am_web_is_access_allowed() (Sun OpenSSO Enterprise 8.0 C API Reference for Application and Web Policy Agent Developers)

Sun OpenSSO Enterprise 8.0 C API Reference for Application and Web Policy Agent Developers

`am_web_is_access_allowed()`

Evaluates the access control policies for a specified web resource and action against those for a specified user.

Syntax

#include "am_web.h"
AM_WEB_EXPORT am_status_t 
am_web_is_access_allowed(const char *sso_token,
                         const char *url,
                         const char *path_info,
                         const char *action_name,
                         const char *client_ip,
                         const am_map_t env_parameter_map,
                         am_policy_result_t *result,
                         void* agent_config);

Parameters

This function takes the following parameters:

sso_token: Pointer to the session token from the OpenSSO Enterprise cookie. This parameter may be NULL if there is no cookie present.
url: Pointer to the web resource URL. This parameter may not be NULL.
path_info: Pointer to the path information in the web resource URL, if any.
action_name: Pointer to the action (GET, POST, etc.) being performed on the specified resource URL. This parameter may not be NULL.
client_ip: Pointer to the IP address of the client attempting to access the specified resource URL. If client IP validation is turned on, this parameter may not be NULL.
env_parameter_map: A map object containing additional information about the user attempting to access the specified resource URL. This parameter may not be NULL.
advices_map_ptr: An output parameter where the am_map_t can be stored if the policy evaluation produces any advice information. This parameter may not be NULL. See am_map_t for more information.
result: Pointer to a policy result object.
agent_config: An agent configuration instance returned by am_web_get_agent_configuration(). This parameter should not be NULL.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS: If the evaluation was performed successfully and access is allowed.
AM_NO_MEMORY: If the evaluation was not successfully completed due to insufficient memory being available.
AM_INVALID_ARGUMENT: If any of the url, action_name, env_parameter_map, or advices_map_ptr parameters is NULL or if client IP validation is enabled and the client_ip parameter is NULL.
AM_INVALID_SESSION: If the specified session token does not refer to a currently valid session
AM_ACCESS_DENIED: If the policy information indicates that the user does not have permission to access the specified resource or any error is detected other than the ones listed above.