Skip to Main Content
Forums

Security Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Oracle Identity Manager 11gR2PS2 UI Bulk Role Operations - Part 1

Eduardo Ludovico-OracleJan 23 2015 — edited Sep 18 2015

This article by Oracle senior consultant Eduardo Ludovico illustrates how to modify Oracle Identity Manager to prodvide a user-friendly way to perform a bulk removal of users via a graphical interface.

By Eduardo Ludovico

December 2014

Introduction

I'm currently working with a customer who desires a number of modifications to Oracle Identity Manager (OIM) 11gR2PS2. One of the issues raised to me is that there was no user-friendly interface for revoking a role operation in a "bulk mode" by API only. At he moment, this can be done only by picking users one by one.

The problem was aggravated by a business requirement that the help desk team must assign and revoke the membership roles of dozens of users--and that is very time consuming.

I was asked to provide a way to remove a batch of users via a graphical interface. The requirement: instead of selecting users one by one, removal would be done in a bulk fashion mode that passes a list of users and roles to OIM at a single time.

Business Case

Consider the following business requirements:

  1. The help desk staff need to assign and revoke many users of many different roles at the same time.
  2. The help desk staff should accomplish these tasks using the UI.

Solution

To solve this issue, we’ll make a single fragmentation JSF page. We'll link two single buttons with the Public Task Flow, a new feature implemented in OIM11gR2PS2. You can find more details about Public Task Flow here: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/uicust.htm#OMDEV5424

To invoke the page that we prepare, we will include a new command button on the main page, under the Administration category.

The Result of our Approach

The new button will appear and should be used to call the new page.

002-tearoff.png

On the new page, you can input the user login and role. If you need to assign many users to many roles, you can do so by adding a comma between the user login names or roles.

imagem 61-tear-off-en.png

Considerations and Limitations

Questions about security, logging and performance are beyond the scope of this paper, so keep in mind that this customization is not ready to deploy in a production environment--it is only a starting point for development.

Preparing the Development Environment

Software Requirements

  • JDeveloper Studio Edition Version 11.1.1.7.0
  • Java(TM) Platform 1.6.0_24
  • SOA Composite Editor 11.1.1.7.0.00.97
  • BPMN Editor 11.1.1.7.0.0.97
  • ADF Business Components 11.1.1.64.93

Create a new application

  1. In JDeveloper, click New Application. A wizard form opens.
  2. In Application Name, type UIBulkOperation.
  3. In Application Template, select Generic Application.
  4. Click Next.

ludoviao-odi-part-1-fig04.png

  1. In Project Name, type Project 1.

  2. Click Finish.

ludoviao-odi-part-1-fig05.png

Delete the new project

  1. Right click on Project 1.
  2. Click Delete Project.

Imagem 04a-skits-tearoff.png

  1. Select Remove project and delete all of its contents(including source directories).

  2. Click Yes.

Imagem 04b.png

Create a new ADF project

  1. In JDeveloper, click File.
  2. Select New. A wizard form opens.
  3. In Categories, click General.
  4. Click Projects.
  5. In Items, click ADF ViewController Project.

ludoviao-odi-part-1-fig09.png

  1. Click OK. Another wizard form opens.
  2. In Project Name, type UIBulkOperation.

ludoviao-odi-part-1-fig10.png

  1. Click Next. Another wizard form opens.
  2. In Default Package, type br.com.oracle.ocs.view.
  3. Click Finish.

ludoviao-odi-part-1-fig11.png

Fixing Package Dependencies

The next set of steps describes how to add the following OIM libraries into your project:

|

<OIM_HOME>/server/modules/oracle.iam.ui.model_11.1.2/adflibCommonModel.jar

<OIM_HOME>/server/modules/oracle.iam.ui.view_11.1.2/adflibPlatformUI.jar

|

  1. Right-click the project UIBulkOperation and click Project Properties.

_imagem 100atearoff.png
_

  1. A wizard form opens.

  2. Click Libraries and Classpath.

  3. Click Add JAR/ Directory.

ludoviao-odi-part-1-fig13.png

  1. Select the libraries adflibCommonModel.jar and adflibPlatformUI.jar.
  2. Click OK.

ludoviao-odi-part-1-fig14.png

Checkpoint

The application and the project should be ready to compile our project. The application should resemble the image below:

ludoviao-odi-part-1-fig15.png

Creating the necessary classes

Creating the FaceUtils class

The FaceUtils class is featured in the customization use cases shown in the "Using Managed Beans" section of the “Fusion Middleware Developer's Guide for Oracle Identity Manager” development manual. This class contains various helper methods for re-rendering components, evaluating EL expressions, and accessing attributes through binding. The official reference is:

https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216

To create a new class FaceUtils:

