This topic describes how you can use the Authorization
Manager Service API (Java) to programmatically assign, remove, and
determine roles and permissions.
In LiveCycle, a
role
is a group of permissions
for accessing one or more system-level resources. These permissions
are created through User Management and are enforced by the service
components. For example, an Administrator could assign the role
of "Policy Set Author" to a group of users. Rights Management would
then permit the users of that group with that role to create policy
sets through administration console.
There are two types of roles:
default roles
and
custom roles
. Default
roles (
system roles)
are already resident in LiveCycle.
It is assumed that default roles may not be deleted or modified
by the administrator, and are thus immutable. Custom roles created
by the administrator, who may subsequently modify or delete them,
are thus mutable.
Roles make it easier to manage permissions. When a role is assigned
to a principal, a set of permissions is automatically assigned to
that principal, and all the specific access-related decisions for
the principal are based on that overall set of assigned permissions.
Summary of steps
To manage roles and permissions, perform the following
steps:
-
Include project files.
-
Create an AuthorizationManagerService client.
-
Invoke the appropriate role or permission operations.
Include project files
Include necessary files in your development
project. If you are creating a client application using Java, then
include the necessary JAR files. If you are using web services,
then make sure that you include the proxy files.
Create an AuthorizationManagerService client
Before you can programmatically
perform a User Management AuthorizationManagerService operation,
you must create an AuthorizationManagerService client. With the
Java API this is accomplished by creating an
AuthorizationManagerServiceClient
object.
Invoke the appropriate role or permission operations
Once you
have created the service client, you can then invoke the role or permission
operations. The service client allows you to assign, remove, and determine
roles and permissions.
Managing roles and permissions using the Java API
To manage roles and permissions using the Authorization
Manager Service API (Java), perform the following tasks:
-
Include project files.
Include client JAR files,
such as adobe-usermanager-client.jar, in your Java project’s class
path.
-
Create an AuthorizationManagerService client.
Create
an
AuthorizationManagerServiceClient
object by
using its constructor and passing a
ServiceClientFactory
object
that contains connection properties.
-
Invoke the appropriate role or permission operations.
To
assign a role to a principal, invoke the
AuthorizationManagerServiceClient
object’s
assignRole
method
and pass the following values:
To remove a role from
a principal, invoke the
AuthorizationManagerServiceClient
object’s
unassignRole
method
and pass the following values:
Managing roles and permissions using the web service API
Manage roles and permissions by using the Authorization
Manager Service API (web service):
-
Include project files.
Create a Microsoft .NET
project that uses MTOM. Ensure that you use the following WSDL definition:
http://localhost:8080/soap/services/AuthorizationManagerService?WSDL&lc_version=9.0.1
.
Note:
Replace
localhost
with the IP
address of the server hosting LiveCycle.
-
Create an AuthorizationManagerService client.
-
Create an
AuthorizationManagerServiceClient
object
by using its default constructor.
-
Create an
AuthorizationManagerServiceClient.Endpoint.Address
object
by using the
System.ServiceModel.EndpointAddress
constructor.
Pass a string value that specifies the WSDL to the LiveCycle service (for example,
http://localhost:8080/soap/services/AuthorizationManagerService?blob=mtom
.)
You do not need to use the
lc_version
attribute.
This attribute is used when you create a service reference.
-
Create a
System.ServiceModel.BasicHttpBinding
object
by getting the value of the
AuthorizationManagerServiceClient.Endpoint.Binding
field.
Cast the return value to
BasicHttpBinding
.
-
Set the
System.ServiceModel.BasicHttpBinding
object’s
MessageEncoding
field
to
WSMessageEncoding.Mtom
. This value ensures that
MTOM is used.
-
Enable basic HTTP authentication by performing the following tasks:
-
Assign the AEM forms user name to the field
AuthorizationManagerServiceClient.ClientCredentials.UserName.UserName
.
-
Assign the corresponding password value to the field
AuthorizationManagerServiceClient.ClientCredentials.UserName.Password
.
-
Assign the constant value
HttpClientCredentialType.Basic
to
the field
BasicHttpBindingSecurity.Transport.ClientCredentialType
.
-
Assign the constant value
BasicHttpSecurityMode.TransportCredentialOnly
to
the field
BasicHttpBindingSecurity.Security.Mode
.
-
Invoke the appropriate role or permission operations.
To
assign a role to a principal, invoke the
AuthorizationManagerServiceClient
object’s
assignRole
method
and pass the following values:
To remove a role from
a principal, invoke the
AuthorizationManagerServiceService
object’s
unassignRole
method
and pass the following values:
|
|
|