Overview

Overview

Package

Class

Tree

Deprecated

Index

Help

PREV NEXT

FRAMES NO FRAMES

Provides the Java classes and methods necessary for performing authorization and administration functions in Security Access Manager (formerly known as Tivoli Access Manager).

See:
Description

Packages
com.tivoli.mts
com.tivoli.pd.jadmin
com.tivoli.pd.jazn
com.tivoli.pd.jutil
com.tivoli.pd.rgy
com.tivoli.pd.rgy.authz
com.tivoli.pd.rgy.exception
com.tivoli.pd.rgy.ldap
com.tivoli.pd.rgy.util

Provides the Java classes and methods necessary for performing authorization and administration functions in Security Access Manager (formerly known as Tivoli Access Manager).

Description

The Java administration and authorization classes and methods are implemented completely in the Java language. The Java methods do not use the existing C APIs to perform their function.

Java Authorization

The Java authorization methods are defined in the following Java classes.

The PDLoginModule class handles the authentication of a Security Access Manager user using the Java Authentication and Authorization Service (JAAS) and creates a PDPrincipal object containing the Security Access Manager user's credentials when authentication is successful.
The PDPrincipal class implements the Principal interface and contains the credentials of an authenticated Security Access Manager user.
The PDPermission class represents an authorization permission for accessing a resource object in the secure domain.
The PDStatics class defines the constants used by the authorization methods.

Java Administration

The Java administration classes and methods communicate directly with the policy server and provide similar function as the ivadmin_ C APIs and the pdadmin command line interface (CLI). The Java administration methods are defined in the following classes.

Java Application Configuration

Java applications that use Security Access Manager security must be configured into a Security Access Manager secure domain. Security Access Manager provides a utility class called com.tivoli.pd.jcfg.SvrSslCfg that can be used to accomplish the necessary configuration and unconfiguration tasks. The SvrSslCfg program provides services similar to those provided to C applications by the svrsslcfg command line interface (CLI). Only use the SvrSslCfg program for configuring a Java application. The SvrSslCfg Java configuration program is documented in the Security Access Manager Authorization Java Classes Developer's Reference.

General

The PDAdmin class is used to perform initialization and shut down operations associated with using the Security Access Manager administration classes and methods.
The PDContext class encapsulates the communication session between the application and the Security Access Manager policy server.
The PDDomain class represents a data domain within the Security Access Manager installation. Users and processes must be authenticated to a domain in order to access data within it.

User and Group Related

The PDUser class represents a user in the Security Access Manager policy server.
The PDGroup class represents a group in the Security Access Manager policy server.
The PDPolicy class represents policy information that is associated with a particular Security Access Manager user or, in the case of the global policy, that is associated with all users.

Access Control List Related

The PDAcl class represents an access control list, or ACL, which consists of a list of ACL entries.
The PDAclEntry class represents an entry in an access control list (ACL).
The PDAclEntryAnyOther class represents the any-other ACL entry.
The PDAclEntryGroup class represents a group ACL entry.
The PDAclEntryUnAuth class represents the unauthenticated ACL entry.
The PDAclEntryUser class represents a user ACL entry.

Protected Object Policies (POP) Related

The PDPop class represents a protected object policy (POP) which can be attached to a protected object.

Action and Action Group Related

The PDAction class represents a given permission.
The PDActionGroup class represents a collection of PDAction objects.

Authorization Rule Related

The PDAuthzRule class represents a Security Access Manager authorization rule. The evaluation of an authorization rule helps to determine the access authorization to a protected object.

Object Related

The PDProtObject class represents a protected object. A protected object represents a resource to be protected. A protected object may have an access control list (ACL) attached to it. It may also have a protected object policy (POP) or an authorization rule attached to it.
The PDProtObjectSpace class allows the manipulation of object spaces within the Security Access Manager policy server. An object space is a logical grouping of protected objects representing a set of related resources to be protected.

User Registry Related

The PDRgyGroupName class represents the name of a Security Access Manager group in the underlying user registry.
The PDRgyUserName class represents the name of a Security Access Manager user in the underlying user registry.
The PDRgyName class represents the name of a Security Access Manager object in the underlying user registry. This object is either a Security Access Manager user or a Security Access Manager group.

Server Configuration Related

The PDAppSvrSpecLocal and PDAppSvrSpecRemote classes are used to specify configuration information for Security Access Manager Java application servers.
The PDAppSvrConfig class is used to create, delete, and change the configuration for a Security Access Manager Java application server.
The PDSvrInfo class is used to specify a Security Access Manager policy or authorization server and is used when creating or changing the configuration of a Java application server.
The PDAppSvrInfo class is used to retrieve and view a Security Access Manager Java application server's configuration information.

Server Related

The PDServer class represents a Security Access Manager policy server, authorization server, or other application server.

Resource Related

The PDSSOResource class represents a Security Access Manager single sign-on (SSO) resource.
The PDSSOResourceGroup class represents a Security Access Manager single sign-on (SSO) resource group.
The PDSSOCred class represents a Security Access Manager single sign-on (SSO) resource credential.
The CredID class represents the credential identification information in each member of the list returned by the PDSSOCred.listSSOCreds method.
The CredInfo class represents the credential information in each member of the list returned by the PDSSOCred.listAndShowSSOCreds method.

Utility Classes

The PDException class creates an exception to reflect that an error or other unexpected condition occurred.
The PDMessage class represents a single Security Access Manager message and includes the message code, severity, and the localized message text.
The PDMessages class represents a list of Security Access Manager messages.

Local Management API

The LdapRgyRegistryFactory class creates instances of an LDAP implementation of the RgyRegistry interface to directly manage Security Access Manager users, groups, and user policy with some limitations. Specific options to com.tivoli.pd.jcfg.SvrSslCfg can be used to enable use of this API in conjunction with the current API.

Common Classes

The following classes provide common functions used in both the Java authorization and administration classes.

The PDAttrs class represents a list of Security Access Manager attributes.
The PDAttrValue class represents the value of a Security Access Manager attribute.
The PDAttrValues class represents a collection of values for a particular Security Access Manager attribute. This collection is unordered and does not allow duplicates.
The PDAttrValueList class represents a collection of values for a particular Security Access Manager attribute. This collection is ordered and allows duplicates.
The PDAdmSvcPobj class represents a protected object backed by an authorization administration service.