Sample code for extending schema across multiple security domains
The configuration steps, commands, sample code, and data graphs for extending property schema across multiple security domains are provided here.
The following steps are covered in the configuration commands and sample code snippets:
- Create multiple security domains.
- Map the security domains to specific application servers.
- Install the prerequisite system applications.
- Add new properties to each server instance.
- Perform search operations by using properties extended on different instances.
Prerequisites
Ensure that you have read the information and completed the steps described in the topic, Programming prerequisites, including the section, Extending property schema, which has information about propertySchema and extensionPropertySchema data objects and lists the valid syntax for property data types.
You must complete the following configuration steps before using the sample code in your application. Start the wsadmin tool and execute the following commands. Replace the variables with the actual values that you want to use.
- Create a base profile by using the WebSphere Application Server Profile Management Tool. Ensure that the Admin Security is enabled. A new application server is created, for example, server1.
- Add another server, for example, server2.
$AdminTask createApplicationServer nodeName {-name server2}
- Create a security domain.
$AdminTask copySecurityDomainFromGlobalSecurity {-securityDomainName domain1}
- Map this domain to the server2 created in step
2.
$AdminTask mapResourceToSecurityDomain { -securityDomainName domain1 -resourceName Cell=:Node=nodeName:Server=server2}
- In a multiple security domain environment, you can set the useGlobalSchema property
to use the global schema instead of the domain-specific schema. Global
schema refers to the schema of the admin domain. Application domains
that are set to use global schema share the same schema of the admin
domain. Hence, if you extend the schema for an application in one
domain, you must consider how that might affect applications of other
domains as they are also bound by the same schema. For example, adding
a mandatory property for one application might cause other applications
to fail.
If you want to use global schema, complete this step. If you want to use the domain-specific schema, then skip this step.
$AdminTask setIdMgrUseGlobalSchemaForModel { -useGlobalSchema true -securityDomainName domain1 }
- Install wim.ear as a system application on server1.
$AdminApp install app_server_root/systemApps/wim.ear { -appname wim -server server1 -systemApp}
- Install wimperdomain.ear as a normal application on server2.
In a multiple security domain environment, you must deploy virtual
member manager EJB on each target server, where the server scope is
associated with that security domain, to get a reference to the virtual
member manager instance in that domain. This procedure enables you
to call virtual member manager APIs through EJB for a specific domain.
Only users with the required access roles for virtual member manager
APIs or superusers in that domain can call the respective APIs.
$AdminApp install app_server_root/installableApps/wimperdomain.ear { -appname wimperdomain1 -BindJndiForEJBNonMessageBinding {{ wim.ejb WIMService wimejb.jar, META-INF/ejb-jar.xml ejbd1/com/ibm/websphere/wim/ejb/WIMServiceHome}} -MapModulesToServers {{ wim.ejb wimejb.jar,META-INF/ejb-jar.xml WebSphere:cell=cellName,node=nodeName,server=server2 }}}
- Save the configuration.
$AdminConfig save
Sample code
Add the following sample code to your application code as described in the following steps. Replace the variables with the actual values that you want to use.
- The following variable declarations are required for using the
methods in the sample code snippets given in the next steps. You can
add these declarations to your application code and replace the variables with
the actual values that you want to use.
//The service object that holds the virtual member manager ejb service reference for server1. private static Service service1 = null; //The service object that holds the virtual member manager ejb service reference for server2. private static Service service2 = null; //A string constant for the new property name to be added for server1. private static final String server1PropName = "postOfficeBox"; //A string constant for the new property name to be added for server2. private static final String server2PropName = "age";
- Start server1 using the startServer command.
- Use the following locateServices() method to
locate virtual member manager services running on WebSphere Application
Server on the local host. Ensure that the bootstrap port is correctly
specified in the locateServices() method.
