This section summarizes classes that can be used by all Liberty-based Access Manager service components, as well as interfaces common to all Liberty-based Access Manager services. The packages that contain the classes and interfaces are:
This package includes classes common to all Liberty-based Access Manager service components.
Table 10–2 com.sun.identity.liberty.ws.common Classes
Class |
Description |
---|---|
LogUtil |
Defines methods that are used by the Liberty component of Access Manager to write logs. |
Status |
Represents a common status object. |
For more information, including methods and their syntax and parameters, see the Java API Reference in /AccessManager-base/SUNWam/docs or on docs.sun.com.
This package includes interfaces that can be implemented to add their corresponding functionality to each Liberty-based Access Manager web service.
Table 10–3 com.sun.identity.liberty.ws.interfaces Interfaces
Interface |
Description |
---|---|
Authorizer |
Interface for identity service to check authorization of a WSC. |
ResourceIDMapper |
Interface used to map between a user ID and the Resource ID associated with it. |
ServiceInstanceUpdate |
Interface used to include a SOAP header (ServiceInstanceUpdateHeader) when sending a SOAP response. |
This interface, once implemented, can be used by each Liberty-based web service component for access control.
The com.sun.identity.liberty.ws.disco.plugins.DefaultDiscoAuthorizer class is the implementation of this interface for the Discovery Service. For more information, see Chapter 7, Discovery Service. The com.sun.identity.liberty.ws.idpp.plugin.IDPPAuthorizer class is the implementation for the Liberty Personal Profile Service. For more information, see Chapter 6, Data Services.
The Authorizer interface enables a web service to check whether a web service consumer (WSC) is allowed to access the requested resource. When a WSC contacts a web service provider (WSP), the WSC conveys a sender identity and an invocation identity. Note that the invocation identity is always the subject of the SAML assertion. These conveyances enable the WSP to make an authorization decision based on one or both identities. The Access Manager Policy Service performs the authorization based on defined policies.
See the Sun Java System Access Manager 7 2005Q4 Technical Overview for more information about policy management, single sign-on, and user sessions. See the Sun Java System Access Manager 7 2005Q4 Administration Guide for information about creating policy.
This interface is used to map a user DN to the resource identifier associated with it. Access Manager provides implementations of this interface.
com.sun.identity.liberty.ws.disco.plugins.Default64ResourceIDMapper assumes the Resource ID format to be: providerID + "/" + the Base64 encoded userIDs.
com.sun.identity.liberty.ws.disco.plugins.DefaultHexResourceIDMapper assumes the Resource ID format to be: providerID + "/" + the hex string of userID.
com.sun.identity.liberty.ws.idpp.plugin.IDPPResourceIDMapper assumes the Resource ID format to be: providerID + "/" + the Base64 encoded userIDs.
A different implementation of the interface may be developed. The implementation class should be given to the provider that hosts the Discovery Service. The mapping between the providerID and the implementation class can be configured through the Classes For ResourceIDMapper Plugin attribute.