Deepak Dubey on Cloud, Big Data Analytics, Data Science, Machine Learning, DevOps, Full Stack, Java: 2014

In this post I am posting the sample code for a sample SOA approval workflow.

Some of the features that this workflow addresses are

Approval to Manager or Role Owners is dynamic based on the custom OIM system property "approval-condition". Value is set either "AND" or "OR".
Manager or Role Owner can be set to be notified only with no approval required. In this case only email is sent to notify them but no approval is required from them. Custom OIM system property are created to address this.

manager-notify-only = TRUE or FALSE

TRUE = only notify the manager no approval request sent.
FALSE = notify the manager and send an approval request.

roleowner-notify-only = TRUE or FALSE

TRUE = only notify the role owner no approval request sent.
FALSE = notify the role owner and send an approval request.

Third Level System Notification was required but it should be dynamic. Custom OIM system property are created to address this

sysadmin-notify-only = TRUE or FALSE

TRUE notify the sys admin
FALSE Do not notify the sys admin

If a manager makes the request on behalf of a subordinate then the approval is automatically skipped in the approval chain.
If a role owner makes the request then the approval is automatically skipped if he/she is in the approval chain.
Emails are triggered before and after the human approval task from notification templates within OIM web console. OIM API's were used to send out the emails. This was done to ease the email body modification which was otherwise be required to be done from the JDeveloper and SOA composite being redeployed.

BPEL Process

BPEL Workflow level global variables

Java Code for the java embedding activity 1

try {

String oimUserName = "";

String oimPassword = "";

oracle.security.jps.JpsContext ctx = oracle.security.jps.JpsContextFactory.getContextFactory().getContext();

final oracle.security.jps.service.credstore.CredentialStore cs = (oracle.security.jps.service.credstore.CredentialStore) ctx

.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);

oracle.security.jps.service.credstore.CredentialMap cmap = cs.getCredentialMap("oracle.oim.sysadminMap");

oracle.security.jps.service.credstore.Credential cred = cmap.getCredential("sysadmin");

if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {

oracle.security.jps.service.credstore.PasswordCredential pcred = (oracle.security.jps.service.credstore.PasswordCredential) cred;

char[] p = pcred.getPassword();

oimUserName = pcred.getName();

oimPassword = new String(p);

}

String oimURL = "t3s://localhost:443/oim";

String roleApprover = "xelsysadm";

java.util.Hashtable env = new java.util.Hashtable();

env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,oracle.iam.platform.OIMClient.WLS_CONTEXT_FACTORY);

env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL,oimURL);

oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient(env);

System.out.println("Before Login");

client.login(oimUserName, oimPassword.toCharArray());

System.out.println("Login Successful");

//PROPERTY BLOCK

Thor.API.Operations.tcPropertyOperationsIntf propertyOperationsIntf = client.getService(Thor.API.Operations.tcPropertyOperationsIntf.class);

String approval_condition = "and";

approval_condition = propertyOperationsIntf.getPropertyValue("approval-condition");

System.out.println("approval_condition---->"+ approval_condition);

int votedOutCome = 100;

String manager_notify_only = "false";

String roleowner_notify_only = "false";

//MANAGER BLOCK

manager_notify_only = propertyOperationsIntf.getPropertyValue("manager-notify-only");

System.out.println("manager_notify_only------>"+ manager_notify_only);

if (manager_notify_only.equalsIgnoreCase("true")) {

setVariableData("manager-notify-only", 1);

} else {

setVariableData("manager-notify-only", 0);

}

//ROLE OWNER BLOCK

roleowner_notify_only = propertyOperationsIntf.getPropertyValue("roleowner-notify-only");

System.out.println("roleowner_notify_only----->"+ roleowner_notify_only);

if (roleowner_notify_only.equalsIgnoreCase("true")) {

setVariableData("roleowner-notify-only", 1);

} else {

setVariableData("roleowner-notify-only", 0);

}

//CHECK ALL TRUE

if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 0;

//CHECK AND POSSIBILITIES

if (approval_condition.equalsIgnoreCase("and")) {

if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 100;

if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 50;

if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;

}

//CHECK OR POSSIBILITIES

if (approval_condition.equalsIgnoreCase("or")) {

if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;

if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 50;

if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;

}

System.out.println("votedOutCome --->"+votedOutCome);

setVariableData("votedOutCome", votedOutCome);

//SYS ADMIN BLOCK

String sysadmin_notify_only = "true";

sysadmin_notify_only = propertyOperationsIntf.getPropertyValue("sysadmin-notify-only");

System.out.println("sysadmin_notify_only------->"+ sysadmin_notify_only);

if (sysadmin_notify_only.equalsIgnoreCase("true")) {

setVariableData("sysadmin-notify-only", "TRUE");

