RequestDataValidator Plug-in in OIM

The third article on the plug-in points will be based on Request data validators.
The relevant plugin point for my favorite plug-in will be  : oracle.iam.request.plugins.RequestDataValidator

Often when submitting a request in APS , there can be number of rules, conditions that the user may have to abide by. This rules can be process related, it can also be very well defined in the target in DB layers, as well as validations in the APIs exposed.

OIM being middleware are not by default aware of all these rules, and it's important that we impose these rules exclusively, and it executes BEFORE an user submits a request.

This is where the request data validator comes in to the picture, this validator plug-ins needs to be registered against each Obj form using the plug-in registration utility. The plugin.xml will look like  -

<?xml version="1.0" encoding="UTF-8"?> <oimplugins> <plugins pluginpoint="oracle.iam.request.plugins.RequestDataValidator"> <plugin pluginclass="PACKAGE_NAME.CLASS_NAME" version="1.0" name="VALIDATOR_NAME"> <metadata name="DataValidator"> <value>FORM_NAME</value> </metadata> </plugin> </plugins> </oimplugins>


For the coding part of it , the basic approach will be  -

1. creating a class which implements RequestDataValidator
2. overwriting the method "validate(RequestData reqData)" which throws a InvalidRequestDataException
3. finding out from the RequestData who are the Beneficaries are, and what the BeneficaryEntities are.

private static final Logger LOGGER = Logger.getLogger("LOGGER_NAME"); private String CLASS_NAME = getClass().getName().toString(); public void validate(RequestData reqData) throws InvalidRequestDataException { String METHOD_NAME = "::validate::"; List<beneficiary> beneficiaries = null; List<requestbeneficiaryentity> benEntities = null; beneficiaries = reqData.getBeneficiaries(); String appInstanceDisplayName = new String(""); ApplicationInstanceService applicationInstanceService = (ApplicationInstanceService)Platform.getService(ApplicationInstanceService.class); UserManager usrService = (UserManager) Platform.getService(UserManager.class); if (beneficiaries != null && !beneficiaries.isEmpty()) { for (Beneficiary beneficiary : beneficiaries) { String beneficiaryUserLogin = null; boolean condition = false; benEntities = beneficiary.getTargetEntities(); if (benEntities != null && !benEntities.isEmpty()) { for (RequestBeneficiaryEntity benEntity : benEntities) { int singleEntitlementSelected; String operation = benEntity.getOperation(); String appInstanceName = benEntity.getEntitySubType(); String benUser = beneficiary.getBeneficiaryKey(); try { SearchCriteria criteria = new SearchCriteria("usr_key", userKey, SearchCriteria.Operator.EQUAL); Set attrNames = new HashSet(); attrNames.add("User Login"); List<user> users = usrService.search(criteria, attrNames, null); for (User perUser : users) { beneficiaryUserLogin = perUser.getAttribute("User Login").toString(); LOGGER.debug(CLASS_NAME + METHOD_NAME + "User Login" + beneficiaryUserLogin); } } catch (Exception e1) { } LOGGER.debug(CLASS_NAME + METHOD_NAME + "Printing benUser :: " + benUser); LOGGER.debug(CLASS_NAME + METHOD_NAME + "appInstanceName :: " + appInstanceName);

4. Hereafter , we can have two blocks to check the conditions , for both the operation provisioning / modifying -

/** * Checking if condition is true while requesting / provisioning the account */ if (RequestConstants.MODEL_PROVISION_APPLICATION_INSTANCE_OPERATION.toString() .equalsIgnoreCase(operation)) { try { condition = METHOD_NAME_WHICH_VALIDATES_THE_CONDITION(benEntity, benUser); } catch (Exception e) { } if (condition) { throw new InvalidRequestDataException(new Exception(" WRITE_YOUR_OWN_ERROR_POP-UP_MESSAGE for the user " + beneficiaryUserLogin + " for the application instance : " + appInstanceDisplayName )); } } /** * Checking if condition is true while modifying the account */ else if (RequestConstants.MODEL_MODIFY_ACCOUNT_OPERATION.toString().equalsIgnoreCase(operation)) { try { condition = METHOD_NAME_WHICH_VALIDATES_THE_CONDITION(benEntity, benUser); } catch (Exception e) { } LOGGER.debug(CLASS_NAME + METHOD_NAME + "singleEntitlementSelected :: " + singleEntitlementSelected + ". "); if (condition) { throw new InvalidRequestDataException(new Exception(" WRITE_YOUR_OWN_ERROR_POP-UP_MESSAGE for the user " + beneficiaryUserLogin + " for the application instance : " + appInstanceDisplayName )); } } } } } }

