Package com.softwaremining.vendors.cics.security

Class SMSecurityManager

java.lang.Object

com.softwaremining.vendors.cics.security.SMSecurityManager

All Implemented Interfaces:

ISecurityManager

public class SMSecurityManager
extends Object
implements ISecurityManager

SoftwareMining's implementation of basic CICS RACF functionality.
To enable Add/uncomment the following in softwaremining.properties :

SECURITY_MANAGER=com.softwaremining.vendors.cics.security.SMSecurityManager

The implementation loads the list of users their roles from SMSecurityManager.xml file.
Typical configuration is:

 <?xml version='1.0' encoding='utf-8'?>
 <sm-security>
   <role rolename="role-db-ALL" tables="*" db-priveleges="*" /> <!-- * privileges means all "*" (CRUD) -->
   <role rolename="role-db-readOnly" tables="TABLE-1,TABLE-2" db-priveleges="R"/> <!-- "C"reate,  "R"ead, "W"rite , "D"elete-->
   <role rolename="role-transID-ALL" transids="*"/>  <!-- * means all transactions -->
   <role rolename="role-transID-2" transids="MENU, TR01, TR02"/> <!-- transactions listed in services.properties -->
 
   <user username="user1" password="pass1" roles="role-transID-ALL,role-db-ALL"/>
   <user username="user2" password="pass2" roles="role-transID-2,role-db-readOnly,"/>
 </sm-security> 

When a security is enabled, system will first validate users by via login.jsp (supplied by SoftwareMining). The system can then provide the following types security checks:
a. Validates user/password against list in SMSecurityManager.xml
b. Does the user has access to a role with access to a transaction (screen), See attribute * transids in element <role>
c. Does the user has DB access. See attribute tables and db-priveleges in element <role>

Field Summary

Fields inherited from interface com.softwaremining.vendors.cics.security.ISecurityManager

DEFAULT_USER

Constructor Summary

Constructors

Constructor	Description
SMSecurityManager()

Method Summary

Modifier and Type	Method	Description
void	authorizeDBAccess(String userId, String tableName, String operation)	Validate userId has authorization to access table-name.
boolean	authorizeLogin(String userId, String password)	Authorize the Login request
void	authorizeTransactionAccess(String userId, String tranId)	Validate userId has authorization to access/run the tranId.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SMSecurityManager

public SMSecurityManager()

Method Details

authorizeTransactionAccess

public void authorizeTransactionAccess(String userId,
 String tranId)
                                throws NotAuthorizedException

Description copied from interface: ISecurityManager

Validate userId has authorization to access/run the tranId.

Specified by:

authorizeTransactionAccess in interface ISecurityManager

Parameters:

userId -

tranId -

Throws:

NotAuthorizedException - when user does not have privileges to access this transaction

authorizeDBAccess

public void authorizeDBAccess(String userId,
 String tableName,
 String operation)
                       throws NotAuthorizedException

Description copied from interface: ISecurityManager

Validate userId has authorization to access table-name.

Specified by:

authorizeDBAccess in interface ISecurityManager

Parameters:

userId -

tableName -

operation - - one of "C" (Create/ write / insert), "R" (read) , "U" (update) , "D" (delete)

Throws:

NotAuthorizedException - when user does not have privileges to access this table

authorizeLogin

public boolean authorizeLogin(String userId,
 String password)

Description copied from interface: ISecurityManager

Authorize the Login request

Specified by:

authorizeLogin in interface ISecurityManager

Parameters:

userId -

password -

Returns: