Thursday Jul 12, 2012

Adding RESTful Web Services to Oracle Identity Manager 11g

Overview

Organization's are leveraging RESTful Web Services to integrate multiple client interfaces and devices with Internet-centric data services. We will cover how RESTful Web Services can be added to Oracle Identity Manager (OIM) 11g using the Jersey (JAX-RS) framework and Project OpenPTK.

RESTful Web Services

RESTful Web Services have become a "defacto" Application Programming Interface (API) for the Internet. A typical RESTful Web Service architecture leverages HTTP to implement basic Create, Read, Update and Delete (CRUD) operations. The following table shows how RESTful Web Services use the combination of HTTP Operations and URIs to support these CRUD operations.

Resource - URI
CRUD HTTP
Operation
Collection
http://acme.com/users
Element
http://acme.com/users/abc123
Create POST Create an entry in the collection. Entry's Id is usually assigned and returned Treat the member as a Collection, Create a sub-collection
Read GET List the collection members Retrieve a representation of the member. Using the MIME-type
Update PUT Replace the entire collection with another collection Update the member of the collection. Maybe create if it does not exist
Delete DELETE Delete the entire collection Delete the member of the collection

RESTful Web Services enable the developer to create user interfaces using their choice of design tools and frameworks. RESTful Web Services can be consumed by a traditional Browser interface (leveraging AJAX-type techniques) as well as by mobile and tablet devices leveraging platform specific RESTful client frameworks.

Oracle Identity Manager 11g and Jersey (JAX-RS)

The Oracle Identity Manager (OIM) 11g provides a powerful Java API that can be used to programmatically manage user identities. Here's a blog entry detailing the use of the OIM 11g Java APIs.

RESTful Web Services are easy to create using the Jersey framework. The Jersey framework implements the JAX-RS specification and works with most Java development tools and Java Servlet Containers. Jersey provides a set of Java Annotations to provide RESTful Web Services. The following table highlights some of the Jersey Annotations:

Annotation Description
@Path("/users") Name of a relative URI path
@POST Designates method for HTTP POST Operation (Create)
@GET Designates method for HTTP GET Operation (Read)
@PUT Designates method for HTTP PUT Operation (Update)
@DELETE Designates method for HTTP DELETE Operation (Delete)
@Produces("text/plain") Specify the MIME-types to send back to the client
@Consumes("application/json") Specify the MIME-types, the resource can consume, sent by the client

Project OpenPTK

Project OpenPTK is an open source provisioning toolkit that extends the capabilities of a provisioning solution. Project OpenPTK leverges the Jersey framework to expose RESTful Web Services and it can leverage Oracle Identity Manager (OIM) 11g using its Java APIs. Project OpenPTK supports both JSON and XML RESTful Web Service data payloads, to and from the Client.

restful openptk oim11g overview

Configuration

The RESTful Web Service demonstration environment was configured using Project OpenPTK (v2.1) deployed to the same Weblogic domain that is hosting Oracle Identity Manager (OIM) 11g. Project OpenPTK has a set of documentation which covers configuration / installation procedures in more detail.

Prerequisites

Project OpenPTK is available from a Subversion (svn) on-line source code control system at http://java.net/projects/openptk. You will need svn to download the project. The download page contains more information on how to access the source code. Create a new directory to store the project's source code.

mkdir $HOME/source
cd $HOME/source
svn checkout \
https://svn.java.net/svn/openptk~svn/tags/release-2.1/openptk \
openptk --username guest

Project OpenPTK uses Maven (mvn) for building the source code and obtaining dependent JAR files. The Setup using Maven document provides more details on how to use maven. Run the mvn install command to download the core dependency files.

Procedure

Project OpenPTK uses Service modules to interface with identity repositories. A Service module was create using the Oracle Identity Manager (OIM) 11g OIMClient Java API. The following steps highlight how to integrate, build, and deploy Project OpenPTK to support Oracle Identity Manager 11g.

  1. Obtain the Oracle Identity Manager 11g oimclient.jar file.
  2. Install the oimclient.jar file into a local maven repository
  3. Build the OpenPTK Server using the oim11g Service module
  4. Copy the generated war file to the Weblogic server where Oracle Identity Manager 11g is installed
  5. Expand the war file:
    1. Update the openptk.xml configuration file
    2. Include the oimclient.jar file
  6. Deploy the OpenPTK Server to Weblogic

See the OpenPTK Service for OIM11g on Weblogic documentation page for detailed installation procedures.


Demonstration

Log into the OpenPTK Admin Interface and confirm that the Oracle Identity Manager 11g Context is working correctly. After logging in (http://localhost:7001/openptk-server):

  • Select the Contexts menu
  • Select the User-Oracle-OIMClient uri.
  • To list the Users, select the uri for the subjects
openptk admin interface

The curl command-line utility will be used to demonstrate the RESTful Web Services.

Authenticate

Project OpenPTK has an authentication mechanism. When the user is authenticated a Session is created within the OpenPTK Server and a HTTP Cookie is created for the user. Normally the web-browser would manage the HTTP Cookie. Since curl is being used, the Cookie returned from the authentication process will be saved in a text file called cookies.txt. The Cookie text file will be used on all the other curl commands.

Command:
curl -c cookies.txt \
-H "Accept: text/plain" \
http://oim11g:7001/openptk-server/login\?user=openptkconfig\&password=password\&clientid=identitycentral
Output:
<html>
<head>
<title>Servlet Login</title>
</head>
<body>
<h1>Login Success!</h1>
</body>
</html>

The contents of the cookies.txt file:

# Netscape HTTP Cookie File
# http://www.netscape.com/newsref/std/cookie_spec.html
# This file was generated by libcurl! Edit at your own risk.

oim11g FALSE / FALSE 0 JSESSIONID       Ht8JP8zS3yyhWh5XrD42Lb6rP1r7HF5LnR09vDGQkH7QmkKb8Gfh!697966766
oim11g FALSE / FALSE 0 OPENPTKSESSIONID 6be67d1e-ea37-4b45-bbaf-d34f270940b9

Search

Search for existing OIM11g users that have a firstname or lastname that contains "Jack". The OpenPTK Server supports encoding the response data in a number of different formats. To specify what encoding type to use, set the Accept HTTP Header variable to one of these MIME-type values:

  • application/json
  • application/xml
  • text/plain
  • text/html

We use the HTTP GET method (on the User-Oracle-OIMClient/subjects collection) to search for the users. The HTTP query parameter search is used to specify the search string.

Command:
curl -X GET \
-b cookies.txt \
-H "Accept: application/json" \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/?search=Jack
Output:
{
    "response" : {
        "uri" : "http:\/\/oim11g:7001\/openptk-server\/resources\/contexts\/User-Oracle-OIMClient\/subjects\/",
        "state" : "SUCCESS",
        "length" : 2,
        "offset" : 0,
        "quantity" : 2,
        "results" : [
            {
                "subject" : {
                    "uri" : "http:\/\/oim11g:7001\/openptk-server\/resources\/contexts\/User-Oracle-OIMClient\/subjects\/JHARKNESS",
                    "uniqueid" : "JHARKNESS",
                    "attributes" : {
                        "uniqueid" : "JHARKNESS",
                        "email" : "jack@torchwood.org",
                        "roles" : "Full-Time",
                        "lastname" : "Harkness",
                        "firstname" : "Jack",
                        "lastcommafirst" : "Harkness, Jack"
                    }
                }
            },
            {
                "subject" : {
                    "uri" : "http:\/\/oim11g:7001\/openptk-server\/resources\/contexts\/User-Oracle-OIMClient\/subjects\/JSPARROW",
                    "uniqueid" : "JSPARROW",
                    "attributes" : {
                        "uniqueid" : "JSPARROW",
                        "email" : "jack@blackpearl.org",
                        "roles" : "Full-Time",
                        "lastname" : "Sparrow",
                        "firstname" : "Jack",
                        "lastcommafirst" : "Sparrow, Jack"
                    }
                }
            }
        ]
    }
}
Results: oim admin ui search

Create

We use the HTTP POST method (on the User-Oracle-OIMClient/subjects collection) to create a new user, in the collection. The curl -v option is used to show data being passed in and to show the Location value that is returned with the full URI of the created element (subject). Because we are sending in data that is "json" encoded, the HTTP Header variable Content-Type needs to be set to the application/json MIME-type. The successful operation returns a HTTP response code of 201 Created

Command:
curl -X POST -v \
-b cookies.txt \
-H "Content-Type: application/json" \
-d '{"subject" : { "attributes" : { "lastname" : "Bauer", "firstname" : "Jack" }}}' \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects
Output:
* About to connect() to oim11g port 7001
*   Trying 127.0.0.1... connected
* Connected to oim11g (127.0.0.1) port 7001
< POST /openptk-server/resources/contexts/User-Oracle-OIMClient/subjects HTTP/1.1
< User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
< Host: oim11g:7001
< Accept: */*
< Cookie: OPENPTKSESSIONID=6be67d1e-ea37-4b45-bbaf-d34f270940b9
< Content-Type: application/json
< Content-Length: 78
< 
< {"subject" : { "attributes" : { "lastname" : "Bauer", "firstname" : "Jack" }}}
HTTP/1.1 201 Created
> Cache-Control: no-cache, no-transform
> Date: Wed, 11 Jul 2012 04:38:59 GMT
> Location: http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1
> Content-Length: 0
> Content-Type: application/json
> X-ORACLE-DMS-ECID: 0000JXoLJqJFw000jzwkno1FzDlJ00001r
> X-Powered-By: Servlet/2.5 JSP/2.1
* Connection #0 to host oim11g left intact
* Closing connection #0
Results:

Read

We use the HTTP GET method (on the User-Oracle-OIMClient/subjects/jbauer1 element) to read the user. We can retrieve the data using a number of different encoding formats: json, xml, plain, html. The examples below demonstrate how the HTTP Header variable Accept is used to "tell" the server what MIME-type we (the client) want to "accept".

Command:
curl -X GET \
-b cookies.txt \
-H "Accept: application/json" \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1

curl -X GET \
-b cookies.txt \
-H "Accept: application/xml" \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1

curl -X GET \
-b cookies.txt \
-H "Accept: text/plain" \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1
Output:
{
    "response" : {
        "uri" : "http:\/\/oim11g:7001\/openptk-server\/resources\/contexts\/User-Oracle-OIMClient\/subjects\/jbauer1",
        "state" : "SUCCESS",
        "status" : "Entry found",
        "subject" : {
            "uniqueid" : "JBAUER1",
            "attributes" : {
                "manager" : null,
                "status" : "Active",
                "lastname" : "Bauer",
                "firstname" : "Jack",
                "type" : "End-User",
                "uniqueid" : "JBAUER1",
                "title" : null,
                "email" : "Jack.Bauer@openptk.org",
                "roles" : "Full-Time",
                "forgottenPasswordQuestions" : [
                   "What is your favorite color?",
                   "What is your mother's maiden name?",
                   "What is the city of your birth?"],
                "telephone" : null,
                "fullname" : "Jack Bauer",
                "lastcommafirst" : "Bauer, Jack"
            }
        }
    }
}
Output:
<?xml version="1.0" encoding="UTF-8"?>
<response>
   <uri type="string">http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1</uri>
   <state type="string">SUCCESS</state>
   <status type="string">Entry found</status>
   <subject>
      <uniqueid type="string">JBAUER1</uniqueid>
      <attributes>
         <manager type="string"></manager>
         <status type="string">Active</status>
         <lastname type="string">Bauer</lastname>
         <firstname type="string">Jack</firstname>
         <type type="string">End-User</type>
         <uniqueid type="string">JBAUER1</uniqueid>
         <title type="string"></title>
         <email type="string">Jack.Bauer@openptk.org</email>
         <roles type="string">Full-Time</roles>
         <forgottenPasswordQuestions type="string">
            <values>
               <value>What is your favorite color?</value>
               <value>What is your mother's maiden name?</value>
               <value>What is the city of your birth?</value>
            </values>
         </forgottenPasswordQuestions>
         <telephone type="string"></telephone>
         <fullname type="string">Jack Bauer</fullname>
         <lastcommafirst type="string">Bauer, Jack</lastcommafirst>
      </attributes>
   </subject>
</response>
Output:
response=
    uri="http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1"
    state="SUCCESS"
    status="Entry found"
    subject=
        uniqueid="JBAUER1"
        attributes=
            manager=
            status="Active"
            lastname="Bauer"
            firstname="Jack"
            type="End-User"
            uniqueid="JBAUER1"
            title=
            email="Jack.Bauer@openptk.org"
            roles="Full-Time"
            forgottenPasswordQuestions=
               "What is your favorite color?"; 
               "What is your mother's maiden name?"; 
               "What is the city of your birth?"
            telephone=
            fullname="Jack Bauer"
            lastcommafirst="Bauer, Jack"

Update

We use the HTTP PUT method (on the User-Oracle-OIMClient/subjects/jbauer1 element) to update an existing user, in the collection. The curl -v option is used to show data being passed in and to show the details of the update operation. Because we are sending in data that is "json" encoded, the HTTP Header variable Content-Type needs to be set to the application/json MIME-type. The successful operation returns a HTTP response code of 204 No Content

