Thursday, January 24, 2008

Setting JBOSS-OIM with Apache

If you don't want your oim users to key in the port number in the url while accessing OIM application server, you may add an apache web server in front of jboss. This is one of the options. Here is how you set this:

Download Apache web server from the website and set it up by running the installer.

Suppose you installed Apache 2.0.63 in the following folder : C:\Apache2063

Then go to C:\Apache2063\Apache2\conf\httpd.conf file and add the following line to this file:

Redirect permanent /xlWebApp http://server:8080/xlWebApp

Please note that "server" value should be the full name of the server (FQDN - Fully Qualified Domain Name) - something like - nj.somecompany.com

After that restart apache web server and you are all done !!
===========================================
Here is how you would enter the url on the browser:
===========================================

===========================================
Here is how the browser redirects you to OIM:
===========================================

Installing OIM as a Windows Service

On Production, if you want Xellerate to run as a Windows Service so that it can be restarted automatically on a server restart, you can do the following things.

1. Get JavaService.exe from the web (open source project) and deploy it in your JBOSS\bin directory.
2. Use the following script to install this as a web serivce. The following script will need some tweaking of parameters depending on your environment:
================================================
Here is the script
================================================

@echo off
setlocal

rem
rem -------------------------------------------------------
rem This script sets the JBoss instance for OIM to run
rem as a windows service. You may need to tweak the
rem variables below to properly define your installation.
rem
rem
rem
rem -------------------------------------------------------
rem

rem This sets the memory usage settings passed to the JVM
set MEM_ARGS=-Xmx1024m

rem This is the directory where OIM is installed in
set XL_HOME=C:\xellerate\xlserver\xellerate

rem This is the directory where JBoss is installed in
set JB_HOME=C:\xellerate\jboss-4.0.3SP1

rem This is the base directory of the JDK installation for JBOSS
set JAVA_HOME=C:\java\j2sdk1.4.2_13\jre

rem This is the name of the Windows service
set SERVICE_NAME=JBoss-OIM

rem
rem -------------------------------------------------------
rem End of common variables you may need to tweak
rem -------------------------------------------------------
rem

echo Attempting to stop and remove old OIM / JBoss service
net stop %SERVICE_NAME% /y
javaservice.exe -uninstall %SERVICE_NAME%
echo Done.

echo Attempting to install and start OIM / JBoss service
mkdir %JB_HOME%\logs
copy /f javaservice.exe %JB_HOME%\bin
cd %JB_HOME%\bin
javaservice.exe -install %SERVICE_NAME% %JAVA_HOME%\bin\client\jvm.dll %MEM_ARGS% -Djava.class.path="%JAVA_HOME%\lib\tools.jar;%JB_HOME%\bin\run.jar" -DXL.HomeDir=%XL_HOME% -Djava.awt.headless=true -start org.jboss.Main -stop org.jboss.Main -method systemExit -out %JB_HOME%\logs\console.log -err %JB_HOME%\logs\console.log -current %JB_HOME%\bin -path "%PATH%" -auto

net start %SERVICE_NAME%
echo Done.
endlocal



================================================
Here is how it will get installed.
================================================


================================================
Here is how it looks after getting installed as a Windows Service.
================================================


Notes:
================================================
1. Also copy javaservice.exe & jvm.dll to C:\<WindowsInstallFolder>\system32 (say C:\Windows\system32) as after restart if these files are not in path, the windows service will fail to start.

Wednesday, January 23, 2008

Creating Scheduled Task Event

If you need to do create a schedule task event that occurs periodically in OIM, here is a code snippet that you can modify to put your custom task in.

In my example here, I am emailing all the members of a OIM Group "Blank Email ID Notification" (configurable - passed from task scheduler itself) to notify that there are Employees in OIM with Blank Employee IDs. Someone should log on to OIM and add employee user ids. This can be a task that can run daily, weekly, monthly or however you want to configure it within OIM. Just create the jar file from the code and drop it in ScheduledTask folder under xellerate application.

