IBM®
Skip to main content
    Country/region [select]      Terms of use
 
 
    
     Home      Products      Services & industry solutions      Support & downloads      My IBM     
developerworks > Community >  Dashboard > Tivoli Identity Manager > ... > Home > IBM Tivoli Identity Manager API Web Services Wrappers Jython Examples
developerWorks
Log In   View a printable version of the current page.
IBM Tivoli Identity Manager API Web Services Wrappers Jython Examples
Browse space Browse Space    
Added by sblinn, last edited by sblinn on Jan 20, 2010  (view change)
Labels: 
(None)

I have been using Jython with the IBM Tivoli Identity Manager API Web Services Wrappers with some ease and success and wanted to share a few snippets and so started this Wiki page.

First is a simple Windows bat file (a UNIX shell script would be an easy port) which sets up the small classpath and starts Jython (Jython is included with WAS):

wsjython.bat
@echo off

set MY_WAS_HOME=c:\Program Files\IBM\WebSphere\AppServer

set MY_WS_HOME=c:\Program Files\ITIM Web Services
set MY_WS_LIB=%MY_WS_HOME%\client

set MY_CP=%MY_WAS_HOME%\optionalLibraries\jython\jython.jar

set MY_CP=%MY_CP%;%MY_WAS_HOME%\lib\j2ee.jar

set MY_CP=%MY_CP%;%MY_WS_LIB%\axis.jar
set MY_CP=%MY_CP%;%MY_WS_LIB%\commons-discovery-0.2.jar
set MY_CP=%MY_CP%;%MY_WS_LIB%\commons-logging-1.0.4.jar
set MY_CP=%MY_CP%;%MY_WS_LIB%\ITIMWebServicesClient.jar
set MY_CP=%MY_CP%;%MY_WS_LIB%\ITIMWebServicesClientUtils.jar
set MY_CP=%MY_CP%;%MY_WS_LIB%\jaxrpc.jar
set MY_CP=%MY_CP%;%MY_WS_LIB%\saaj.jar
set MY_CP=%MY_CP%;%MY_WS_LIB%\wsdl4j-1.5.1.jar

"%MY_WAS_HOME%\java\bin\java.exe" -classpath "%MY_CP%" org.python.util.jython %*

You can create a file and execute it, or, you can simply run Jython in "interactive" mode by giving no filename argument; then you are presented, basically, with an interactive Web Services "shell" to ITIM:

\path\to\wsjython.bat

You get a prompt like: ">>> "

Just type line by line commands, e.g.:

from com.ibm.itim.ws.services.facade import ITIMWebServiceFactory
webServiceFactory = ITIMWebServiceFactory("http://myhost.com:9080")
sessionService = webServiceFactory.getWSSessionService()
session = sessionService.login("ITIM Manager", "mypassword")
personService = webServiceFactory.getWSPersonService()
person = personService.getPrincipalPerson(session)
print person.name

Similarly you can search for people or use the other services available. With scripts, you can accept arguments, and in both scripts and in interactive sessions use your own Python modules, use other Java libraries in your classpath, etc.

For example, recently I needed to change the e-mail address suffix for an entire installation. I used a short script:

changeMails.py
import jarray
import java

from com.ibm.itim.ws.services.facade import ITIMWebServiceFactory
from com.ibm.itim.ws.client.util import WSAttrUtils
from com.ibm.itim.ws.model import WSAttribute

webServiceFactory = ITIMWebServiceFactory("http://myhost.com:9080")
sessionService = webServiceFactory.getWSSessionService()
session = sessionService.login("ITIM Manager", "mypassword")
personService = webServiceFactory.getWSPersonService()
persons = personService.searchPersonsFromRoot(session, "(cn=*)", None)
for person in persons:
  uid = WSAttrUtils.getSingleValue(WSAttrUtils.getWSAttribute(person.attributes, "uid"))
  print uid
  mail = uid + "@newdomain.com"
  mailAttr = WSAttribute("mail", jarray.array([mail], java.lang.String))
  attrs = jarray.array([mailAttr], WSAttribute)
  request = personService.modifyPerson(session, person.itimDN, attrs, None)
  print "Submitted request:", request.getRequestId()

And after running the script, all e-mails were updated to the new domain. (Note: the use of "None" in the modifyPerson call is in place of a proper calendar date which could be used to schedule the update for a specific time.)

Here is another example, using the "Unauthenticated Service" to perform self registration. (Here a challenge/response password reset could also be performed.)

selfRegistrationExample.py
import jarray
import java

from com.ibm.itim.ws.services.facade import ITIMWebServiceFactory
from com.ibm.itim.ws.model import WSAttribute
from com.ibm.itim.ws.model import WSPerson

webServiceFactory = ITIMWebServiceFactory("http://myhost.com:9080")
unauthService = webServiceFactory.getWSUnauthService()

cnAttr = WSAttribute("cn", jarray.array(["John Doe"], java.lang.String))
snAttr = WSAttribute("sn", jarray.array(["Doe"], java.lang.String))
mailAttr = WSAttribute("mail", jarray.array(["jdoe@mycompany.com"], java.lang.String))
uidAttr = WSAttribute("uid", jarray.array(["jdoe"], java.lang.String))
lAttr = WSAttribute("l", jarray.array(["My Location"], java.lang.String))

attrs = jarray.array([cnAttr, snAttr, mailAttr, uidAttr, lAttr], WSAttribute)

person = WSPerson()
person.name = "John Doe"
person.profileName = "Person"
person.attributes = attrs

unauthService.selfRegister(person, None)

The use of "None" in the selfRegister call is in place of a "tenant name." Using "None" in effect specifies the default.

    About IBM      Privacy      Contact