Command:
curl -X PUT \
-v -b cookies.txt \
-H "Content-Type: application/json" \
-d '{ "subject" : { "attributes" : { "title" : "Special Agent", "email" : "jack@ctu.org" } } }' \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1
Output:
* About to connect() to oim11g port 7001
*   Trying 127.0.0.1... connected
* Connected to oim11g (127.0.0.1) port 7001
> PUT /openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1 HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: oim11g:7001
> Accept: */*
> Cookie: OPENPTKSESSIONID=486104f5-0cdb-4b49-8a67-1b1929629538
> Content-Type: application/json
> Content-Length: 90
> 
> { "subject" : { "attributes" : { "title" : "Special Agent", "email" : "jack@ctu.org" } } }
HTTP/1.1 204 No Content
< Cache-Control: no-cache, no-transform
< Date: Thu, 12 Jul 2012 03:00:03 GMT
< Content-Length: 0
< Content-Type: application/json
< X-ORACLE-DMS-ECID: 0000JXt8GHAFw000jzwkno1FzDlJ000020
< X-Powered-By: Servlet/2.5 JSP/2.1
* Connection #0 to host oim11g left intact
* Closing connection #0
Results:

Delete

We use the HTTP DELETE method (on the User-Oracle-OIMClient/subjects/jbauer1 element) to delete the user, in the collection. The curl -v option is used to show data being passed in and to show the details of the delete operation. The successful operation returns a HTTP response code of 204 No Content

Command:
curl -X DELETE \
-v -b cookies.txt \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1
Output:
* About to connect() to oim11g port 7001
*   Trying 127.0.0.1... connected
* Connected to oim11g (127.0.0.1) port 7001
> DELETE /openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1 HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: oim11g:7001
> Accept: */*
> Cookie: OPENPTKSESSIONID=6789055b-2561-489e-a6bd-3c5424859f81
> 
< HTTP/1.1 204 No Content
< Cache-Control: no-cache, no-transform
< Connection: close
< Date: Thu, 12 Jul 2012 03:44:49 GMT
< Content-Length: 0
< Content-Type: text/plain
< X-ORACLE-DMS-ECID: 0000JXtIW4EFw000jzwkno1FzDlJ00002A
< X-Powered-By: Servlet/2.5 JSP/2.1
* Closing connection #0
Results:
curl -X GET \
-v -b cookies.txt \
-H "Accept: text/plain" \
http://oim11g:7001/openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1

* About to connect() to oim11g port 7001
*   Trying 127.0.0.1... connected
* Connected to oim11g (127.0.0.1) port 7001
> GET /openptk-server/resources/contexts/User-Oracle-OIMClient/subjects/jbauer1 HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: oim11g:7001
> Cookie: OPENPTKSESSIONID=6789055b-2561-489e-a6bd-3c5424859f81
> Accept: text/plain
> 
< HTTP/1.1 404 Not Found
< Cache-Control: no-cache, no-transform
< Date: Thu, 12 Jul 2012 03:49:38 GMT
< Content-Length: 9
< Content-Type: text/html; charset=UTF-8
< X-ORACLE-DMS-ECID: 0000JXtJak1Fw000jzwkno1FzDlJ00002C
< X-Powered-By: Servlet/2.5 JSP/2.1
Connection #0 to host oim11g left intact
* Closing connection #0

Even more ...

We have covered how to use Jersey (JAX-RS), via Project OpenPTK, to implement RESTful Web Services for Oracle Identity Manager 11g. We focused on basic Create, Read, Update, Delete and Search operations related to Users. The OpenPTK project also includes RESTful Web Service examples for other tasks such as Self-Service Registration which leverages the Oracle Identity Manager 11g registration feature. Take a look at the CAPTCHA and Identity Manager blog entry that uses the registration feature.

YouTube Video

Thursday Jul 05, 2012

Project OpenPTK Release 2.1 Available

The OpenPTK owners are pleased to announce that release 2.1 is available.  It has been "tagged" in the svn repository. See the download page for details.  

This release is an update to version 2.0.  This release contains bug fixes, enhancements to existing capabilities, and new features.  The most notable change in this release is the use of maven, instead of ant, for the build process.  The adoption of maven has made the project more modular, reduced its download size (less bundled jar files) and will enable the future support of Project OpenPTK in a maven repository.

For full details, see the OpenPTK version 2.1 Release Notes

Tuesday Apr 17, 2012

Programmatically Provisioning Users via Oracle Identity Manager's Java API

Ultimate control over your identities

Oracle Identity Manager (OIM) 11gR1 provides complete life-cycle management of user identities. Identity life-cycle management includes the creation, modification and termination of user access to provisioned resources. Organizations have specific requirements for how they need to manage both internal users and external users (citizens, customers, students, etc.). A provisioning solution needs to be flexible so that it can integrate into the various parts of an organization. OIM 11gR1 provides a range of options for how it can be customized. One of the most powerful and flexible ways of extending a solution is through the use of a Application Programming Interface (API). OIM 11gR1 provides a Java API which can be used to interface with multiple aspects of identity life-cycle management.

The examples covered, in these procedures, only demonstrate a select set of capabilities (basic User management) from a larger collection of interfaces and methods provided by the OIM 11gR1 Client Java API.  Organizations have used these OIM 11gR1 Java APIs for unique integration with their processes, and to support specialized user interface requirements.

User Management

The OIM 11gR1 Java APIs support searching, creating, reading, updating and deleting of Users. This procedure will cover how to use the OIM 11gR1 Java APIs to perform these operations.

Reference

Getting Started

OIM 11gR1 leverages a new Java API. The previous API (Thor) is still available. But, it is recommended that new projects use the OIM 11gR1 Client API.

Create a directory for downloading the required OIM files and sample source files. This procedure will use a directory/folder called examples.

Required server files

You will need to obtain the following files from the OIM 11gR1 server:

oimclient.zip
  • The OIM 11gR1 Java API classes are packaged as a jar file called oimclient.jar. This jar file is packaged within the oimclient.zip file. The oimclient.zip file is located in the OIM_ORACLE_HOME/server/client folder, on the OIM 11gR1 server.
  • Copy oimclient.zip from the OIM 11gR1 server:
    scp user@oimserver:/OIM_ORACLE_HOME/server/client/oimclient.zip .
  • Expand the oimclient.zip file:
    unzip oimclient.zip
  • The oimclient.zip file contains the following items:

    README text file containing information on using the bundled sample program
    oimclient.jar JAR file containing the OIM 11gR1 classes
    conf Sub-folder containing auth files
    lib Sub-folder containing jar files required by the OIM 11gR1 API
    sample Sub-folder containing bundled sample source code (not used)
wlfullclient.jar
  • Access the Weblogic Server system
    ssh user@wlserver
  • Change directories to the server/lib directory.
    cd WL_HOME/server/lib
  • Use the following command to create the wlfullclient.jar file in the server/lib directory:
    java -jar wljarbuilder.jar
  • Copy the wlfullclient.jar file.

