Wednesday, November 12, 2014

OIM 11g R2 PS2 : SOA Approval Workflow Sample

In this post I am posting the sample code for a sample SOA approval workflow.

Some of the features that this workflow addresses are

  1. Approval to Manager or Role Owners is dynamic based on the custom OIM system property "approval-condition". Value is set either "AND" or "OR".
  2. Manager or Role Owner can be set to be notified only with no approval required. In this case only email is sent to notify them but no approval is required from them. Custom OIM system property are created to address this. 
    •  manager-notify-only = TRUE or FALSE 
      • TRUE = only notify the manager no approval request sent.
      • FALSE = notify the manager and send an approval request. 
    •  roleowner-notify-only = TRUE or FALSE 
      • TRUE = only notify the role owner no approval request sent.
      • FALSE = notify the role owner and send an approval request.
  3. Third Level System Notification was required but it should be dynamic.  Custom OIM system property are created to address this
    • sysadmin-notify-only = TRUE or FALSE
      • TRUE    notify the sys admin  
      • FALSE    Do not notify the sys admin
  4. If a manager makes the request on behalf of a subordinate then the approval is automatically skipped in the approval chain.
  5. If a role owner makes the request then the approval is automatically skipped if he/she is in the approval chain.
  6. Emails are triggered before and after the human approval task  from notification templates within OIM web console. OIM API's were used to send out the emails. This was done to ease the email body modification which was otherwise be required to be done from the JDeveloper and SOA composite being redeployed.


BPEL Process



                                                                                                                                                                                                                                                                                                          
                                                                                                                                                                   
BPEL Workflow level global variables


























                                                                                                                                                       
                                                                                                                                                    
Java Code for the java embedding activity 1



try {
                  String oimUserName = "";
                  String oimPassword = "";
                  oracle.security.jps.JpsContext ctx = oracle.security.jps.JpsContextFactory.getContextFactory().getContext();
                  final oracle.security.jps.service.credstore.CredentialStore cs = (oracle.security.jps.service.credstore.CredentialStore) ctx
                              .getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
                  oracle.security.jps.service.credstore.CredentialMap cmap = cs.getCredentialMap("oracle.oim.sysadminMap");
                  oracle.security.jps.service.credstore.Credential cred = cmap.getCredential("sysadmin");
                  if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {
                        oracle.security.jps.service.credstore.PasswordCredential pcred = (oracle.security.jps.service.credstore.PasswordCredential) cred;
                        char[] p = pcred.getPassword();
                        oimUserName = pcred.getName();
                        oimPassword = new String(p);
                  }
                 
                 
                  String oimURL = "t3s://localhost:443/oim";
                  String roleApprover = "xelsysadm";
                  java.util.Hashtable env = new java.util.Hashtable();
                  env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,oracle.iam.platform.OIMClient.WLS_CONTEXT_FACTORY);
                  env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL,oimURL);
                  oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient(env);
                  System.out.println("Before Login");
                  client.login(oimUserName, oimPassword.toCharArray());
                  System.out.println("Login Successful");
                  //PROPERTY BLOCK
                  Thor.API.Operations.tcPropertyOperationsIntf propertyOperationsIntf = client.getService(Thor.API.Operations.tcPropertyOperationsIntf.class);
                  String approval_condition = "and";
                  approval_condition =    propertyOperationsIntf.getPropertyValue("approval-condition");
                  System.out.println("approval_condition---->"+ approval_condition);
                  int votedOutCome = 100;
                  String manager_notify_only = "false";
                  String roleowner_notify_only = "false";
                  //MANAGER BLOCK
                  manager_notify_only = propertyOperationsIntf.getPropertyValue("manager-notify-only");
                  System.out.println("manager_notify_only------>"+ manager_notify_only);             
                  if (manager_notify_only.equalsIgnoreCase("true")) {
                        setVariableData("manager-notify-only", 1);
                  } else {
                        setVariableData("manager-notify-only", 0);
                  }
                  //ROLE OWNER BLOCK
                  roleowner_notify_only = propertyOperationsIntf.getPropertyValue("roleowner-notify-only");
                  System.out.println("roleowner_notify_only----->"+ roleowner_notify_only);
                  if (roleowner_notify_only.equalsIgnoreCase("true")) {
                        setVariableData("roleowner-notify-only", 1);
                  } else {
                        setVariableData("roleowner-notify-only", 0);
                  }
                  //CHECK ALL TRUE
                  if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 0;
                  //CHECK AND POSSIBILITIES
                  if (approval_condition.equalsIgnoreCase("and")) {
                        if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 100;
                        if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 50;
                        if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;
                  }
                  //CHECK OR POSSIBILITIES
                  if (approval_condition.equalsIgnoreCase("or")) {
                        if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;
                        if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 50;
                        if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;
                  }
                  System.out.println("votedOutCome  --->"+votedOutCome);
                  setVariableData("votedOutCome", votedOutCome);
                  //SYS ADMIN BLOCK
                  String sysadmin_notify_only = "true";
                  sysadmin_notify_only = propertyOperationsIntf.getPropertyValue("sysadmin-notify-only");
                  System.out.println("sysadmin_notify_only------->"+ sysadmin_notify_only);
                  if (sysadmin_notify_only.equalsIgnoreCase("true")) {
                        setVariableData("sysadmin-notify-only", "TRUE");
                  } else {
                        setVariableData("sysadmin-notify-only", "FALSE");
                  }
                   
                  oracle.iam.request.api.RequestService reqSvc = client.getService(oracle.iam.request.api.RequestService.class);
                  oracle.iam.identity.rolemgmt.api.RoleManager roleSvc = client.getService(oracle.iam.identity.rolemgmt.api.RoleManager.class);
                  oracle.iam.identity.usermgmt.api.UserManager usersvc = client.getService(oracle.iam.identity.usermgmt.api.UserManager.class);
                   
                  //NEW LINE ADDED
                  oracle.iam.notification.api.NotificationService notsvc = client.getService(oracle.iam.notification.api.NotificationService.class);
                  // END OF NEW LINE ADDED
                   
                   
                  Object reqIdXMLElem = getVariableData("inputVariable", "payload","/ns3:process/ns4:RequestID");
                  String reqId = ((oracle.xml.parser.v2.XMLElement) reqIdXMLElem).getText();
                  System.out.println("The request ID is " + reqId);
                  oracle.iam.request.vo.Request req = reqSvc.getBasicRequestData(reqId);
                  System.out.println("req--->" + req);
                  String requesterID = req.getRequesterKey();
                  System.out.println("requesterID ->" + requesterID);
                  java.util.List<oracle.iam.request.vo.Beneficiary> beneficiaries = req.getBeneficiaries();
                  System.out.println("beneficiaries----->" + beneficiaries);
                  if (beneficiaries != null) {
                        for (oracle.iam.request.vo.Beneficiary benf : beneficiaries) {
                              String beneficiaryID = benf.getBeneficiaryKey();
                              System.out.println(" beneficiaryID->" + beneficiaryID);
                              oracle.iam.identity.usermgmt.vo.User user1 = usersvc.getDetails(benf.getBeneficiaryKey(), null, false);
                              System.out.println("user1------>" + user1);
                              java.util.HashMap userMap = user1.getAttributes();
                              System.out.println("userMap ->" + userMap);
                              String mgrKey = userMap.get("usr_manager_key").toString();
                              System.out.println("mgrKey ->" + mgrKey);
                              if (mgrKey.equalsIgnoreCase(requesterID)) {
                                    System.out.println("requesterIsManager   is   true");
                                    setVariableData("requesterIsManager", 1);
                                    if (roleowner_notify_only.equalsIgnoreCase("true")) votedOutCome = 0;
                                     
                                    if (
                                                (approval_condition.equalsIgnoreCase("and")) &&
                                                (manager_notify_only.equalsIgnoreCase("false")) &&
                                                (roleowner_notify_only.equalsIgnoreCase("false"))
                                                ) votedOutCome = 50;
                                     
                                     
                                    if (
                                                (approval_condition.equalsIgnoreCase("or")) &&
                                                (manager_notify_only.equalsIgnoreCase("false")) &&
                                                (roleowner_notify_only.equalsIgnoreCase("false"))
                                                ) votedOutCome = 50;
                                     
