import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; import java.util.List; import java.util.logging.FileHandler; import java.util.logging.Level; import java.util.logging.Logger; import oracle.iam.platform.authopss.api.PolicyConstants; import oracle.iam.platform.authopss.api.PolicyConstants.Actions; import oracle.iam.platform.authopss.api.PolicyConstants.Resources; import oracle.iam.platform.authopss.vo.AdminRole; import oracle.iam.platform.authopss.vo.AdminRoleVO; import oracle.iam.platform.authopss.vo.Capability; import oracle.iam.platformservice.api.AdminRoleService; import com.connection.Platform; public class CustomAdminRoleWihGrantRoleCapabilities { private static Logger logger; private static final String DEFAULT_LOG_FILE = "customAdminRoleWihGrantRoleCapabilities.log"; private static final String usageString = "\nUsage of CustomAdminRoleWihGrantRoleCapabilities.java \n" + " where arguments are :\n" + " ADMIN_ROLE_NAME\t\t [Required] Custom Admin Role Name. \n" + " RESOURCES\t\t\t [Required] Ex: Resources such as ROLE, USER, ORGANIZATION etc \n" + " RESOURCES ACTION\t\t [Required] Ex: Actions For Respective Resources such as ADD_MEMBERS, ADD_ADMIN_USER etc \n" + " [Option] You can pass multiple RESOURCES ACTION in ',' seperated values. Ex: ADD_MEMBERS,CREATE,MODIFY \n" + " For More Info on Resource and Action \n" + " 1. https://docs.oracle.com/cd/E52734_01/oim/OMJAV/oracle/iam/platform/authopss/api/PolicyConstants.Resources.html \n" + " 2. https://docs.oracle.com/cd/E52734_01/oim/OMJAV/oracle/iam/platform/authopss/api/PolicyConstants.Actions.html \n"; private static AdminRoleService adminRoleService; private static List<Capability> getCapabilitiess(PolicyConstants.Resources resourceType, PolicyConstants.Actions actions) throws Exception { adminRoleService = Platform.getService(AdminRoleService.class); return adminRoleService.getCapabilitiess(resourceType, actions); } private static void createAdminRoleWithAddMemberCapabilities(String adminRoleName,PolicyConstants.Resources resource,List<PolicyConstants.Actions> actions) throws Exception{ logger.log(Level.INFO,"Starting createAdminRoleWithAddMemberCapabilities "); AdminRole adminrole= new AdminRole(adminRoleName, " Display Name "+adminRoleName, "Admin Role for "+resource.getId()+" with capabilities ", true); List<Capability> capabilities = new ArrayList<Capability>(); for(PolicyConstants.Actions action : actions){ logger.log(Level.INFO,"Resource :"+resource+", Actions : "+action); capabilities.addAll(getCapabilitiess(resource, action)); } logger.log(Level.INFO," Setting capabilities"); adminrole.setCapabilities(capabilities); AdminRoleVO adminRolevo = new AdminRoleVO( adminrole); logger.log(Level.INFO," Invoking createAdminRole...!"); adminRolevo = adminRoleService.createAdminRole(adminRolevo); logger.log(Level.INFO,"Ending createAdminRoleWithAddMemberCapabilities with Admin Role Name :"+adminRolevo.getAdminRole().getRoleName()); } public static void main(String[] args) throws Exception { /* * Configuring logger level */ setLogger(); logger.log(Level.INFO,"Starting Main Method..! "); try{ boolean configFileOptionPresent = readArguments(args); if (!configFileOptionPresent) { logger.log(Level.SEVERE,"ERROR: Arguments Cannot be Null Or Invalid Command Line.. \n "+usageString); throw new IllegalArgumentException(" ERROR: Arguments Cannot be Null Or Invalid Command Line.. \n "+usageString); } String adminRoleName =args[0]; String resourceName =args[1].toUpperCase(); String actionNames=args[2]; validateParams(adminRoleName,resourceName,actionNames); List actions =Arrays.asList(actionNames.trim().split(",")); logger.log(Level.INFO,"Admin Role Name : "+adminRoleName+", resource Name : "+resourceName+", Actions : "+actions); PolicyConstants.Resources resource= getResources(resourceName); List<PolicyConstants.Actions> actionTypeList = getActions(resource,actions); createAdminRoleWithAddMemberCapabilities(adminRoleName,resource,actionTypeList); logger.log(Level.INFO,"Ending Main Method..! "); }catch(Exception e){ logger.log(Level.SEVERE," Exception