Creating Policies for a New Service
Access Manager policies are managed through the Administration console or through the amadmin command. However, policies cannot be modified using amadmin command. You must delete the policy and then add the modified policy using amadmin. To add policies using amadmin, policy XML file must be developed following AccessManager-base/dtd/policy.dtd. Once the Policy XML file is developed, you can load the Policy XML file.
In the Policy /samples directory, there are two sample Policy XML files. They define policies for theSampleWebService service. SamplePolicy.xml defines a normal policy for SampleWebService with a SampleSubject and a SampleCondition. SamplereferralPolicy.xml defines a referral policy for SampleWebService with a SampleReferral.
To Load a Policy XML File
Before You Begin
You must compile the Policy code samples and develop custom subjects, conditions, and referrals before you can load policies present in the Policy XML files. See Compiling the Policy Code Samples and Developing Custom Subjects, Conditions, and Referrals for detailed instructions.
-
Run the following command:
AccessManager-base/bin/amadmin --runasdn "uid=amAdmin,ou=People,<default_org>,< root_suffix>" --password <password> --data <policy.xml>
-
Run the following command:
AccessManager-base/bin/amadmin --runasdn "uid=amAdmin,ou=People,default_org, root_suffix" --password password --data AccessManager-base/samples/policy/SamplePolicy.xml AccessManager-base/bin/amadmin --runasdn "uid=amAdmin,ou=People,default_org, root_suffix" --password password --data AccessManager-base/samples/policy/ SampleReferralPolicy.xmlYou can verify the newly added policies in Administration Console.
- © 2010, Oracle Corporation and/or its affiliates