Get the samples

This procedure will use a collection of samples that can be downloaded from a svn (subversion) repository, associated with Project OpenPTK. The following command will download the sample source code into a directory structure named oim:

svn export https://svn.java.net/svn/openptk~svn/branches/Oracle/OIM11gR1/examples/java/OIMClient/src/oim oim --username guest

Note: If you do not have svn (or a similar client subversion tool) you can get a "snap shot" of the source files as a downloadable zip file.

When the required jar files and the example code have been downloaded, the folder/directory structure should look like the following diagram.

folder structure

Review the samples

The sample source code leverages a Java packaging name-space starting with oim.client. At this level, you will find the following items:

Client.java Abstract class that contains OIM 11gR1 Server connection information. This class is used by all of the sample programs.
You will need to edit this file and change the OIM 11gR1 Server connection information.
organization Sub-folder for the package oim.client.organization which contains sample Java code that leverages some of the organization related capabilities of the OIM 11gR1 Client API. This folder and its samples are not used as part of this procedure.
request Sub-folder for the package oim.client.request which contains sample Java code that leverages some of the request related capabilities of the OIM 11gR1 Client API. This folder and its samples are not used as part of this procedure.
role Sub-folder for the package oim.client.role which contains sample Java code that leverages some of the role related capabilities of the OIM 11gR1 Client API. This folder and its samples are not used as part of this procedure.
user Sub-folder for the package oim.client.user which contains sample Java code that leverages some of the user related capabilities of the OIM 11gR1 Client API. We will be using some of these files to demonstrate basic operations related to a user:

ClientUser.java Abstract class, extends Client. It provides "User" specific capabilities.
UserChangePassword.java Not used as part of this procedure
UserCreate.java Demonstrates the creating of a user. Extends ClientUser
UserDelete.java Demonstrates the deleting of a user. Extends ClientUser
UserRead.java Demonstrates the reading of a user. Extends ClientUser
UserRegister.java Not used as part of this procedure
UserSearch.java Demonstrates the searching of users. Extends ClientUser
UserUnauthChallenge.java Not used as part of this procedure
UserUnauthSelfService.java Not used as part of this procedure
UserUpdate.java Demonstrates the updating of a user. Extends ClientUser

Class structure

The following diagram illustrates the class structure used by the samples. This procedure will cover many of the classes in the user package.

class structure

Source code

Client.java

This is an abstract class. It provides common methods that are used by all of the sub-categories; organization, request, role and user. For this procedure, we will focus on the user sub-category. This class establishes the connection to the OIM 11gR1 Server. It performs the following tasks:

  1. Creates a HashTable containing connection data
  2. Creates a OIMClient object using the HashTable
  3. Executes the OIMClinet.login(...) method to login as the proxy (admin) user

You will need to edit this file and set the OIM 11gR1 Server connection information. The URL, Admin UserId, and Admin Password will need to be set.

   private static final String OIM_URL = "t3://localhost:14000"; // OIM 11g deployment
   ...
   protected static final String OIM_USERNAME = "xelsysadm";
   protected static final String OIM_PASSWORD = "Passw0rd"; // "Passw0rd"
OIM_URL t3://hostname:port The url for connecting to the OIM 11gR1 server
OIM_USERNAME xelsysadm The login id of a user that has admin privileges to manage user accounts
OIM_PASSWORD password The password for the admin user

Note: The above example "hard codes" the proxy user's id and password.  The "hard coding" of these values is NOT recommended and is NOT secure.  The source code and techniques covered in these procedures are for demonstration purposes only and should NOT be used in a production environment.  The proxy user id and password should be accessible to the program at runtime and securely controlled.

ClientUser.java

This is an abstract class that extends Client and provides methods that can be used by sub-classes which need to leverage the User APIs. For example, The User APIs need the UserManager class to execute operations. This class performs the following tasks:

  1. Gets a UserManager object via the OIMClient.getService(UserManager.class) method.
  2. Gets a UnauthenticatedSelfService object via the OIMClient.getService(UnauthenticatedSelfService.class) method.(not used in this procedure)

UserCreate.java

This class extends ClientUser and demonstrates how a user can be "directly" created in the OIM 11gR1 user repository. Note: OIM 11gR1 also provides a "registration" facility for creating users. This procedure does not cover the registration mechanism (topic for another blog). This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a HashMap, to hold attributes
  3. Adds attributes (name/value) to the HashMap
  4. Creates a User object using an accountId and adds the HashMap of attributes.
  5. Calls the UserManager create() method to create the new user.
  6. A UserManagerResult object is returned. It is evaluated.

NOTICE: If you plan on running this sample, you may need to update some of the variables. Check the following variables and make sure the values will work in your environment:
      String accountId = "jhomer";
      String first = "John";
      String last = "Homer";

UserSearch.java

This class extends ClientUser and demonstrates how to search for users in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a "simple" SearchCriteria object using an attribute name, attribute value and a SearchCriteria.Operator.
  3. Creates a HashSet of attribute names (what attributes to return in the search results).
  4. Creates a HashMap for search parameters. Parameters can include how to sort the search results and how many (rows) to return. This example uses a NULL HashMap which means that default parameters will be used.
  5. Calls the UserManager search() method. The method uses the Search Criteria, Attribute Names, and Parameters to perform the search.
  6. A List of User objects is return.
    For each user, its Attributes name and value are obtained. The user data is displayed.

NOTICE: If you plan on running this sample, you may need to update the source file. Uncomment and/or update one of the SearchCriteria items:
      criteria = new SearchCriteria("First Name", "John", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("Email", "John.Wayne@openptk.org", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("First Name", "scott", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("User Login", "*", SearchCriteria.Operator.EQUAL);
//      criteria = new SearchCriteria("usr_key", "*", SearchCriteria.Operator.EQUAL);

UserUpdate.java

This class extends ClientUser and demonstrates how to update a user in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a HashMap, to hold attributes (that will be updated)
  3. The attributes to be modified (name and value), are added to the HashMap
  4. Creates a User object using an accountId and adds the HashMap of attributes.
  5. Calls the UserManager modify() method to update the existing user.
  6. A UserManagerResult object is returned. It is evaluated.

NOTICE: If you plan on running this sample, you may need to update the "login id" to match the "login id" that was used to create the user. Check the following lines of code and make sure the values will work in your environment:
      user = new User("jhomer", mapAttrs);
      result = umgr.modify("User Login", "jhomer", user);

UserRead.java

This class extends ClientUser and demonstrates how to read a user in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Creates a HashMap, to hold attributes (which ones to return)
  3. The attributes to be returned (name and value), are added to the HashMap
  4. Creates a User object using an accountId and adds the HashMap of attributes. In this example, the HashMap is null, all of the available/allowed attributes will be returned.
  5. Calls the UserManager getDetails() method to read the existing user.
  6. A User object is returned.
  7. The attributes can be obtained by calling the "getter" methods or by obtaining a HashMap of the attributes and iterating through it. Both techniques are used.

NOTICE: If you plan on running this sample, you may need to update the "login id" to match the "login id" that was used to create the user. Check the following lines of code and make sure the values will work in your environment:
      user = umgr.getDetails("jhomer", attrNames, true);

UserDelete.java

This class extends ClientUser and demonstrates how to delete a user in the OIM 11gR1 user repository. This class performs the following tasks:

  1. Gets the UserManager
  2. Calls the UserManager delete() method to delete the existing user.
  3. A UserManagerResult object is returned. It is evaluated.

NOTICE: If you plan on running this sample, you may need to update the "login id" to match the "login id" that was used to create the user. Check the following lines of code and make sure the values will work in your environment:
      result = umgr.delete("User Login", "jhomer");

Compile samples

Compile the Java code from the directory where the jar files and source files where downloaded. Set the CLASSPATH and run javac

export CLASSPATH=.:oimclient.jar:wlfullclient.jar
javac oim/client/*/*

Run samples

Create

A new user will be created with the login id of "jhomer".

java oim/client/user/UserCreate

LOG: __BEGIN__
LOG: UserManager ready
LOG: User object created: 'jhomer'
LOG: Creation status: 'COMPLETED'
LOG: __END__

Search

The new user is in the search output, lastname="John".

java oim/client/user/UserSearch

LOG: __BEGIN__
LOG: UserManager ready
LOG: search results, quantity=8
LOG: EntityId: 214, Id: 214, Attributes: Email='John.Homer@oracle.com', usr_key='214', User Login='JHOMER', Last Name='Homer', First Name='John', 
LOG: EntityId: 8, Id: 8, Attributes: Email='John.Smith@oracle.com', usr_key='8', User Login='JSMITH1', Last Name='Smith', First Name='John', 
LOG: EntityId: 27, Id: 27, Attributes: Email='John.Wayne@openptk.org', usr_key='27', User Login='JWAYNE', Last Name='Wayne', First Name='John', 
LOG: EntityId: 12, Id: 12, Attributes: Email='john.thompson@email.com', usr_key='12', User Login='JTHOMPSON', Last Name='Thompson', First Name='John', 
LOG: EntityId: 83, Id: 83, Attributes: Email='John.Simpson@openptk.org', usr_key='83', User Login='JSIMPSON', Last Name='Simpson', First Name='John', 
LOG: EntityId: 10, Id: 10, Attributes: Email='John.Smith3@oracle.com', usr_key='10', User Login='JSMITH3', Last Name='Smith', First Name='John', 
LOG: EntityId: 14, Id: 14, Attributes: Email='John.Hope@openptk.org', usr_key='14', User Login='JHOPE', Last Name='Hope', First Name='John', 
LOG: EntityId: 17, Id: 17, Attributes: Email='test@test.com', usr_key='17', User Login='JHENRY2', Last Name='Henry', First Name='John', 
LOG: __END__

Read

The new user, "jhomer" has the following details.

java oim/client/user/UserRead

LOG: __BEGIN__
LOG: UserManager ready
LOG: Got user detail
LOG: 
Id                            : 214
Entity Id                     : 214
Login                         : JHOMER
First Name                    : John
Middle Name                   : (null)
Last Name                     : Homer
Common Name                   : JHOMER
Display Name                  : John Homer
Employee Number               : (null)
Employee Type                 : Full-Time
Email                         : John.Homer@oracle.com
User Type                     : End-User
Country                       : (null)
Description                   : (null)
Status                        : Active
Generation Qualifier          : (null)
Account Status                : 0
Manager Key                   : (null)
Manually Locked               : (null)
User Disabled                 : 0
Policy Update Enabled         : (null)
Change Password At Next login : 1
Password Cant Change          : (null)
Password Expired              : (null)
Password Generated            : (null)
Password Must Change          : (null)
Password Never Expires        : (null)
Password Warned               : (null)
Attributes                    : 
FA Territory=
usr_pwd_warn_date='Tue Aug 07 22:23:17 CDT 2012
Employee Number=
usr_locale=
Middle Name=
Manually Locked=
usr_disabled='0
usr_update='Mon Apr 16 22:23:17 CDT 2012
Date Format=
Display Name='{base=John Homer}
Mobile=
usr_timezone=
LDAP Organization=
usr_locked='0
usr_pwd_reset_attempts_ctr='0
Currency=
End Date=
Pager=
usr_deprovisioned_date=
Time Format=
usr_created=
usr_deprovisioning_date=
Color Contrast=
PO Box=
usr_create='Mon Apr 16 22:23:17 CDT 2012
LDAP GUID=
Full Name='{base=null}
Accessibility Mode=
Country=
Xellerate Type='End-User
usr_change_pwd_at_next_logon='1
usr_pwd_expire_date='Tue Aug 14 22:23:17 CDT 2012
usr_pwd_cant_change=
Email='John.Homer@oracle.com
usr_provisioned_date='Mon Apr 16 22:23:16 CDT 2012
usr_data_level=
Common Name='JHOMER
Automatically Delete On=
Locked On=
Start Date=
Last Name='Homer
usr_login_attempts_ctr='0
First Name='John
Locality Name=
usr_manager_key=
Number Format=
usr_policy_update=
Street=
Embedded Help=
usr_pwd_expired=
Department Number=
Hire Date=
usr_createby='1
usr_pwd_warned=
Telephone Number=
Home Postal Address=
Font Size=
usr_updateby='1
Description=
Home Phone=
LDAP Organization Unit=
usr_pwd_min_age_date=
Assurance Level='1
Fax=
Postal Code=
act_key='1
usr_key='214
User Login='JHOMER
Title=
Status='Active
Generation Qualifier=
State=
Postal Address=
Initials=
usr_pwd_never_expires=
usr_pwd_must_change=
LDAP DN=
Role='Full-Time
FA Language=
Password Generated=
usr_provisioning_date=

LOG: __END__

Update

The new user, "jhomer" will be updated. You can see the modified email address in the Search output and the updated title in the Read output.

java oim/client/user/UserUpdate

LOG: __BEGIN__
LOG: UserManager ready
LOG: User object created
LOG: Modification status: 'COMPLETED'
LOG: __END__
java oim/client/user/UserSearch

LOG: __BEGIN__
LOG: UserManager ready
LOG: search results, quantity=8
LOG: EntityId: 214, Id: 214, Attributes: Email='jhomer@oracle.com', usr_key='214', User Login='JHOMER', Last Name='Homer', First Name='John', 
LOG: EntityId: 8, Id: 8, Attributes: Email='John.Smith@oracle.com', usr_key='8', User Login='JSMITH1', Last Name='Smith', First Name='John', 
LOG: EntityId: 27, Id: 27, Attributes: Email='John.Wayne@openptk.org', usr_key='27', User Login='JWAYNE', Last Name='Wayne', First Name='John', 
LOG: EntityId: 12, Id: 12, Attributes: Email='john.thompson@email.com', usr_key='12', User Login='JTHOMPSON', Last Name='Thompson', First Name='John', 
LOG: EntityId: 83, Id: 83, Attributes: Email='John.Simpson@openptk.org', usr_key='83', User Login='JSIMPSON', Last Name='Simpson', First Name='John', 
LOG: EntityId: 10, Id: 10, Attributes: Email='John.Smith3@oracle.com', usr_key='10', User Login='JSMITH3', Last Name='Smith', First Name='John', 
LOG: EntityId: 14, Id: 14, Attributes: Email='John.Hope@openptk.org', usr_key='14', User Login='JHOPE', Last Name='Hope', First Name='John', 
LOG: EntityId: 17, Id: 17, Attributes: Email='test@test.com', usr_key='17', User Login='JHENRY2', Last Name='Henry', First Name='John', 
LOG: __END__


java oim/client/user/UserRead

LOG: __BEGIN__
LOG: UserManager ready
LOG: Got user detail
LOG: 
Id                            : 214
Entity Id                     : 214
Login                         : JHOMER
First Name                    : John
Middle Name                   : (null)
Last Name                     : Homer
Common Name                   : JHOMER
Display Name                  : John Homer
Employee Number               : (null)
Employee Type                 : Full-Time
Email                         : jhomer@oracle.com
User Type                     : End-User
Country                       : (null)
Description                   : (null)
Status                        : Active
Generation Qualifier          : (null)
Account Status                : 0
Manager Key                   : (null)
Manually Locked               : (null)
User Disabled                 : 0
Policy Update Enabled         : (null)
Change Password At Next login : 1
Password Cant Change          : (null)
Password Expired              : (null)
Password Generated            : (null)
Password Must Change          : (null)
Password Never Expires        : (null)
Password Warned               : (null)
Attributes                    : 
FA Territory=
usr_pwd_warn_date='Tue Aug 07 22:23:17 CDT 2012
Employee Number=
usr_locale=
Middle Name=
Manually Locked=
usr_disabled='0
usr_update='Mon Apr 16 22:24:19 CDT 2012
Date Format=
Display Name='{base=John Homer}
Mobile=
usr_timezone=
LDAP Organization=
usr_locked='0
usr_pwd_reset_attempts_ctr='0
Currency=
End Date=
Pager=
usr_deprovisioned_date=
Time Format=
usr_created=
usr_deprovisioning_date=
Color Contrast=
PO Box=
usr_create='Mon Apr 16 22:23:17 CDT 2012
LDAP GUID=
Full Name='{base=null}
Accessibility Mode=
Country=
Xellerate Type='End-User
usr_change_pwd_at_next_logon='1
usr_pwd_expire_date='Tue Aug 14 22:23:17 CDT 2012
usr_pwd_cant_change=
Email='jhomer@oracle.com
usr_provisioned_date='Mon Apr 16 22:23:16 CDT 2012
usr_data_level=
Common Name='JHOMER
Automatically Delete On=
Locked On=
Start Date=
Last Name='Homer
usr_login_attempts_ctr='0
First Name='John
Locality Name=
usr_manager_key=
Number Format=
usr_policy_update=
Street=
Embedded Help=
usr_pwd_expired=
Department Number=
Hire Date=
usr_createby='1
usr_pwd_warned=
Telephone Number=
Home Postal Address=
Font Size=
usr_updateby='1
Description=
Home Phone=
LDAP Organization Unit=
usr_pwd_min_age_date=
Assurance Level='1
Fax=
Postal Code=
act_key='1
usr_key='214
User Login='JHOMER
Title='Engineer
Status='Active
Generation Qualifier=
State=
Postal Address=
Initials=
usr_pwd_never_expires=
usr_pwd_must_change=
LDAP DN=
Role='Full-Time
FA Language=
Password Generated=
usr_provisioning_date=

LOG: __END__

Delete

The new user, "jhomer" will be deleted. The search output no longer contains the user.

java oim/client/user/UserDelete

LOG: __BEGIN__
LOG: UserManager ready
LOG: Delete status: 'COMPLETED'
LOG: __END__


java oim/client/user/UserSearch

LOG: __BEGIN__
LOG: UserManager ready
LOG: search results, quantity=7
LOG: EntityId: 8, Id: 8, Attributes: Email='John.Smith@oracle.com', usr_key='8', User Login='JSMITH1', Last Name='Smith', First Name='John', 
LOG: EntityId: 27, Id: 27, Attributes: Email='John.Wayne@openptk.org', usr_key='27', User Login='JWAYNE', Last Name='Wayne', First Name='John', 
LOG: EntityId: 12, Id: 12, Attributes: Email='john.thompson@email.com', usr_key='12', User Login='JTHOMPSON', Last Name='Thompson', First Name='John', 
LOG: EntityId: 83, Id: 83, Attributes: Email='John.Simpson@openptk.org', usr_key='83', User Login='JSIMPSON', Last Name='Simpson', First Name='John', 
LOG: EntityId: 10, Id: 10, Attributes: Email='John.Smith3@oracle.com', usr_key='10', User Login='JSMITH3', Last Name='Smith', First Name='John', 
LOG: EntityId: 14, Id: 14, Attributes: Email='John.Hope@openptk.org', usr_key='14', User Login='JHOPE', Last Name='Hope', First Name='John', 
LOG: EntityId: 17, Id: 17, Attributes: Email='test@test.com', usr_key='17', User Login='JHENRY2', Last Name='Henry', First Name='John', 
LOG: __END__

YouTube Video

Summary

These procedures used a collection of Java sample programs to demonstrate some of the "User" capabilities of the OIM 11gR1 Java API. These samples merely provide an introduction into how Oracle Identity 11gR1 can be extended.

Monday Jan 05, 2009

Project OpenPTK 2.0.0 development has started

This past weekend, we Checked In the initial development code for Release 2.0.0 of Project OpenPTK. This code is a re-design of the Framework to support new features. The new code is available from the main SVN trunk ...

svn checkout https://openptk.dev.java.net/svn/openptk/trunk/openptk openptk --username guest

The latest stable build of release 1.1.0 is available from the release-1.1 SVN tag ...

svn checkout https://openptk.dev.java.net/svn/openptk/tags/release-1.1/openptk openptk-1.1 --username guest

As we work on this release, we'll update the documentation. The What's New page is updated as the features are completed.

Friday Aug 01, 2008

wikis.sun.com a perfect fit

Looking for a wiki to collaborate information ... i've got just the one: wikis.sun.com

Project OpenPTK is about to release a new version (1.1). As with any software development project, the jobs not done until the documentation is done. Previous releases used PDF files to distribute documentation (source files were .odt). Emailing source files between the development team was not working. We decided to move our documentation to a wiki. Our requirements:

  • Fully accessible to anyone for reading
  • Easy to manage document / page structures
  • Ability to control create / update access to specific documents / pages
  • Easy to use syntax
  • Scalable / Available architecture

After researching a number of options, we decided to create a project on http://wikis.sun.com. Our wiki site can be directly found at http://wikis.sun.com/display/openptk or from the OpenPTK url http://wiki.openptk.org

The site is still under construction by the Project Team. The migration of documents to wiki pages has been going great. A couple of pages are done ... take a look at the Overview, Release Notes, and the Configuration Reference Guide.

If your looking for a public facing wiki site to host your collaboration project ... check it out.

Thursday May 01, 2008

Late Night with Project OpenPTK

Tuesday night the OpenPTK team had a meeting @9:30 PM Central that went past midnight. Derrick, Terry and I talked about what was going to be in release 1.1, the plans for 1.2 and 2.0 of the project. We got a lot of new features added to release 1.1 and the plans for the future look good. We're getting more help from the community, which is great. We've posted the minutes of the meeting (thanks Terry) on openptk.dev.java.net under the meeting minutes forum.

Wednesday Apr 16, 2008

How To Extend OpenPTK

Extending OpenPTK, the User Provisioning Toolkit by Masoud Kalali -- Project Open Provisioning ToolKit (OpenPTK) is as an open source user provisioning toolkit exposing APIs, web services, HTML taglibs, and JSR-168 portlets with user self-service and administration examples. OpenPTK hides the implementation differences between different user stores, allowing developers to use multiple stores with a common API. Masoud Kalali shows how to use and extend the toolkit.

Thursday Mar 20, 2008

An Overview of Project OpenPTK

logo

OpenPTK is an open source project that provides a collection of tools and sample applications that Web and Java developers can use to integrate custom applications with user provisioning systems. Using industry standard interfaces, developers can build flexible user management applications that support Enterprise-class, department/group level and Web 2.0 type user provisioning environments.

Organizations:

Most intranet and Internet applications require user authentication. Applications either have an intergrated data store (e.g. RDBMS) or leverage an network service (e.g. LDAP) for validating users. Managing the "life cycle" of user data has become challenging. There are different user provisioning strategies:

  • An enterprise typically implements a provisioning solution such as Sun's Identity Manager to manage user data across multiple applications and services.
  • Departments (or group level) many only have a single application that has a dedicated user data store. The volume of user management activities is usually small.
  • Web 2.0, Internet facing, applications typically leverage a scaleable / available network service for storing user information.

Requirements:

Organizations need to implement a set of basic user management capabilities. For End Users, a solution needs to provide; "Forgotten Password" and "Self Service" functionality. For User Administration, a solution needs to provide fundemental Create, Read, Update, Delete and Password operations. Provisioning solutions and user data stores most likely provide these basic user management capabilities through their native interfaces. The problem is that these native interfaces may not meet the organization's requirements. Organizations have expressed the need to intergrate user management systems with different custom "End User" experiences/interfaces. Commonly requested interfaces include:

Remote Web Interface: Organizations need a Web interface, for user provisioning, that can be deployed remotely from the system that host the provisioning solution.
Command Line Interface: Administrators need an interface that allows them to perform provisioning from a comamnd-line interface, either interactively or from a shell script.
Portal / Portlet Interface: Enterprise and Departmental organizations may have to provide user provisioning interfaces into an existing Portal infrastructure.
WSDL-based Web Service: Developers need to integrate user provisioning into a SOA environment and are requiring Web Services that can be used by SOA development tools.

Because of these requirements for custom end-user experiences, organizations will build applications that leverage different types of development environments. The "End User" application (experience) may need to support a rich-native desktop interface, a browser-based interface, a Web Service or a command-line interface. Developers will design solutions that integrate an orgaization's interface experience with the various user data stores. Developers will most likely have to learn the details related to interacting with the various user data stores. Web developers may not be prepared to deal with Java APIs that are need to access the data store(s).

Solution:

Project OpenPTK is a three-tier architecture which enables developers to focus on the business application interface, not on the underlying user data store. There's a number of "Consumer Tier" interfaces which address various development options. The "back-end" user data store is abstracted through the "Service Tier". The "Framework Tier" integrates the Consumer and Service tiers while also managing configurations, logging/debugging and provisioning operations.

Project OpenPTK Architecture

Consumer Tier interfaces/examples:

User Management Lite (UML): A JSPs/Taglib-based web application which provides basic user administration, and self-service functions.
Command Line Interface (CLI): Provides basic provisioning operations. The CLI can be part of custom scripts that administrators can use to automate provisioning tasks.
JSR-168 Portlets: Provides "Forgotten Password", "Self Service" and "User Administration" capabilities. These portlets can be integrated into a customers existing JSR-168 compliant Portal server.
WSDL-based Web Service: Provides User provisioning operations. Web Service clients (e.g. Java CAPS and soapUI) can reference the WSDL from this service and create custom integration solutions.

Service Tier implementations:

SPML: The Service Provisioning Markup Language is the external interface used by Sun's Identity Manager user provisioning solution.
SPE: Sun's Identity Manager, user provisioning solution, contains a Service Provider Edition interface for user provisioning.
JNDI: The Java Naming and Directory Interface API is used to access LDAP-based (e.g. OpenDS) user data stores.
JDBC: The Java Database Connectivity API is used to access Relational Database user data stores (e.q. MySQL).

