Some of the features that this workflow addresses are
- Approval to Manager or Role Owners is dynamic based on the custom OIM system property "approval-condition". Value is set either "AND" or "OR".
- Manager or Role Owner can be set to be notified only with no approval required. In this case only email is sent to notify them but no approval is required from them. Custom OIM system property are created to address this.
- manager-notify-only = TRUE or FALSE
- TRUE = only notify the manager no approval request sent.
- FALSE = notify the manager and send an approval request.
- roleowner-notify-only = TRUE or FALSE
- TRUE = only notify the role owner no approval request sent.
- FALSE = notify the role owner and send an approval request.
- Third Level System Notification was required but it should be dynamic. Custom OIM system property are created to address this
- sysadmin-notify-only = TRUE or FALSE
- TRUE notify the sys admin
- FALSE Do not notify the sys admin
- If a manager makes the request on behalf of a subordinate then the approval is automatically skipped in the approval chain.
- If a role owner makes the request then the approval is automatically skipped if he/she is in the approval chain.
- Emails are triggered before and after the human approval task from notification templates within OIM web console. OIM API's were used to send out the emails. This was done to ease the email body modification which was otherwise be required to be done from the JDeveloper and SOA composite being redeployed.
BPEL Process
BPEL Workflow level global variables
Java Code for the java embedding activity 1
|
Approval Task Details.
Manager Approval and Skip Condition
Role Owners Approval and Skip Condition
Dynamic Voted Outcome
Java Code for the java embedding activity 2
try {
String oimUserName =
"";
String oimPassword =
"";
oracle.security.jps.JpsContext ctx =
oracle.security.jps.JpsContextFactory
.getContextFactory().getContext();
final
oracle.security.jps.service.credstore.CredentialStore cs =
(oracle.security.jps.service.credstore.CredentialStore) ctx
.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);
oracle.security.jps.service.credstore.CredentialMap cmap = cs
.getCredentialMap("oracle.oim.sysadminMap");
oracle.security.jps.service.credstore.Credential cred = cmap
.getCredential("sysadmin");
if (cred instanceof
oracle.security.jps.service.credstore.PasswordCredential) {
oracle.security.jps.service.credstore.PasswordCredential pcred =
(oracle.security.jps.service.credstore.PasswordCredential) cred;
char[] p =
pcred.getPassword();
oimUserName = pcred.getName();
oimPassword =
new String(p);
}
String oimURL =
"t3s://localhost:443/oim";
String roleApprover =
"xelsysadm";
java.util.Hashtable
env = new java.util.Hashtable();
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_FACTORY_INITIAL,
oracle.iam.platform.OIMClient.WLS_CONTEXT_FACTORY);
env.put(oracle.iam.platform.OIMClient.JAVA_NAMING_PROVIDER_URL,
oimURL);
oracle.iam.platform.OIMClient client = new
oracle.iam.platform.OIMClient(
env);
System.out.println("Before Login");
client.login(oimUserName, oimPassword.toCharArray());
System.out.println("Login Successful");
oracle.iam.request.api.RequestService
reqSvc = client
.getService(oracle.iam.request.api.RequestService.class);
oracle.iam.identity.rolemgmt.api.RoleManager roleSvc = client
.getService(oracle.iam.identity.rolemgmt.api.RoleManager.class);
oracle.iam.identity.usermgmt.api.UserManager usersvc = client
.getService(oracle.iam.identity.usermgmt.api.UserManager.class);
// Code for
sending e-mail Notification
oracle.iam.notification.api.NotificationService notsvc = client
.getService(oracle.iam.notification.api.NotificationService.class);
// Code for