Occured with Message "+e); System.out.println(" For Detail Exception Please look at File : "+new File("").getAbsolutePath()+"/customAdminRoleWihGrantRoleCapabilities.log"); //throw e; } } private static void validateParams(String adminRoleName,String resourceName,String actionNames) throws Exception { logger.log(Level.INFO,"Starting validateParams Method..! "); if(adminRoleName==null || adminRoleName.isEmpty()){ logger.log(Level.SEVERE, "ERROR: Invalid ADMIN_ROLE_NAME. Please Pass Valid ADMIN_ROLE_NAME. \n "+usageString); throw new Exception(" ERROR: Invalid ADMIN_ROLE_NAME. Please Pass Valid ADMIN_ROLE_NAME. \n "+usageString); } if(resourceName==null || resourceName.isEmpty()){ logger.log(Level.SEVERE, "ERROR: Invalid Resources. Please Pass Valid RESOURCES. \n "+usageString); throw new Exception(" ERROR: Invalid Resources. Please Pass Valid RESOURCES. \n "+usageString); } if(actionNames==null | actionNames.isEmpty()){ logger.log(Level.SEVERE, "ERROR: Invalid RESOURCE ACTION. Please Pass Valid Actions for Entity. \n "+usageString); throw new Exception(" ERROR: Invalid RESOURCE ACTION. Please Pass Valid Actions for Entity. \n "+usageString); } logger.log(Level.INFO,"Ending validateParams Method..! "); } private static PolicyConstants.Resources getResources(String resource){ logger.log(Level.INFO," Entering getResources Method... !"); Resources resourceObj=null; for ( Resources resourceEnum : PolicyConstants.Resources.values()){ if(resourceEnum.toString().equals(resource)){ resourceObj=resourceEnum; logger.log(Level.INFO," Found Resources "+resourceObj ); break; } } logger.log(Level.INFO," Ending getResources Method with Resources"+resourceObj); return resourceObj; } private static List<PolicyConstants.Actions> getActions(PolicyConstants.Resources resourceObj,List actions){ logger.log(Level.INFO," Entering getActions Method... !"); List<PolicyConstants.Actions> actionTypeList = new ArrayList<PolicyConstants.Actions>(); for(Actions action : resourceObj.getActions()){ if(actions.contains(action.toString())){ logger.log(Level.INFO," Actions "+action.toString()+" Found For Resources "+resourceObj ); actionTypeList.add(action); } } logger.log(Level.INFO," Ending getActions Method with Actions "+actionTypeList); return actionTypeList; } private static boolean readArguments(String[] args) throws Exception { boolean configFileOptionPresent = true; if(args.length!=3){ configFileOptionPresent=false; throw new Exception(" ERROR: Inavlid Command Line Arguments. \n "+usageString); } return configFileOptionPresent; } /** * Sets up Logger. */ public static void setLogger() throws IOException { String logFile = DEFAULT_LOG_FILE; logger = Logger.getLogger("oracle.iam.custom.adminRole"); logger.setLevel(Level.ALL); try { FileHandler loggerFileHandler = new FileHandler(logFile, true); if (!logFile.toLowerCase().endsWith("xml")) { loggerFileHandler.setFormatter(new java.util.logging.SimpleFormatter()); } logger.addHandler(loggerFileHandler); logger.setUseParentHandlers(false); } catch (IOException io) { logger.log(Level.SEVERE, "Exception In Adding Log Handler"); throw io; } } }
Oracle Identity Manager (OIM R2PS2/PS3/12C) is a highly flexible and scalable enterprise identity administration system that provides operational and business efficiency by providing centralized administration & complete automation of identity and user provisioning events across enterprise as well as extranet applications.
Custom Admin Role With Grant Role Capabilities
Subscribe to:
Posts (Atom)
About OIM
Oracle Identity Management enables organizations to effectively manage the end - to - end life - cycle of user ide...
Popular Posts
-
OIM API's Sample Code : Videos: Massive Gaze Videos Connection Related API's : OIM DB Connection/ Data Source connection ...
-
Videos: Massive Gaze Videos 1. Basic OIM Information 2. MDS Export/Import 3. Steps For R2PS2 / R2PS3 Custom Pre-processor Ev...
-
Videos: Massive Gaze Videos 1. Query to get OIM Provsioned/provisioning Account details 2. Query to get usr keys For Rejected / ...
No comments:
Post a Comment