OIM has several admin roles, which are under the scope of some organizations. in PS3 there is a separate application for managing admin roles, but in the older version this operation was incorporated under organization's life cycle.
Here are the API examples of managing Admin role life cycle like assigning or revoke. This API will work in all the OIM 11gR2 versions including PS3.
* Assigning OIM Admin role to a user.
* @param Userid
* @param adminRoleName
*/
public void assignAdminRole(String Userid, String adminRoleName){
try {
/**
* initialize API and get the details of a specified admin role
*/
AdminRoleService admRoleAPI = (AdminRoleService)oimClient.getService(AdminRoleService.class);
AdminRole admRole = admRoleAPI.getAdminRole(adminRoleName);
//Print some details.
System.out.println("Scope ::"+admRole.isScoped());
System.out.println("Role Description ::"+admRole.getRoleDescription());
System.out.println("Role Description ::"+admRole.getRoleId());
//Create a new membership object.
AdminRoleMembership admMembership = new AdminRoleMembership();
admMembership.setAdminRole(admRole);
admMembership.setUserId(getUserKey(Userid));
/**
* Every Admin role scoped under some organization (or organizations).
* Assigning any admin role you need to set the scope id.
*/
AdminRoleVO adminRoleVo = admRoleAPI.getAdminRoleVO(String.valueOf(admRole.getRoleId()));
List<AdminRoleRuleScope> scopes = adminRoleVo.getAdminRoleRuleScopes();
AdminRoleRuleScope scope = scopes.get(0);
System.out.println("Admin Role In Scope Organization: "+scope.getInScopeOfOrganizationName()); //printing the organization name
/**
* If the admin role is not scoped then set the scope id for SYSTEM ADMINISTRATOR organization
* which is generally 3.
*/
if (admRole.isScoped()){
admMembership.setScopeId(getOrgKey(scope.getInScopeOfOrganizationName()));
}else{
admMembership.setScopeId("3");
}
System.out.println("new set Scope ::"+admMembership.getScopeId());
AdminRoleMembership newMemberShip = admRoleAPI.addAdminRoleMembership(admMembership);
System.out.println("Admin Role Successfully Assigned to the User: "+Userid+" Key: "+newMemberShip.getUserId());
} catch (Exception e) {
// TODO Auto-generated catch block
e.getMessage();
}
}
/**
* Revok an Admin Role from user.
* @param Userid
* @param adminRoleName
*/
public void revokeAdminRole(String Userid, String adminRoleName){
AdminRoleService admRoleAPI = (AdminRoleService)oimClient.getService(AdminRoleService.class);
List<String> adminRoles = new ArrayList();
adminRoles.add(adminRoleName);
/**
* Get the user and admin role membership object.
*/
List<AdminRoleMembership> adminMemberShipList = admRoleAPI.listMembershipsForUserByRoleName(getUserKey(Userid), adminRoles);
AdminRoleMembership adminMemberShip = adminMemberShipList.get(0);
//revoke admin role.
boolean status = admRoleAPI.removeAdminRoleMembership(adminMemberShip);
System.out.println("Admin Role Successfully revoke from User: "+Userid+" Status: "+status);
}
/**
* get user key from given username
* @param userid
* @return Userkey
*/
private String getUserKey(String userid){
String key = "";
UserManager userAPI = (UserManager)oimClient.getService(UserManager.class);
java.util.Set retAttrs = new HashSet();
retAttrs.add(UserManagerConstants.AttributeName.USER_KEY.getId());
User user;
try {
user = userAPI.getDetails(UserManagerConstants.AttributeName.USER_LOGIN.getId(), userid, retAttrs);
key = user.getId();
} catch (NoSuchUserException e) {
e.printStackTrace();
} catch (UserLookupException e) {
e.printStackTrace();
} catch (SearchKeyNotUniqueException e) {
e.printStackTrace();
} catch (AccessDeniedException e) {
e.printStackTrace();
}
return key;
}
/**
* get organization Key from a given Org name
* @param orgName
* @return OrgKey
*/
private String getOrgKey(String orgName){
String key = "";
OrganizationManager orgAPI = (OrganizationManager)oimClient.getService(OrganizationManager.class);
java.util.Set retAttrs = new HashSet();
retAttrs.add(OrganizationManagerConstants.AttributeName.ID_FIELD.getId());
try {
Organization org = orgAPI.getDetails(OrganizationManagerConstants.AttributeName.ORG_NAME.getId(), orgName, retAttrs);
key = String.valueOf(org.getAttribute("act_key"));
} catch (SearchKeyNotUniqueException e) {
e.printStackTrace();
} catch (OrganizationManagerException e) {
e.printStackTrace();
} catch (AccessDeniedException e) {
e.printStackTrace();
}
return key;
}
Here are the API examples of managing Admin role life cycle like assigning or revoke. This API will work in all the OIM 11gR2 versions including PS3.
