com.tivoli.pd.jadmin
Class PDAppSvrConfig

java.lang.Object
  com.tivoli.pd.jadmin.PDAppSvrConfig

public class PDAppSvrConfig
extends java.lang.Object

This class is used to manipulate a Security Access Manager for Java application server's configuration. It includes methods for configuring, unconfiguring and managing configuration information.

A Java application server must be configured before it can communicate with Security Access Manager policy servers or authorization servers.

Field Summary

static java.lang.String	compliance
static int	PDAPPSVRCFG_AUTHZ_SVR Constant to indicate a Security Access Manager authorization server.
static int	PDAPPSVRCFG_CREATE Constant to indicate that the configuration and keystore files should be created during server configuration.
static int	PDAPPSVRCFG_POLICY_SVR Constant to indicate a Security Access Manager policy server.
static int	PDAPPSVRCFG_REPLACE Constant to indicates that the configuration and keystore files should be replaced during server configuration.

Method Summary

static void	addPDServer(PDSvrInfo server, int type, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Adds a policy or authorization server entry to the configuration file at the input URL.
static void	changePDServer(PDSvrInfo server, int type, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Changes port, rank or both values of a server entry in the configuration file at the input URL.
static void	configureAppSvr(java.lang.String adminName, char[] adminPwd, java.lang.String domain, PDAppSvrSpec appsvrSpec, java.net.URL configURL, java.net.URL keystoreURL, int configAction, java.util.Locale locale, PDMessages messages) Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the PDAppSvrConfig.configureAppSvr() method that takes a product code parameter.
static void	configureAppSvr(java.lang.String adminName, char[] adminPwd, java.lang.String domain, PDAppSvrSpec appsvrSpec, java.net.URL configURL, java.net.URL keystoreURL, int configAction, java.util.Locale locale, java.lang.String productCode, PDMessages messages) Configures a Security Access Manager application server for Java.
static void	configureAppSvr(java.lang.String adminName, char[] adminPwd, java.lang.String domain, PDAppSvrSpec appsvrSpec, java.net.URL configURL, java.net.URL keystoreURL, java.net.URL truststoreURL, int configAction, java.util.Locale locale, java.lang.String productCode, PDMessages messages) Configures a Security Access Manager application server for Java.
static java.net.URL	getKeystoreURL(java.net.URL configURL, java.util.Locale locale, PDMessages messages) Returns the URL of the keystore that corresponds to the input configuration URL.
static PDAppSvrInfo	getPDAppSvrInfo(java.net.URL configURL, java.util.Locale locale, PDMessages messages) Returns a PDAppSvrInfo object that contains the Java application server configuration data stored in the configuration file at the input URL.
static java.lang.String	obfuscate(java.lang.String plainText) Simple obfuscation of the password.
static void	removePDServer(PDSvrInfo server, int type, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Removes a policy or authorization server entry from the configuration file at the input URL.
static void	replaceAppSvrCert(java.lang.String adminName, char[] adminPwd, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Replaces the certificate the application server uses to authenticate to the Security Access Manager policy server.
static void	setAppSvrCertRefresh(boolean certRefresh, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Sets the application server's certificate refresh setting in the configuration file at the input URL.
static void	setAppSvrDbDir(java.net.URL dbdirURL, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Sets the local policy database directory in the configuration file at the input URL.
static void	setAppSvrDbRefresh(int dbRefresh, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Sets the local policy database refresh interval in the configuration file at the input URL.
static void	setAppSvrListening(boolean appsvrListening, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Sets the enable listening flag in the configuration file at the input URL.
static void	setAppSvrPort(int port, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Sets the application server listening port in the configuration file at the input URL.
static void	setLdapOption(java.lang.String ldapOptionName, java.lang.String ldapOptionValue, boolean ldapOptionRemove, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Sets the local policy database directory in the configuration file at the input URL.
static void	unconfigureAppSvr(java.lang.String adminName, char[] adminPwd, java.lang.String domain, java.lang.String appsvrConfigName, java.lang.String appsvrHost, java.util.ArrayList plcyServers, java.net.URL configURL, java.util.Locale locale, PDMessages messages) Unconfigures the specified Security Access Manager application server for Java.
static java.lang.String	unobfuscate(java.lang.String obfuscated) Unobfuscates a previously obfuscated() password.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

PDAPPSVRCFG_CREATE

public static final int PDAPPSVRCFG_CREATE

Constant to indicate that the configuration and keystore files should be created during server configuration. Configuration fails if either of these files already exists.

