Good morning
Thanks you guys for your suggestions. I have asked questions about
suggestions made by David and Loyd. I put all my reponses to date in
one e-mail to consolidate.
I appreciate your help solving this!
Thanks
Bill Blalock
David Gibbs wrote:
A called program is just a called program. Nothing special needs to
be
done when invoking from Java.
The only thing I would suggest is you protect the programs from being
run by any other mechanism.
Perhaps check to ensure the program was invoked from the remote
command server (QZRCSRVS)?
I am concerned about which user profile will be QZRCSRVS run under? Can
you give me any guidance? It is one thing if QZRCSVRS runs under the
profile used to instantiate the AS400 object. But if QZRCSVRS runs
under a generic profile like QUSER then I have another situation.
Can I start a server job particularly for this purpose, running under a
profile with the right authorities and tell Java to use a that
particular instance of the server job to process these programs?
Checking to see if invoked for the remote command server is a great
suggestion. Thanks!
Loyd Goodbar wrote:
Not sure how fancy you want to make it, but perhaps compile the
programs
with USRPRF(*USER). Can Java invoke the profile handle APIs? Where I'm
going is the programs, if run by normal users, would fail due to API
security requirements. However, Java would set up the correct
environment
(by swapping profile handles) to a user with the proper authority
before
calling the program. And of course, swapping back to the
non-privileged
user after execution.
Since the i5 programs I am developing are running under the remote
command / remote program call server I didn't think Java would need to
swap profiles. I would think any profile swapping would have to occur
within the i5 programs run by the remote command / remote program call
server.
Could you explain how you see that Java would need to do the user
swapping?
Richard Schoen wrote:
If your program needs special authorities and you're writing this for
a
customer simply explain why it needs special authorities. Not sure
about
the *SECADM part though :-)
I am doing this for my company and I have to work within an IT
department assigned the Security Officer function which in not
particularly i5/iSeries/AS400 literate.
-----Original Message-----
-----Original Message-----
------------------------------
message: 5
date: Wed, 4 Mar 2009 09:18:35 -0600
from: "Blalock, Bill" <Bill.Blalock@xxxxxxxx>
subject: Running an i5 program from Java which needs special
authorities
I need some advice before I get too far into coding.
I am designing i5 programs, CLLE or RPGLE, to be called from Java.
The i5 program will use APIs which require
- special authority: *ALLOBJ and *SECADM
- file authority: *OBJOPR, *READ
I'd like some suggestions on how to approach this problem. Warnings
about pitfalls to avoid would be appreciated.
I'll be using V5R4 on the i5. For Java JT-Open 6.3 or 6.4 and Java 6
will be used. I want to be able to call the programs from Java running
both on the i5 and on a Windows server.
Thanks all
_____________
The information contained in this message is proprietary and/or confidential. If you are not the
intended recipient, please: (i) delete the message and all copies; (ii) do not disclose,
distribute or use the message in any manner; and (iii) notify the sender immediately. In addition,
please be aware that any message addressed to our domain is subject to archiving and review by
persons other than the intended recipient. Thank you.
_____________
As an Amazon Associate we earn from qualifying purchases.