Saturday 16 June 2018

OIM API - Admin Role Operations.

To execute below code you have to add following jars in classpath:

  • commons-logging.jar

  • eclipselink.jar

  • jrf-api.jar

  • oimclient.jar

  • spring.jar

  • wlfullclient.jar

 

Stand Alone Code:

 

import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import javax.security.auth.login.LoginException;
import oracle.iam.identity.exception.OrganizationManagerException;
import oracle.iam.identity.orgmgmt.api.OrganizationManager;
import oracle.iam.identity.orgmgmt.vo.Organization;
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.api.UserManagerConstants;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authopss.vo.AdminRole;
import oracle.iam.platform.authopss.vo.AdminRoleMembership;
import oracle.iam.platformservice.api.AdminRoleService;

public class AdminRoleOperation {
       OIMClient oimClient = null;
         
       //identity self service details
       String username = "xelsysadm";
       String password = "<password>"; //xelsysadm password
       String t3url = "t3://<hostname>:<port>"; //OIM HostName and Port
       String authwl_location = "<location of authwl.conf file in your local machine>"; //eg. D:\\authwl.conf
     
public void getOIMConnection(){
       //set system properties
       System.setProperty("java.security.auth.login.config", authwl_location);
       System.setProperty("OIM.AppServerType", "wls");
       System.setProperty("APPSERVER_TYPE", "wls");
   
       Hashtable oimenv = new Hashtable();
       oimenv.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory");
       oimenv.put(OIMClient.JAVA_NAMING_PROVIDER_URL,t3url);
       oimClient = new OIMClient(oimenv);
       try {
           oimClient.login(username, password.toCharArray());
           System.out.println("Connected!!!");
       } catch (LoginException e) {
           e.printStackTrace();
       }
}
     
public void assignAdminRoleToUser(String adminRoleName, String userLogin, String orgName) {
        //initialize admin role service
        AdminRoleService adminRoleSvc = oimClient.getService(AdminRoleService.class);
       
        //get admin role object by admin role name
        AdminRole adminRole = getAdminRoleByName(adminRoleName);
        if(null == adminRole){
            System.out.println("Admin role <"+adminRole+"> is not present");
            return;
        }
       
        //get organization key by organization name
        String orgKey = getOrganizationID(orgName);
        if(null == orgKey){
            System.out.println("Organization <"+orgName+"> is not present");
            return;
        }
       
        //get user key by user login
        String usrKey = getUserKeyByUserLogin(userLogin);
        if(null == usrKey){
            System.out.println("User <"+userLogin+"> is not present");
            return;
        }
       
        //Create a new membership object
        AdminRoleMembership membership = new AdminRoleMembership();
        membership.setAdminRole(adminRole);
        membership.setUserId(usrKey);
        membership.setScopeId(orgKey);
        membership.setHierarchicalScope(true);
       
        adminRoleSvc.addAdminRoleMembership(membership); 
        System.out.println("Admin Role Successfully Assigned to the User: " + userLogin);
}
   
public void revokeAdminRoleFromUser(String adminRoleName, String userLogin, String orgName) {   
        boolean isRemoved = false;
        //initialize admin role service
        AdminRoleService adminRoleSvc = oimClient.getService(AdminRoleService.class);
       
        //get organization key by organization name
        String orgKey = getOrganizationID(orgName);
        if(null == orgKey){
            System.out.println("Organization <"+orgName+"> is not present");
            return;
        }
       
        //get user key by user login
        String usrKey = getUserKeyByUserLogin(userLogin);
        if(null == usrKey){
            System.out.println("User <"+userLogin+"> is not present");
            return;
        }
       
