com.tivoli.pd.jadmin
Class PDPop

java.lang.Object
  com.tivoli.pd.jutil.PDEnvironmentObject
      com.tivoli.pd.jadmin.PDPop

All Implemented Interfaces:

java.io.Serializable, java.lang.Cloneable

public class PDPop
extends com.tivoli.pd.jutil.PDEnvironmentObject
implements java.lang.Cloneable

Security Access Manager Protected Object Policy (POP) class.

The PDPop class allows an Security Access Manager application to attach protected object policies to a PDProtObject administration object. Supported protected object policies include: allowing access to a protected object based on time-of-day, defining what types of accesses to the protected object are audited, specifying what level of authentication is required to access a protected object, setting the quality of protection (QOP) used to access a given protected object, and enabling/disabling accesses to a given protected object to be under warning mode (which allows the administrator to troubleshoot accesses).

The QOP policy is not used internally by Security Access Manager. It can be set and used by the end user.

In addition, extended attributes can be defined for a given PDPop object.

Modes: Local,Remote

See Also:

Serialized Form

Nested Class Summary

static class

PDPop.IPAuthInfo Class that represents information associated with the IP authentication policy.

Field Summary

static long	PDPOP_AUDIT_LEVEL_ADMIN Long constant representing the "ADMIN" audit level POP policy.
static long	PDPOP_AUDIT_LEVEL_ALL Long constant representing the "ALL" audit level POP policy.
static long	PDPOP_AUDIT_LEVEL_DENY Long constant representing the "DENY" audit level POP policy.
static long	PDPOP_AUDIT_LEVEL_ERROR Long constant representing the "ERROR" audit level POP policy.
static long	PDPOP_AUDIT_LEVEL_NONE Long constant representing the "NONE" audit level POP policy.
static long	PDPOP_AUDIT_LEVEL_PERMIT Long constant representing the "PERMIT" audit level POP policy.
static java.lang.String	PDPOP_QOP_INTEGRITY String constant representing the "INTEGRITY" quality-of-protection (QOP) POP policy.
static java.lang.String	PDPOP_QOP_NONE String constant representing the "NONE" quality-of-protection (QOP) POP policy.
static java.lang.String	PDPOP_QOP_PRIVACY String constant representing the "PRIVACY" quality-of-protection (QOP) POP policy.

Constructor Summary

PDPop(PDContext context, java.lang.String id, PDMessages messages)
Constructs a local object of a POP that exists in the policy server.

Method Summary

java.lang.Object	clone() Returns a copy of this object.
static void	createPop(PDContext context, java.lang.String id, java.lang.String description, PDAttrs attributes, PDMessages messages) Creates a POP in the policy server.
static void	createPop(PDContext context, java.lang.String id, java.lang.String description, PDAttrs attributes, PDMessages messages) Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced with the createPop(PDContext,String,String,com.tivoli.pd.jutil.PDAttrs,PDMessages) method.
void	deleteAttribute(PDContext context, java.lang.String attributeName, PDMessages messages) Deletes an extended attribute from this POP object and also from the policy server.
static void	deleteAttribute(PDContext context, java.lang.String id, java.lang.String attributeName, PDMessages messages) Deletes the extended attribute for the specified POP in the policy server.
void	deleteAttributeValue(PDContext context, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Deletes a value for an extended attribute from the local POP object and also from the policy server.
static void	deleteAttributeValue(PDContext context, java.lang.String id, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Deletes a value for an extended attribute for the specified POP in the policy server.
static void	deletePop(PDContext context, java.lang.String id, PDMessages messages) Deletes the specified POP from the policy server.
boolean	equals(java.lang.Object obj) Determines whether this PDPop is equivalent to the input object.
java.util.ArrayList	getAttributeNames() Gets the names of the extended attributes from this object.
java.util.ArrayList	getAttributeValues(java.lang.String attributeName) Gets the values of an extended attribute from this object.
long	getAuditLevel() Gets the POP's audit level policy from this object.
java.lang.String	getDescription() Gets the POP's description from this object.
java.lang.String	getId() Gets the POP name from this object.
static long	getIPAuthAnyothernw(PDContext context, java.lang.String id, PDMessages messages) Get the authentication level for the anyothernw.
java.util.ArrayList	getIPAuthInfo() Gets the POP's IP authentication level policy from this object.
java.lang.String	getQOP() Gets the POP's quality-of-protection policy from this object.
PDTodAccessInfo	getTodAccessInfo() Gets the POP's time-of-day (TOD) access policy from this object.
boolean	getWarningMode() Gets the POP's warning mode policy from this object.
static java.util.ArrayList	listPops(PDContext context, PDMessages messages) Returns a list of names of all POP objects existing in the policy server.
void	removeIPAuthInfo(PDContext context, java.util.ArrayList ipAuthInfo, PDMessages messages) Removes the IP authentication Level policy for this POP object and also in the policy server for all entries in the passed-in ArrayList.
static void	removeIPAuthInfo(PDContext context, java.lang.String id, java.util.ArrayList ipAuthInfo, PDMessages messages) Removes the IP authentication level policy for this POP in the policy server.
void	setAttributeValue(PDContext context, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Sets the value of an extended attribute in this POP object and also in the policy server.
static void	setAttributeValue(PDContext context, java.lang.String id, java.lang.String attributeName, java.lang.String attributeValue, PDMessages messages) Sets the value of an extended attribute for the specified POP in the policy server.
void	setAuditLevel(PDContext context, long auditLevel, PDMessages messages) Sets the audit level policy for this POP object and also in the policy server.
static void	setAuditLevel(PDContext context, java.lang.String id, long auditLevel, PDMessages messages) Sets the audit level policy for this POP in the policy server.
void	setDescription(PDContext context, java.lang.String newDescription, PDMessages messages) Sets the descriptive string for this POP object and also in the policy server.
static void	setDescription(PDContext context, java.lang.String id, java.lang.String newDescription, PDMessages messages) Sets the descriptive string for the specified POP in the policy server.
void	setIPAuthAnyothernw(PDContext context, long authLevel, PDMessages messages) Sets the IP authentication level for anyothernw for this POP object and also in the policy server.
static void	setIPAuthAnyothernw(PDContext context, java.lang.String id, long authLevel, PDMessages messages) Modifies the anyothernw authentication level in the policy server
void	setIPAuthInfo(PDContext context, java.util.ArrayList ipAuthInfo, PDMessages messages) Sets the IP authentication policy for this POP object and also in the policy server.
static void	setIPAuthInfo(PDContext context, java.lang.String id, java.util.ArrayList ipAuthInfo, PDMessages messages) Sets the IP authentication level policy for this POP in the policy server.
void	setQOP(PDContext context, java.lang.String qop, PDMessages messages) Sets the quality of protection (QOP) policy for this POP object and also in the policy server.
static void	setQOP(PDContext context, java.lang.String id, java.lang.String qop, PDMessages messages) Sets the quality of protection (QOP) policy for the specified POP in the policy server.
void	setTodAccessInfo(PDContext context, PDTodAccessInfo todAccessInfo, PDMessages messages) Sets the time-of-day (TOD) access policy for this POP object and also in the policy server.
static void	setTodAccessInfo(PDContext context, java.lang.String id, PDTodAccessInfo todAccessInfo, PDMessages messages) Sets the time-of-day (TOD) access policy for the specified POP in the policy server.
void	setWarningMode(PDContext context, boolean warningMode, PDMessages messages) Sets the value for the warning-mode policy for this POP object and also in the policy server.
static void	setWarningMode(PDContext context, java.lang.String id, boolean warningMode, PDMessages messages) Sets the value for the warning-mode policy for the specified POP in the policy server.
java.lang.String	toString() Returns a String representation of this object.

Methods inherited from class com.tivoli.pd.jutil.PDEnvironmentObject

getContext, setContext

Methods inherited from class java.lang.Object

getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

PDPOP_QOP_NONE

public static final java.lang.String PDPOP_QOP_NONE

String constant representing the "NONE" quality-of-protection (QOP) POP policy.

