10 Configurable Actions

Oracle Adaptive Access Manager provides Configurable Actions, a feature which allows users to create new supplementary actions that are triggered based on the result action and/or based on the risk scoring after a Runtime execution. This section describes how to integrate a Configurable Action with the Adaptive Risk Manager software.

10.1 Integration

To add a new Configurable Action, please perform the tasks listed below.

1. Develop the Configurable Action by implementing the com.bharosa.vcrypt.tracker.dynamicactions.intf.DynamicAction java interface.

   Note:

   In this step, implementing means writing java code based on the contract specified by the Java interface com.bharosa.vcrypt.tracker.dynamicactions.intf.DynamicAction.

   While implementing the com.bharosa.vcrypt.tracker.dynamicactions.intf.DynamicAction java interface, the following two methods have to be coded:

   • getParameters() - In this method, the code has to be written that returns the parameters used by the Configurable Action. Make sure that the size of the parameters array returned is the same as the number of parameters. Look at the sample configurable actions java code in Sample application.

   • execute() - In this method, code has to be written that performs the logic required by the Configurable Action. Configurable Action parameter values are passed in actionParamValueMap where the parameter name is the key and the RuntimActionParamValue object is the value. Use the appropriate getXXXValue() method to get the parameter value.

2. Make sure the java code is JDK 1.4-compliant. Do not use any language features of JDK 1.5 or JDK 6.

   For sample code, look at the java files in the sample application.

3. Test the implementation of the Configurable Action thoroughly.

   Since Configurable Actions are standalone java classes, they can be tested with Unit Testing Methodology using JUnit framework.

   For sample JUnit code for testing dynamic action, refer to the "Sample JUnit Code" section.

4. Compile the java class and create a jar file of the compiled class files.

5. Copy the jar file along with any other required libraries to the classpath of the Adaptive Risk Manager Web application.

6. Restart the Adaptive Risk Manager application if required.

7. Log into Adaptive Risk Manager web application and create an action definition entry for the newly deployed Configurable Action.

8. Make sure all the parameters required for the Configurable Action are displayed in the user interface.

9. Use the newly available Configurable Action by adding it to the required runtimes. For more information on configuring Configurable Actions, please refer to the Oracle Adaptive Access Manager Administrator's Guide.

10.2 Executing Configurable Actions in a Particular Order and Data Sharing

Configurable Actions can be used to implement chaining in such a way that

• they execute in a particular order

• data can be shared across these actions

Note:

Sharing data across Configurable Actions involves writing java code and requires more effort than just a configuration task.

To be able to execute Configurable Actions in a particular order and share data:

1. Configure Configurable Actions as synchronous actions with the required order of execution in ascending order.

   Note:

   A Configurable Action is executed only if the trigger criteria is met; therefore, make sure the trigger criteria is correct.

2. To share data, insert the data into the actionContextMap parameter of the Configurable Action's execute() method. Since the actionContextMap is a Map, it requires a key and value pair that represents the data to be shared.

   Note:

   it is the implementer's responsibility to ensure that

   • the duplicate keys are not used while inserting data

   • the same key is used when trying to access this shared data from another Configurable Action.

3. Ensure that the code can handle the case where the key is not present in the actionContextMap. This step must be performed to avoid errors or NullPointerException when the other action do not insert the value into the actionContextMap.

10.3 How to Test Configurable Actions Triggering

1. Make sure there is a way to identify if the code in the Configurable Action is executed. This could be as simple as an entry in log file or an entry in database and so on

2. Set the log-level for "com.bharosa.vcrypt.tracker.dynamicactions.ActionExecutor" to "DEBUG" using the Environment->Logging screen.

3. Create an action template for the given Configurable Action.

4. Add the action to a Pre-Authentication runtime with trigger criteria as score between 0 and 1000.

5. Try logging in from the Adaptive Strong Authenticator application or the sample application that is connected to Adaptive Risk Manager.

6. Check the Adaptive Risk Manager logs for the entry "Enter: executeAction(): Executing Action Instance" from the class "com.bharosa.vcrypt.tracker.dynamicactions.ActionExecutor."

7. If there is no error then you will see a related log statement like "Exit: executeAction(): Action Instance".

8. If there is an error, you will see a log statement like "Error: executeAction()"

9. Apart from these, check for a log entry or a database entry that is created by the Configurable Action itself

10.4 Sample JUnit Code

The sample JUnit code for testing dynamic action is provided below:

public class TestDynamicActionsExecution extends TestCase {
        static Logger logger = Logger.getLogger(TestDynamicActionsExecution.class);
        private DynamicAction caseCreationAction = null;
 
 
        public void setUp()throws Exception {
                caseCreationAction = new CaseCreationAction();
    }
 
        public void testDynamicAction() {
 
                //RequestId
                String requestId = "testRequest";
 
                //Request Time
                Date requestTime = new Date();
 
                //Map that contains values passed to the rule/model execution
                Map ruleContextMap = new HashMap();
 
                //Result from rule execution
                VCryptRulesResultImpl rulesResult = new VCryptRulesResultImpl();
                rulesResult.setResult("Allow");
                rulesResult.setRuntimeType(new Integer(1));
 
                //Configurable action's parameter values
                Map actionParamValueMap = new HashMap();
                RuntimeActionParamValue caseTypeParamValue = new RuntimeActionParamValue();
                caseTypeParamValue.setIntValue(CaseConstants.CASE_AGENT_TYPE);
 
                RuntimeActionParamValue caseSeverityParamValue = new RuntimeActionParamValue();
                caseSeverityParamValue.setIntValue(1);
 
                RuntimeActionParamValue caseDescriptionParamValue = new RuntimeActionParamValue();
                caseDescriptionParamValue.setStringValue("Testing CaseCreation Action");
 
                //ActionContext Map for passing data to/from the dynamic action execution
                Map actionContextMap = new HashMap();
 
                //Execute the action
                try {
                        caseCreationAction.execute(requestId, requestTime, ruleContextMap, rulesResult, actionParamValueMap, actionContextMap);
                }catch(Exception e) {
                        Assert.fail("Exception occurred while executing dynamic action");
                        logger.error("Exception occcurred while executing dynamic action", e);
                }
 
                //Write appropriate asserts to check if the configurable action has executed properly
        }
 
    public void tearDown() throws Exception {
 
    }
}