This post covers a sample OIM code that publishes the roles to specific organization provided through inputs.
Our example code performs the following operations
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import oracle.iam.identity.exception.NoSuchRoleException;
import oracle.iam.identity.exception.RoleLookupException;
import oracle.iam.identity.exception.SearchKeyNotUniqueException;
import oracle.iam.identity.orgmgmt.api.OrganizationManager;
import oracle.iam.identity.orgmgmt.vo.Organization;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authopss.api.PolicyConstants;
import oracle.iam.platform.authopss.vo.EntityPublication;
import oracle.iam.platform.authz.exception.AccessDeniedException;
import oracle.iam.platformservice.api.EntityPublicationService;
public class UpdateOIMRoleOrgAssociation {
public static void main(String[] args) {
try {
String roleKey = "";
String roleName = "APP_USER";
// Connect to OIM
Hashtable<Object, Object> env = new Hashtable<Object, Object>();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
OIMClient.WLS_CONTEXT_FACTORY);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://oimenv:14100");
System.setProperty("java.security.auth.login.config",
"/oracle/iam/authwl.conf");
System.setProperty("OIMConnect.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
OIMClient oimClient = new OIMClient(env);
oimClient.login("xelsysadm", "Welcome123!");
// Update Role Manager
RoleManager roleManager = oimClient.getService(RoleManager.class);
// Update Organization Manager
OrganizationManager orgManager = oimClient
.getService(OrganizationManager.class);
// Update EntityPublicationService
EntityPublicationService entityPubService = oimClient
.getService(EntityPublicationService.class);
// Get role Key information
try {
roleKey = roleManager.getDetails("Role Name", roleName, null)
.getAttribute("Role Key").toString();
System.out.println("=====>Retrieved role Key ::" + roleKey);
} catch (SearchKeyNotUniqueException | NoSuchRoleException
| RoleLookupException | AccessDeniedException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
// To modify/delete existing publication, it must first be fetched
List<EntityPublication> entityPubsAssigned = entityPubService
.listEntityPublications(PolicyConstants.Resources.ROLE,
roleKey, null);
// Initializing additions
System.out.println("----- Initializing updates/removes -----");
List<EntityPublication> entityPubsAddList = new ArrayList<EntityPublication>();
List<EntityPublication> entityPubsUpdateList = new ArrayList<EntityPublication>();
List<EntityPublication> entityPubsDeleteList = new ArrayList<EntityPublication>();
// Get Organization keys
Organization org1 = orgManager.getDetails("Google", null, true);
Organization org2 = orgManager.getDetails("Yahoo", null, true);
Organization org3 = orgManager.getDetails("Microsoft", null, true);
System.out.println("Google" + " Key ::" + org1.getEntityId());
// Add a new entity publication to the list
entityPubsAddList.add(new EntityPublication(roleKey,
PolicyConstants.Resources.ROLE, Long.valueOf(org1
.getEntityId()), false));
// Update existing entity publication
// Loop through Entity Pub result
for (EntityPublication entityPub : entityPubsAssigned) {
// Add to update list if Org name matches
if (entityPub.getScopeName().equalsIgnoreCase("Microsoft")) {
entityPub.setHierarchicalScope(true);
entityPubsUpdateList.add(entityPub);
}
}
// Delete existing entity publication
for (EntityPublication entityPub : entityPubsAssigned) {
// Add to update list if Org name matches
if (entityPub.getScopeName().equalsIgnoreCase("Yahoo")) {
entityPub.setHierarchicalScope(true);
entityPubsDeleteList.add(entityPub);
}
}
// Add all the entityPublication Lists to a Map
Map<String, List<EntityPublication>> entityPubsMap = new HashMap<String, List<EntityPublication>>();
entityPubsMap.put("ADD", entityPubsAddList);
entityPubsMap.put("UPDATE", entityPubsUpdateList);
entityPubsMap.put("DELETE", entityPubsDeleteList);
//Now update the role
Role newRole = new Role(roleKey);
newRole.setAttribute(
RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO,
entityPubsMap);
roleManager.modify(newRole);
} catch (Exception e) {
e.printStackTrace();
}
}
}
After updating through code, APP_USER role will be updated as shown below:
Our example code performs the following operations
- Publish APP_USER to new Organization "Google" and set "include sub-orgs" flag to False.
- Publish APP_USER to existing Organization "Microsoft" and set "include sub-orgs" flag to True.
