Sun Java System Access Manager 7 2005Q4 Developer's Guide

Developing Custom Subjects, Conditions, and Referrals

Access Manager provides subject, condition and referral interfaces that enable you to develop your own custom subjects, conditions and referrals. A sample implementation is provided for the three interfaces. SampleSubject.java implements the Subject interface. This subject applies to all the authenticated users who have valid SSOTokens. SampleCondition.java implements the Condition interface. This condition makes the policy applicable to those users whose user name length is greater than or equal to the length specified in the condition.

SampleReferral.java implements the Referral interface. SampleReferral.java gets the referral policy decision from a text file SampleReferral.properties located in the /samples directory.

You must add the subject, condition and, referral implementations to iPlanetAMPolicyService and iPlanetAMPolicyConfigService in order to make them available for policy definitions. These services are loaded into Access Manager during installation. To add the sample implementations to the Policy framework, modify the iPlanetAMPolicy service and iPlanetAMPolicyConfig service.

To Add Sample Implementation to the Policy Framework

Use db2ldif to back up iPlanetAMPolicy and iPlanetAMPolicyConfig services.

 
cd DirectoryServer-base/slapd-hostname
      db2ldif -n userRoot
          -s "ou=iPlanetAMPolicyService,ou=services,root_suffix"
      db2ldif -n userRoot
          -s "ou=iPlanetAMPolicyConfigService,ou=services,root_suffix

"

Set the environment variable LD_LIBRARY_PATH.

On Solaris, add /usr/lib/mps/secv1 to LD_LIBRARY_PATH.

On Linux, add /opt/sun/private/lib to LD_LIBRARY_PATH.

Run the following commands:

cd AccessManager-base/samples/policy
      AccessManager-base/bin/amadmin
          --runasdn "uid=amAdmin,ou=People,default_org,
root_suffix
          --password password 
          --schema amPolicy_mod.xml
      AccessManager-base/bin/amadmin
          --runasdn "uid=amAdmin,ou=People,default_org,
root_suffix
          --password password 
          --data amPolicyConfig_mod.xml

Change the properties files of the iPlanetAMPolicy and iPlanetAMPolicyConfig services.

cd AccessManager-base/locale
      mv amPolicy.properties amPolicy.properties.bak
      mv amPolicy_en.properties amPolicy_en.properties.bak
      mv amPolicyConfig.properties amPolicyConfig.properties.bak
      mv amPolicyConfig_en.properties amPolicyConfig_en.properties.bak
      cp AccessManager-base/samples/policy/amPolicy.properties .
      cp AccessManager-base/samples/policy/amPolicy_en.properties .
      cp AccessManager-base/samples/policy/amPolicyConfig.properties .
      cp AccessManager-base/samples/policy/amPolicyConfig_en.properties .

Deploy the sample plug-ins.

Copy SampleSubject.class , SampleCondition.class and SampleReferral.class from the /sample directory to AccessManager-base/lib .

Restart the Access Manager server.

The sample subject, condition and referral implementations are now available for policy definitions through the administration console or amadmin tool.