Accessing Run-As User Credentials in the DRM Enabler Class

If you want to use run-as security with your custom DRM system, follow the steps below to access the run-as (operating system) credentials in your Java code.

Run-as security is an optional feature of 3DOrchestrate, as described in About Run-As Security.

  1. Grant privileges to your DRM enabler class by adding a new entry in the following properties file: 

    <server_install_dir>/<os>/reffiles/SMAExeConfig/SMAExePrivileged.properties

    Add a line that includes the fully qualified class name of your custom DRM enabler class, as follows:

    Fully_qualified_enabler_class_name=OS

    For example:

    com.mycompany.drm.enabler.MyDRMEnabler=OS

  2. Get the DRMCommandRunner object from IDRMDataWrapper: 

    DRMCommandRunner commandRunner = drmDatawrapper.getCommandRunner();

  3. Use the API shown below to access operating system user credentials in your DRM enabler class.

    Use the method getDRMResourceCredentialForOS to access the credentials.

    /**
 * Retrieve the Resource Credential Service associated with the specified job and resource name from OS.
 * This method provides secure access to credentials service for only those classes that are authorized
 * <p>
 * <p>
 * The credential service returned will remain encrypted with the servers public key.
 * <p>
 * This method will return null if the specified resource credential service is not available.
 * 
 * @param jobId identifies the job with which the requested credentials should be associated. 
 * @param resourceName identifies the name of protected resource for which to retrieve credentials.
 * @param object identifies the enabler class instance
 * @return the map contains these keys 'user','password' or null in case of exception
   For example:
            byte[] user = credMap.get("user");
            String decryptedUser = new String(user);            
            byte[] password = credMap.get("password");            
            String decryptedPassword = new String(password);
*/

getDRMResourceCredentialForOS(String jobId, String resourceName, Object instance)

//To access OS (run-as) user credentials 
		
try {
			
      Map<String, byte[]> credMap = drmDataWrapper.getCommandRunner().getDRMResourceCredentialForOS(drmDataWrapper.getJobID(),this.getClass().getCanonicalName(),this);
      // get individual credentials from the map
      byte[] user = credMap.get("user");
      String decryptedUser = new String(user);
      byte[] password = credMap.get("password");
      String decryptedPasswrod = new String(password);

    } catch (Exception e) {e.printStackTrace();}