Programmatically Managing WLP Enterprise Scope Roles

Recently I was working on code to manage roles in WLP. WLP roles can
be at the global, enterprise application, or web application scope and I
needed it at the enterprise application scope because these roles were
for use with the content repository.  However, I could only find
examples for the web application scope, which generally looked like
this:




RolePolicyManager rpm = new RolePolicyManager();

RolePolicyItem rpi = new RolePolicyItem();

rpi.setEntAppName("testTT");

rpi.setWebAppName("ProducerWEB");

rpi.setResourceScope(EntitlementConstants.WEBAPP_ROLE_INHERITANCE);

rpi.setPolicyName("myTestPolicy");

ArrayList a = new ArrayList();

a.add("testUser");

rpi.setUserList(a);

rpm.createRolePolicy(rpi);



From that example, I would assume that changing


rpi.setResourceScope(EntitlementConstants.WEBAPP_ROLE_INHERITANCE);

to


rpi.setResourceScope(EntitlementConstants.ENT_APP_ROLE_INHERITANCE);

would be sufficient. Alas, it wasn't. The role was still created at the web application level. So, being clever, I removed


rpi.setWebAppName("ProducerWEB");

which
had an interesting result. The role was created at the Enterprise
Application scope, but only in the RDBMS, not in LDAP and, consequently,
not in the Portal Admin Console. For someone in a hurry this might be
acceptable as the role could be managed from code. And, while in a
hurry, I had the long view that these roles would also need to be
managed from Portal Admin Console, so don't ask me if the role actually
worked for entitling when out of sync as I never tested it.


To
make a long story short (probably too late for some), I contacted
support, who in turn opened a bug. The response from engineering was
that the WebAppName had to remain, and that one more piece was required:


rpi.setPolicyUser(EntitlementConstants.P13N_APPLICATION_POLICY);

And
that did the trick. I looked up the documentation for
com.bea.p13n.entitlements.policy.RolePolicyItem and found the
setPolicyUser method listed in the parent class, though found no
reference as to its value, nor did I find a getter for the attribute, so
I don't believe it was something I missed, just one of those
undocumented features that are handy to know about.

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

bocadmin_ww

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today