Programming Guides › Programming Guide for Java › Java Authentication and Authorization Guidance

Java Authentication and Authorization Guidance

This section contains the following topics:

Configuration of All Custom Classes

Custom Java Classes for Authentication and Authorization

Required Library File

Shared Information

Common Classes

Custom Authentication Scheme Creation Uisng Java

Use the Authorization API

Configuration of All Custom Classes

The following configuration information applies to all custom authentication schemes and active expressions implemented with the Java Authentication API and Java Authorization API:

• The library name is always smjavaapi.
• In the parameter field, the first item must be the name of the custom class you implemented with the Authentication API or Authorization API, as follows:
  • With authentication schemes, specify the name of the class you implemented from the base interface SmAuthScheme. The class name should include the fully qualified package name, such as:

    com.myorg.sdk.myclass

  • With active policies, active rules, and active responses, specify the name of the class you implemented from the base interface ActiveExpression.
• If any parameters are specified in the parameter field after the class name, the class name is separated from the parameters list by a space character.

  When SiteMinder calls the methods in an instance of your custom class, it passes the specified parameters. The class name is not passed. The parameters are passed as a single string. If the string contains multiple parameters, the parameters can be delimited in any way that the custom class requires.

• The class file specified in the parameter field must be referenced in the classpath directive of the JVMOptions.txt configuration file. This file is located in Netegrity/SiteMinder/Config within the SiteMinder installation path.
• With active expressions, the function name (that is, the entry point for the smjavaapi library file) is always JavaActiveExpression.

Custom Java Classes for Authentication and Authorization

The basic steps for implementing and deploying custom authentication or authorization classes are as follows:

1. Implement the custom authentication or authorization class using the Authentication or Authorization API and the common classes.
2. Deploy the custom class or jar file on the Policy Server machine, and specify its location in the classpath directive of the JVMOptions.txt file. This file is located in Netegrity/siteminder/config within the SiteMinder installation path.
3. Configure the custom authentication or authorization functionality in the Policy Server User Interface.

Required Library File

All custom authentication and authorization classes use the same library file—smjavaapi. This library file is included with the Policy Server. You do not have to modify this library file. You simply reference it when you are configuring your custom authentication or authorization class.

Shared Information

Custom authentication and authorization objects may sometimes need to communicate request-specific information between themselves, such as to preserve state between object instances. These objects can share information through AppSpecificContext, which is retrieved through ApiContext. ApiContext is one of the common classes that is passed to both authentication and authorization objects.

Information shared through AppSpecificContext has request-only scope. For example, a custom object running in the context of an authentication request cannot exchange information with an object running in the context of an authorization request.

Common Classes

The following classes are used by both the Authentication API and the Authorization API. The services that these classes provide include:

• Sending logging, tracing, and error messages to the Policy Server
• Providing a mechanism for custom authentication and authorization objects to share information
• Making user context information available to authentication and authorization objects

The following table summarizes the common classes: