Hi,
Below is the sample code that I wrote to read the Data of Access Policies that are modified today. The code gives you the assigned role and the Groups provisioned to user by this access policy. In my case, the assigned resource was Oracle Internet Directory. The code uses the OIM 9.x APIs as 11g doesn't provide any API to get the access policies data.
package sample;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import com.ibm.keymanager.logic.e;
import com.thortech.xl.vo.AccessPolicyResourceData;
import com.thortech.xl.vo.PolicyChildTableRecord;
import Thor.API.tcResultSet;
import Thor.API.tcUtilityFactory;
import Thor.API.Operations.tcAccessPolicyOperationsIntf;
import Thor.API.Operations.tcFormDefinitionOperationsIntf;
import oracle.iam.accesspolicy.vo.PolicyObjectDetails;
import oracle.iam.platform.OIMClient;
public class fetchAccessPolicyData {
private static final String OIM_URL = "t3://oimhost:oimport";
private static final String AUTH_CONF = "C:/designconsole/config/authwl.conf";
private static final String OIM_USERNAME = "xelsysadm";
private static final String OIM_PASSWORD = "password";
private static OIMClient oimClient = null;
Hashtable env = new Hashtable();
public tcAccessPolicyOperationsIntf moAccesspolicyutility;
public fetchAccessPolicyData() {
try {
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_URL);
System.setProperty("java.security.auth.login.config", AUTH_CONF);
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
oimClient = new OIMClient(env);
oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
return;
}
public void getData() {
try {
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,
"xelsysadm", "Abcd1234");
moAccesspolicyutility = (tcAccessPolicyOperationsIntf) ioUtilityFactory
.getUtility("Thor.API.Operations.tcAccessPolicyOperationsIntf");
tcFormDefinitionOperationsIntf formOp = (tcFormDefinitionOperationsIntf) ioUtilityFactory
.getUtility("Thor.API.Operations.tcFormDefinitionOperationsIntf");
HashMap attributeList = new HashMap();
attributeList.put("Access Policies.Retrofit Flag", 1);
tcResultSet result = moAccesspolicyutility
.findAccessPolicies(attributeList);
// tcResultSet result =
// moAccesspolicyutility.getAccessPolicyByResourceName("OID User");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
Date now = new Date();
String strDate = sdf.format(now);
System.out.println("Current Date: " + strDate);
String policyDate;
for (int i = 0; i < result.getTotalRowCount(); i++) {
result.goToRow(i);
policyDate = result.getStringValue("Access Policies.Update Date");
if (strDate.compareTo(policyDate) == 0) {
System.out.println("Access Policy Name :"
+ result.getStringValue("Access Policies.Name"));
System.out.println("Access Policies.Update Date :"
+ result.getStringValue("Access Policies.Update Date"));
long policyKey = result.getLongValue("Access Policies.Key");
tcResultSet policyresult = moAccesspolicyutility
.getDataSpecifiedFor(policyKey);
for (int f = 0; f < policyresult.getTotalRowCount(); f++) {
policyresult.goToRow(f);
long formKey = policyresult
.getLongValue("Structure Utility.Key");
long objectKey = policyresult.getLongValue("Objects.Key");
tcResultSet groupResult = moAccesspolicyutility
.getAssignedGroups(policyKey);
for (int j = 0; j < groupResult.getTotalRowCount(); j++) {
groupResult.goToRow(j);
// This gives you the Role for which access policy will be triggered.
System.out.println(groupResult
.getStringValue("Groups.Group Name") + ",");
AccessPolicyResourceData policyData = moAccesspolicyutility
.getDataSpecifiedForObject(policyKey,
objectKey, formKey);
HashMap pData = policyData.getChildTables();
Set s = pData.keySet();
Iterator it = s.iterator();
while (it.hasNext()) {
String tableKey = it.next().toString();
// System.out.println("tableKey " +tableKey);
PolicyChildTableRecord[] pChildTableData = policyData
.getChildTableRecords(tableKey);
// System.out.println("pChildTableData.length " +
// pChildTableData.length);
for (int g = 0; g < pChildTableData.length; g++) {
String EDRGroupName = pChildTableData[g]
.getValue("UD_OID_GRP_GROUP_NAME");
String arrtemp1[] = EDRGroupName.split(",");
// System.out.println(arrtemp1[0]);
String arrtemp2[] = arrtemp1[0].split("=");
//This will give you the groups which will be assigned to user account in OID/target resource applicable.
