Advanced Access Control JavaScript mapping rules and Federation mapping rules call Java™ code from JavaScript. The set of classes that
can be called is restricted.
Exercise reasonable caution when you call Java code from
JavaScript rules to ensure that accidental damage to
appliance resources is avoided.
Common classes allowed in one-time password, OAuth or API protection, dynamic attributes, and
JavaScript PIP, federation mapping rules, and access policies. |
java.lang.Boolean
java.lang.Byte
java.lang.Character
java.lang.Class
java.lang.Double
java.lang.Float
java.lang.Integer
java.lang.Long
java.lang.reflect.Array
java.lang.Short
java.lang.String
java.lang.System
java.io.ByteArrayInputStream
java.io.ObjectInputStream
java.io.PrintStream
java.math.BigDecimal
java.util.ArrayList **
java.util.Base64
java.util.Base64$Decoder
java.util.Base64$Encoder
java.util.Date
java.util.HashSet **
java.util.HashMap **
java.util.Iterator
java.util.List
java.util.Map
java.util.Set
java.util.UUID
com.ibm.security.access.httpclient.HttpClient
com.ibm.security.access.httpclient.HttpResponse
com.ibm.security.access.httpclient.Headers
com.ibm.security.access.httpclient.Parameters
com.ibm.security.access.scimclient.ScimClient
com.ibm.security.access.scimcleint.ScimConfig
com.ibm.security.access.ciclient.CiClient
com.tivoli.am.rba.attributes.AttributeIdentifier
com.tivoli.am.rba.extensions.RBAExtensions
com.tivoli.am.rba.fingerprinting.ValueContainerIdentifierAdapter
com.tivoli.am.rba.extensions.Attribute$Category
com.tivoli.am.rba.extensions.Attribute$DataType
com.tivoli.am.rba.extensions.Attribute
com.tivoli.am.rba.extensions.PluginUtils
**
Inner classes for these classes are not supported. Methods that involve an inner class
implementation of an interface are not available. For example, do not use the following methods in
java.util.HashMap :
Collection<V> values()
Set<K> keySet()
Set<Map.Entry<K,V>> entrySet()
For more information about dynamic attributes, see Dynamic attributes.For
information about federation mapping rules, see Mapping rules.
|
Additional classes allowed in one-time password, OAuth or API protection mapping rules,
federation mapping rules, and access policies |
com.tivoli.am.fim.base64.BASE64Utility
com.tivoli.am.fim.trustserver.sts.modules.http.stsclient.STSClientHelper
com.tivoli.am.fim.trustserver.sts.oauth20.Client
com.tivoli.am.fim.trustserver.sts.oauth20.Grant
com.tivoli.am.fim.trustserver.sts.oauth20.Token
com.tivoli.am.fim.trustserver.sts.STSModuleException
com.tivoli.am.fim.trustserver.sts.STSUniversalUser *
com.tivoli.am.fim.trustserver.sts.utilities.HttpResponse
com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtUtils
com.tivoli.am.fim.trustserver.sts.utilities.IDMappingExtCacheDMAPImpl
com.tivoli.am.fim.trustserver.sts.utilities.InfoCardClaim
com.tivoli.am.fim.trustserver.sts.utilities.MMFAMappingExtUtils
com.tivoli.am.fim.trustserver.sts.utilities.OAuthMappingExtUtils
com.tivoli.am.fim.trustserver.sts.utilities.QueryServiceAttribute
com.tivoli.am.fim.trustserver.sts.utilities.USCContextAttributesHelper
com.tivoli.am.fim.trustserver.sts.uuser.Attribute *
com.tivoli.am.fim.trustserver.sts.uuser.AttributeList *
com.tivoli.am.fim.trustserver.sts.uuser.AttributeStatement *
com.tivoli.am.fim.trustserver.sts.uuser.ContextAttributes *
com.tivoli.am.fim.trustserver.sts.uuser.Group *
com.tivoli.am.fim.trustserver.sts.uuser.Principal *
com.tivoli.am.fim.trustserver.sts.uuser.RequestSecurityToken *
com.tivoli.am.fim.trustserver.sts.uuser.Subject *
com.tivoli.am.fim.utils.IteratorWrapper
com.tivoli.am.rba.pip.JavaScriptPIP
com.tivoli.am.rba.pip.JavaScriptPIP$Context
java.mail.internet.InternetAddress
* The white list does not contain any implementation of the interfaces that are defined in the
org.w3c.dom package. For example, you cannot use the method
org.w3c.dom.Document toXML() in
com.tivoli.am.fim.trustserver.sts.STSUniversalUser .
|
Additional classes allowed in JavaScript PIP |
com.tivoli.am.fim.base64.BASE64Utility
com.tivoli.am.rba.pip.JavaScriptPIP
com.tivoli.am.rba.pip.JavaScriptPIP$Context
com.tivoli.am.rba.rtss.AttributeLocatorImpl
For more information about policy information points, see Managing policy
information points.
|
Additional classes allowed in mapping rules |
packages.com.ibm.security.access.user.UserLookupHelper
packages.com.ibm.security.access.user.User
For information on mapping rules, see:
|
Additional classes to manage server connections |
com.ibm.security.access.server_connections.LdapServerConnection
com.ibm.security.access.server_connections.LdapServerConnection$LdapHost
com.ibm.security.access.server_connections.ServerConnection
com.ibm.security.access.server_connections.ServerConnectionFactory
com.ibm.security.access.server_connections.SmtpServerConnection
com.ibm.security.access.server_connections.WebServerConnection
com.ibm.security.access.server_connections.CiServerConnection
For more information, see Managing server connections.
|
Classes to use with InfoMap |
com.tivoli.am.fim.authsvc.action.authenticator.infomap.InfoMapResult
com.tivoli.am.fim.authsvc.action.authenticator.infomap.InfoMapString
For more information, see Configuring an Info Map authentication mechanism.
|
Classes to use in Access Policies |
com.ibm.security.access.policy.Context
com.ibm.security.access.policy.Cookie
com.ibm.security.access.policy.decision.ChallengeDecisionHandler
com.ibm.security.access.policy.decision.DecisionHandler
com.ibm.security.access.policy.decision.DenyDecisionHandler
com.ibm.security.access.policy.decision.Decision
com.ibm.security.access.policy.decision.DecisionType
com.ibm.security.access.policy.decision.HtmlPageChallengeDecisionHandler
com.ibm.security.access.policy.decision.HtmlPageDecisionHandler
com.ibm.security.access.policy.decision.HtmlPageDenyDecisionHandler
com.ibm.security.access.policy.decision.RedirectChallengeDecisionHandler
com.ibm.security.access.policy.decision.RedirectDecisionHandler
com.ibm.security.access.policy.decision.RedirectDenyDecisionHandler
com.ibm.security.access.policy.oauth20.AuthenticationContext
com.ibm.security.access.policy.oauth20.AuthenticationRequest
com.ibm.security.access.policy.oauth20.ProtocolContext
com.ibm.security.access.policy.ProtocolContext
com.ibm.security.access.policy.Request
com.ibm.security.access.policy.saml20.AuthnRequest
com.ibm.security.access.policy.saml20.ProtocolContext
com.ibm.security.access.policy.saml20.RequestedAuthnContext
com.ibm.security.access.policy.Session
com.ibm.security.access.policy.user.Attribute
com.ibm.security.access.policy.user.Group
com.ibm.security.access.policy.user.User
For more information, see Access policies.
|