Security Software

---

This article by Oracle senior consultant Eduardo Ludovico illustrates how to modify Oracle Identity Manager to prodvide a user-friendly way to perform a bulk removal of users via a graphical interface.

---

By Eduardo Ludovico

December 2014

• Part 1
• Part 2

Introduction

I'm currently working with a customer who desires a number of modifications to Oracle Identity Manager (OIM) 11gR2PS2. One of the issues raised to me is that there was no user-friendly interface for revoking a role operation in a "bulk mode" by API only. At he moment, this can be done only by picking users one by one.

The problem was aggravated by a business requirement that the help desk team must assign and revoke the membership roles of dozens of users--and that is very time consuming.

I was asked to provide a way to remove a batch of users via a graphical interface. The requirement: instead of selecting users one by one, removal would be done in a bulk fashion mode that passes a list of users and roles to OIM at a single time.

Business Case

Consider the following business requirements:

1. The help desk staff need to assign and revoke many users of many different roles at the same time.
2. The help desk staff should accomplish these tasks using the UI.

Solution

To solve this issue, we’ll make a single fragmentation JSF page. We'll link two single buttons with the Public Task Flow, a new feature implemented in OIM11gR2PS2. You can find more details about Public Task Flow here: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV5424

To invoke the page that we prepare, we will include a new command button on the main page, under the Administration category.

The Result of our Approach

The new button will appear and should be used to call the new page.

On the new page, you can input the user login and role. If you need to assign many users to many roles, you can do so by adding a comma between the user login names or roles.

Considerations and Limitations

Questions about security, logging and performance are beyond the scope of this paper, so keep in mind that this customization is not ready to deploy in a production environment--it is only a starting point for development.

Preparing the Development Environment

Software Requirements

• JDeveloper Studio Edition Version 11.1.1.7.0
• Java(TM) Platform 1.6.0_24
• SOA Composite Editor 11.1.1.7.0.00.97
• BPMN Editor 11.1.1.7.0.0.97
• ADF Business Components 11.1.1.64.93

Create a new application

1. In JDeveloper, click New Application. A wizard form opens.
2. In Application Name, type UIBulkOperation.
3. In Application Template, select Generic Application.
4. Click Next.

5. In Project Name, type Project 1.

6. Click Finish.

Delete the new project

1. Right click on Project 1.
2. Click Delete Project.

3. Select Remove project and delete all of its contents(including source directories).

4. Click Yes.

Create a new ADF project

1. In JDeveloper, click File.
2. Select New. A wizard form opens.
3. In Categories, click General.
4. Click Projects.
5. In Items, click ADF ViewController Project.

6. Click OK. Another wizard form opens.
7. In Project Name, type UIBulkOperation.

8. Click Next. Another wizard form opens.
9. In Default Package, type br.com.oracle.ocs.view.
10. Click Finish.

Fixing Package Dependencies

The next set of steps describes how to add the following OIM libraries into your project:

|

<OIM_HOME>/server/modules/oracle.iam.ui.model_11.1.2/adflibCommonModel.jar

<OIM_HOME>/server/modules/oracle.iam.ui.view_11.1.2/adflibPlatformUI.jar

|

1. Right-click the project UIBulkOperation and click Project Properties.

_
_

2. A wizard form opens.

3. Click Libraries and Classpath.

4. Click Add JAR/ Directory.

5. Select the libraries adflibCommonModel.jar and adflibPlatformUI.jar.
6. Click OK.

Checkpoint

The application and the project should be ready to compile our project. The application should resemble the image below:

Creating the necessary classes

Creating the FaceUtils class

The FaceUtils class is featured in the customization use cases shown in the "Using Managed Beans" section of the “Fusion Middleware Developer's Guide for Oracle Identity Manager” development manual. This class contains various helper methods for re-rendering components, evaluating EL expressions, and accessing attributes through binding. The official reference is:

https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216

To create a new class FaceUtils:

1. Right-click in the project UIBulkOperation.
2. Click New.

In the wizard panel:

1. Click on General.
2. Select Java.
3. Select Java Class.
4. Click OK.

5. Another wizard form opens.

6. Name: FacesUtils.

7. Package: br.com.oracle.ocs.utils.

8. Click OK.

The new FacesUtils.java page will appear.