                              } else {
                                    System.out.println("requesterIsManager   is   false");
                                    setVariableData("requesterIsManager", 0);
                              }
                              java.util.List<oracle.iam.request.vo.RequestBeneficiaryEntity> rbes = benf.getTargetEntities();
                              for (oracle.iam.request.vo.RequestBeneficiaryEntity rbe : rbes) {
                                    String key = rbe.getEntityKey();
                                    System.out.println("key---->" + key);
                                    String type = rbe.getEntityType();
                                    System.out.println("type---->" + type);
                                    if (type.equalsIgnoreCase("Role")) {
                                          System.out.println("type is role");
                                          oracle.iam.identity.rolemgmt.vo.Role role = roleSvc.getDetails(key, null);
                                          String roleOwnerKey = null;
                                          roleOwnerKey = role.getAttribute(oracle.iam.identity.rolemgmt.api.RoleManagerConstants.ROLE_OWNER_KEY).toString();
                                          System.out.println("roleOwnerKey--->"+ roleOwnerKey);
                                          if (roleOwnerKey.equalsIgnoreCase(requesterID)) {
                                                System.out.println("requesterIsRoleOwner   is   true");
                                                setVariableData("requesterIsRoleOwner", 1);
                                                if (manager_notify_only.equalsIgnoreCase("true")) votedOutCome = 0;
                                                 
                                                 
                                                if (
                                                            (approval_condition.equalsIgnoreCase("and")) &&
                                                            (manager_notify_only.equalsIgnoreCase("false")) &&
                                                            (roleowner_notify_only.equalsIgnoreCase("false"))
                                                            ) votedOutCome = 50;
                                                 
                                                 
                                                if (
                                                            (approval_condition.equalsIgnoreCase("or")) &&
                                                            (manager_notify_only.equalsIgnoreCase("false")) &&
                                                            (roleowner_notify_only.equalsIgnoreCase("false"))
                                                            ) votedOutCome = 50;
                                                 
                                                 
                                          } else {
                                                System.out.println("requesterIsRoleOwner   is   false");
                                                setVariableData("requesterIsRoleOwner", 0);
                                          }
                                          if  ((roleOwnerKey.equalsIgnoreCase(requesterID)) && (mgrKey.equalsIgnoreCase(roleOwnerKey))) votedOutCome = 0;
                                          if (mgrKey.equalsIgnoreCase(roleOwnerKey)) {
                                                System.out.println("managerIsRoleOwner   is   true");
                                                setVariableData("managerIsRoleOwner", 1);
                                                if ((manager_notify_only.equalsIgnoreCase("true")) && (roleowner_notify_only.equalsIgnoreCase("false"))) votedOutCome = 50;
                                                if ((manager_notify_only.equalsIgnoreCase("false")) && (roleowner_notify_only.equalsIgnoreCase("true"))) votedOutCome = 50;
                                          } else {
                                                System.out.println("managerIsRoleOwner   is   false");
                                                setVariableData("managerIsRoleOwner", 0);
                                          }
                                          oracle.iam.identity.usermgmt.vo.User user = usersvc.getDetails(roleOwnerKey, null, false);
                                          System.out.println("login is --->"+ user.getLogin());
                                          roleApprover = user.getLogin();
                                          setVariableData("roleApprover", roleApprover);
                                           
                                            // Code for sending e-mail Notification
                            String userLogin=userMap.get("User Login").toString();                        
                            System.out.println("usrLogin ->" +userLogin);
                            //get manager login
                            oracle.iam.identity.usermgmt.api.UserManager managerservice = client.getService(oracle.iam.identity.usermgmt.api.UserManager.class);
                            oracle.iam.identity.usermgmt.vo.User manager = usersvc.getDetails(mgrKey, null, false);
                            java.util.HashMap managerMap = manager.getAttributes();
                            System.out.println("mgrMap ->" + managerMap);
                            String managerLogin=managerMap.get("User Login").toString();
                            System.out.println("mgrLogin ->" +managerLogin);
                            
                            //get role name
                            String roleName=null;
                            roleName=role.getAttribute(oracle.iam.identity.rolemgmt.api.RoleManagerConstants.ROLE_DISPLAY_NAME).toString();
                            System.out.println("Role Name"+ roleName);
                            
                            //get requester display name
                            oracle.iam.identity.usermgmt.api.UserManager requesterservice = client.getService(oracle.iam.identity.usermgmt.api.UserManager.class);
                                System.out.println("Requester ID "+requesterID);
                                  
                            oracle.iam.identity.usermgmt.vo.User requester = usersvc.getDetails(requesterID, null, false);
                            java.util.HashMap requesterMap = requester.getAttributes();
                            System.out.println("requesterMap ->" + requesterMap);
                            String requesterDisplayName=requesterMap.get("First Name").toString()+" "+requesterMap.get("Last Name").toString();
                            System.out.println("requester Full Name ->" +requesterDisplayName);
                            
                            oracle.iam.notification.vo.NotificationEvent notevent = new  oracle.iam.notification.vo.NotificationEvent();
                            String[] receiverUserIds= {managerLogin,roleApprover};
                            notevent.setUserIds(receiverUserIds);
                            notevent.setTemplateName("RequestAssigned");
                            java.util.HashMap templateParams = new java.util.HashMap();
                            templateParams.put("usr_key",beneficiaryID);
                            templateParams.put("request_id",reqId);
                            templateParams.put("role_name",roleName);
                            templateParams.put("requester_name",requesterDisplayName);
                            notevent.setSender(null);
                            notevent.setParams(templateParams);
                            System.out.println("Sending Notification");
                            notsvc.notify(notevent);

                            //End of Code for sending e-mail notification
                                    }
                              }// End RequestBeneficiaryEntity for loop
                        } // End beneficiaries for loop
                  } // End if
                  System.out.println("Final votedOutCome  --->"+votedOutCome);
                  setVariableData("votedOutCome", votedOutCome);
            } catch (Exception e) {
                  System.out.println("----------------------");
                  e.printStackTrace();
                  System.out.println("----------------------");
            }




Approval Task Details.


  



                                                                                                                        

                                                                                                                                                        



 Manager Approval and Skip Condition



















                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
                                                                                                                                                     
                                                                                                                                                            
                                                                                                                
Role Owners Approval and Skip Condition



Dynamic Voted Outcome











Java Code for the java embedding activity 2



try {

                        String oimUserName = "";
                        String oimPassword = "";

                        oracle.security.jps.JpsContext ctx = oracle.security.jps.JpsContextFactory
                                        .getContextFactory().getContext();
                        final oracle.security.jps.service.credstore.CredentialStore cs = (oracle.security.jps.service.credstore.CredentialStore) ctx
                                        .getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
                        oracle.security.jps.service.credstore.CredentialMap cmap = cs
                                        .getCredentialMap("oracle.oim.sysadminMap");
                        oracle.security.jps.service.credstore.Credential cred = cmap
                                        .getCredential("sysadmin");
                        if (cred instanceof oracle.security.jps.service.credstore.PasswordCredential) {
                                oracle.security.jps.service.credstore.PasswordCredential pcred = (oracle.security.jps.service.credstore.PasswordCredential) cred;
                                char[] p = pcred.getPassword();
                                oimUserName = pcred.getName();
                                oimPassword = new String(p);
                        }

                       
                        String oimURL = "t3s://localhost:443/oim";
                        String roleApprover = "xelsysadm";
                        java.util.Hashtable env = new java.util.Hashtable();
                        env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,
                                        oracle.iam.platform.OIMClient.WLS_CONTEXT_FACTORY);
                        env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL,
                                        oimURL);
                        oracle.iam.platform.OIMClient client = new oracle.iam.platform.OIMClient(
                                        env);
                        System.out.println("Before Login");
                        client.login(oimUserName, oimPassword.toCharArray());
                        System.out.println("Login Successful");
                        oracle.iam.request.api.RequestService reqSvc = client
                                        .getService(oracle.iam.request.api.RequestService.class);
                        oracle.iam.identity.rolemgmt.api.RoleManager roleSvc = client
                                        .getService(oracle.iam.identity.rolemgmt.api.RoleManager.class);
                        oracle.iam.identity.usermgmt.api.UserManager usersvc = client
                                        .getService(oracle.iam.identity.usermgmt.api.UserManager.class);
                            // Code for sending e-mail Notification

                            oracle.iam.notification.api.NotificationService notsvc = client
                                                .getService(oracle.iam.notification.api.NotificationService.class);
                            // Code for sending e-mail Notification

                        Object reqIdXMLElem = getVariableData("inputVariable", "payload",
                                        "/ns3:process/ns4:RequestID");
                        String reqId = ((oracle.xml.parser.v2.XMLElement) reqIdXMLElem)
                                        .getText();
                        System.out.println("The request ID is " + reqId);

                        oracle.iam.request.vo.Request req = reqSvc
                                        .getBasicRequestData(reqId);
                        System.out.println("req--->" + req);

