Creating the sub message flow

The Security Identity Propagation sample SecurityIdentitySubFlow message flow is supplied, but if you prefer to create the message flow yourself, use the following instructions:

  1. Create a new Message Broker project called SecurityIdentitySampleFlowProject.
  2. Create a new message flow called SecurityIdentitySubFlow in this project. For instructions, see Creating a message flow in the WebSphere Message Broker documentation.
  3. In the Message Flow editor, add and rename the nodes listed in the following table. For instructions, see Adding a node in the WebSphere Message Broker documentation.
    Palette drawers Node type Node name
    Construction Input Input
    Transformation Compute MapIdentity
    HTTP HTTPRequest HTTPRequest_AsID
    Transformation Compute ClrHdrs
    Construction Output Output
  4. Connect the nodes together in the order listed in the preceding table. For instructions, see Connecting nodes in the WebSphere Message Broker documentation.
    To check that you have connected the nodes together correctly, see the diagram in About the Security Propagation sample.
  5. In the Message Flow editor, double-click the MapIdentity Compute node to open the ESQL editor. Copy and paste the following ESQL code modules to the ESQL file, then save the file. For more information, see Developing ESQL in the WebSphere Message Broker documentation.
    	CREATE FUNCTION Main() RETURNS BOOLEAN
    	BEGIN
    		CALL CopyEntireMessage();
    		-- Set the Mapped Identity if the Input message includes the "flag" 
    		-- to trigger Identity Mapping
    		DECLARE MapIdActionsRef REFERENCE TO InputRoot.XMLNSC.Envelope.Body.MapIdentity;
    		IF lastmove(MapIdActionsRef) THEN
    			-- Create a username and password credential set
    			SET OutputRoot.Properties.IdentityMappedType = 'usernameAndPassword';
    			-- fold Source Username to lowercase
    			DECLARE lusername CHAR;
    			SET lusername = LCASE(InputRoot.Properties.IdentitySourceToken);
    			-- Username token is email address, created from the source username appended with "@company.com"
    			SET OutputRoot.Properties.IdentityMappedToken =  lusername || '@company.com';
    			-- Password is created as the source username prepended with "p_" and appended with current year
    			DECLARE yearStr CHAR;
    			SET yearStr = (EXTRACT(YEAR FROM CURRENT_TIMESTAMP));
    			SET OutputRoot.Properties.IdentityMappedPassword = 'p_' || lusername || yearStr;
    			-- Issuer is this module
    			SET OutputRoot.Properties.IdentityMappedIssuedBy = 'SecurityIdentitySubFlow_MapIdentity';
    		END IF;
    		RETURN TRUE;
    	END;
    	          
  6. In the Message Flow editor, double-click the ClrHdrs Compute node to open the ESQL editor. Copy and paste the following ESQL code modules to the ESQL file, then save the file. For more information, see Developing ESQL in the WebSphere Message Broker documentation.
    	CREATE FUNCTION Main() RETURNS BOOLEAN
    	BEGIN
    		CALL CopyEntireMessage();
            -- Clear the HTTP request headers from tree
    		SET OutputRoot.HTTPResponseHeader = NULL;
    		RETURN TRUE;
    	END;
              
  7. Save the message flow.

Back to Building the Security Identity Propagation sample

Back to sample home