test

Sun Java System Access Manager 7.1 C API Reference

Policy Functions

The functions defined in <am_policy.h> are:

am_policy_compare_urls()

Compares the URLs of two resources, and returns the appropriate result.

Syntax

#include "am_policy.h"
AM_EXPORT am_resource_match_t
am_policy_compare_urls(const am_resource_traits_t *rsrc_traits,
                       const char *policy_resource_name,
                       const char *resource_name,
                       boolean_t use_patterns);

Parameters

This function takes the following parameter:

rsrc_traits

Pointer to a am_resource_traits_t type containing data regarding a policy.

Note –

See am_resource_traits_t for more information.

policy_resource_name

Pointer to the name of the resource being protected.

resource_name

Pointer to the name of the resource being requested.

use_patterns

Based on the boolean_t defined in the <am_types.h> header file, B_TRUE indicates that the function will consider occurrences of * in policy_resource_name as wild cards. If B_FALSE, occurrences of * are taken as a literal characters.

Note –

In cases of SUB_RESOURCE_MATCH and SUPER_RESOURCE_MATCH when usePatterns is B_TRUE, the patterns are sub or super matching patterns, respectively.

Returns

This function returns one of the following values of the am_resource_match_t enumeration as defined:

#include "am_policy.h"
typedef enum am_resource_match {
    AM_SUB_RESOURCE_MATCH,
    AM_EXACT_MATCH,
    AM_SUPER_RESOURCE_MATCH,
    AM_NO_MATCH,
    AM_EXACT_PATTERN_MATCH
} am_resource_match_t;
AM_EXACT_MATCH

If both URLs match exactly as in, for example, if the URL for the resource is http://example.sun.com:90/index.html and the URL in the policy is http://example.sun.com:90/index.html.

AM_EXACT_PATTERN_MATCH

This result is returned if the URL to which the policy applies matches the URL to which access is requested as in, for example, if the URL for the resource is http://example.sun.com:90/index.html and the URL in the policy is http://example.sun.com:90/*. Distinction is not made between an EXACT_MATCH or a pattern match.

AM_NO_MATCH

If the URLs do not match.

AM_SUB_RESOURCE_MATCH

If the requested URL is found to be a sub-resource of the URL defined in the policy.

AM_SUPER_RESOURCE_MATCH

If the requested URL is found to be a parent of the URL defined in the policy.

am_policy_destroy()

Destroys an initialized instance of a policy evaluator object.

Details

An instance is initialized for each policy request.

Note –

The caller must ensure that the same instance is not destroyed more than once.

Syntax

#include "am_policy.h"
AM_EXPORT am_status_t
am_policy_destroy(am_policy_t policy);

Parameters

This function takes the following parameter:

policy

Integer specifying the object being destroyed.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS

If the call was successful.

AM_*

If any error occurs, the type of error indicated by the status value.

am_policy_evaluate()

Evaluates a policy for a given request and returns a non-boolean result.

Note –

am_policy_evaluate() has been deprecated. See am_policy_evaluate_ignore_url_notenforced().

Details

am_policy_evaluate() was used to evaluate policy for URLs on the not-enforced list and those not on the not-enforced list. Since there is not a need to evaluate URLs on the not-enforced list, am_policy_evaluate() has been deprecated. Although it can still be used, the SDK invokes am_policy_evaluate_ignore_url_notenforced().

Syntax

#include "am_policy.h"
AM_EXPORT am_status_t
am_policy_evaluate(am_policy_t policy_handle,
                   const char *sso_token,
                   const char *resource_name,
                   const char *action_name,
                   const am_map_t env_parameter_map,
                   am_map_t policy_response_map_ptr,
                   am_policy_result_t *policy_result);

Parameters

This function takes the following parameters:

policy_handle

Integer specifying the object being evaluated.

sso_token

Pointer to the session token (SSOTokenID) of the authenticated user.

Note –

The Access Manager Session Service creates a session data structure (also known as an SSOToken) that stores information such as login time, authentication scheme, and authentication level. It also generates a session token (also known as an SSOTokenID, a randomly-generated string that identifies an instance of an SSOToken.

resource_name

Pointer to the name of the resource being requested.

action_name

Pointer to the action requested.

Note –

An action is the operation to be performed on the resource. Web server actions are POST and GET. An allowable action for a human resources service , for example, can change a home telephone number.

env_parameter_map

Map object which contains environment variables (IP address, host name, etc.) used for evaluation by the Policy Service.