See Also:

Constant Field Values

PDAPPSVRCFG_REPLACE

public static final int PDAPPSVRCFG_REPLACE

Constant to indicates that the configuration and keystore files should be replaced during server configuration. Configuration deletes any existing files and replace them with new ones.

See Also:

Constant Field Values

PDAPPSVRCFG_POLICY_SVR

public static final int PDAPPSVRCFG_POLICY_SVR

Constant to indicate a Security Access Manager policy server.

See Also:

Constant Field Values

PDAPPSVRCFG_AUTHZ_SVR

public static final int PDAPPSVRCFG_AUTHZ_SVR

Constant to indicate a Security Access Manager authorization server.

See Also:

Constant Field Values

compliance

public static java.lang.String compliance

Method Detail

configureAppSvr

public static void configureAppSvr(java.lang.String adminName,
                                   char[] adminPwd,
                                   java.lang.String domain,
                                   PDAppSvrSpec appsvrSpec,
                                   java.net.URL configURL,
                                   java.net.URL keystoreURL,
                                   int configAction,
                                   java.util.Locale locale,
                                   PDMessages messages)
                            throws PDException

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced by the PDAppSvrConfig.configureAppSvr() method that takes a product code parameter.

Configures a Security Access Manager application server for Java. The following operations are performed: creation of an application server user in the user registry and the Security Access Manager database, addition of the server user to appropriate groups, creation of a configuration file at the configuration URL and creation of a protected keystore file at the keystore URL. The keystore contains the application server's certificate used to authenticate to policy servers and authorization servers.

If the domain in which this application server is defined is deleted and recreated, the application server must be unconfigured and reconfigured.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read, write and delete the configuration and keystore URLs.

This method corresponds to the ivadmin_cfg_configureserver3() C API.

Parameters:

adminName - the name of a Security Access Manager user with administrative privileges. Cannot be null or empty.

adminPwd - the administrative user's password. Cannot be null or empty.

domain - the domain to which the administrator will be authenticated. The application server will be defined in this domain. Cannot be null or empty.

appsvrSpec - the specification for the application server to configure. Cannot be null.

configURL - the URL for the application server's configuration data. This URL cannot be null and must use the file: protocol.

keystoreURL - the URL for the application server's certificate and keystore. This URL cannot be null and must use the file: protocol.

configAction - the action to take when creating the configuration and keystore files. Must be one of PDAPPSVRCFG_CREATE or PDAPPSVRCFG_REPLACE. If the configuration or keystore URL already exists and PDAPPSVRCFG_CREATE is specified, an exception is thrown. PDAPPSVRCFG_REPLACE must be specified to write to an existing file.

locale - specifies the locale into which any generated error or warning messages are translated.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

configureAppSvr

public static void configureAppSvr(java.lang.String adminName,
                                   char[] adminPwd,
                                   java.lang.String domain,
                                   PDAppSvrSpec appsvrSpec,
                                   java.net.URL configURL,
                                   java.net.URL keystoreURL,
                                   int configAction,
                                   java.util.Locale locale,
                                   java.lang.String productCode,
                                   PDMessages messages)
                            throws PDException

Configures a Security Access Manager application server for Java. The following operations are performed: creation of an application server user in the user registry and the Security Access Manager database, addition of the server user to appropriate groups, creation of a configuration file at the configuration URL and creation of a protected keystore file at the keystore URL. The keystore contains the application server's certificate used to authenticate to policy servers and authorization servers.

If the domain in which this application server is defined is deleted and recreated, the application server must be unconfigured and reconfigured.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read, write and delete the configuration and keystore URLs.

This method corresponds to the ivadmin_cfg_configureserver3() C API.

Parameters:

adminName - the name of a Security Access Manager user with administrative privileges. Cannot be null or empty.

adminPwd - the administrative user's password. Cannot be null or empty.

domain - the domain to which the administrator will be authenticated. The application server will be defined in this domain. Cannot be null or empty.

appsvrSpec - the specification for the application server to configure. Cannot be null.

configURL - the URL for the application server's configuration data. This URL cannot be null and must use the file: protocol.

keystoreURL - the URL for the application server's certificate and keystore. This URL cannot be null and must use the file: protocol.

configAction - the action to take when creating the configuration and keystore files. Must be one of PDAPPSVRCFG_CREATE or PDAPPSVRCFG_REPLACE. If the configuration or keystore URL already exists and PDAPPSVRCFG_CREATE is specified, an exception is thrown. PDAPPSVRCFG_REPLACE must be specified to write to an existing file.

locale - specifies the locale into which any generated error or warning messages are translated.

