IBM Java Toolbox for I implementation of three IBM I-based authentication policies

User authentication is one of the most basic functions to ensure program security for application developers engaged in IBM I platform. As a Java API,IBM Java Toolbox for access and manipulation of data and resources on the IBM I platform, a variety of user authentication strategies are implemented, which can solve the security problems of the program simply and efficiently. This article will guide the IBM I Web application developers using IBM Java Toolbox for I to implement different authentication strategies from the perspective of Web applications, combining specific examples. For a basic knowledge of IBM Java Toolbox for I, see another technical document "Toolbox for Java and Jtopen."

From the structure, this article mainly divides into four parts. The first part briefly describes how to implement a password-based authentication strategy using IBM Java Toolbox for I, which is characterized by simplicity and convenience for most applications. The second section focuses on how to implement a profile token Third-party validation strategy using IBM Java Toolbox for I, which is suitable for multi-tier (multi-tier) applications that are more sensitive to security, facilitating profile token transfer between tiers, Without exposing the password. The third section simply mentions another third-party based authentication policy--kerberos and IBM Java Toolbox for I support for Kerberos authentication, not the focus of this article. Kerberos authentication is characterized by single sign-on SSO (Sign on), where a user can access multiple services with a ticket (Ticket-granting ticket) that is obtained by entering authentication information only once. The last part is the summary.

Developing a sample Web application

For simplicity, the business logic of this sample Web application is relatively simple, that is, to implement the login function. Developers can use IDE tools such as Eclipse to complete the development of Web applications and then deploy them to IBM i's HTTP server and application server. Here, we recommend that developers use the IBM Web Administration for I as a web console to complete the creation and management of the HTTP server and application server to the deployment, management and optimization of Web applications. For the product features of the IBM Web Administration for I, see another technical document "IBM I Middleware Management: IBM Web Administration for I to simplify".

After the sample Web application completes, let's comb through the dependencies of the Web application with IBM Java Toolbox for I, as shown in Figure 1:

Figure 1. Architecture diagram for WEB application

As you can see from Figure 1, as a third-party Java class Library, IBM Java Toolbox for I as the middle tier provides a variety of services to access the underlying IBM I data and resources for the upper Web application. This includes the user authentication service, which is the focus of this article.