The functions defined in <am_policy.h> are:
Compares the URLs of two resources, and returns the appropriate result.
#include "am_policy.h" AM_EXPORT am_resource_match_t am_policy_compare_urls(const am_resource_traits_t *rsrc_traits, const char *policy_resource_name, const char *resource_name, boolean_t use_patterns);
This function takes the following parameter:
Pointer to a am_resource_traits_t type containing data regarding a policy.
See am_resource_traits_t for more information.
Pointer to the name of the resource being protected.
Pointer to the name of the resource being requested.
Based on the boolean_t defined in the <am_types.h> header file, B_TRUE indicates that the function will consider occurrences of * in policy_resource_name as wild cards. If B_FALSE, occurrences of * are taken as a literal characters.
In cases of SUB_RESOURCE_MATCH and SUPER_RESOURCE_MATCH when usePatterns is B_TRUE, the patterns are sub or super matching patterns, respectively.
This function returns one of the following values of the am_resource_match_t enumeration as defined:
#include "am_policy.h" typedef enum am_resource_match { AM_SUB_RESOURCE_MATCH, AM_EXACT_MATCH, AM_SUPER_RESOURCE_MATCH, AM_NO_MATCH, AM_EXACT_PATTERN_MATCH } am_resource_match_t;
If both URLs match exactly as in, for example, if the URL for the resource is http://example.sun.com:90/index.html and the URL in the policy is http://example.sun.com:90/index.html.
This result is returned if the URL to which the policy applies matches the URL to which access is requested as in, for example, if the URL for the resource is http://example.sun.com:90/index.html and the URL in the policy is http://example.sun.com:90/*. Distinction is not made between an EXACT_MATCH or a pattern match.
If the URLs do not match.
If the requested URL is found to be a sub-resource of the URL defined in the policy.
If the requested URL is found to be a parent of the URL defined in the policy.
Destroys an initialized instance of a policy evaluator object.
An instance is initialized for each policy request.
The caller must ensure that the same instance is not destroyed more than once.
#include "am_policy.h" AM_EXPORT am_status_t am_policy_destroy(am_policy_t policy);
This function takes the following parameter:
Integer specifying the object being destroyed.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.
Evaluates a policy for a given request and returns a non-boolean result.
am_policy_evaluate() has been deprecated. See am_policy_evaluate_ignore_url_notenforced().
am_policy_evaluate() was used to evaluate policy for URLs on the not-enforced list and those not on the not-enforced list. Since there is not a need to evaluate URLs on the not-enforced list, am_policy_evaluate() has been deprecated. Although it can still be used, the SDK invokes am_policy_evaluate_ignore_url_notenforced().
#include "am_policy.h" AM_EXPORT am_status_t am_policy_evaluate(am_policy_t policy_handle, const char *sso_token, const char *resource_name, const char *action_name, const am_map_t env_parameter_map, am_map_t policy_response_map_ptr, am_policy_result_t *policy_result);
This function takes the following parameters:
Integer specifying the object being evaluated.
Pointer to the session token (SSOTokenID) of the authenticated user.
The Access Manager Session Service creates a session data structure (also known as an SSOToken) that stores information such as login time, authentication scheme, and authentication level. It also generates a session token (also known as an SSOTokenID, a randomly-generated string that identifies an instance of an SSOToken.
Pointer to the name of the resource being requested.
Pointer to the action requested.
An action is the operation to be performed on the resource. Web server actions are POST and GET. An allowable action for a human resources service , for example, can change a home telephone number.
Map object which contains environment variables (IP address, host name, etc.) used for evaluation by the Policy Service.
See am_map_t for more information.
Pointer to a map object which contains all the profile, session and response attributes fetched.
This must be enabled in AMAgent.properties. See am_policy_result_t for information on how this is done. See am_map_t for more information on map objects.
Pointer to the am_policy_result_t type to store the result.
See am_policy_result_t for more information.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.
After using the results the caller must call am_policy_result_destroy() on policy_result to cleanup the allocated memory. Also, am_map_destroy() must be called on policy_response_map_ptr and env_parameter_map after their respective usage.
Evaluates a policy for a given request and returns a non-boolean result.
am_policy_evaluate_ignore_url_notenforced() will evaluate a policy for the specified URL only if the URL does not appear on the not-enforced list defined in AMAgent.properties.
See Sun Java System Access Manager Policy Agent 2.2 User’s Guide for more information.
#include "am_policy.h" AM_EXPORT am_status_t am_policy_evaluate_ignore_url_notenforced(am_policy_t policy_handle, const char *sso_token, const char *resource_name, const char *action_name, const am_map_t env_parameter_map, am_map_t policy_response_map_ptr, am_policy_result_t *policy_result, am_bool_t ignorePolicyResult), char **am_revision_number;
This function takes the following parameters:
Integer specifying the object being evaluated.
Pointer to the session token (SSOTokenID) of the authenticated user.
The Access Manager Session Service creates a session data structure (also known as an SSOToken) that stores information such as login time, authentication scheme, and authentication level. It also generates a session token (also known as an SSOTokenID, a randomly-generated string that identifies an instance of an SSOToken.
