处理用户、组、组成员和组成员资格的样本代码

使用端到端样本代码和数据图执行涉及用户、组、组成员和组成员资格的基本操作。

此样本场景中包含以下步骤:

  1. 使用 create 方法通过添加实体类型为 PersonAccount 的实体来创建用户。
  2. 使用 create 方法通过添加实体类型为 Group 的实体来创建组。
  3. 使用 update 方法将用户添加到组。
  4. 使用 get 方法和 GroupMemberControl 获取组的成员。
  5. 使用 get 方法和 GroupMembershipControl 获取用户所属的(组成员资格)组。
  6. 使用 update 方法和 GroupMemberControl 从组中移除用户。有关使用 GroupMembershipControl 从组中移除用户的样本代码,请参阅主题用于从组中移除用户的样本代码
  7. 使用 delete 方法删除用户。
  8. 使用 delete 方法删除组。

必备条件

确保已阅读主题编程先决条件中所述的信息并完成其中描述的步骤。

样本代码

将以下端到端样本代码添加到应用程序代码,并将变量替换为要使用的实际值。

public class UserAndGroupSample extends BaseApp
{
    // Define users and groups DNs
    private static String user1Dn = "uid=user1,o=defaultWIMFileBasedRealm";
    private static String user2Dn = "uid=user2,o=defaultWIMFileBasedRealm";
    private static String group1Dn = "cn=group1,o=defaultWIMFileBasedRealm";
    private static String group2Dn = "cn=group2,o=defaultWIMFileBasedRealm";
    private static String EJB_JNDI_NAME = "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome";

    /** 
     *  This sample does the following operations:
     *  Creates a user 
     *  Creates a group
     *  Assigns the user to the group
     *  Gets the group members
     *  Gets the group membership
     *  Removes the user from the group
     *  Deletes a user
     *  Deletes a group
     */
    public static void main(String[] args) throws Exception
    {
        // Initialize the profile service
        locateService(EJB_JNDI_NAME);
        // Create a user and a group respectively
        addPersonAccount("user1","user1cn","user1sn");
        addGroup("group1");
        // Add the member user1 to the group
        addMemberToGroup(user1Dn,group1Dn);
        // Get the group members
        getGroupMembers(group1Dn);
        // Get the group membership
        getGroupMembership(user1Dn);
        // Remove the member user1 from the group
        removeMemberFromGroup(user1Dn,group1Dn);
        // Delete the user1
        deleteEntity(user1Dn);
        // Delete the group1
        deleteEntity(group1Dn);
    }
	
    /** 
     *  addPersonAccount 
     *  Adds an entity of PersonAccount entity type
     *  @param uid value to be set
     *  @param cn value to be set
     *  @param sn value to be set
     */
    public static void addPersonAccount(String uid, String cn, String sn)
    {
        try
        {
            DataObject root = SDOHelper.createRootDataObject();            DataObject entity = SDOHelper.createEntityDataObject(root, null, 
                    SchemaConstants.DO_PERSON_ACCOUNT);
            // Set the properties of the person
            entity.set("uid", uid);
            entity.set("cn", cn);
            entity.set("sn", sn);
            System.out.println("Input data graph before creating user"+ printDO(root));
            // Create the PersonAccount entity
            root = service.create(root); 
            System.out.println("Output data graph after creating user"+ printDO(root));
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }
    
