Here is the sample code to create access policies using JAVA APIs:
package junit.accesspolicy;
import java.io.BufferedReader;
import java.io.FileReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import com.thortech.xl.vo.AccessPolicyResourceData;
import com.thortech.xl.vo.PolicyChildTableRecord;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants.RoleAttributeName;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.Platform;
import oracle.iam.platform.entitymgr.vo.SearchCriteria;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcAccessPolicyOperationsIntf;
import Thor.API.Operations.tcFormDefinitionOperationsIntf;
import Thor.API.Operations.tcITResourceInstanceOperationsIntf;
import Thor.API.Operations.tcObjectOperationsIntf;
public class createAccessPolicy { private static final String OIM_URL = "t3s://host:port";
private static final String AUTH_CONF = "C:/designconsole/config/authwl.conf";
private static final String OIM_USERNAME = "<>";
private static final String OIM_PASSWORD = "<>;
private static OIMClient oimClient = null;
Hashtable env = new Hashtable();
HashMap> mapping = new HashMap>();
public tcAccessPolicyOperationsIntf moAccesspolicyutility; private static final String objName = "OID User"; //Object Name private static final String fParentName = "UD_OID_USR"; // Parent Process Form
private static final String fChildName = "UD_OID_GRP"; // Child Process Form
private static final String ITResourceName = "OID Server"; // IT Resource
private static final String groupSuffix = ",cn=Groups,<>"; // Group DN
public createAccessPolicy() {
try {
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_URL);
System.setProperty("java.security.auth.login.config", AUTH_CONF);
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
oimClient = new OIMClient(env);
oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
return;
}
public void PolicyCreation(String policyName, String[] groups) {
try {
tcAccessPolicyOperationsIntf moAccesspolicyutility = oimClient
.getService(tcAccessPolicyOperationsIntf.class);
System.out.println(policyName);
HashMap attr = new HashMap(); attr.put("Access Policies.Name", policyName); // Policy Name
attr.put("Access Policies.Description", policyName); // Description same as Policy Name
attr.put("Access Policies.Retrofit Flag", "1"); // Retrofit Flag
attr.put("Access Policies.By Request", "0"); // Without Approval
Long objKey = findObjectKey();
long[] provObjKeys = { objKey }; //Object Key of Resource to be provisioned
boolean[] revokeObgIsNotApply = { true }; //Revoke If No Longer Applies Flag
long[] denyObjKeys = {}; //Object key of Resource to be denied
Long roleKey = Long.parseLong(getRoleKey(policyName)); // Role attached to the Policy
long[] groupKeys = { roleKey }; //In my case, Policy Name is same as Role Name String groupPrefix = findITResourceKey() + "~cn=";
//Populate Parent Form Data
HashMap parentFormData = new HashMap();
parentFormData.put("UD_OID_USR_SERVER",findITResourceKey());
parentFormData.put("UD_OID_USR_ORG_DN",findITResourceKey()+"~users");
parentFormData.put("UD_OID_USR_PREF_LANG","en");
int groupLength = groups.length;
//Populate Child Form Data
AccessPolicyResourceData policyData[] = new AccessPolicyResourceData[groupLength+1];
for (int i = 0; i < groupLength; i++) {
String groupName = groupPrefix + groups[i].trim() + groupSuffix;
System.out.println(groupName);
policyData[i] = new AccessPolicyResourceData(findObjectKey(),
objName, findParentFormKey(), fParentName, "P");
HashMap childTableMap = new HashMap();
childTableMap.put("UD_OID_GRP_GROUP_NAME", groupName);
policyData[i] = new AccessPolicyResourceData(findObjectKey(),
objName, findParentFormKey(), fParentName, "P");
PolicyChildTableRecord pChildTableData = policyData[i]
.addChildTableRecord(findChildFormKey(), "fChildName",
