Using JavaScript for Policies
CMS includes a facility for complex scripting of the policy plug-in instances via
JavaScript
•
Determine the call sequence of existing Java plug-ins
•
Use complex logic to determine whether to call a plug-in (versus the simpler
predicates)
•
Write policies in JavaScript
•
Develop extensions without needing to know Java or have the Java SDK
CMS uses the Rhino JavaScript engine from
about the Rhino project from this site:
http://www.mozilla.org/rhino
To learn more about how to use JavaScript in CMS, consult the sample
file included in the distribution:
<server_root>/bin/cert/profiles/policy.js
Constraints-Specific Policy Module Reference
Constraints-specific policy plug-in modules help you define rules or constraints
that CMS uses to evaluate an incoming certificate enrollment, renewal, or
revocation request. Each module enables you to configure the server to check the
request for particular attributes, and, based on the configured criteria, either
modify these attributes or reject the request altogether.
AttributePresentConstraints
The
AttributePresentConstraints
Certificate Manager and Registration Manager to reject a request if an LDAP
attribute (for example,
if the attribute does not have a specified value.
If you enable the policy and configure it correctly, it first searches for the user
under the base specified in the l
(
uid=HTTP_PARAMS.UID
•
If the
TM
. Using the JavaScript policy processor allows you to:
) is not present in the enrolling user's directory entry or
pin
) for the user's entry.
parameter is empty, the policy checks the
value
Mozilla.org
plug-in module enables you to configure the
dap.ldapconn.basedn
Using JavaScript for Policies
. You can get more details
policy.js
parameter with the filter
parameter:
attribute
Chapter 11
Policies
495