- Remove APP_USER from existing Organization "Yahoo"
- OIM 11.1.2.3BP07
- OEL/RHEL 6
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import oracle.iam.identity.exception.NoSuchRoleException;
import oracle.iam.identity.exception.RoleLookupException;
import oracle.iam.identity.exception.SearchKeyNotUniqueException;
import oracle.iam.identity.orgmgmt.api.OrganizationManager;
import oracle.iam.identity.orgmgmt.vo.Organization;
import oracle.iam.identity.rolemgmt.api.RoleManager;
import oracle.iam.identity.rolemgmt.api.RoleManagerConstants;
import oracle.iam.identity.rolemgmt.vo.Role;
import oracle.iam.platform.OIMClient;
import oracle.iam.platform.authopss.api.PolicyConstants;
import oracle.iam.platform.authopss.vo.EntityPublication;
import oracle.iam.platform.authz.exception.AccessDeniedException;
import oracle.iam.platformservice.api.EntityPublicationService;
public class UpdateOIMRoleOrgAssociation {
public static void main(String[] args) {
try {
String roleKey = "";
String roleName = "APP_USER";
// Connect to OIM
Hashtable<Object, Object> env = new Hashtable<Object, Object>();
env.put(OIMClient.JAVA_NAMING_FACTORY_INITIAL,
OIMClient.WLS_CONTEXT_FACTORY);
env.put(OIMClient.JAVA_NAMING_PROVIDER_URL, "t3://oimenv:14100");
System.setProperty("java.security.auth.login.config",
"/oracle/iam/authwl.conf");
System.setProperty("OIMConnect.AppServerType", "wls");
System.setProperty("APPSERVER_TYPE", "wls");
OIMClient oimClient = new OIMClient(env);
oimClient.login("xelsysadm", "Welcome123!");
// Update Role Manager
RoleManager roleManager = oimClient.getService(RoleManager.class);
// Update Organization Manager
OrganizationManager orgManager = oimClient
.getService(OrganizationManager.class);
// Update EntityPublicationService
EntityPublicationService entityPubService = oimClient
.getService(EntityPublicationService.class);
// Get role Key information
try {
roleKey = roleManager.getDetails("Role Name", roleName, null)
.getAttribute("Role Key").toString();
System.out.println("=====>Retrieved role Key ::" + roleKey);
} catch (SearchKeyNotUniqueException | NoSuchRoleException
| RoleLookupException | AccessDeniedException e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
// To modify/delete existing publication, it must first be fetched
List<EntityPublication> entityPubsAssigned = entityPubService
.listEntityPublications(PolicyConstants.Resources.ROLE,
roleKey, null);
// Initializing additions
System.out.println("----- Initializing updates/removes -----");
List<EntityPublication> entityPubsAddList = new ArrayList<EntityPublication>();
List<EntityPublication> entityPubsUpdateList = new ArrayList<EntityPublication>();
List<EntityPublication> entityPubsDeleteList = new ArrayList<EntityPublication>();
// Get Organization keys
Organization org1 = orgManager.getDetails("Google", null, true);
Organization org2 = orgManager.getDetails("Yahoo", null, true);
Organization org3 = orgManager.getDetails("Microsoft", null, true);
System.out.println("Google" + " Key ::" + org1.getEntityId());
// Add a new entity publication to the list
entityPubsAddList.add(new EntityPublication(roleKey,
PolicyConstants.Resources.ROLE, Long.valueOf(org1
.getEntityId()), false));
// Update existing entity publication
// Loop through Entity Pub result
for (EntityPublication entityPub : entityPubsAssigned) {
// Add to update list if Org name matches
if (entityPub.getScopeName().equalsIgnoreCase("Microsoft")) {
entityPub.setHierarchicalScope(true);
entityPubsUpdateList.add(entityPub);
}
}
// Delete existing entity publication
for (EntityPublication entityPub : entityPubsAssigned) {
// Add to update list if Org name matches
if (entityPub.getScopeName().equalsIgnoreCase("Yahoo")) {
entityPub.setHierarchicalScope(true);
entityPubsDeleteList.add(entityPub);
}
}
// Add all the entityPublication Lists to a Map
Map<String, List<EntityPublication>> entityPubsMap = new HashMap<String, List<EntityPublication>>();
entityPubsMap.put("ADD", entityPubsAddList);
entityPubsMap.put("UPDATE", entityPubsUpdateList);
entityPubsMap.put("DELETE", entityPubsDeleteList);
//Now update the role
Role newRole = new Role(roleKey);
newRole.setAttribute(
RoleManagerConstants.ORGANIZATIONS_PUBLISHED_TO,
entityPubsMap);
roleManager.modify(newRole);
} catch (Exception e) {
e.printStackTrace();
}
}
}
After updating through code, APP_USER role will be updated as shown below: