Common methods, prerequisite steps, and other information required for programmers who are developing virtual member manager applications are described here.
Before you integrate virtual member manager functions into your application, you must import virtual member manager packages and other related packages. The following example shows the packages that you must import and how to define the class.
import java.util.Hashtable;
import java.util.List;
import com.ibm.websphere.wim.SchemaConstants;
import com.ibm.websphere.wim.Service;
import com.ibm.websphere.wim.client.LocalServiceProvider;
import com.ibm.websphere.wim.ras.WIMTraceHelper;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import commonj.sdo.DataObject;
You can get the virtual member manager service either from the remote EJB or from the local JVM if your application is running inside WebSphere Application Server.
The following sample base application contains locateService() methods that show how to obtain the virtual member manager service, as well as other common methods that are used in the code samples for various virtual member manager operations. Replace the variables shown in italics in the following code with the actual values that you require.
/**
* This is a base application which defines common methods that are
* used by other code samples.
**/
public class BaseApp implements SchemaConstants
{
/**
* Common variable declaration: update based on the environment
**/
static final String HOST = "localhost"; // host name of the WebSphere Application Server
static final String BOOTSTRAP_PORT = "2809"; // Bootstrap/RMI port number
// Virtual member manager service that is used to make API calls
static Service service = null;
/**
* Locates virtual member manager service using a remote EJB
* @param ejbJndiName JNDI name of the EJB.
* Default EJB name is "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome"
**/
public static Service locateService(String ejbJndiName)
{
try {
// Remote access virtual member manager Service EJB
Hashtable environment = new Hashtable();
String providerURL = "corbaloc:iiop:" + HOST + ":" + BOOTSTRAP_PORT;
environment.put(LocalServiceProvider.PROVIDER_URL, providerURL);
if (ejbJndiName == null) {
ejbJndiName = "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome";
}
environment.put(LocalServiceProvider.EJB_JNDI_NAME, ejbJndiName);
service = new LocalServiceProvider(environment);
}
catch (Exception e) {
e.printStackTrace();
}
return service;
}
/**
* Locates virtual member manager service in local JVM
**/
public static Service locateService()
{
try {
// Local access virtual member manager Service
return new LocalServiceProvider(null);
}
catch (Exception e)
{
e.printStackTrace();
}
return null;
}
/**
* Runs action as specified user
* @param user user name
* @param password password of the user
* @param action Action to invoke after successful login of the user
* @return Object returned by the action
**/
public static Object runAsUser(String user, String password, PrivilegedExceptionAction action) throws Exception
{
LoginContext loginContext;
Subject subject;
// Login using the userid and password that was passed, which has the required role
loginContext = new LoginContext("WSLogin", new WSCallbackHandlerImpl(user, "", password));
loginContext.login();
subject = loginContext.getSubject();
try {
return WSSubject.doAs(subject, action);
}
catch (PrivilegedActionException excp) {
throw (Exception) excp.getCause();
}
}
public static String printDO(DataObject obj)
{
return WIMTraceHelper.printDataObject(obj);
}
/**
* Loop through the entities in the DataObject and print its uniqueName
* @param root input DataObject
*/
@SuppressWarnings("unchecked")
public static void printIdentifiers(DataObject root) throws Exception
{
// Get all entities in the DataObject
List entities = root.getList(SchemaConstants.DO_ENTITIES);
for (int i = 0; i < entities.size(); i++) {
DataObject ent = (DataObject) entities.get(i);
// Get the entity Identifier
DataObject id = ent.getDataObject(SchemaConstants.DO_IDENTIFIER);
if (id != null) {
String uniqueName = id.getString(SchemaConstants.PROP_UNIQUE_NAME);
System.out.println("UniqueName is -> " +uniqueName);
}
else {
System.out.println("Missing Identifier");
}
}
}
}
org.eclipse.emf.ecore.EPackage.Registry.INSTANCE=com.ibm.ws.wim.util.VMMEMFGlobalDelegatorRegistry
If
you do not set this system property, the default EMF implementation
is in effect, which does not support multiple security domain environment,
and might corrupt the EMF schema and schema violation error might
occur.The code samples for various virtual member manager operations use the methods defined in the BaseApp class. See the code samples for instructions about how to make API calls.
To call virtual member manager APIs in your application code, you must be assigned one of the following roles:
WebSphere Application Server administrator role.
Virtual member manager role assigned by using federated repository management rights.
For more information about predefined virtual member manager roles, see the section, Mapping users and groups to roles for assigning federated repository management rights, in Providing security.
For information about how to assign users or groups to the predefined virtual member manager roles, read about the mapIdMgrUserToRole, mapIdMgrGroupToRole, removeIdMgrUsersFromRole, removeIdMgrGroupsFromRole, listIdMgrUsersForRoles, and listIdMgrGroupsForRoles commands in the topic, IdMgrConfig command group for the AdminTask object in the WebSphere Application Server information center.
For an end-to-end example scenario, see the topic, Sample code for using federated repository management rights.
Check your class path setting to ensure that it includes the correct Java archive (JAR) files, for compiling the code.
If the application code is running inside WebSphere Application Server as an application or a servlet, then Subject and other parameters for accessing virtual member manager APIs are implicitly used and are the same as that of the server or process on which the application is deployed.
If the application is running outside WebSphere Application Server, for example, from a WebSphere Application Server client, then use the following JVM arguments when running your compiled code. Replace the variables shown in italics in the following arguments with the actual values that you require.
-Djava.security.auth.login.config=<WAS_HOME>/properties/wsjaas_client.conf
-Dcom.ibm.CORBA.ConfigURL=<WAS_HOME_URL>/properties/sas.client.props
-Dcom.ibm.SSL.ConfigURL=<WAS_HOME_URL>/properties/ssl.client.props
Use the following arguments only when you have to override the credentials specified in the CORBA properties file:
-Dcom.ibm.CORBA.loginSource=properties
-Dcom.ibm.CORBA.loginUserid=AdminUserId
-Dcom.ibm.CORBA.loginPassword=Admin Password
-Djava.security.auth.login.config=C:/Progra~1/IBM/WebSphere/AppClient/properties/wsjaas_client.conf
-Dcom.ibm.CORBA.ConfigURL=file:/Progra~1/IBM/WebSphere/AppClient/properties/sas.client.props
-Dcom.ibm.SSL.ConfigURL=file:/Progra~1/IBM/WebSphere/AppClient/properties/ssl.client.props
-Dcom.ibm.CORBA.loginSource=properties
-Dcom.ibm.CORBA.loginUserid=admin
-Dcom.ibm.CORBA.loginPassword=admin