/** * This method locates the virtual member manager services running on * WebSphere Application Sever on the localhost */ private static void locateServices() { // Remote access WIM Service EJB try { Hashtable<String, String> environment = new Hashtable<String, String>(); environment.put(LocalServiceProvider.PROVIDER_URL, "corbaloc:iiop:localhost:2814"); service1 = new LocalServiceProvider(environment); } catch (Exception e) { e.printStackTrace(); } try { Hashtable<String, String> environment = new Hashtable<String, String>(); environment.put(LocalServiceProvider.EJB_JNDI_NAME, "ejbd1/com/ibm/websphere/wim/ejb/WIMServiceHome"); environment.put(LocalServiceProvider.PROVIDER_URL, "corbaloc:iiop:localhost:2815"); service2 = new LocalServiceProvider(environment); } catch (Exception e) { e.printStackTrace(); } }
- Use the following createPropertyOnServer1() method
to add a new property to the server1 instance.
/** * This method adds the "postOfficeBox" property to "PersonAccount" entity type. */ private static void createPropertyOnServer1() { try { System.out.println("\nCreating new property type postOfficeBox and add it to existing entity type PersonAccount"); DataObject root = service1.createRootDataObject(); DataObject dynaSchemaDO = root.createDataObject(SchemaConstants.DO_SCHEMA); // Create new property schema data object DataObject propSchemaDO = dynaSchemaDO.createDataObject(SchemaConstants.DO_PROPERTY_SCHEMA); // Set the values for the property, such as, namespace URI, namespace prefix, property name propSchemaDO.set(SchemaConstants.PROP_NS_URI, SchemaConstants.WIM_NS_URI); propSchemaDO.set(SchemaConstants.PROP_PROPERTY_NAME, server1PropName); propSchemaDO.setBoolean(SchemaConstants.PROP_MULTI_VALUED, false); propSchemaDO.set(SchemaConstants.PROP_DATA_TYPE, SchemaConstants.DATA_TYPE_STRING); List applicableEntityTypes = propSchemaDO.getList(SchemaConstants.PROP_APPLICABLE_ENTITY_TYPE_NAMES); applicableEntityTypes.add(Service.DO_PERSON_ACCOUNT); System.out.println("Input datagraph -> " + printDO(root)); // Invoke the create schema API root = service1.createSchema(root); System.out.println("Output datagraph -> " + printDO(root)); System.out.println("\nCLIENT: new property type is created."); } catch (Exception e) { e.printStackTrace(); } }
- Stop server1 using the stopServer command.
- Start server2 using the startServer command.
- Use the following createPropertyOnServer2() method
to add a new property to the server2 instance.
/** * This method adds the "age" property to "PersonAccount" entity type. */ private static void createPropertyOnServer2() { try { System.out.println("\nCreating new property type age and add it to existing entity type Person"); DataObject root = service2.createRootDataObject(); DataObject dynaSchemaDO = root.createDataObject(SchemaConstants.DO_SCHEMA); // Create new property schema data object DataObject propSchemaDO = dynaSchemaDO.createDataObject(SchemaConstants.DO_PROPERTY_SCHEMA); // Set the values for the property, such as, namespace URI, namespace prefix, property name propSchemaDO.set(SchemaConstants.PROP_NS_URI, SchemaConstants.WIM_NS_URI); propSchemaDO.set(SchemaConstants.PROP_PROPERTY_NAME, server2PropName); propSchemaDO.setBoolean(SchemaConstants.PROP_MULTI_VALUED, false); propSchemaDO.set(SchemaConstants.PROP_DATA_TYPE, SchemaConstants.DATA_TYPE_INT); List applicableEntityTypes = propSchemaDO.getList(SchemaConstants.PROP_APPLICABLE_ENTITY_TYPE_NAMES); applicableEntityTypes.add(Service.DO_PERSON_ACCOUNT); SDOUtils.printDataGraph("Input datagraph", root); System.out.println("Input datagraph -> " + printDO(root)); // Invoke the create Schema API root = service2.createSchema(root); System.out.println("Output datagraph -> " + printDO(root)); System.out.println("New property type is created."); } catch (Exception e) { e.printStackTrace(); } }
- Stop server2 using the stopServer command.
