Developing Custom Subjects, Conditions, Referrals, and Response Providers
Access Manager provides subject, condition, referral, and response provider interfaces that enable you to develop your own custom subjects, conditions, referrals, and response providers. A sample implementation is provided for the following four interfaces.
- SampleSubject.java
-
Implements the Subject interface. This subject applies to all the authenticated users who have valid SSOTokens.
- SampleCondition.java
-
Implements the Condition interface. This condition makes the policy applicable to those users whose user name length is greater than or equal to the length specified in the condition.
- SampleReferral.java
-
Implements the Referral interface. SampleReferral.java gets the referral policy decision from a text file SampleReferral.properties located in the /samples directory.
- SampleResponseProvider.java
-
Implements the ResponseProvider interface. SampleResponseProvider.java takes as input the attribute for which values are retrieved from the Access Manager and sent back in the Policy Decision. If the attribute does not exist in the user profile, no value is sent back in the response. SampleResponseProvider.java relies on the underlying Identity Repository service to retrieve the attribute values for the Subject(s) defined in the policy.
You must add the subject, condition, response provider, referral implementations to iPlanetAMPolicyService and iPlanetAMPolicyConfigService in order to make them available for policy definitions. These services are loaded into Access Manager during installation. To add the sample implementations to the Policy framework, modify the iPlanetAMPolicy service and iPlanetAMPolicyConfig service. The service XML files are located in the following directory:
AccessManager-base/SUNWam/samples/policy |
The following is the text of the amPolicy_mod.xml file for the iPlanetAMPolicy service .
Example 3–4 Text of the Default amPolicy_mod.xml File
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms.
-->
<!DOCTYPE ServicesConfiguration
PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
"jar://com/sun/identity/sm/sms.dtd">
<ServicesConfiguration>
<Service name="iPlanetAMPolicyService" version="1.0">
<PluginSchema className="SampleSubject"
i18nFileName="amPolicy"
i18nKey="iplanet-subject-SampleSubject-name"
interfaceName="Subject"
name="SampleSubject" >
</PluginSchema>
<PluginSchema className="SampleCondition"
i18nFileName="amPolicy"
i18nKey="iplanet-samplecondition-condition-name"
interfaceName="Condition"
name="SampleCondition" >
</PluginSchema>
<PluginSchema className="SampleReferral"
i18nFileName="amPolicy"
i18nKey="iplanet-sample-referral"
interfaceName="Referral"
name="SampleReferral" >
</PluginSchema>
<PluginSchema className="SampleResponseProvider"
i18nFileName="amPolicy"
i18nKey="iplanet-sample-responseprovider"
interfaceName="ResponseProvider"
name="SampleResponseProvider" >
</PluginSchema>
</Service>
</ServicesConfiguration>
|
The following is the text of the amPolicyConfig_mod.xml file for the iPlanetAMPolicyConfig service .
Example 3–5 Text of the Default amPolicyConfig_mod.xml File
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
Use is subject to license terms.
-->
<!DOCTYPE Requests
PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
"jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>
<Requests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="a163">
<AddChoiceValues>
<AttributeValuePair>
<Attribute name="sun-am-policy-selected-responseproviders"/>
<Value>SampleResponseProvider</Value>
</AttributeValuePair>
</AddChoiceValues>
</SchemaRequests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="">
<AddDefaultValues>
<AttributeValuePair>
<Attribute name="sun-am-policy-selected-responseproviders"/>
<Value>SampleResponseProvider</Value>
</AttributeValuePair>
</AddDefaultValues>
</SchemaRequests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="a160">
<AddChoiceValues>
<AttributeValuePair>
<Attribute name="iplanet-am-policy-selected-subjects"/>
<Value>SampleSubject</Value>
</AttributeValuePair>
</AddChoiceValues>
</SchemaRequests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="">
<AddDefaultValues>
<AttributeValuePair>
<Attribute name="iplanet-am-policy-selected-subjects"/>
<Value>SampleSubject</Value>
</AttributeValuePair>
</AddDefaultValues>
</SchemaRequests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="a161">
<AddChoiceValues>
<AttributeValuePair>
<Attribute name="iplanet-am-policy-selected-conditions"/>
<Value>SampleCondition</Value>
</AttributeValuePair>
</AddChoiceValues>
</SchemaRequests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="">
<AddDefaultValues>
<AttributeValuePair>
<Attribute name="iplanet-am-policy-selected-conditions"/>
<Value>SampleCondition</Value>
</AttributeValuePair>
</AddDefaultValues>
</SchemaRequests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="a162">
<AddChoiceValues>
<AttributeValuePair>
<Attribute name="iplanet-am-policy-selected-referrals"/>
<Value>SampleReferral</Value>
</AttributeValuePair>
</AddChoiceValues>
</SchemaRequests>
<SchemaRequests serviceName="iPlanetAMPolicyConfigService"
SchemaType="Organization"
i18nKey="">
<AddDefaultValues>
<AttributeValuePair>
<Attribute name="iplanet-am-policy-selected-referrals"/>
<Value>SampleReferral</Value>
</AttributeValuePair>
</AddDefaultValues>
</SchemaRequests>
</Requests>
|
To Add a Sample Implementation to the Policy
Framework
-
Use dscfg to back up iPlanetAMPolicy and iPlanetAMPolicyConfig services.
# cd DirectoryServer-base/ds6/bin # ./dscfg export -s "ou=iPlanetAMPolicyService,ou=services,root_suffix" output_file # ./dscfg export -s "ou=iPlanetAMPolicyConfigService,ou=services,root_suffix" output_file
-
Set the environment variable LD_LIBRARY_PATH.
On Solaris, add /usr/lib/mps/secv1 to LD_LIBRARY_PATH.
On Linux, add /opt/sun/private/lib to LD_LIBRARY_PATH.
On HP-UX, add /opt/sun/private/lib to SHLIB_PATH.
-
Run the following commands:
# cd AccessManager-base/samples/policy AccessManager-base/bin/amadmin --runasdn "uid=amAdmin,ou=People,default_org,root_suffix --password password --schema amPolicy_mod.xml AccessManager-base/bin/amadmin --runasdn "uid=amAdmin,ou=People,default_org,root_suffix --password password --data amPolicyConfig_mod.xml -
Change the properties files of the iPlanetAMPolicy and iPlanetAMPolicyConfig services to add messages related to the new implementations.
# cd AccessManager-base/locale cp amPolicy.properties amPolicy.properties.orig cp amPolicy_en.properties amPolicy_en.properties.orig cp amPolicyConfig.properties amPolicyConfig.properties.orig cp amPolicyConfig_en.properties amPolicyConfig_en.properties.orig cat <BASE_DIR>/samples/policy/amPolicy.properties >> <BASE_DIR>/locale/amPolicy.properties cat <BASE_DIR>/samples/policy/amPolicy_en.properties >> <BASE_DIR>/locale/amPolicy_en.properties cat <BASE_DIR>/samples/policy/amPolicyConfig.properties >> <BASE_DIR>/locale/amPolicyConfig.properties cat <BASE_DIR>/samples/policy/amPolicyConfig_en.properties >> <BASE_DIR>/locale/amPolicyConfig_en.properties -
Deploy the sample plug-ins.
Copy SampleSubject.class , SampleCondition.class, SampleResponseProvider.class, SampleReferral.class from the /samples/policy directory to AccessManager-base/lib .
-
Restart the Access Manager server.
The sample subject, condition, response provider, and referral implementations are now available for policy definitions through the administration console or amadmin tool.
- © 2010, Oracle Corporation and/or its affiliates