Policy set application types over REST
Application types act as templates for policy sets, and define how to compare resources and index policies.
AM provides a default application type that represents web resources called iPlanetAMWebAgentService
.
AM web and Java agents use a default policy set that is based on this type,
which is also called iPlanetAMWebAgentService
.
AM provides the applicationtypes
REST endpoint for the following:
Applications types are server-wide, and do not differ by realm.
Hence the URI for the application types API does not contain a realm component, but is /json/applicationtypes
.
Application type resources are represented in JSON and take the following form.
Application type resources are built from standard JSON objects and values
(strings, numbers, objects, arrays, true
, false
, and null
).
Example
{
"name": "iPlanetAMWebAgentService",
"actions": {
"POST": true,
"PATCH": true,
"GET": true,
"DELETE": true,
"OPTIONS": true,
"PUT": true,
"HEAD": true
},
"resourceComparator": "com.sun.identity.entitlement.URLResourceName",
"saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex",
"searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex",
"applicationClassName": "com.sun.identity.entitlement.Application"
}
The values for the fields shown in the description are explained below:
"name"
-
The name provided for the application type.
"actions"
-
Set of string action names, each set to a boolean indicating whether the action is allowed.
"resourceComparator"
-
Class name of the resource comparator implementation used in the context of this application type.
The following implementations are available:
"com.sun.identity.entitlement.ExactMatchResourceName"
"com.sun.identity.entitlement.PrefixResourceName"
"com.sun.identity.entitlement.RegExResourceName"
"com.sun.identity.entitlement.URLResourceName"
"saveIndex"
-
Class name of the implementation for creating indexes for resource names, such as
"com.sun.identity.entitlement.util.ResourceNameIndexGenerator"
, for URL resource names. "searchIndex"
-
Class name of the implementation for searching indexes for resource names, such as
"com.sun.identity.entitlement.util.ResourceNameSplitter"
, for URL resource names. "applicationClassName"
-
Class name of the application type implementation, such as
"com.sun.identity.entitlement.Application"
.
Query application types
To list all application types, perform an HTTP GET to the /json/applicationtypes
endpoint,
with a _queryFilter
parameter set to true
.
The iPlanetDirectoryPro
header is required and should contain the SSO token of an administrative user,
such as amAdmin
, who has access to perform the operation.
$ curl \
--header "iPlanetDirectoryPro: AQIC5…" \
--header "Accept-API-Version: resource=1.0" \
"https://openam.example.com:8443/openam/json/applicationtypes?_queryFilter=true"
{
"result" : [ … application types … ],
"resultCount" : 8,
"pagedResultsCookie" : null,
"remainingPagedResults" : -1
}
Additional query strings can be specified to alter the returned results. For more information, see Query.
Read a specific application type
To read an individual application type, perform an HTTP GET to the /json/applicationtypes
endpoint,
and specify the application type name in the URL.
The iPlanetDirectoryPro
header is required and should contain the SSO token of an administrative user,
such as amAdmin
, who has access to perform the operation.
$ curl \
--header "iPlanetDirectoryPro: AQIC5…" \
--header "Accept-API-Version: resource=1.0" \
"https://openam.example.com:8443/openam/json/applicationtypes/iPlanetAMWebAgentService"
{
"name": "iPlanetAMWebAgentService",
"actions": {
"POST": true,
"PATCH": true,
"GET": true,
"DELETE": true,
"OPTIONS": true,
"PUT": true,
"HEAD": true
},
"resourceComparator": "com.sun.identity.entitlement.URLResourceName",
"saveIndex": "org.forgerock.openam.entitlement.indextree.TreeSaveIndex",
"searchIndex": "org.forgerock.openam.entitlement.indextree.TreeSearchIndex",
"applicationClassName": "com.sun.identity.entitlement.Application"
}