This topic describes how you can use the Authorization
Manager Service API (Java) to programmatically assign, remove, and
determine roles and permissions.
In LiveCycle, a role is a group of permissions
for accessing one or more system-level resources. These permissions
are created through User Management and are enforced by the service
components. For example, an Administrator could assign the role
of "Policy Set Author" to a group of users. Rights Management would
then permit the users of that group with that role to create policy
sets through Administration Console.
There are two types of roles: default roles and custom roles. Default
roles (system roles) are already resident in LiveCycle.
It is assumed that default roles may not be deleted or modified
by the administrator, and are thus immutable. Custom roles created
by the administrator, who may subsequently modify or delete them,
are thus mutable.
Roles make it easier to manage permissions. When a role is assigned
to a principal, a set of permissions is automatically assigned to
that principal, and all the specific access-related decisions for
the principal are based on that overall set of assigned permissions.
Summary of stepsTo manage roles and permissions, perform the following
steps:
Include project files.
Create an AuthorizationManagerService client.
Invoke the appropriate role or permission operations.
Include project filesInclude necessary files in your development
project. If you are creating a client application using Java, then
include the necessary JAR files. If you are using web services,
then make sure that you include the proxy files.
Create an AuthorizationManagerService clientBefore you can programmatically
perform a User Management AuthorizationManagerService operation,
you must create an AuthorizationManagerService client. With the
Java API this is accomplished by creating an AuthorizationManagerServiceClient object.
Invoke the appropriate role or permission operationsOnce you
have created the service client, you can then invoke the role or permission
operations. The service client allows you to assign, remove, and determine
roles and permissions.
Managing roles and permissions using the Java APITo manage roles and permissions using the Authorization
Manager Service API (Java), perform the following tasks:
Include project files.
Include client JAR files,
such as adobe-usermanager-client.jar, in your Java project’s class
path.
Create an AuthorizationManagerService client.
Create
an AuthorizationManagerServiceClient object by
using its constructor and passing a ServiceClientFactory object
that contains connection properties.
Invoke the appropriate role or permission operations.
To
assign a role to a principal, invoke the AuthorizationManagerServiceClient object’s assignRole method
and pass the following values:
To remove a role from
a principal, invoke the AuthorizationManagerServiceClient object’s unassignRole method
and pass the following values:
Managing roles and permissions using the web service APIManage roles and permissions by using the Authorization
Manager Service API (web service):
Include project files.
Create a Microsoft .NET
project that uses MTOM. Ensure that you use the following WSDL definition: http://localhost:8080/soap/services/AuthorizationManagerService?WSDL&lc_version=9.0.1.
Note: Replace localhost with the IP
address of the server hosting LiveCycle.
Create an AuthorizationManagerService client.
Create an AuthorizationManagerServiceClient object
by using its default constructor.
Create an AuthorizationManagerServiceClient.Endpoint.Address object
by using the System.ServiceModel.EndpointAddress constructor.
Pass a string value that specifies the WSDL to the LiveCycle service (for example, http://localhost:8080/soap/services/AuthorizationManagerService?blob=mtom.)
You do not need to use the lc_version attribute.
This attribute is used when you create a service reference.
Create a System.ServiceModel.BasicHttpBinding object
by getting the value of the AuthorizationManagerServiceClient.Endpoint.Binding field.
Cast the return value to BasicHttpBinding.
Set the System.ServiceModel.BasicHttpBinding object’s MessageEncoding field
to WSMessageEncoding.Mtom. This value ensures that
MTOM is used.
Enable basic HTTP authentication by performing the following tasks:
Assign the LiveCycle user name to the field AuthorizationManagerServiceClient.ClientCredentials.UserName.UserName.
Assign the corresponding password value to the field AuthorizationManagerServiceClient.ClientCredentials.UserName.Password.
Assign the constant value HttpClientCredentialType.Basic to
the field BasicHttpBindingSecurity.Transport.ClientCredentialType.
Assign the constant value BasicHttpSecurityMode.TransportCredentialOnly to
the field BasicHttpBindingSecurity.Security.Mode.
Invoke the appropriate role or permission operations.
To
assign a role to a principal, invoke the AuthorizationManagerServiceClient object’s assignRole method
and pass the following values:
To remove a role from
a principal, invoke the AuthorizationManagerServiceService object’s unassignRole method
and pass the following values:
|
|
|