Tagged: authorization, client api, java, realm
This topic has 2 replies, 2 voices, and was last updated 5 years, 11 months ago by Rogerio Rondini.
-
AuthorPosts
-
July 26, 2016 at 4:04 pm #12231
full2
ParticipantHello:
I am using the Java Client API from a desktop aplication writing in java.
After authentication in a specific realm; I want to use the Authorization, PolicyEvaluator. I would like to use a policy made in a PolicySet under some specific realm I have defined.But when using the Policy Evalutor, like in https://forgerock.org/openam/doc/bootstrap/dev-guide/index.html#sec-policy-decisions; I would like to specify a “PolicySet” (in the source code it is called ServiceName, I believe it corresponds with the old “aplication name” in OAm 12; in OAm 13 it is called PolicySet).
But I got “Unable to retrieve application under realm /.”
It seems it does not find the PolicySet if it not located under the “/” realm.
If I enter as a serviceName a PolicySet under the “/” realm, it works ok.I authenticate sucessfull against the realm I want, but I cant access the Policy under the PolicySet under the realm I want.
In summary: How do I Authorize using the PolicySet “PolicySet1” made under the realm “realm1”?
It seems to me that the only thing I can specify is the name of the PolicySet, and it seems to me it must be defined under the “/” realm.Example Pseudo code:
PolicyEvaluator pe = PolicyEvaluatorFactory.getInstance().getPolicyEvaluator(policySet);
PolicyDecision pd = pe.getPolicyDecision(token, fullResouceName, actionSet, env);
System.out.println(“policyDecision:” + pd.toXML());Thanks.
July 29, 2016 at 3:42 pm #12323full2
ParticipantNobody?
:-(
Oh, and I am sorry by my spelling mistakes:
“I am using the Java Client API from a desktop aplication **wrote** in java.”
“It seems it does not find the PolicySet if it **is** not located under the “/” realm.”July 29, 2016 at 5:05 pm #12328Rogerio Rondini
ParticipantSo.. I went to JavaDoc and I can`t found the answer. Actually, I never had used Client SDK to evaluate policy and I know you can do it using REST API.
My suggestion is to create ServiceName in the top Realm and use Referrals to delegate evaluation to subrealm.
-
AuthorPosts
You must be logged in to reply to this topic.