sending e-mail Notification
Object reqIdXMLElem =
getVariableData("inputVariable", "payload",
"/ns3:process/ns4:RequestID");
String reqId =
((oracle.xml.parser.v2.XMLElement) reqIdXMLElem)
.getText();
System.out.println("The
request ID is " + reqId);
oracle.iam.request.vo.Request req = reqSvc
.getBasicRequestData(reqId);
System.out.println("req--->" + req);
String requesterID =
req.getRequesterKey();
System.out.println("requesterID ->" + requesterID);
java.util.List<oracle.iam.request.vo.Beneficiary> beneficiaries
= req
.getBeneficiaries();
System.out.println("beneficiaries----->" +
beneficiaries);
if (beneficiaries !=
null) {
for
(oracle.iam.request.vo.Beneficiary benf : beneficiaries) {
String beneficiaryID = benf.getBeneficiaryKey();
System.out.println(" beneficiaryID->" + beneficiaryID);
oracle.iam.identity.usermgmt.vo.User user1 = usersvc
.getDetails(benf.getBeneficiaryKey(), null, false);
System.out.println("user1------>" + user1);
java.util.HashMap userMap = user1.getAttributes();
System.out.println("userMap ->" + userMap);
String mgrKey = userMap.get("usr_manager_key").toString();
System.out.println("mgrKey ->" + mgrKey);
java.util.List<oracle.iam.request.vo.RequestBeneficiaryEntity>
rbes = benf
.getTargetEntities();
for
(oracle.iam.request.vo.RequestBeneficiaryEntity rbe : rbes) {
String key = rbe.getEntityKey();
System.out.println("key---->"
+ key);
String type = rbe.getEntityType();
System.out.println("type---->" + type);
if
(type.equalsIgnoreCase("Role")) {
System.out.println("type is role");
oracle.iam.identity.rolemgmt.vo.Role role = roleSvc
.getDetails(key, null);
//setVariableData("sysadmin-notify-only", "true");
// Code for
sending e-mail Notification
String
adminNotify="false";
adminNotify=(String)getVariableData("sysadmin-notify-only");
if(adminNotify.equalsIgnoreCase("true"))
{
String userLogin=userMap.get("User Login").toString();
System.out.println("usrLogin ->" +userLogin);
//get sysadmin login
String
sysAdminLogin="xelsysadm";
//get role name
String roleName=null;
roleName=role.getAttribute(oracle.iam.identity.rolemgmt.api.RoleManagerConstants.ROLE_DISPLAY_NAME).toString();
System.out.println("Role Name"+ roleName);
//get requester display name
oracle.iam.identity.usermgmt.api.UserManager requesterservice = client
.getService(oracle.iam.identity.usermgmt.api.UserManager.class);
System.out.println("Requester ID "+requesterID);
oracle.iam.identity.usermgmt.vo.User
requester = usersvc.getDetails(requesterID, null, false);
java.util.HashMap requesterMap = requester.getAttributes();
System.out.println("requesterMap
->" + requesterMap);
String requesterDisplayName=requesterMap.get("First
Name").toString()+" "+requesterMap.get("Last
Name").toString();
System.out.println("requester
Full Name ->" +requesterDisplayName);
oracle.iam.notification.vo.NotificationEvent notevent = new
oracle.iam.notification.vo.NotificationEvent();
String[] receiverUserIds= {sysAdminLogin};
notevent.setUserIds(receiverUserIds);
notevent.setTemplateName("SystemAdminNotification");
java.util.HashMap templateParams = new java.util.HashMap();
templateParams.put("usr_key",beneficiaryID);
templateParams.put("request_id",reqId);
templateParams.put("role_name",roleName);
templateParams.put("requester_name",requesterDisplayName);
notevent.setSender(null);
notevent.setParams(templateParams);
System.out.println("Sending Notification");
notsvc.notify(notevent);
//End of Code for sending e-mail notification
} // End of adminNotify if condition
}
}//
End RequestBeneficiaryEntity for loop
} // End
beneficiaries for loop
} // End if
} catch (Exception e) {
System.out.println("----------------------");
e.printStackTrace();
System.out.println("----------------------");
}
|
