Java SM: The Java SM instance creation is very simple using a command line script with few input parameters. All this SM requires is the jps-config.xml present in $JAVA_SM/config location. The contents of this XML would be identity store, policy store, credentials store and so on. I am not going into details of the backend stores specified in this XML. You can use Java SM to execute java code on a stand-alone mode. There is an application Server JBOSS which is supported (atleast the steps are known to the world - detailed in fusionsecurity.blogspot.com). However if you want to use Java SM in the famous Tomcat container, then it is not supported in this current release which I think is very big lag. In general there are two types of calls you can make out to OES 11g - Authorization Calls, Policy Management calls.
In our case, we have developed an enterprise application and deployed in Tomcat container. We have to make authorization calls from the application in a dynamic manner for protecting the fine grained elements. We have tried N no. of ways to achieve this but could not make it work. However we are able to make policy management calls to OES Server just using jps-config.xml file. Policy Management calls include creating applications, resources, policies etc.,