likegene
- 浏览: 7293 次
- 性别:
- 来自: 安徽
-
最新评论
To develop Java applications that use the Tivoli Access Manager
administration
API, you must install and configure the required software.
I. Tivoli Access Manager software requirements
You must
install and configure secure domain. If you do not have secure
domain
installed, install one before beginning application development. The minimum
installation consists of a single system with the following Tivoli Access Manager
components installed:
1 Tivoli Access Manager runtime environment
2 Tivoli Access Manager Java runtime component
3 Tivoli Access Manager policy server
4 Tivoli Access Manager ADK
If you already have an Tivoli Access Manager secure domain installed and want to
add a development system to the domain, the minimum Tivoli Access Manager
installation consists of the following components:
1 Tivoli Access Manager runtime environment
2 Tivoli Access Manager Java runtime component
3 Tivoli Access Manager ADK
Notes.
1. The installation of Tivoli Access Manager requires the installation of the Tivoli
Access Manager runtime component. This runtime component is not required
for developing or deploying Java applications. In this specific situation, you can
reclaim the disk space that is used by the Tivoli Access Manager ADK and
runtime components while saving the Javadoc HTML information and the
example files from the ADK component.
To reclaim this disk space, copy the Javadoc information, consisting of the
entire AM_BASE/nls/javadocs directory tree, and copy the sample Java
program, in the AM_BASE/example directory tree, to another location on your
development system and then uninstall the Tivoli Access Manager ADK and
runtime components.
2. If you intend to use the Tivoli Access Manager runtime environment for an
administration C API application, you also must install the IBM Directory client
if an LDAP or Lotus
? Domino? server is being used as the user registry in the
secure domain.
II. Configuration of the Java runtime component to a particular Java runtime environment
Configure the Access Manager Runtime for Java component to use the proper JRE
on the system by using the pdjrtecfg command. The Tivoli Access Manager Java
runtime component can be configured to several different JREs on the same
system, if required. See the IBM Tivoli Access Manager for e-business: Installation
Guide for details.
III. Configuration of the Java administration classes
The com.tivoli.pd.jcfg.SvrSslCfg Java class must be used to configure the
administration Java APIs. See the IBM Tivoli Access Manager for e-business:
Authorization Java Classes Developer Reference for details on the SvrSslCfg utility.
Notes:
1. Do not use the svrsslcfg command-line interface to create configuration files
that are to be used with Java applications.
2. The com.tivoli.mts.SvrSslCfg class provided in previous versions of Tivoli
Access Manager and IBM SecureWay? Policy Director has been deprecated. Use
the new com.tivoli.pd.jcfg.SvrSslCfg class instead.
IV. Security requirements
To run a Java application in the context of a Java security manager, the application
must have proper Java permissions to use the administration Java APIs. If the
application is not installed as a Java extension in the JAVA_HOME/lib/ext
directory, an entry must be added to the JAVA_HOME/lib/security/java.policy file.
To grant the necessary permission to the Java applications located in the
/sb/pdsb/export/classes directory, and all its subdirectories, the necessary Java
permissions to use authorization Java classes and methods, add a statement like
the following to the java.policy file:
// Give applications in /sb/pdsb/export/classes and
// its subdirectories access to the Access Manager
// Administration APIs
grant codeBase "file:/sb/pdsb/export/classes/-" {
permission javax.security.auth.AuthPermission "PDAdmin";
};
Invoke administration Java classes and methods from a privileged block,
doPrivileged(), to alleviate the need for the application callers to have this Java
permission as well.
The PD.jar file is signed, but verification of the signing of JAR files is not
supported in this version of Tivoli Access Manager.
1.rhel-server-5.3-x86_64 for java developer(An Tivoli Access Manager secure domain installed on other system,eg. tam host)
(all need patchs can be found in )IBM Tivoli Access Manager Base for Linux on x86 v6.1.1
Tivoli Access Manager runtime environment and Tivoli Access Manager ADK is optional installed;
1. Install ibm-java2-i386-sdk-5.0-5.0.i386.rpm
rpm -ivh libXp-1.0.0-8.i386.rpm
rpm -ivh compat-libstdc++-33-3.2.3-61.i386.rpm
rpm -ivh ibm-java2-i386-sdk-5.0-5.0.i386.rpm
add jdk to environment:
~]# vi .bashrc
JAVA_HOME=/opt/ibm/java2-i386-50/bin
PATH=$JAVA_HOME:$PATH:.
export PATH
~]# source .bashrc
Notes: If you get the following error, you need disable SElinux and reboot system.
~]# java -version
Failed to find VM - aborting
]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
2.Tivoli Access Manager Java runtime component
TAM]# install_amjrte
3.Configuration of the Java administration classes
~]# java com.tivoli.pd.jcfg.SvrSslCfg -action config \
-admin_id sec_master \
-admin_pwd object00 \
-appsvr_id app1 \
-port 33333 \
-mode remote \
-host localhost \
-policysvr tam:7135:1 \
-authzsvr tam:7136:2 \
-cfg_file /opt/PolicyDirector/etc/app1.properties \
-domain Default \
-key_file /var/PolicyDirector/keytab/app1.ks \
-cfg_action create
4.
import java.util.*;
import java.net.URL;
import java.io.*;
import com.tivoli.pd.jutil.PDContext;
import com.tivoli.pd.jutil.PDMessage;
import com.tivoli.pd.jutil.PDMessages;
import com.tivoli.pd.jutil.PDRgyUserName;
import com.tivoli.pd.jutil.PDRgyGroupName;
import com.tivoli.pd.jutil.PDException;
import com.tivoli.pd.jadmin.*;
import com.tivoli.pd.nls.*;
public class PDAdminApp1
{
public static void main(String [] args) throws Exception
{
PDMessages msgs = new PDMessages();
//application name = {appsvrid}-{host}
String prog = "app1-localhost";
String adminName = "sec_master";
char[] adminPassword = "object00".toCharArray();
String configURLStr = "file:///opt/PolicyDirector/etc/app1.properties";
String rgySuffix = "c=us";
Locale locale = new Locale("ENGLISH", "US");
URL configURL = null;
System.out.println("Initializing PDAdmin...\n");
PDAdmin.initialize(prog, msgs);
processMsgs(msgs);
configURL = new URL(configURLStr);
System.out.println("Creating a context...\n");
PDContext ctxt = new PDContext(locale,
adminName,
adminPassword,
configURL);
String group = "TestGroup1";
String rgyGroup = "cn=" + group + "," + rgySuffix;
PDRgyGroupName pdRgyGroupName = new PDRgyGroupName(rgyGroup);
System.out.println("Creating a group...\n");
PDGroup.createGroup(ctxt,
group,
pdRgyGroupName,
null, // description
null, // container
msgs);
processMsgs(msgs);
String name = "DemoUser";
String firstName = "Demo";
String lastName = "User";
String password = "DemoPassword";
String description = "Demo Description";
String rgyName = "cn=" + name + "," + rgySuffix;
PDRgyUserName pdRgyUserName =
new PDRgyUserName(rgyName, firstName, lastName);
boolean ssoUser = false;
boolean pwdPolicy = true;
ArrayList groupList = new ArrayList();
groupList.add(group);
System.out.println("Creating a user...\n");
PDUser.createUser(ctxt,
name,
pdRgyUserName,
description,
password.toCharArray(),
groupList,
ssoUser,
pwdPolicy,
msgs);
processMsgs(msgs);
System.out.println("Getting a user...\n");
PDUser pdUser = new PDUser(ctxt,
name,
msgs);
processMsgs(msgs);
System.out.println("User " + name + ".isAccountValid: " +
pdUser.isAccountValid() + "\n");
System.out.println("Setting the user's account to valid using the instance set method ...\n");
pdUser.setAccountValid(ctxt, true, msgs);
processMsgs(msgs);
if (ctxt != null)
{
ctxt.close();
}
System.out.println("Shutting down PDAdmin...\n");
PDAdmin.shutdown(msgs);
processMsgs(msgs);
}
static void processMsgs(PDMessages msgs)
{
if (msgs.size() > 0)
{
System.out.println("Msgs are: " + msgs + "\n");
msgs.clear();
}
}
}
~]# javac PDAdminApp1
~]# java PDAdminApp1
installed, install one before beginning application development. The minimum
installation consists of a single system with the following Tivoli Access Manager
components installed:
1 Tivoli Access Manager runtime environment
2 Tivoli Access Manager Java runtime component
3 Tivoli Access Manager policy server
4 Tivoli Access Manager ADK
If you already have an Tivoli Access Manager secure domain installed and want to
add a development system to the domain, the minimum Tivoli Access Manager
installation consists of the following components:
1 Tivoli Access Manager runtime environment
2 Tivoli Access Manager Java runtime component
3 Tivoli Access Manager ADK
Notes.
1. The installation of Tivoli Access Manager requires the installation of the Tivoli
Access Manager runtime component. This runtime component is not required
for developing or deploying Java applications. In this specific situation, you can
reclaim the disk space that is used by the Tivoli Access Manager ADK and
runtime components while saving the Javadoc HTML information and the
example files from the ADK component.
To reclaim this disk space, copy the Javadoc information, consisting of the
entire AM_BASE/nls/javadocs directory tree, and copy the sample Java
program, in the AM_BASE/example directory tree, to another location on your
development system and then uninstall the Tivoli Access Manager ADK and
runtime components.
2. If you intend to use the Tivoli Access Manager runtime environment for an
administration C API application, you also must install the IBM Directory client
if an LDAP or Lotus
? Domino? server is being used as the user registry in the
secure domain.
II. Configuration of the Java runtime component to a particular Java runtime environment
Configure the Access Manager Runtime for Java component to use the proper JRE
on the system by using the pdjrtecfg command. The Tivoli Access Manager Java
runtime component can be configured to several different JREs on the same
system, if required. See the IBM Tivoli Access Manager for e-business: Installation
Guide for details.
III. Configuration of the Java administration classes
The com.tivoli.pd.jcfg.SvrSslCfg Java class must be used to configure the
administration Java APIs. See the IBM Tivoli Access Manager for e-business:
Authorization Java Classes Developer Reference for details on the SvrSslCfg utility.
Notes:
1. Do not use the svrsslcfg command-line interface to create configuration files
that are to be used with Java applications.
2. The com.tivoli.mts.SvrSslCfg class provided in previous versions of Tivoli
Access Manager and IBM SecureWay? Policy Director has been deprecated. Use
the new com.tivoli.pd.jcfg.SvrSslCfg class instead.
IV. Security requirements
To run a Java application in the context of a Java security manager, the application
must have proper Java permissions to use the administration Java APIs. If the
application is not installed as a Java extension in the JAVA_HOME/lib/ext
directory, an entry must be added to the JAVA_HOME/lib/security/java.policy file.
To grant the necessary permission to the Java applications located in the
/sb/pdsb/export/classes directory, and all its subdirectories, the necessary Java
permissions to use authorization Java classes and methods, add a statement like
the following to the java.policy file:
// Give applications in /sb/pdsb/export/classes and
// its subdirectories access to the Access Manager
// Administration APIs
grant codeBase "file:/sb/pdsb/export/classes/-" {
permission javax.security.auth.AuthPermission "PDAdmin";
};
Invoke administration Java classes and methods from a privileged block,
doPrivileged(), to alleviate the need for the application callers to have this Java
permission as well.
The PD.jar file is signed, but verification of the signing of JAR files is not
supported in this version of Tivoli Access Manager.