productCode - an optional identifier that is used to determine the directory in which to locate the trace and log files that are generated when using this application server. This identifier is used only if Tivoli Common Directory logging is enabled for the Security Access Manager runtime for Java. Refer to the product Troubleshooting Guide for more information on Tivoli Common Directory logging, message files and message file locations.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

configureAppSvr

public static void configureAppSvr(java.lang.String adminName,
                                   char[] adminPwd,
                                   java.lang.String domain,
                                   PDAppSvrSpec appsvrSpec,
                                   java.net.URL configURL,
                                   java.net.URL keystoreURL,
                                   java.net.URL truststoreURL,
                                   int configAction,
                                   java.util.Locale locale,
                                   java.lang.String productCode,
                                   PDMessages messages)
                            throws PDException

Configures a Security Access Manager application server for Java. The following operations are performed: creation of an application server user in the user registry and the Security Access Manager database, addition of the server user to appropriate groups, creation of a configuration file at the configuration URL, creation of a protected keystore file at the keystore URL. The keystore contains the application server's certificate used to authenticate to policy servers and authorization servers, and optionally creation of a truststore file at truststore URL to store the target policy server's CA certificate.

If the domain in which this application server is defined is deleted and recreated, the application server must be unconfigured and reconfigured.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read, write and delete the configuration and keystore URLs.

This method corresponds to the ivadmin_cfg_configureserver3() C API.

Parameters:

adminName - the name of a Security Access Manager user with administrative privileges. Cannot be null or empty.

adminPwd - the administrative user's password. Cannot be null or empty.

domain - the domain to which the administrator will be authenticated. The application server will be defined in this domain. Cannot be null or empty.

appsvrSpec - the specification for the application server to configure. Cannot be null.

configURL - the URL for the application server's configuration data. This URL cannot be null and must use the file: protocol.

keystoreURL - the URL for the application server's certificate and keystore. This URL cannot be null and must use the file: protocol.

truststoreURL - the URL for the keystore to store the policy server's CA certificate. If this parameter is provided, the configuration process retrieves the target policy server's CA certificate into that keystore and configures the application server to use it as the trust store instead of the original PDCA.ks configured for the Java runtime. This is required if the application server needs to connect to another policy server other than the one configured for the Java Runtime. If this parameter is null, the configuration process does not retrieve and store the CA certificate and the application server is configured to use the PDCA.ks configured for the Java Runtime. This URL must use the file: protocol.

configAction - the action to take when creating the configuration and keystore files. Must be one of PDAPPSVRCFG_CREATE or PDAPPSVRCFG_REPLACE. If the configuration or keystore URL already exists and PDAPPSVRCFG_CREATE is specified, an exception is thrown. PDAPPSVRCFG_REPLACE must be specified to write to an existing file.

locale - specifies the locale into which any generated error or warning messages are translated.

productCode - an optional identifier that is used to determine the directory in which to locate the trace and log files that are generated when using this application server. This identifier is used only if Tivoli Common Directory logging is enabled for the Security Access Manager runtime for Java. Refer to the product Troubleshooting Guide for more information on Tivoli Common Directory logging, message files and message file locations.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

unconfigureAppSvr

public static void unconfigureAppSvr(java.lang.String adminName,
                                     char[] adminPwd,
                                     java.lang.String domain,
                                     java.lang.String appsvrConfigName,
                                     java.lang.String appsvrHost,
                                     java.util.ArrayList plcyServers,
                                     java.net.URL configURL,
                                     java.util.Locale locale,
                                     PDMessages messages)
                              throws PDException

Unconfigures the specified Security Access Manager application server for Java. The following operations are performed: removal of the application server user in the user registry and the Security Access Manager database, and removal of the local keystore file. Any elements added to the configuration file during server configuration are removed, but the file is not removed entirely. The local operations are performed only if the unconfiguration operations at the registry and Security Access Manager database return without error, and only if the specified name and host match the name and host present in the configuration file.

This method is designed to run even if the input configuration file is corrupt or missing information, so that data in the user registry and policy database can be removed even if local unconfiguration is not possible.

This method is also designed to fail only in the event that the policy server is not reachable or the caller is unauthorized to perform the steps necessary to unconfigure the Java application server. Other errors encountered during remote unconfiguration are ignored so that all unconfiguration steps are attempted.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission, permission to read and write the configuration URL and permission to delete the keystore URL pointed to by the configuration URL.

This method corresponds to the ivadmin_cfg_unconfigureserver() C API.