Now, the METHOD_NAME_WHICH_VALIDATES_THE_CONDITION(benEntity, benUser) functionality is limited only to our imagination ;) and the business requirement in question.

A couple of examples can be  -

Method for checking an eMail domain provided by the user in the form :

private boolean isEmailDomainWhitelisted(String appInstanceDisplayName, String eMailDomain) throws tcAPIException, tcInvalidLookupException, tcColumnNotFoundException{ String METHOD_NAME = "::isEmailDomainWhitelisted::"; boolean isDomainPresnt = false; tcLookupOperationsIntf lookupAPI = Platform.getService(tcLookupOperationsIntf.class); tcResultSet lookupRS = lookupAPI.getLookupValues("Lookup.ABCD.eMailDomains"); for (int i = 0; i < lookupRS.getRowCount(); i++) { lookupRS.goToRow(i); if(lookupRS.getStringValue("Lookup Definition.Lookup Code Information.Code Key").equalsIgnoreCase(appInstanceDisplayName)){ if(lookupRS.getStringValue("Lookup Definition.Lookup Code Information.Decode").equalsIgnoreCase(eMailDomain)){ isDomainPresnt = true; LOGGER.debug(CLASS_NAME + METHOD_NAME + "Printing Application Instance Name :: " + appInstanceDisplayName); LOGGER.debug(CLASS_NAME + METHOD_NAME + "Printing Email Domain Name :: " + eMailDomain); } } } return isDomainPresnt; }

Method for checking if an User already has an account provided for the same application instance :


private boolean doesUserHasTheAccount(String userKey, String applicationInstanceName) throws Exception { String METHOD_NAME = "::doesUserHasTheAccount::"; boolean condition = false; Set retattr = new HashSet(); UserManager userManagerService = (UserManager) Platform.getService(UserManager.class); try { LOGGER.debug(CLASS_NAME + METHOD_NAME + "user is : " + userKey); ProvisioningService ps = (ProvisioningService) Platform.getService(ProvisioningService.class); String accountId = ""; ApplicationInstanceService ais = (ApplicationInstanceService) Platform.getService(ApplicationInstanceService.class); ApplicationInstance DBUMAppInstance = ais.findApplicationInstanceByName(applicationInstanceName); SearchCriteria acccriteria = new SearchCriteria(ProvisioningConstants.AccountSearchAttribute.APPINST_KEY.getId(), Long.valueOf(DBUMAppInstance.getApplicationInstanceKey()), SearchCriteria.Operator.EQUAL); for (Account per : ps.getAccountsProvisionedToUser(userKey, acccriteria, null, true)) { String fetchedAccountName = per.getAccountDescriptiveField(); String fetchedAccountStatus = per.getAccountStatus(); String fetchedAccountType = per.getAccountType().toString(); if (((fetchedAccountStatus != null) && ("provisioned".equalsIgnoreCase(fetchedAccountStatus)) && (fetchedAccountType != null) && ("primary".equalsIgnoreCase(fetchedAccountType))) || ((fetchedAccountStatus != null) && ("disabled".equalsIgnoreCase(fetchedAccountStatus)) && (fetchedAccountType != null) && ("primary".equalsIgnoreCase(fetchedAccountType))) || ((fetchedAccountStatus != null) && ("enabled".equalsIgnoreCase(fetchedAccountStatus)) && (fetchedAccountType != null) && ("primary".equalsIgnoreCase(fetchedAccountType)))) { condition = true; LOGGER.debug(CLASS_NAME + METHOD_NAME + "account name is : " + fetchedAccountName + " : " + per.getAccountStatus() + " : " + per.getAccountType()); } } } catch (Exception e) { e.printStackTrace(); } return condition; }


Thanks for reading !