PDPrincipal.implies deprecated, alternate class's implies method requires a Subject

67 views Asked by At

I have the following running code to determine if a user can edit Object Namespace

com.tivoli.mts.PDPrincipal whoIsit = new PDPrincipal(userId,configURL);
    com.tivoli.mts.PDPermission whatTheyWant = new PDPermission(objectSpaceName,GMTConstants.tamPermissions);

    boolean haveAccess = whoIsit.implies(whatTheyWant);

The problem is that the implies method from com.tivoli.mts.PDPrincipal class has been deprecated.

This has been replaced by com.tivoli.pd.jazn.PDPrincipal.implies(javax.security.auth.Subject subject)

Question is how do i construct this Subject object. Secondly, can i continue to use the deprecated clas and method?

1

There are 1 answers

0
RohitRSharma On

I was able to work out a solution for this hence sharing it here so that anyone else facing the same issue can use this code.

I found that the new com.tivoli.pd.jazn.PDPermission class has a method implies which takes in a PdAuthorization context and a com.tivoli.pd.jazn.PDPrincipal object which does the same authorization checks that the previous class com.tivoli.mts.PDPrincipal use to do.

Mentioned below is how the same authorization can be done. With this code you need not implement the JAAS code.

First construct the PdAuthorizationContext as shown below. Make sure to define a static PdAuthorizationContext object so that it can be reused untill you close it. Constructing PDAuthorizationContext for every authorization check is resource intensive and not recommended. close the context at the end of your logic

URL configURL = new URL("file:" + String locationToTamConfigFile);
   PDAuthorizationContext pdAuthCtx =  new PDAuthorizationContext(configURL);

Next Construct the new PDPrincipal and the PdPermission objects as shown below and call the implies method

com.tivoli.pd.jazn.PDPrincipal pdPrincipal = new        com.tivoli.pd.jazn.PDPrincipal(pdAuthCtx,userId);
com.tivoli.pd.jazn.PDPermission pdPermission = new    com.tivoli.pd.jazn.PDPermission(objectSpaceName,"TbvA");
boolean newimpliesTry = pdPermission.implies(pdAuthCtx,pdPrincipal);