|
Aha...But in a nutshell this means that I can't provide individual access rights to OS objects for my end-users unless I include the security checks in my own classes. Well, I just can't get used to system services being so low-level or altogether missing in this wonderful new WAS/Java environment. Thank you. Lo -----Original Message----- From: Frances Stewart [mailto:francess@xxxxxxxxxx] Sent: 16 December 2003 15:05 To: Java Programming on and around the iSeries / AS400 Subject: RE: Effective profiles in WAS5.0 WAS security is used to secure access to WAS resources and WAS artifacts (servlets, JSPs, EJB's, access to the admin console, etc.). OS/400 operating system security is used to secure OS/400 objects (files, database tables/views, programs, etc). When your Java class attempts to access an IFS stream file, the OS/400 operating system security kicks in. It determines if the user profile under which the process executing your Java class is running has the appropriate authority to access the file (this includes checking the *PUBLIC authority to the file). So if you have a Java class running in a WAS application server which is running under the QEJBSVR user profile and the Java class tries to read an IFS file, QEJBSVR minimally must have *R authority to the file (if *PUBLIC has *R authority, then so does QEJBSVR). Frances Stewart WebSphere Application Server for iSeries External web site: http://www.iseries.ibm.com/websphere Team web site: http://w3.rchland.ibm.com/~was E-mail: francess@xxxxxxxxxx Tie-line: 553-2795, External: 507 253-2795 IBM Rochester "Raikov, Leonid" <RaikovL1@xxxxxxxxx To: "'Java Programming on and around the iSeries / AS400'" > <java400-l@xxxxxxxxxxxx> Sent by: cc: java400-l-bounces@m Subject: RE: Effective profiles in WAS5.0 idrange.com 12/16/2003 08:39 AM Please respond to Java Programming on and around the iSeries / AS400 Does this mean than that WAS has a built-in authority checking mechanism? Suppose I try accessing a stream file from my Java class; at what point and who ascertains that the end user has sufficient authority to the file? Lo -----Original Message----- From: Frances Stewart [mailto:francess@xxxxxxxxxx] Sent: 16 December 2003 13:51 To: Java Programming on and around the iSeries / AS400 Subject: Re: Effective profiles in WAS5.0 The security type in any version of WAS (3.0.2 ad higher) does not affect the the profile of the thread the HTTP request runs on. The WAS application server runs under user profile QEJBSVR by default, and the HTTP Server (IBM HTTP Server powered by Apache) runs under profile QTMHHTTP by default. Enabling security does not change this. You can change the user profile under which the WAS application server runs (this is documented under the Security section of the WAS for iSeries documentation). I believe you can also change the user profile under which the HTTP Server runs, but do not know how - I would expect it to be documented with the HTTP Server documentation. Frances Stewart WebSphere Application Server for iSeries External web site: http://www.iseries.ibm.com/websphere Team web site: http://w3.rchland.ibm.com/~was E-mail: francess@xxxxxxxxxx Tie-line: 553-2795, External: 507 253-2795 IBM Rochester "Raikov, Leonid" <RaikovL1@xxxxxxxxx To: "'JAVA400-L@xxxxxxxxxxxx'" <JAVA400-L@xxxxxxxxxxxx> > cc: Sent by: Subject: Effective profiles in WAS5.0 java400-l-bounces@m idrange.com 12/16/2003 07:19 AM Please respond to Java Programming on and around the iSeries / AS400 In WAS5.0 for iSeries, if the security type is "Local OS", what effective profile does a thread created on behalf of an HTTP request run under? Is it the profile name entered by the user at signon? That is, is QWTPSETP API used when a new thread is created? Lo _______________________________________________ This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/java400-l or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l. _______________________________________________ This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/java400-l or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l. _______________________________________________ This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/java400-l or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l. _______________________________________________ This is the Java Programming on and around the iSeries / AS400 (JAVA400-L) mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/java400-l or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
