Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Develop with virtual member manager > Integrate virtual member manager into the application > Sample code
Sample code for working with users, groups, group members, and group memberships
Use the end-to-end sample code and data graphs for basic operations involving users, groups, group members, and group memberships.
The following steps are covered in this sample scenario:
- Create a user by adding an entity of PersonAccount entity type by using the create method.
- Create a group by adding an entity of Group entity type by using the create method.
- Add the user to the group by using the update method.
- Get the members of the group by using the get method and GroupMemberControl.
- Get the groups to which the user belongs (group membership) by using the get method and GroupMembershipControl.
- Remove the user from the group by using the update method and GroupMemberControl. For sample code to remove the user from a group by using the GroupMembershipControl, see the topic Sample code for removing users from a group.
- Delete the user by using the delete method.
- Delete the group by using the delete method.
Prerequisites
Ensure that we have read the information and completed the steps described in the topic, Program prerequisites.
Sample code
Add the following end-to-end sample code to the application code and replace the variables with the actual values to use.
public class UserAndGroupSample extends BaseApp { // Define users and groups DNs private static String user1Dn = "uid=user1,o=defaultWIMFileBasedRealm"; private static String user2Dn = "uid=user2,o=defaultWIMFileBasedRealm"; private static String group1Dn = "cn=group1,o=defaultWIMFileBasedRealm"; private static String group2Dn = "cn=group2,o=defaultWIMFileBasedRealm"; private static String EJB_JNDI_NAME = "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome"; /** * This sample does the following operations: * Creates a user * Creates a group * Assigns the user to the group * Gets the group members * Gets the group membership * Removes the user from the group * Deletes a user * Deletes a group */ public static void main(String[] args) throws Exception { // Initialize the profile service locateService(EJB_JNDI_NAME); // Create a user and a group respectively addPersonAccount("user1","user1cn","user1sn"); addGroup("group1"); // Add the member user1 to the group addMemberToGroup(user1Dn,group1Dn); // Get the group members getGroupMembers(group1Dn); // Get the group membership getGroupMembership(user1Dn); // Remove the member user1 from the group removeMemberFromGroup(user1Dn,group1Dn); // Delete the user1 deleteEntity(user1Dn); // Delete the group1 deleteEntity(group1Dn); } /** * addPersonAccount * Adds an entity of PersonAccount entity type * @param uid value to be set * @param cn value to be set * @param sn value to be set */ public static void addPersonAccount(String uid, String cn, String sn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_PERSON_ACCOUNT); // Set the properties of the person entity.set("uid", uid); entity.set("cn", cn); entity.set("sn", sn); System.out.println("Input data graph before creating user"+ printDO(root)); // Create the PersonAccount entity root = service.create(root); System.out.println("Output data graph after creating user"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * addGroup Adds an entity of type Group * @param cn value to be set */ public static void addGroup(String cn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP); // Set the cn of the group entity.set("cn", cn); System.out.println("Input data graph before creating group"+ printDO(root)); // Create the group entity root = service.create(root); System.out.println("Output data graph after creating group"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * addMemberToGroup adds a user to the group * @param memberDn uniqueName of the member * @param groupDn uniqueName of the group */ public static void addMemberToGroup(String memberDn, String groupDn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP); // Set the group uniqueName entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME, groupDn); DataObject member1 = SDOHelper.createDataObject(SchemaConstants.WIM_NS_URI, SchemaConstants.DO_ENTITY); // Set the member uniqueName member1.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME, memberDn); // Add the member to the group entity.getList(SchemaConstants.DO_MEMBERS).add(member1); System.out.println("Input datagraph before adding member to group"+ printDO(root)); // Update the group root = service.update(root); System.out.println("Output datagraph after adding member to group"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * getGroupMembers Returns the members of the group * @param groupDn uniqueName of the group */ public static void getGroupMembers(String groupDn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP); // Set the group uniqueName entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME, groupDn); // Set the property control DataObject propCtrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_PROPERTY_CONTROL); //Retrieve the cn of group whose members need to be searched propCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn"); // Set the group member control DataObject grpMbrCtrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_GROUP_MEMBER_CONTROL); // Retrieve cn and uid attributes for all members grpMbrCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn"); grpMbrCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("uid"); System.out.println("Input data graph before getting group members"+ printDO(root)); // Get the members of the group root = service.get(root); System.out.println("Output data graph after getting group members"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * getGroupMembership Gets the groups to which the user belongs * @param memberDn uniqueName of the user */ public static void getGroupMembership(String memberDn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_PERSON_ACCOUNT); // Set the uniqueName of the group entity.