1.rhel-server-5.3-x86_64 for java developer(An Tivoli Access Manager secure domain installed on other system,eg. tam host)
(all need patchs can be found in )IBM Tivoli Access Manager Base for Linux on x86 v6.1.1
Tivoli Access Manager runtime environment and Tivoli Access Manager ADK is optional installed;
1. Install ibm-java2-i386-sdk-5.0-5.0.i386.rpm
rpm -ivh libXp-1.0.0-8.i386.rpm
rpm -ivh compat-libstdc++-33-3.2.3-61.i386.rpm
rpm -ivh ibm-java2-i386-sdk-5.0-5.0.i386.rpm
add jdk to environment:
~]# vi .bashrc
JAVA_HOME=/opt/ibm/java2-i386-50/bin
PATH=$JAVA_HOME:$PATH:.
export PATH
~]# source .bashrc
Notes: If you get the following error, you need disable SElinux and reboot system.
~]# java -version
Failed to find VM - aborting
]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
2.Tivoli Access Manager Java runtime component
TAM]# install_amjrte
3.Configuration of the Java administration classes
~]# java com.tivoli.pd.jcfg.SvrSslCfg -action config \
-admin_id sec_master \
-admin_pwd object00 \
-appsvr_id app1 \
-port 33333 \
-mode remote \
-host localhost \
-policysvr tam:7135:1 \
-authzsvr tam:7136:2 \
-cfg_file /opt/PolicyDirector/etc/app1.properties \
-domain Default \
-key_file /var/PolicyDirector/keytab/app1.ks \
-cfg_action create
4.
import java.util.*;
import java.net.URL;
import java.io.*;
import com.tivoli.pd.jutil.PDContext;
import com.tivoli.pd.jutil.PDMessage;
import com.tivoli.pd.jutil.PDMessages;
import com.tivoli.pd.jutil.PDRgyUserName;
import com.tivoli.pd.jutil.PDRgyGroupName;
import com.tivoli.pd.jutil.PDException;
import com.tivoli.pd.jadmin.*;
import com.tivoli.pd.nls.*;
public class PDAdminApp1
{
public static void main(String [] args) throws Exception
{
PDMessages msgs = new PDMessages();
//application name = {appsvrid}-{host}
String prog = "app1-localhost";
String adminName = "sec_master";
char[] adminPassword = "object00".toCharArray();
String configURLStr = "file:///opt/PolicyDirector/etc/app1.properties";
String rgySuffix = "c=us";
Locale locale = new Locale("ENGLISH", "US");
URL configURL = null;
System.out.println("Initializing PDAdmin...\n");
PDAdmin.initialize(prog, msgs);
processMsgs(msgs);
configURL = new URL(configURLStr);
System.out.println("Creating a context...\n");
PDContext ctxt = new PDContext(locale,
adminName,
adminPassword,
configURL);
String group = "TestGroup1";
String rgyGroup = "cn=" + group + "," + rgySuffix;
PDRgyGroupName pdRgyGroupName = new PDRgyGroupName(rgyGroup);
System.out.println("Creating a group...\n");
PDGroup.createGroup(ctxt,
group,
pdRgyGroupName,
null, // description
null, // container
msgs);
processMsgs(msgs);
String name = "DemoUser";
String firstName = "Demo";
String lastName = "User";
String password = "DemoPassword";
String description = "Demo Description";
String rgyName = "cn=" + name + "," + rgySuffix;
PDRgyUserName pdRgyUserName =
new PDRgyUserName(rgyName, firstName, lastName);
boolean ssoUser = false;
boolean pwdPolicy = true;
ArrayList groupList = new ArrayList();
groupList.add(group);
System.out.println("Creating a user...\n");
PDUser.createUser(ctxt,
name,
pdRgyUserName,
description,
password.toCharArray(),
groupList,
ssoUser,
pwdPolicy,
msgs);
processMsgs(msgs);
System.out.println("Getting a user...\n");
PDUser pdUser = new PDUser(ctxt,
name,
msgs);
processMsgs(msgs);
System.out.println("User " + name + ".isAccountValid: " +
pdUser.isAccountValid() + "\n");
System.out.println("Setting the user's account to valid using the instance set method ...\n");
pdUser.setAccountValid(ctxt, true, msgs);
processMsgs(msgs);
if (ctxt != null)
{
ctxt.close();
}
System.out.println("Shutting down PDAdmin...\n");
PDAdmin.shutdown(msgs);
processMsgs(msgs);
}
static void processMsgs(PDMessages msgs)
{
if (msgs.size() > 0)
{
System.out.println("Msgs are: " + msgs + "\n");
msgs.clear();
}
}
}
~]# javac PDAdminApp1
~]# java PDAdminApp1
分享到:
发表评论
相关推荐
《VMware vSphere: Install, Configure, Manage v5.1》是面向IT专业人员的高级培训资料,旨在帮助用户深入了解并掌握VMware vSphere 5.1的核心功能和技术要点。本书不仅适用于希望获得VMware Certified Professional...
