1/16
Contents
List of Examples
List of Figures
List of Tables
Title and Copyright Information
Preface
Audience
Documentation Accessibility
Related Documents
Conventions
1
Using the Policy Model
1.1
Examining Policy Elements
1.2
Composing A Simple Policy
1.3
Adding Fine Grained Objects to a Simple Policy
1.3.1
Creating an Application Role
1.3.2
Defining A Role Mapping Policy
1.3.3
Adding a Condition
1.3.4
Populating a Permission Set
1.3.5
Building an Obligation
1.4
Using Roles to Implement Policy
2
Constructing A Policy Programmatically
2.1
Using the Java API
2.2
Executing A Simple Policy
2.2.1
Accessing the Policy Store
2.2.2
Creating an Application Policy
2.2.3
Defining Resource Types
2.2.4
Instantiating a Resource
2.2.5
Associating Actions with the Resource
2.2.5.1
Using a ResourceEntry
2.2.5.2
Using a ResourceNameExpression
2.2.6
Specifying a Policy Rule
2.2.7
Specifying the Principal
2.2.8
Defining the Policy
2.3
Creating Fine Grained Elements for a Simple Policy
2.3.1
Creating Application Roles
2.3.2
Creating Role Mapping Policies
2.3.3
Creating Attribute and Function Definitions
2.3.3.1
Creating Attribute Definitions
2.3.3.2
Creating Custom Function Definitions
2.3.4
Defining Permission Sets
2.3.5
Defining a Condition
2.3.5.1
Constructing a Boolean Expression
2.3.5.2
Constructing a Custom Function Expression
2.3.6
Adding Obligations
3
Managing Policy Objects Programmatically
3.1
Using Scope Levels for Management
3.2
Managing Objects Created at the PolicyStore Scope
3.3
Managing Objects Within the ApplicationPolicy Scope
3.3.1
Managing PolicyDomainEntry Objects
3.3.2
Managing ResourceTypeEntry Objects
3.3.3
Managing and Granting AppRoleEntry Objects
3.3.4
Managing Role Mapping Policy (RolePolicyEntry) Objects
3.3.5
Managing AttributeEntry and FunctionEntry Objects
3.3.5.1
Managing AttributeEntry Objects
3.3.5.2
Managing FunctionEntry Objects
3.3.6
Managing ResourceEntry Objects
3.3.7
Managing Permission Sets
3.3.8
Managing the Policy
3.4
Managing Objects within the PolicyDomainEntry Scope
4
Distributing Policies
4.1
Understanding Policy Distribution
4.1.1
Using a Centralized Policy Distribution Component
4.1.2
Using a Local Policy Distribution Component
4.2
Defining Distribution Modes
4.2.1
Controlled Distribution
4.2.2
Non-Controlled Distribution
4.3
Creating Security Module Configurations and Bindings
4.3.1
Managing Security Module Configurations
4.3.2
Managing Security Module Bindings
4.4
Initiating Policy Distribution
5
Delegating Policy Administration
5.1
Delegating Administration
5.2
Managing Scope and Delegating Granularity
5.3
Assigning Permissions
5.4
Creating Administration Roles
5.4.1
Creating An Administration Role
5.4.2
Assigning Actions and Resources (Permissions) to an Administration Role
5.4.3
Assigning Principals to an Administration Role
5.4.4
Retrieving a Principal's Administration Resources
5.5
Managing Administration Roles
5.6
Using the Default Administration Roles
5.7
Delegating with a Policy Domain
6
Handling Authorization Calls and Decisions
6.1
Using the Authorization Request API
6.2
Using the PEP API
6.2.1
Using the PEP API
6.2.2
Formatting PEP API Authorization Request Strings
6.2.2.1
Formatting the Scope String
6.2.2.2
Formatting the Resource String
6.2.3
Processing Query Requests
6.2.4
Getting Obligations
6.2.5
Configuring the PEP API
6.3
Making XACML Calls
6.4
Making checkPermission() Calls
7
Extending Functionality
7.1
Working With Attribute Retrievers
7.1.1
Understanding Attribute Retrievers
7.1.2
Creating Custom Attribute Retrievers
7.1.3
Implementing Custom Attribute Retrievers
7.1.3.1
Getting Attribute Values Directly
7.1.3.2
Getting Attribute Values Using a Handle
7.1.4
Configuring Oracle Entitlements Server for Custom Attribute Retrievers
7.2
Developing Custom Functions
8
Using the JSP Tags
8.1
Defining the Functional Tags
8.1.1
isAccessAllowed Tag
8.1.2
isAccessNotAllowed Tag
8.1.3
getUserRoles Tag
8.1.4
isUserInRole Tag
8.2
Defining the Assistant Tags
8.2.1
setSecurityContext Tag
8.2.2
attribute Tag
8.2.3
then/else Tags
9
Enhancing the Development Environment
9.1
Logging
Index
Scripting on this page enhances content navigation, but does not change the content in any way.