Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

June enhanced profile token updates #186

Merged
merged 3 commits into from
Jun 25, 2024
Merged

June enhanced profile token updates #186

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
4863316
EnhancedProfileToken updates
jeber-ibm Jun 25, 2024
3d3ec14
More EnhancedProfileTokenChanges
jeber-ibm Jun 25, 2024
5eb0464
Update to AuthenticationIndicator
jeber-ibm Jun 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions src/main/java/com/ibm/as400/access/AuthenticationIndicator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
///////////////////////////////////////////////////////////////////////////////
//
// JTOpen (IBM Toolbox for Java - OSS version)
//
// Filename: Authentication Indicator.java
//
// The source code contained herein is licensed under the IBM Public License
// Version 1.0, which has been approved by the Open Source Initiative.
// Copyright (C) 2024-2024 International Business Machines Corporation and
// others. All rights reserved.
//
///////////////////////////////////////////////////////////////////////////////

package com.ibm.as400.access;


/**
The authentication indicator specifies the reason why an authentication request is being made using a
password special value. This should indicate the type of authentication that was performed by the caller.
Most applications will probably use APPLICATION_AUTHENTICATION.
*/
public class AuthenticationIndicator {
/** Indicates that Kerberos was used to authenticate the user. */
public final static int KERBEROSE = 1;
/** Indicates that a successful SSH authentication with a key was used to authenticate the user. */
public final static int SSH_KEY = 2;
/** Indicates that a successful identity token mapping to a user profile was used to authenticate the user. */
public final static int IDENTITY_TOKEN_MAPPING = 3;
/** Indicates that DDM (Distributed Data Management) performed user ID only authentication */
public final static int DDM_USER_ID = 4;
/** Indicates that a successful application authentication was previously performed. This is used when the
* application has assumed full responsibility for authenticating the user. */
public final static int APPLICATION_AUTHENTICATION = 5;

}
93 changes: 92 additions & 1 deletion src/main/java/com/ibm/as400/access/EnhancedProfileTokenImplNative.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,8 @@ public class EnhancedProfileTokenImplNative
* @param user The name of the user profile for which
* the token is to be generated.
*
* @param password The password for the user
* @param password The password for the user. Must not be a password
* special value.
*
* @param additionalAuthenticationFactor The additional authentication factor
* for the user
Expand Down Expand Up @@ -114,6 +115,96 @@ public static native byte[] nativeCreateToken(String user,
int type,
int timeoutInterval) throws RetrieveFailedException;

/**
* Generates and returns a new profile token based on a user profile, password special value,
* and additional authentication factor.
*
* @param user The name of the user profile for which
* the token is to be generated.
*
* @param password The password for the user. Must be a password
* special value.
*
* @param additionalAuthenticationFactor The additional authentication factor
* for the user
*
* @param authenticationIndicator Indicates how the caller authenticated the user.
* @see com.ibm.as400.access.AuthenticationIndicator
*
* @param verificationId The verification ID is the label that
* identifies the specific application,
* service, or action associated with the
* profile handle request. This value must
* be 30-characters or less. This value
* will be passed to the authentication
* exit program registered under the
* QIBM_QSY_AUTH exit point if the
* specified user profile has *REGFAC as
* an authentication method. The
* authentication exit program may use the
* verification ID as a means to restrict
* the use of the user profile. If running
* on an IBM I, the verification ID should
* be the DCM application ID or a similar
* value that identifies the application
* or service.
*
* @param remoteIpAddress If the API is used by a server to
* provide access to a the system, the
* remote IP address should be obtained
* from the socket connection (i.e. using
* Socket.getInetAddress). Otherwise, null
* should be passed.
*
* @param remotePort If the API is used by a server to
* provide access to a the system, the
* remote port should be obtained from the
* socket connection (i.e. using
* Socket.getPort ). Otherwise, use 0 if
* there is not an associated connection.
*
* @param localIpAddress If the API is used by a server to
* provide access to a the system, the
* local IP address should be obtained
* from the socket connection (i.e. using
* Socket.getLocalAddress). Otherwise,
* null should be passed.
* @param localPort If the API is used by a server to
* provide access to a the system, the
* local port should be obtained from the
* socket connection
* (Socket.getLocalPort). Otherwise, use 0
* if there is not an associated
* connection.
*
*
* @param type The type of token. Possible types are
* defined as fields on the
* ProfileTokenCredential class:
* <ul>
* <li>ProfileTokenCredential.TYPE_SINGLE_USE
* <li>ProfileTokenCredential.TYPE_MULTIPLE_USE_NON_RENEWABLE
* <li>ProfileTokenCredential.TYPE_MULTIPLE_USE_RENEWABLE
* </ul>
* @param timeoutInterval The number of seconds to expiration.
* @return The token bytes.
* @exception RetrieveFailedException If errors occur while generating the
* token.
*/
public static native byte[] nativeCreateTokenSpecialPassword(String user,
char[] password,
char[] additionalAuthenticationFactor,
int authenticationIndicator,
String verificationId,
String remoteIpAddress,
int remotePort,
String localIpAddress,
int localPort,
int type,
int timeoutInterval) throws RetrieveFailedException;



/**
* Attempt to swap the thread identity based on the given profile token.
*
Expand Down