import java.util.HashMap; import com.hyperion.css.CSSAPIIF; import com.hyperion.css.CSSException; import com.hyperion.css.common.CSSNativeRoleIF; import com.hyperion.css.common.CSSNativeUserIF; import com.hyperion.css.common.CSSRoleIF; import com.hyperion.css.common.CSSUserIF; /* * This sample demonstrates the following : * 1. User provisioning * 2. User de-provisioning * 3. List the roles of a provisioned user. * 4. Create an aggregate role. * 5. Modify an aggregate role. * 6. Delete an aggregate role. * 7. List roles of an application * * Provisioning is the process of assigning roles to a user * for a specified application. * * The example creates a user and provisions it * to the built-in "Hub application" with built-in global roles. * * In order to create an aggregate role, a product has to be registered, * and product ID has to match the one in the sample. */ public class UserProvisioningSample extends Sample { public UserProvisioningSample() throws Exception { super(); } /* creates a user */ private CSSUserIF getUser() throws CSSException{ CSSNativeUserIF user = null; HashMap context = new HashMap(); user = cssDMAPI.getNativeUserInstance(context,principal); user.setLoginName("upuser" ); user.setDescription("Created for test"); user.setFirstName("First"); user.setLastName("Last"); user.setPassword("password"); cssDMAPI.addNativeUser(context, principal, user); return user; } /* Return pre-configured global hub roles */ private String[] getRoles() { String []roles = new String[3]; roles[0] = CSSAPIIF.ROLE_DIRECTORY_MANAGER_IDENTITY; roles[1] = CSSAPIIF.ROLE_PROJECT_MANAGER_IDENTITY; roles[2] = CSSAPIIF.ROLE_PROVISIONING_MANAGER_IDENTITY; return roles; } /* Return roles the user has. If getIndirectRoles = true, * return all roles of the user including roles obtained * by membership in groups and ancestor groups. */ public String[] getRolesList(CSSUserIF user, boolean getIndirectRoles) throws CSSException { return user.getRolesList(principal, CSSAPIIF.HUB_APPLICATION_ID, getIndirectRoles); } /* Deprovision a user * * This is accomplished by provisioning a user with * a null role list. * @param identity - the identity of the user to be deprovsioned. * */ public void deProvisionUser(String identity) throws CSSException{ /* Use built in "HUB" application id */ String []emptyRoles = new String[0]; /* replace the existing roles with a null role list */ boolean addToExistingRoles = false; String applicationId = CSSAPIIF.HUB_APPLICATION_ID; cssUPAPI.setRolesList(context, principal, identity, emptyRoles,applicationId, addToExistingRoles); } /* provision user * @param identity - the identity of the user to be provsioned. * */ public void provisionUser(String identity) throws CSSException{ String [] roles = getRoles(); /* Use built in "HUB" application id */ String applicationId = CSSAPIIF.HUB_APPLICATION_ID; cssUPAPI.setRolesList(context, principal, identity, roles,applicationId, true); String applicationID1 = "HP-Product:HPProductTest1"; String []rolesExt = new String[1]; rolesExt[0]= "native://DN=cn=HUB:2,ou=HUB,ou=Roles,dc=css,dc=hyperion,dc=com?ROLE"; cssUPAPI.setRolesList(context, principal, identity, rolesExt,applicationID1, true); } public CSSNativeRoleIF createAggRole() throws CSSException{ CSSNativeRoleIF nativeAggRole = cssDMAPI.getNativeRoleInstance(context, principal, "HP-Product-1.0.3"); nativeAggRole.setName("TestRole"); nativeAggRole.setDescription("Test Role Description"); /* * getRoles() returns several roles which together * will constitute the aggregate role. */ nativeAggRole.setRoleTree(new String[0], true); cssDMAPI.addNativeRole(context, principal,nativeAggRole); return nativeAggRole; } public void modifyAggRole(String identity) throws CSSException{ CSSNativeRoleIF nativeAggRole = cssDMAPI.getNativeRoleByIdentity(context, principal,identity); nativeAggRole.setDescription("Test Role Modified Description"); cssDMAPI.updateNativeRole(context, principal, nativeAggRole); } public void deleteAggRole(String identity) throws CSSException { cssDMAPI.deleteNativeRoles(context, principal, new String[]{identity}); } public CSSRoleIF[] getAllRolesInApp() throws CSSException { return cssUPAPI.getRolesByApplication(context, principal, CSSAPIIF.HUB_APPLICATION_ID,"*", null); } public void getAppsForProject(String projectId) { } public void cleanup(String [] identities) { try { cssDMAPI.deleteNativeUsers(context,principal, identities); } catch (CSSException csse) { csse.printStackTrace(); } } public CSSUserIF[] getProvisionedUsers(String appId) throws CSSException{ return cssUPAPI.getAllProvisionedUsersInApp(context, principal, "*",CSSAPIIF.ACCESS_TYPE_MANAGE,appId); } public static void main(String [] args) { UserProvisioningSample ups = null; CSSUserIF user = null; try { ups = new UserProvisioningSample(); ups.printMsg(System.out, "Main methods:"); /* Create user */ user = ups.getUser(); /*Provision user to HUB app with global roles*/ ups.provisionUser(user.getIdentity()); /* Query all users provisioned to the Hub application */ CSSUserIF [] users = ups.getProvisionedUsers(CSSAPIIF.HUB_APPLICATION_ID); ups.dumpUsers(System.out, "Users provisioned for HUB app", users); /* get all roles for user */ String [] roles = ups.getRolesList(user, true); ups.dump(System.out,"Roles for user " + user.getLoginName(),roles ); /* Get all roles for app */ CSSRoleIF [] rolesForApp = ups.getAllRolesInApp(); ups.dumpRoles(System.out, "Roles in App", rolesForApp); /* de provision user */ ups.printMsg(System.out, "Deprovisioning user ..."); ups.deProvisionUser(user.getIdentity()); roles = ups.getRolesList(user, true); ups.dump(System.out,"After deprovisioning, roles for user " + user.getLoginName(),roles ); /* Create, modify and delete an aggregate role*/ /* agggregate role contains other built-in roles */ CSSNativeRoleIF aggRole = ups.createAggRole(); ups.modifyAggRole(aggRole.getIdentity()); ups.deleteAggRole(aggRole.getIdentity()); ups.cleanup(new String[]{user.getIdentity()}); } catch (Throwable e) { e.printStackTrace(); System.out.println("Could not run sample because of error " + e.getClass().getName() + ": " + e.getMessage()); ups.cleanup(new String[]{user.getIdentity()}); } finally { if (ups != null) ups.shutdown(); } } }