See Also:

Constant Field Values

PDPOP_QOP_INTEGRITY

public static final java.lang.String PDPOP_QOP_INTEGRITY

String constant representing the "INTEGRITY" quality-of-protection (QOP) POP policy.

See Also:

Constant Field Values

PDPOP_QOP_PRIVACY

public static final java.lang.String PDPOP_QOP_PRIVACY

String constant representing the "PRIVACY" quality-of-protection (QOP) POP policy.

See Also:

Constant Field Values

PDPOP_AUDIT_LEVEL_NONE

public static final long PDPOP_AUDIT_LEVEL_NONE

Long constant representing the "NONE" audit level POP policy. No accesses to the protected object to which this POP is attached will be audited.

See Also:

Constant Field Values

PDPOP_AUDIT_LEVEL_PERMIT

public static final long PDPOP_AUDIT_LEVEL_PERMIT

Long constant representing the "PERMIT" audit level POP policy. All permitted accesses to the protected object to which this POP is attached will be audited.

See Also:

Constant Field Values

PDPOP_AUDIT_LEVEL_DENY

public static final long PDPOP_AUDIT_LEVEL_DENY

Long constant representing the "DENY" audit level POP policy. All denied accesses to the protected object to which this POP is attached will be audited.

See Also:

Constant Field Values

PDPOP_AUDIT_LEVEL_ERROR

public static final long PDPOP_AUDIT_LEVEL_ERROR

Long constant representing the "ERROR" audit level POP policy. All error accesses to the protected object to which this POP is attached will be audited.

See Also:

Constant Field Values

PDPOP_AUDIT_LEVEL_ADMIN

public static final long PDPOP_AUDIT_LEVEL_ADMIN

Long constant representing the "ADMIN" audit level POP policy. This audit level is not used internally within the Security Access Manager product. It can be used by the users of the Java Admin APIs.

See Also:

Constant Field Values

PDPOP_AUDIT_LEVEL_ALL

public static final long PDPOP_AUDIT_LEVEL_ALL

Long constant representing the "ALL" audit level POP policy. All accesses to the protected object to which this POP is attached will be audited.

See Also:

Constant Field Values

Constructor Detail

PDPop

public PDPop(PDContext context,
             java.lang.String id,
             PDMessages messages)
      throws PDException

Constructs a local object of a POP that exists in the policy server. Returns an error if the POP does not exist.

This constructor corresponds to the ivadmin_pop_get() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP to be constructed. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

Method Detail

setDescription

public void setDescription(PDContext context,
                           java.lang.String newDescription,
                           PDMessages messages)
                    throws PDException

Sets the descriptive string for this POP object and also in the policy server.

This method implements the function provided by the ivadmin_pop_setdescription() C API. In addition it sets the value of the description in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

newDescription - the new description. The description may not be null; use the empty String to clear the existing description.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setQOP

public void setQOP(PDContext context,
                   java.lang.String qop,
                   PDMessages messages)
            throws PDException

Sets the quality of protection (QOP) policy for this POP object and also in the policy server.

This method implements the function provided by the ivadmin_pop_setqop() C API. In addition it sets the value of the QOP in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

qop - QOP policy for the POP. Needs to be one of the PDPOP_QOP_* string constants defined in this class. Cannot be null. Cannot be an empty String.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setWarningMode

public void setWarningMode(PDContext context,
                           boolean warningMode,
                           PDMessages messages)
                    throws PDException

Sets the value for the warning-mode policy for this POP object and also in the policy server.

This method implements the function provided by the ivadmin_pop_setwarnmode() C API. In addition it sets the warning mode policy in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

warningMode - true, if warning mode policy is enabled, false, if warning mode policy is disabled.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAuditLevel

public void setAuditLevel(PDContext context,
                          long auditLevel,
                          PDMessages messages)
                   throws PDException

Sets the audit level policy for this POP object and also in the policy server.

