Accessing User Manager API through BeanShell Scripts
Problem
When creating a process, many a times need arises to use the User Manager APIs, e.g. Creating domain/user/groups, authenticating users, assigning roles, etc The UserLookUp service(Foundation -> UserLookUp 1.0) does help, but it caters to only few operations of User Manager, i.e. Find User, Find Users, Find Group, Find Groups, findGroupMembers.
Solution
Alternatively, you can make use of the User Manager APIs via Bean Shell script(Foundation->Execute Script - 1.0). I've tried to list down some basic examples of how to use the 3 main services exposed by User Manager, via Bean Shell Scripting, i.e. DirectoryManager Service,AuthenticationManager Service and AuthorizationManager Service.
Detailed explanation
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import com.adobe.idp.dsc.clientsdk.ServiceClientFactory;
import com.adobe.idp.um.api.AuthenticationManager;
import com.adobe.idp.um.api.AuthorizationManager;
import com.adobe.idp.um.api.DirectoryManager;
import com.adobe.idp.um.api.UMException;
import com.adobe.idp.um.api.impl.UMBaseLibrary;
import com.adobe.idp.um.api.infomodel.AuthResult;
import com.adobe.idp.um.api.infomodel.Domain;
import com.adobe.idp.um.api.infomodel.Group;
import com.adobe.idp.um.api.infomodel.GroupMembershipSearchFilter;
import com.adobe.idp.um.api.infomodel.Principal;
import com.adobe.idp.um.api.infomodel.Role;
import com.adobe.idp.um.api.infomodel.User;
import com.adobe.livecycle.usermanager.client.AuthenticationManagerServiceClient;
import com.adobe.livecycle.usermanager.client.AuthorizationManagerServiceClient;
import com.adobe.livecycle.usermanager.client.DirectoryManagerServiceClient;
ServiceClientFactory scf = ServiceClientFactory.createInstance();
// Create a DirectoryManager instance
DirectoryManager directoryManager = new DirectoryManagerServiceClient(scf);
//
Create a Local Domain
Domain domain = UMBaseLibrary.createDomain(domainName);
domain.setDomainCommonName(domainCommonName);
directoryManager.createDomain(domain);
//
Create a Local User
User user = UMBaseLibrary.createUser(userCanonicalName, domainName, userId);
user.setEmail(emailAddress);
String userOid = directoryManager.createLocalUser(user, password);
//
Create a Local Group
Group group = UMBaseLibrary.createGroup(groupCanonicalName, domainName, Group.GROUPTYPE_PRINCIPALS);
group.setDescription(description);
String groupOid = directoryManager.createLocalGroup(group);
//
Make a Local User, Member of a Local Group
directoryManager.addPrincipalToLocalGroup(userOid, groupOid);
//
Search for Group Membership
GroupMembershipSearchFilter gsf=new GroupMembershipSearchFilter();
gsf.setGroupOid(groupOid);
gsf.setResultsMax(100);
gsf.setSearchLevel(MULTI_LEVEL_SEARCH);
List principals = new ArrayList();
principals = directoryManager.findGroupMembers(gsf);
for(Principal principal:principals){
User searchedUser = (User)principal;
if(userOid.equals(searchedUser.getOid())){
// verified that the user is a member of the group
}
}
// Create a AuthenticationManager instance
AuthenticationManager authenticationManager = new AuthenticationManagerServiceClient(scf);
//
Authenticate a Local User
AuthResult authResult = authenticationManager.authenticate(userId,password.getBytes());
User user = authResult.getAuthenticatedUser();
if(user.getUserid().equals(userId)){
// verified that the authenticated user is the one we're looking for.
}
// Create a AuthorizationManager instance
AuthorizationManager authorizationManager = new AuthorizationManagerServiceClient(scf);
//
Create a Role
Role role = UMBaseLibrary.createRole(roleId);
role.setName(roleName);
role.setDescription(description);
role.setMutableStatus(true);
authorizationManager.createRole(role);
//
Assing a Role to a Group
authorizationManager.assignRole(roleId,new String[]{groupOid});
// Since the User is a Member of the Group, hence the Role will be inherited
// Now,
verify if the User has a Role
if(authorizationManager.isUserInRole(roleId, userOid)) {
// verified that the Role is assigned to/inherited by the User
}
You can try more of these User Manager APIs by referring to,
http://livedocs.adobe.com/livecycle/es/sdkHelp/programmer/javadoc/com/adobe/livecycle/usermanager/client/package-detail.html
+
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License. Permissions beyond the scope of this license, pertaining to the examples of code included within this work are available at Adobe.
