Sun Identity Manager 8.1 Resources Reference

Usage Notes

This section provides information related to using the SmartRoles resource adapter. The information is organized as follows:

General Notes

The following general notes are provided for this resource:

Complex Attribute Support

Identity Manager introduced a new complex attribute type that enables the SmartRoles adapter to support complex attributes. The complex attribute type is used when an attribute value is more complicated than a single value or list of values. This new complex type is used with the following attributes:

The attribute value for a complex attribute is an instance of the new com.waveset.object.GenericAttribute class. The GenericAttribute instance wraps a GenericObject instance containing the real attribute value information. The GenericObject stores attributes and values in a hierarchy that can be set and retrieved using path expressions.

ResourceAction Support

Although the adapter does not support before and after actions, it does support running actions using the runResourceAction Provision Workflow Service. You can write a SmartRoles action in javascript or BeanShell, and it can call the SmartRoles APIs to perform custom behavior as part of a workflow. Input to the action script is contained in a Map object named actionContext. The actionContext Map contains the following:




String describing the type of action being run. Currently, this action can only be run.


Contains a reference to the com.waveset.adapter.SmartRolesResourceAdapter instance.


A Map containing any additional arguments passed in to the runResourceAction Provision Workflow Service call.


Reference to the WavesetResult that is returned from the runResourceAction Provision Workflow Service call.


Reference to a SmartRoles IOMSession instance. The session is created using the administrator and password defined in the SmartRoles resource.


Reference to the com.sun.idm.logging.trace.Trace instance associated with the com.waveset.adapter.SmartRolesResourceAdapter class. You can use this to output trace messages for use in debugging the action script.

The following ResourceAction XML is an example of a BeanShell action. (Set the actionType to JAVASCRIPT for a javascript action.) This action script takes an argument named user (retrieved from the additionalArgs Map) and searches the SmartRoles repository for one or more Person objects with a LOGON_ID that matches the value in the user argument. The string representation of each matching Person is then returned in the WavesetResult in the ACTION_RC ResultItem.

<?xml version=’1.0’ encoding=’UTF-8’?>
<!DOCTYPE ResourceAction PUBLIC ’waveset.dtd’ ’waveset.dtd’>
<!--  MemberObjectGroups="#ID#Top"-->
<ResourceAction createDate=’1148443502593’>
   <ResTypeAction restype=’SmartRoles’ timeout=’0’ actionType=’BEANSHELL’>
         import bridgestream.core.*;
         import bridgestream.util.*;
         import bridgestream.temporal.person.*;
         import java.util.*;
         import com.waveset.object.*;
         IOMSession session = actionContext.get("session");
         OMEngine engine = OMEngine.getInstance(session);
         String user = actionContext.get("additionalArgs").get("user");
         UTNameValuePair[] criteria = new UTNameValuePair[] { new UTNameValuePair
            ("LOGON_ID", user) };
         UTTimestamp time = UTTimestamp.getSystemTimestamp();
         List list ="PERSON", criteria, time, null, null);
         Iterator iter = list.iterator();
         StringBuffer buf = new StringBuffer();
         while (iter.hasNext()) {
            ENPerson person = (ENPerson);
         WavesetResult result = actionContext.get("result");
         result.addResult("ACTION_RC", buf.toString());
      <ObjectRef type=’ObjectGroup’ id=’#ID#Top’ name=’Top’/>


Currently, this adapter has the following limitations: