Developing and Running a Policy Evaluation Program

Access Manager provides a Policy Evaluation API. This API has one Java class, PolicyEvaluator. The package for this class is com.sun.identity.policy.PolicyEvaluator . Access Manager provides a sample policy evaluator program, PolicyEvaluation.java . You can use this program to run policy evaluations for different services. The policy evaluation is always based on a service such as iPlanetAMWebAgentService or SampleWebService. The sample policy evaluation program uses the PolicyEvaluation.properties file. Specify the input for the evaluation program in this file. Examples are service name, action names, condition environment parameters, user name, and user password.

To Set Policy Evaluation Properties

1. Set the value of pe.servicename to the service name.

   Examples: iPlanetAMWebAgentService or SampleWebService .

2. Set the pe.resoucename to the name of the resource that you want to evaluate the policy against.

3. Specify the action names in the pe.actionnames.

   Separate the action names with a colon (:) If you want to get all the action values, leave the pe.actionnamesblank.

4. Set other required properties such as pe.username and pe.password.

5. (Optional) Set the following properties pe.authlevel, pe.authscheme, pe.requestip, pe.dnsname , pe.time if you use the corresponding conditions in your policy definitions.

   If you don't want to set these environment parameters, just leave their values as blank.

   pe.authlevel

   Used to evaluate AuthLevel Condition. pe.authlevel takes a positive integer.

   pe.authscheme

   Used to evaluate AuthScheme Condition. pe.authschemetakes a set of colon— separated AuthScheme names.

   pe.requestip

   Used to evaluate the IP Condition. pe.requestip takes an IP address string.

   pe.dnsname

   Used to evaluate the IP Condition. pe.dnsname takes a set of colon— separated DNS names.

   property pe.time

   Used to evaluate the Simple Time Condition. property pe.time specifies the request time in milliseconds. If its value is set to the current time, then it takes the current time in milliseconds.

To Run a Policy Evaluation Program

Before You Begin

You must set up policies before running a policy evaluation program.

1. Set the environment variable LD_LIBRARY_PATH.

   On Solaris, add /usr/lib/mps/secv1 to LD_LIBRARY_PATH .

   On Linux, add /opt/sun/private/lib to LD_LIBRARY_PATH.

   On HP-UX, add /opt/sun/private/lib to the environment variable SHLIB_PATH.

2. Run the gmake run command (On Windows, make.bat run).