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME, memberDn); // Set the Group membership control DataObject grpMbrshipCtrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_GROUP_MEMBERSHIP_CONTROL); // Set the property of level to retrieve all the nested entities grpMbrshipCtrl.setInt(SchemaConstants.PROP_LEVEL, SchemaConstants.PROP_LEVEL_NESTED); // Retrieve cn attribute for all groups grpMbrshipCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn"); System.out.println("Input data graph before getting group membership of user"+ printDO(root)); // Get the members of the group root = service.get(root); System.out.println("Output data graph after getting group membership of user"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * removeMemberFromGroup remove the user from the group * @param memberDn uniqueName of the user * @param groupDn uniqueName of the group */ public static void removeMemberFromGroup(String memberDn, String groupDn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP); // Set the uniqueName of the group entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME, groupDn); DataObject member1 = SDOHelper.createDataObject(SchemaConstants.WIM_NS_URI, SchemaConstants.DO_ENTITY); // Set the member uniqueName to be removed member1.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME, memberDn); // Retrieve the member to remove it from the group entity.getList(SchemaConstants.DO_MEMBERS).add(member1); // Set the group member control DataObject grpMbrCtrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_GROUP_MEMBER_CONTROL); // Unassign mode to remove the member from the group grpMbrCtrl.setInt(SchemaConstants.PROP_MODIFY_MODE, SchemaConstants.VALUE_MODIFY_MODE_UNASSIGN); System.out.println("Input datagraph before removing member from group"+ printDO(root)); // Update the group to remove the member root = service.update(root); System.out.println("Output datagraph after removing member from group"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * deleteEntity Deletes the given entity * @param entityName */ public static void deleteEntity(String entityName) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_ENTITY); // Set the delete control DataObject ctrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_DELETE_CONTROL); // Set the return property after deletion ctrl.setBoolean(SchemaConstants.PROP_RETURN_DELETED, true); // Set the uniqueName of the entity to be deleted entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME, entityName); System.out.println("Input data graph before deleting entity"+ printDO(root)); // Delete the entity root = service.delete(root); System.out.println("Output data graph after deleting entity"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } }
Input and output data graphs
The input data graphs and the resulting output data graphs for each step of this example are provided next.
Input data graph for creating a user, that is, an entity of PersonAccount entity type:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:uid>user1 </wim:uid> <wim:cn>user1cn </wim:cn> <wim:sn>user1sn </wim:sn> </wim:entities> </wim:Root> </sdo:datagraph>Output data graph after creating a user:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for creating a group, that is, an entity of Group entity type:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:cn>group1 </wim:cn> </wim:entities> </wim:Root> </sdo:datagraph>Ouput data graph after creating a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for adding a user to a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> <wim:members> <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:members> </wim:entities> </wim:Root> </sdo:datagraph>Output data graph after adding a user to a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for getting the members of a group with the GroupMemberControl:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> <wim:controls xsi:type="wim:PropertyControl"> <wim:properties>cn </wim:properties> </wim:controls> <wim:controls xsi:type="wim:GroupMemberControl"> <wim:properties>cn </wim:properties> <wim:properties>uid </wim:properties> </wim:controls> </wim:Root> </sdo:datagraph>Output data graph after getting the members of a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> <wim:cn>group1 </wim:cn> <wim:members xsi:type="wim:PersonAccount"> <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> <wim:uid>user1 </wim:uid> <wim:cn>user1cn </wim:cn> </wim:members> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for getting the groups to which a user belongs (group membership) with the GroupMembershipControl:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:entities> <wim:controls xsi:type="wim:GroupMembershipControl"> <wim:properties>cn </wim:properties> </wim:controls> </wim:Root> </sdo:datagraph>Output data graph after getting the groups to which a user belongs:<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> <wim:groups> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> <wim:cn>group1 </wim:cn> </wim:groups> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for removing a member from a group with the GroupMemberControl:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> <wim:members> <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:members> </wim:entities> <wim:controls xsi:type="wim:GroupMemberControl" modifyMode="3"/> </wim:Root> </sdo:datagraph>Output data graph after removing a member from a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for deleting a user:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities> <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:entities> <wim:controls xsi:type="wim:DeleteControl" returnDeleted="true"/> </wim:Root> </sdo:datagraph>Output data graph after deleting a user:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for deleting a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities> <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> <wim:controls xsi:type="wim:DeleteControl" returnDeleted="true"/> </wim:Root> </sdo:datagraph>Output data graph after deleting a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>
Parent topic: Sample code