Sample code for working with users, groups, group members, and group memberships
Use the end-to-end sample code and data graphs for basic operations involving users, groups, group members, and group memberships.
The following steps are covered in this sample scenario:
- Create a user by adding an entity of PersonAccount entity type by using the create method.
- Create a group by adding an entity of Group entity type by using the create method.
- Add the user to the group by using the update method.
- Get the members of the group by using the get method and GroupMemberControl.
- Get the groups to which the user belongs (group membership) by using the get method and GroupMembershipControl.
- Remove the user from the group by using the update method and GroupMemberControl. For sample code to remove the user from a group by using the GroupMembershipControl, see the topic Sample code for removing users from a group.
- Delete the user by using the delete method.
- Delete the group by using the delete method.
Prerequisites
Ensure that you have read the information and completed the steps described in the topic, Programming prerequisites.
Sample code
Add the following end-to-end sample code to your application code and replace the variables with the actual values that you want to use.
public class UserAndGroupSample extends BaseApp
{
// Define users and groups DNs
private static String user1Dn = "uid=user1,o=defaultWIMFileBasedRealm";
private static String user2Dn = "uid=user2,o=defaultWIMFileBasedRealm";
private static String group1Dn = "cn=group1,o=defaultWIMFileBasedRealm";
private static String group2Dn = "cn=group2,o=defaultWIMFileBasedRealm";
private static String EJB_JNDI_NAME = "ejb/com/ibm/websphere/wim/ejb/WIMServiceHome";
/**
* This sample does the following operations:
* Creates a user
* Creates a group
* Assigns the user to the group
* Gets the group members
* Gets the group membership
* Removes the user from the group
* Deletes a user
* Deletes a group
*/
public static void main(String[] args) throws Exception
{
// Initialize the profile service
locateService(EJB_JNDI_NAME);
// Create a user and a group respectively
addPersonAccount("user1","user1cn","user1sn");
addGroup("group1");
// Add the member user1 to the group
addMemberToGroup(user1Dn,group1Dn);
// Get the group members
getGroupMembers(group1Dn);
// Get the group membership
getGroupMembership(user1Dn);
// Remove the member user1 from the group
removeMemberFromGroup(user1Dn,group1Dn);
// Delete the user1
deleteEntity(user1Dn);
// Delete the group1
deleteEntity(group1Dn);
}
/**
* addPersonAccount
* Adds an entity of PersonAccount entity type
* @param uid value to be set
* @param cn value to be set
* @param sn value to be set
*/
public static void addPersonAccount(String uid, String cn, String sn)
{
try
{
DataObject root = SDOHelper.createRootDataObject();
DataObject entity = SDOHelper.createEntityDataObject(root, null,
SchemaConstants.DO_PERSON_ACCOUNT);
// Set the properties of the person
entity.set("uid", uid);
entity.set("cn", cn);
entity.set("sn", sn);
System.out.println("Input data graph before creating user"+ printDO(root));
// Create the PersonAccount entity
root = service.create(root);
System.out.println("Output data graph after creating user"+ printDO(root));
}
catch(Exception e)
{
e.printStackTrace();
}
}
/**
* addGroup Adds an entity of type Group
* @param cn value to be set
*/
public static void addGroup(String cn)
{
try
{
DataObject root = SDOHelper.createRootDataObject();
DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
// Set the cn of the group
entity.set("cn", cn);
System.out.println("Input data graph before creating group"+ printDO(root));
// Create the group entity
root = service.create(root);
System.out.println("Output data graph after creating group"+ printDO(root));
}
catch(Exception e)
{
e.printStackTrace();
}
}
/**
* addMemberToGroup adds a user to the group
* @param memberDn uniqueName of the member
* @param groupDn uniqueName of the group
*/
public static void addMemberToGroup(String memberDn, String groupDn)
{
try
{
DataObject root = SDOHelper.createRootDataObject();
DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
// Set the group uniqueName
entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
groupDn);
DataObject member1 = SDOHelper.createDataObject(SchemaConstants.WIM_NS_URI,
SchemaConstants.DO_ENTITY);
// Set the member uniqueName
member1.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME,
memberDn);
// Add the member to the group
entity.getList(SchemaConstants.DO_MEMBERS).add(member1);
System.out.println("Input datagraph before adding member to group"+ printDO(root));
// Update the group
root = service.update(root);
System.out.println("Output datagraph after adding member to group"+ printDO(root));
}
catch(Exception e)
{