======================================
Here is how to configure the task scheduler and OIM group:
======================================






======================================
Here is how the end result looks :
======================================




======================================
BlankEIDEmail.java
======================================

import java.util.HashMap;

import com.thortech.xl.scheduler.tasks.SchedulerBaseTask;
import Thor.API.tcResultSet;
import Thor.API.Operations.tcUserOperationsIntf;
import Thor.API.Operations.tcGroupOperationsIntf;
import com.thortech.xl.dataobj.util.tcEmailNotificationUtil;

/**
*
* Class to determine the OIM users having a blank EID
*
*/

public class BlankEIDEmail extends SchedulerBaseTask{

private tcUserOperationsIntf userAPI;
private String eid;
private String userID;
private String firstName;
private String middleName;
private String lastName;
private String dept;
private String manager;
private String mailBody;
private String mailTemp;
public static String newline = "\n\r";
private String grpName;
private tcGroupOperationsIntf grpAPI;

public void init() {
//Fetch the attributes of the scheduled task and initialize the APIs
try{
grpName = getAttribute("Group Name");
mailTemp = getAttribute("Email Template");
userAPI = (tcUserOperationsIntf)getUtility("Thor.API.Operations.tcUserOperationsIntf");
grpAPI = (tcGroupOperationsIntf)getUtility("Thor.API.Operations.tcGroupOperationsIntf");
}
catch(Exception e){
e.printStackTrace();
}
}//end of init method

public void execute() {
try{
HashMap hashmap = new HashMap();
hashmap.put("Users.User ID","*");
//hashmap.put("USR_UDF_EID", "");
tcResultSet rset = userAPI.findAllUsers(hashmap);
System.out.println("** Filtered ** Number of Users:"+rset.getRowCount());
rset.sort("USR_UDF_EID",true);
if(rset.getRowCount()>0){
mailBody = "The following users have a blank EID:"+newline;
mailBody+= "(First Name, Middle Name, Last Name, User ID, Manager, Department)"+newline;
for(int count=0;count rset.goToRow(count);
eid = rset.getStringValue("USR_UDF_EID");
System.out.println("Processing User:"+rset.getStringValue("Users.User ID")+";USR_UDF_EID="+eid);
//filter users who have a blank EID
if(eid =="" eid==null){
userID = rset.getStringValue("Users.User ID");
firstName = rset.getStringValue("Users.First Name");
middleName = rset.getStringValue("Users.Middle Name");
lastName = rset.getStringValue("Users.Last Name");
manager = rset.getStringValue("Users.Manager Login");
dept = rset.getStringValue("USR_UDF_DEPARTMENT");
mailBody+= firstName+", ";
mailBody+= middleName+", ";
mailBody+= lastName+", ";
mailBody+= userID+", ";
mailBody+= manager+",";
mailBody+= dept;
mailBody+= newline;
}///end of inner if
else{
break;
}//end of inner else
}//end of for loop */
mailBody+=newline;
mailBody+="Thank You."+newline;
mailBody+="System Administrator."+newline;
mailTo(mailBody);
}//end of outer if
else{
}//end of else
}//end of try block
catch(Exception e){
e.printStackTrace();
}//end of catch block
}//end of execute method


public void mailTo(String mailBody)
{
try
{
tcEmailNotificationUtil sendMail = new tcEmailNotificationUtil(getDataBase());
//construct the email text
sendMail.constructEmail(mailTemp);
sendMail.setBody(mailBody);
tcResultSet memberSet = getGroupMembers(grpName);
for(int i=0;i memberSet.goToRow(i);
String usrID = memberSet.getStringValue("Users.User ID");
HashMap findUsr = new HashMap();
findUsr.put("Users.User ID", usrID);
tcResultSet userSet = userAPI.findUsers(findUsr);
String reqMailID = userSet.getStringValue("Users.Email");
//send email to the respective user ids
if(reqMailID =="" reqMailID==null){
System.out.println("Blank email for UserID:"+usrID);
} else {
System.out.println("Mailing BlankEID List to:"+reqMailID);
sendMail.sendEmail(reqMailID);
}
}//end of for loop
}
catch(Exception e)
{
e.printStackTrace();
}
}
/**
* This method is called to find one the members of a group
* @param name of the group
* @return returns resultset containing members of the group
*/

