The following sections describe the interfaces and classes available for creating the Java plug-in:
The Access Manager communicates with the Java plug-in with the following set of interfaces and classes:
ExternalDataFillerFactory interface, which contains the definition for the getInstance() method
ExternalDataFiller interface, which contains the definition for the fillDataElement() method
ExternalDataFillerContext interface, which contains the definition for the getUserDN() and getUserPassword() methods
DataElement class, which contains methods for managing the data
When the plug-in is configured to supply data as part of an Identity Injection policy, the policy engine calls the ExternalDataFillerFactory.getInstance() method to retrieve the data. It expects this method to return an ExternalDataFiller object.
After the ExternalDataFillerFactory.getInstance() method is called, Access Manager calls the ExternalDataFiller.fillDataElement() method to populate the DataElement object by using the ExternalDataFillerContext object. Your plug-in can use these objects for the following tasks:
The ExternalDataFillerContext object contains the user credentials (distinguished name and password), which you can use to authenticate to your data source.
The DataElement object defines the data requirements of the Identity Injection policy. The methods in the DataElement class can be used to discover where the data is going to be injected (a custom header, a custom header with tags, an authentication header, or a query string). If the data is going to be injected into a custom header, a custom header with tags, or a query string, you can discover the name of the tag and use that information to determine the data that needs to be retrieved from your data source. You can then manipulate the retrieved data (if necessary) and set the values of the data elements in the object. You can also set a time-to-live value for the data, if needed.
After your plug-in sets the values in the ExternalDataFiller object, the object is returned to the Access Manager. The Access Manager injects the data values in the location defined by the policy and sends the request to the Web server.
For information about the Identity Injection interfaces and class, see the Javadoc API Reference.
A sample Java plug-in can be viewed online at Novell Access Manager - Sample. This sample plug-in contains the following files:
AccountDataFiller.java: This module implements the ExternalDataFiller interface by creating an AccountDataFillerFactory class with a getInstance() method. The getInstance() method accesses a properties file (acme.properties) and reads its data.
AccountDataFillerFactory.java: This module implements the ExternalDataFillerFactory interface by creating an AccountDataFiller class with a fillDataElement() method. This method retrieves the injection location, which allows you to use the location to make a decision (optional). The method then retrieves the dataTagIdentifier. Decisions need to be made based on the tag. The fillDataElement() method also retrieves the DN and password of the user from the ExternalDataFillerContext object and illustrates how to use these credentials to access an LDAP directory and retrieve the value in the sixth delimiter of the acmeDiamondAccount attribute.
To use these files as a plug-in, copy them to the following directory on your Access Gateway:
<tomcat_home>/webapps/nesp/WEB-INF/classes/com/acme/policy/injection