| Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) Part Number E14309-09 |
|
|
PDF · Mobi · ePub |
| Oracle® Fusion Middleware Developer's Guide for Oracle Identity Manager 11g Release 1 (11.1.1) Part Number E14309-09 |
|
|
PDF · Mobi · ePub |
Oracle provides a network-aware, Java-based application programming interface (API) that exposes Services, called Utility in earlier releases, available in Oracle Identity Manager. This API is based on Plain Old Java Objects (POJO) and takes care of all the plumbing required to interact with Oracle Identity Manager. This API can be used for building clients for Oracle Identity Manager and for integrating third-party products with the Oracle Identity Manager platform.
This chapter contains these sections:
The entry point to Oracle Identity Manager Services is through oracle.iam.platform.OIMClient class. Thor.API.tcUtilityFactory used in earlier releases is also supported. Oracle recommends using the oracle.iam.platform.OIMClient for developing clients to integrate with Oracle Identity Manager.
This section describes the following topics:
OIMClient is the entry point for accessing the services available in Oracle Identity Manager. You use the following sequence of steps when using OIMClient:
Create an instance of OIMClient with the environment information required to connect to Oracle Identity Manager application, as shown:
Hashtable env = new Hashtable(); env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL, "weblogic.jndi.WLInitialContextFactory"); env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, http://OIM_HOSTNAME:OIM_PORT); OIMClient oimClient = new OIMClient(env);
Here, replace OIM_HOSTNAME with the host name on which Oracle Identity Manager is deployed and OIM_PORT with the port number.
Login to the Oracle Identity Manager with the appropriate credentials, as shown:
oimClient.login(OIM_USERNAME, OIM_PASSWORD);
Lookup a service, as shown:
UserManager usermgr = oimClient.getService(UserManager.class);
Call method on a service, as shown:
HashMap userAttributes = new HashMap(); …………….. UserManagerResult result = userMgr.create(new User(null, userAttributes));
Earlier releases of Oracle Identity Manager supports tcUtilityFactory for accessing Oracle Identity Manager Services (or Utilities, as they are called in legacy releases). tcUtilityFactory continues to be supported. However, as mentioned earlier, Oracle recommends using OIMClient for building all client applications for Oracle Identity Manager.
You use the following sequence of steps when using tcUtilityFactory:
Create an instance of tcUtilityFactory with the environment information, such as username and password, as shown:
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env, "OIM_USERNAME", "OIM_PASSWORD");
Look up utility or service by providing the fully qualified name of the utility, as shown:
tcUserOperationsIntf moUserUtility = (tcUserOperationsIntf)ioUtilityFactory.getUtility("Thor.API.Operations.tcUserOperationsIntf");
Run operations on the utility, as shown:
Hashtable mhSearchCriteria = new Hashtable();
mhSearchCriteria.put("Users.First Name", psFirstName);
tcResultSet moResultSet = moUserUtility.findUsers(mhSearchCriteria);
The Oracle Identity Manager API provides access to services available in Oracle Identity Manager. Because the APIs introduced in 11g Release 1 (11.1.1) and the legacy APIs use different conventions, this section discusses them separately in the following topics:
Services introduced in Oracle Identity Manager 11g Release 1 (11.1.1) follow the following conventions:
Package Names: Services are in packages whose names end with "api", for example:
oracle.iam.request.api oracle.iam.identity.usermgmt.api
Service Interface Names: Services introduced in 11g typically use the naming convention of "*Service", for example:
oracle.iam.request.api.RequestService oracle.iam.selfservice.self.selfmgmt.api.AuthenticatedSelfService
Some Identity Administration APIs use the "*Manager" naming convention for their APIs, for example:
oracle.iam.identity.usermgmt.api.UserManager
Legacy services, also called utilities, follow the following naming conventions
Package Names: All legacy APIs are in Thor.API.Operations package.
Service Interface Names: Service names are of the form "*Intf", for example, Thor.API.Operations.tcImportOperationsIntf.
See Also:
Oracle Fusion Middleware Java API Reference for Oracle Identity Manager for a full list of services available in Oracle Identity Manager. You can use the naming conventions above to find the APIs.
Table 31-1 lists some commonly used services in Oracle Identity Manager.