"Add", childTableMap);
}
System.out.println(policyData.length);
AccessPolicyResourceData formData = new AccessPolicyResourceData(findObjectKey(),
objName, findParentFormKey(), fParentName, "P");
formData.setFormData(parentFormData);
policyData[groupLength] = formData;
moAccesspolicyutility.createAccessPolicy(attr, provObjKeys,
revokeObgIsNotApply, denyObjKeys, groupKeys, policyData);
System.out.println(policyName + " Policy Created ");
} catch (Exception e) {
e.printStackTrace();
}
}
public String findChildFormKey() {
String ChildformKey = null;
try {
final String METHOD_NAME = "findChildFormKey :: ";
tcFormDefinitionOperationsIntf objIntf = oimClient
.getService(tcFormDefinitionOperationsIntf.class);
HashMap attributes = new HashMap();
attributes.put("Structure Utility.Table Name", fChildName);
tcResultSet resultSet = objIntf.findForms(attributes);
for (int i = 0; i < resultSet.getRowCount(); i++) {
ChildformKey = resultSet
.getStringValue("Structure Utility.Key");
}
} catch (Exception e) {
e.printStackTrace();
}
return ChildformKey;
}
public Long findParentFormKey() {
String ParentformKey = null;
try {
final String METHOD_NAME = "findParentFormKey :: ";
tcFormDefinitionOperationsIntf objIntf = oimClient
.getService(tcFormDefinitionOperationsIntf.class);
HashMap attributes = new HashMap();
attributes.put("Structure Utility.Table Name", fParentName);
tcResultSet resultSet = objIntf.findForms(attributes);
for (int i = 0; i < resultSet.getRowCount(); i++) {
ParentformKey = resultSet
.getStringValue("Structure Utility.Key");
}
} catch (Exception e) {
e.printStackTrace();
}
return Long.parseLong(ParentformKey);
}
public String findITResourceKey() {
String ITResourceKey = null;
try {
final String METHOD_NAME = "findITResourceKey :: ";
tcITResourceInstanceOperationsIntf objIntf = oimClient
.getService(tcITResourceInstanceOperationsIntf.class);
HashMap attributes = new HashMap();
attributes = objIntf.getITResourceInstances(ITResourceName);
Set s = attributes.keySet();
Iterator it = s.iterator();
while (it.hasNext()) {
ITResourceKey = it.next().toString();
}
} catch (Exception e) {
e.printStackTrace();
}
return ITResourceKey;
}
public String getRoleKey(String roleName) {
RoleManager rmgr = oimClient.getService(RoleManager.class);
Set retAttrs = new HashSet();
String roleKey = null;
try {
retAttrs.add(RoleAttributeName.DISPLAY_NAME.getId());
SearchCriteria criteria = null;
criteria = new SearchCriteria(RoleAttributeName.NAME.getId(),
roleName, SearchCriteria.Operator.EQUAL);
List roles = rmgr.search(criteria, retAttrs, null);
roleKey = roles.get(0).getEntityId();
} catch (Exception e) {
}
return roleKey;
}
public Long findObjectKey() {
String objectKey = null;
try {
HashMap attributes = new HashMap();
attributes.put("Objects.Name", objName);
tcObjectOperationsIntf objIntf = oimClient
.getService(tcObjectOperationsIntf.class);
tcResultSet resultSet = objIntf.findObjects(attributes);
for (int i = 0; i < resultSet.getRowCount(); i++) {
objectKey = resultSet.getStringValue("Objects.Key");
}
} catch (Exception e) {
e.printStackTrace();
}
return Long.parseLong(objectKey);
}
public static void main(String args[]) {
createAccessPolicy obj = new createAccessPolicy();
try {
String Line = null;
String File = "<>";
//File Format is #AccessPolicyName,Groups to be added in child form
BufferedReader buff = new BufferedReader(new FileReader(File));
buff.readLine();
while ((Line = buff.readLine()) != null) {
String split[] = Line.split(",");
String policyName = split[0].trim();
String groupList[] = split[1].split(";");
obj.PolicyCreation(policyName, groupList);
}
}catch(Exception e) {
e.printStackTrace();
}
}
}
References:
http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/com/thortech/xl/vo/AccessPolicyResourceData.html