                        String requesterID = req.getRequesterKey();
                        System.out.println("requesterID ->" + requesterID);

                        java.util.List<oracle.iam.request.vo.Beneficiary> beneficiaries = req
                                        .getBeneficiaries();
                        System.out.println("beneficiaries----->" + beneficiaries);
                        if (beneficiaries != null) {
                                for (oracle.iam.request.vo.Beneficiary benf : beneficiaries) {
                                        String beneficiaryID = benf.getBeneficiaryKey();
                                        System.out.println(" beneficiaryID->" + beneficiaryID);
                                        oracle.iam.identity.usermgmt.vo.User user1 = usersvc
                                                        .getDetails(benf.getBeneficiaryKey(), null, false);
                                        System.out.println("user1------>" + user1);

                                        java.util.HashMap userMap = user1.getAttributes();
                                        System.out.println("userMap ->" + userMap);
                                        String mgrKey = userMap.get("usr_manager_key").toString();

                                        System.out.println("mgrKey ->" + mgrKey);

                                        java.util.List<oracle.iam.request.vo.RequestBeneficiaryEntity> rbes = benf
                                                        .getTargetEntities();
                                        for (oracle.iam.request.vo.RequestBeneficiaryEntity rbe : rbes) {
                                                String key = rbe.getEntityKey();
                                                System.out.println("key---->" + key);
                                                String type = rbe.getEntityType();
                                                System.out.println("type---->" + type);
                                                if (type.equalsIgnoreCase("Role")) {
                                                        System.out.println("type is role");
                                                        oracle.iam.identity.rolemgmt.vo.Role role = roleSvc
                                                                        .getDetails(key, null);
                                                       

                                                        
                                                //setVariableData("sysadmin-notify-only", "true");



                            // Code for sending e-mail Notification
                                               
                                                String adminNotify="false";
                                                adminNotify=(String)getVariableData("sysadmin-notify-only");
                                               
                                                if(adminNotify.equalsIgnoreCase("true"))
                                                {
                                               
                                                String userLogin=userMap.get("User Login").toString();                       
                                                System.out.println("usrLogin ->" +userLogin);
                                                //get sysadmin login
                                                String sysAdminLogin="xelsysadm";
                                               
                                                //get role name
                                                String roleName=null;
                                                roleName=role.getAttribute(oracle.iam.identity.rolemgmt.api.RoleManagerConstants.ROLE_DISPLAY_NAME).toString();
                                                System.out.println("Role Name"+ roleName);
                                                
                                                //get requester display name
                                                oracle.iam.identity.usermgmt.api.UserManager requesterservice = client
                                                                .getService(oracle.iam.identity.usermgmt.api.UserManager.class);
                                                    System.out.println("Requester ID "+requesterID);
                                                     
                                                oracle.iam.identity.usermgmt.vo.User requester = usersvc.getDetails(requesterID, null, false);
                                                java.util.HashMap requesterMap = requester.getAttributes();
                                                System.out.println("requesterMap ->" + requesterMap);
                                                String requesterDisplayName=requesterMap.get("First Name").toString()+" "+requesterMap.get("Last Name").toString();
                                                System.out.println("requester Full Name ->" +requesterDisplayName);
                                               
                                                oracle.iam.notification.vo.NotificationEvent notevent = new  oracle.iam.notification.vo.NotificationEvent();
                                                String[] receiverUserIds= {sysAdminLogin};
                                                notevent.setUserIds(receiverUserIds);
                                                notevent.setTemplateName("SystemAdminNotification");
                                                java.util.HashMap templateParams = new java.util.HashMap();
                                                templateParams.put("usr_key",beneficiaryID);
                                                templateParams.put("request_id",reqId);
                                                templateParams.put("role_name",roleName);
                                                templateParams.put("requester_name",requesterDisplayName);
                                                notevent.setSender(null);
                                                notevent.setParams(templateParams);
                                                System.out.println("Sending Notification");
                                                notsvc.notify(notevent);

                                                //End of Code for sending e-mail notification
                                                } // End of adminNotify if condition
                                                }


                                       
                                        }// End RequestBeneficiaryEntity for loop
                                         
                                } // End beneficiaries for loop
                        } // End if


        } catch (Exception e) {
                        System.out.println("----------------------");
                        e.printStackTrace();
                        System.out.println("----------------------");
                }