info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
ITIM: Using Web Services to modify an account
1,731 views
Skip to first unread message
steven....@gmail.com
Jun 3, 2014, 11:27:58 AM6/3/14
to
Hello,
I am trying to create an ITDI feed where it will take information from a .csv file and then use Web Services to call the Modify Account (SAP) within ITIM. I have located the .wsdl and have already created the .jar file from a Complex Types Generator, saving it to the {TDI_HOME}/jar folder. I can make a successful connection with my AxisEasyInvokeSoapWebServiceFunctionComponent and so, so far so good, in my opinion.
The next step is to give the 4 parameter values in the Output Map, correct? This code below is from the ModifyAccount.java:
public ModifyAccount(WSSession wssession, String s, WSAttribute awsattribute[], Calendar calendar)
This is where I am unsure what to pass as values. I just want to have a simple Web Service call right now that will modify an account that I will specific in the ITDI manually in perhaps a Script Node.
Any help would be appreciated as this has been mostly self-taught and with a lot of trial & error. I am wondering if I am even on the right path. Thank you in advance.
- Steven
I am trying to create an ITDI feed where it will take information from a .csv file and then use Web Services to call the Modify Account (SAP) within ITIM. I have located the .wsdl and have already created the .jar file from a Complex Types Generator, saving it to the {TDI_HOME}/jar folder. I can make a successful connection with my AxisEasyInvokeSoapWebServiceFunctionComponent and so, so far so good, in my opinion.
The next step is to give the 4 parameter values in the Output Map, correct? This code below is from the ModifyAccount.java:
public ModifyAccount(WSSession wssession, String s, WSAttribute awsattribute[], Calendar calendar)
This is where I am unsure what to pass as values. I just want to have a simple Web Service call right now that will modify an account that I will specific in the ITDI manually in perhaps a Script Node.
Any help would be appreciated as this has been mostly self-taught and with a lot of trial & error. I am wondering if I am even on the right path. Thank you in advance.
- Steven
@ErikSorensen
Jun 3, 2014, 4:23:29 PM6/3/14
to
I know what you are going through :) I've found that examining the .jar in JD GUI (http://java.decompiler.free.fr/jd-gui/downloads) made it very easy to figure out the method signatures and stuff. The names of the output maps and connection tab params are case sensitive.
Anyway, first I usually have a WS function component called "Login" or something configured as follows, which just sets up the session:
1) Connection Tab
wsdl url:
http://tim_host:9080/ITIMWebServices/services/WSItimService?wsdl
soap operation:
login
operation parameters:
Login
fill in username + password
complex types:
com.ibm.itim.ws.services.Login
com.ibm.itim.ws.services.LoginResponse
2) Output Map (1 attrib)
name: Login
value:
com.ibm.itim.ws.services.Login("user", "password")
3) Input Map (1 attrib)
name: return
value:
// get the WSSession out of the LoginResponse
var login_response = conn["return"].getValue(0)
var session = login_response.getLoginReturn();
----
At this point we have a WSSession ("session" variable) that we can pass along in subsequent web service calls. Now, create a second connector for the modify account step... you'll have to change the operation and complex types. I've never modified an account directly (not sure if that is the recommended way to do things...) - so I'll include my example of adding a role to a person.
---
1) Connection Tab
wsdl url:
http://tim_host:9080/ITIMWebServices/services/WSItimService?wsdl
soap operation:
addRole
operation parameters:
addRole
fill in username + password
complex types:
com.ibm.itim.ws.services.AddRole
com.ibm.itim.ws.services.AddRoleResponse
2) Output Map
name: AddRole
value:
// we have the session from earlier
now = java.util.Calendar.getInstance();
person = work.getString("DN") // this is the TIM DN of the person
role = "erglobalid=6994025467228761794,ou=roles,erglobalid=00000000000000000000,ou=company,dc=com"; // however you want to get the TIM DN of the role... don't hardcode
// send this to the web service
com.ibm.itim.ws.services.AddRole(session, person, role, now);
3) Input Map
name: returnAddRole
value:
conn["return"] // I didn't really do anything with it
Anyway, first I usually have a WS function component called "Login" or something configured as follows, which just sets up the session:
1) Connection Tab
wsdl url:
http://tim_host:9080/ITIMWebServices/services/WSItimService?wsdl
soap operation:
login
operation parameters:
Login
fill in username + password
complex types:
com.ibm.itim.ws.services.Login
com.ibm.itim.ws.services.LoginResponse
2) Output Map (1 attrib)
name: Login
value:
com.ibm.itim.ws.services.Login("user", "password")
3) Input Map (1 attrib)
name: return
value:
// get the WSSession out of the LoginResponse
var login_response = conn["return"].getValue(0)
var session = login_response.getLoginReturn();
----
At this point we have a WSSession ("session" variable) that we can pass along in subsequent web service calls. Now, create a second connector for the modify account step... you'll have to change the operation and complex types. I've never modified an account directly (not sure if that is the recommended way to do things...) - so I'll include my example of adding a role to a person.