Note –

See am_map_t for more information.

policy_response_map_ptr

Pointer to a map object which contains all the profile, session and response attributes fetched.

Note –

This must be enabled in AMAgent.properties. See am_policy_result_t for information on how this is done. See am_map_t for more information on map objects.

policy_result

Pointer to the am_policy_result_t type to store the result.

Note –

See am_policy_result_t for more information.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS

If the call was successful.

AM_*

If any error occurs, the type of error indicated by the status value.

Memory Concerns

After using the results the caller must call am_policy_result_destroy() on policy_result to cleanup the allocated memory. Also, am_map_destroy() must be called on policy_response_map_ptr and env_parameter_map after their respective usage.

am_policy_evaluate_ignore_url_notenforced()

Evaluates a policy for a given request and returns a non-boolean result.

Details

am_policy_evaluate_ignore_url_notenforced() will evaluate a policy for the specified URL only if the URL does not appear on the not-enforced list defined in AMAgent.properties.

Note –

See Sun Java System Access Manager Policy Agent 2.2 User’s Guide for more information.

Syntax

#include "am_policy.h"
AM_EXPORT am_status_t
am_policy_evaluate_ignore_url_notenforced(am_policy_t policy_handle,
                                          const char *sso_token,
                                          const char *resource_name,
                                          const char *action_name,
                                          const am_map_t env_parameter_map,
                                          am_map_t policy_response_map_ptr,
                                          am_policy_result_t *policy_result,
                                          am_bool_t ignorePolicyResult),
                                          char **am_revision_number;

Parameters

This function takes the following parameters:

policy_handle

Integer specifying the object being evaluated.

sso_token

Pointer to the session token (SSOTokenID) of the authenticated user.

Note –

The Access Manager Session Service creates a session data structure (also known as an SSOToken) that stores information such as login time, authentication scheme, and authentication level. It also generates a session token (also known as an SSOTokenID, a randomly-generated string that identifies an instance of an SSOToken.

resource_name

Pointer to the name of the resource being requested.

action_name

Pointer to the action requested.

Note –

An action is the operation to be performed on the resource. Web server actions are POST and GET. An allowable action for a human resources service , for example, can change a home telephone number.

env_parameter_map

Map object which contains environment variables (IP address, host name, etc.) used for evaluation by the Policy Service.

Note –

See am_map_t for more information.

policy_response_map_ptr

Pointer to a map object which contains all the profile, session and response attributes fetched.

Note –

This must be enabled in AMAgent.properties. See am_policy_result_t for information on how this is done. See am_map_t for more information on map objects.

policy_result

Pointer to the am_policy_result_t type to store the result.

Note –

See am_policy_result_t for more information.

ignorePolicyResult

Based on the am_bool_t defined in the <am_types.h> header file, AM_TRUE indicates that policy evaluation will not be done for the URL.

am_revision_number

Takes a value equal to the version of the instance of Access Manager with which the SDK is communicating. When communicating with Access Manager 7.0, the value will be 7.0, otherwise 6.3. It can also be set to NULL.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS

If the call was successful.

AM_*

If any error occurs, the type of error indicated by the status value.

Memory Concerns

After using the results the caller must call am_policy_result_destroy() on policy_result to cleanup the allocated memory. Also, am_map_destroy() must be called on policy_response_map_ptr and env_parameter_map after their respective usage.

am_policy_get_url_resource_root()

Extracts the root of a given URL.

Details

am_policy_get_url_resource_root() populates the resource_root pointer with the extracted information. For example, http://www.sun.com/index.html will return http://www.sun.com/ and http://www.sun.com:8080/index.html will return http://www.sun.com:8080/.

Syntax

#include "am_policy.h"
AM_EXPORT boolean_t 
am_policy_get_url_resource_root(const char *resource_name,
                                      char *resource_root,
                                size_t length);

Parameters

This function takes the following parameters:

resource_name

Pointer to the protected resource URL.

resource_root

Pointer to the location where the resource root will be written.

length

Value based on the size_t defined in the standard <stddef.h> header file that reflects the size of the resource_root buffer.

Note –

When using resources other than URLs, the developer implementing this function must make accurate judgement about the minimum size of resource_root.

Returns

This function returns one of the following values of the boolean_t enumeration (defined in the <am_types.h> header file):

B_TRUE

If the root was successfully extracted.

B_FALSE

If not.

am_policy_init()

Initializes the Access Manager Policy Service.

Syntax

#include "am_policy.h"
AM_EXPORT am_status_t
am_policy_init(am_properties_t policy_config_properties);

Parameters

This function takes the following parameter:

policy_config_properties

Pointer to the properties used to initialize the Policy Service.

Note –

See am_properties_t for more information.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS

If the call was successful.

AM_*

If any error occurs, the type of error indicated by the status value.

Memory Concerns

The caller must call am_policy_destroy() to free the memory.

am_policy_invalidate_session()

Cancels the specified session.

Syntax

#include "am_policy.h"
AM_EXPORT am_status_t
am_policy_invalidate_session(am_policy_t policy_handle,
                             const char *ssoTokenId);

Parameters

This function takes the following parameters:

policy_handle

Integer specifying the object being evaluated.

ssoTokenId

Pointer to the session token of the authentication user.

Note –

The session token is a randomly-generated string that represents an authenticated user.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS

If the call was successful.

AM_*

If any error occurs, the type of error indicated by the status value.

am_policy_is_notification_enabled()

Checks whether the notification functionality is enabled.

Syntax

#include "am_policy.h"
AM_EXPORT boolean_t
am_policy_is_notification_enabled(am_policy_t policy_handle);

Parameters

This function takes the following parameter:

policy_handle

Integer specifying the object being evaluated.

Returns

This function returns the standard boolean_t with one of the following values:

0

If notification is disabled.

non-zero

If notification is enabled.

am_policy_notify()

Refreshes the policy cache when a policy notification is received by the client.

Syntax

#include "am_policy.h"
AM_EXPORT am_status_t 
am_policy_notify(am_policy_t policy_handle,
                 const char *notification_data,
                 size_t notification_data_len);

Parameters

This function takes the following parameters:

policy_handle

Integer specifying the object being evaluated.

notification_data

Pointer to the notification message as an XML string.

notification_data_len

Value based on the size_t defined in the standard <stddef.h> header file that reflects the size of the notification_data string.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS

If the call was successful.

AM_*

If any error occurs, the type of error indicated by the status value.

am_policy_resource_canonicalize()

Converts the specified resource name into a standard representation for comparison purposes.

Syntax

#include "am_policy.h"
AM_EXPORT void
am_policy_resource_canonicalize(const char *resource, 
                                      char **c_resource);

Parameters

This function takes the following parameters:

resource

Pointer to the name of the resource to be converted.

c_resource

Pointer to a pointer to the location where the converted string will be placed.

Returns

This function does not return a value.

am_policy_resource_has_patterns()

Checks whether the specified resource name has patterns (such as the wildcard *).

Syntax

#include "am_policy.h"
AM_EXPORT boolean_t 
am_policy_resource_has_patterns(const char *resource_name);

Parameters

This function takes the following parameter:

resource_name

Pointer to the resource being evaluated.

Returns

This function returns one of the following values of the boolean_t enumeration (defined in the <am_types.h> header file):

B-TRUE

If the resource has patterns.

B_FALSE

Otherwise.

am_policy_result_destroy()

Destroys the specified am_policy_result_t structure type.

Note –

See am_policy_result_t for more information.

Syntax

#include "am_policy.h"
AM_EXPORT void
am_policy_result_destroy(am_policy_result_t *result);

Parameters

This function takes the following parameter:

result

Pointer to the am_policy_result_t structure type being destroyed.

Returns

This function does not return a value.

am_policy_service_init()

Initializes one instance of Access Manager Policy Service for policy evaluation.

Syntax

#include "am_policy.h"
AM_EXPORT am_status_t
am_policy_service_init(const char *service_name,
                       const char *instance_name,
                       am_resource_traits_t rsrc_traits,
                       am_properties_t service_config_properties,
                       am_policy_t *policy_handle_ptr);

Parameters

This function takes the following parameters:

service_name

Pointer to the name for the Policy Service.

instance_name

Pointer to the name of the instance being initialized.

rsrc_traits

Pointer to a am_resource_traits_t structure type.

Note –

See am_resource_traits_t for more information.

service_config_properties

Pointer to the properties used to initialize the Policy Service instance.

Note –

See am_properties_t for more information.

policy_handle_ptr

Pointer to the integer specifying the object being evaluated.

Returns

This function returns one of the following values of the am_status_t enumeration (defined in the <am_types.h> header file):

AM_SUCCESS

If the call was successful.

AM_*

If any error occurs, the type of error indicated by the status value.