com.tivoli.mts.PDPrincipal.implies(com.tivoli.mts.PDPermission) deprecated

Question

I am using the below code to do the authorizatin checks.

PDPrincipal whoIsit = new PDPrincipal(userId,configURL);
PDPermission whatTheyWant = new PDPermission(objectSpaceName,"TbvA");
boolean haveAccess = whoIsit.implies(whatTheyWant);

However the implies method on com.tivoli.mts.PDPrincipal has been deprecated and has been replaced by implies method from the new PdPrincipal class from different package.

com.tivoli.pd.jazn.PDPrincipal 

the new method is as follows. public boolean implies(javax.security.auth.Subject subject)

the new method takes a Subject.

Can you please let me know how can I change my code to use the new method? How do i construct the Subject or can i get the Subject from somewhere?

Thanks, Rohit

Answer 1

I was able to work out a solution for this hence sharing it here so that anyone else facing the same issue can use this code.

I found that the new com.tivoli.pd.jazn.PDPermission class has a method implies which takes in a PdAuthorization context and a com.tivoli.pd.jazn.PDPrincipal object which does the same authorization checks that the previous class com.tivoli.mts.PDPrincipal use to do.

Mentioned below is how the same authorization can be done. With this code you need not implement the JAAS code.

First construct the PdAuthorizationContext as shown below. Make sure to define a static PdAuthorizationContext object so that it can be reused untill you close it. Constructing PDAuthorizationContext for every authorization check is resource intensive and not recommended. close the context at the end of your logic

URL configURL = new URL("file:" + String locationToTamConfigFile); PDAuthorizationContext pdAuthCtx = new PDAuthorizationContext(configURL);

Next Construct the new PDPrincipal and the PdPermission objects as shown below and call the implies method

com.tivoli.pd.jazn.PDPrincipal pdPrincipal = new com.tivoli.pd.jazn.PDPrincipal(pdAuthCtx,userId); com.tivoli.pd.jazn.PDPermission pdPermission = new com.tivoli.pd.jazn.PDPermission(objectSpaceName,"TbvA"); boolean newimpliesTry = pdPermission.implies(pdAuthCtx,pdPrincipal);