- Start server2 and server1.
- Create entities with the new properties added in steps 4 and 7. For sample code to add new properties, see the topic Sample code for extending schema in the file repository.
- Use the following testSearchProperties() method
to perform search operations by using properties extended on different
instances.
/** * Method that runs different searches on different servers. */ private static void testSearchProperties() { // Search using the server1 property but using service1 System.out.println("Searching property '" + server1PropName + "' on server1"); searchserver1PropName(service1); // Utility stop to synchronize output pause(); // Search using the server1 property but using service2 System.out.println("Searching property '" + server1PropName + "' on server2"); searchserver1PropName(service2); // Utility stop to synchronize output pause(); // Search using the server2 property but using service2 System.out.println("Searching property '" + server2PropName + "' on server2"); searchserver2PropName(service2); // Utility stop to synchronize output pause(); // Search using the server2 property but using service1 System.out.println("Searching property '" + server2PropName + "' on server1"); searchserver2PropName(service1); } /** * A utility method added to ensure that the exception is flushed to the console * before starting with the next operation. */ private static void pause() { try { Thread.sleep(1000); } catch (InterruptedException e) { } } /** * Method to search on 'age' * @param service */ @SuppressWarnings("unchecked") private static void searchserver2PropName(Service service) { try { //Search DataObject root = SDOHelper.createRootDataObject(); DataObject searchCtrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_SEARCH_CONTROL); searchCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("uid"); searchCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("sn"); searchCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn"); searchCtrl.setString(SchemaConstants.PROP_SEARCH_EXPRESSION, "@xsi:type='PersonAccount' and " + server2PropName + " > 4"); root = service.search(root); System.out.println("Output datagraph -> " + printDO(root)); List searchResults = root.getList(SchemaConstants.DO_ENTITIES); for (int i = 0; i < searchResults.size(); i++) { DataObject ent = (DataObject) searchResults.get(i); DataObject id = ent.getDataObject(SchemaConstants.DO_IDENTIFIER); if (id != null) { String uniqueName = id.getString(SchemaConstants.PROP_UNIQUE_NAME); if (uniqueName != null) { System.out.println("Found -> " + ent.getString("cn") + "(" + uniqueName + ")"); } } } } catch (Exception e) { e.printStackTrace(); } } /** * Method to search on 'postOfficeBox' * @param service */ @SuppressWarnings("unchecked") private static void searchserver1PropName(Service service) { try { //Search DataObject root = SDOHelper.createRootDataObject(); DataObject searchCtrl = SDOHelper.createControlDataObject(root, null, SchemaConstants.DO_SEARCH_CONTROL); searchCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("uid"); searchCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("sn"); searchCtrl.getList(SchemaConstants.PROP_PROPERTIES).add("cn"); searchCtrl.setString(SchemaConstants.PROP_SEARCH_EXPRESSION, "@xsi:type='PersonAccount' and " + server1PropName + "='4-23'"); root = service.search(root); System.out.println("Output datagraph -> " + printDO(root)); List searchResults = root.getList(SchemaConstants.DO_ENTITIES); for (int i = 0; i < searchResults.size(); i++) { DataObject ent = (DataObject) searchResults.get(i); DataObject id = ent.getDataObject(SchemaConstants.DO_IDENTIFIER); if (id != null) { String uniqueName = id.getString(SchemaConstants.PROP_UNIQUE_NAME); if (uniqueName != null) { System.out.println("Found -> " + ent.getString("cn") + "(" + uniqueName + ")"); } } } } catch (Exception e) { e.printStackTrace(); } }
Results
If you set the useGlobalSchema property to use the global schema as described in step 5 of the Prerequisites section, then all of the properties extended on all instances can be used when performing search operations across domains. If you do not set the useGlobalSchema, then only the domain-specific schema is extended and search operations are based only on the properties extended in the current instance.