Install&configure the required software for Java admin api

To develop Java applications that use the Tivoli Access Manager administration
API, you must install and configure the required software.

I. Tivoli Access Manager software requirements

   You must install and configure secure domain. If you do not have secure domain
    installed, install one before beginning application development. The minimum
    installation consists of a single system with the following Tivoli Access Manager
    components installed:
        1 Tivoli Access Manager runtime environment
        2 Tivoli Access Manager Java runtime component
        3 Tivoli Access Manager policy server
        4 Tivoli Access Manager ADK
    
    If you already have an Tivoli Access Manager secure domain installed and want to
    add a development system to the domain, the minimum Tivoli Access Manager
    installation consists of the following components:
        1 Tivoli Access Manager runtime environment
        2 Tivoli Access Manager Java runtime component
        3 Tivoli Access Manager ADK
        
    Notes.
        1.  The installation of Tivoli Access Manager requires the installation of the Tivoli
                Access Manager runtime component. This runtime component is not required
                for developing or deploying Java applications. In this specific situation, you can
                reclaim the disk space that is used by the Tivoli Access Manager ADK and
                runtime components while saving the Javadoc HTML information and the
                example files from the ADK component.
                To reclaim this disk space, copy the Javadoc information, consisting of the
                entire AM_BASE/nls/javadocs directory tree, and copy the sample Java
                program, in the AM_BASE/example directory tree, to another location on your
                development system and then uninstall the Tivoli Access Manager ADK and
                runtime components.
        2.  If you intend to use the Tivoli Access Manager runtime environment for an
                administration C API application, you also must install the IBM Directory client
                if an LDAP or Lotus
                ? Domino? server is being used as the user registry in the
                secure domain.
                
II. Configuration of the Java runtime component to a particular Java runtime environment
    Configure the Access Manager Runtime for Java component to use the proper JRE
    on the system by using the pdjrtecfg command. The Tivoli Access Manager Java
    runtime component can be configured to several different JREs on the same
    system, if required. See the IBM Tivoli Access Manager for e-business: Installation
    Guide for details.
    
III. Configuration of the Java administration classes
    The com.tivoli.pd.jcfg.SvrSslCfg Java class must be used to configure the
    administration Java APIs. See the IBM Tivoli Access Manager for e-business:
    Authorization Java Classes Developer Reference for details on the SvrSslCfg utility.
    Notes:
        1. Do not use the svrsslcfg command-line interface to create configuration files
        that are to be used with Java applications.
        2. The com.tivoli.mts.SvrSslCfg class provided in previous versions of Tivoli
        Access Manager and IBM SecureWay? Policy Director has been deprecated. Use
        the new com.tivoli.pd.jcfg.SvrSslCfg class instead.

IV. Security requirements
    To run a Java application in the context of a Java security manager, the application
    must have proper Java permissions to use the administration Java APIs. If the
    application is not installed as a Java extension in the JAVA_HOME/lib/ext
    directory, an entry must be added to the JAVA_HOME/lib/security/java.policy file.
    To grant the necessary permission to the Java applications located in the
    /sb/pdsb/export/classes directory, and all its subdirectories, the necessary Java
    permissions to use authorization Java classes and methods, add a statement like
    the following to the java.policy file:
        // Give applications in /sb/pdsb/export/classes and
        // its subdirectories access to the Access Manager
        // Administration APIs
        grant codeBase "file:/sb/pdsb/export/classes/-" {
        permission javax.security.auth.AuthPermission "PDAdmin";
        };        
    Invoke administration Java classes and methods from a privileged block,
    doPrivileged(), to alleviate the need for the application callers to have this Java
    permission as well.
    The PD.jar file is signed, but verification of the signing of JAR files is not
    supported in this version of Tivoli Access Manager.



1.rhel-server-5.3-x86_64 for java developer(An Tivoli Access Manager secure domain installed on other system,eg. tam host)
(all need patchs can be found in )IBM Tivoli Access Manager Base for Linux on x86 v6.1.1
Tivoli Access Manager runtime environment and Tivoli Access Manager ADK is optional installed;

     1.  Install ibm-java2-i386-sdk-5.0-5.0.i386.rpm
     rpm -ivh libXp-1.0.0-8.i386.rpm
         rpm -ivh compat-libstdc++-33-3.2.3-61.i386.rpm
         rpm -ivh ibm-java2-i386-sdk-5.0-5.0.i386.rpm
        
         add jdk to environment:
         ~]# vi .bashrc
        
             JAVA_HOME=/opt/ibm/java2-i386-50/bin
            PATH=$JAVA_HOME:$PATH:.
            export PATH
            
