ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzaha_5.4.0.1/jaaswork.htm

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
  PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="concept" />
<meta name="DC.Title" content="Details: How HelloWorld for Java Authentication and Authorization Service works" />
<meta name="DC.Relation" scheme="URI" content="jaashllo.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="jaaswork" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Details: How HelloWorld for Java Authentication and Authorization Service
works</title>
</head>
<body id="jaaswork"><a name="jaaswork"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Details: How HelloWorld for Java Authentication and Authorization Service
works</h1>
<div><p>This document takes a closer look at how <strong>HelloWorld</strong> for Java™ Authentication
and Authorization Service (JAAS) works. This information should be considered
a replacement for the <strong>HelloWorld</strong> section of the <a href="api.htm">API
Developers Guide</a>. The source code, policy, and configuration files
are the same as those in the API Developers Guide. There are, however, some
aspects that are unique to the iSeries™ server.</p>
<div class="note"><span class="notetitle">Note:</span> By using the
code examples, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>
<p><strong>Configuration and policy files</strong></p>
<p>The configuration file, <strong>jaas.config</strong>, contains one entry:</p>
<pre>helloWorld {
    com.ibm.security.HWLoginModule required debug=true;
};</pre>
<p>The test case includes only one LoginModule. When running the HelloWorld
application, you can experiment by changing the LoginModuleControlFlag (required,
requisite, sufficient, optional) and deleting the debug flag. If more LoginModules
are available for testing, then you can alter this configuration and experiment
with multiple LoginModules.   </p>
<p>The Java 2 policy file, <strong>java2.policy</strong>, contains one
permission block:</p>
<pre>    grant {
        permission javax.security.auth.AuthPermission "createLoginContext";
        permission javax.security.auth.AuthPermission "modifyPrincipals";
        permission javax.security.auth.AuthPermission "doAsPrivileged";
    };</pre>
<p>  The three permissions are required because the HelloWorld application
does the following:   </p>
<ol><li>Creates a LoginContext object.</li>
<li>Changes the Principals of the the authenticated Subject.</li>
<li>Calls the doAsPrivileged method of the Subject class.</li>
</ol>
<p>The JAAS policy file, <strong>jaas.policy</strong>, also contains one permission
block:</p>
<pre>    grant Principal com.ibm.security.HWPrincipal "bob" {
        permission java.util.PropertyPermission "java.home", "read";
        permission java.util.PropertyPermission "user.home", "read";
        permission java.io.FilePermission "foo.txt", "read";
    };</pre>
<p>  The three permissions are initially granted to an HWPrincipal named "bob".
The actual Principal added to the authenticated Subject is the user name used
during the login process.   </p>
<p>Here is the action code from HelloWorld with the three system calls (the
reason for the required permissions) in bold:</p>
<pre>     Subject.doAsPrivileged(lc.getSubject(), new PrivilegedAction() {
         public Object run() {
             System.out.println("\nYour java.home property: "
                                    <strong>+System.getProperty("java.home")</strong>);

             System.out.println("\nYour user.home property: "
                                    <strong>+System.getProperty("user.home"))</strong>;

             File f = new File("foo.txt");
             System.out.print("\nfoo.txt does ");
             if (<strong>!f.exists()</strong>) System.out.print("not ");
             System.out.println("exist in your current directory");

             System.out.println("\nOh, by the way ...");

