I have a simple order approval BPM app.
An order needs to be approved by an Approver.
An Approver is someone, who according to our LDAP directory, belongs to the NCGroup1 and NCGroup2.
In this post I discuss how to access LDAP for the relevant info.
I create such a user - nc - leveraging weblogic's embedded LDAP.
nc is a member of NCGroup1 and NCGroup2
rc is a member of NCGroup1
I now need to write some Java to retrieve this information -
Extracting the user nc's information as follows -
------------------------------------------------------------
public static void main(String a[])
{
String ENTRYDN = "uid=nc,ou=people,ou=myrealm,dc=nc_domain";// This is rootDN
// ou=people,ou=myrealm,dc=nc_domain
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL,"ldap://127.0.0.1:7001");// This is your ldap URL
try{
env.put(Context.SECURITY_PRINCIPAL,"cn=Admin");//DN
env.put(Context.SECURITY_CREDENTIALS,"welcome1");//This is password
DirContext ctx = new InitialDirContext(env);
//
String[] attrs = new String[4];
attrs[ 0 ] = "cn"; /* Get canonical name(s) (full name) */
attrs[ 1 ] = "sn"; /* Get surname(s) (last name) */
attrs[ 2 ] = "wlsMemberOf"; /* Get email address(es) */
Attributes result = ctx.getAttributes(ENTRYDN, attrs);
System.out.println("Result " + result.size());
System.out.println("Result " + result.get("cn"));
System.out.println("Result " + result.get("wlsMemberOf"));
---------------------------------------------------------
Output -
However, I really need to look up the group -
I take the memberURL and use as follows -
System.out.println(" ****************************************************************");
// Look for members of NCGroup1
Attributes userAttrs = new BasicAttributes(true);
userAttrs.put("cn", null);
NamingEnumeration answer = ctx.search(
"ldap://localhost:7001/ou=people,ou=myrealm,dc=nc_domain??sub?(&(objectclass=person)(wlsMemberOf=cn=NCGroup1,ou=groups,ou=myrealm,dc=nc_domain))", userAttrs);
while (answer.hasMoreElements()){
System.out.println("Group Members of NCGroup1 =" + answer.nextElement().toString());
}
System.out.println(" ****************************************************************");
// Look for members of NCGroup2
answer = ctx.search(
"ldap://localhost:7001/ou=people,ou=myrealm,dc=nc_domain??sub?(&(objectclass=person)(wlsMemberOf=cn=NCGroup2,ou=groups,ou=myrealm,dc=nc_domain))", userAttrs);
while (answer.hasMoreElements()){
System.out.println("Group Members of NCGroup2 =" + answer.nextElement().toString());
}
---------------------------------------------------------
Output -
Now another approach could be taken, if there is a hierarchy at work -
Let's use groups with more relevant names -
In this case -
NCGroup1 = IE_EMPS
NCGroup2 = IE_EMPS_ACCOUNTS
so amend IE_EMPS_ACCOUNTS as follows -
I create a new group IE_EMPS_SALES and assign IE_EMPS as its parent group.
I assign the users as follows -
rc is a member of IE_EMPS_SALES
pc is a member of IE_EMPS_ACCOUNTS
nc is a member of IE_EMPS
I deploy and test the above -
Log in to the BPM workspace as user nc
He sees no tasks
Log in to the BPM workspace as user rc
She sees the BasicApproval task
Log in to the BPM workspace as user pc
Variation of the theme...
I have 3 groups
IE_EMPS = IE_EMPS_SALES AND IE_EMPS_ACCOUNTS
IE_EMPS_SALES
IE_EMPS_ACCOUNTS
I have 3 users -
nc belongs to IE_EMPS
rc belongs to IE_EMPS_SALES
pc belongs to IE_EMPS_ACCOUNTS
Now the process is as follows -
Deploy and Test
Only nc sees the task
Ergo rc doesn't
I add another swimlane to the process
Re-deploy and test
I login as nc and see the order - I approve it.
User pc naturally also sees the task as he has the role IE_EMPS_ACCOUNTS
User rc doesn't see the task as she has the role IE_EMPS_SALES
End of Part 1...
No comments:
Post a Comment