![]() |
Sun Java System Access Manager version 7 2005Q4 Sample |
Policy Samples
1. Introduction
This document explains how to use the policy samples in
Several samples are provided in policy samples directory.
To run Policy Evaluation program for
To run Policy Evaluation program for the sample service,
To run Policy Evaluation program for
To run Policy Evaluation program for
To create policies for
To create policies for
To construct policies programmatically and add them to The steps to perform above tasks are explained below.
2. Steps
I. Compile the Samples and change the root suffix in the sample filesSamples can be run both on Solaris and Linux. To compile the samples, follow these steps.
In the sample files, root suffix DNs are specified as
II. Add a new policy service to Identity ServiceA service containing policy schema can be loaded to Access Manager. The samples provide a new service that has policy schema,SampleWebService
to add to Access Manager. Run the amadmin command to load that service.
<BASE_DIR>/bin/amadmin --runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>" --password <password> --schema <BASE_DIR>/samples/policy/SampleWebService.xmlThen copy the properties file SampleWebService.properties to the locale directory of the Access Manager installation. cp SampleWebService.properties <BASE_DIR>/localeTo add your own service that uses policy, develop the service XML file in the lines of /etc/opt/SUNWam/config/xml/amWebAgent.xml
(/etc/opt/sun/identity/config/xml/amWebAgent.xml on Linux)
or SampleWebService.xml based on
<BASE_DIR>/dtd/sms.dtd . Once the new service is added, rules can
be defined for the new service in policy definitions.
III. Develop and add custom developed Subjects, Conditions and ReferralsThe Policy JAVA API provides several interfaces. The Subject, Condition and Referral interfaces let you develop your own custom subjects, conditions and referrals. A sample implementation is provided for those three interfaces.SampleSubject.java implements the Subject interface.
This subject applies to all the authenticated users, those who have valid
SSOTokens . SampleCondition.java implements the Condition interface.
This condition makes the policy applicable to those users whose user's name
length is greater than or equal to the length specified in the condition.
The subject, condition and referral implementations need to be added to
The sample subject, condition and referral implementations are now available
for policy definitions through administration console or
IV. Create policies for the serviceThe policies are administered through Administration Console or throughamadmin command. However policies canmot be modified using amadmin
command. One must delete the policy and add the modified policy using
amadmin . To add policies using amadmin , policy XML file must be
developed following <BASE_DIR>/dtd/policy.dtd . Once the policy
XML file is developed, you can use the following command to load the policy
XML file.
<BASE_DIR>/bin/amadmin --runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>" --password <password> --data <policy.xml>In the policy samples directory, there are two sample policy XML files. They define policies for SampleWebService service. SamplePolicy.xml
defines a normal policy for SampleWebService with a SampleSubject
and a SampleCondition . SamplereferralPolicy.xml defines a referral
policy for SampleWebService with a SampleReferral .
You must run step II. and step III. to load policies present in these XML files. <BASE_DIR>/bin/amadmin --runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>" --password <password> --data <BASE_DIR>/samples/policy/SamplePolicy.xml <BASE_DIR>/bin/amadmin --runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>" --password <password> --data <BASE_DIR>/samples/policy/SampleReferralPolicy.xmlYou can verify the newly added policies in Administration Console.
V. Develop and run Policy Evaluation Programs.The Policy API provides Policy Evaluation API. This API has one java class,PolicyEvaluator . The package for this class is
com.sun.identity.policy.PolicyEvaluator . The samples provide a sample
policy evaluator program, PolicyEvaluation.java . This program can be used
to run policy evaluations for different services. The policy evaluation is
always based on a service such as iPlanetAMWebAgentService ,
SampleWebService , etc.
The sample policy evaluation program uses
Following properties can be set as input to the evaluation program in
Set up the policies before running in the policy evaluation program. To run the policy evaluation program, use the following steps:
The policy decision from the policy evaluation program is then displayed on the terminal.
VI. Construct policies programmatically and add them to policy storeThe Policy API provides Policy Management API that lets you create, add, update and remove policies programmatically. This sample programPolicyCreator.java , shows how to construct policies programmatically and
add them to policy store. One normal policy policy1 and one referral
policy refpolicy1 are constructed and added to the policy store. The
normal policy has one subject of each subject type and one condition of
each condition type shipped out of box with Access Manager.
To run the sample program
|