Sun Java System Access Manager 7.1 Technical Overview

Policy SPIs and Plug-Ins Layer

Access Manager includes SPIs that work with the Policy framework to create and manage policies. You can develop customized plug-ins for creating custom policy subjects, referrals, conditions, and response providers. For information on creating custom policy plug-ins, see the Sun Java System Access Manager 7.1 Developer’s Guide.

The following table summarizes the Policy service provider interfaces (SPIs), and lists the specialized Policy plug-ins that come bundled with Access Manager.

Table 4–1 Policy Service Provider Interfaces




Defines a set of authenticated users for whom the policy applies. The following Subject plug-ins come bundled with Access Manager: Access Manager Identity Subject, Access Manager Roles, Authenticated Users, LDAP Groups, LDAP Roles, LDAP Users, Organization Web, and Services Clients. 


Delegates management of policy definitions to another access control realm.  


Specifies applicability of policy based on conditions such as IP address, time of day, authentication level. The following Condition plug-ins come bundled with Access Manager: Authentication Level, Authentication Scheme, IP Address, LE Authentication Level, Session, SessionProperty, and Time. 

Resource Name 

Allows a pluggable resource. 

Response Provider 

Gets attributes that are sent along with policy decision to the policy agent, and used by the policy agent to customize the client applications. Custom implementations of this interface are now supported in Access Manager 7.1.