             try {
                 Thread.currentThread().sleep(2000);
             } catch (Exception e) {
                 // ignore
             }
             System.out.println("\n\nHello World!\n");
             return null;
         }
     }, null);</pre>
<p>  When running the HelloWorld program, use various user names and alter
jaas.policy accordingly. There should not be a need to alter java2.policy.
Also, create a file called foo.txt in the test directory to test the last
system call and confirm that the correct level of access is granted to that
file.  </p>
<p><strong>Examine HelloWorld source files</strong></p>
<p>The LoginModule class, HWLoginModule, simply authenticates any user who
enters the correct password (case sensitive with space):</p>
<ul><li><strong>Go JAAS</strong></li>
</ul>
<p>  If running with a security manager, you must enter user 'bob' for all
of the access permissions to succeed.   </p>
<p>The HelloWorld application permits users three attempts to do so. When
Go JAAS is correctly entered, an HWPrincipal object with a name equal the
the user name is added to the authenticated Subject.</p>
<p>The Principal class, HWPrincipal, represents a Principal based on the user
name that is entered. This name is important when granting permissions to
authenticated Subjects.</p>
<p>The main application, HelloWorld, first creates a LoginContext based on
a configuration entry with the name helloWorld. Callbacks are used to retrieve
user input. Look at the MyCallbackHandler class located in the HelloWorld.java
file to see this process. Here is an excerpt from the source code:</p>
<pre>         LoginContext lc = null;
         try {
             lc = new LoginContext("helloWorld", new MyCallbackHandler());
         } catch (LoginException le) {
             le.printStackTrace();
             System.exit(-1);
         }</pre>
<p>  The user enters a user name and password (up to three times) and if Go
JAAS is entered as the password, then the Subject is authenticated (HWLoginModule
adds a HWPrincipal to the Subject). Work is then performed as the authenticated
Subject.   </p>
<p>If the policy files are not found, a <strong>SecurityException</strong> is thrown.
Otherwise, information concerning your java.home and user.home properties
is displayed. Also, the existence of a file called foo.txt in your test directory
is checked. Finally, the ubiquitous "Hello World" message is displayed.</p>
<p><strong>Having fun with HelloWorld</strong></p>
<p>Rerun HelloWorld as many times as you like. Here is a list of some of the
things that you might want to try:</p>
<ul><li>Vary the user name and passwords entered</li>
<li>Change the configuration file entries</li>
<li>Change the policy file permissions</li>
<li>Add additional LoginModules to the helloWorld configuration entry</li>
<li>Add code base fields to the policy files</li>
<li>Run the program without a SecurityManager to see how it works if you run
into problems.</li>
</ul>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="jaashllo.htm" title="This information looks at how HelloWorld for Java Authentication and Authorization Service (JAAS) is compiled and run on an iSeries server.">Compile and run HelloWorld with Java Authentication and Authorization Service on an iSeries server</a></div>
</div>
</div>
</body>
</html>
Add readme and dist folders 2024-04-02 14:02:31 +00:00			`<?xml version="1.0" encoding="UTF-8"?>`
			`<!DOCTYPE html`
			`PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">`
			`<html lang="en-us" xml:lang="en-us">`
			`<head>`
			`<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />`
			`<meta name="security" content="public" />`
			`<meta name="Robots" content="index,follow" />`
			`<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />`
			`<meta name="DC.Type" content="concept" />`
			`<meta name="DC.Title" content="Details: How HelloWorld for Java Authentication and Authorization Service works" />`
			`<meta name="DC.Relation" scheme="URI" content="jaashllo.htm" />`
			`<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />`
			`<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />`
			`<meta name="DC.Format" content="XHTML" />`
			`<meta name="DC.Identifier" content="jaaswork" />`
			`<meta name="DC.Language" content="en-us" />`
			`<!-- All rights reserved. Licensed Materials Property of IBM -->`
			`<!-- US Government Users Restricted Rights -->`
			`<!-- Use, duplication or disclosure restricted by -->`
			`<!-- GSA ADP Schedule Contract with IBM Corp. -->`
			`<link rel="stylesheet" type="text/css" href="./ibmdita.css" />`
			`<link rel="stylesheet" type="text/css" href="./ic.css" />`
			`<title>Details: How HelloWorld for Java Authentication and Authorization Service`
			`works</title>`
			`</head>`
			`<body id="jaaswork"><a name="jaaswork"><!-- --></a>`
			`<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>`
			`<h1 class="topictitle1">Details: How HelloWorld for Java Authentication and Authorization Service`
			`works</h1>`
			`<div><p>This document takes a closer look at how <strong>HelloWorld</strong> for Java™ Authentication`
			`and Authorization Service (JAAS) works. This information should be considered`
			`a replacement for the <strong>HelloWorld</strong> section of the <a href="api.htm">API`
			`Developers Guide</a>. The source code, policy, and configuration files`
			`are the same as those in the API Developers Guide. There are, however, some`
			`aspects that are unique to the iSeries™ server.</p>`
			`<div class="note"><span class="notetitle">Note:</span> By using the`
			`code examples, you agree to the terms of the <a href="codedisclaimer.htm">Code license and disclaimer information</a>.</div>`
			`<p><strong>Configuration and policy files</strong></p>`
			`<p>The configuration file, <strong>jaas.config</strong>, contains one entry:</p>`
			`<pre>helloWorld {`
			`com.ibm.security.HWLoginModule required debug=true;`
			`};</pre>`
			`<p>The test case includes only one LoginModule. When running the HelloWorld`
			`application, you can experiment by changing the LoginModuleControlFlag (required,`
			`requisite, sufficient, optional) and deleting the debug flag. If more LoginModules`
			`are available for testing, then you can alter this configuration and experiment`
			`with multiple LoginModules. </p>`
			`<p>The Java 2 policy file, <strong>java2.policy</strong>, contains one`
			`permission block:</p>`
			`<pre> grant {`
			`permission javax.security.auth.AuthPermission "createLoginContext";`
			`permission javax.security.auth.AuthPermission "modifyPrincipals";`
			`permission javax.security.auth.AuthPermission "doAsPrivileged";`
			`};</pre>`
			`<p> The three permissions are required because the HelloWorld application`
			`does the following: </p>`
			`<ol><li>Creates a LoginContext object.</li>`
			`<li>Changes the Principals of the the authenticated Subject.</li>`
			`<li>Calls the doAsPrivileged method of the Subject class.</li>`
			`</ol>`
			`<p>The JAAS policy file, <strong>jaas.policy</strong>, also contains one permission`
			`block:</p>`
			`<pre> grant Principal com.ibm.security.HWPrincipal "bob" {`
			`permission java.util.PropertyPermission "java.home", "read";`
			`permission java.util.PropertyPermission "user.home", "read";`
			`permission java.io.FilePermission "foo.txt", "read";`
			`};</pre>`
			`<p> The three permissions are initially granted to an HWPrincipal named "bob".`
			`The actual Principal added to the authenticated Subject is the user name used`
			`during the login process. </p>`
			`<p>Here is the action code from HelloWorld with the three system calls (the`
			`reason for the required permissions) in bold:</p>`
			`<pre> Subject.doAsPrivileged(lc.getSubject(), new PrivilegedAction() {`
			`public Object run() {`
			`System.out.println("\nYour java.home property: "`
			`<strong>+System.getProperty("java.home")</strong>);`

