com.ibm.os390.security

Class PlatformAccessControl

  • java.lang.Object
    • com.ibm.os390.security.PlatformAccessControl


  • public final class PlatformAccessControl
    extends java.lang.Object
    Class wrapping OS/390 Security Server access-control API under OS/390 Unix Services (OpenEdition). Function provided by __check_resource_auth_np service part of C/390 Run Time Library.
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method and Description
      static PlatformReturned checkMyPermission(java.lang.String className, java.lang.String entityName, int accessLevel)
      Method to check whether a user has permission to a resource.
      static PlatformReturned checkPermission(java.lang.String resourceType, java.lang.String resourceName, int accessLevel)
      Method to check "user in effect" permission to a resource.
      static PlatformReturned checkPermission(java.lang.String userid, java.lang.String resourceType, java.lang.String resourceName, int accessLevel)
      Method to check whether a specific user has permission to a resource.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Constructor Detail

      • PlatformAccessControl

        public PlatformAccessControl()
    • Method Detail

      • checkPermission

        public static PlatformReturned checkPermission(java.lang.String resourceType,
                                                       java.lang.String resourceName,
                                                       int accessLevel)
        Method to check "user in effect" permission to a resource. If the current platform thread has a security context the thread userid is used in an access control check. If not the userid of the Process is used in an access control check.
        Parameters:
        resourceType, - a String with resource type (i.e. FACILITY).
        resourceName, - a String with resource name (i.e. BPX.SERVER).
        accessLevel, - an integer denoting acccess level Possible values for this parameter are listed in PlatformAccessLevel interface class.
        Returns:
        If authorized, a null object is returned. If NOT authorized, an instance of the PlatformReturned class is returned with the class variable success set to false and the variables errrno, errno2 and errnoMsg set from the values returned by the OS/390 services __check_resource_auth_np, strerror(errno), and __errno2().
      • checkPermission

        public static PlatformReturned checkPermission(java.lang.String userid,
                                                       java.lang.String resourceType,
                                                       java.lang.String resourceName,
                                                       int accessLevel)
        Method to check whether a specific user has permission to a resource. The userid parameter is used in an access control check of the resource type and name specified.
        Parameters:
        userid, - a String with userid for which permissions are checked
        resourceType, - a String with resource type (i.e. FACILITY).
        resourceName, - a String with resource name (i.e. BPX.SERVER).
        accessLevel, - an integer denoting acccess level Possible values for this parameter are listed in PlatformAccessLevel interface class.
        Returns:
        If authorized, a null object is returned. If NOT authorized, an instance of the PlatformReturned class is returned with the class variable success set to false and the variables errrno, errno2 and errnoMsg set from the values returned by the OS/390 services __check_resource_auth_np, strerror(errno), and __errno2().
      • checkMyPermission

        public static PlatformReturned checkMyPermission(java.lang.String className,
                                                         java.lang.String entityName,
                                                         int accessLevel)
        Method to check whether a user has permission to a resource. The calling user must have a task-level Access Control Environment Element (ACEE), but unlike PlatformAccessControl.checkPermission(), the current user is not required to either have READ access to BPX.SERVER or to have superuser status.
        Parameters:
        className, - a String with the class name of the resource. The class name must be 8 characters or less.
        entityName, - a String with the name of the resource. The input is trimmed, and after, the trimmed String must be 255 characters or less.
        accessLevel, - an integer denoting acccess level. Possible values for this parameter are listed in PlatformAccessLevel interface class.
        Returns:
        If authorized, a null object is returned. If NOT authorized, an instance of the PlatformReturned class is returned with the class variable success set to false and the variables rc and stringRet set describing the reason for the failure. Possible return codes include: 0 - Caller has permission; 4 - Caller does not have permission; 8 - Caller not in task mode or does not have task level ACEE; 12 - The parameters were invalid
Copyright 1998 IBM Corporation. All rights reserved.