Parameters:

adminName - the name of a Security Access Manager user with administrative privileges. Cannot be null or empty.

adminPwd - the administrative user's password. Cannot be null or empty.

domain - the domain to which the administrator is authenticated. The application server is removed from this domain. Cannot be null or empty.

appsvrConfigName - the application server's name. Cannot be null or empty. The name of the user removed from the user registry and the Security Access Manager database is constructed from this name and the server's host name.

appsvrHost - the host on which the application server runs. Cannot be null or empty.

plcyServers - a list of PDSvrInfo objects representing Security Access Manager policy servers that can be called upon to unconfigure the application server. At least one policy server must be listed.

configURL - the URL for the application server's configuration data. If the application server's configuration data has been deleted, this URL can specify a non-existent file. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

addPDServer

public static void addPDServer(PDSvrInfo server,
                               int type,
                               java.net.URL configURL,
                               java.util.Locale locale,
                               PDMessages messages)
                        throws PDException

Adds a policy or authorization server entry to the configuration file at the input URL. If the configuration already has a server entry with the same type, host and port as the input object, the server entry is not added and an exception is thrown.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

This method corresponds to the ivadmin_cfg_addreplica2() C API.

Parameters:

server - the server to add. An entry for this server is added to the configuration only if no existing server has the same type, host and port. Cannot be null.

type - the type of server to add. Must be one of PDAPPSVRCFG_POLICY_SVR or PDAPPSVRCFG_AUTHZ_SVR.

configURL - the URL for the application server's configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removePDServer

public static void removePDServer(PDSvrInfo server,
                                  int type,
                                  java.net.URL configURL,
                                  java.util.Locale locale,
                                  PDMessages messages)
                           throws PDException

Removes a policy or authorization server entry from the configuration file at the input URL. If a server having the same type, host and port as the input object does not exist in the configuratin, an exception is thrown. If removing the server entry would result in no remaining entries in the configuration, the entry is not removed and an exception is thrown.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

This method corresponds to the ivadmin_cfg_rmvreplica2() C API.

Parameters:

server - the server to remove. The host and port fields of this object are used to find a server entry in the configuration data. Cannot be null.

type - the type of server to remove. Must be one of PDAPPSVRCFG_POLICY_SVR or PDAPPSVRCFG_AUTHZ_SVR.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

changePDServer

public static void changePDServer(PDSvrInfo server,
                                  int type,
                                  java.net.URL configURL,
                                  java.util.Locale locale,
                                  PDMessages messages)
                           throws PDException

Changes port, rank or both values of a server entry in the configuration file at the input URL. The host and port fields of the input object are used to find a server entry of the given type in the configuration data. If found, the rank of that entry is changed to the value in the input object. If not found, the host field is of this object is used to find a server entry in the configuration data. If found, the port and rank of that entry are changed to the values in the input object. If no entry is found, an exception is thrown. If only the host is used to find the entry and there are more than one entry with the given host, an exception in thrown.

The change takes effect the next time the configuration file is read by the application server.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

This method corresponds to the ivadmin_cfg_chgreplica2() C API.

Parameters:

server - the server whose entry to change. Cannot be null.

type - the type of server. Must be one of PDAPPSVRCFG_POLICY_SVR or PDAPPSVRCFG_AUTHZ_SVR.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAppSvrPort

public static void setAppSvrPort(int port,
                                 java.net.URL configURL,
                                 java.util.Locale locale,
                                 PDMessages messages)
                          throws PDException

Sets the application server listening port in the configuration file at the input URL.

The change takes effect the next time the configuration file is read by the application server.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

This method corresponds to the ivadmin_cfg_setport2() C API.

Parameters:

port - the TCP/IP port on which the server application listens for communications from the policy server(s). This argument must be greater than zero.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAppSvrListening

public static void setAppSvrListening(boolean appsvrListening,
                                      java.net.URL configURL,
                                      java.util.Locale locale,
                                      PDMessages messages)
                               throws PDException

Sets the enable listening flag in the configuration file at the input URL. This operation is available only for local mode server configurations.

The change takes effect the next time the configuration file is read by the application server.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

This method corresponds to the ivadmin_cfg_setlistening2() C API.

Parameters:

appsvrListening - if true, indicates that the application server will listen for database updates from the policy server(s). If false, indicates that the application server will not listen.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAppSvrDbDir

public static void setAppSvrDbDir(java.net.URL dbdirURL,
                                  java.net.URL configURL,
                                  java.util.Locale locale,
                                  PDMessages messages)
                           throws PDException

Sets the local policy database directory in the configuration file at the input URL. This operation is available only for local mode server configurations.

The change takes effect the next time the configuration file is read by the application server.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

Parameters:

dbdirURL - the URL for the directory in which the local policy database will be stored. This URL cannot be null, it must use the file: protocol and the path specified by this URL must be a valid directory on the system.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAppSvrDbRefresh

public static void setAppSvrDbRefresh(int dbRefresh,
                                      java.net.URL configURL,
                                      java.util.Locale locale,
                                      PDMessages messages)
                               throws PDException

Sets the local policy database refresh interval in the configuration file at the input URL. This operation is available only for local mode server configurations.

The change takes effect the next time the configuration file is read by the application server.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

Parameters:

dbRefresh - the frequency, in seconds, that the application server will poll for policy database updates. The application server's local cache is rebuilt only if an update is detected. If a value less than or equal to zero is specified, polling for policy database updates is disabled.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAppSvrCertRefresh

public static void setAppSvrCertRefresh(boolean certRefresh,
                                        java.net.URL configURL,
                                        java.util.Locale locale,
                                        PDMessages messages)
                                 throws PDException

Sets the application server's certificate refresh setting in the configuration file at the input URL.

The change takes effect the next time the configuration file is read by the application server.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

Parameters:

certRefresh - option to enable or disable the application server's automatic refresh of its keystore certificate when the certificate is close to expiration. Defaults to true.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

replaceAppSvrCert

public static void replaceAppSvrCert(java.lang.String adminName,
                                     char[] adminPwd,
                                     java.net.URL configURL,
                                     java.util.Locale locale,
                                     PDMessages messages)
                              throws PDException

Replaces the certificate the application server uses to authenticate to the Security Access Manager policy server. This method is used to replace an expired or compromised certificate. This method assumes that the configuration URL contains all the information that was written during application server configuration and has not been corrupted.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission, permission to read and write the configuration URL and permission to read, write and delete the keystore URL pointed to by the configuration URL.

This method corresponds to the ivadmin_cfg_renewservercert2() C API.

Parameters:

adminName - the name of a Security Access Manager user with administrative privileges. Cannot be null or empty.

adminPwd - the administrative user's password. Cannot be null or empty.

configURL - the URL for the application server's configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getPDAppSvrInfo

public static PDAppSvrInfo getPDAppSvrInfo(java.net.URL configURL,
                                           java.util.Locale locale,
                                           PDMessages messages)
                                    throws PDException

Returns a PDAppSvrInfo object that contains the Java application server configuration data stored in the configuration file at the input URL. Configuration data can be accessed directly from the public data members in the returned PDAppSvrInfo object.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read the configuration URL.

This method corresponds to the ivadmin_cfg_getvalue() C API.

Parameters:

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getKeystoreURL

public static java.net.URL getKeystoreURL(java.net.URL configURL,
                                          java.util.Locale locale,
                                          PDMessages messages)
                                   throws PDException

Returns the URL of the keystore that corresponds to the input configuration URL.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read the configuration URL.

Parameters:

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setLdapOption

public static void setLdapOption(java.lang.String ldapOptionName,
                                 java.lang.String ldapOptionValue,
                                 boolean ldapOptionRemove,
                                 java.net.URL configURL,
                                 java.util.Locale locale,
                                 PDMessages messages)
                          throws PDException

Sets the local policy database directory in the configuration file at the input URL. This operation is available only for local mode server configurations.

The change takes effect the next time the configuration file is read by the application server.

This method requires the javax.security.auth.AuthPermission("PDAdmin") permission and permission to read and write the configuration URL.

Parameters:

ldapOptionName - The name of the LDAP option.

ldapOptionValue - The new value of the LDAP option (if not removing)

ldapOptionRemove - If true then the LDAP option is removed.

configURL - the URL for the configuration data. This URL cannot be null and must use the file: protocol.

locale - specifies the locale into which any generated error or warning messages are translated. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

obfuscate

public static java.lang.String obfuscate(java.lang.String plainText)

Simple obfuscation of the password. Not so hard to break if the key can be gleaned from the compiled java class, or if the unobfuscate() method below can be found in the JAR file and used. However this code will also be obfuscated by ZKM.

Parameters:

plainText - Plain text password to obfuscate

Returns:

Base 64 encoded, AES encrypted password.

unobfuscate

public static java.lang.String unobfuscate(java.lang.String obfuscated)

Unobfuscates a previously obfuscated() password.

Parameters:

obfuscated - Base 64 encoded, AES encrypted password

Returns:

Plain text password