Administration objects

Edit online

Each Verify Identity Access administration object that can be manipulated directly from a Java™ application is represented by a corresponding Java class. This section describes the administration objects.

The following objects are supported in this version of Verify Identity Access:

PDAuthzRule

This class represents a Verify Identity Access authorization rule.

PDContext

This class encapsulates the information needed to establish a communication session between the Java application and the Verify Identity Access policy server. Both user ID and password-based and certificate-based authentication are supported by this class. Multiple PDContext objects can be created and used within the same Java virtual machine (JVM).

PDContext creation is a resource exhaustive operation. Although there is no upper limit to creating multiple PDContext objects, system resource limitation eventually determines how many can be successfully created and used. Create and pool only few PDContext objects in the application environment. Reuse the small number of created PDContext objects whenever possible within the same application.

Because each user application needs are different, pooling PDContext objects is not mandatory. Pool PDContext objects if you have a server application that makes numerous calls. If you have an application that makes only an occasional call, or if you have various stand-alone applications which make calls, pooling is not necessary.

The close() method provided in the PDContext class cleans up only the logger data associated with the context, the close() method does not delete the context.

PDDomain

This class represents a Verify Identity Access policy server domain.

PDUser

This class represents a user in the Verify Identity Access policy server.

PDGroup

This class represents a group in the Verify Identity Access policy server.

PDPolicy

This class represents the policy information that is associated with a particular Verify Identity Access user or, in the case of the global policy, that is associated with all users. The PDPolicy class is used to set and retrieve account policy information from the user registry on a global or per-user basis.

PDAcl

This class represents an access control list (ACL), which in turn consists of a list of ACL entries.

PDAclEntry

This class represents an entry in an ACL.

PDAclEntryUser

This class represents a user ACL entry and controls access for a particular user.

PDAclEntryGroup

This class represents a group ACL entry and controls access for all members in a group.

PDAclEntryAnyOther

This class represents the any-other, or any-other authenticated, entry in an ACL. This ACL entry applies to any user who is authenticated into the Verify Identity Access secure domain but is not included in a separate user or group ACL entry.

PDAclEntryUnAuth

This class represents the unauthenticated user ACL entry. This ACL entry is applied to any user who was not authenticated by Verify Identity Access.

PDProtObject

This class represents a protected object. A protected object represents a resource that is to be protected, and it has an ACL associated with it. Each protected object is uniquely identified by an ID.

PDProtObjectSpace

This class represents the protected object space object. An object space is a logical grouping of protected objects which represents a set of related resources to be protected. Each object space is uniquely identified by an ID.

PDPop

This class represents a protected object policy, or POP, which can be attached to a PDProtObject object.

PDAdmSvcPobj

This class represents the value of a Verify Identity Access administration service protected object.

PDAction

This class represents a permission.

PDActionGroup

This class represents a collection of PDAction objects.

PDRgyGroupName

This class represents the name of a Verify Identity Access group in the underlying user registry.

PDRgyUserName

This class represents the name of a Verify Identity Access user in the underlying user registry.

PDRgyName

This class represents the name of a Verify Identity Access object in the underlying user registry. This object is either a Verify Identity Access user name or group name.

PDAppSvrSpecLocal

This class represents configuration information for a local Java application server.

PDAppSvrSpecRemote

This class represents configuration information for a remote Java application server.

PDSvrInfo

This class represents a Verify Identity Access policy server or authorization server and is used when creating or changing the configuration for a Java application server.

PDAppSvrInfo

This class represents a read-only view of a Java application server configuration information.

PDServer

This class represents a Verify Identity Access policy server, authorization server, or other application server.

PDSSOResource

This class represents a single sign-on (SSO) resource.

PDSSOResourceGroup

This class represents a single sign-on (SSO) resource group.

PDSSOCred.CredID

This class represents the credential identification information for each member of the list returned by the PDSSOCred.listSSOCreds method.

PDSSOCred.CredInfo

This class represents the credential information for each member of the list returned by the PDSSOCred.listAndShowSSOCreds method.

PDException

This class creates an exception to reflect that an error or other exceptional condition occurred.

PDMessage

This class represents a single Verify Identity Access message and includes the message code, severity, and the localized message text.

PDMessages

This class represents a list of one or more Verify Identity Access messages.

The methods associated with these classes are threadsafe.