You enable the JAAS authorization framework by resetting policy. Use the Policy.setPolicy(Policy) API to reset policy during run time. In Enabling the JAAS Authorization Framework, Policy.setPolicy(com.sun.identity.policy.jaas.ISPolicy) resets the policy. In this example, the client application wants to use JAAS authorization API to communicate with the Access Manger and to perform policy evaluation. Access Manager provides the support needed to use Access Manager policy so that policy can be defined through the new ISPermission.
public static void main(String[] args) { try { // Create an SSOToken AuthContext ac = new AuthContext("dc=iplanet,dc=com"); ac.login(); Callback[] callbacks = null; if (ac.hasMoreRequirements()) { callbacks = ac.getRequirements(); if (callbacks != null) { try { addLoginCallbackMessage(callbacks); // this method sets appropriate responses in the callbacks. ac.submitRequirements(callbacks); } catch (Exception e) { } } } if (ac.getStatus() == AuthContext.Status.SUCCESS) { Subject subject = ac.getSubject(); // get the authenticated subject Policy.setPolicy(new ISPolicy()); // change the policy to our own Policy ISPermission perm = new ("iPlanetAMWebAgentService", "http://www.sun.com:80", "GET"); Subject.doAs(subject, new PrivilegedExceptionAction() { /* above statement means execute run() method of the /* Class PrivilegedExceptionAction() as the specified subject */ public Object run() throws Exception { AccessController.checkPermission(perm); // the above will return quietly if the Permission // has been granted // else will throw access denied // Exception, so if the above highlighed ISPermission // had not been granted, this return null; } }); } } |