Saturday, February 2, 2013

OIM: Retrieve Access Policy Modified in Last x Days

Hi All,

This is an extension of the blog I wrote in Dec last year :

http://ajmerasunny.blogspot.com/2012/12/oim-11g-read-access-policy-data.html

Basically, the below code retrieves the Role that is attached to the Access Policy along with the Groups that are provisioned using the same. This code is with reference to Oracle Internet Directory Target System. After writing the data to the flatfile, the task also triggers the OIM OOTB "Evaulate User Policies" to propagate the changes to the affected users.

package security.provisioning;
import java.io.BufferedWriter;
import java.io.FileWriter;
import java.sql.Timestamp;
import java.text.SimpleDateFormat;
import java.util.Calendar;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import com.thortech.xl.vo.AccessPolicyResourceData;
import com.thortech.xl.vo.PolicyChildTableRecord;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcAccessPolicyOperationsIntf;
import oracle.iam.platform.Platform;
import oracle.iam.scheduler.api.SchedulerService;
import oracle.iam.scheduler.vo.JobHistory;
import oracle.iam.scheduler.vo.TaskSupport;
import com.thortech.util.logging.Logger;

public class DumpAccessPolicyDataByDays extends TaskSupport {
 HashMap> mapping = new HashMap>();
 tcAccessPolicyOperationsIntf moAccesspolicyutility = null;
 private static final Logger logger = Logger.getLogger("CUSTOM.EVENTS");
 private static final String CLASS_NAME = "security.provisioning.DumpAccessPolicyDataByDays : ";
 @Override
 public void execute(HashMap arg0) throws Exception {
  final String METHOD_NAME = "execute :: ";
  logger.debug(CLASS_NAME + METHOD_NAME + "Entering Method - execute");
  // Output File Name
  String outputFileName = arg0.get("Output File Name").toString();
  logger.debug(CLASS_NAME + METHOD_NAME + " Output File Name "
    + outputFileName);
  // Delimiter for FTB Roles in the Input File
  String ROLE_DELIMITER = arg0.get("List Delimiter").toString();
  logger.debug(CLASS_NAME + METHOD_NAME + " List Delimiter "
    + ROLE_DELIMITER);
  // Delimiter for the Attributes in the Input File
  String FILE_DELIMITER = arg0.get("Field Delimiter").toString();
  logger.debug(CLASS_NAME + METHOD_NAME + " Field Delimiter "
    + FILE_DELIMITER);
  // Policies Updated in Last x Days
  String noOfDays = arg0.get("Modified in Last x Days").toString();
  if (noOfDays.isEmpty()) {
   noOfDays = "0";
  }
  logger.debug(CLASS_NAME + METHOD_NAME + " Modified in Last x Days "
    + noOfDays);
  // Creating FileStream for writing the mapping data
  FileWriter fstream = new FileWriter(outputFileName);
  BufferedWriter out = new BufferedWriter(fstream);
  Calendar cal = Calendar.getInstance();
  SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
  cal.add(Calendar.DATE, -Integer.parseInt(noOfDays));
  String searchDate = sdf.format(cal.getTime());
  // Output File Header
  out.write("#Role,Groups");
  out.write("\n");
  tcAccessPolicyOperationsIntf moAccesspolicyutility = Platform
    .getService(tcAccessPolicyOperationsIntf.class);
  HashMap searchPolicy = new HashMap ();
  searchPolicy.put("Access Policies.Retrofit Flag", 1);
  tcResultSet result = moAccesspolicyutility.findAccessPolicies(searchPolicy);
    
  logger.debug(CLASS_NAME + METHOD_NAME
    + "Total Count of Access Policies Present in OIM is: "
    + result.getRowCount());
  String policyDate, policyName;
  int policyCount = 0;