System.out.print(arrtemp2[1]);
System.out.println(";");
}
}
}
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
References:
http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/com/thortech/xl/vo/AccessPolicyResourceData.html
Thanks
Below is the sample code that I wrote to read the Data of Access Policies that are modified today. The code gives you the assigned role and the Groups provisioned to user by this access policy. In my case, the assigned resource was Oracle Internet Directory. The code uses the OIM 9.x APIs as 11g doesn't provide any API to get the access policies data.
package sample;
import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.Set;
import com.ibm.keymanager.logic.e;
import com.thortech.xl.vo.AccessPolicyResourceData;
import com.thortech.xl.vo.PolicyChildTableRecord;
import Thor.API.tcResultSet;
import Thor.API.tcUtilityFactory;
import Thor.API.Operations.tcAccessPolicyOperationsIntf;
import Thor.API.Operations.tcFormDefinitionOperationsIntf;
import oracle.iam.accesspolicy.vo.PolicyObjectDetails;
import oracle.iam.platform.OIMClient;
public class fetchAccessPolicyData {
private static final String OIM_URL = "t3://oimhost:oimport";
private static final String AUTH_CONF = "C:/designconsole/config/authwl.conf";
private static final String OIM_USERNAME = "xelsysadm";
private static final String OIM_PASSWORD = "password";
private static OIMClient oimClient = null;
Hashtable
public tcAccessPolicyOperationsIntf moAccesspolicyutility;
public fetchAccessPolicyData() {
try {
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_URL);
System.setProperty("java.security.auth.login.config", AUTH_CONF);
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
oimClient = new OIMClient(env);
oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
return;
}
public void getData() {
try {
tcUtilityFactory ioUtilityFactory = new tcUtilityFactory(env,
"xelsysadm", "Abcd1234");
moAccesspolicyutility = (tcAccessPolicyOperationsIntf) ioUtilityFactory
.getUtility("Thor.API.Operations.tcAccessPolicyOperationsIntf");
tcFormDefinitionOperationsIntf formOp = (tcFormDefinitionOperationsIntf) ioUtilityFactory
.getUtility("Thor.API.Operations.tcFormDefinitionOperationsIntf");
HashMap attributeList = new HashMap();
attributeList.put("Access Policies.Retrofit Flag", 1);
tcResultSet result = moAccesspolicyutility
.findAccessPolicies(attributeList);
// tcResultSet result =
// moAccesspolicyutility.getAccessPolicyByResourceName("OID User");
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
Date now = new Date();
String strDate = sdf.format(now);
System.out.println("Current Date: " + strDate);
String policyDate;
for (int i = 0; i < result.getTotalRowCount(); i++) {
result.goToRow(i);
policyDate = result.getStringValue("Access Policies.Update Date");
if (strDate.compareTo(policyDate) == 0) {
System.out.println("Access Policy Name :"
+ result.getStringValue("Access Policies.Name"));
System.out.println("Access Policies.Update Date :"
+ result.getStringValue("Access Policies.Update Date"));
long policyKey = result.getLongValue("Access Policies.Key");
tcResultSet policyresult = moAccesspolicyutility
.getDataSpecifiedFor(policyKey);
for (int f = 0; f < policyresult.getTotalRowCount(); f++) {
policyresult.goToRow(f);
long formKey = policyresult
.getLongValue("Structure Utility.Key");
long objectKey = policyresult.getLongValue("Objects.Key");
tcResultSet groupResult = moAccesspolicyutility
.getAssignedGroups(policyKey);
for (int j = 0; j < groupResult.getTotalRowCount(); j++) {
groupResult.goToRow(j);
// This gives you the Role for which access policy will be triggered.
System.out.println(groupResult
.getStringValue("Groups.Group Name") + ",");
AccessPolicyResourceData policyData = moAccesspolicyutility
.getDataSpecifiedForObject(policyKey,
objectKey, formKey);
HashMap pData = policyData.getChildTables();
Set s = pData.keySet();
Iterator it = s.iterator();
while (it.hasNext()) {
String tableKey = it.next().toString();
// System.out.println("tableKey " +tableKey);
PolicyChildTableRecord[] pChildTableData = policyData
.getChildTableRecords(tableKey);
// System.out.println("pChildTableData.length " +
// pChildTableData.length);
for (int g = 0; g < pChildTableData.length; g++) {
String EDRGroupName = pChildTableData[g]
.getValue("UD_OID_GRP_GROUP_NAME");
String arrtemp1[] = EDRGroupName.split(",");
// System.out.println(arrtemp1[0]);
String arrtemp2[] = arrtemp1[0].split("=");
//This will give you the groups which will be assigned to user account in OID/target resource applicable.
System.out.print(arrtemp2[1]);
System.out.println(";");
}
}
}
}
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
References:
http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/com/thortech/xl/vo/AccessPolicyResourceData.html
Thanks
No comments:
Post a Comment