  1. Right-click in the project UIBulkOperation.
  2. Click New.

Imagem 120-skitch-tearoff.png

In the wizard panel:

  1. Click on General.
  2. Select Java.
  3. Select Java Class.
  4. Click OK.

image002.png

  1. Another wizard form opens.

  2. Name: FacesUtils.

  3. Package: br.com.oracle.ocs.utils.

  4. Click OK.

image003.png

The new FacesUtils.java page will appear.

Copy and paste the source code available through the Oracle documentation link “Oracle Fusion Middleware Developer's Guide for Oracle Identity Manager”: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216. in the new FacesUtil.java page that we have just created.

You must add ADF Model Runtime to the classpath to resolve the errors related to importing these packages.

Details here: https://docs.oracle.com/cd/E40329_01/dev.1112/e27150/facesutils.htm#OMDEV5216

To add ADF Model Runtime to the project classpath:

  1. Right-click the project and select Project Properties.
  2. Click Libraries and Classpath.
  3. Click Add Library.

image005.png

  1. Under Extension, select ADF Model Runtime.

image006.png

  1. Click OK.

Create the BulkOperationReqBean backingBean

To create the backingBean that will be responsible for revoking and assigning roles, do the following:

  1. Right-click the project

  2. Click New.

    **Imagem 120-skitch-tearoff.png
    **

  3. Under Categories, select Java.

  4. Select Java Class and click OK.

    image007.png

  5. Name: BulkOperationReqBean.

  6. Package: br.com.oracle.ocs.view.

    image008.png

  7. Click OK.

Include the import below:

import java.util.HashMap;

import java.util.Map;

import javax.faces.application.FacesMessage;

import javax.faces.event.ActionEvent;

import br.com.oracle.ocs.utils.FacesUtils;

Declare the variables:

private static final String TITULO_PRINCIPAL = "Operações em Lote";

private static final String TITULO_REMOVE = "Remove Atribuição";

private static final String TITULO_CONCEDE = "Concede Atribuição";

private static final String PAGINA_PRINCIPAL =
"/WEB-INF/UIBulkOpeation-task-flow-definition.xml#UIBulkOpeation-task-flow-definition";

private static final String PAGINA_REMOVE =
"/WEB-INF/oracle/iam/ui/taskflows/public/tfs/revoke-role-tf.xml#revoke-role-tf";

private static final String PAGINA_CONCEDE =
"/WEB-INF/oracle/iam/ui/taskflows/public/tfs/request-role-tf.xml#request-role-tf";

private static final String ICON_PRINCIPAL = "/images/request_ena.png";

private static final String ICON_CATALOG = "/images/catalog.png";

private static final String MSG_FALTA_ATRIBUICAO = "Nome da Role Necessária";

private static final String MSG_FALTA_NOME_ATRIBUICAO =
"É necessário preencher o campo Atribuições.";

private String userLogins;

private String roleNames;

The method that should show the page is:

public void apresentaTaskFlow(ActionEvent actionEvent) {

        Map params = new HashMap();

        FacesUtils.launchTaskFlow(TITULO\_PRINCIPAL, PAGINA\_PRINCIPAL,

        TITULO\_PRINCIPAL, ICON\_PRINCIPAL,

        "description", "helpTopicId", false, params);

        }

The method that should revoke the role is:

        public void executaRemoveRoles(ActionEvent actionEvent) {

        if (roleNames != null && !roleNames.equals("")) {

        Map params = new HashMap();

        params.put("roleNames", roleNames);

        params.put("userLogins", userLogins);

        FacesUtils.launchTaskFlow(TITULO\_REMOVE, PAGINA\_REMOVE,

        TITULO\_REMOVE, ICON\_CATALOG,

         "description", "helpTopicId", false,

        params);

        } else {

        FacesMessage fm = new FacesMessage(FacesMessage.SEVERITY\_ERROR,

        MSG\_FALTA\_ATRIBUICAO,

        MSG\_FALTA\_NOME\_ATRIBUICAO);

        FacesUtils.showFacesMessage(fm);

        }

        }

This method that should assign the role is:

        public void executaConcedeRoles(ActionEvent actionEvent) {

        if (roleNames != null && !roleNames.equals("")) {

        Map params = new HashMap();

        params.put("roleNames", roleNames);

        params.put("userLogins", userLogins);

        FacesUtils.launchTaskFlow(TITULO\_CONCEDE, PAGINA\_CONCEDE,

        TITULO\_CONCEDE, ICON\_CATALOG,

        "description", "helpTopicId", false,

        params);

        } else {

        FacesMessage fm = new FacesMessage(FacesMessage.SEVERITY\_ERROR,

        MSG\_FALTA\_ATRIBUICAO,

        MSG\_FALTA\_NOME\_ATRIBUICAO);

        FacesUtils.showFacesMessage(fm);

        }

        }

Don't forget the setters and getters:

        public void setUserLogins(String userLogins) {

        this.userLogins = userLogins;

        }

        

        public String getUserLogins() {

        return userLogins;

        }

        

        public void setRoleNames(String roleNames) {

        this.roleNames = roleNames;

        }

        

        public String getRoleNames() {

        return roleNames;

        }

Register the backingBean

  1. Click adfc-config.xml
  2. Click Managed Beans.
  3. Click on the “**+**” sign on the right-hand side.
  4. In Name* field, type bulkOperationsReqBean.
  5. In Class* field, type br.com.oracle.ocs.view.BulkOperationReqBean.
  6. In Scope* field, type backingBean.

Îmagem105.png

Checkpoint

  1. Click Project: BulkOperationsUI.
  2. Click Rebuild UIBulkOperation.jpr.

001a01-tearoff.png

001b01-tearoff.png

Our goal at this point is to build an application without errors or warnings.

Creating and configuring a new JSF page

Creating a new JSF page

  1. Right click on the project UIBulkOperation.
  2. Click New.
  3. Click General.
  4. Under Web Tier, select JSF.
  5. Under Items, select JSF Page Fragment.

image003.png

  1. Click OK.
  2. In the File Name field, type UIBulkOperationPage.jsff.

image005.png

  1. Click OK.
  2. The system will generate a new page automaticly into right place

Configure a new JSF page

  1. Under Projects>>UIBulkOperation>>Web Content, click the UIBulkOperationPage.jsff. The page will appear.
  2. On the Page side, click on the Source tab.

image007.png

  1. Copy and paste the source code bellow into the new UIBulkOperationPage.jsf page:

<?xml version='1.0' encoding='UTF-8'?>

<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"

 xmlns:af="[http://xmlns.oracle.com/adf/faces/rich](http://xmlns.oracle.com/adf/faces/rich)">

<af:panelGroupLayout id="pgl1" layout="horizontal">

<af:panelGroupLayout id="pgl2" layout="horizontal">

<af:showDetail disclosed="true" id="sd1" disclosedText="Bulk Operation">

 \<af:spacer width="10" height="10" id="s1"/>         

 \<af:panelGroupLayout id="pgl6">           

 \<af:panelGroupLayout id="pgl3" layout="horizontal"

           inlineStyle="width:551px;">             

 \<af:inputText label="Login(s)" id="it1"

          value="#{backingBeanScope.bulkOperationsReqBean.userLogins}"/>             

 \<af:panelGroupLayout id="pgl4">               

 \<af:inputText label="Atribuições" id="it2"

          value="#{backingBeanScope.bulkOperationsReqBean.roleNames}"/>             

 \</af:panelGroupLayout>          

 \</af:panelGroupLayout>           

 \<af:spacer width="10" height="10" id="s3"/>           

 \<af:panelGroupLayout id="pgl5" layout="horizontal" halign="right"                                       inlineStyle="width:522px;" valign="middle">             

