Showing posts with label Developer Docs. Show all posts
Showing posts with label Developer Docs. Show all posts
Friday, December 7, 2012
Monday, March 5, 2012
Implementing SCIM with WSO2 Charon - Part III
In this post, lets look at how to implement few use cases of SCIM with WSO2 Charon.
You may need to refer to my previous posts on SCIM and Charon to get an overview of them.
Being the third post on Charon, lets continue looking at it in the top down approach.
This post will demonstrate the following capabilities of Charon according to SCIM spec.
1). Create user
2). Create group
3). List Users
Download CharonDemoApp from M1 Distribution and deploy it in an application server like Apache Tomcat and start the server.
As shown in the diagram of the part-II post, User Resource and Group Resource are now exposed based on Apache Wink JAX-RS implementation, via following URLS.
1. Creating a user..
This demonstrates how a SCIM consumer creates (provision) a User in SCIM service provider via a REST call in which User attributes are carried as a JSON encoded string.
Client code : SCIM client uses the previously registered credentials to authenticate the request.
- service provider responds with 201-Created response code and
- includes newly created user in response body.
- Representation in response contains an additional attributes 'id', 'created date', 'last modified date' etc which is assigned by the SP and
- the "Location" header contains the unique URI of the created user resource.
2. Create Group..(From SCIM spec)
Server responds with 200 OK including group resource in the body encoded in JSON.
3. List Users
Following request/response illustrates a SCIM consumer call to list all the users.
Server responds with two user entries existing in its user store.
You can find the required libraries to run the WSO2 Charon samples from here.
2. Sample source code can be found in the M1 distribution linked above.
You may need to refer to my previous posts on SCIM and Charon to get an overview of them.
Being the third post on Charon, lets continue looking at it in the top down approach.
Part II described the composition of Charon-Impl. which is the SCIM service provider reference implementation shipped with Charon. It is a Apache Wink based webapp that utilizes Charon-Core and Charon-Utils to expose a SCIM REST API for identity provisioning operations.
This post will demonstrate the following capabilities of Charon according to SCIM spec.
1). Create user
2). Create group
3). List Users
Setting up SCIM Service Provider with Charon-Impl:
Download CharonDemoApp from M1 Distribution and deploy it in an application server like Apache Tomcat and start the server.
As shown in the diagram of the part-II post, User Resource and Group Resource are now exposed based on Apache Wink JAX-RS implementation, via following URLS.
- User Resource: http://localhost:8080/charonDemoApp/scim/Users
- Group Resource: http://localhost:8080/charonDemoApp/scim/Groups
1. Creating a user..
This demonstrates how a SCIM consumer creates (provision) a User in SCIM service provider via a REST call in which User attributes are carried as a JSON encoded string.
Client code : SCIM client uses the previously registered credentials to authenticate the request.
package org.wso2.charon.samples.user.sample01;
import org.apache.wink.client.ClientConfig;
import org.apache.wink.client.ClientWebException;
import org.apache.wink.client.Resource;
import org.apache.wink.client.RestClient;
import org.apache.wink.client.handlers.ClientHandler;
import org.wso2.charon.core.client.SCIMClient;
import org.wso2.charon.core.exceptions.CharonException;
import org.wso2.charon.core.objects.User;
import org.wso2.charon.core.schema.SCIMConstants;
import org.wso2.charon.samples.utils.CharonResponseHandler;
import org.wso2.charon.samples.utils.SampleConstants;
import org.wso2.charon.utils.authentication.BasicAuthHandler;
import org.wso2.charon.utils.authentication.BasicAuthInfo;
public class CreateUserSample {
//user details
public static final String USER_NAME = "hasinig";
public static final String EXTERNAL_ID = "hasini@gmail.com";
public static final String[] EMAILS = {"hasini@gmail.com", "hasini@wso2.com"};
public static final String DISPLAY_NAME = "Hasini Gunasinghe";
public static final String PASSWORD = "dummyPW";
public static final String LANGUAGE = "Sinhala";
public static final String PHONE_NUMBER = "9077657623";
public static void main(String[] args) {
try {
//create SCIM client
SCIMClient scimClient = new SCIMClient();
//create a user according to SCIM User Schema
User scimUser = scimClient.createUser();
scimUser.setUserName(USER_NAME);
scimUser.setExternalId(EXTERNAL_ID);
scimUser.setEmails(EMAILS);
scimUser.setDisplayName(DISPLAY_NAME);
scimUser.setPassword(PASSWORD);
scimUser.setPreferredLanguage(LANGUAGE);
scimUser.setPhoneNumber(PHONE_NUMBER, null, false);
//encode the user in JSON format
String encodedUser = scimClient.encodeSCIMObject(scimUser, SCIMConstants.JSON);
//create a apache wink ClientHandler to intercept and identify response messages
CharonResponseHandler responseHandler = new CharonResponseHandler();
responseHandler.setSCIMClient(scimClient);
//set the handler in wink client config
ClientConfig clientConfig = new ClientConfig();
clientConfig.handlers(new ClientHandler[]{responseHandler});
//create a wink rest client with the above config
RestClient restClient = new RestClient(clientConfig);
//create resource endpoint to access User resource
Resource userResource = restClient.resource(SampleConstants.USER_ENDPOINT);
BasicAuthInfo basicAuthInfo = new BasicAuthInfo();
basicAuthInfo.setUserName(SampleConstants.CRED_USER_NAME);
basicAuthInfo.setPassword(SampleConstants.CRED_PASSWORD);
BasicAuthHandler basicAuthHandler = new BasicAuthHandler();
BasicAuthInfo encodedBasicAuthInfo = (BasicAuthInfo) basicAuthHandler.getAuthenticationToken(basicAuthInfo);
//TODO:enable, disable SSL. For the demo purpose, we make the calls over http
//send previously registered SCIM consumer credentials in http headers.