} else {

setVariableData("sysadmin-notify-only", "FALSE");

}

oracle.iam.request.api.RequestService reqSvc = client.getService(oracle.iam.request.api.RequestService.class);

oracle.iam.identity.rolemgmt.api.RoleManager roleSvc = client.getService(oracle.iam.identity.rolemgmt.api.RoleManager.class);

oracle.iam.identity.usermgmt.api.UserManager usersvc = client.getService(oracle.iam.identity.usermgmt.api.UserManager.class);

//NEW LINE ADDED

oracle.iam.notification.api.NotificationService notsvc = client.getService(oracle.iam.notification.api.NotificationService.class);

// END OF NEW LINE ADDED

Object reqIdXMLElem = getVariableData("inputVariable", "payload","/ns3:process/ns4:RequestID");

String reqId = ((oracle.xml.parser.v2.XMLElement) reqIdXMLElem).getText();

System.out.println("The request ID is " + reqId);

oracle.iam.request.vo.Request req = reqSvc.getBasicRequestData(reqId);

System.out.println("req--->" + req);

String requesterID = req.getRequesterKey();

System.out.println("requesterID ->" + requesterID);

java.util.List<oracle.iam.request.vo.Beneficiary> beneficiaries = req.getBeneficiaries();

System.out.println("beneficiaries----->" + beneficiaries);

if (beneficiaries != null) {

for (oracle.iam.request.vo.Beneficiary benf : beneficiaries) {

String beneficiaryID = benf.getBeneficiaryKey();

System.out.println(" beneficiaryID->" + beneficiaryID);

oracle.iam.identity.usermgmt.vo.User user1 = usersvc.getDetails(benf.getBeneficiaryKey(), null, false);

System.out.println("user1------>" + user1);

java.util.HashMap userMap = user1.getAttributes();

System.out.println("userMap ->" + userMap);

String mgrKey = userMap.get("usr_manager_key").toString();

System.out.println("mgrKey ->" + mgrKey);

if (mgrKey.equalsIgnoreCase(requesterID)) {

System.out.println("requesterIsManager is true");

setVariableData("requesterIsManager", 1);

if (roleowner_notify_only.equalsIgnoreCase("true")) votedOutCome = 0;

if (

(approval_condition.equalsIgnoreCase("and")) &&

(manager_notify_only.equalsIgnoreCase("false")) &&

(roleowner_notify_only.equalsIgnoreCase("false"))

) votedOutCome = 50;

if (

(approval_condition.equalsIgnoreCase("or")) &&

(manager_notify_only.equalsIgnoreCase("false")) &&

(roleowner_notify_only.equalsIgnoreCase("false"))

) votedOutCome = 50;

} else {

System.out.println("requesterIsManager is false");

setVariableData("requesterIsManager", 0);

}

java.util.List<oracle.iam.request.vo.RequestBeneficiaryEntity> rbes = benf.getTargetEntities();

for (oracle.iam.request.vo.RequestBeneficiaryEntity rbe : rbes) {

String key = rbe.getEntityKey();

System.out.println("key---->" + key);

String type = rbe.getEntityType();

System.out.println("type---->" + type);

if (type.equalsIgnoreCase("Role")) {

System.out.println("type is role");

oracle.iam.identity.rolemgmt.vo.Role role = roleSvc.getDetails(key, null);

String roleOwnerKey = null;

roleOwnerKey = role.getAttribute(oracle.iam.identity.rolemgmt.api.RoleManagerConstants.ROLE_OWNER_KEY).toString();

System.out.println("roleOwnerKey--->"+ roleOwnerKey);

if (roleOwnerKey.equalsIgnoreCase(requesterID)) {

System.out.println("requesterIsRoleOwner is true");

setVariableData("requesterIsRoleOwner", 1);

if (manager_notify_only.equalsIgnoreCase("true")) votedOutCome = 0;

if (

(approval_condition.equalsIgnoreCase("and")) &&

(manager_notify_only.equalsIgnoreCase("false")) &&

(roleowner_notify_only.equalsIgnoreCase("false"))

) votedOutCome = 50;

if (

(approval_condition.equalsIgnoreCase("or")) &&

(manager_notify_only.equalsIgnoreCase("false")) &&

(roleowner_notify_only.equalsIgnoreCase("false"))

) votedOutCome = 50;

} else {

System.out.println("requesterIsRoleOwner is false");

setVariableData("requesterIsRoleOwner", 0);

}

if ((roleOwnerKey.equalsIgnoreCase(requesterID)) && (mgrKey.equalsIgnoreCase(roleOwnerKey))) votedOutCome = 0;

if (mgrKey.equalsIgnoreCase(roleOwnerKey)) {

System.out.println("managerIsRoleOwner is true");

setVariableData("managerIsRoleOwner", 1);

if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;

if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 50;

} else {

System.out.println("managerIsRoleOwner is false");

setVariableData("managerIsRoleOwner", 0);

}

oracle.iam.identity.usermgmt.vo.User user = usersvc.getDetails(roleOwnerKey, null, false);

System.out.println("login is --->"+ user.getLogin());

roleApprover = user.getLogin();

setVariableData("roleApprover", roleApprover);

// Code for sending e-mail Notification

String userLogin=userMap.get("User Login").toString();

System.out.println("usrLogin ->" +userLogin);

//get manager login

oracle.iam.identity.usermgmt.api.UserManager managerservice = client.getService(oracle.iam.identity.usermgmt.api.UserManager.class);

oracle.iam.identity.usermgmt.vo.User manager = usersvc.getDetails(mgrKey, null, false);

java.util.HashMap managerMap = manager.getAttributes();

System.out.println("mgrMap ->" + managerMap);

String managerLogin=managerMap.get("User Login").toString();

System.out.println("mgrLogin ->" +managerLogin);

//get role name

String roleName=null;

roleName=role.getAttribute(oracle.iam.identity.rolemgmt.api.RoleManagerConstants.ROLE_DISPLAY_NAME).toString();

System.out.println("Role Name"+ roleName);

//get requester display name

oracle.iam.identity.usermgmt.api.UserManager requesterservice = client.getService(oracle.iam.identity.usermgmt.api.UserManager.class);

System.out.println("Requester ID "+requesterID);

oracle.iam.identity.usermgmt.vo.User requester = usersvc.getDetails(requesterID, null, false);

java.util.HashMap requesterMap = requester.getAttributes();

System.out.println("requesterMap ->" + requesterMap);

String requesterDisplayName=requesterMap.get("First Name").toString()+" "+requesterMap.get("Last Name").toString();

System.out.println("requester Full Name ->" +requesterDisplayName);

oracle.iam.notification.vo.NotificationEvent notevent = new oracle.iam.notification.vo.NotificationEvent();

String[] receiverUserIds= {managerLogin,roleApprover};

notevent.setUserIds(receiverUserIds);

notevent.setTemplateName("RequestAssigned");

java.util.HashMap templateParams = new java.util.HashMap();

templateParams.put("usr_key",beneficiaryID);

templateParams.put("request_id",reqId);

templateParams.put("role_name",roleName);

templateParams.put("requester_name",requesterDisplayName);

notevent.setSender(null);

notevent.setParams(templateParams);

System.out.println("Sending Notification");

notsvc.notify(notevent);

//End of Code for sending e-mail notification

}

}// End RequestBeneficiaryEntity for loop

} // End beneficiaries for loop

} // End if

System.out.println("Final votedOutCome --->"+votedOutCome);

setVariableData("votedOutCome", votedOutCome);

} catch (Exception e) {

System.out.println("----------------------");

e.printStackTrace();

System.out.println("----------------------");

}

Approval Task Details.

Manager Approval and Skip Condition

Role Owners Approval and Skip Condition

Dynamic Voted Outcome

Java Code for the java embedding activity 2

try {

String oimUserName = "";

String oimPassword = "";

oracle.security.jps.JpsContext ctx = oracle.security.jps.JpsContextFactory

.getContextFactory().getContext();

final oracle.security.jps.service.credstore.CredentialStore cs = (oracle.security.jps.service.credstore.CredentialStore) ctx

.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);

oracle.security.jps.service.credstore.CredentialMap cmap = cs

.getCredentialMap("oracle.oim.sysadminMap");

oracle.security.jps.service.credstore.Credential cred = cmap

.getCredential("sysadmin");

if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {

oracle.security.jps.service.credstore.PasswordCredential pcred = (oracle.security.jps.service.credstore.PasswordCredential) cred;

char[] p = pcred.getPassword();

oimUserName = pcred.getName();

oimPassword = new String(p);

}

String oimURL = "t3s://localhost:443/oim";

String roleApprover = "xelsysadm";

java.util.Hashtable env = new java.util.Hashtable();

env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,

oracle.iam.platform.OIMClient.WLS_CONTEXT_FACTORY);

env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL,

oimURL);

oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient(

env);

System.out.println("Before Login");

client.login(oimUserName, oimPassword.toCharArray());

System.out.println("Login Successful");

oracle.iam.request.api.RequestService reqSvc = client

.getService(oracle.iam.request.api.RequestService.class);

oracle.iam.identity.rolemgmt.api.RoleManager roleSvc = client

.getService(oracle.iam.identity.rolemgmt.api.RoleManager.class);

oracle.iam.identity.usermgmt.api.UserManager usersvc = client

.getService(oracle.iam.identity.usermgmt.api.UserManager.class);

