Software Development Kit for DevSecOps - Java

Once a PAM360 user in an organization is provided with the SDK access and a registered token, they can further proceed in using the SDK by registering the relevant PAM360 SDK in their application/services. To do so, follow the below documentation.

1. Java SDK Prerequisites

  1. Java SDK requires Java application of version 8 or higher.
  2. Deploy the downloaded PAM360 Java SDK JAR into the lib folder within your application or development service directory.

    Notes: Once you are granted SDK access in PAM360, an email containing the authentication token and a link to download the Java SDK will be sent to your registered email address.
    Alternatively, you can reach out to your administrator for the Java SDK file.

    The core SDK will be downloaded using the provided link. Include the additional JARS (commons-logging-1.1.jar, httpclient-4.5.13.jar, httpcore-4.4.9.jar, httpmime-4.5.3.jar and json.jar) in the project's referenced libraries.
  3. To ensure a successful SDK registration, add the PAM360 web server certificate to the cacerts folder in the Java installation directory.

2. Registering the Java Application with PAM360

Upon deploying the SDK JAR file to the Java application, prior to initiating the creation of your Java application, certain configuration steps or the provision of necessary information are required to establish a connection, register, or utilize PAM360 functionalities provided by the SDK.

Use the provided sample code with the ClientRegistrationManager and ServiceConfiguration objects to register your Java application/services with the PAM360 server. This registration registers your Java application to the PAM360 interface and facilitates the subsequent retrieval of data from the PAM360 repository via available API methods. It is a one-time operation on the machine where the PAM360 SDK is utilized.

	import com.manageengine.pam360.sdk.exception.SDKException;
	import com.manageengine.pam360.sdk.services.ClientRegistrationManager;
	import com.manageengine.pam360.sdk.services.ServiceConfiguration;
	public class SDKRegistrationExample {
	public static void main(String [] args) {
		ServiceConfiguration config = null;
        	try {
		String registrationToken = "#######-####-####-####-############";
            	String pamHostName = "CHEST11F-H07";
            	int pamServerPort = 8282;
            	config = new ServiceConfiguration(pamHostName, pamServerPort);
            	ClientRegistrationManager registrationManager = new ClientRegistrationManager(config);
            	registrationManager.register(registrationToken); 
	 	//To Update a New Registration Token - registrationManager.update(registrationToken,"");
		//To check if there any SDK registered - boolean isRegistered = registrationManager.isRegistered();
        	}
		catch (SDKException ex) {
		ex.printStackTrace();
        	}
    		}
	}
	
  1. registrationToken - Unique identifier associated with a SDK policy received via an email or from administrator.
  2. pamHostName - Specific host from where the PAM360 application operates.
  3. pamServerPort - Port number for the communication with the PAM360 server.

2.1 How Does the User Registration Work?

Upon executing the above sample code with the classified ClientRegistrationManager and ServiceConfiguration SDK java objects, the Java application will be registered with the PAM360 application. In response to the registration, an SDK config file will be created in the folder named sdk_config.

Notes: Make sure to securely store the generated config file. The config file value acts as a primary source of authentication between the Java application and PAM360 while making the API calls from the Java application.

Upon completion, the registered application with the deployed PAM360 SDK will be reflected in the PAM360 web interface. Information such as Policy Name, Application Type, and Accessed Information, along with audit details of actions performed within the application relevant to PAM360, will be accessible. Administrators possess the capability to oversee details of SDK-deployed applications directly from the PAM360 interface.

3. Invoking a PAM360 API via SDK Deployed Application

Below is a sample code for initializing an API via PAM360 SDK from the Java application/services.

E.g., To Fetch a Password of an Account

	import com.manageengine.pam360.sdk.exception.SDKException;
	import com.manageengine.pam360.sdk.resources.Password;
	import com.manageengine.pam360.sdk.services.ClientRegistrationManager;
	import com.manageengine.pam360.sdk.services.PAMService;
	import com.manageengine.pam360.sdk.services.ServiceConfiguration;
	public class getPasswordOfAccount {
	public static void main(String[] args) {
		ServiceConfiguration config = null;
		try {
		String pamHostName = "CHEST11F-H07";
		int pamServerPort = 8282;
		config = new ServiceConfiguration(pamHostName, pamServerPort);
		String restApiToken = "########-####-####-####-############";
		PAMService service = new PAMService(config, restApiToken);
		Password password = service.getPasswordInstance();
		System.out.println(password.getPasswordOfAccount("ad-services2k19", "sysadmin"));
		}
		catch (SDKException ex) {
		ex.printStackTrace();
		}
		}
	}
	

Refer to this help documentation for the remaining SDK-supported API sample codes. You can also refer to this Java Documentation to learn about the available objects, methods, and classes.

4. Java SDK Best Practices

SDK Logs - The PAMSDKLogger is responsible for logging all the internal errors and activities that occur within the PAM360 SDK. This class reports all internal errors that occur in an entity, registration, etc. By default, the SDK-relevant logs are stored in a folder named sdk_logs in the PAM360 SDK's deployed Java application. However, for security reasons, you can provide an absolute file path in a preferred directory using the below steps while invoking an API. This is a one-time process; once defined, the same path will be used for logs in the subsequent API calls.

	import com.manageengine.pam360.sdk.services.PAMSDKLogger;
	.
	.
	PAMSDKLogger logger = new PAMSDKLogger();
	logger.setLogLocation("D:\2024\Java\Vault\SDK");
	.
	.
	

SDK Config -The config file value generated during the application registration acts as a primary authentication source between the Java application and PAM360 while making the API calls from the Java application. By default, while registering the application, the config file will be stored in a folder called sdk_config within the Java application. However, for security reasons, you can specify the desired directory path using the below steps while invoking an API. This allows you to store the SDK config file in a location of your choice.

	import com.manageengine.pam360.sdk.services.DefaultClientConfigHandler;
	.
	.
	ServiceConfiguration config = null;
        try {
 		String pamHostName = "CHEST11F-H07";
 		int pamServerPort = 8282;
 		config = new ServiceConfiguration(pamHostName, pamServerPort);
		config.setConfigurationPath("D:\2024\Java\Vault\SDK")
	.
	.
	


Top