			`System.out.println("\nYour user.home property: "`
			`<strong>+System.getProperty("user.home"))</strong>;`

			`File f = new File("foo.txt");`
			`System.out.print("\nfoo.txt does ");`
			`if (<strong>!f.exists()</strong>) System.out.print("not ");`
			`System.out.println("exist in your current directory");`

			`System.out.println("\nOh, by the way ...");`

			`try {`
			`Thread.currentThread().sleep(2000);`
			`} catch (Exception e) {`
			`// ignore`
			`}`
			`System.out.println("\n\nHello World!\n");`
			`return null;`
			`}`
			`}, null);</pre>`
			`<p> When running the HelloWorld program, use various user names and alter`
			`jaas.policy accordingly. There should not be a need to alter java2.policy.`
			`Also, create a file called foo.txt in the test directory to test the last`
			`system call and confirm that the correct level of access is granted to that`
			`file. </p>`
			`<p><strong>Examine HelloWorld source files</strong></p>`
			`<p>The LoginModule class, HWLoginModule, simply authenticates any user who`
			`enters the correct password (case sensitive with space):</p>`
			`<ul><li><strong>Go JAAS</strong></li>`
			`</ul>`
			`<p> If running with a security manager, you must enter user 'bob' for all`
			`of the access permissions to succeed. </p>`
			`<p>The HelloWorld application permits users three attempts to do so. When`
			`Go JAAS is correctly entered, an HWPrincipal object with a name equal the`
			`the user name is added to the authenticated Subject.</p>`
			`<p>The Principal class, HWPrincipal, represents a Principal based on the user`
			`name that is entered. This name is important when granting permissions to`
			`authenticated Subjects.</p>`
			`<p>The main application, HelloWorld, first creates a LoginContext based on`
			`a configuration entry with the name helloWorld. Callbacks are used to retrieve`
			`user input. Look at the MyCallbackHandler class located in the HelloWorld.java`
			`file to see this process. Here is an excerpt from the source code:</p>`
			`<pre> LoginContext lc = null;`
			`try {`
			`lc = new LoginContext("helloWorld", new MyCallbackHandler());`
			`} catch (LoginException le) {`
			`le.printStackTrace();`
			`System.exit(-1);`
			`}</pre>`
			`<p> The user enters a user name and password (up to three times) and if Go`
			`JAAS is entered as the password, then the Subject is authenticated (HWLoginModule`
			`adds a HWPrincipal to the Subject). Work is then performed as the authenticated`
			`Subject. </p>`
			`<p>If the policy files are not found, a <strong>SecurityException</strong> is thrown.`
			`Otherwise, information concerning your java.home and user.home properties`
			`is displayed. Also, the existence of a file called foo.txt in your test directory`
			`is checked. Finally, the ubiquitous "Hello World" message is displayed.</p>`
			`<p><strong>Having fun with HelloWorld</strong></p>`
			`<p>Rerun HelloWorld as many times as you like. Here is a list of some of the`
			`things that you might want to try:</p>`
			`<ul><li>Vary the user name and passwords entered</li>`
			`<li>Change the configuration file entries</li>`
			`<li>Change the policy file permissions</li>`
			`<li>Add additional LoginModules to the helloWorld configuration entry</li>`
			`<li>Add code base fields to the policy files</li>`
			`<li>Run the program without a SecurityManager to see how it works if you run`
			`into problems.</li>`
			`</ul>`
			`</div>`
			`<div>`
			`<div class="familylinks">`
			`<div class="parentlink"><strong>Parent topic:</strong> <a href="jaashllo.htm" title="This information looks at how HelloWorld for Java Authentication and Authorization Service (JAAS) is compiled and run on an iSeries server.">Compile and run HelloWorld with Java Authentication and Authorization Service on an iSeries server</a></div>`
			`</div>`
			`</div>`
			`</body>`
			`</html>`