Developing a Workbench for Eclipse PassTicket Extension
Workbench for Eclipse provides an Eclipse extension which can be used to authenticate users to z/OS via a passticket. A passticket is a single use token which can be used in place of a password when authenticating to z/OS. In order to use passtickets securely, the user id must be pre-authenticated. The implementation of the PassTicket extension is responsible for two items, first, an authenticated user id and second, a generated passticket which can be used in place of a password. These two responsibilities are satisfied by the implementation of two interfaces, IPassTicketUserProvider and IPassTicketGenerator. The Workbench SDK provides a template project to assist the user in developing the implementations for these two interfaces.
The following topics describe the steps to develop and deploy the extension for PassTicket authentication.
Creating your PassTicket Extension Project
To create your PassTicket Extension Project, perform the following steps:
- Open the Project Explorer View
- Select the File menu, the New menu item, and the Project... sub-menu.
- In the New Project dialog, expand Plug-in Development, select Plug-in Project, and click Next.
- On the Plug-in Project panel, give your project a name, and click Next.
- On the Content panel, you can accept the defaults. The option to make contributions to the UI should be checked. Click Next.
- On the Templates panel make sure the ‘Create a plug-in using one of the templates’ option is checked. Select the BMC AMI DevX Workbench for Eclipse PassTicket credentials provider template, and click Next.
- On the next panel, specify the name of the Java package which will contain the Java classes used to implement the two interfaces required by this extension. Click Finish.
- You may get prompted to open the Plug-in Development perspective. This is not required, but you may find it helpful to develop using this perspective.
An Eclipse plug-in project is created and the Eclipse manifest editor is opened. In the Project Explorer under your project you will see a folder named src. Under the src folder you will see three classes, Activator, PassTicketGenerator, and PassTicketUserProvider. To complete the implementation of the PassTicket Extension you must write Java code for the contents of the PassTickedUserProvider.getUser method and PassTicketGenerator.generate method. The PassTicket extension is activated by Workbench when the user defines a Host Connection using the PassTicket Credential Provider. The getUser method is called by Workbench at the time of login. The user id returned is associated with the HCI connection which triggered the login. This user id is cached and will be used by Workbench throughout the current session without calling the extension again. The PassTicketGenerator.generate method is called by Workbench whenever Workbench has to make a connection to the HCI on behalf of the user. This includes the initial login and other situations where a secondary connection is necessary.
Open the PassTicketUserProvider class. You will see the implementation of a single method getUser() which returns null. This method should be changed to return a string representing the z/OS user id of the user running Workbench.
Open the PassTicketGenerator class. You will set the implementation of a single method generate which is responsible to generate a PassTicket which will be passed to the HCI to authenticate the user. When the method is called it is given the user id, the host name, and a Java Properties object which contains the port. The user id is the id which was returned from PassTicketUserProvider.getUser() method. The generate method may be called multiple times for each call to the getUser method. The host name and port identify the HCI which Workbench is about to connect to. The following sites talk about the possible ways to generate a PassTicket:
Packaging your PassTicket extension
Developers must package the PassTicket extension plug-in so it can be distributed for installation and use.
Create a feature
Developers must create a custom feature so that their PassTicket extension plug-in can be included in a p2 repository for installation by users. A feature project can be created from the File->New menu within the Workbench for Eclipse, Eclipse, or RDz.
Once the custom feature is created:
- Open the feature.xml file using the Feature Manifest Editor.
- On the Plug-ins tab of the editor, add the following:
- The PassTicket extension plug-in
- Any other plug-ins or fragments that the PassTicket extension plug-in requires
Export the feature in a p2 repository
Developers must create a p2 repository that users can point to for installation of the developer’s custom feature. A p2 repository can be created in two different ways:
- On the Overview tab of the Feature Manifest Editor, click the Export Wizard link under the Exporting section.
Use the File->Export... menu and choose Deployable features under the Plug-in Development category.
- On the Deployable features dialog, check the custom feature from the list of features and define the directory to which the p2 repository will be exported to. You can export the p2 repository as either a directory or an archive.
- Once the p2 repository has been exported, it should be deployed so that all users can point to it and install the custom feature from it.