    /**
     *  addGroup Adds an entity of type Group
     *  @param cn value to be set
     */
    public static void addGroup(String cn)
    {
        try
        {
            DataObject root = SDOHelper.createRootDataObject();            DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
            // Set the cn of the group
            entity.set("cn", cn);
            System.out.println("Input data graph before creating group"+ printDO(root));
            // Create the group entity
            root = service.create(root); 
            System.out.println("Output data graph after creating group"+ printDO(root));
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     *  addMemberToGroup adds a user to the group	
     *  @param memberDn uniqueName of the member
     *  @param groupDn uniqueName of the group
     */
    public static void addMemberToGroup(String memberDn, String groupDn)
    {
        try
        {
            DataObject root = SDOHelper.createRootDataObject();            DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
            // Set the group uniqueName
            entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
                    groupDn);
            DataObject member1 = SDOHelper.createDataObject(SchemaConstants.WIM_NS_URI, 
                    SchemaConstants.DO_ENTITY);
            // Set the member uniqueName
            member1.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME,
                    memberDn);
            // Add the member to the group
            entity.getList(SchemaConstants.DO_MEMBERS).add(member1);
            System.out.println("Input datagraph before adding member to group"+ printDO(root));
            // Update the group
            root = service.update(root);            System.out.println("Output datagraph after adding member to group"+ printDO(root));
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }
    
    /**
     *  getGroupMembers Returns the members of the group
     *  @param groupDn uniqueName of the group 
     */
    public static void getGroupMembers(String groupDn)
    {
        try
        {
            DataObject root = SDOHelper.createRootDataObject();            DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
            // Set the group uniqueName
            entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
                    groupDn);
            // Set the property control
            DataObject propCtrl = SDOHelper.createControlDataObject(root, null, 
                    SchemaConstants.DO_PROPERTY_CONTROL);
            //Retrieve the cn of group whose members need to be searched
            propCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn");
            // Set the group member control
            DataObject grpMbrCtrl = SDOHelper.createControlDataObject(root, null, 
                    SchemaConstants.DO_GROUP_MEMBER_CONTROL); 
            // Retrieve cn and uid attributes for all members
            grpMbrCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn");
            grpMbrCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("uid");
            System.out.println("Input data graph before getting group members"+ printDO(root));
            // Get the members of the group
            root = service.get(root);		            System.out.println("Output data graph after getting group members"+ printDO(root));
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     *  getGroupMembership Gets the groups to which the user belongs
     *  @param memberDn uniqueName of the user
     */
    public static void getGroupMembership(String memberDn)
    {
        try
        {
            DataObject root = SDOHelper.createRootDataObject();            DataObject entity = SDOHelper.createEntityDataObject(root, null, 
                    SchemaConstants.DO_PERSON_ACCOUNT);
            // Set the uniqueName of the group
            entity.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME, 
                    memberDn);
            // Set the Group membership control
            DataObject grpMbrshipCtrl = SDOHelper.createControlDataObject(root, null, 
                    SchemaConstants.DO_GROUP_MEMBERSHIP_CONTROL);
            // Set the property of level to retrieve all the nested entities
            grpMbrshipCtrl.setInt(SchemaConstants.PROP_LEVEL, SchemaConstants.PROP_LEVEL_NESTED);
            // Retrieve cn attribute for all groups
            grpMbrshipCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn");
            System.out.println("Input data graph before getting group membership of user"+ printDO(root));
            // Get the members of the group
            root = service.get(root);		            System.out.println("Output data graph after getting group membership of user"+ printDO(root));
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }
    
    /**
     *  removeMemberFromGroup remove the user from the group
     *  @param memberDn uniqueName of the user
     *  @param groupDn uniqueName of the group
     */
    public static void removeMemberFromGroup(String memberDn, String groupDn)
    {
        try
        {
            DataObject root = SDOHelper.createRootDataObject();            DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
            // Set the uniqueName of the group
            entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
                    groupDn);
            DataObject member1 = SDOHelper.createDataObject(SchemaConstants.WIM_NS_URI, 
                    SchemaConstants.DO_ENTITY);
            // Set the member uniqueName to be removed
            member1.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME,
                    memberDn);
            // Retrieve the member to remove it from the group
            entity.getList(SchemaConstants.DO_MEMBERS).add(member1);
            // Set the group member control
            DataObject grpMbrCtrl = SDOHelper.createControlDataObject(root, null, 
                    SchemaConstants.DO_GROUP_MEMBER_CONTROL);
            // Unassign mode to remove the member from the group
            grpMbrCtrl.setInt(SchemaConstants.PROP_MODIFY_MODE, SchemaConstants.VALUE_MODIFY_MODE_UNASSIGN); 
            System.out.println("Input datagraph before removing member from group"+ printDO(root));
            // Update the group to remove the member
            root = service.update(root);            System.out.println("Output datagraph after removing member from group"+ printDO(root));
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }

    /**
     *  deleteEntity Deletes the given entity
     *  @param entityName
     */
    public static void deleteEntity(String entityName)
    {
        try
        {
            DataObject root = SDOHelper.createRootDataObject();            DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_ENTITY);
            // Set the delete control
            DataObject ctrl = SDOHelper.createControlDataObject(root, null, 
                    SchemaConstants.DO_DELETE_CONTROL);
            // Set the return property after deletion
            ctrl.setBoolean(SchemaConstants.PROP_RETURN_DELETED, true);
            // Set the uniqueName of the entity to be deleted
            entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
                    entityName);
            System.out.println("Input data graph before deleting entity"+ printDO(root));
            // Delete the entity
            root  = service.delete(root);            System.out.println("Output data graph after deleting entity"+ printDO(root));
        }
        catch (Exception e) {
            e.printStackTrace();
        }
    }
}

输入和输出数据图

下面提供了此示例中每个步骤的输入数据图和生成的输出数据图。

创建用户(即实体类型为 PersonAccount 的实体)的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:PersonAccount">
      <wim:uid>user1</wim:uid>
      <wim:cn>user1cn</wim:cn>
      <wim:sn>user1sn</wim:sn>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
创建用户后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:PersonAccount">
      <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
创建组(即实体类型为 Group 的实体)的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:cn>group1</wim:cn>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
创建组后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
将用户添加到组的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
      <wim:members>
        <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
      </wim:members>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
将用户添加到组后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
使用 GroupMemberControl 获取组成员的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
    <wim:controls xsi:type="wim:PropertyControl">
      <wim:properties>cn</wim:properties>
    </wim:controls>
    <wim:controls xsi:type="wim:GroupMemberControl">
      <wim:properties>cn</wim:properties>
      <wim:properties>uid</wim:properties>
    </wim:controls>
  </wim:Root>
</sdo:datagraph>
获取组成员后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
      <wim:cn>group1</wim:cn>
      <wim:members xsi:type="wim:PersonAccount">
        <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
            uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
        <wim:uid>user1</wim:uid>
        <wim:cn>user1cn</wim:cn>
      </wim:members>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
使用 GroupMembershipControl 获取用户所属(组成员资格)组的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:PersonAccount">
      <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
    <wim:controls xsi:type="wim:GroupMembershipControl">
      <wim:properties>cn</wim:properties>
    </wim:controls>
  </wim:Root>
</sdo:datagraph>
获取用户所属组后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:PersonAccount">
      <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
      <wim:groups>
        <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
            uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
        <wim:cn>group1</wim:cn>
      </wim:groups>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
使用 GroupMemberControl 从组中移除成员的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
      <wim:members>
        <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
      </wim:members>
    </wim:entities>
    <wim:controls xsi:type="wim:GroupMemberControl" modifyMode="3"/>
  </wim:Root>
</sdo:datagraph>
从组中移除成员后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
删除用户的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities>
      <wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
    <wim:controls xsi:type="wim:DeleteControl" returnDeleted="true"/>
  </wim:Root>
</sdo:datagraph>
删除用户后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:PersonAccount">
      <wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>
删除组的输入数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities>
      <wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
    <wim:controls xsi:type="wim:DeleteControl" returnDeleted="true"/>
  </wim:Root>
</sdo:datagraph>
删除组后的输出数据图:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
  <wim:Root>
    <wim:entities xsi:type="wim:Group">
      <wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
          uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
    </wim:entities>
  </wim:Root>
</sdo:datagraph>


使用条款 | 反馈