---
1) Connection Tab
wsdl url:
http://tim_host:9080/ITIMWebServices/services/WSItimService?wsdl
soap operation:
addRole
operation parameters:
addRole
fill in username + password
complex types:
com.ibm.itim.ws.services.AddRole
com.ibm.itim.ws.services.AddRoleResponse
2) Output Map
name: AddRole
value:
// we have the session from earlier
now = java.util.Calendar.getInstance();
person = work.getString("DN") // this is the TIM DN of the person
role = "erglobalid=6994025467228761794,ou=roles,erglobalid=00000000000000000000,ou=company,dc=com"; // however you want to get the TIM DN of the role... don't hardcode
// send this to the web service
com.ibm.itim.ws.services.AddRole(session, person, role, now);
3) Input Map
name: returnAddRole
value:
conn["return"] // I didn't really do anything with it
Franzw
Jun 4, 2014, 2:47:10 AM6/4/14
to
Just because ISIM exposes a WS API it does not necessarily mean that this is the best for all purposes - in most "local" (i.e. things you run within your closed environment) situations there is no idea to add the overhead and complexity of the WS API. The situation is different if you work across domain boundaries.
I know that in past time it required a PhD and some black magic to get the Java API running - but that has been resolved by this Technote : http://www-01.ibm.com/support/docview.wss?uid=swg21659565
You may have to import certificates from the WebSphere server to the TDI keystore also (you should protect the login running over SSL).
HTH
Regards
Franz Wolfhagen
steven....@gmail.com
Jun 4, 2014, 10:33:30 AM6/4/14
to
Franz, I agree with you that it would be easier with the Java APIs. We already have this in place to do other work for us with ITIM. No PhD or black magic needed! However, we wanted to use ITDI to do this work, it gives us more flexibility going forward. As for myself, consider it as a personal challenge to do it as well.
Erik, thank you for your detailed example! It is very much appreciated and I am excited to try it out today. I will keep you posted!
Thank you,
- Steven
Erik, thank you for your detailed example! It is very much appreciated and I am excited to try it out today. I will keep you posted!
Thank you,
- Steven
steven....@gmail.com
Jun 4, 2014, 2:31:52 PM6/4/14
to
Erik,
Amazing! I got it to work with your example and so now I will be able to customize it to my needs.
Thank you again!
- Steven
Amazing! I got it to work with your example and so now I will be able to customize it to my needs.
Thank you again!
- Steven
Franzw
Jun 4, 2014, 4:45:45 PM6/4/14
to
But do not underestimate the knowledge and magic needed to make it work in all circumstances - there are problems with class loading and SSL if you run clustered ISIM that can make you feel a lot older in very short time :-).
I regularly write TDI/ISIM Java code and the combination is extremely powerful and can reduce the end to end time of a small solution dramatically compared to Java coding.
Regards
Franz Wolfhagen
steven....@gmail.com
Jun 5, 2014, 11:49:57 AM6/5/14
to
Hello Franz,
I am having a look at the Technote now, but before I get too far into it, will it work with ITIM 5.1 and ITDI 7.0?
Thank you,
Steven
I am having a look at the Technote now, but before I get too far into it, will it work with ITIM 5.1 and ITDI 7.0?
Thank you,
Steven
Franzw
Jun 6, 2014, 3:19:22 PM6/6/14
to
The difficult thing is to get the jars and the WAS client things right and that has not changed...
Else let me know - I have samples somewhere in my archives.