        List<AdminRoleMembership> memberships = adminRoleSvc.listUsersMembership(usrKey, null, orgKey, true, null);
        System.out.println("Memberships count :: " + memberships.size());
       
        for(AdminRoleMembership membership : memberships){
            if (membership.getAdminRoleName().equals(adminRoleName)) {
                isRemoved = adminRoleSvc.removeAdminRoleMembership(membership);
                break;
            }       
        }
       
        if(isRemoved){
            System.out.println("Admin Role Successfully Revoked from the User : " + userLogin);
        }else{
            System.out.println("Something went wrong");
        }
}
      
private void getAllAdminRolesAssignedToUser(String userLogin, String orgName) {
        //initialize admin role service
        AdminRoleService adminRoleSvc = oimClient.getService(AdminRoleService.class);
       
        //get organization key by organization name
        String orgKey = getOrganizationID(orgName);
        if(null == orgKey){
            System.out.println("Organization <"+orgName+"> is not present");
            return;
        }
       
        //get user key by user login
        String usrKey = getUserKeyByUserLogin(userLogin);
        if(null == usrKey){
            System.out.println("User <"+userLogin+"> is not present");
            return;
        }
       
        List<AdminRoleMembership> memberships = adminRoleSvc.listUsersMembership(usrKey, null, orgKey, true, null);
        System.out.println("Memberships count :: " + memberships.size());
       
        for(AdminRoleMembership membership : memberships){
            System.out.println("***********************************");
            System.out.println("Admin Role ID :: " + membership.getAdminRoleId());
            System.out.println("Admin Role Name :: " + membership.getAdminRoleName());
            System.out.println("***********************************");
        }       
}

private AdminRole getAdminRoleByName(String adminRoleName) {
        //initialize admin role service
        AdminRoleService adminRoleSvc = oimClient.getService(AdminRoleService.class);
       
        List<AdminRole> adminRoles = adminRoleSvc.getScopedAdminRoles();
        Iterator adminRolesIter = adminRoles.iterator();
        while (adminRolesIter.hasNext()) {
            AdminRole adminRole = (AdminRole)adminRolesIter.next();
          if (adminRole.getRoleName().equals(adminRoleName)) {
              return adminRole;
          }
        }
        return null;
}
 
private String getOrganizationID(String orgName) {
        OrganizationManager orgManager = oimClient.getService(OrganizationManager.class);
        Organization org;
        try{
          org = orgManager.getDetails(orgName, null, true);
          return org.getEntityId();
        } catch (OrganizationManagerException e) {
            System.out.println("Exception occured while fetching org key");
            return null;
        }
}
   
public String getUserKeyByUserLogin(String userLogin){
        HashSet<String> attrsToFetch = new HashSet<String>();
        attrsToFetch.add(UserManagerConstants.AttributeName.USER_KEY.getId());
   
        try{    
            //get user manager service
            UserManager userService = oimClient.getService(UserManager.class);
          
            User user = userService.getDetails(userLogin, attrsToFetch, true);
            return user.getEntityId();
        }catch(Exception e){
            System.out.println("Exception occured while fetching user key");
            return null;
        }
}

public static void main(String[] args) {
        try {
            AdminRoleOperation obj = new AdminRoleOperation();
            obj.getOIMConnection();
           
            //Assign Admin Role to User
            obj.assignAdminRoleToUser("OrclOIMSystemAdministrator", "TestUser1", "Top");
           
            //Revoke Admin Role from User
            obj.revokeAdminRoleFromUser("OrclOIMSystemAdministrator", "TestUser1", "Top");
           
            //get All Admin Roles Assigned to User
            obj.getAllAdminRolesAssignedToUser("TestUser1", "Top");
           
            //get Admin Role by Name
            obj.getAdminRoleByName("OrclOIMSystemAdministrator");

        } catch (Exception e) {
            System.out.println("Exception occured :: " + e.getMessage());
        }
}
}

Happy Learning!!!

2 comments:

  1. Hi. How about create new admin role?
    Do you have any idea?

    ReplyDelete
  2. Thanks for sharing such a good content with your blogs. I really enjoying your blog while reading. if you need any kind of information Delete A Facebook Group.

    ReplyDelete