This method implements the function provided by the ivadmin_pop_setauditlevel() C API. In addition it sets the value of the audit level policy in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

auditLevel - Audit level policy for the POP. Can be one of the PDPOP_AUDIT_LEVEL_* constants, or a logical OR operation on these constants.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setIPAuthInfo

public void setIPAuthInfo(PDContext context,
                          java.util.ArrayList ipAuthInfo,
                          PDMessages messages)
                   throws PDException

Sets the IP authentication policy for this POP object and also in the policy server.

This method implements the function provided by the ivadmin_pop_setipauth() and the ivadmin_pop_setipauth_forbidden C APIs. In addition it sets the value of the IP authentication level policy in the current object.

Entries in the passed-in ArrayList that correspond to an IP address and netmask for which the IP authentication policy has already been set are ignored. To reset the IP authentication policy for such an entry, first remove the entry, and then set it. This applies when IPAuthLevel is set to PDPOP_IPAUTH_LEVEL_FORBIDDEN_ALL_NETWORKS as well.

Note that the input IP address is ANDed with the input netmask before it is stored, and this value is what is returned by the getIPAuthInfo() method.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

ipAuthInfo - ArrayList of IPAuthInfo objects. Cannot be null or empty.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setIPAuthAnyothernw

public void setIPAuthAnyothernw(PDContext context,
                                long authLevel,
                                PDMessages messages)
                         throws PDException

Sets the IP authentication level for anyothernw for this POP object and also in the policy server.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

authLevel - authentication level for anyothernw Cannot be null or empty.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removeIPAuthInfo

public void removeIPAuthInfo(PDContext context,
                             java.util.ArrayList ipAuthInfo,
                             PDMessages messages)
                      throws PDException

Removes the IP authentication Level policy for this POP object and also in the policy server for all entries in the passed-in ArrayList. The other IP authentication policy entries for this POP policy still remain in effect.

This method implements the function provided by the ivadmin_pop_removeipauth() C API. In addition it removes the value of the IP authentication level policy in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

ipAuthInfo - ArrayList of IPAuthInfo objects. Cannot be null or empty.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setTodAccessInfo

public void setTodAccessInfo(PDContext context,
                             PDTodAccessInfo todAccessInfo,
                             PDMessages messages)
                      throws PDException

Sets the time-of-day (TOD) access policy for this POP object and also in the policy server.

This method corresponds to the ivadmin_pop_settod() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

todAccessInfo - PDTodAccessInfo object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAttributeValue

public void setAttributeValue(PDContext context,
                              java.lang.String attributeName,
                              java.lang.String attributeValue,
                              PDMessages messages)
                       throws PDException

Sets the value of an extended attribute in this POP object and also in the policy server. If the attribute already exists, then the specified value is added if it does not already exist. Duplicate values for the attribute name are not allowed, and no error is returned in that case.

This method implements the function provided by the ivadmin_pop_attrput() C API. In addition it sets the value of an extended attribute in the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

attributeValue - value of the attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttribute

public void deleteAttribute(PDContext context,
                            java.lang.String attributeName,
                            PDMessages messages)
                     throws PDException

Deletes an extended attribute from this POP object and also from the policy server. Returns error if the attribute does not exist.

This method implements the function provided by the ivadmin_pop_attrdelkey() C API. In addition it deletes an extended attribute from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttributeValue

public void deleteAttributeValue(PDContext context,
                                 java.lang.String attributeName,
                                 java.lang.String attributeValue,
                                 PDMessages messages)
                          throws PDException

Deletes a value for an extended attribute from the local POP object and also from the policy server. Returns error if the attribute or the attribute value does not exist.

This method implements the function provided by the ivadmin_pop_attrdelval() C API. In addition it deletes a value for an extended attribute from the current object.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

attributeValue - String value of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getId

public java.lang.String getId()
                       throws PDException

Gets the POP name from this object.

This method implements the function provided by the ivadmin_pop_getid() C API.

Returns:

name of the POP from this object.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getDescription

public java.lang.String getDescription()
                                throws PDException

Gets the POP's description from this object.