HTH
Regards
Franz Wolfhagen
Manigandan Jegannathan
Jul 8, 2014, 9:01:08 AM7/8/14
to
Fabulous,
Hi Franzw, I can get platform context and successfully logged in using TDI (tech note you shared helped).
But ,
var employeeMO = new Packages.com.ibm.itim.apps.identity.PersonMO(itimPlatform,subject,empDN);
var emp = employeeMO.getData() ;
this returns null value, Though i gave correct Person DN.
Franzw
Jul 8, 2014, 2:33:09 PM7/8/14
to
Try this :
importPackage(Packages.com.ibm.itim.apps.identity);
importPackage(Packages.com.ibm.itim.dataservices.model);
empDN = new DistinguishedName("erglobalid=1234556789111....")
var employeeMO = new PersonMO(itimPlatform,subject,empDN);
var emp = employeeMO.getData() ;
HTH
Regards
Franz Wolfhagen
Manigandan Jegannathan
Jul 10, 2014, 3:05:33 AM7/10/14
to
Hi Franz
Same NULL error,
CTGDIS809E handleException - cannot handle exception , script
java.lang.NullPointerException
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:379)
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:341)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:133)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:112)
at com.ibm.di.server.ScriptComponent.add(ScriptComponent.java:216)
at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(AssemblyLine.java:3749)
at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:3369)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2978)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2961)
at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:29
Same NULL error,
CTGDIS809E handleException - cannot handle exception , script
java.lang.NullPointerException
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:379)
at com.ibm.itim.util.I18NMessage.getMessage(I18NMessage.java:341)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:133)
at com.ibm.itim.exception.ITIMException.getMessage(ITIMException.java:112)
at com.ibm.di.server.ScriptComponent.add(ScriptComponent.java:216)
at com.ibm.di.server.AssemblyLine.msExecuteNextConnector(AssemblyLine.java:3749)
at com.ibm.di.server.AssemblyLine.executeMainStep(AssemblyLine.java:3369)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2978)
at com.ibm.di.server.AssemblyLine.executeMainLoop(AssemblyLine.java:2961)
at com.ibm.di.server.AssemblyLine.executeAL(AssemblyLine.java:29
Franzw
Jul 10, 2014, 10:32:37 AM7/10/14
to
This is somewhat undocumented that you need to that - but without that there is no way you can run external ISIM api code.
Regards
Franz Wolfhagen
Manigandan Jegannathan
Jul 23, 2014, 2:02:20 AM7/23/14
to
All Fine,
But no idea why i am getting this error,
com.ibm.itim.apps.ApplicationException: CORBA NO_PERMISSION 0x0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION:
>> SERVER (id=4773e3aa, host=myhost) TRACE START:
>> org.omg.CORBA.NO_PERMISSION: java.rmi.AccessException: ; nested exception is:
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.SearchAuthorityHome create::2 null vmcid: 0x0 minor code: 0 completed: No
>> at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:686)
>> at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSecurityCollaborator.java:276)
>> at com.ibm.ejs.container.EJSContainer.preInvokeAfterActivate(EJSContainer.java:4066)
>> at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:3273)
>> at com.ibm.itim.apps.ejb.search.EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c.create(Unknown Source)
>> at com.ibm.itim.apps.ejb.search._EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.create(_EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.java:160)
>> at com.ibm.itim.apps.ejb.search._EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie._invoke(_EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.java:86)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:585)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:461)
>> at com.ibm.rmi.iiop.ORB.process(ORB.java:533)
>> at com.ibm.CORBA.iiop.ORB.process(ORB.java:1574)
>> at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2956)
>> at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2823)
>> at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65)
>> at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
>> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1656)
>> SERVER (id=4773e3aa, host=US04IDMAPPDEV.corp.logitech.com) TRACE END.
