diff --git a/src/main/java/com/ibm/as400/access/AuthenticationIndicator.java b/src/main/java/com/ibm/as400/access/AuthenticationIndicator.java new file mode 100644 index 00000000..43f8b341 --- /dev/null +++ b/src/main/java/com/ibm/as400/access/AuthenticationIndicator.java @@ -0,0 +1,35 @@ +/////////////////////////////////////////////////////////////////////////////// +// +// JTOpen (IBM Toolbox for Java - OSS version) +// +// Filename: Authentication Indicator.java +// +// The source code contained herein is licensed under the IBM Public License +// Version 1.0, which has been approved by the Open Source Initiative. +// Copyright (C) 2024-2024 International Business Machines Corporation and +// others. All rights reserved. +// +/////////////////////////////////////////////////////////////////////////////// + +package com.ibm.as400.access; + + +/** + The authentication indicator specifies the reason why an authentication request is being made using a + password special value. This should indicate the type of authentication that was performed by the caller. + Most applications will probably use APPLICATION_AUTHENTICATION. + */ +public class AuthenticationIndicator { + /** Indicates that Kerberos was used to authenticate the user. */ + public final static int KERBEROSE = 1; + /** Indicates that a successful SSH authentication with a key was used to authenticate the user. */ + public final static int SSH_KEY = 2; + /** Indicates that a successful identity token mapping to a user profile was used to authenticate the user. */ + public final static int IDENTITY_TOKEN_MAPPING = 3; + /** Indicates that DDM (Distributed Data Management) performed user ID only authentication */ + public final static int DDM_USER_ID = 4; + /** Indicates that a successful application authentication was previously performed. This is used when the + * application has assumed full responsibility for authenticating the user. */ + public final static int APPLICATION_AUTHENTICATION = 5; + +} diff --git a/src/main/java/com/ibm/as400/access/EnhancedProfileTokenImplNative.java b/src/main/java/com/ibm/as400/access/EnhancedProfileTokenImplNative.java index 8a756181..453d11ab 100644 --- a/src/main/java/com/ibm/as400/access/EnhancedProfileTokenImplNative.java +++ b/src/main/java/com/ibm/as400/access/EnhancedProfileTokenImplNative.java @@ -38,7 +38,8 @@ public class EnhancedProfileTokenImplNative * @param user The name of the user profile for which * the token is to be generated. * - * @param password The password for the user + * @param password The password for the user. Must not be a password + * special value. * * @param additionalAuthenticationFactor The additional authentication factor * for the user @@ -114,6 +115,96 @@ public static native byte[] nativeCreateToken(String user, int type, int timeoutInterval) throws RetrieveFailedException; + /** + * Generates and returns a new profile token based on a user profile, password special value, + * and additional authentication factor. + * + * @param user The name of the user profile for which + * the token is to be generated. + * + * @param password The password for the user. Must be a password + * special value. + * + * @param additionalAuthenticationFactor The additional authentication factor + * for the user + * + * @param authenticationIndicator Indicates how the caller authenticated the user. + * @see com.ibm.as400.access.AuthenticationIndicator + * + * @param verificationId The verification ID is the label that + * identifies the specific application, + * service, or action associated with the + * profile handle request. This value must + * be 30-characters or less. This value + * will be passed to the authentication + * exit program registered under the + * QIBM_QSY_AUTH exit point if the + * specified user profile has *REGFAC as + * an authentication method. The + * authentication exit program may use the + * verification ID as a means to restrict + * the use of the user profile. If running + * on an IBM I, the verification ID should + * be the DCM application ID or a similar + * value that identifies the application + * or service. + * + * @param remoteIpAddress If the API is used by a server to + * provide access to a the system, the + * remote IP address should be obtained + * from the socket connection (i.e. using + * Socket.getInetAddress). Otherwise, null + * should be passed. + * + * @param remotePort If the API is used by a server to + * provide access to a the system, the + * remote port should be obtained from the + * socket connection (i.e. using + * Socket.getPort ). Otherwise, use 0 if + * there is not an associated connection. + * + * @param localIpAddress If the API is used by a server to + * provide access to a the system, the + * local IP address should be obtained + * from the socket connection (i.e. using + * Socket.getLocalAddress). Otherwise, + * null should be passed. + * @param localPort If the API is used by a server to + * provide access to a the system, the + * local port should be obtained from the + * socket connection + * (Socket.getLocalPort). Otherwise, use 0 + * if there is not an associated + * connection. + * + * + * @param type The type of token. Possible types are + * defined as fields on the + * ProfileTokenCredential class: + * + * @param timeoutInterval The number of seconds to expiration. + * @return The token bytes. + * @exception RetrieveFailedException If errors occur while generating the + * token. + */ + public static native byte[] nativeCreateTokenSpecialPassword(String user, + char[] password, + char[] additionalAuthenticationFactor, + int authenticationIndicator, + String verificationId, + String remoteIpAddress, + int remotePort, + String localIpAddress, + int localPort, + int type, + int timeoutInterval) throws RetrieveFailedException; + + + /** * Attempt to swap the thread identity based on the given profile token. *