 \<af:commandButton text="Remove Roles" id="cb1"

actionListener="#{backingBeanScope.bulkOperationsReqBean.executaRemoveRoles}"/>

 \<af:spacer width="10" height="10" id="s2"/>             

 \<af:commandButton text="Concede Roles" id="cb2"

actionListener="#{backingBeanScope.bulkOperationsReqBean.executaConcedeRoles}"/>

 \</af:panelGroupLayout>         

\</af:panelGroupLayout>         

\<af:checkUncommittedDataBehavior/>

</af:showDetail>

</af:panelGroupLayout>

</af:panelGroupLayout>

</jsp:root>

Checkpoint

Let's check out what our new page looks like.

  1. On the Page side, click on the Preview tab. You should see the new page.

    Imagem 107.png

>> Continue to Part 2 >>

Comments

Dude!

A1) Multithreading employs the concept of parallel process execution. You can find in hardware and software. SMT is about hardware multithreading.

A2) Multithreading concepts are used on all modern computer platforms.

A3) Multitasking is about processes sharing common resources, such as a CPU. The most common is preemptive multitasking, where the OS decides how much CPU time gets allocated to individual processes. Multithreading extends the idea of multitasking into applications, OS and hardware. Multitasking allows a process to subdivide specific operations into individual sub-processes or threads that can run in parallel.

A4) Multitasking and multithreading are concepts that can run on a single CPU. However, a process can only run on a specific CPU at a time. A single process can not execute on multiple CPU's. In order to take advantage of multiple CPU's, multiple processes or threaded operations are required.

A5) The difference between, e.g. dual CPU and dual core is hardware. Dual core, for example, means 2 CPU's in one physical CPU unit, whereas dual CPU's mean duplicate hardware, such as CPU sockets and CPU bus. Multi-core architecture is cheaper because it requires less hardware and less power, and has other advantages in terms of resource sharing, but also has it's disadvantages, like less hardware redundancy, for example.

A6) Multithreading is not a feature or concept that only applies to CPU architecture, but also software. Multithreading can be used on a single CPU as well as separating processes among multiple CPU's.

Jimbo

Thanks.

Q1. So will modern processors automatically multithread processes or do you have to specifically set or configure the processor to do this ?

Q2. I presume if your multi threading is at the hardware level this is really a combination of the processor / OS i.e. it is not transparent to the OS ? Therefore is Unix, Linux and Windows OS's that natively use multi threading ( or do you have to specifically enable it, depending on whether the underlying processor can support multi threading ) ?

Q3. So is there a difference between OS level multi threading and application /coding level multi threading ?

Q4. Are OS level and Application / Code level multi threading independent of each other ? i.e. if you are going to use Application / Code level multi threading must you have a processor / OS that is capable of multi threading ? Is it possible to have multi threading at your application / coding level on a system that has a processor that itself does not multi thread - if so how is this different from the concept of parallel processing on any multi user / process system ?

Q5. Does your code / application have to use specific libraries / procedures etc in order to multi thread i.e. is it a specific type of coding that facilitates application / code level multi threading ?

thanks,

Jim

Dude!

I'm afraid your questions are too complex to be answered individually. As far as I understand, processes are a logical software construct that have no meaning for the CPU as such. On the CPU level, multithreading is typically achieved by multiplexing and context switching, which gives only the impression of running parallel tasks. However, I'm not a CPU designer and I suggest to look for information on the web.

Multithreading implemented by the OS or application does not necessarily depend on the CPU or number of CPU's like I previously mentioned, except that the system needs to be powerful enough to be able to handle parallel tasks. Hardware can provide support that can be beneficial for threaded tasks and may require appropriate software and drivers. Perhaps synchronous vs. asynchronous non-blocking I/O would be a good example.

To implement multithreading, the application and OS must support the concept of running parallel tasks and provide the appropriate code. For example, to copy one file at the time or be able to submit several parallel file copy tasks at once. In all cases, the application and OS need to be able to compute and manage the individual tasks or processes, manage file system integrity and to recover and provide information about errors.

