How to invoke an External JAR/JAVA Code in IGI
The Up and Coming Access Governance tool from IBM called IGI/ISIG is one of the most interesting tools that i got a chance to work on. The Tool still has a room for improvement but it is becoming a strong contender for other access governance tools like sailpoint,savyint and aveksa.
As the tool is still in a development phase there is not much documentation available online.
This option was something we implemented for a client but the functionality was a pure trial and error. Thankfully it worked, Even before IBM came back with a solution :-) .No Disrespect but the reply from IBM regarding a service request on IGI is very slow...
So, the First thing we need to understand is that all the rules(basically workflows) in IGI is written in JAVA. Yep, umight be thinking java....y so retro can they design a better gui model like a workflow in ISIM or sailpoint....sadly, we have to make it work as it is.
Actually for most of the IAM'ers who understand JAVA it will be very benefecial as most of the custom extensions in most IAM products are generally written in JAVA.
Basically what we have to do is to deploy our java code as a JAR file and deploy it on the appliance using the below steps:
1. Login to IGI VA Admin Console.
2. Browse to Configure>>Custom File Management>>lib.
3. Click the button upload and select the JAR file that u want to upload.
4. After Upload make sure to restart the IGI server and not the complete appliance only the server, if in case u have a cluster make sure to synchronize the servers using cluster management and then restart the cluster machine IGI server as well.
Now your JAR has been successfully uploaded and u can call ur JAR and the custom java Code that u want to call from it.
For my Example i used a ojdbc.jar and wrote a java code in the rule to write to a Oracle table and for connection to DB i used a property file which was deployed using the same way as my JAR file.
Before u write the code make sure to import your classes in the import option provided in the rules, if not it will fail
below is the code that i have used in my environment.
when
eval( true )
then
Connection con = null;
Properties prop = new Properties();
InputStream input = null;
input = new FileInputStream("/opt/isig/IDEASPlatformEnvCustom/lib/db.properties");
prop.load(input);
Class.forName("oracle.jdbc.driver.OracleDriver");
String hostname=prop.getProperty("dbhostname")+"";
String port=prop.getProperty("dbport")+"";
String service=prop.getProperty("dbservice")+"";
String dbuser=prop.getProperty("dbuser")+"";
String dbpwd=prop.getProperty("dbpwd")+"";
String dbtable=prop.getProperty("dbtable")+"";
String sqlurl="jdbc:oracle:thin:@"+hostname+":"+port+":"+service;
con=DriverManager.getConnection(sqlurl,dbuser,dbpwd);
//step3 create the statement object
Statement stmt=con.createStatement();
//step4 execute query
ResultSet rs=stmt.executeQuery("SELECT * FROM "+dbtable+" ");
System.out.println(rs);
while(rs.next()) {
System.out.println(rs.getString(1)+" "+rs.getString(2));
UserBean thisUser = UtilAction.findUserByCode(sql, rs.getString(2));
//You can write your code here on what to do with the data u get from the table.
}
con.close();
Basically IGI gives u the option on customizing the Rules just like any other tool
The Up and Coming Access Governance tool from IBM called IGI/ISIG is one of the most interesting tools that i got a chance to work on. The Tool still has a room for improvement but it is becoming a strong contender for other access governance tools like sailpoint,savyint and aveksa.
As the tool is still in a development phase there is not much documentation available online.
This option was something we implemented for a client but the functionality was a pure trial and error. Thankfully it worked, Even before IBM came back with a solution :-) .No Disrespect but the reply from IBM regarding a service request on IGI is very slow...
So, the First thing we need to understand is that all the rules(basically workflows) in IGI is written in JAVA. Yep, umight be thinking java....y so retro can they design a better gui model like a workflow in ISIM or sailpoint....sadly, we have to make it work as it is.
Actually for most of the IAM'ers who understand JAVA it will be very benefecial as most of the custom extensions in most IAM products are generally written in JAVA.
Basically what we have to do is to deploy our java code as a JAR file and deploy it on the appliance using the below steps:
1. Login to IGI VA Admin Console.
2. Browse to Configure>>Custom File Management>>lib.
3. Click the button upload and select the JAR file that u want to upload.
4. After Upload make sure to restart the IGI server and not the complete appliance only the server, if in case u have a cluster make sure to synchronize the servers using cluster management and then restart the cluster machine IGI server as well.
Now your JAR has been successfully uploaded and u can call ur JAR and the custom java Code that u want to call from it.
For my Example i used a ojdbc.jar and wrote a java code in the rule to write to a Oracle table and for connection to DB i used a property file which was deployed using the same way as my JAR file.
Before u write the code make sure to import your classes in the import option provided in the rules, if not it will fail
below is the code that i have used in my environment.
when
eval( true )
then
Connection con = null;
Properties prop = new Properties();
InputStream input = null;
input = new FileInputStream("/opt/isig/IDEASPlatformEnvCustom/lib/db.properties");
prop.load(input);
Class.forName("oracle.jdbc.driver.OracleDriver");
String hostname=prop.getProperty("dbhostname")+"";
String port=prop.getProperty("dbport")+"";
String service=prop.getProperty("dbservice")+"";
String dbuser=prop.getProperty("dbuser")+"";
String dbpwd=prop.getProperty("dbpwd")+"";
String dbtable=prop.getProperty("dbtable")+"";
String sqlurl="jdbc:oracle:thin:@"+hostname+":"+port+":"+service;
con=DriverManager.getConnection(sqlurl,dbuser,dbpwd);
//step3 create the statement object
Statement stmt=con.createStatement();
//step4 execute query
ResultSet rs=stmt.executeQuery("SELECT * FROM "+dbtable+" ");
System.out.println(rs);
while(rs.next()) {
System.out.println(rs.getString(1)+" "+rs.getString(2));
UserBean thisUser = UtilAction.findUserByCode(sql, rs.getString(2));
//You can write your code here on what to do with the data u get from the table.
}
con.close();
Basically IGI gives u the option on customizing the Rules just like any other tool
