4 Replies Latest reply: May 11, 2012 6:59 AM by tilemahos RSS

    addPrincipalToAppRole

    tilemahos
      Hi all,
      I am using Jdeveloper Studio Edition Version 11.1.1.5.0

      I want to add programmatically a user as a member to an application role.

      I' using the followng code

      ApplicationPolicy ap;
      ...
      ApplicationPolicySearchQuery aq= new ApplicationPolicySearchQuery (ApplicationPolicySearchQuery.SEARCH_PROPERTY.NAME,
      false, ComparatorType.EQUALITY, applicationName, BaseSearchQuery.MATCHER.EXACT);

      ap=ps.getApplicationPolicies(aq).get(0);

      User cu;
      ....
      ap.addPrincipalToAppRole(cu.getPrincipal(), RoleName);

      The applicationPolicy, User and Role are OK, but when I check the result of that action at the enterprise Manager (weblogic domain application roles)
      I see that the user is a member of the role but not as a user (second block) but as a role!(first block) with type 'Custom Role'
      what am I doing wrong?

      thank you in advance

      Tilemahos
        • 1. Re: addPrincipalToAppRole
          ADF Man
          Member class (or other properties) may be wrong.

          To debug that,

          1) Add the same user to the same role though em, and check what is the entry for that member in system-jazn-data.xml.
          2) Delete what you've done in Step 1
          3) Use your code to add the same user to the same role, and check what is the entry for that member in system-jazn-data.xml
          4) Check for differences between entries
          • 2. Re: addPrincipalToAppRole
            tilemahos
            Hi,
            I follow your advice I add user kk at prof_Grammateia role by my code (addPrincipalToAppRole) and user kk by em at prof_Admin the result at system-jazn-data.xml is


            <app-role>
            <name>prof_Admin</name>
            <display-name>προφίλ Διαχειριστή</display-name>
            <description>προφίλ Διαχειριστή</description>
            <guid>F943296D99EE11E1BF85F1D99776F2A4</guid>
            <class>oracle.security.jps.service.policystore.ApplicationRole</class>
            <members>
            <member>
            <class>weblogic.security.principal.WLSGroupImpl</class>
            <name>tmpAdmin</name>
            </member>
            <member>
            <class>weblogic.security.principal.WLSUserImpl</class>
            <name>bo_owner</name>
            </member>
            <member>
            <class>weblogic.security.principal.WLSUserImpl</class>
            <name>kk</name>
            </member>
            </members>
            </app-role>
            <app-role>
            <name>prof_Grammateia</name>
            <display-name>Προφίλ Γραμματείας</display-name>
            <description>Προφίλ Γραμματείας</description>
            <guid>F943296E99EE11E1BF85F1D99776F2A4</guid>
            <class>oracle.security.jps.service.policystore.ApplicationRole</class>
            <members>
            <member>
            <class>oracle.security.idm.providers.stdldap.LDUserPrincipal</class>
            <name>kk</name>
            </member>
            </members>
            </app-role>

            indeed the diference is at the member class it should be weblogic.security.principal.WLSUserImpl instead of oracle.security.idm.providers.stdldap.LDUserPrincipal

            but how can I fix that? the User class that i use as parameter to addPrincipalToAppRole is oracle.security.idm.User

            TIA
            Tilemahos
            • 3. Re: addPrincipalToAppRole
              ADF Man
              1. Create a WLSUserImpl / WLSGroupImpl instance from your user / role
              2. Pass that as pricipal parameter to the API
              //Example
              
               WLSUserImpl wUser = new WLSUserImpl(user.getName());
               addPrincipalToAppRole(wUser, roleName);
              You may need to add WLS security libs to import WLSUserImpl and WLSGroupImpl.


              HTH
              • 4. Re: addPrincipalToAppRole
                tilemahos
                It worked
                thank you very match

                Tilemahos