Express (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Select a registry or repository > Manage realms in a federated repository > Virtual member manager > Develop with virtual member manager > Integrate virtual member manager into the application > Sample code
Sample code for getting nested groups
Use the sample code snippet and data graphs to get nested groups by using the get() method and GroupMembershipControl.
The sample code snippet and data graphs cover the following steps:
- Create two groups.
- Create a user.
- Add the user as a member of one of the new groups.
- Add the group as a member of the other new group.
- Get the group membership of the user by using the get() method and GroupMembershipControl.
Prerequisites
Ensure that we have read the information and completed the steps described in the topic, Program prerequisites.
We must have the configuration required to retrieve and manage nested groups. For information about these configuration settings, see the following topics:
Sample code
Add the following code snippet to the application code and replace the variables with the actual values to use.
/** * testNestedGroupsSnippet * This test does the following: * Creates two groups * Creates a user * Adds the user to group1 * Adds group1 as member of group2 * Gets the membership of the user */ public static void testNestedGroupsSnippet() { // Create two groups addGroup("group1"); addGroup("group2"); // Add a user addPersonAccount("user1","user1cn","user1sn"); // Add the member user1 to the group group1 addMemberToGroup(user1Dn,group1Dn); // Add group1 as member of group2 addMemberToGroup(group1Dn,group2Dn); // Get the user membership of the member user1 to check if it is member of both the groups 1 and 2 getGroupMembership(user1Dn); } /** * addGroup Adds an entity of type Group * @param cn value to be set */ public static void addGroup(String cn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP); // Set the cn of the group entity.set("cn", cn); System.out.println("Input data graph before creating group"+ printDO(root)); // Create the group entity root = service.create(root); System.out.println("Output data graph after creating group"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * addPersonAccount * Adds an entity of PersonAccount entity type * @param uid value to be set * @param cn value to be set * @param sn value to be set */ public static void addPersonAccount(String uid, String cn, String sn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_PERSON_ACCOUNT); // Set the properties of the person entity.set("uid", uid); entity.set("cn", cn); entity.set("sn", sn); System.out.println("Input data graph before creating user"+ printDO(root)); // Create the PersonAccount entity root = service.create(root); System.out.println("Output data graph after creating user"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * addMemberToGroup adds a user to the group * @param memberDn uniqueName of the group * @param groupDn uniqueName of the group */ public static void addMemberToGroup(String memberDn, String groupDn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP); // Set the group uniqueName entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME, groupDn); DataObject member1 = SDOHelper.createDataObject(SchemaConstants.WIM_NS_URI, SchemaConstants.DO_ENTITY); // Set the member uniqueName member1.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME, memberDn); // Add the member to the group entity.getList(SchemaConstants.DO_MEMBERS).add(member1); System.out.println("Input datagraph before adding member to group"+ printDO(root)); // Update the group root = service.update(root); System.out.println("Output datagraph after adding member to group"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } } /** * getGroupMembership gets the nested groups * @param memberDn uniqueName of the group */ public static void getGroupMembership(String memberDn) { try { DataObject root = SDOHelper.createRootDataObject(); DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_PERSON_ACCOUNT); // Set the uniqueName of the group entity.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME, memberDn); // Set the Group membership control DataObject grpMbrshipCtrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_GROUP_MEMBERSHIP_CONTROL); // Set the property of level to retrieve all the nested entities grpMbrshipCtrl.setInt(SchemaConstants.PROP_LEVEL, SchemaConstants.PROP_LEVEL_NESTED); // Retrieve cn attribute for all groups grpMbrshipCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn"); System.out.println("Input data graph before getting group membership of user"+ printDO(root)); // Get the members of the group root = service.get(root); System.out.println("Output data graph after getting group membership of user"+ printDO(root)); } catch(Exception e) { e.printStackTrace(); } }
Input and output data graphs
Input data graph for creating group1:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:cn>group1 </wim:cn> </wim:entities> </wim:Root> </sdo:datagraph>Output data graph after creating group1:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="30a09674-ec3b-449b-ab80-6090bcf5b9c4" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for creating group2:
Input datagraph before creating group <?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:cn>group2 </wim:cn> </wim:entities> </wim:Root> </sdo:datagraph>Output data graph after creating group2:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group2,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="95f83f2c-f477-4273-badd-acb7cf1773fe" uniqueName="cn=group2,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for creating a user:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:uid>user1 </wim:uid> <wim:cn>user1cn </wim:cn> <wim:sn>user1sn </wim:sn> </wim:entities> </wim:Root> </sdo:datagraph>Output data graph after creating a user:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for adding a user to a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> <wim:members> <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:members> </wim:entities> </wim:Root> </sdo:datagraph>Output data graph after adding a user to a group:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for adding group1 as a member of group2:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier uniqueName="cn=group2,o=defaultWIMFileBasedRealm"/> <wim:members> <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> </wim:members> </wim:entities> </wim:Root> </sdo:datagraph>Output data graph after adding group1 as member of group2:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:Group"> <wim:identifier externalName="cn=group2,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="95f83f2c-f477-4273-badd-acb7cf1773fe" uniqueName="cn=group2,o=defaultWIMFileBasedRealm"/> </wim:entities> </wim:Root> </sdo:datagraph>Input data graph for getting the group membership of a user:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> </wim:entities> <wim:controls xsi:type="wim:GroupMembershipControl" level="0"> <wim:properties>cn </wim:properties> </wim:controls> </wim:Root> </sdo:datagraph>Output data graph after getting the group membership of a user, showing the groups to which the user belongs:
<?xml version="1.0" encoding="UTF-8"?> <sdo:datagraph xmlns:xsi="//www.w3.org/2001/XMLSchema-instance" xmlns:sdo="commonj.sdo" xmlns:wim="//www.ibm.com/websphere/wim"> <wim:Root> <wim:entities xsi:type="wim:PersonAccount"> <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="d8b05414-6965-456f-8284-3971515f8d32" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/> <wim:groups> <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="f882e5f4-083c-41b2-9475-232881df1933" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/> <wim:cn>group1 </wim:cn> </wim:groups> <wim:groups> <wim:identifier externalName="cn=group2,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository" uniqueId="385759ea-cc55-47c6-a788-0f15bcc1c011" uniqueName="cn=group2,o=defaultWIMFileBasedRealm"/> <wim:cn>group2 </wim:cn> </wim:groups> </wim:entities> </wim:Root> </sdo:datagraph>
Parent topic: Sample code