此处描述了开发 virtual member manager 应用程序的程序员所需的通用方法、先决条件步骤以及其他信息。
您必须首先导入 virtual member manager 包和其他相关包,然后才将 virtual member manager 功能集成到您的应用程序。以下代码示例显示了必须导入的包,以及如何定义类。
import java.util.Hashtable;
import java.util.List;
import com.ibm.websphere.wim.SchemaConstants;
import com.ibm.websphere.wim.Service;
import com.ibm.websphere.wim.client.LocalServiceProvider;
import com.ibm.websphere.wim.ras.WIMTraceHelper;
import java.security.PrivilegedActionException;
import java.security.PrivilegedExceptionAction;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import com.ibm.websphere.security.auth.WSSubject;
import com.ibm.websphere.security.auth.callback.WSCallbackHandlerImpl;
import commonj.sdo.DataObject;
如果您的应用程序运行在 WebSphere Application Server 中,那么您可以从远程 EJB 获取 virtual member manager 服务,或者从本地 JVM 中获取。
以下样本基本应用程序包含 locateService() 方法,这些方法显示了如何获取 virtual member manager 服务以及各种 virtual member manager 操作的代码样本中使用的其他通用方法。将以下代码中以斜体显示的变量替换为您需要的实际值。
/**
* This is a base application which defines common methods that are
* used by other code samples.
**/
public class BaseApp implements SchemaConstants
{
/**
* Common variable declaration: update based on the environment
**/
static final String HOST = "localhost"; // host name of the WebSphere Application Server
static final String BOOTSTRAP_PORT = "2809"; // Bootstrap/RMI port number
// Virtual member manager service that is used to make API calls
static Service service = null;
/**
* Locates virtual member manager service using a remote EJB
* @param ejbJndiName JNDI name of the EJB.
* Default EJB name is "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome"
**/
public static Service locateService(String ejbJndiName)
{
try {
// Remote access virtual member manager Service EJB
Hashtable environment = new Hashtable();
String providerURL = "corbaloc:iiop:" + HOST + ":" + BOOTSTRAP_PORT;
environment.put(LocalServiceProvider.PROVIDER_URL, providerURL);
if (ejbJndiName == null) {
ejbJndiName = "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome";
}
environment.put(LocalServiceProvider.EJB_JNDI_NAME, ejbJndiName);
service = new LocalServiceProvider(environment);
}
catch (Exception e) {
e.printStackTrace();
}
return service;
}
/**
* Locates virtual member manager service in local JVM
**/
public static Service locateService()
{
try {
// Local access virtual member manager Service
return new LocalServiceProvider(null);
}
catch (Exception e) {
e.printStackTrace();
}
return null;
}
/**
* Runs action as specified user
* @param user user name
* @param password password of the user
* @param action Action to invoke after successful login of the user
* @return Object returned by the action
**/
public static Object runAsUser(String user, String password, PrivilegedExceptionAction action) throws Exception
{
LoginContext loginContext;
Subject subject;
// Login using the userid and password that was passed, which has the required role
loginContext = new LoginContext("WSLogin", new WSCallbackHandlerImpl(user, "", password));
loginContext.login();
subject = loginContext.getSubject();
try {
return WSSubject.doAs(subject, action);
}
catch (PrivilegedActionException excp) {
throw (Exception) excp.getCause();
}
}
public static String printDO(DataObject obj)
{
return WIMTraceHelper.printDataObject(obj);
}
/**
* Loop through the entities in the DataObject and print its uniqueName
* @param root input DataObject
*/
@SuppressWarnings("unchecked")
public static void printIdentifiers(DataObject root) throws Exception
{
// Get all entities in the DataObject
List entities = root.getList(SchemaConstants.DO_ENTITIES);
for (int i = 0; i < entities.size(); i++) {
DataObject ent = (DataObject) entities.get(i);
// Get the entity Identifier
DataObject id = ent.getDataObject(SchemaConstants.DO_IDENTIFIER);
if (id != null) {
String uniqueName = id.getString(SchemaConstants.PROP_UNIQUE_NAME);
System.out.println("UniqueName is -> " +uniqueName);
}
else {
System.out.println("Missing Identifier");
}
}
}
}
org.eclipse.emf.ecore.EPackage.Registry.INSTANCE=com.ibm.ws.wim.util.VMMEMFGlobalDelegatorRegistry
如果没有设置此系统属性,缺省 EMF 实施有效,此实施不支持多安全域环境,且可能会损坏 EMF 模式,可能会发生模式违例错误。各种 virtual member manager 操作中的代码样本会使用 BaseApp 类中定义的方法。有关如何进行 API 调用的指示信息,请参阅代码示例。
要在您的应用程序代码中调用 virtual member manager API,必须为您分配以下其中一个角色:
WebSphere Application Server 管理员角色。
通过使用联合存储库管理权限分配的 virtual member manager 角色。
有关预定义的 virtual member manager 角色的更多信息,请参阅提供安全性中的“将用户和组映射到角色以分配联合存储库的管理权限”部分。
有关如何将用户或组分配给预定义的 virtual member manager 角色的信息,请阅读 WebSphere Application Server 信息中心的“AdminTask 对象的 IdMgrConfig 命令组”主题中有关 mapIdMgrUserToRole、mapIdMgrGroupToRole、removeIdMgrUsersFromRole、removeIdMgrGroupsFromRole、listIdMgrUsersForRoles 和 listIdMgrGroupsForRoles 命令的内容。
有关端到端示例方案,请参阅使用联合存储库管理权限的样本代码主题。
检查您的类路径设置,以确保其中包含用于编译代码的正确 Java 归档 (JAR) 文件。
如果应用程序代码在 WebSphere Application Server 中作为应用程序或 servlet 运行,那么将隐式使用用于访问 virtual member manager API 的 Subject 参数以及其他参数,并且这些参数会与部署应用程序所在的服务器或进程的参数相同。
如果应用程序在 WebSphere Application Server 的外部运行(例如,从 WebSphere Application Server 客户机中运行),那么在运行您的已编译代码时,请使用以下 JVM 参数。将以下参数中以斜体显示的变量替换为您需要的实际值。
-Djava.security.auth.login.config=<WAS_HOME>/properties/wsjaas_client.conf
-Dcom.ibm.CORBA.ConfigURL=<WAS_HOME_URL>/properties/sas.client.props
-Dcom.ibm.SSL.ConfigURL=<WAS_HOME_URL>/properties/ssl.client.props
仅当您必须覆盖 CORBA 属性文件中指定的凭证时,才使用以下参数:
-Dcom.ibm.CORBA.loginSource=properties
-Dcom.ibm.CORBA.loginUserid=AdminUserId
-Dcom.ibm.CORBA.loginPassword=Admin Password
-Djava.security.auth.login.config=C:/Progra~1/IBM/WebSphere/AppClient/properties/wsjaas_client.conf
-Dcom.ibm.CORBA.ConfigURL=file:/Progra~1/IBM/WebSphere/AppClient/properties/sas.client.props
-Dcom.ibm.SSL.ConfigURL=file:/Progra~1/IBM/WebSphere/AppClient/properties/ssl.client.props
-Dcom.ibm.CORBA.loginSource=properties
-Dcom.ibm.CORBA.loginUserid=admin
-Dcom.ibm.CORBA.loginPassword=admin