This method implements the function provided by the ivadmin_pop_getdescription() C API.

Returns:

description for the POP from this object. Cannot be null. Will return an empty string if no description was set prior to this call.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getQOP

public java.lang.String getQOP()
                        throws PDException

Gets the POP's quality-of-protection policy from this object.

This method implements the function provided by the ivadmin_pop_getqop() C API.

Returns:

QOP policy for the POP from this object. Cannot be null. Will return one of the PDPOP_QOP_* String constants. Will return the PDPOP_QOP_NONE String constant if QOP was not set explicitly before invoking this method.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getWarningMode

public boolean getWarningMode()
                       throws PDException

Gets the POP's warning mode policy from this object.

This method implements the function provided by the ivadmin_pop_getwarnmode() C API.

Returns:

Warning mode policy for the POP from this object. Returns true if warning mode policy is enabled. Returns false if warning mode policy is disabled.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getAuditLevel

public long getAuditLevel()
                   throws PDException

Gets the POP's audit level policy from this object.

This method implements the function provided by the ivadmin_pop_getauditlevel() C API.

Returns:

audit level policy for the POP from this object. Cannot be null. Will return the PDPOP_AUDIT_LEVEL_NONE constant if audit level policy was not set explicitly before invoking this method. Otherwise, will return the current value of audit level.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getIPAuthInfo

public java.util.ArrayList getIPAuthInfo()
                                  throws PDException

Gets the POP's IP authentication level policy from this object.

This method implements the function provided by the ivadmin_pop_getipauth() and ivadmin_pop_getanyothernw() C APIs.

Returns:

ArrayList of IP authentication level policies for the POP from this object. The very first entry in this ArrayList represents the IP authentication level policy for any other network for which this policy is not set explicitly.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getTodAccessInfo

public PDTodAccessInfo getTodAccessInfo()
                                 throws PDException

Gets the POP's time-of-day (TOD) access policy from this object.

This method implements the function provided by the ivadmin_pop_gettod() C API.

Returns:

PDTodAccessInfo object from this POP object. Returns the default time-of-day information if the TOD policy was not set explicitly before invoking this method.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getAttributeNames

public java.util.ArrayList getAttributeNames()
                                      throws PDException

Gets the names of the extended attributes from this object.

This method implements the function provided by the ivadmin_pop_attrlist() C API.

Returns:

an ArrayList of strings that are the names of the extended attributes from this object. Empty ArrayList if this object has no extended attributes.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getAttributeValues

public java.util.ArrayList getAttributeValues(java.lang.String attributeName)
                                       throws PDException

Gets the values of an extended attribute from this object.

This method implements the function provided by the ivadmin_pop_attrget() C API.

Parameters:

attributeName - name of the extended attribute.

Returns:

an ArrayList of strings that are the values of the specified extended attribute name in this object. Empty ArrayList if there are no values for the specified attribute name.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

toString

public java.lang.String toString()

Returns a String representation of this object.

Overrides:

toString in class java.lang.Object

clone

public java.lang.Object clone()

Returns a copy of this object.

Overrides:

clone in class java.lang.Object

equals

public boolean equals(java.lang.Object obj)

Determines whether this PDPop is equivalent to the input object.

Overrides:

equals in class java.lang.Object

createPop

public static void createPop(PDContext context,
                             java.lang.String id,
                             java.lang.String description,
                             PDAttrs attributes,
                             PDMessages messages)
                      throws PDException

Creates a POP in the policy server. The default values for the POP policies when a POP is created are as follows:

• Audit level policy is set to PDPOP_AUDIT_LEVEL_NONE.
• Quality of protection policy is set to PDPOP_QOP_NONE.
• IP authentication level is zero for all IP addresses and netmask values.
• PDTodAccessInfo is set to all days of the week, anytime, local timezone.
• Warning mode policy is set to false.

