to the acceptor. However, when requesting mutual
authentication, the acceptor in turn authenticates itself to the initiator.</p>
 
  </li>
<li><a href="rzahajgssdev1070.htm">Using per-message services</a>  <p>The
initiator and the acceptor exchange secure messages over the established context.</p>
 
  </li>
<li><a href="rzahajgssdev1080.htm">Deleting context</a> <p>The application
deletes a context that is no longer needed.</p>
     </li>
</ol>
</div>
</div>
<div>
<ol>
<li class="olchildlink"><a href="rzahajgssdev1010.htm">Creating a GSSManager</a><br />
The GSSManager abstract class serves as a factory for creating JGSS objects.</li>
<li class="olchildlink"><a href="rzahajgssdev1020.htm">Creating a GSSName</a><br />
GSSName represents the identity of a GSS-API principal. A GSSName may contain many representations of the principal, one for each supported underlying mechanism. A GSSName that contains only one name representation is called a Mechanism Name (MN).</li>
<li class="olchildlink"><a href="rzahajgssdev1030.htm">Creating a GSSCredential</a><br />
A GSSCredential contains all the cryptographic information necessary to create a context on behalf of a principal and can contain credential information for multiple mechanisms.</li>
<li class="olchildlink"><a href="rzahajgssdev1040.htm">Creating GSSContext</a><br />
IBM<sup>®</sup> JGSS
supports two methods provided by GSSManager for creating a context.</li>
<li class="olchildlink"><a href="rzahajgssdev1050.htm">Requesting optional security services</a><br />
Your application can request any of several optional security services. IBM<sup>®</sup> JGSS
supports several services.</li>
<li class="olchildlink"><a href="rzahajgssdev1060.htm">Establishing context</a><br />
The two communicating peers must establish a security context over which they can use per-message services.</li>
<li class="olchildlink"><a href="rzahajgssdev1070.htm">Using per-message services</a><br />
After establishing a security context, two communicating peers can exchange secure messages over the established context.</li>
<li class="olchildlink"><a href="rzahajgssdev1080.htm">Deleting context</a><br />
A peer deletes a context when the context is no longer needed. In JGSS operations, each peer unilaterally decides when to delete a context and does not need to inform its peer.</li>
</ol>

<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssdev.htm" title="Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.">Developing IBM JGSS applications</a></div>
</div>
<div class="relref"><strong>Related reference</strong><br />
<div><a href="rzahajgssdev20.htm" title="The IBM JGSS includes an optional JAAS login facility that allows the application to use JAAS to obtain credentials. After the JAAS login facility saves principal credentials and secret keys in the subject object of a JAAS login context, JGSS can retrieve the credentials from that subject.">Using JAAS with your JGSS application</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="IBM JGSS application programming steps" />`
			`<meta name="abstract" content="There are multiple steps required to develop a JGSS application, including using transport tokens, creating the necessary JGSS objects, establishing and deleting context, and using per-message services." />`
			`<meta name="description" content="There are multiple steps required to develop a JGSS application, including using transport tokens, creating the necessary JGSS objects, establishing and deleting context, and using per-message services." />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev20.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1010.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1020.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1030.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1040.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1050.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1060.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1070.htm" />`
			`<meta name="DC.Relation" scheme="URI" content="rzahajgssdev1080.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="rzahajgssdev10" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>IBM JGSS`
			`application programming steps</title>`
			`</head>`
			`<body id="rzahajgssdev10"><a name="rzahajgssdev10"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">IBM<sup>®</sup> JGSS`
			`application programming steps</h1>`
			`<div><p>There are multiple steps required to develop a JGSS application,`
			`including using transport tokens, creating the necessary JGSS objects, establishing`
			`and deleting context, and using per-message services.</p>`
			`<p>Operations in a JGSS application follow the Generic Security Service Application`
			`Programming Interface (GSS-API) operational model. For information about concepts`
			`important to JGSS operations, see <a href="rzahajgssconcept.htm">JGSS`
			`concepts</a>.</p>`
			`<div class="section"><h4 class="sectiontitle">JGSS transport tokens</h4><p>Some of the important JGSS`
			`operations generate tokens in the form of Java™ byte arrays. It is the responsibility`
			`of the application to forward the tokens from one JGSS peer to the other.`
			`JGSS does not constrain in any way the protocol that the application uses`
			`for transporting tokens. Applications may transport JGSS tokens together with`
			`other application (that is, non-JGSS) data. However, JGSS operations accept`
			`and use only JGSS-specific tokens.</p>`
			`</div>`
			`<div class="section"><h4 class="sectiontitle">Sequence of operations in a JGSS application</h4><p>JGSS`
			`operations require certain programming constructs that you must use in the`
			`order listed below. Each of the steps applies to both the initiator and the`
			`acceptor.</p>`
			`<div class="note"><span class="notetitle">Note:</span> The information includes snippets of example code that`
			`illustrate using the high-level JGSS APIs and assume that your application`
			`imports the org.ietf.jgss package. Although many of the high-level APIs are`
			`overloaded, the snippets show only the most commonly used forms of those methods.`
			`Of course, use the API mehods that best suit your needs.</div>`
			`<ol><li><a href="rzahajgssdev1010.htm">Creating a GSSManager </a><p>An`
			`instance of GSSManager acts as a factory for creating other JGSS object instances.</p>`
			`</li>`
			`<li><a href="rzahajgssdev1020.htm">Creating a GSSName</a> <p>A GSSName`
			`represents the identity of a JGSS principal. Some JGSS operations can locate`
			`and use a default principal when you specify a null GSSName.</p>`
			`</li>`
			`<li><a href="rzahajgssdev1030.htm">Creating a GSSCredential</a> <p>A`
			`GSSCredential embodies the mechanism-specific credentials of the principal.</p>`