e.printStackTrace();
}
}
/**
* getGroupMembers Returns the members of the group
* @param groupDn uniqueName of the group
*/
public static void getGroupMembers(String groupDn)
{
try
{
DataObject root = SDOHelper.createRootDataObject();
DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
// Set the group uniqueName
entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
groupDn);
// Set the property control
DataObject propCtrl = SDOHelper.createControlDataObject(root, null,
SchemaConstants.DO_PROPERTY_CONTROL);
//Retrieve the cn of group whose members need to be searched
propCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn");
// Set the group member control
DataObject grpMbrCtrl = SDOHelper.createControlDataObject(root, null,
SchemaConstants.DO_GROUP_MEMBER_CONTROL);
// Retrieve cn and uid attributes for all members
grpMbrCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn");
grpMbrCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("uid");
System.out.println("Input data graph before getting group members"+ printDO(root));
// Get the members of the group
root = service.get(root);
System.out.println("Output data graph after getting group members"+ printDO(root));
}
catch(Exception e)
{
e.printStackTrace();
}
}
/**
* getGroupMembership Gets the groups to which the user belongs
* @param memberDn uniqueName of the user
*/
public static void getGroupMembership(String memberDn)
{
try
{
DataObject root = SDOHelper.createRootDataObject();
DataObject entity = SDOHelper.createEntityDataObject(root, null,
SchemaConstants.DO_PERSON_ACCOUNT);
// Set the uniqueName of the group
entity.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME,
memberDn);
// Set the Group membership control
DataObject grpMbrshipCtrl = SDOHelper.createControlDataObject(root, null,
SchemaConstants.DO_GROUP_MEMBERSHIP_CONTROL);
// Set the property of level to retrieve all the nested entities
grpMbrshipCtrl.setInt(SchemaConstants.PROP_LEVEL, SchemaConstants.PROP_LEVEL_NESTED);
// Retrieve cn attribute for all groups
grpMbrshipCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn");
System.out.println("Input data graph before getting group membership of user"+ printDO(root));
// Get the members of the group
root = service.get(root);
System.out.println("Output data graph after getting group membership of user"+ printDO(root));
}
catch(Exception e)
{
e.printStackTrace();
}
}
/**
* removeMemberFromGroup remove the user from the group
* @param memberDn uniqueName of the user
* @param groupDn uniqueName of the group
*/
public static void removeMemberFromGroup(String memberDn, String groupDn)
{
try
{
DataObject root = SDOHelper.createRootDataObject();
DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_GROUP);
// Set the uniqueName of the group
entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
groupDn);
DataObject member1 = SDOHelper.createDataObject(SchemaConstants.WIM_NS_URI,
SchemaConstants.DO_ENTITY);
// Set the member uniqueName to be removed
member1.createDataObject(SchemaConstants.DO_IDENTIFIER).setString(SchemaConstants.PROP_UNIQUE_NAME,
memberDn);
// Retrieve the member to remove it from the group
entity.getList(SchemaConstants.DO_MEMBERS).add(member1);
// Set the group member control
DataObject grpMbrCtrl = SDOHelper.createControlDataObject(root, null,
SchemaConstants.DO_GROUP_MEMBER_CONTROL);
// Unassign mode to remove the member from the group
grpMbrCtrl.setInt(SchemaConstants.PROP_MODIFY_MODE, SchemaConstants.VALUE_MODIFY_MODE_UNASSIGN);
System.out.println("Input datagraph before removing member from group"+ printDO(root));
// Update the group to remove the member
root = service.update(root);
System.out.println("Output datagraph after removing member from group"+ printDO(root));
}
catch(Exception e)
{
e.printStackTrace();
}
}
/**
* deleteEntity Deletes the given entity
* @param entityName
*/
public static void deleteEntity(String entityName)
{
try
{
DataObject root = SDOHelper.createRootDataObject();
DataObject entity = SDOHelper.createEntityDataObject(root, null, SchemaConstants.DO_ENTITY);
// Set the delete control
DataObject ctrl = SDOHelper.createControlDataObject(root, null,
SchemaConstants.DO_DELETE_CONTROL);
// Set the return property after deletion
ctrl.setBoolean(SchemaConstants.PROP_RETURN_DELETED, true);
// Set the uniqueName of the entity to be deleted
entity.createDataObject(SchemaConstants.DO_IDENTIFIER).set(SchemaConstants.PROP_UNIQUE_NAME,
entityName);
System.out.println("Input data graph before deleting entity"+ printDO(root));
// Delete the entity
root = service.delete(root);
System.out.println("Output data graph after deleting entity"+ printDO(root));
}
catch(Exception e)
{
e.printStackTrace();
}
}
}
Input and output data graphs
The input data graphs and the resulting output data graphs for each step of this example are provided next.