This method is equivalent to the ivadmin_pop_create() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP to be created. Cannot be null.

description - description of the POP to be created. Will be supported in the future. For now, pass a null value for this parameter. Use the setDescription() method to set the description for the POP.

attributes - Extended attributes for this POP, implemented as PDAttrs objects. Will be supported in the future. For now, pass a null value for this parameter. Use the setAttributeValue() method to set the attributes for the POP.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

createPop

public static void createPop(PDContext context,
                             java.lang.String id,
                             java.lang.String description,
                             PDAttrs attributes,
                             PDMessages messages)
                      throws PDException

Deprecated. As of IBM Tivoli Access Manager for e-business v5.1, this method is replaced with the createPop(PDContext,String,String,com.tivoli.pd.jutil.PDAttrs,PDMessages) method.

Creates a POP in the policy server. The default values for the POP policies when a POP is created are as follows:

• Audit level policy is set to PDPOP_AUDIT_LEVEL_NONE.
• Quality of protection policy is set to PDPOP_QOP_NONE.
• IP authentication level is zero for all IP addresses and netmask values.
• PDTodAccessInfo is set to all days of the week, anytime, local timezone.
• Warning mode policy is set to false.

This method is equivalent to the ivadmin_pop_create() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP to be created. Cannot be null.

description - description of the POP to be created. Will be supported in the future. For now, pass a null value for this parameter. Use the setDescription() method to set the description for the POP.

attributes - Extended attributes for this POP, implemented as PDAttrs objects. Will be supported in the future. For now, pass a null value for this parameter. Use the setAttributeValue() method to set the attributes for the POP.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

listPops

public static java.util.ArrayList listPops(PDContext context,
                                           PDMessages messages)
                                    throws PDException

Returns a list of names of all POP objects existing in the policy server.

This method is equivalent to the ivadmin_pop_list() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Returns:

an ArrayList of strings that correspond to the names of all the POPs. Since there are no POPs that are created by default, this list could be empty.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deletePop

public static void deletePop(PDContext context,
                             java.lang.String id,
                             PDMessages messages)
                      throws PDException

Deletes the specified POP from the policy server.

This method is equivalent to the ivadmin_pop_delete() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP to be deleted. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setDescription

public static void setDescription(PDContext context,
                                  java.lang.String id,
                                  java.lang.String newDescription,
                                  PDMessages messages)
                           throws PDException

Sets the descriptive string for the specified POP in the policy server.

This method implements the function provided by the ivadmin_pop_setdescription() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

newDescription - the new description. The description may not be null; use the empty String to clear the existing description.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setQOP

public static void setQOP(PDContext context,
                          java.lang.String id,
                          java.lang.String qop,
                          PDMessages messages)
                   throws PDException

Sets the quality of protection (QOP) policy for the specified POP in the policy server.

This method implements the function provided by the ivadmin_pop_setqop() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

qop - QOP policy for the POP. Needs to be one of the PDPOP_QOP_* string constants defined in this class. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setWarningMode

public static void setWarningMode(PDContext context,
                                  java.lang.String id,
                                  boolean warningMode,
                                  PDMessages messages)
                           throws PDException

Sets the value for the warning-mode policy for the specified POP in the policy server.

This method implements the function provided by the ivadmin_pop_setwarnmode() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

warningMode - true, if warning mode policy is enabled, false, if warning mode policy is disabled.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAuditLevel

public static void setAuditLevel(PDContext context,
                                 java.lang.String id,
                                 long auditLevel,
                                 PDMessages messages)
                          throws PDException

Sets the audit level policy for this POP in the policy server.

This method implements the function provided by the ivadmin_pop_setauditlevel() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

auditLevel - audit level policy for the POP. Can be one of the PDPOP_AUDIT_LEVEL_* constants, or a logical OR operation on these constants.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setIPAuthInfo

public static void setIPAuthInfo(PDContext context,
                                 java.lang.String id,
                                 java.util.ArrayList ipAuthInfo,
                                 PDMessages messages)
                          throws PDException

Sets the IP authentication level policy for this POP in the policy server.

