× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Aha...But in a nutshell this means that I can't provide individual
access rights to OS objects for my end-users unless I include the
security checks in my own classes. Well, I just can't get used to system
services being so low-level or altogether missing in this wonderful new
WAS/Java environment.

Thank you.

Lo

-----Original Message-----
From: Frances Stewart [mailto:francess@xxxxxxxxxx]
Sent: 16 December 2003 15:05
To: Java Programming on and around the iSeries / AS400
Subject: RE: Effective profiles in WAS5.0



WAS security is used to secure access to WAS resources and WAS artifacts
(servlets, JSPs, EJB's, access to the admin console, etc.).
OS/400 operating system security is used to secure OS/400 objects
(files,
database tables/views, programs, etc).

When your Java class attempts to access an IFS stream file, the OS/400
operating system security kicks in. It determines if the user profile
under
which the process executing your Java class is running has the
appropriate
authority to access the file (this includes checking the *PUBLIC
authority
to the file).

So if you have a Java class running in a WAS application server which is
running under the QEJBSVR user profile and the Java class tries to read
an
IFS file, QEJBSVR minimally must have *R authority to the file (if
*PUBLIC
has *R authority, then so does QEJBSVR).


Frances Stewart
WebSphere Application Server for iSeries
    External web site: http://www.iseries.ibm.com/websphere
    Team web site: http://w3.rchland.ibm.com/~was
E-mail: francess@xxxxxxxxxx
Tie-line: 553-2795, External: 507 253-2795
IBM Rochester



 

                      "Raikov, Leonid"

                      <RaikovL1@xxxxxxxxx        To:       "'Java
Programming on and around the iSeries / AS400'"                       
                      >
<java400-l@xxxxxxxxxxxx>

                      Sent by:                   cc:

                      java400-l-bounces@m        Subject:  RE: Effective
profiles in WAS5.0                                             
                      idrange.com

 

 

                      12/16/2003 08:39 AM

                      Please respond to

                      Java Programming on

                      and around the

                      iSeries / AS400

 

 





Does this mean than that WAS has a built-in authority checking
mechanism? Suppose I try accessing a stream file from my Java class; at
what point and who ascertains that the end user has sufficient authority
to the file?

Lo

-----Original Message-----
From: Frances Stewart [mailto:francess@xxxxxxxxxx]
Sent: 16 December 2003 13:51
To: Java Programming on and around the iSeries / AS400
Subject: Re: Effective profiles in WAS5.0



The security type in any version of WAS (3.0.2 ad higher) does not
affect
the the profile of the thread the HTTP request runs on. The WAS
application
server runs under user profile QEJBSVR by default, and the HTTP Server
(IBM
HTTP Server powered by Apache) runs under profile QTMHHTTP by default.
Enabling security does not change this.

You can change the user profile under which the WAS application server
runs
(this is documented under the Security section of the WAS for iSeries
documentation).  I believe you can also change the user profile under
which
the HTTP Server runs, but do not know how - I would expect it to be
documented with the HTTP Server documentation.


Frances Stewart
WebSphere Application Server for iSeries
    External web site: http://www.iseries.ibm.com/websphere
    Team web site: http://w3.rchland.ibm.com/~was
E-mail: francess@xxxxxxxxxx
Tie-line: 553-2795, External: 507 253-2795
IBM Rochester





                      "Raikov, Leonid"

                      <RaikovL1@xxxxxxxxx        To:
"'JAVA400-L@xxxxxxxxxxxx'" <JAVA400-L@xxxxxxxxxxxx>

                      >                          cc:

                      Sent by:                   Subject:  Effective
profiles in WAS5.0
                      java400-l-bounces@m

                      idrange.com





                      12/16/2003 07:19 AM

                      Please respond to

                      Java Programming on

                      and around the

                      iSeries / AS400









In WAS5.0 for iSeries, if the security type is "Local OS", what
effective profile does a thread created on behalf of an HTTP request run
under? Is it the profile name entered by the user at signon? That is, is
QWTPSETP API used when a new thread is created?
Lo


_______________________________________________
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L)
mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.





_______________________________________________
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.
_______________________________________________
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L)
mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.





_______________________________________________
This is the Java Programming on and around the iSeries / AS400
(JAVA400-L) mailing list
To post a message email: JAVA400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/java400-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.