From the perspective of an application programmer, multithreading is a concept that requires appropriate software or programming library support. Some of libraries are cross-platform. http://www.gnu.org/software/pth/related.html

Btw, do you need this information for something specific or is this just general interest?

Jimbo

Thanks Dude,

I was really trying to discern if both Unix and Windows as OS's were multi thread capable, out of the box or if there is something special you have to set up to make them multi thread

It then struck me that I didn't quite understand multi threading as well as I thought I did !

I was confused because there seemed to be different references about multi threading by a processor, multi processing by the OS and multi threading by code / applications and the 3 seemed to be presented as different concepts. I am still not sure if the processor and OS level multi threading is effectively the same concept ?

I was also confused about what the difference was between multi threading at the processor level and the old CPU concepts I learned about multi tasking i.e. round robin time slicing etc ?

thanks,

Jim

Dude!

Multi-processing and multi-threading is all about parallel processing. Multi-processing or multi-threading does however not mean you need multiple processors or CPU's. You can also do multi-processing or threading on a single CPU or single-core, in which case the CPU is switching between the processes or threads in a timely fashion to make it seem like parallel processing. This is called Context Switching and most modern system use a CPU scheduling in a round-robin fashion.

Multi-process means separate processes in the system process table. Multi-threaded means threads associated with a process, which share the same address space. To see threads in Unix or Linux, you can use the "ps" command with the "-L" option.

There is nothing you have to do to make Windows or Linux multithreading. Every modern OS provides the necessary support. Whether an application is multi-threaded, depends on the application.  Oracle database introduced a new multi-process multi-threaded architecture for Unix and Linux in 12c. https://docs.oracle.com/database/121/CNCPT/process.htm#CNCPT1245.


In some tests, memory usage was almost divided by half when using multi-process multi- threaded feature. The default in Oracle 12c is not multi-threaded, but you can enable it:

SQL> ALTER SYSTEM SET threaded_execution=true SCOPE=SPFILE;


Perhaps what you might also want to keep in mind is that a single process or single thread can only run on a single CPU or core at a time. Or said differently, a single process or single thread cannot take advantage of mulitple CPU's or multi-core architecture.

Jimbo

Thanks Dude that is all very interesting.

I guess I need to know more about the evolution of CPUs. Multi Processing has been around for as long as there have been multi user based operating systems - right back to the days of main frame technology. This is why I was aware of the concepts of round robin time slicing etc - I presume Context Switch refers to how the CPUs dealt with multi processing and Multi Threading as opposed to just how it deals with threads ?

So I guess the old multiprocessing CPU scheduling systems such as Round Robin are also referred to as Context Switching ?

I guess some where along the line, the various processors introduced the concept of Multi Threading - I know Intel introduced it as SMT back in 2002 for their Pentium 4 processor, I am not sure if the big RISC based processors from the likes of Sun, IBM, HP etc introduced it before or after Intel ?

I am also not sure if the arrival of multi threading was firstly just for OS processes and then alter it was expanded to allow end user applications / code to multi thread or if end user applications were able to avail of it from day 1 of its introduction - again more history !

Oracle is also an interesting story - prior to 12c I knew their RDBMS software did not make use of any underlying multi threading capability of the host OS, instead they had their own sort of deployment of multi threading through their Multi Threaded Server ( MTS ) deployed via their Oracle Net layer, where basically a Dispatcher process allowed multiple end user processes to share a single backend database server process. However from 12c as you point out, the RDBMS can now make use of any native OS level multi threading. I must check if this means that MTS is dead from 12c onwards or if it still could be used ( for whatever obscure reason )

thanks,

Jim


Dude!

I would not necessariliy draw a direct connection between multi-threading, multi-processing, multi-user, multi-core and the way how CPU's work. There is a lot of "multi" and some of the features benefit from each other, but the concepts do not depend on each other and were based on individual development and what was techncially feasible or requried at a certain time.

1 - 7

Post Details

Added on Jan 23 2015
#identity-management, #identity-manager, #legacy-documents
1 comment
5,797 views