Copy and paste the source code available through the Oracle documentation link “Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager”: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216. in the new FacesUtil.java page that we have just created.

You must add ADF Model Runtime to the classpath to resolve the errors related to importing these packages.

Details here: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216

To add ADF Model Runtime to the project classpath:

1. Right-click the project and select Project Properties.
2. Click Libraries and Classpath.
3. Click Add Library.

4. Under Extension, select ADF Model Runtime.

5. Click OK.

Create the BulkOperationReqBean backingBean

To create the backingBean that will be responsible for revoking and assigning roles, do the following:

1. Right-click the project

2. Click New.

   **
   **

3. Under Categories, select Java.

4. Select Java Class and click OK.

   

5. Name: BulkOperationReqBean.

6. Package: br.com.oracle.ocs.view.

   

7. Click OK.

Include the import below:

import java.util.HashMap;

import java.util.Map;

import javax.faces.application.FacesMessage;

import javax.faces.event.ActionEvent;

import br.com.oracle.ocs.utils.FacesUtils;

Declare the variables:

private static final String TITULO_PRINCIPAL = "Operações em Lote";

private static final String TITULO_REMOVE = "Remove Atribuição";

private static final String TITULO_CONCEDE = "Concede Atribuição";

private static final String PAGINA_PRINCIPAL =
"/WEB-INF/UIBulkOpeation-task-flow-definition.xml#UIBulkOpeation-task-flow-definition";

private static final String PAGINA_REMOVE =
"/WEB-INF/oracle/iam/ui/taskflows/public/tfs/revoke-role-tf.xml#revoke-role-tf";

private static final String PAGINA_CONCEDE =
"/WEB-INF/oracle/iam/ui/taskflows/public/tfs/request-role-tf.xml#request-role-tf";

private static final String ICON_PRINCIPAL = "/images/request_ena.png";

private static final String ICON_CATALOG = "/images/catalog.png";

private static final String MSG_FALTA_ATRIBUICAO = "Nome da Role Necessária";

private static final String MSG_FALTA_NOME_ATRIBUICAO =
"É necessário preencher o campo Atribuições.";

private String userLogins;

private String roleNames;

The method that should show the page is:

public void apresentaTaskFlow(ActionEvent actionEvent) {

        Map params = new HashMap();

        FacesUtils.launchTaskFlow(TITULO\_PRINCIPAL, PAGINA\_PRINCIPAL,

        TITULO\_PRINCIPAL, ICON\_PRINCIPAL,

        "description", "helpTopicId", false, params);

        }

The method that should revoke the role is:

        public void executaRemoveRoles(ActionEvent actionEvent) {

        if (roleNames != null && !roleNames.equals("")) {

        Map params = new HashMap();

        params.put("roleNames", roleNames);

        params.put("userLogins", userLogins);

        FacesUtils.launchTaskFlow(TITULO\_REMOVE, PAGINA\_REMOVE,

        TITULO\_REMOVE, ICON\_CATALOG,

         "description", "helpTopicId", false,

        params);

        } else {

        FacesMessage fm = new FacesMessage(FacesMessage.SEVERITY\_ERROR,

        MSG\_FALTA\_ATRIBUICAO,

        MSG\_FALTA\_NOME\_ATRIBUICAO);

        FacesUtils.showFacesMessage(fm);

        }

        }

This method that should assign the role is:

        public void executaConcedeRoles(ActionEvent actionEvent) {

        if (roleNames != null && !roleNames.equals("")) {

        Map params = new HashMap();

        params.put("roleNames", roleNames);

        params.put("userLogins", userLogins);

        FacesUtils.launchTaskFlow(TITULO\_CONCEDE, PAGINA\_CONCEDE,

        TITULO\_CONCEDE, ICON\_CATALOG,

        "description", "helpTopicId", false,

        params);

