Policy SPIs and Plug-Ins Layer
Access Manager includes SPIs that work with the Policy framework to create and manage policies. You can develop customized plug-ins for creating custom policy subjects, referrals, conditions, and response providers. For information on creating custom policy plug-ins, see the Sun Java System Access Manager 7 2005Q4 Developer’s Guide.
The following table summarizes the Policy SPIs , and lists the specialized Policy plug-ins that come bundled with Access Manager.
Table 4–1 Policy Service Provider Interfaces (SPIs)|
Interface |
Description |
|---|---|
|
Subject |
Defines a set of authenticated users for whom policy applies. The following Subject plug-ins come bundled with Access Manager: Access Manager Identity Subject, Access Manager Roles, Authenticated Users, LDAP Groups, LDAP Roles, LDAP Users, Organization Web, and Services Clients. |
|
Referral |
Delegates management of policy definitions to another access control realm. |
|
Condition |
Specifies applicability of policy based on conditions such as IP address, time of day, authentication level. The following Condition plug-ins come bundled with Access Manager: Authentication Level, Authentication Scheme, IP Address, LE Authentication Level, Session, SessionProperty, and Time. |
|
Resource Name |
Allows a pluggable resource. |
|
Response Provider |
Gets attributes that are sent along with policy decision to the policy agent, and used by the policy agent to customize the client applications. Custom implementations of this interface are not supported in Access Manager 7.0. However, one default interface IDResponseProvider is supported at this time. |
- © 2010, Oracle Corporation and/or its affiliates