Pointer to the name of the resource being requested.
Pointer to the action requested.
An action is the operation to be performed on the resource. Web server actions are POST and GET. An allowable action for a human resources service , for example, can change a home telephone number.
Map object which contains environment variables (IP address, host name, etc.) used for evaluation by the Policy Service.
See am_map_t for more information.
Pointer to a map object which contains all the profile, session and response attributes fetched.
This must be enabled in AMAgent.properties. See am_policy_result_t for information on how this is done. See am_map_t for more information on map objects.
Pointer to the am_policy_result_t type to store the result.
See am_policy_result_t for more information.
Based on the am_bool_t defined in the <am_types.h> header file, AM_TRUE indicates that policy evaluation will not be done for the URL.
Takes a value equal to the version of the instance of Access Manager with which the SDK is communicating. When communicating with Access Manager 7.0, the value will be 7.0, otherwise 6.3. It can also be set to NULL.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.
After using the results the caller must call am_policy_result_destroy() on policy_result to cleanup the allocated memory. Also, am_map_destroy() must be called on policy_response_map_ptr and env_parameter_map after their respective usage.
Extracts the root of a given URL.
am_policy_get_url_resource_root() populates the resource_root pointer with the extracted information. For example, http://www.sun.com/index.html will return http://www.sun.com/ and http://www.sun.com:8080/index.html will return http://www.sun.com:8080/.
#include "am_policy.h" AM_EXPORT boolean_t am_policy_get_url_resource_root(const char *resource_name, char *resource_root, size_t length);
This function takes the following parameters:
Pointer to the protected resource URL.
Pointer to the location where the resource root will be written.
Value based on the size_t defined in the standard <stddef.h> header file that reflects the size of the resource_root buffer.
When using resources other than URLs, the developer implementing this function must make accurate judgement about the minimum size of resource_root.
This function returns one of the following values of the boolean_t enumeration (defined in the <am_types.h> header file):
If the root was successfully extracted.
If not.
Initializes the Access Manager Policy Service.
#include "am_policy.h" AM_EXPORT am_status_t am_policy_init(am_properties_t policy_config_properties);
This function takes the following parameter:
Pointer to the properties used to initialize the Policy Service.
See am_properties_t for more information.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.
The caller must call am_policy_destroy() to free the memory.
Cancels the specified session.
#include "am_policy.h" AM_EXPORT am_status_t am_policy_invalidate_session(am_policy_t policy_handle, const char *ssoTokenId);
This function takes the following parameters:
Integer specifying the object being evaluated.
Pointer to the session token of the authentication user.
The session token is a randomly-generated string that represents an authenticated user.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.
Checks whether the notification functionality is enabled.
#include "am_policy.h" AM_EXPORT boolean_t am_policy_is_notification_enabled(am_policy_t policy_handle);
This function takes the following parameter:
Integer specifying the object being evaluated.
This function returns the standard boolean_t with one of the following values:
If notification is disabled.
If notification is enabled.
Refreshes the policy cache when a policy notification is received by the client.
#include "am_policy.h" AM_EXPORT am_status_t am_policy_notify(am_policy_t policy_handle, const char *notification_data, size_t notification_data_len);
This function takes the following parameters:
Integer specifying the object being evaluated.
Pointer to the notification message as an XML string.
Value based on the size_t defined in the standard <stddef.h> header file that reflects the size of the notification_data string.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.
Converts the specified resource name into a standard representation for comparison purposes.
#include "am_policy.h" AM_EXPORT void am_policy_resource_canonicalize(const char *resource, char **c_resource);
This function takes the following parameters:
Pointer to the name of the resource to be converted.
Pointer to a pointer to the location where the converted string will be placed.
This function does not return a value.
Checks whether the specified resource name has patterns (such as the wildcard *).
#include "am_policy.h" AM_EXPORT boolean_t am_policy_resource_has_patterns(const char *resource_name);
This function takes the following parameter:
Pointer to the resource being evaluated.
This function returns one of the following values of the boolean_t enumeration (defined in the <am_types.h> header file):
If the resource has patterns.
Otherwise.
Destroys the specified am_policy_result_t structure type.
See am_policy_result_t for more information.
#include "am_policy.h" AM_EXPORT void am_policy_result_destroy(am_policy_result_t *result);
This function takes the following parameter:
Pointer to the am_policy_result_t structure type being destroyed.
This function does not return a value.
Initializes one instance of Access Manager Policy Service for policy evaluation.
#include "am_policy.h" AM_EXPORT am_status_t am_policy_service_init(const char *service_name, const char *instance_name, am_resource_traits_t rsrc_traits, am_properties_t service_config_properties, am_policy_t *policy_handle_ptr);
This function takes the following parameters:
Pointer to the name for the Policy Service.
Pointer to the name of the instance being initialized.
Pointer to a am_resource_traits_t structure type.
See am_resource_traits_t for more information.
Pointer to the properties used to initialize the Policy Service instance.
See am_properties_t for more information.
Pointer to the integer specifying the object being evaluated.
This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):
If the call was successful.
If any error occurs, the type of error indicated by the status value.