Input data graph for creating a user, that is, an entity
of PersonAccount entity type:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:PersonAccount">
<wim:uid>user1</wim:uid>
<wim:cn>user1cn</wim:cn>
<wim:sn>user1sn</wim:sn>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Output data graph after creating
a user:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:PersonAccount">
<wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Input data graph for creating
a group, that is, an entity of Group entity type:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:cn>group1</wim:cn>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Ouput data graph after creating
a group:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Input data graph for adding
a user to a group:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
<wim:members>
<wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
</wim:members>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Output data graph after adding
a user to a group:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Input data graph for getting
the members of a group with the GroupMemberControl:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
<wim:controls xsi:type="wim:PropertyControl">
<wim:properties>cn</wim:properties>
</wim:controls>
<wim:controls xsi:type="wim:GroupMemberControl">
<wim:properties>cn</wim:properties>
<wim:properties>uid</wim:properties>
</wim:controls>
</wim:Root>
</sdo:datagraph>
Output data graph after getting
the members of a group:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
<wim:cn>group1</wim:cn>
<wim:members xsi:type="wim:PersonAccount">
<wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
<wim:uid>user1</wim:uid>
<wim:cn>user1cn</wim:cn>
</wim:members>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Input data graph for getting
the groups to which a user belongs (group membership) with the GroupMembershipControl:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:PersonAccount">
<wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
<wim:controls xsi:type="wim:GroupMembershipControl">
<wim:properties>cn</wim:properties>
</wim:controls>
</wim:Root>
</sdo:datagraph>
Output data graph after getting the
groups to which a user belongs:<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:PersonAccount">
<wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
<wim:groups>
<wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
<wim:cn>group1</wim:cn>
</wim:groups>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Input data graph for removing
a member from a group with the GroupMemberControl:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
<wim:members>
<wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
</wim:members>
</wim:entities>
<wim:controls xsi:type="wim:GroupMemberControl" modifyMode="3"/>
</wim:Root>
</sdo:datagraph>
Output data graph after removing
a member from a group:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Input data graph for deleting
a user:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities>
<wim:identifier uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
<wim:controls xsi:type="wim:DeleteControl" returnDeleted="true"/>
</wim:Root>
</sdo:datagraph>
Output data graph after deleting
a user:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:PersonAccount">
<wim:identifier externalName="uid=user1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="96f69bb7-8048-4417-b871-37ebe7362bea" uniqueName="uid=user1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
</wim:Root>
</sdo:datagraph>
Input data graph for deleting
a group:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities>
<wim:identifier uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
<wim:controls xsi:type="wim:DeleteControl" returnDeleted="true"/>
</wim:Root>
</sdo:datagraph>
Output data graph after deleting
a group:
<?xml version="1.0" encoding="UTF-8"?>
<sdo:datagraph xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:sdo="commonj.sdo" xmlns:wim="http://www.ibm.com/websphere/wim">
<wim:Root>
<wim:entities xsi:type="wim:Group">
<wim:identifier externalName="cn=group1,o=defaultWIMFileBasedRealm" repositoryId="InternalFileRepository"
uniqueId="a814ea28-1bfb-4093-b481-5bb128b4818a" uniqueName="cn=group1,o=defaultWIMFileBasedRealm"/>
</wim:entities>
</wim:Root>
</sdo:datagraph>