VMware vSphere Install Configure Manage V6.5_lab manual
VMware vSphere:Install,Configure,Manage vcp有实验手册-VSICM7-LAB-IE VMware vSphere:Install,Configure,Manage vcp有实验手册-VSICM7-LAB-IE
vmware-vsphere-install-configure-manage-v70
Java Excel API是一个强大的工具,允许Java开发者方便地读取、写入和操作Microsoft Excel文件。在Eclipse这样的集成开发环境中,使用Java Excel API可以轻松处理各种Excel数据操作任务。本教程将详细介绍如何在...
The book starts with an introduction to the Apache Spark 2.x ecosystem, followed by explaining how to install and configure Spark, and refreshes the Java concepts that will be useful to you when ...
Instructions on how to download and install the JavaMail API are contained in the course. In addition, you will need a development environment such as the JDK 1.1.6+ or the Java 2 Platform, Standard...
1. Set the scopes required for the API you are going to call ```php $client->addScope(Google_Service_Drive::DRIVE); ``` 1. Set your application's redirect URI ```php // Your redirect URI can ...
如果出现错误提示“无法创建一般文件”,请先创建`/usr/local/jpeg6/lib`目录再重新执行`make install-lib`。 - **libpng**:用于处理PNG图像 ```bash tar zxvf libpng-1.2.43.tar.gz cd libpng-1.2.43 ./...
压缩包里面的目录结构 [root@a]# tree . ├── be │ ├── Dockerfile │ └── resource │ ├── apache-doris-1.2.4.1-bin-x86_64.tar.xz │ ├── entry_point.sh │ ├── init_be.sh ...
VMware NSX Install, Configure, Manage [V6.2] Student Lab Manual
然而,由于其并非专用的Java IDE,因此在处理Java项目时可能会遇到一些特定问题,如标题中所述的"Java 11 or more recent is required to run. Please download and install a recent JDK"这一报错信息。 这个错误...
6.8.1 Packet Tracer - Configure NAT for IPv4 Cisco Packet Tracer 思科模拟器 正确答案文件 可直接上交正确答案文件 本答案版权归mewhaku所有,严禁再次转载!!! Copyright @mewhaku 2022 All Rights ...
VMware_vSphere:Install、Configure、Manager_14_InstallvSphereComponents
VMware_vSphere:Install、Configure、Manager_06_Storage
- **Overview**: Provides insights into the internal structure of Java class files and the bytecode format, essential for understanding how the JVM executes Java code. - **Key Areas**: - **Class File ...
谷歌java格式 google-java-format是一个重新格式化 Java 源代码以符合 Google Java Style的程序。 使用格式化程序 从命令行 下载格式化程序 并运行它: java -jar /path/to/google-java-format-${GJF_VERSION?}-all...
原厂培训材料, 12 PPTX ...You must know how to install and configure VMware ESXi™ hosts and VMware vCenter Server™. You must also know how to manage ESXi hosts and virtual machines with vCenter Server.
How you configure Iscsi target using starwind free Nas software & configure Iscsi initiator on Oracle Linux 6.4
Java Docker API Client. To start using docker-java , you need to add at least two dependencies. You will need an instance of DockerClientConfig to tell the library how to access Docker, which ...