Tuesday, January 15, 2013

Retrieve User Profile Info from Identity Store

In any WebCenter Portal (or ADF) application, no matter what identity store is used for authentication, you could get hold of the user profile instance using Oracle Platform Security Service (OPSS) API, as OPSS is the layer used to connect between the WebCenter/ADF security and the identity store.

There are a number of identity stores are supported in WebLogic Server. Here is a list of them:
  • Oracle Internet Directory 11g
  • Oracle Virtual Directory
  • Oracle Directory Server Enterprise Edition 11.1.1.3
  • Active Directory 2008
  • Novell eDirectory 8.8
  • OpenLDAP 2.2
  • Tivoli Access Manager
  • Sun DS 6.3, 7.0
  • Oracle DB 10g, 11gR1, 11gR2
  • iPlanet Directory Server
  • Custom Authenticator

By implementing any one or many of the above, we will be able to retrieve the user profile info from the application. Here is the code snippet.

First, we will get hold of the JpsContext and get the identityStore instance by its service instance.

        JpsContextFactory ctxFactory = JpsContextFactory.getContextFactory();
        JpsContext ctx = ctxFactory.getContext();
        LdapIdentityStore idstoreService = (LdapIdentityStore)ctx.getServiceInstance(IdentityStoreService.class);
        IdentityStore idmIdentityStore = idstoreService.getIdmStore();


After the identity store is retrieved, there can be multiple ways to get hold of the user or user profile. For example get the user instance from the login principal. Principal is retrieve from the ADF Security Context:

        ADFContext adfC = ADFContext.getCurrent();
        SecurityContext sc = adfC.getSecurityContext();
        if (sc.isAuthenticated()) {
            Principal p = sc.getUserPrincipal();
            return p;
        } else {
            _logger.severe("Error: Authentication Failed. Not able to get the principal.");
            return null;  
        }


Getting user by principal:

        User user = idmIdentityStore.searchUser(p);

Getting user profile by the user instance:

        UserProfile up = user.getUserProfile();

Once userProfile is retrieved, we can get any defined properties on the identity store by: UserProfile.getPropertyVal("propertyName")

I suggest to store the user profile in a session scope if the user profile is used many times throughout the application.

No comments: