Skip to main content

Java Security on z/OS - The Complete View

An IBM Redbooks publication

Note: This is publication is now archived. For reference only.


Published on 23 December 2008, updated 05 January 2009

  1. .PDF (2.9 MB)

Share this page:   

ISBN-10: 0738431869
ISBN-13: 9780738431864
IBM Form #: SG24-7610-00

Authors: Kappeler Patrick, Jonathan Barney, Pierre Beda, Michael Buzzetti, Saheem Granados, Ebbe Molgaard Pedersen, Kin Ng, Michael Onghena, Eysha Powers, Martina Schmidt and Richard Schultz

    menu icon


    This IBM Redbooks publication describes and explains which z/OS security services can be exploited by Java stand-alone applications executing on z/OS. It is intended for experienced z/OS users with a moderate knowledge of Java, and experienced Java users with some knowledge of z/OS. For experimentation and customization it provides use cases that were composed and tested on a z/OS platform at z/OS V1R10 and SDK 6 SR1.

    The book describes the role of the major infrastructure components such as Security Manager, Access Controller, Class Loader and Byte Code Verifier. It addresses specific z/OS-provided facilities including the JZOS Toolkit and Java record I/O (JRIO), and explains how they fit within both security models. Java Authentication and Authorization Services (JAAS) is covered and practical examples illustrating its use in z/OS, including the LoginModules that interact with the SAF interface, are given. The relationship of these services to z/OS built-in security functions such as APF, Program Control, and so on is explained. The specific security-relevant services provided to Java applications executing on the z/OS platform are covered, along with practical examples of their setup and use.

    Java SAF classes, the JSec API, exploitation of RACF PassTickets, and the use of the z/OS Enterprise Identity Mapping (EIM) infrastructure are explained. Exploitation of z/OS integrated hardware cryptography by Java applications is detailed, along with numerous practical examples of the use of these services. z/OS cryptographic key management features are also discussed. Finally, the book addresses two industry-class IBM Java products that exploit z/OS hardware cryptography, IBM Encryption Key Manager and IBM Encryption Facility for z/OS OpenPGP Support, and highlights the exploited functionalities and performance optimization.

    Table of Contents

    Part 1. Java and Security

    Ch. 1 Overview of Java on z/OS

    Ch. 2 Java 2 authentication and authorization services

    Part 2. Platform-level security with z/OS Java

    Ch. 3 Introduction to z/OS Resource Access Control Facility

    Ch. 4 System Authorization Facility interfaces in z/OS Java

    Ch. 5 Java Security Administration

    Ch. 6 RACF PassTickets generation and authorization by z/OS Java applications

    Ch. 7 z/OS Enterprise Identity Mapping for Java applications

    Part 3. z/OS Java cryptography

    Ch. 8 Introduction to z/OS cryptography and Java

    Ch. 9 Introduction to Java Cryptographic Extension Framework and API

    Ch. 10 Simple examples of Java cryptography

    Ch. 11 Java and key management on z/OS

    Ch. 12 Usage examples - using Java keystores on z/OS

    Part 4 Appendixes

    App. A. z/OS integrated hardware cryptography setup details

    App. B. SAF sample code

    App. C. JSec sample code

    App. D. JSec attributes

    App. E. EIM example setup program

    App. F. Basics of cryptography

    App. G. Case study: IBM Encryption Key Manager

    App. H. Performance case study: IBM Encryption Facility for z/OS OpenPGP support