|   | Sun Java System Access Manager version 7 2005Q4 Sample | 
| Policy Samples
 1. Introduction
    This document explains how to use the policy samples in
     
 
 Several samples are provided in policy samples directory. 
    To run Policy Evaluation program for  
    To run Policy Evaluation program for the sample service,  
    To run Policy Evaluation program for  
    To run Policy Evaluation program for  
    To create policies for  
    To create policies for  
    To construct policies programmatically and add them to  The steps to perform above tasks are explained below. 
 2. Steps
 I. Compile the Samples and change the root suffix in the sample filesSamples can be run both on Solaris and Linux. To compile the samples, follow these steps.
 
 
    In the sample files, root suffix DNs are specified as  
 II. Add a new policy service to Identity ServiceA service containing policy schema can be loaded to Access Manager. The samples provide a new service that has policy schema,SampleWebServiceto add to Access Manager. Run theamadmincommand to load that service.
    <BASE_DIR>/bin/amadmin
        --runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>"
	--password <password>
	--schema <BASE_DIR>/samples/policy/SampleWebService.xml
    Then copy the properties file SampleWebService.properties to the locale
    directory of the Access Manager installation.
      cp SampleWebService.properties <BASE_DIR>/locale
    To add your own service that uses policy, develop the service XML file in
    the lines of/etc/opt/SUNWam/config/xml/amWebAgent.xml(/etc/opt/sun/identity/config/xml/amWebAgent.xmlon Linux)
    orSampleWebService.xmlbased on<BASE_DIR>/dtd/sms.dtd. Once the new service is added, rules can
    be defined for the new service in policy definitions.
 III. Develop and add custom developed Subjects, Conditions and ReferralsThe Policy JAVA API provides several interfaces. The Subject, Condition and Referral interfaces let you develop your own custom subjects, conditions and referrals. A sample implementation is provided for those three interfaces.SampleSubject.javaimplements theSubjectinterface.
    This subject applies to all the authenticated users, those who have validSSOTokens.SampleCondition.javaimplements theConditioninterface.
    This condition makes the policy applicable to those users whose user's name
    length is greater than or equal to the length specified in the condition.
    
 
    The subject, condition and referral implementations need to be added to
     
 
 
    The sample subject, condition and referral implementations are now available
    for policy definitions through administration console or  
 IV. Create policies for the serviceThe policies are administered through Administration Console or throughamadmincommand. However policies canmot be modified usingamadmincommand. One must delete the policy and add the modified policy usingamadmin.  To add policies usingamadmin, policy XML file must be
    developed following<BASE_DIR>/dtd/policy.dtd. Once the policy
    XML file is developed, you can use the following command to load the policy
    XML file.
    <BASE_DIR>/bin/amadmin
        --runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>"
	--password <password>
	--data <policy.xml>
    In the policy samples directory, there are two sample policy XML files.
    They define policies forSampleWebServiceservice.SamplePolicy.xmldefines a normal policy forSampleWebServicewith aSampleSubjectand aSampleCondition.SamplereferralPolicy.xmldefines a referral
    policy forSampleWebServicewith aSampleReferral.You must run step II. and step III. to load policies present in these XML files. 
    <BASE_DIR>/bin/amadmin
        --runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>"
	--password <password>
	--data <BASE_DIR>/samples/policy/SamplePolicy.xml
    <BASE_DIR>/bin/amadmin
	--runasdn "uid=amAdmin,ou=People,<default_org>,<root_suffix>"
	--password <password>
	--data <BASE_DIR>/samples/policy/SampleReferralPolicy.xml
    You can verify the newly added policies in Administration Console.
 V. Develop and run Policy Evaluation Programs.The Policy API provides Policy Evaluation API. This API has one java class,PolicyEvaluator. The package for this class iscom.sun.identity.policy.PolicyEvaluator. The samples provide a sample
    policy evaluator program,PolicyEvaluation.java. This program can be used
    to run policy evaluations for different services. The policy evaluation is
    always based on a service such asiPlanetAMWebAgentService,SampleWebService, etc.
    The sample policy evaluation program uses  
    Following properties can be set as input to the evaluation program in
     
 
 Set up the policies before running in the policy evaluation program. To run the policy evaluation program, use the following steps: 
 
 The policy decision from the policy evaluation program is then displayed on the terminal. 
 VI. Construct policies programmatically and add them to policy storeThe Policy API provides Policy Management API that lets you create, add, update and remove policies programmatically. This sample programPolicyCreator.java, shows how to construct policies programmatically and
    add them to policy store. One normal policypolicy1and one referral
    policyrefpolicy1are constructed and added to the policy store. The
    normal policy has one subject of each subject type and one condition of
    each condition type shipped out of box with Access Manager.
    To run the sample program  
 
 |