* Assigning OIM Admin role to a user.
* @param Userid
* @param adminRoleName
*/
public void assignAdminRole(String Userid, String adminRoleName){
try {
/**
* initialize API and get the details of a specified admin role
*/
AdminRoleService admRoleAPI = (AdminRoleService)oimClient.getService(AdminRoleService.class);
AdminRole admRole = admRoleAPI.getAdminRole(adminRoleName);
//Print some details.
System.out.println("Scope ::"+admRole.isScoped());
System.out.println("Role Description ::"+admRole.getRoleDescription());
System.out.println("Role Description ::"+admRole.getRoleId());
//Create a new membership object.
AdminRoleMembership admMembership = new AdminRoleMembership();
admMembership.setAdminRole(admRole);
admMembership.setUserId(getUserKey(Userid));
/**
* Every Admin role scoped under some organization (or organizations).
* Assigning any admin role you need to set the scope id.
*/
AdminRoleVO adminRoleVo = admRoleAPI.getAdminRoleVO(String.valueOf(admRole.getRoleId()));
List<AdminRoleRuleScope> scopes = adminRoleVo.getAdminRoleRuleScopes();
AdminRoleRuleScope scope = scopes.get(0);
System.out.println("Admin Role In Scope Organization: "+scope.getInScopeOfOrganizationName()); //printing the organization name
/**
* If the admin role is not scoped then set the scope id for SYSTEM ADMINISTRATOR organization
* which is generally 3.
*/
if (admRole.isScoped()){
admMembership.setScopeId(getOrgKey(scope.getInScopeOfOrganizationName()));
}else{
admMembership.setScopeId("3");
}
System.out.println("new set Scope ::"+admMembership.getScopeId());
AdminRoleMembership newMemberShip = admRoleAPI.addAdminRoleMembership(admMembership);
System.out.println("Admin Role Successfully Assigned to the User: "+Userid+" Key: "+newMemberShip.getUserId());
} catch (Exception e) {
// TODO Auto-generated catch block
e.getMessage();
}
}
/**
* Revok an Admin Role from user.
* @param Userid
* @param adminRoleName
*/
public void revokeAdminRole(String Userid, String adminRoleName){
AdminRoleService admRoleAPI = (AdminRoleService)oimClient.getService(AdminRoleService.class);
List<String> adminRoles = new ArrayList();
adminRoles.add(adminRoleName);
/**
* Get the user and admin role membership object.
*/
List<AdminRoleMembership> adminMemberShipList = admRoleAPI.listMembershipsForUserByRoleName(getUserKey(Userid), adminRoles);
AdminRoleMembership adminMemberShip = adminMemberShipList.get(0);
//revoke admin role.
boolean status = admRoleAPI.removeAdminRoleMembership(adminMemberShip);
System.out.println("Admin Role Successfully revoke from User: "+Userid+" Status: "+status);
}
/**
* get user key from given username
* @param userid
* @return Userkey
*/
private String getUserKey(String userid){
String key = "";
UserManager userAPI = (UserManager)oimClient.getService(UserManager.class);
java.util.Set retAttrs = new HashSet();
retAttrs.add(UserManagerConstants.AttributeName.USER_KEY.getId());
User user;
try {
user = userAPI.getDetails(UserManagerConstants.AttributeName.USER_LOGIN.getId(), userid, retAttrs);
key = user.getId();
} catch (NoSuchUserException e) {
e.printStackTrace();
} catch (UserLookupException e) {
e.printStackTrace();
} catch (SearchKeyNotUniqueException e) {
e.printStackTrace();
} catch (AccessDeniedException e) {
e.printStackTrace();
}
return key;
}
/**
* get organization Key from a given Org name
* @param orgName
* @return OrgKey
*/
private String getOrgKey(String orgName){
String key = "";
OrganizationManager orgAPI = (OrganizationManager)oimClient.getService(OrganizationManager.class);
java.util.Set retAttrs = new HashSet();
retAttrs.add(OrganizationManagerConstants.AttributeName.ID_FIELD.getId());
try {
Organization org = orgAPI.getDetails(OrganizationManagerConstants.AttributeName.ORG_NAME.getId(), orgName, retAttrs);
key = String.valueOf(org.getAttribute("act_key"));
} catch (SearchKeyNotUniqueException e) {
e.printStackTrace();
} catch (OrganizationManagerException e) {
e.printStackTrace();
} catch (AccessDeniedException e) {
e.printStackTrace();
}
return key;
}
No comments:
Post a Comment