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/com/thortech/xl/vo/PolicyChildTableRecord.html
package junit.accesspolicy;
import java.io.BufferedReader;
import java.io.FileReader;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Hashtable;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import com.thortech.xl.vo.AccessPolicyResourceData;
import com.thortech.xl.vo.PolicyChildTableRecord;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants.RoleAttributeName;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.Platform;
import oracle.iam.platform.entitymgr.vo.SearchCriteria;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcAccessPolicyOperationsIntf;
import Thor.API.Operations.tcFormDefinitionOperationsIntf;
import Thor.API.Operations.tcITResourceInstanceOperationsIntf;
import Thor.API.Operations.tcObjectOperationsIntf;
public class createAccessPolicy { private static final String OIM_URL = "t3s://host:port";
private static final String AUTH_CONF = "C:/designconsole/config/authwl.conf";
private static final String OIM_USERNAME = "<
private static final String OIM_PASSWORD = "<
private static OIMClient oimClient = null;
Hashtable
HashMap
public tcAccessPolicyOperationsIntf moAccesspolicyutility;
private static final String fChildName = "UD_OID_GRP"; // Child Process Form
private static final String ITResourceName = "OID Server"; // IT Resource
private static final String groupSuffix = ",cn=Groups,<
public createAccessPolicy() {
try {
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
"weblogic.jndi.WLInitialContextFactory");
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, OIM_URL);
System.setProperty("java.security.auth.login.config", AUTH_CONF);
System.setProperty("OIM.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
oimClient = new OIMClient(env);
oimClient.login(OIM_USERNAME, OIM_PASSWORD.toCharArray());
} catch (Exception e) {
e.printStackTrace();
}
return;
}
public void PolicyCreation(String policyName, String[] groups) {
try {
tcAccessPolicyOperationsIntf moAccesspolicyutility = oimClient
.getService(tcAccessPolicyOperationsIntf.class);
System.out.println(policyName);
HashMap
attr.put("Access Policies.Description", policyName); // Description same as Policy Name
attr.put("Access Policies.Retrofit Flag", "1"); // Retrofit Flag
attr.put("Access Policies.By Request", "0"); // Without Approval
Long objKey = findObjectKey();
long[] provObjKeys = { objKey }; //Object Key of Resource to be provisioned
boolean[] revokeObgIsNotApply = { true }; //Revoke If No Longer Applies Flag
long[] denyObjKeys = {}; //Object key of Resource to be denied
Long roleKey = Long.parseLong(getRoleKey(policyName)); // Role attached to the Policy
long[] groupKeys = { roleKey }; //In my case, Policy Name is same as Role Name String groupPrefix = findITResourceKey() + "~cn=";
//Populate Parent Form Data
HashMap
parentFormData.put("UD_OID_USR_SERVER",findITResourceKey());
parentFormData.put("UD_OID_USR_ORG_DN",findITResourceKey()+"~users");
parentFormData.put("UD_OID_USR_PREF_LANG","en");
int groupLength = groups.length;
//Populate Child Form Data
AccessPolicyResourceData policyData[] = new AccessPolicyResourceData[groupLength+1];
for (int i = 0; i < groupLength; i++) {
String groupName = groupPrefix + groups[i].trim() + groupSuffix;
System.out.println(groupName);
policyData[i] = new AccessPolicyResourceData(findObjectKey(),
objName, findParentFormKey(), fParentName, "P");
HashMap
childTableMap.put("UD_OID_GRP_GROUP_NAME", groupName);
policyData[i] = new AccessPolicyResourceData(findObjectKey(),
objName, findParentFormKey(), fParentName, "P");
PolicyChildTableRecord pChildTableData = policyData[i]
.addChildTableRecord(findChildFormKey(), "fChildName",
"Add", childTableMap);
}