// Code for sending e-mail Notification

oracle.iam.notification.api.NotificationService notsvc = client

.getService(oracle.iam.notification.api.NotificationService.class);

// Code for sending e-mail Notification

Object reqIdXMLElem = getVariableData("inputVariable", "payload",

"/ns3:process/ns4:RequestID");

String reqId = ((oracle.xml.parser.v2.XMLElement) reqIdXMLElem)

.getText();

System.out.println("The request ID is " + reqId);

oracle.iam.request.vo.Request req = reqSvc

.getBasicRequestData(reqId);

System.out.println("req--->" + req);

String requesterID = req.getRequesterKey();

System.out.println("requesterID ->" + requesterID);

java.util.List<oracle.iam.request.vo.Beneficiary> beneficiaries = req

.getBeneficiaries();

System.out.println("beneficiaries----->" + beneficiaries);

if (beneficiaries != null) {

for (oracle.iam.request.vo.Beneficiary benf : beneficiaries) {

String beneficiaryID = benf.getBeneficiaryKey();

System.out.println(" beneficiaryID->" + beneficiaryID);

oracle.iam.identity.usermgmt.vo.User user1 = usersvc

.getDetails(benf.getBeneficiaryKey(), null, false);

System.out.println("user1------>" + user1);

java.util.HashMap userMap = user1.getAttributes();

System.out.println("userMap ->" + userMap);

String mgrKey = userMap.get("usr_manager_key").toString();

System.out.println("mgrKey ->" + mgrKey);

java.util.List<oracle.iam.request.vo.RequestBeneficiaryEntity> rbes = benf

.getTargetEntities();

for (oracle.iam.request.vo.RequestBeneficiaryEntity rbe : rbes) {

String key = rbe.getEntityKey();

System.out.println("key---->" + key);

String type = rbe.getEntityType();

System.out.println("type---->" + type);

if (type.equalsIgnoreCase("Role")) {

System.out.println("type is role");

oracle.iam.identity.rolemgmt.vo.Role role = roleSvc

.getDetails(key, null);

//setVariableData("sysadmin-notify-only", "true");

// Code for sending e-mail Notification

String adminNotify="false";

adminNotify=(String)getVariableData("sysadmin-notify-only");

if(adminNotify.equalsIgnoreCase("true"))

{

String userLogin=userMap.get("User Login").toString();

System.out.println("usrLogin ->" +userLogin);

//get sysadmin login

String sysAdminLogin="xelsysadm";

//get role name

String roleName=null;

roleName=role.getAttribute(oracle.iam.identity.rolemgmt.api.RoleManagerConstants.ROLE_DISPLAY_NAME).toString();

System.out.println("Role Name"+ roleName);

//get requester display name

oracle.iam.identity.usermgmt.api.UserManager requesterservice = client

.getService(oracle.iam.identity.usermgmt.api.UserManager.class);

System.out.println("Requester ID "+requesterID);

oracle.iam.identity.usermgmt.vo.User requester = usersvc.getDetails(requesterID, null, false);

java.util.HashMap requesterMap = requester.getAttributes();

System.out.println("requesterMap ->" + requesterMap);

String requesterDisplayName=requesterMap.get("First Name").toString()+" "+requesterMap.get("Last Name").toString();

System.out.println("requester Full Name ->" +requesterDisplayName);

oracle.iam.notification.vo.NotificationEvent notevent = new oracle.iam.notification.vo.NotificationEvent();

String[] receiverUserIds= {sysAdminLogin};

notevent.setUserIds(receiverUserIds);

notevent.setTemplateName("SystemAdminNotification");

java.util.HashMap templateParams = new java.util.HashMap();

templateParams.put("usr_key",beneficiaryID);

templateParams.put("request_id",reqId);

templateParams.put("role_name",roleName);

templateParams.put("requester_name",requesterDisplayName);

notevent.setSender(null);

notevent.setParams(templateParams);

System.out.println("Sending Notification");

notsvc.notify(notevent);

//End of Code for sending e-mail notification

} // End of adminNotify if condition

}

}// End RequestBeneficiaryEntity for loop

} // End beneficiaries for loop

} // End if

} catch (Exception e) {

System.out.println("----------------------");

e.printStackTrace();

System.out.println("----------------------");

}

Deepak Dubey on Cloud, Big Data Analytics, Data Science, Machine Learning, DevOps, Full Stack, Java

Thursday, November 13, 2014

OIM 11g R2 - Approval Policies deprecated request types

Wednesday, November 12, 2014

OIM 11g R2 PS2 : SOA Approval Workflow Sample