Table 31-1 Commonly Used Services
| Service Name | Description |
|---|---|
|
UserManager |
Provides operations for user management, such as create, search, modify, and delete users |
|
RequestService |
Provides operation to submit, withdraw, close, and search requests Note: Using the request template service, when you search for a request template that does not exist, a null value is returned. |
|
RoleManager |
Provides operations for role management such as create, search, modify, and delete roles. In addition, this service provides operations for management of role members and relationships between roles. |
|
OrganizationManager |
Provides operations for organization management such as create, search, modify, delete, enable, and disable organizations. |
In Oracle Identity Manager 11g Release 1 (11.1.1), some of the legacy APIs have been rewritten by using new architecture and the corresponding utility services or interface classes have been changed. Table 31-2 provides a high-level correspondence between the legacy and new interfaces.
Table 31-2 Mapping Between Legacy and New Services
| Legacy Service | New Service |
|---|---|
|
Thor.API.Operations.tcUserOperationsIntf |
oracle.iam.identity.usermgmt.api.UserManager |
|
Thor.API.Operations.tcGroupOperationsIntf |
oracle.iam.identity.rolemgmt.api.RoleManager |
|
Thor.API.Operations.tcOrganizationOperationsIntf |
oracle.iam.identity.orgmgmt.api.OrganizationManager |
|
Thor.API.Operations.tcRequestOperationsIntf |
oracle.iam.request.api.RequestService |
|
Thor.API.Operations.tcSchedulerOperationsIntf |
oracle.iam.scheduler.api.SchedulerService |
|
Thor.API.Operations.tcEmailOperationsIntf |
oracle.iam.notification.api.NotificationService |
This section includes the following topics:
The following prerequisites must be met for developing clients for Oracle Identity Manager:
Java Development Kit (JDK) 1.6 installed and set in the path
ANT 1.7 installed and set in the path
Oracle Identity Manager package contains a ZIP file that contains the required libraries and configuration files for developing clients. It also contains a sample client, which you can use as the starting point for developing your application.
To run an application client for Oracle Identity Manager:
Copy OIM_ORACLE_HOME/server/client/oimclient.zip to the computer on which you want to develop the client, for example the oimclient/ directory. This directory is referred to as OIM_CLIENT_HOME in this document. Extract the ZIP file. Note that the oimclient.zip file consists of the conf, lib, sample, directories, oimclient.jar, and README.
Copy the application server-specific client library to the OIM_CLIENT_HOME/lib/ directory. For Oracle WebLogic Server, wlfullclient.jar is the client library. It is created in MIDDLEWARE_HOME/WL_HOME/server/lib/ directory, for example, /scratch/beahome/wlserver_10.3/server/lib/. Check if wlfullclient.jar is present. If not, then you must generate one by using the jarbuilder tool. See Oracle WebLogic Server documentation on how to generate wlfullclient.jar.
Edit and run the sample client. To do so:
Open the OIM_CLIENT_HOME/sample/src/oracle/iam/samples/SampleOIMClient.java sample client file.
Edit the following constants to point to the host on which Oracle Identity Manager is displayed:
OIMURL: The URL of the Oracle Identity Manager host computer
OIMUserName: Administrator username for Oracle Identity Manager
OIMPassword: Administrator password for Oracle Identity Manager
Run the ant command. This compiles and runs the sample client. The sample generates the following output when it runs successfully:
[java] LOGGER >> Creating client.... [java] LOGGER >> Logging in [java] LOGGER >> Log in successful [java] LOGGER >> User Created
This section describes the following topics:
Legacy Oracle Identity Manager APIs extensively use the tcResultSet interface. The Thor.API.tcResultSet interface is a data structure that stores records retrieved from the database. Methods in the Oracle Identity Manager API that must return a set of data use a result set. This is a two-dimensional data structure in which the columns correspond to the attributes and rows correspond to the entities. For example, a result set that is returned by the method that searches for users, each row would represent data pertaining to one user, and each column in the row would be an attribute for that user.
You can scroll through the result set and retrieve individual entries corresponding to particular attributes by using the various methods provided. To locate a particular row in the result set, use the goToRow() method with the row number as a parameter. To retrieve the values for the columns from a row, use appropriate accessor methods, such as getStringValue(). To obtain the value from a specific column, pass the column name as a parameter to the accessor method. The column name is the descriptive code defined in the Oracle Identity Manager Meta-Data system. The following table shows some sample metadata values. This mapping is based on lookup codes and can be looked up in the Design Console by using the Lookup Definition Form.
| Column Code | Explanation |
|---|---|
|
IT Resources.Name |
The name of an IT resource |
|
Process Definition.Name |
The name of a provisioning process |
Note:
Keep track of the result set objects that are retrieved, because they will be required when updating an existing record.