System.out.println(policyData.length);
AccessPolicyResourceData formData = new AccessPolicyResourceData(findObjectKey(),
objName, findParentFormKey(), fParentName, "P");
formData.setFormData(parentFormData);
policyData[groupLength] = formData;
moAccesspolicyutility.createAccessPolicy(attr, provObjKeys,
revokeObgIsNotApply, denyObjKeys, groupKeys, policyData);
System.out.println(policyName + " Policy Created ");
} catch (Exception e) {
e.printStackTrace();
}
}
public String findChildFormKey() {
String ChildformKey = null;
try {
final String METHOD_NAME = "findChildFormKey :: ";
tcFormDefinitionOperationsIntf objIntf = oimClient
.getService(tcFormDefinitionOperationsIntf.class);
HashMap
attributes.put("Structure Utility.Table Name", fChildName);
tcResultSet resultSet = objIntf.findForms(attributes);
for (int i = 0; i < resultSet.getRowCount(); i++) {
ChildformKey = resultSet
.getStringValue("Structure Utility.Key");
}
} catch (Exception e) {
e.printStackTrace();
}
return ChildformKey;
}
public Long findParentFormKey() {
String ParentformKey = null;
try {
final String METHOD_NAME = "findParentFormKey :: ";
tcFormDefinitionOperationsIntf objIntf = oimClient
.getService(tcFormDefinitionOperationsIntf.class);
HashMap
attributes.put("Structure Utility.Table Name", fParentName);
tcResultSet resultSet = objIntf.findForms(attributes);
for (int i = 0; i < resultSet.getRowCount(); i++) {
ParentformKey = resultSet
.getStringValue("Structure Utility.Key");
}
} catch (Exception e) {
e.printStackTrace();
}
return Long.parseLong(ParentformKey);
}
public String findITResourceKey() {
String ITResourceKey = null;
try {
final String METHOD_NAME = "findITResourceKey :: ";
tcITResourceInstanceOperationsIntf objIntf = oimClient
.getService(tcITResourceInstanceOperationsIntf.class);
HashMap
attributes = objIntf.getITResourceInstances(ITResourceName);
Set s = attributes.keySet();
Iterator it = s.iterator();
while (it.hasNext()) {
ITResourceKey = it.next().toString();
}
} catch (Exception e) {
e.printStackTrace();
}
return ITResourceKey;
}
public String getRoleKey(String roleName) {
RoleManager rmgr = oimClient.getService(RoleManager.class);
Set
String roleKey = null;
try {
retAttrs.add(RoleAttributeName.DISPLAY_NAME.getId());
SearchCriteria criteria = null;
criteria = new SearchCriteria(RoleAttributeName.NAME.getId(),
roleName, SearchCriteria.Operator.EQUAL);
List
roleKey = roles.get(0).getEntityId();
} catch (Exception e) {
}
return roleKey;
}
public Long findObjectKey() {
String objectKey = null;
try {
HashMap
attributes.put("Objects.Name", objName);
tcObjectOperationsIntf objIntf = oimClient
.getService(tcObjectOperationsIntf.class);
tcResultSet resultSet = objIntf.findObjects(attributes);
for (int i = 0; i < resultSet.getRowCount(); i++) {
objectKey = resultSet.getStringValue("Objects.Key");
}
} catch (Exception e) {
e.printStackTrace();
}
return Long.parseLong(objectKey);
}
public static void main(String args[]) {
createAccessPolicy obj = new createAccessPolicy();
try {
String Line = null;
String File = "<
//File Format is #AccessPolicyName,Groups to be added in child form
BufferedReader buff = new BufferedReader(new FileReader(File));
buff.readLine();
while ((Line = buff.readLine()) != null) {
String split[] = Line.split(",");
String policyName = split[0].trim();
String groupList[] = split[1].split(";");
obj.PolicyCreation(policyName, groupList);
}
}catch(Exception e) {
e.printStackTrace();
}
}
}
References:
http://docs.oracle.com/cd/E17904_01/apirefs.1111/e17334/Thor/API/Operations/tcAccessPolicyOperationsIntf.html
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/com/thortech/xl/vo/AccessPolicyResourceData.html
http://docs.oracle.com/cd/E27559_01/apirefs.1112/e28159/com/thortech/xl/vo/PolicyChildTableRecord.html
No comments:
Post a Comment