Developers can use Project OpenPTK's interfaces and APIs to handle user provisioning operations without having to worry about the back-end user data stores. User provisioning applications that leverage Project OpenPTK can easily support multiple different user data stores through the use of its flexible configuration mechanism.

Project OpenPTK is a formal open source project hosted on Java.net and is part of the Identity Management community. Project OpenPTK founders: Scott Fehrman, Derrick Harcey and Terry Sigle are Pre-Sales Systems Engineers supporting Sun's Identity Management products.

The Project OpenPTK site contains source code (via svn), documentation, distributions and tracks issues. Anyone is welcome to join the community as an Observer and please subscribe to the "user" and "announce" mailing lists.

Friday Feb 08, 2008

WSDL-based Web Service is released

The Project Open Provisioning ToolKit (OpenPTK) team has announced a new Consumer-Tier application, a WSDL-base Web Service. The new application enables other web (client) applications to perform user provisioning operations. Clients can consume the published WSDL and invoke the service's operations: Create, Read, Update, Delete and Search.

The Web Service application is based on JAX-RPC and leverages the Web Services features of NetBeans. The Project OpenPTK NetBeans guide has been updated to cover the building and deploying of this new application.

This new OpenPTK Consumer-Tier application can be used by composite application tools like Sun's Java CAPS to integrate user provisioning into an Enterprise solution.

The WSDL-based Web Service application is available now. It can be obtained by downloading Project OpenPTK's source code from the openptk.dev.java.net site.

Here's some screen shots of the new WSDL-based Web Service being tested with soapUI

Monday Jan 14, 2008

JSR-168 Portlets for Project OpenPTK

Today we posted an announcement regarding a new feature that was added to Project OpenPTK. The new feature is a Consumer Tier application that leverages Project OpenPTK's flexible architecture, a set of JSR-168 Portlets:

Forgotten Password:
Users can leverage challenge questions/answers stored within the Sun Java System Identity Manager to change a forgotten password.

Self Service:
After authenticating to the Portal, users can change some of their own information and change their own password.

User Administration:
Authorized users can perform basic user life-cycle operations; Create, Read, Update, Delete, Change Password, Reset Password.

The JSR-168 Portlets have been tested on the open source Jetspeed portal server and on the Sun Java System Portal Server. The JSR-168 Portlets are available now. They can be obtained by downloading Project OpenPTK's source code from the openptk.dev.java.net site.

Wednesday Jan 09, 2008

First Project OpenPTK meeting for 2008

The Project OpenPTK team had their first meeting of the year. We posted the notes on openptk.dev.java.net as a new Forum called Meeting Minutes. We talked about ope issues and new ideas. Here's a summary of ideas for new features:

  • JDBC Service
  • RESTful Web Service
  • Authentication
  • Solaris Naming Service

Monday Dec 03, 2007

LDAP/JNDI Service for Project OpenPTK

Today we posted an announcement related to a new feature that was just added to Project OpenPTK. The new feature is a Service that enables OpenPTK-based applications to provision users to LDAP-based directory servers.

Why is this important? The new LDAP/JNDI Service demonstrates that User Provisioning applications (which leverage Project OpenPTK consumer interfaces) can be abstracted from the back-end user repository. Prior to this announcement, OpenPTK-based applications could only leverage the SPML Service. Developers can now build User Provisioning interfaces that could use LDAP for Search and Read operations while SPML would be used for Create, Update and Delete operations.

The Test Samples and Example applications provided in the Project OpenPTK source download have been tested with both LDAP/JNDI and SPML. The Command Line and User Management Lite examples can easily switch between back-end user repositories by either updating a configuration file or by specifying a context at run-time.

The OpenDS directory server was used for development and testing. It was so easy to download, install and configure. Another must have tool, if your working with LDAP, is the Apache Directory Studio.

This is just the beginning of what the Project OpenPTK team has planned for this new LDAP/JNDI Service.

Saturday Dec 01, 2007

NetBeans guide for Project OpenPTK

Yesterday I released the Project OpenPTK NetBeans Guide to the openptk.dev.java.net documentation page. This guide will help you set-up a collection of NetBeans Projects using Project OpenPTK's source files.

Saturday Nov 17, 2007

NetBeans 6.0 (Beta 2) Java Editor ... you need to take look

I installed NetBeans 6.0 (Beta 2) on my Mac about a month ago. I didn't do much with it until last week. One of my TODO's has been: "work on Javadocs" for Project OpenPTK. I know ... I know ... we should have been writing the Javadocs as we wrote code, just like every good developer does :-).

I decided to use NetBeans 6.0 (Beta 2), instead of my NetBeans 5.5 install. I'm really happy I did ... the new editor ROCKS. There's a ton of new features, I'm sure i'll get to use them all eventually. Did I say the new editor "JUST ROCKS".

As I was adding Javadoc comments "/\*\*", the NetBeans Editor started a nice template for me with @param, @throws, @return elements as necessary. This made it easier for me to "Fill-In-The-Blanks" with notations. As I went through all the Java files in Project OpenPTK's public api code, I noticed that the Editor was flagging different things in the code. It highlighted methods that should have @Override, include lines not being used, local variable that were conflicting with global fields and few other things. I decided to open every Java source file in the project and see what the editor found. I removed a lot of include lines that were not need being used.

There's a lot of other cool features in this new Editor. Here's a just few things that I played with:

  • I really like the new diff features, especially when you delete lines and the icon lets you see what was removed, compared to what's in SVN.
  • The default colorizing is a lot nicer.
  • The highlighting is very useful, double-click on a variable and it's highlighted everywhere, the right-side margin shows a little "tick" mark where that variable is used thoughout your source file.
  • I needed to use the Instant Renaming feature a couple of times (when a local variable name was the same as a global field ... oops). Just start changing the local variable where it's defined and it will dynamically change everywhere in the method.

There's many more new features. Take a look at this NetBeans wiki site, it's a good summary of the Editor's features.

Monday Nov 12, 2007

Source Code Posted

Last Friday the Project OpenPTK team (Derrick, Terry and I) did an initial check-in of the source code. You can download the pre-built samples and browse the source code. Details related to the source code can be found on http://www.ohloh.net. Our initial check-in was about 120 files and included over 15,000 lines of code (that's minus blank lines and comments). The Javadocs for the Java API are available on http://www.openptk.org.

About

Scott Fehrman

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today
News

No bookmarks in folder

Projects

No bookmarks in folder

Ref. Material

No bookmarks in folder