Sun OpenSSO Enterprise 8.0 Developer's Guide Package

This package includes interfaces that can be implemented to add their corresponding functionality to each Liberty-based OpenSSO Enterprise web service.

Table 9–1 Interfaces




This interface, once implemented, can be used by each Liberty-based web service component for access control.

Note –

The class is the implementation of this interface for the Discovery Service. The class is the implementation for the Liberty Personal Profile Service.

The Authorizer interface enables a web service to check whether a web service consumer (WSC) is allowed to access the requested resource. When a WSC contacts a web service provider (WSP), the WSC conveys a sender identity and an invocation identity. Note that the invocation identity is always the subject of the SAML assertion. These conveyances enable the WSP to make an authorization decision based on one or both identities. The OpenSSO Enterprise Policy Service performs the authorization based on defined policies.


This interface is used to map a user DN to the resource identifier associated with it. OpenSSO Enterprise provides implementations of this interface.

  • assumes the Resource ID format to be: providerID + "/" + the Base64 encoded userIDs.

  • assumes the Resource ID format to be: providerID + "/" + the hex string of userID.

  • assumes the Resource ID format to be: providerID + "/" + the Base64 encoded userIDs.

A different implementation of the interface may be developed. The implementation class should be given to the provider that hosts the Discovery Service. The mapping between the providerID and the implementation class can be configured through the Classes For ResourceIDMapper Plugin attribute.


Interface used to include a SOAP header (ServiceInstanceUpdateHeader) when sending a SOAP response.

For more information, including methods and their syntax and parameters, see the Sun OpenSSO Enterprise 8.0 Java API Reference.