  HashSet groupList = new HashSet();

  for (int i = 0; i < result.getTotalRowCount(); i++) {
 
   result.goToRow(i);
 
   long policyKey = result.getLongValue("Access Policies.Key");
   logger.debug(CLASS_NAME + METHOD_NAME + "Access Policy Key :" + policyKey);
 
   policyDate = result.getStringValue("Access Policies.Update Date");
   logger.debug(CLASS_NAME + METHOD_NAME + "Access Policies.Update Date:-> "+policyDate);
 
   policyName = result.getStringValue("Access Policies.Name");
   logger.debug(CLASS_NAME + METHOD_NAME + "Access Policy Name:"
     + policyName );
   if (searchDate.compareTo(policyDate) <= 0) {
    ++policyCount;
    logger.debug(CLASS_NAME + METHOD_NAME
      + "Searching for Access Policies Updated Since " + searchDate);
               
    tcResultSet policyresult = moAccesspolicyutility
      .getDataSpecifiedFor(policyKey);
  
    for (int f = 0; f < policyresult.getTotalRowCount(); f++) {
     policyresult.goToRow(f);
     long formKey = policyresult
       .getLongValue("Structure Utility.Key");
     long objectKey = policyresult.getLongValue("Objects.Key");
     tcResultSet groupResult = moAccesspolicyutility
       .getAssignedGroups(policyKey);
     for (int j = 0; j < groupResult.getTotalRowCount(); j++) {
      groupResult.goToRow(j);
      // Role
      String Role = groupResult
        .getStringValue("Groups.Group Name");
      logger.debug(CLASS_NAME + METHOD_NAME + " Role: "
        + Role);
      AccessPolicyResourceData policyData = moAccesspolicyutility
        .getDataSpecifiedForObject(policyKey,
          objectKey, formKey);
      HashMap pData = policyData
        .getChildTables();
      Set s = pData.keySet();
      Iterator it = s.iterator();
      logger.debug(CLASS_NAME + METHOD_NAME
        + "Below are the EDR Groups associated with FTB Role "
        + ftbRole);
      while (it.hasNext()) {
       String tableKey = it.next().toString();
       PolicyChildTableRecord[] pChildTableData = policyData
         .getChildTableRecords(tableKey);
       for (int g = 0; g < pChildTableData.length; g++) {
        String GroupName = pChildTableData[g]
          .getValue("UD_OID_GRP_GROUP_NAME");
        String arrtemp1[] = GroupName.split(",");
        String arrtemp2[] = arrtemp1[0].split("=");
        logger.debug(CLASS_NAME + METHOD_NAME
          + " " + arrtemp2[1]);
        // Adding the Groups in a ArrayList
        groupList.add(arrtemp2[1]);
       }
      }
      // Adding the  Role as Key and Groups as  ArrayList in  HashMap
      mapping.put(Role, groupList);
      // Instantiating new ArrayList for storing Groups
      groupList = new HashSet();
     }
    }
   }
  }

  logger.info(CLASS_NAME + METHOD_NAME
    + "Count of Access Policies matching Search Criteria is "
    + policyCount);

   
  // Writing the Mapping in FlatFile
  Set s = mapping.keySet();
  Iterator itr = s.iterator();
  while (itr.hasNext()) {
   String key = itr.next().toString();
   out.write(key);
   out.write(FILE_DELIMITER);
   Iterator listitr = mapping.get(key).iterator();
   int listSize = mapping.get(key).size();
   int i = 0;
   while (listitr.hasNext()) {
    out.write(listitr.next().toString());
    i++;
    if (i != listSize)
     out.write(ROLE_DELIMITER);
   }
   out.write("\n");
  }
  
  // Invoking Evaluate User Policies Schedule Task
   SchedulerService schService = Platform.getService(SchedulerService.class);
   schService.triggerNow("Evaluate User Policies");
   logger.info(CLASS_NAME + METHOD_NAME + " Evaluate User Policies is Executed");
   //Integer status = schService.getStatusOfJob("Evaluate User Policies");

    // Closing the File Stream
    out.close();
    fstream.close();
    logger.info(CLASS_NAME + METHOD_NAME +"Mapping written on " + outputFileName);
    

 }
 @Override
 public HashMap getAttributes() {
  return null;
 }
 @Override
 public void setAttributes() {
 }
}
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)