Sun Java System Access Manager 7.1 Developer's Guide

Enabling the JAAS Authorization Framework

You enable the JAAS authorization framework by resetting policy. Use the Policy.setPolicy(Policy) API to reset policy during run time. In Enabling the JAAS Authorization Framework, Policy.setPolicy(com.sun.identity.policy.jaas.ISPolicy) resets the policy. In this example, the client application wants to use JAAS authorization API to communicate with the Access Manger and to perform policy evaluation. Access Manager provides the support needed to use Access Manager policy so that policy can be defined through the new ISPermission.

Example 4–5 Sample JAAS Authorization Code

 public static void main(String[] args) {
        try {
            // Create an SSOToken

           AuthContext ac = new AuthContext("dc=iplanet,dc=com");
            Callback[] callbacks = null;
            if (ac.hasMoreRequirements()) {
                callbacks = ac.getRequirements();

                if (callbacks != null) {
                    try {
					// this method sets appropriate responses in the callbacks.
                    } catch (Exception e) { }
            if (ac.getStatus() == AuthContext.Status.SUCCESS) {
                  Subject subject = ac.getSubject();
							// get the authenticated subject

                    Policy.setPolicy(new ISPolicy()); // change the policy to  our own Policy

                    ISPermission perm = new ("iPlanetAMWebAgentService",

                        "", "GET");
                  Subject.doAs(subject, new PrivilegedExceptionAction() {
                      /* above statement means execute  run() method of the
								 /* Class PrivilegedExceptionAction()
                          as the specified subject */
                      public Object run() throws Exception {
                            // the above will return quietly if the Permission
										 //  has been granted
                            // else will throw access denied
                            // Exception, so if the above highlighed ISPermission
										 // had not been granted, this return null;