public tcResultSet getGroupMembers(String groupName){
tcResultSet grpMembers = null;
try{
HashMap grp = new HashMap();
grp.put("Groups.Group Name", grpName);
tcResultSet groupSet = grpAPI.findGroups(grp);
groupSet = grpAPI.findGroups(grp);
long grpKey = groupSet.getLongValue("Groups.Key");
grpMembers = grpAPI.getAllMemberUsers(grpKey);
}
catch(Exception e){
e.printStackTrace();
}
return grpMembers;
}
}

Thursday, January 17, 2008

Kerberos Authentication

You may use the following code to implement Kerberos Authentication in your applications:

====================================
CompanyKerbLogin.conf
====================================

/**
* Login Configuration for JAAS.
*
* Specify that Kerberos v5 is a required login module for the classes.
*/

CompanyKerbCallbackHandler {
com.sun.security.auth.module.Krb5LoginModule
required
client=TRUE
debug=FALSE
useTicketCache=FALSE;
};

====================================
krb5.conf
====================================

[domain_realms]

.bhatia.company.com = BHATIA.COMPANY.COM
.company.com=COMPANY.COM
bhatia.company.com = BHATIA.COMPANY.COM
company.com=COMPANY.COM


[libdefaults]

default_realm = COMPANY.COM
#dns_lookup_kdc=false
#default_tgs_enctypes = des-cbc-md5
#default_tkt_enctypes = des-cbc-md5


[logging]



[realms]
BHATIA.COMPANY.COM= {
kdc = server2.bhatia.company.com
admin_server = server2.bhatia.company.com
default_domain = bhatia.company.com
}

COMPANY.COM= {
kdc = server01.company.com
admin_server = server01.company.com
default_domain = company.com
}

import javax.security.auth.callback.*;

====================================
CompanyKerbCallbackHandler.java
====================================

/**
* Callback Handler that is used with the KerberosAuthHandler.
*
* Two methods are added to this callback handler which allows the
* KerberosAuthHandler to pass the username and password received
*
*/
public class CompanyKerbCallbackHandler implements CallbackHandler
{

private String CompanyUserId;
private char [] CompanyPassword;

public void handle(Callback[] callbacks)
throws java.io.IOException, UnsupportedCallbackException {
for (int i = 0; i < callbacks.length; i++) {
if (callbacks[i] instanceof NameCallback) {
NameCallback cb = (NameCallback)callbacks[i];
cb.setName(CompanyUserId);

} else if (callbacks[i] instanceof PasswordCallback) {
PasswordCallback cb = (PasswordCallback)callbacks[i];
cb.setPassword(CompanyPassword);

} else {
throw new UnsupportedCallbackException(callbacks[i]);
}
}
}

public void setUserId(String userid)
{
CompanyUserId = userid;
}

public void setPassword(String password)
{
CompanyPassword = password.toCharArray();
}
}

This should do the magic for you !! Enjoy Authenticating.

Thursday, January 3, 2008

Testing your MS-Exchange Server

A quick test to make sure your localhost MS-Exchange Server is running is to use command line window.

Go to Windows Start Button -> Run...
Type cmd and Press Ok. Once on the command line window, do the following.

telnet localhost 25
HELO
MAIL FROM:ABHATIA@somecompany.com
RCPT TO:rbhatia@somecompany.com
DATA
Here is the test message.
.
QUIT

You should recieve an email shortly (depending how your server is configured to deliver the message - after an interval or right away).

Here is how this looks:



Happy Testing :)