User guide

ManualsBrandsRed Hat ManualsComputer equipmentNETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE

251

252

253

254

255

256

257

258

259

260

Chapter 7: Developing Applications

7-14

• Client IP address

• Authentication time

• Re-authentication time

• Scope of authentication information.

On the Interstage Management Console, select [System] > [Security] > [Single Sign-on] > [Business

system] > [Business system Name]. Select the [Settings] tab and click [Detailed Settings [Show]] then

check [Notify User Information?] in [Linkage with Web applications]. For details, refer to the Operator’s

Guide.

The application must be restarted to reflect the [Report User Information] settings. If the application is a

servlet application, restart IJServer. For login configuration details, refer to Creating Login Configuration

File.

Reporting User Information At Indefinite Re-authentication Intervals

The re-authentication interval can be obtained using the ISAuthorizationCredential object getExpiration

method. If the re-authentication interval is indefinite, the time obtained with the getAuthTime method is

the same as that obtained with the getExpiration method.

Note

The X500Principal object cannot be used if JDK1.3 is used and a character other than alphanumeric

characters and symbols is contained in a unique distinguished name in the SSO repository. To obtain a

character-string object indicating the unique name, use the ISAuthorizationCredential object getDN

method or JDK1.4.

Executing Authorization

When JAAS authentication is executed successfully, the Subject object can be used to use the JAAS

authorization function.

The JAAS authorization function differs from the single sign-on authorization function that controls

access to resources opened by a Web server. It controls access for Java application processing on the

basis of principal information about an authenticated user.

In single sign-on JavaAPI, the user ID, role name, and unique distinguished name in the SSO repository

are defined as principal information, and the Java Security manager is used for access control. For

information on the Java Security manager, refer to the Java Security manager document from Sun

Microsystems, Inc.

Access control is explained below using sample ISSsoAction.java code as an example. In this class,

java.security.PrivilegedAction is implemented, and a run method is executed by assuming an

authenticated user.

Example

import java.security.AccessControlException;

import java.security.PrivilegedAction;

public class ISSsoAction implements PrivilegedAction{

public Object run() {

try{

System.out.println("java.home=" + System.getProperty("java.home"));

}catch(AccessControlException ex){

System.out.println("This user does not have a permission to " +

"read java.home property");