Consider the use of third-party security providers when moving applications to the cloud. This rule flags the use of third-party Java security APIs. Their use indicates that the application needs to communicate with a on-premises security server such as IBM Tivoli, Security Policy Manager, Oracle Access Manager, or SiteMinder. Most of the security software development kits (SDKs) use standard protocols to communicate with the security provider, which can be used with a virtual private network (VPN). For information about configuring these client-side SDKs, see the vendor documentation.
References to the following packages indicate use of vendor provided programmatic security:
com.ibm.tspmcom.oblix.accesscom.oracle.am.asdkcom.netegrity.policyserver.smapicom.netegrity.sdk.apiutilcom.netegrity.sdk.dmsapicom.netegrity.sdk.imspolicyapicom.netegrity.sdk.policyapinetegrity.siteminder.javaagentcom.rsaEach security provider API type referenced by an application is flagged only once per Eclipse project or Java archive.
For example, if com.ibm.tspm and com.rsa APIs are both used in an Eclipse project, you get two results for that project.
The results help identify which security server technologies your application uses.
If your application is able to directly access the security provider, no further action is required.
Otherwise, you can use a VPN tunnel, such as the IBM Secure Gateway for IBM Cloud, to create a secure connection to your existing on-premises security provider. For more information about configuring a secure connection, see Configuring a VPN. After configuring your gateway, connect your application to the new destination by using the cloud host and port number that is provided when you created the destination. The following URLs are examples of Lightweight Directory Access Protocol (LDAP) URLs: