The Java 2 platform provides a means to enforce access controls based on where code came from and who signed it. These access controls are needed because of the distributed nature of the Java platform where, for example, a remote applet can be downloaded over a public network and then run locally.
However, the Java 2 platform does not provide a way to enforce similar access controls based on who runs the code. To provide this type of access control, the Java 2 security architecture requires the following:
- Additional support for authentication (determining who is actually running the code)
- Extensions to the existing authorization components to enforce new access controls based on who was authenticated
The Java Authentication and Authorization Service (JAAS) framework provides these enhancements.
For more information on JAAS, see the Java Authentication and Authorization Service (JAAS) Reference Guide.
Customers on z/OS V1.2 and V1.3 should wait to use JAAS until a PTF after UQ77468.
To download a copy of the documentation for the JAAS, download the jaasdocs14.jar file. We have had reports of occasional download problems with older levels of browsers; if you have trouble downloading the jar file, please try another level of the browser or a different browser.
To extract the documentation from the downloaded .jar file, place the .jar file at the directory location where you would like the documentation (typically the ${java-home}/docs directory) and issue the following command:
jar xvf jaasdocs14.jar
Note that the jaasdocs14.jar file contains documentation only and no executable code.
Sun provides a version of JAAS, although it does not apply directly to z/OS. The IBM version of JAAS for z/OS differs from the Sun version in the following ways:
- The com.sun.* packages have been moved to com.ibm.* packages.
- The OS390LoginModule in the IBM version of JAAS provides a default login module supporting basic authentication with the z/OS Security Services, SAF (RACF).
- The SAFPermission class in IBM's JAAS provides authorization checking for resources protected by z/OS Security Services, SAF (RACF).
- In IBM's JAAS, ThreadSubject.doAs provides a default implementation of ThreadSubject.
To use JAAS, you must have SAF Service provider installed and configured (RACF or another).
|
