IBM Systems > Mainframe servers > Operating systems >

Java Security Administration

Overview

What's New

z/VM

Resources

Overview

Provides a Java interface to allow administration of users and groups in security repositories; also provides a RACF-specific implementation. Support for z/OS version 1 release 9 includes the ability to query users and groups from z/OS RACF, other non-z/OS security mechanisms or interface with Java programs as a call or a check of security credentials.

This support provides two components:

A native Java interface, which can be used with any security provider
A RACF-specific implementation. Since this support uses native Java calls, it can be run on or off the z/OS platform.

Using Java Security Administration APIs

The Java security code is packaged into two jar files in HFS:

/usr/include/java_classes/userregistry.jar (this contains the Java interface)
/usr/include/java_classes/RACFuserregistry.jar (this contains the RACF-specific implementation)

Since this is native Java code, it can be run on a variety of platforms. It can be run on z/OS or downloaded and run on any Java-capable platform. Similarly, it can be invoked from Java code on any machine with the Java Virtual Machine and a TCP/IP connection. Also, the z/OS system with RACF database must have LDAP/SDBM configured and running. See IBM Tivoli Directory Server Administration and Use (SC23-5191-00) or z/OS Integrated Security Services LDAP Server Administration and Use (SC24-5923-07) for details.

Running Java Security Code Off Platform

To use the native Java interface with another security manager or on a system other than z/OS, you need to set the classpath to the location where you placed the downloaded files. For example, on a PC, this would be:

set CLASSPATH=.\userregistry.jar;.\RACFuserregistry.jar;.

Running Java Security Code on z/OS

To run Java security code on z/OS, you need to set CLASSPATH to pick up jar files, such as:

export CLASSPATH=$CLASSPATH:/usr/include/java_classes/userregistry.jar:
usr/include/java_classes/RACFuserregistry.jar

Also, the z/OS system with RACF database must have LDAP/SDBM configured and running.

Sample code

The following link contains a zip file where you can access and use various code samples. Also in this zip file is a file called Showattributes.html, which contains all User, Group and Membership attributes. It's an important reference as you begin coding.

Online documentation

The online documentation includes:

http://www.ibm.com/developerworks/java/zos/javadoc/jsec/doc/index.html contains the implementation details of Java security administration and description of classes and methods used
javadoc.zip - a compressed version of the javadoc file
IBM education assistant for Java security adminstration. This module contains overview information as well as information on specific JSDK classes and sample code. For those wishing to explore this module locally, here is the direct link to the presentation in PDF format.
All the security modules can be found in the z/OS Security section of the Education Assistant.

Software Requirements

z/OS version 1 release 9
LDAP server, z/OS version 1 release 6 - z/OS version 1 release 8
IBM Tivoli Directory Server supporting z/OS version 1 release 8 or 9

This page last updated January 2008.