test

Oracle Waveset 8.1.1 Deployment Guide

Defining Features

The getFeatures() method specifies which features are supported by an adapter. The features can be categorized as follows:

The ResourceAdapterBase class defines a base implementation of the getFeatures() method. The Enabled in Base? column in the following tables indicates whether the feature is defined as enabled in the base implementation in ResourceAdapterBase.

Table 10–16 General Features

Feature Name

Enabled in Base? 

Comments

ACTIONS

No 

Indicates whether before and after actions are supported. To enable, override the supportsActions method with a true value.

RESOURCE_PASSWORD_CHANGE

No 

Indicates whether the resource adapter supports password changes. To enable, override the supportsResourceAccount method.

Table 10–17 Account Features

Feature Name

Enabled in Base? 

Comments

ACCOUNT_CASE_INSENSITIVE_IDS

Yes 

Indicates whether user account names are case-insensitive. Override the supportsCaseInsensitiveAccountIds method with a false value to make account IDs case-sensitive.

ACCOUNT_CREATE

Yes 

Indicates whether accounts can be created. Use the remove operation to disable this feature. 

ACCOUNT_DELETE

Yes 

Indicates whether accounts can be deleted. Use the remove operation to disable this feature. 

ACCOUNT_DISABLE

No 

Indicates whether accounts can be disabled on the resource. Override the supportsAccountDisable method with a true value to enable this feature.

ACCOUNT_EXCLUDE

No 

Determines whether administrative accounts can be excluded from Waveset. Override the supportsExcludedAccounts method with a true value to enable this feature.

ACCOUNT_ENABLE

No 

Indicates whether accounts can be enabled on the resource. Override the supportsAccountDisable method with a true value if accounts can be enabled on the resource.

ACCOUNT_EXPIRE_PASSWORD

Yes 

Enabled if the expirePassword Waveset User attribute is present in the schema map for the adapter. Use the remove operation to disable this feature. 

ACCOUNT_GUID

No 

If a GUID is present on the resource, use the put operation to enable this feature. 

ACCOUNT_ITERATOR

Yes 

Indicates whether the adapter uses an account iterator. Use the remove operation to disable this feature. 

ACCOUNT_LIST

Yes 

Indicates whether the adapter can list accounts. Use the remove operation to disable this feature. 

ACCOUNT_LOGIN

Yes 

Indicates whether a user can login to an account. Use the remove operation if logins can be disabled. 

ACCOUNT_PASSWORD

Yes 

Indicates whether an account requires a password. Use the remove operation if passwords can be disabled. 

ACCOUNT_RENAME

No 

Indicates whether an account can be renamed. Use the put operation to enable this feature. 

ACCOUNT_REPORTS_DISABLED

No 

Indicates whether the resource reports if an account is disabled. Use the put operation to enable this feature. 

ACCOUNT_UNLOCK

No 

Indicates whether an account can be unlocked. Use the put operation if accounts can be unlocked. 

ACCOUNT_UPDATE

Yes 

Indicates whether an account can be modified. Use the remove operation if accounts cannot be updated. 

ACCOUNT_USER_PASSWORD_ON_CHANGE

No 

Indicates whether the user’s current password must be specified when changing the password. Use the put operations if the user’s current password is required. 

Table 10–18 Group Features

Feature Name

Enabled in Base? 

Comments

GROUP_CREATE,GROUP_DELETE, GROUP_UPDATE

No 

Indicates whether groups can be created, deleted, or updated. Use the put operation to if these features are supported on the resource. 

Table 10–19 Organizational Unit Features

Feature Name

Enabled in Base? 

Comments

ORGUNIT_CREATEORGUNIT_DELETEORGUNIT_UPDATE

No 

Indicates whether organizational units can be created, deleted, or updated. Use the put operation to if these features are supported on the resource. 

If your custom adapter overrides the ResourceAdapterBase implementation of the getFeatures method, add code similar to the following:


public GenericObject getFeatures() {
GenericObject genObj = super.getFeatures();
genObj.put(Features.ACCOUNT_RENAME, Features.ACCOUNT_RENAME);
genObj.remove(Features.ACCOUNT_UPDATE, Features.ACCOUNT_UPDATE);
.. other features supported by this Resource Adapter …
return genObj;
}

To disable a feature by overriding a different method (such as supportsActions) add code similar to the following:


public boolean supportsActions() {
   return true;
}

The following tables describe the methods used to create, delete, and update accounts on Resources.

Table 10–20 Creating Accounts on the Resource

Method  

Description  

realCreate()

Creates the account on the resource. 

Receives a user object as input, and contains the account attribute information needed to create the user account (such as account name, password, and user name) 

Table 10–21 Deleting Accounts on the Resource

Method  

Description 

realDelete()

Deletes one or more accounts on the resource. 

Receives a user object or list of user objects as input. By default, this method creates a connection, calls realDelete, closes the connection for each user object in the list.

Table 10–22 Updating Accounts on the Resource

Method 

Description  

realUpdate()

Updates a subset of the account attributes. 

By default, this method creates a connection, calls realUpdate, and closes the connection for each user object in the list.

NOTE: User account attributes from the resource are merged with any new changes from Waveset.

Table 10–23 Getting User Information

Method  

Description  

getUser()

Retrieves information from the resource about user attributes. 

Receives a user object as input (typically with only an account identity set), and returns a new user object with values set for any attribute defined in resource schema map. 

You can use list methods to establish processes that adapters use to retrieve user information from the resource.

Table 10–24 List Methods

Method 

Description 

getAccountIterator()

Used to discover or import all the users from a resource. 

Implements the Account Iterator interface to iterate over all users of a resource. 

listAllObjects ()

Given a resource object type (such as accountID or group), returns a list of that type from the resource.

Implement this method to generate lists that are used by the resource, such as a list of resource groups or distribution lists. 

This method is called from the user form (not called by provisioning engine). 

Best Practice

When writing an AccountIterator interface implementation for a custom adapter, try to do the following:

The following example shows code for retrieving information from a resource and converting that information into information that Waveset can work with.

Resource Adapters: Retrieving Information on a Resource


public WSUser getUser(WSUser user)
 throws WavesetException {
    String identity = getIdentity(user);
     WSUser newUser = null;
    try {
         startConnection();
        Map attributes = fetchUser(user);
         if (attributes != null) {
             newUser = makeWavesetUser(attributes);
         }
     } finally {
         stopConnection();
     }
     return newUser;
 }
Table 10–25 Enable and Disable Methods

Method 

Description 

supportsAccountDisable()

Returns true or false depending on whether the resource supports native account disable.

realEnable()

Implements native calls that are needed to enable the user account on the resource. 

realDisable()

Implements native calls that are needed to disable the user account on the resource.