|
|
User Management Guide |
This chapter discusses profiling with user attributes and has these sections:
For an overview of profiling, see
The User subsystem.
User attributes are named items of data that make up a user profile. Attributes can contain any string or binary data that you want to associate with a user.
Your application can use the User service API to store data in the attribute values associated with the current user (or any other user) and look them up in order to adapt its behavior to that user.
See
Using the User API.
In addition, Director provides a Web tier application that includes a facility for managing attributes interactively:
See
Using the Profiles Section of the PAC.
The following built-in string attributes are present in each user profile regardless of realm configuration:
The values of the User ID and UserUUID attributes are used by many of the Director API packages to identify users.
The method by which an application can use attributes other than the ones that are built-in depends on how the authentication realm is configured. This section explains the differences between how attributes work in LDAP and non-LDAP realms.
For more information on realms, see
Understanding Authentication Realms
Applications that use a writable non-LDAP realm use the application database to store profile information. By default, the profiles in the database contain only built-in attributes. These applications can create custom attributes as needed.
For example, see
Creating an attribute (non-LDAP).
Applications that use an LDAP realm use the LDAP directory to store profile information. LDAP provides a rich set of attributes that are intended to be sufficient to meet the requirements of most Web applications. However, if those attributes are not sufficient for your application, you can use the LDAP administration console to add custom attributes to the directory. You cannot add custom attributes to an LDAP directory from a Director application.
The User service API provides a way for an application to retrieve a list of all available LDAP attributes. The User LDAP Options panel in the EAR wizard allows you to make specific attributes available to the User service API and to exclude others. It also allows you to exclude certain syntax definitions.
For details, see
LDAP user configuration properties
Each attribute has a name, a description, a display property, and a data type.
Each attribute has a display property that can have one of two values:
There are two types of attribute data values:
BLOB attributes are used to store binary data, such as large documents and images, in the form of a byte array. Separate API methods are provided for using BLOB attributes.
NOTE: The User API supports multivalued attributes for applications that use an LDAP realm. The Portal Administration console (PAC) also allows the display and modification of existing values for these attributes.
You can define whatever attributes you need and use them in your component code to personalize content. This section describes how to access attributes from a component and how to create and set custom attributes.
This code shows how to obtain a user profile and display all the custom attributes. Note that the EbiUserInfo object has a specific method for each built-in attribute.
import com.sssw.fw.usermgr.api.*;
import com.sssw.fw.usermgr.client.*;
try {
//
// Get the user identifier
//
String userUUID = EboUserHelper.getUserUUID(context);
//
// Get a user delegate object from the factory
//
EbiUserDelegate userDelegate = EboFactory.getUserDelegate();
//
// Get a user info object
//
EbiUserInfo userInfo =
(EbiUserInfo)userDelegate.
getUserInfoByUserUUID(context,userUUID);
//
// Get the registration info and add to output buffer
//
sb.append("UserID: " + userInfo.getUserID() + "<br>");
sb.append("UserUUID: " + userInfo.getUserUUID() + "<br>");
sb.append("UserFirstName: " +
userInfo.getUserFirstName() + "<br>");
sb.append("UserLastName: " +
userInfo.getUserLastName() + "<br>");
sb.append("UserEmailAddress: " +
userInfo.getUserEmailAddress() + "<br>");
//
// Get a user metadelegate object from the factory
//
EbiUserMetaDelegate userMetaDelegate = EboFactory.getUserMetaDelegate();
//
// Get the current user's metadata
//
EbiUserMeta userMeta = userMetaDelegate.getUserMeta(context);
if (userMeta == null) {
userMeta = userMetaDelegate.createUserMeta();
userMetaDelegate.addUserMeta(context, userMeta);
}
else {
//
// Get all custom attribute names and values.
// Add to output buffer.
//
String[] attributes = userMeta.getUserAttributes();
if (attributes == null) {
sb.append("No attributes - string array is null");
}
else {
for (int i=0;i<attributes.length;i++) {
String attributeValue =
userInfo.getAttributeValue(context,attributes[i]);
sb.append(attributes[i] + ": " +
attributeValue + "<br>");
}
}
}
}
catch (EboFactoryException e) { sb.append( e.getMessage() ); }
catch (EboSecurityException e) { sb.append( e.getMessage() ); }
When you run this on a profile that has no custom attributes, the EbiUserMeta object is null.
To retrieve specific attribute values directly from an LDAP directory, use:
EboUserHelper.getDirectoryUserAttributes(context, userdn, String[] names)
This method inputs the context, the user DN string, and an array of strings naming the attributes for which to return values. The return value is a Map (object array) containing values for each requested user attribute.
NOTE: This method returns only the first value of a multivalued attribute.
When using an LDAP directory, attributes can have multiple values. To check for this type of attribute, use:
EbiUserMeta.isUserAttributeSingleValued(attrname)
This method returns a boolean value indicating whether or not the specified attribute is limited to a single value.
This code adds a custom attribute to a user profile:
import com.sssw.fw.usermgr.api.*;
try {
//
// Get a user metadelegate object from the factory
//
EbiUserMetaDelegate userMetaDelegate = com.sssw.fw.usermgr.client.
EboFactory.getUserMetaDelegate();
//
// Get a writable copy of the user metadata
//
EbiUserMeta userMeta = userMetaDelegate.getClonedUserMeta(context);
//
// Add a custom attribute
//
String attrib_name = "Employer";
userMeta.addUserAttribute(attrib_name,"Name of employer",true);
//
// Save the modified metadata including the new attribute
//
userMetaDelegate.modifyUserMeta(context,userMeta);
//
// return the attribute name and value
//
sb.append("Added attribute: " + attrib_name);
}
catch (EboFactoryException e) { sb.append( e.getMessage() ); }
catch (EboSecurityException e) { sb.append( e.getMessage() ); }
This code sets the value of a custom attribute:
import com.sssw.fw.usermgr.api.*;
try {
//
// Get a user delegate object from the factory
//
EbiUserDelegate userDelegate =
com.sssw.fw.usermgr.client.EboFactory.getUserDelegate();
//
// Get a user info object from the factory
//
EbiUserInfo userInfo = com.sssw.fw.usermgr.client.EboUserHelper.
getUserInfo(context);
//
// Set the value of the attribute to Novell
//
String attrib_name = "Employer";
userInfo.setAttributeValue(context, attrib_name, "Novell");
//
// Write the new value into the user info object
//
userDelegate.modifyUser(context,userInfo);
//
// Get the new attribute value and append to output buffer
//
sb.append(attrib_name + ": " +
userInfo.getAttributeValue(context, attrib_name));
}
catch (EboFactoryException e) { sb.append( e.getMessage() ); }
catch (EboSecurityException e) { sb.append( e.getMessage() ); }
|
|
User Management Guide |
Copyright © 2000, 2001, 2002, 2003 SilverStream Software, LLC, a wholly owned subsidiary of Novell, Inc. All rights reserved.
