Hi,
I had tomcat up and running without SAF but am now in the middle of SAFizing it. I followed the instructions at http://dovetail.com/docs/jzos/saf.html and got as far as adding a new role via the admin panel. However, I am not able to add groups or users in the admin panel. When I try, I get errors:
Caused by: javax.management.ServiceNotFoundException: Cannot find operation createGroup
Caused by: javax.management.ServiceNotFoundException: Cannot find operation createUser
Is this normal and all the user/group stuff is via RACF or am I missing the code for createGroup and createUser?
Thanks,
Larry
SAF - can create role, but not users or groups
a little deeper into tomcat from z/os with RACF ...
Thanks Steve. I was able to get a user set up in RACF to access my application in it's tomcat defined role. Now my issue is how to secure the application to only be allowed access to specific RACF resources, ie datasets. For example, my application reads datasets that contain reports, some of which contain sensitive data. In WebSphere (running as plugin) the userid that is signed into HTTP server is passed to the plugin and RACF protection based on that userid is enforced for any dataset access from the application.
Is there any way to configure tomcat to pass this userid and automatically enforce the dataset security?
Failing that, does anyone have an java code that does this type of checking? ie Does this user have access to read this dataset type checking?
Thanks,
Larry
Is there any way to configure tomcat to pass this userid and automatically enforce the dataset security?
Failing that, does anyone have an java code that does this type of checking? ie Does this user have access to read this dataset type checking?
Thanks,
Larry