This document provides an overview of how to customize the OpenPTK Framework.
Adding a new Attribute
Project OpenPTK can be configured to support most Attributes that a Service can access. The default openptk.xml file is pre-configured with a sample of Attributes that represent a Person Subject. Attributes can be removed or added to meet specific needs. This section provides an overview of what components of Project OpenPTK need to be modified to add a new attribute. Steps include:
- Verifying the Service contains the Attribute
- Adding the Attribute to the Subject within the openptk.xml configuration file
- Enhancing the Consumer service and/or application (UML, CLI, etc.) to leverage the Attribute
This document with discuss the adding of an Attribute called middleName
Updating the Service
The Service needs to support the new Attribute for the Subject. Each Service (SPML,JNDI,JDBC) has their own specific processes for supporting a new Attribute. The OpenPTK Services do not need to be modified to handle new Attributes. Each Service is designed to process OpenPTK Requests (Create, Read, Update, Delete, Search, etc.) and automatically create the related Service specific Operation using the provides Attributes.
SPML
SPML messages are sent to specific Provisioning system that supports SPML. The Provisioning system that supports SPML may need to be modified to handle the SPML messages that contain a new Attribute. Refer to your vendors SPML implementation for configuration.
For more information on configuration of the SPML service for Sun Identity Manager used in the downloads,
JNDI/LDAP
JNDI messages are sent to the configured system LDAP server. The LDAP server uses schemas to define what attributes are allowed for a given objectclass. If you want to use an Attribute name that does not exist in the schema, you can do either of these:
- Use a different LDAP schema Attribute that's not being used. Configure the OpenPTK Service to "map" the Application Attribute Names (middleName) to the existing LDAP schema attribute (initials).
- Extend the LDAP schema to include the new Attribute. The OpenPTK Service configuration will need to updated to support the new objectclass
For more information on configuration of the SPML service for Sun Identity Manager used in the downloads
JDBC
JDBC commands are sent to the configured system database server. The database server uses the columns of the table to define what attributes are allowed. If you want to use an Attribute name that does not exist in the table, you can do either of these:
- Use a different database column that's not being used. Configure the OpenPTK Service to "map" the Application Attribute Names (middleName) to the existing column name (initials).
- Extend the database table to include the new Attribute.
For more information on configuration of the SPML service for Sun Identity Manager used in the downloads
The openptk.xml file
The OpenPTK configuration file (openptk.xml) needs to by modified to include the new Attribute in the Subject and the Service which are used in a Context.
For this example, we will add the middleName Attribute to the Person
<Subjects>
<Subject id="Person" key="uniqueid" password="password" role="Roles" classname="org.openptk.provision.api.Person">
<Attributes>
...
<Attribute id="middlename" type="String"/>
...
</Attrbutes>
</Subject>
...
</Subjects>
The service section of this file contains OpenPTK attributes which are mapped to the attributes in the Subject.
<Service id="SPML-Sun" classname="org.openptk.provision.spi.SpmlSunService" description="SJS Identity Manager Lighthouse client" sort="lastname,firstname">
<Attributes>
...
<Attribute id="middlename" servicename="middle"/>
...
</Attributes>
</Service>
Using the Attribute
The new Attribute is ready for use. The Java API's and other Consumer-Tier applications can be configured to use the Attribute.
Java API
Use the input.addAttribute() method to access the Attribute.
Read
input = new Input();
input.setUniqueId("tuser"); // REQUIRED
input.addAttribute("firstname");
input.addAttribute("lastname");
input.addAttribute("middlename");
try {
output = subject.doRead(input);
} catch (ProvisionException ex) {
System.out.println("subject.doRead(): " + ex.getMessage());
}
Update
input = new Input();
input.setUniqueId("tuser"); // required
input.addAttribute("middlename", "my");
try {
output = subject.doUpdate(input);
} catch (ProvisionException ex) {
System.out.println("subject.doUpdate(): " + ex.getMessage());
}
Taglib
Use the setAttribute / getAttribute JSP tags to use the new Attribute
Read
<ptk:setInput var="myinput"/>
<ptk:setUniqueId input="myinput" value="tuser"/>
<ptk:setAttribute input="myinput" key="firstname"/>
<ptk:setAttribute input="myinput" key="lastname"/>
<ptk:setAttribute input="myinput" key="middlename"/>
<ptk:doRead subject="mysubject" input="myinput" output="myoutput"/>
<ptk:getAttribute var="attr" output="myoutput" name="middlename"/>
Update
<ptk:setInput var="myinput"/>
<ptk:setUniqueId input="myinput" value="tuser"/>
<ptk:setAttribute input="myinput" key="middlename" value="me"/>
<ptk:doUpdate subject="mysubject" input="myinput" output="myoutput"/>
