Waiting for engine...
Skip to main content

Atom Security Policies object

The Atom Security Policies object represents custom updates to the current Java Virtual Machine (JVM) HIGH security policy for a Runtime cloud or a Runtime cluster with forked execution enabled.

As the owner of a Runtime cloud or Runtime cluster, you can retrieve any custom updates to the HIGH security policy for your container. You can also update the policy by adding, changing, or removing custom runtime permissions.

Refer to the Security policies for Clouds and Runtime clusters topic for more information.

Retrieving a security policy is an asynchronous process:

  • The client sends a GET request that specifies a container ID to the .
  • The platform returns a security policy token for the specified Runtime cloud or Runtime cluster.
  • You send one or more GET requests that include the security policy token.
  • The platform returns one of the following:
    • Status code 202 while the request is in progress.
    • Status code 200 with the custom contents of the security policy when the request is complete.

Structure

Initial GET response:

<AsyncOperationTokenResult responseStatusCode="">
   <asyncToken token="AtomSecurityPolicies-..."/>
</AsyncOperationTokenResult>

Subsequent GET response:

<AtomSecurityPolicies xmlns="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" atomId="">
 <common>
   <policies privilegeType="">
     <arguments value=""/>
     <arguments value=""/>
   </policies>
 </common>
 <runner>
 .
 </runner>
 <worker>
 .
 </worker>
 <browser>
 .
 </browser>

</AtomSecurityPolicies>

Custom Java runtime permissions listed in the <common> section apply to all High security policy files (procrunner-HIGH.policy, procbrowser-HIGH.policy, and procworker-HIGH.policy). Custom permissions listed in a specific section, such as <runner>, apply only to the associated security policy file.

FieldTypeDescription
FilterFilterFilter
responseStatusCodestringThe status code returned from a GET request, as one of the following:
1. 202 — Atom security policy request initialized and is in progress (initial and interim GET responses).
2. 200 — Atom security policy request is complete (final GET response).
tokenstringA unique token generated by the in the form AtomSecurityPolicies-<hexadecimal-token>.
privilegeTypestringA valid Java runtime permission.
valuestringAn argument value in a Java runtime permission.

Supported operations

GETQUERYCREATEUPDATEEXECUTEDELETE
SupportedNot SupportedNot SupportedSupportedNot SupportedNot Supported

Notes:

  • The initial GET operation returns a security policy token for the specified Runtime cloud or Runtime cluster. Subsequent GET operations return status code 202 (while the request is in progress) or the custom contents of a security policy based on the token that was returned.

  • The GET operation returns only custom runtime permissions that you added to the security policy, not the entire policy file. If you did not update the security policy for a given Runtime cloud or Runtime cluster, the response to a GET operation is empty.

  • The UPDATE operation updates the security policy for the specified Runtime cloud or Runtime cluster. You can add, update, or delete permissions by using the UPDATE operation.

The custom Java runtime permissions that you specify in an UPDATE operation are added to the appropriate High security policy file (such as procrunner-HIGH.policy). Specified custom permissions in the <common> section are added to all High security policy files (procrunner-HIGH.policy, procbrowser-HIGH.policy, and procworker-HIGH.policy).

You must have the Runtime Management privilege to perform the UPDATE operation. If you have the Runtime Management Read Access privilege, you cannot update security policies.

SOAP implementation

  • GET operation

    Request (token):

     <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:api="http://api.platform.boomi.com/">
       <soapenv:Header/>
       <soapenv:Body>
          <api:asyncGet>
             <api:objectType>AtomSecurityPolicies</api:objectType>
             <api:objectId>47087604-9069-473d-b847-4e0496a482c4</api:objectId>
             <api:accountId>boomi-account</api:accountId>
          </api:asyncGet>
       </soapenv:Body>
    </soapenv:Envelope>

    Response (token):

     <soapenv:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
       <soapenv:Body>
          <bns:asyncGetResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bns="http://api.platform.boomi.com/">
             <bns:result responseStatusCode="202">
                <bns:asyncToken token="AtomSecurityPolicies-d96fce7e-da38-426d-a8d0-efe5f14f3a83"/>
             </bns:result>
          </bns:asyncGetResponse>
       </soapenv:Body>
    </soapenv:Envelope>

    Request (custom contents of the security policy):

     <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:api="http://api.platform.boomi.com/">
       <soapenv:Header/>
       <soapenv:Body>
          <api:asyncResult>
             <api:token>AtomSecurityPolicies-d96fce7e-da38-426d-a8d0-efe5f14f3a83</api:token>
             <api:accountId>boomi-account</api:accountId>
          </api:asyncResult>
       </soapenv:Body>
    </soapenv:Envelope>

    Response (interim)

    <soapenv:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> 
       <soapenv:Body> 
         <ns4:asyncResultResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bns="http://api.platform.boomi.com/" xmlns:ns4="http://partner.api.platform.boomi.com/"> 
         <ns4:results responseStatusCode="202"/> 
         </ns4:asyncResultResponse> 
       </soapenv:Body> 
    </soapenv:Envelope>

    Response (custom contents of the security policy):

    <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
       <S:Body>
          <bns:asyncResultResponse xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:bns="http://api.platform.boomi.com/">
             <bns:results responseStatusCode="200">
                <bns:result xsi:type="bns:AtomSecurityPolicies">
                   <bns:common>
                      <bns:policies privilegeType="runtimePermission">
                         <bns:arguments value="arg1"/>
                      </bns:policies>
                   </bns:common>
                   <bns:runner/>
                   <bns:worker/>
                   <bns:browser/>
                </bns:result>
             </bns:results>
          </bns:asyncResultResponse>
       </S:Body>
    </S:Envelope>

  • UPDATE operation

    You can add custom Java runtime permissions you specify in an UPDATE operation to the appropriate High-security policy file. In addition, all High-security policy files contain custom permissions that you specify in the <common> section.

    Request:

     <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:api="http://api.platform.boomi.com/" xmlns:api="http://api.platform.boomi.com/">
       <soapenv:Header/>
       <soapenv:Body>
          <api:update>
             <object xsi:type="api:AtomSecurityPolicies" atomId="47087604-9069-473d-b847-4e0496a482c4" xmlns:api="http://api.platform.boomi.com/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    		  <api:common>
    		    <api:policies privilegeType="runtimePermission">
    		      <api:arguments value="arg2"/>
    		    </api:policies>
    		  </api:common>
    		</object>
             <accountId>boomi-account</accountId>
          </api:update>
       </soapenv:Body>
    </soapenv:Envelope>

    As confirmation of the changes made, the UPDATE operation returns a copy of the request.

On this Page