The following is an example of how to use a result set. This example obtains a result set by calling the findAllUsers() method. This method searches for all users matching certain criteria:
tcResultSet moResultSet = moUserUtility.findAllUsers(mhAttribs);
To check if the findAllUsers() method returned any records, use the isEmpty() method, for example:
boolean mbEmpty = moResultSet.isEmpty();
To retrieve the number of records found, use the getRowCount() method. If no records are found, then the method returns 0. The following is an example:
int mnNumRec = moResultSet.getRowCount();
To select a particular record in the system, use the goToRow() method:
moResultSet.goToRow(5);
To retrieve the values of attributes from the current row, use the appropriate accessor method, for example:
String msUserLastName = moResultSet.getStringValue("Users.Last Name");
The API methods throw Oracle-defined Java exceptions. Instead of using the getMessage() method on the exception object received, you can access the isMessage internal variable to retrieve the exception message.
The tcUtilityFactory class manages all resources used by a utility or factory instance and provides a means to release these resources after they are used.
If you instantiate and use tcUtilityFactory to obtain utility class instances, to release the resources that are associated with the utility class, call the close(utility Object) method on the factory class. If the session has ended, then call the close() method on the factory instance to release all the utility classes, the session objects, and the database objects.
If you obtain a utility class directly by using static calls, after the utility object is no longer needed, call the close(object) method on the utility object.
Example 31-1 illustrates how to retrieve Oracle Identity Manager information. This example creates an instance of the factory class. The instance is then called several times to retrieve individual utility classes and use them to retrieve Oracle Identity Manager information.
Example 31-1 Retrieving Oracle Identity Manager Information
/*
This class is intented to showcase some of OIM API's. These API's are
specific to OIM 11g release. As an example, Legacy API's usage for
Organization is also shown.
*/
package oracle.iam.samples;
// Role related API's
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.identity.exception.RoleSearchException;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants.RoleAttributeName;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants.RoleCategoryAttributeName;
// User related API's
import oracle.iam.identity.usermgmt.api.UserManager;
import oracle.iam.identity.usermgmt.vo.User;
import oracle.iam.identity.exception.UserSearchException;
import oracle.iam.identity.usermgmt.api.UserManagerConstants.AttributeName;
// Organization Legacy API's
import Thor.API.Operations.tcOrganizationOperationsIntf;
import Thor.API.tcResultSet;
import Thor.API.Exceptions.tcAPIException;
import Thor.API.Exceptions.tcColumnNotFoundException;
import Thor.API.Exceptions.tcOrganizationNotFoundException;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authz.exception.AccessDeniedException;
import oracle.iam.platform.entitymgr.vo.SearchCriteria;
import java.util.*;
import javax.naming.NamingException;
import javax.security.auth.login.LoginException;
public class Sample {
private static OIMClient oimClient;
/*
* Initialize the context and login with client supplied environment
*/
public void init() throws LoginException {
System.out.println("Creating client....");
String ctxFactory = "weblogic.jndi.WLInitialContextFactory";
String serverURL = "t3://OIM_HOSTNAME:OIM_PORT";
String username = "xelsysadm";
String password = "xelsysadm";
Hashtable env = new Hashtable();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,ctxFactory);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, serverURL);
oimClient = new OIMClient(env);
System.out.println("Logging in");
oimClient.login(username, password);
System.out.println("Log in successful");
}
/**
* Retrieves User login based on the first name using OIM 11g
* UserManager service API.
*/
public List getUserLogin(String psFirstName) {
Vector mvUsers = new Vector();
UserManager userService = oimClient.getService(UserManager.class);
Set<String> retAttrs = new HashSet<String>();
// Attributes that should be returned as part of the search.
// Retrieve "User Login" attribute of the User.
// Note: Additional attributes can be specified in a
// similar fashion.
retAttrs.add(AttributeName.USER_LOGIN.getId());
// Construct a search criteria. This search criteria states
// "Find User(s) whose 'First Name' equals 'psFirstName'".
SearchCriteria criteria;
criteria = new SearchCriteria(AttributeName.FIRSTNAME.getId(), psFirstName, SearchCriteria.Operator.EQUAL);
try {
// Use 'search' method of UserManager API to retrieve
// records that match the search criteria. The return
// object is of type User.
List<User> users = userService.search(criteria, retAttrs, null);
for (int i = 0; i < users.size(); i++) {
//Print User First Name and Login ID
System.out.println("First Name : " + psFirstName + " -- Login ID : " + users.get(i).getLogin());
mvUsers.add(users.get(i).getLogin());
}
} catch (AccessDeniedException ade) {
// handle exception
} catch (UserSearchException use) {
// handle exception
}
return mvUsers;
}
/**
* Retrieves the administrators of an Organization based on the
* Organization name. This is Legacy service API usage.