        ~]# source .bashrc
        
        Notes: If you get the following error, you need disable SElinux and reboot system.
        ~]# java -version
        Failed to find VM - aborting
        
         ]# vi /etc/selinux/config
            # This file controls the state of SELinux on the system.
            # SELINUX= can take one of these three values:
            #       enforcing - SELinux security policy is enforced.
            #       permissive - SELinux prints warnings instead of enforcing.
            #       disabled - SELinux is fully disabled.
            SELINUX=disabled
            # SELINUXTYPE= type of policy in use. Possible values are:
            #       targeted - Only targeted network daemons are protected.
            #       strict - Full SELinux protection.
            SELINUXTYPE=targeted

    2.Tivoli Access Manager Java runtime component
        TAM]# install_amjrte
        
        
    3.Configuration of the Java administration classes
    
    ~]# java com.tivoli.pd.jcfg.SvrSslCfg -action config \
    -admin_id sec_master \
    -admin_pwd object00 \
    -appsvr_id app1 \
    -port 33333 \
    -mode remote \
    -host localhost \
    -policysvr tam:7135:1 \
    -authzsvr tam:7136:2 \
    -cfg_file /opt/PolicyDirector/etc/app1.properties \
    -domain Default \
    -key_file /var/PolicyDirector/keytab/app1.ks \
    -cfg_action create
    
    4.
    
import java.util.*;
import java.net.URL;
import java.io.*;

import com.tivoli.pd.jutil.PDContext;
import com.tivoli.pd.jutil.PDMessage;
import com.tivoli.pd.jutil.PDMessages;
import com.tivoli.pd.jutil.PDRgyUserName;
import com.tivoli.pd.jutil.PDRgyGroupName;
import com.tivoli.pd.jutil.PDException;

import com.tivoli.pd.jadmin.*;

import com.tivoli.pd.nls.*;



public class PDAdminApp1
{
   public static void main(String [] args) throws Exception
   {      
      PDMessages msgs = new PDMessages();

      //application name = {appsvrid}-{host}    
      String prog = "app1-localhost";
      String adminName = "sec_master";
      char[] adminPassword = "object00".toCharArray();
      String configURLStr = "file:///opt/PolicyDirector/etc/app1.properties";

      String rgySuffix = "c=us";
      

      Locale locale = new Locale("ENGLISH", "US");
      URL configURL = null;

         System.out.println("Initializing PDAdmin...\n");
         PDAdmin.initialize(prog, msgs);
         processMsgs(msgs);


         configURL = new URL(configURLStr);

        
         System.out.println("Creating a context...\n");
         PDContext ctxt = new PDContext(locale,
                                        adminName,
                                        adminPassword,
                                        configURL);
      
         String group = "TestGroup1";
         String rgyGroup = "cn=" + group + "," + rgySuffix;
         PDRgyGroupName pdRgyGroupName = new PDRgyGroupName(rgyGroup);

         System.out.println("Creating a group...\n");
         PDGroup.createGroup(ctxt,
                             group,
                             pdRgyGroupName,
                             null, // description
                             null, // container
                             msgs);
         processMsgs(msgs);

        
         String name = "DemoUser";
         String firstName = "Demo";
         String lastName = "User";
         String password = "DemoPassword";
         String description = "Demo Description";
         String rgyName = "cn=" + name + "," + rgySuffix;
         PDRgyUserName pdRgyUserName =
            new PDRgyUserName(rgyName, firstName, lastName);
         boolean ssoUser = false;
         boolean pwdPolicy = true;
         ArrayList groupList = new ArrayList();
         groupList.add(group);

         System.out.println("Creating a user...\n");
         PDUser.createUser(ctxt,
                           name,
                           pdRgyUserName,
                           description,
                           password.toCharArray(),
                           groupList,
                           ssoUser,
                           pwdPolicy,
                           msgs);

         processMsgs(msgs);

         System.out.println("Getting a user...\n");
         PDUser pdUser = new PDUser(ctxt,
                                    name,
                                    msgs);


         processMsgs(msgs);

         System.out.println("User " + name + ".isAccountValid: " +
                            pdUser.isAccountValid() + "\n");

         System.out.println("Setting the user's account to valid using the instance set method ...\n");
         pdUser.setAccountValid(ctxt, true, msgs);
         processMsgs(msgs);

         if (ctxt != null)
         {
             ctxt.close();
         }

         System.out.println("Shutting down PDAdmin...\n");
         PDAdmin.shutdown(msgs);
         processMsgs(msgs);
   }

   static void processMsgs(PDMessages msgs)
   {
      if (msgs.size() > 0)
      {
         System.out.println("Msgs are: " + msgs + "\n");
         msgs.clear();
      }
   }
}

~]# javac PDAdminApp1
~]# java PDAdminApp1