Skip to content
  • Articles
  • About API – my my

Articles on Apis

APIs by Example

Written by Carsten FlensburgApril 29, 2004August 30, 2017

APIs by Example: Profile Tokens

In this issue of APIs by Example, Carsten Flensburg demonstrates the Profile Token APIs.

Profile tokens are a way to change a job so that it runs with the authority of a different user profile. They are similar to the profile handle APIs, except profile tokens can be transferred from one job to another.

This functionality is useful when you’re writing a server program that provides services to a network. When a client program first connects to your server program, you can ask that client for a user name and password. You can use the user name & password to generate a profile token and send that profile token back to the client.

In future requests, the client can re-send you the profile token and you can set the server’s authority to that of the profile token. This ensures that the server runs with the user’s authority and lets you control the user’s access using the normal OS/400 security functions.

When a profile token is generated, you tell the system how long the token is good for — this “time-out” can be from 1 to 3600 seconds. This time-out mechanism provides added security to your system, preventing a would-be attacker from saving and re-using a profile token.

The profile token APIs can also be used to generate a profile token from a previous profile token. You can use this function as a method of “renewing” a profile’s access to the system without asking for the user name and password again.

You can also invalidate a profile token so that it’s no longer valid. This allows profile tokens to be disabled without waiting for the time-out period to elapse.

The difference between the Profile Token APIs and the older Profile Handle APIs is that profile handles can’t be transferred from job to job, but profile tokens can. This added capability makes profile tokens much more flexible than profile handles.

Download the save file containing the source code.

Read the entire article

Share this:

  • Twitter
  • Facebook

Like this:

Like Loading...
Posted in API usage, Security, User profile.

Leave a Reply Cancel reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. ( Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. ( Log Out /  Change )

Cancel

Connecting to %s

Archives

Category

API usage Application modernization Commands Cross reference Cryptographic services Database file Data queue Date and time Digital certificate manager Display file Document conversion DSM eBook Environment variables Exit points Hardware Help panel IFS Job Job accounting Job queue Job scheduler Job screen Journal LAN Locales Messages MI Module information NetServer Object Object authority Object locks Output queue PEX Printer Programs PTF Query Retrive journal entries RPG Save & restore Security SMTP Spooled files SQL Subsystem Systems management TCP/IP Tips Track exports Trigger UIM User profile User spaces Validation lists Watch definition Workload capping groups Work management XML ZIP

Blogroll

  • Scott Klement's site
  • Dan Riehl's site
  • Lillian Boutté
  • Anette Harboe Flensburg
  • Eamon O'Kane

Post navigation

Previous Post Preventing Immediate Deletion of Journal Receivers
Next Post Notification When Critical ASP Usage Limits Occur
Create a free website or blog at WordPress.com.
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy
  • Follow Following
    • Articles on Apis
    • Already have a WordPress.com account? Log in now.
    • Articles on Apis
    • Customize
    • Follow Following
    • Sign up
    • Log in
    • Copy shortlink
    • Report this content
    • View post in Reader
    • Manage subscriptions
    • Collapse this bar
%d bloggers like this: