2-16 Developers Guide for Oracle Access Manager and Oracle Security Token Service if authnScheme.isForm { System.out.printlnForm Authentication Scheme.; Hashtable creds = new Hashtable; creds.putuserid, ms_login; creds.putpassword, ms_passwd; UserSession session = new UserSessionrrq, creds; if session.getStatus == UserSession.LOGGEDIN { if session.isAuthorizedrrq { System.out.printlnUser is logged in and authorized for the +request at level + session.getLevel; } else { System.out.printlnUser is logged in but NOT authorized; } user can be loggedout by calling logoff method on the session object } else { System.out.printlnUser is NOT logged in; } } else { System.out.printlnnon-Form Authentication Scheme.; } } else { System.out.printlnResource is NOT protected.; } } catch AccessException ae { System.out.printlnAccess Exception: + ae.getMessage; } ac.shutdown; } }

2.6.2.2.1 Annotated Code: JAccess Client.java Import standard Java library class

Hashtable to hold credentials. import java.io.Hashtable; Import the library containing the Java implementation of the Access SDK API classes.: import oracle.security.am.asdk.; This application is named JAccessClient. public class JAccessClient { Since this is the simplest of example applications, we are declaring global constants to represent the parameters associated with a user request for access to a resource. Typically, a real-world application receives this set of parameters as an array of strings passed from a requesting application, HTTP FORM-based input, or command-line input. For example: public static final String ms_resource = Example.com:80secretsindex.html; public static final String ms_protocol = http; public static final String ms_method = GET; public static final String ms_login = jsmith; public static final String ms_passwd = j5m1th; Launch the main method on the Java interpreter. An array of strings named argv is passed to the main method. In this particular case, the user jsmith, whose password is j5m1th, has requested the HTTP resource Introduction to the Access SDK and API 2-17 Example.com:80secretsindex.html. GET is the specific HTTP operation that will be performed against the requested resource. For details about supported HTTP operations and protecting resources with application domains, see Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. public static void mainString argv[] { Place all relevant program statements in the main method within a large try block so that any exceptions are caught by the catch block at the end of the program. AccessClient ac = null; try { Initialize the Access SDK by creating AccessClient instance by providing directory location of configuration file ObAccessClient.xml. There are multiple ways to provide configuration location to initialize the Access SDK. For more information refer to Oracle Access Manager Access SDK Java API Reference. You only need to create an instance of AccessClient and it initializes Access SDK API. AccessClient.CompatibilityMode.OAM_10G indicates that Access SDK will be initialized to work in a mode which is compatible with both the 10g and 11g releases of Oracle Access Manager. ac = AccessClient.createDefaultInstancem_configLocation , AccessClient.CompatibilityMode.OAM_10G; Create a new resource request object named rrq using the ResourceRequest constructor with the following three parameters: ■ ms_protocol , which represents the type of resource being requested. When left unspecified, the default value is HTTP. EJB is another possible value, although this particular example does not cover such a case. You can also create custom types, as described in the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. ■ ms_resource , which is the name of the resource. Since the requested resource type for this particular example is HTTP, it is legal to prepend a host name and port number to the resource name, as in the following: Example.com:80secretsindex.html ■ ms_method , which is the type of operation to be performed against the resource. When the resource type is HTTP, the possible operations are GET and POST. For EJB-type resources, the operation must be EXECUTE. For custom resource types, you define the permitted operations when you set up the resource type. For more information on defining resource types and protecting resources with application domains, see the Oracle Fusion Middleware Administrators Guide for Oracle Access Manager with Oracle Security Token Service. ResourceRequest rrq = new ResourceRequestms_protocol, ms_resource, ms_method; Determine whether the requested resource rrq is protected by an authentication scheme. if rrq.isProtected { If the resource is protected, report that fact. System.out.printlnResource is protected.;