vmcid: 0x0 minor code: 0 completed: No
at com.ibm.itim.apps.search.SearchMO.createN
But no idea why i am getting this error,
com.ibm.itim.apps.ApplicationException: CORBA NO_PERMISSION 0x0 No; nested exception is:
org.omg.CORBA.NO_PERMISSION:
>> SERVER (id=4773e3aa, host=myhost) TRACE START:
>> org.omg.CORBA.NO_PERMISSION: java.rmi.AccessException: ; nested exception is:
com.ibm.websphere.csi.CSIAccessException: SECJ0053E: Authorization failed for ??? while invoking (Home)ITIM#api_ejb.jar#enroleejb.SearchAuthorityHome create::2 null vmcid: 0x0 minor code: 0 completed: No
>> at com.ibm.ws.security.core.SecurityCollaborator.performAuthorization(SecurityCollaborator.java:686)
>> at com.ibm.ws.security.core.EJSSecurityCollaborator.preInvoke(EJSSecurityCollaborator.java:276)
>> at com.ibm.ejs.container.EJSContainer.preInvokeAfterActivate(EJSContainer.java:4066)
>> at com.ibm.ejs.container.EJSContainer.preInvoke(EJSContainer.java:3273)
>> at com.ibm.itim.apps.ejb.search.EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c.create(Unknown Source)
>> at com.ibm.itim.apps.ejb.search._EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.create(_EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.java:160)
>> at com.ibm.itim.apps.ejb.search._EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie._invoke(_EJSRemoteStatefulenroleejb_SearchAuthorityHomeHome_68d23b4c_Tie.java:86)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatchInvokeHandler(ServerDelegate.java:585)
>> at com.ibm.CORBA.iiop.ServerDelegate.dispatch(ServerDelegate.java:461)
>> at com.ibm.rmi.iiop.ORB.process(ORB.java:533)
>> at com.ibm.CORBA.iiop.ORB.process(ORB.java:1574)
>> at com.ibm.rmi.iiop.Connection.respondTo(Connection.java:2956)
>> at com.ibm.rmi.iiop.Connection.doWork(Connection.java:2823)
>> at com.ibm.rmi.iiop.WorkUnitImpl.doWork(WorkUnitImpl.java:65)
>> at com.ibm.ejs.oa.pool.PooledThread.run(ThreadPool.java:118)
>> at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1656)
>> SERVER (id=4773e3aa, host=US04IDMAPPDEV.corp.logitech.com) TRACE END.
vmcid: 0x0 minor code: 0 completed: No
at com.ibm.itim.apps.search.SearchMO.createN
mdanial...@gmail.com
Dec 19, 2016, 11:58:04 AM12/19/16
to
Hi, it's an old thread, but I am facing exactly the same issue as you were. Were you able to figure it out?
Steven Lynch
Apr 5, 2017, 3:16:10 PM4/5/17
to
On Monday, December 19, 2016 at 11:58:04 AM UTC-5, mdanial...@gmail.com wrote:
> Hi, it's an old thread, but I am facing exactly the same issue as you were. Were you able to figure it out?
I was able to figure it out thanks to the help of this thread. It is successfully working.
> Hi, it's an old thread, but I am facing exactly the same issue as you were. Were you able to figure it out?
Steven Lynch
Apr 19, 2017, 11:58:34 AM4/19/17
to
Part 2!
Now that my modify goes through with a Web Service call, I am trying to capture the response to obtain the request ID. This would confirm that the request successfully went through.
Within the "Input Map" of the modifyAccount, I have this as a "Work Attribute":
var modify_response = conn["return"].getValue(0);
var theResponse = modify_response.modifyAccountReturn();
task.logmsg("modify_response is " + modify_response);
task.logmsg("theResponse is " + theResponse);
task.logmsg("Request ID = " + theResponse.getRequestId());
The log output of the above is:
modify_response is com.ibm.itim.ws.service.ModifyAccountResponse@8daf48d3
theResponse is com.ibm.itim.ws.model.WSRequest@4d6
Request ID = 0
What am I doing wrong?
Now that my modify goes through with a Web Service call, I am trying to capture the response to obtain the request ID. This would confirm that the request successfully went through.
Within the "Input Map" of the modifyAccount, I have this as a "Work Attribute":
var modify_response = conn["return"].getValue(0);
var theResponse = modify_response.modifyAccountReturn();
task.logmsg("modify_response is " + modify_response);
task.logmsg("theResponse is " + theResponse);
task.logmsg("Request ID = " + theResponse.getRequestId());
The log output of the above is:
modify_response is com.ibm.itim.ws.service.ModifyAccountResponse@8daf48d3
theResponse is com.ibm.itim.ws.model.WSRequest@4d6
Request ID = 0
What am I doing wrong?
0 new messages