Table Of Contents
This guide provides guidelines for using the Policy Enforcement Point (PEP) and Policy Administration Point (PAP) APIs, as well as instructions for configuring the PEP agent and Java Server Page (JSP) tag libraries. You can make use of old and new APIs as well as new APIs for this purpose.
The PEP APIs provide an interface to query the entitlements from the PDP. A set of classes, methods, and operations are defined in the PEP APIs for the purpose of enforcing entitlements created within the administration console.
In CEPM, the PEP APIs are implemented in two ways:
•By writing function calls within a protected application using old PEP APIs. These function calls, when invoked, make policy decision requests to the Policy Decision Points (PDPs). Refer to Chapter 2 "PEP API Quick Start Guide" for (old) PEP API implementation.
•By using a generic method called getAuthorizedDecisions() which takes SOAP requests. Refer to "Exercise 9: getAuthorizedDecisions()".
The PAP APIs provide an interface for programmatically leveraging all of the administrative functions available from the administration console. These APIs can be used to create custom administration consoles that manage CEPM users, groups, roles, rules, and policies. Additionally, the PAP APIs can be used to create scripts to facilitate the process of migrating users, roles, and resources into the policy administration console.
The PEP tag libraries can be used as an alternative to the PEP APIs for JSP applications.
Please refer to PAP and PEP Javadocs for full set of
Before you can use the PEP/PAP APIs or the tag libraries, you must update the PEP configuration file, pep_config.xml, and place it in the classpath of the protected application.
To download the PEP configuration file from the administration console, follow these steps:
Step 1 Open the administration console and choose Home > System Config > Application. (For details about the administration console, refer to the CEPM User Guide).
Step 2 Click the Applications link.
Step 3 Click the Download Agent Config icon for the desired application.
Figure 1-1 Applications Page
Step 4 Complete the required information in the pop-up window.
Step 5 Click Download PEP.
Figure 1-2 Download Agent Config
Step 6 Click Save on the pop-up window.
Figure 1-3 Save pep_config.xml file
Step 7 Embed the pep_config.xml file in the application. (For more information about the contents of the pep_config.xml file and how to edit it, refer to CEPM PEP Configuration Guide).