String response = userResource.
header(SCIMConstants.AUTHORIZATION_HEADER, encodedBasicAuthInfo.getAuthorizationHeader()).
contentType(SCIMConstants.APPLICATION_JSON).accept(SCIMConstants.APPLICATION_JSON).
post(String.class, encodedUser);
//decode the response
System.out.println(response);
} catch (CharonException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (ClientWebException e) {
System.out.println(e.getRequest().getEntity());
System.out.println(e.getResponse().getMessage());
e.printStackTrace();
}
}
}
Request-Response: Please click on the below image to see it in full size. After successful creation of the user;- service provider responds with 201-Created response code and
- includes newly created user in response body.
- Representation in response contains an additional attributes 'id', 'created date', 'last modified date' etc which is assigned by the SP and
- the "Location" header contains the unique URI of the created user resource.
2. Create Group..(From SCIM spec)
Following request/reponse is captured when creating a group with two exisiing users in the system.
Request-Response: Please click on the below image to see it in full size.Server responds with 200 OK including group resource in the body encoded in JSON.
Following request/response illustrates a SCIM consumer call to list all the users.
Server responds with two user entries existing in its user store.
Note:
1. Libraries for sample client code:You can find the required libraries to run the WSO2 Charon samples from here.
2. Sample source code can be found in the M1 distribution linked above.
3. As illustrated by above sample use case, SCIM consumer will be able to perform identity provisioning operations with any SCIM service provider in a unified way by just changing the resource URLs - which avoids the need of developping multiple connectors to integrate with different cloud providers.
Tuesday, February 14, 2012
Implementing SCIM with Charon - Part II
We had a look at an overview of WSO2 Charon in my previous post.
Today lets go through a brief introduction of the module : Charon-Deplyment, which is the reference implementation of SCIM service provider that is shipped with Charon.
This will illustrate how any concrete implementation of a SCIM service provider can make use of Charon-Core (the SCIM API) with Charon-Utils (optional). So being the second post on Charon, this will continue the top down approach of looking at it.
As we got to know from the introductory post on SCIM, the protocol defines a REST API for user identity provisioning operations.
Hence SCIM service provider needs to be a RESTful web application. In an earlier post, I have noted down the characteristic of REST - which is an architectural style of building networked applications.
There are several ways to implement a REST style based applications - such as Servlets and JAX-RS based frameworks.
In the reference implementation of Charon-SCIM servervice provider, we have selected the latter approach since JAX-RS hides underlying HTTP handling and binds the servlets nicely to individual methods in the Java classes using annotations. Annotations can also dynamically extract information from HTTP requests and map application-generated exceptions to HTTP response codes.
There are several ways to implement a REST style based applications - such as Servlets and JAX-RS based frameworks.
In the reference implementation of Charon-SCIM servervice provider, we have selected the latter approach since JAX-RS hides underlying HTTP handling and binds the servlets nicely to individual methods in the Java classes using annotations. Annotations can also dynamically extract information from HTTP requests and map application-generated exceptions to HTTP response codes.
Out of the JAX-RS implementations, Apache-Wink was selected since it looks promising to cater our requirements.
The Charon-Impl module creates an Apache-Wink based web application which can be deployed in an application server like Tomcat and which acts as a SCIM service provider.
Following is a deployment diagram of Charon-SCIM service provider (the web application provided by Charon-Impl module). It also gives a high level idea on how Charon-Core and Charon-Utils modules will be utilized.
As this diagram of the reference implementation illustrates, a SCIM service provider can be developed using any REST implementation and SCIM-defined resources can be exposed utilizing the API provided by Charon-Core.
On the other hand, SCIM Consumers can also be implemented using the client API of Charon-Core.
More posts to be followed...
Sunday, February 12, 2012
Implementing SCIM with Charon - Part 1
You may need to refer to my previous blog post in order to get an overall idea on SCIM - Simple Cloud Identity Management..
This is about WSO2 Charon - one of the SCIM implementations which will be made available under Apache 2.0 license. Lets look at it in a top down approach.
Following diagram will give an overview on the module break down of Charon along with purpose of each module and planned tasks of them.
Following is a brief introduction on each of the modules:
Well.. this is a brief overview of what Charon is, how it is structured and what each module is supposed to do, supposed to be used for.
More posts on Charon to be followed...
This is about WSO2 Charon - one of the SCIM implementations which will be made available under Apache 2.0 license. Lets look at it in a top down approach.
Following diagram will give an overview on the module break down of Charon along with purpose of each module and planned tasks of them.
Following is a brief introduction on each of the modules:
- Charon-Core:
This is the API that exposes an implementation of SCIM specification. It can be used by any SCIM service provider or client implementation to support SCIM operations/functionalities. In addition to that, it also allows room for extension points to be plugged in according to the particular server side/client side implementation, such as authentication handler, user storage, encoders/decoders etc.
- Charon-Utils:
- Charon-Deployment: (Note: this is renamed as Charon-Impl)
A reference implementation of SCIM service provider will be shipped with this module. Currently it is a Apache Wink based webapp that can be deployed in any application server - such as Tomcat, and make the SCIM endpoints be exposed. This is based on the above two modules : charon-core and charon-utils, and illustrates how any SCIM implementation can utilize the API and supporting module provided by Charon.
- Charon-Samples:
Well.. this is a brief overview of what Charon is, how it is structured and what each module is supposed to do, supposed to be used for.
More posts on Charon to be followed...
Subscribe to:
Posts (Atom)