*/
public List getAdministratorsOfOrganization(String psOrganizationName) {
Vector mvOrganizations = new Vector();
tcOrganizationOperationsIntf moOrganizationUtility = oimClient.getService(tcOrganizationOperationsIntf.class);
Hashtable mhSearchCriteria = new Hashtable();
mhSearchCriteria.put("Organizations.Organization Name", psOrganizationName);
try {
tcResultSet moResultSet = moOrganizationUtility.findOrganizations(mhSearchCriteria);
tcResultSet moAdmins;
for (int i = 0; i < moResultSet.getRowCount(); i++) {
moResultSet.goToRow(i);
moAdmins = moOrganizationUtility.getAdministrators(moResultSet.getLongValue("Organizations.Key"));
mvOrganizations.add(moAdmins.getStringValue("Groups.Group Name"));
System.out.println("Organization Admin Name : " + moAdmins.getStringValue("Groups.Group Name"));
}
} catch (tcAPIException tce) {
// handle exception
} catch (tcColumnNotFoundException cnfe) {
// handle exception
} catch (tcOrganizationNotFoundException onfe) {
// handle exception
}
return mvOrganizations;
}
/**
* Retrieves Role Display Name based on Role name and Role Category
* using OIM 11g RoleManager service API. This example shows how
* to construct compound search criteria.
*/
public List getRoleDisplayName(String roleName, String roleCategory ) {
Vector mvRoles = new Vector();
RoleManager roleService = oimClient.getService(RoleManager.class);
Set<String> retAttrs = new HashSet<String>();
// Attributes that should be returned as part of the search.
// Retrieve the "Role Display Name" attribute of a Role.
// Note: Additional attributes can be specified in a
// similar fashion.
retAttrs.add(RoleAttributeName.DISPLAY_NAME.getId());
// Construct the first search criteria. This search criteria
// states "Find Role(s) whose 'Name' equals 'roleName'".
SearchCriteria criteria1;
criteria1 = new SearchCriteria(RoleAttributeName.NAME.getId(), roleName, SearchCriteria.Operator.EQUAL);
// Construct the second search criteria. This search criteria
// states "Find Role(s) whose 'category' equals 'roleCategory'".
SearchCriteria criteria2;
criteria2 = new SearchCriteria(RoleCategoryAttributeName.NAME.getId(), roleCategory, SearchCriteria.Operator.EQUAL);
// Construct the compound search criteria using 'criteria1' and
// 'criteria2' as arguments. This showcases how to construct
// compound search criterias.
SearchCriteria criteria = new SearchCriteria(criteria1, criteria2, SearchCriteria.Operator.AND);
try {
// Use 'search' method of RoleManager API to retrieve
// records that match the search criteria. The return
// object is of type Role.
List<Role> roles = roleService.search(criteria, retAttrs, null);
for (int i = 0; i < roles.size(); i++) {
//Print Role Display Name
System.out.println("Role Display Name : " +
roles.get(i).getDisplayName());
mvRoles.add(roles.get(i).getDisplayName());
}
} catch (AccessDeniedException ade) {
// handle exception
} catch (RoleSearchException use) {
// handle exception
}
return mvRoles;
}
// Main method invocation
// Following assumptions are made
//1. A User "Joe Doe" already exists in OIM
//2. An Organization "Example Organization" already exists in OIM
//3. A Role "Foobar" already exists in OIM
public static void main(String args[]) {
List moList = null;
try {
Sample oimSample = new Sample();
// initialize resources
oimSample.init();
// retrieve User logins with first name 'Joe'
moList=oimSample.getUserLogin("Joe");
// retrieve User logins with first names starting with 'J'
moList=oimSample.getUserLogin("J*");
// retrieve the administrators of an Organization with name
// 'Example Organization'
moList=oimSample.getAdministratorsOfOrganization(
"Example Organization");
// retrieve Role display name with role name 'FooBar'
// and role category as 'Defaut'
moList=oimSample.getRoleDisplayName("foobar", "Default");
// release resources
oimClient.logout();
} catch (Exception e) {
e.printStackTrace();
}
}
}
The following is the sample output:
[java] Creating client.... [java] Logging in [java] Log in successful [java] First Name : Joe -- Login ID : JDOE [java] First Name : J* -- Login ID : JHOND [java] First Name : J* -- Login ID : JDOE [java] Organization Admin Name : SYSTEM ADMINISTRATORS [java] Role Display Name : foobar
|
 Copyright © 1991, 2013, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|