This method implements the function provided by the ivadmin_pop_setipauth(), ivadmin_pop_setipauth_forbidden(), ivadmin_pop_setanyothernw() and ivadmin_pop_setanyothernw_forbidden() C APIs.

Entries in the passed-in ArrayList that correspond to an IP address and netmask for which the IP authentication policy has already been set are ignored. To reset the IP authentication policy for such an entry, first remove the entry, and then set it. This applies when IPAuthLevel is set to PDPOP_IPAUTH_LEVEL_FORBIDDEN_ALL_NETWORKS as well.

Note that the input IP address is ANDed with the input netmask before it is stored, and this value is what is returned by the getIPAuthInfo() method.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

ipAuthInfo - ArrayList of IPAuthInfo objects. Cannot be null or empty.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setIPAuthAnyothernw

public static void setIPAuthAnyothernw(PDContext context,
                                       java.lang.String id,
                                       long authLevel,
                                       PDMessages messages)
                                throws PDException

Modifies the anyothernw authentication level in the policy server

Parameters:

context - the context for communicating with policy server Cannot be null.

id - name of the POP Cannot be null.

authLevel - New authentication level for the anyothernw Cannot be null.

messages - in/out parameter; empty PDMesages on input; might contain zero or more informational or warning messages on output Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

getIPAuthAnyothernw

public static long getIPAuthAnyothernw(PDContext context,
                                       java.lang.String id,
                                       PDMessages messages)
                                throws PDException

Get the authentication level for the anyothernw.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

removeIPAuthInfo

public static void removeIPAuthInfo(PDContext context,
                                    java.lang.String id,
                                    java.util.ArrayList ipAuthInfo,
                                    PDMessages messages)
                             throws PDException

Removes the IP authentication level policy for this POP in the policy server.

This method implements the function provided by the ivadmin_pop_removeipauth() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

ipAuthInfo - ArrayList of IPAuthInfo objects. Cannot be null or empty.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setTodAccessInfo

public static void setTodAccessInfo(PDContext context,
                                    java.lang.String id,
                                    PDTodAccessInfo todAccessInfo,
                                    PDMessages messages)
                             throws PDException

Sets the time-of-day (TOD) access policy for the specified POP in the policy server.

This method corresponds to the ivadmin_pop_settod() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

todAccessInfo - PDTodAccessInfo object. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

setAttributeValue

public static void setAttributeValue(PDContext context,
                                     java.lang.String id,
                                     java.lang.String attributeName,
                                     java.lang.String attributeValue,
                                     PDMessages messages)
                              throws PDException

Sets the value of an extended attribute for the specified POP in the policy server. If the attribute already exists, then the specified value is added if it does not already exist. Duplicate values for the attribute name are not allowed, and no error is returned in that case.

This method implements the function provided by the ivadmin_pop_attrput() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

attributeValue - value of the attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttribute

public static void deleteAttribute(PDContext context,
                                   java.lang.String id,
                                   java.lang.String attributeName,
                                   PDMessages messages)
                            throws PDException

Deletes the extended attribute for the specified POP in the policy server. Returns error if the attribute does not exist.

This method implements the function provided by the ivadmin_pop_attrdelkey() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.

deleteAttributeValue

public static void deleteAttributeValue(PDContext context,
                                        java.lang.String id,
                                        java.lang.String attributeName,
                                        java.lang.String attributeValue,
                                        PDMessages messages)
                                 throws PDException

Deletes a value for an extended attribute for the specified POP in the policy server. Returns error if the attribute or the attribute value does not exist.

This method implements the function provided by the ivadmin_pop_attrdelval() C API.

Parameters:

context - the context for communicating with the policy server. Cannot be null.

id - name of the POP. Cannot be null.

attributeName - name of the extended attribute. Cannot be null.

attributeValue - value of the extended attribute. Cannot be null.

messages - in/out parameter; empty PDMessages on input; might contain zero or more informational or warning messages on output. Cannot be null.

Throws:

PDException - if an error occurs. This exception might contain error and message codes defined in the product Error Message Reference document.