			`</li>`
			`<li><a href="rzahajgssdev1040.htm">Creating a GSSContext</a><p>A GSSContext`
			`is used for context establishment and subsequent per-message services.</p>`

			`</li>`
			`<li><a href="rzahajgssdev1050.htm">Selecting optional services on the`
			`context</a> <p>Your application must explicitly request optional services,`
			`such as mutual authentication.</p>`
			`</li>`
			`<li><a href="rzahajgssdev1060.htm">Establishing context</a> <p> The`
			`initiator authenticates itself to the acceptor. However, when requesting mutual`
			`authentication, the acceptor in turn authenticates itself to the initiator.</p>`

			`</li>`
			`<li><a href="rzahajgssdev1070.htm">Using per-message services</a> <p>The`
			`initiator and the acceptor exchange secure messages over the established context.</p>`

			`</li>`
			`<li><a href="rzahajgssdev1080.htm">Deleting context</a> <p>The application`
			`deletes a context that is no longer needed.</p>`
			`</li>`
			`</ol>`
			`</div>`
			`</div>`
			`<div>`
			`<ol>`
			`<li class="olchildlink"><a href="rzahajgssdev1010.htm">Creating a GSSManager</a><br />`
			`The GSSManager abstract class serves as a factory for creating JGSS objects.</li>`
			`<li class="olchildlink"><a href="rzahajgssdev1020.htm">Creating a GSSName</a><br />`
			`GSSName represents the identity of a GSS-API principal. A GSSName may contain many representations of the principal, one for each supported underlying mechanism. A GSSName that contains only one name representation is called a Mechanism Name (MN).</li>`
			`<li class="olchildlink"><a href="rzahajgssdev1030.htm">Creating a GSSCredential</a><br />`
			`A GSSCredential contains all the cryptographic information necessary to create a context on behalf of a principal and can contain credential information for multiple mechanisms.</li>`
			`<li class="olchildlink"><a href="rzahajgssdev1040.htm">Creating GSSContext</a><br />`
			`IBM<sup>®</sup> JGSS`
			`supports two methods provided by GSSManager for creating a context.</li>`
			`<li class="olchildlink"><a href="rzahajgssdev1050.htm">Requesting optional security services</a><br />`
			`Your application can request any of several optional security services. IBM<sup>®</sup> JGSS`
			`supports several services.</li>`
			`<li class="olchildlink"><a href="rzahajgssdev1060.htm">Establishing context</a><br />`
			`The two communicating peers must establish a security context over which they can use per-message services.</li>`
			`<li class="olchildlink"><a href="rzahajgssdev1070.htm">Using per-message services</a><br />`
			`After establishing a security context, two communicating peers can exchange secure messages over the established context.</li>`
			`<li class="olchildlink"><a href="rzahajgssdev1080.htm">Deleting context</a><br />`
			`A peer deletes a context when the context is no longer needed. In JGSS operations, each peer unilaterally decides when to delete a context and does not need to inform its peer.</li>`
			`</ol>`

			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="rzahajgssdev.htm" title="Use JGSS to develop secure applications. Learn about generating transport tokens, creating JGSS objects, establishing context, and more.">Developing IBM JGSS applications</a></div>`
			`</div>`
			`<div class="relref"><strong>Related reference</strong><br />`
			`<div><a href="rzahajgssdev20.htm" title="The IBM JGSS includes an optional JAAS login facility that allows the application to use JAAS to obtain credentials. After the JAAS login facility saves principal credentials and secret keys in the subject object of a JAAS login context, JGSS can retrieve the credentials from that subject.">Using JAAS with your JGSS application</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`