        } else {

        FacesMessage fm = new FacesMessage(FacesMessage.SEVERITY\_ERROR,

        MSG\_FALTA\_ATRIBUICAO,

        MSG\_FALTA\_NOME\_ATRIBUICAO);

        FacesUtils.showFacesMessage(fm);

        }

        }

Don't forget the setters and getters:

        public void setUserLogins(String userLogins) {

        this.userLogins = userLogins;

        }

        

        public String getUserLogins() {

        return userLogins;

        }

        

        public void setRoleNames(String roleNames) {

        this.roleNames = roleNames;

        }

        

        public String getRoleNames() {

        return roleNames;

        }

Register the backingBean

1. Click adfc-config.xml
2. Click Managed Beans.
3. Click on the “**+**” sign on the right-hand side.
4. In Name* field, type bulkOperationsReqBean.
5. In Class* field, type br.com.oracle.ocs.view.BulkOperationReqBean.
6. In Scope* field, type backingBean.

Checkpoint

1. Click Project: BulkOperationsUI.
2. Click Rebuild UIBulkOperation.jpr.

Our goal at this point is to build an application without errors or warnings.

Creating and configuring a new JSF page

Creating a new JSF page

1. Right click on the project UIBulkOperation.
2. Click New.
3. Click General.
4. Under Web Tier, select JSF.
5. Under Items, select JSF Page Fragment.

6. Click OK.
7. In the File Name field, type UIBulkOperationPage.jsff.

8. Click OK.
9. The system will generate a new page automaticly into right place

Configure a new JSF page

1. Under Projects>>UIBulkOperation>>Web Content, click the UIBulkOperationPage.jsff. The page will appear.
2. On the Page side, click on the Source tab.

3. Copy and paste the source code bellow into the new UIBulkOperationPage.jsf page:

<?xml version='1.0' encoding='UTF-8'?>

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"

 xmlns:af="[http://xmlns.oracle.com/adf/faces/rich](http://xmlns.oracle.com/adf/faces/rich)">   

<af:panelGroupLayout id="pgl1" layout="horizontal">

<af:panelGroupLayout id="pgl2" layout="horizontal">

<af:showDetail disclosed="true" id="sd1" disclosedText="Bulk Operation">

 \<af:spacer width="10" height="10" id="s1"/>         

 \<af:panelGroupLayout id="pgl6">           

 \<af:panelGroupLayout id="pgl3" layout="horizontal"

           inlineStyle="width:551px;">             

 \<af:inputText label="Login(s)" id="it1"

          value="#{backingBeanScope.bulkOperationsReqBean.userLogins}"/>             

 \<af:panelGroupLayout id="pgl4">               

 \<af:inputText label="Atribuições" id="it2"

          value="#{backingBeanScope.bulkOperationsReqBean.roleNames}"/>             

 \</af:panelGroupLayout>          

 \</af:panelGroupLayout>           

 \<af:spacer width="10" height="10" id="s3"/>           

 \<af:panelGroupLayout id="pgl5" layout="horizontal" halign="right"                                       inlineStyle="width:522px;" valign="middle">             

 \<af:commandButton text="Remove Roles" id="cb1"

actionListener="#{backingBeanScope.bulkOperationsReqBean.executaRemoveRoles}"/>

 \<af:spacer width="10" height="10" id="s2"/>             

 \<af:commandButton text="Concede Roles" id="cb2"

actionListener="#{backingBeanScope.bulkOperationsReqBean.executaConcedeRoles}"/>

 \</af:panelGroupLayout>         

\</af:panelGroupLayout>         

\<af:checkUncommittedDataBehavior/>       

</af:showDetail>

</af:panelGroupLayout>

</af:panelGroupLayout>

</jsp:root>

Checkpoint

Let's check out what our new page looks like.

1. On the Page side, click on the Preview tab. You should see the new page.

   

>> Continue to Part 2 >>