Server API - User.QueryDirectGroups() question

I have developed a method (Java) to check a user's specifc group membership.
I am using the user.QueryDirectGroups() method to return back all the groups a user belongs and then iterate though that to find the specifc group membership that is being checked.
We will be using this function heavily in our customizations of the Login page, PEI, Navigation and search and other areas of the Portal. Is there an overhead of repeated calls to this method? Does QueryDirectGroups() method make DB queries everytime to get the group membershiop info? Or, is this cached by the Portal? Any insight into this would be very appreciated as we are considering how best to design our custom method so it is scalable and performs well.
We also plan to use the PRC to do the similar check on the remote server, which will be used by the Portlets and web services.
We are using the Java 5.0.2 Portal.
Thanks.
Vanita

I was thinking of the using group names because the object ID's might be different from one environment(stg, dev, prod etc.) to another and we usually keep the group names the same.
What did you have in mind for converting the object name to an ID? I don't know if this also results in a SQL call. Anyway, I might have cache the users group on my own and use QueryFlattenedgroups etc.
Here is the psuedocode for what I was thinking and it is very close to the process we have in place in our 4.5 portal. I will be using Java to develop this.
This approach uses a custom boolean array(call it OurGroups) with each entry corresponding one of our custom groups.
1. Get array of OurGroups from the session(using the getsubsession.getattribute).
a. If it is not in the session, call queryflattenedgroups from the IPTSession.
b. Iterate through the results and build a new temporary ourgroups array by settign each entry true or false based on the user's group memberships.
c. Set the temporary our groups array in the current session.5. Get the a reference to the ourgroups boolean array from the session again.
2. Iterate through the Ourgroups array and check if the user group being checked is set to true in the array.
3. Return true or false based on whether the entry for the group is set to true or false.
Please let me know your thoughts on this apprach and any pitfalls we need to avoid. This works well in our current 4.5 IIS/ASP Portal. I need to develop something similar for our 5.0 Java Portal.
I have a couple of questions on the API related to this:
1. How do I access the (ISessionManager)getsubsession.setattribute() and getattribute() methods through the server API (if have a handle to the PTsession or otherwise). Is there another way to store/retrieve info in the session?
2. Any examples of using the setattributes and getattributes() would be of help.
Thanks.

Similar Messages

  • How to insert records in user defined tables through DI Server API

    Hi All,
    I have created a UDO using some userdefined tables .I am able to insert records in the user defined tables using DI API but problem is that now I want to insert records in those tables using DI Server API but I dont know how to do that please give me some way to do that
    Thanks and Regards
    Utpal

    The AddObject message is :
    <env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
      <env:Header>
        <SessionID>...</SessionID>
      </env:Header>
      <env:Body>
        <dis:AddObject xmlns:dis="http://www.sap.com/SBO/DIS">
          <BOM>
            <BO>
              <AdmInfo>
                <Object>...</Object>
              </AdmInfo>
            </BO>
          </BOM>
        </dis:AddObject>
      </env:Body>
    </env:Envelope>
    How to use it with a user defined table ?

  • How do I copy User Properties from one user to another using Server API

    Portal Version is 10GR3
    I have two Users in the portal and I want to copy all the properties of user1 to user2.
    the IPTProfileManager interface allows me to get all the properties of user 1. Accomplished through the use of
    IPTObjectProperties user1Props = profileManager.GetUserProperties(userId, false);
    IPTQueryResult qr = user1Props.GetPropertyData(PT_PROPIDS.PT_PROPID_OBJECTID |
                   PT_PROPIDS.PT_PROPID_NAME |
                   PT_PROPIDS.PT_PROPID_PROP_VALUE);
    I beleive this is correct...
    We now have all the properties in a Query Result. I'm lost as to how to get these values into user2's profile...
    -Or- is there a easier way????
    Any suggestions?
    Phil Orion
    Orion like the constellation, not the Irish guy.

    Every object in the Server API extends the PTObject, which has function calls GetObjectProperties().
    If you have the PTUser object you have to do the following:
    IPTObjectProperties props = getObjectProperties(); // in your case this should be something like PTUser.GetObjectProperties();
    Object[][] propData = new Object[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_INVALID][1];
    propData[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_PROPERTYID][0] = new Integer(#PropertyID#);
    propData[PT_EDIT_PROPDATA_COLUMNS.PT_EDIT_PROPDATA_VALUE][0] = "Property Value";
    props.SetPropertyData(propData);
    I don't forget on the end you have to call PTUser.Store() function
    cheers
    Edited by: Pelov on 14.07.2010 12:31

  • Multiple users logged into one server, each users printer has a different name, application needs ONE name to print to.

    Multiple users logged into one server, each users printer has a different name, application needs ONE name to print to. 
    I'm NOT in any way a Terminal Services expert and I need help trying to get an application program working in a multi-user environment.
    The issue is that the printer changes for every user that is logged in. The application needs to print NOT to the default printer, but to a "special" printer which is selected in the application... let's call it a label printer to simplify the explanation.
    You have your default regular printer, easy for the application to find that one, and then you have a special printer that labels get printed onto. The application needs to know what printer is the label printer. So we allow the user to select that in the
    application and the selection is stored in a config file in 
    C:\ProgramData\mfgr\prog\setting files
    I don't have access to the application so I can't change how this works.  
    In the "regular" world, selecting the label printer driver to use should be per machine, NOT per user. When a new user logs into a machine, the physical printer doesn't go "poof" and a new printer suddenly appear. Same printer for all
    users.
    Yet in terminal services, the physical machine is "merged" with the virtual machine on the server. And there can be many users logged in at the same time. So each users real machine (and real printer) is injected into the "fake" terminal
    services machine. The name of the printers is made unique for each user. So the printers DO go "poof" and change names depending on the user logged into terminal services.
    So user "A" logs in and sets up the application to print to "LabelPrinterForUserA" (or whatever the name of the printer happens to be), that setting is stored in the ProgramData subfolder, and all is well. Later, user "B" logs
    in, and when they print, the application tries to print to "LabelPrinterForUserA" which doesn't exist for user B or is only accessible by user A. If user B re-configures, that breaks it for user A. 
    SOLUTION 1: The way that /should/ work (in my mind) is that you define one "generic" printer in Terminal Services... call it "Virtual Label printer" and when the user wants to print to it, the print job gets re-directed back to whatever
    physical printer is actually connected to their local workstation. There is a map of virtual printer to actual printer depending on the current user. The application is told once to print to "Virtual Label Printer" for all users.
    SOLUTION 2: Or... there should be some way to make the ProgramData sub folders separate per user. E.g. when user "A" tries to access:
    C:\ProgramData\mfgr\prog\setting files
    they actually get 
    C:\UserData\UserA\AppData\mfgr\prog\setting files
    and user "B" gets
    C:\UserData\UserB\AppData\mfgr\prog\setting files
    So the question I have is: Does either of those solutions exist hidden somewhere in the setup of terminal server? Or is there another way around this issue that I don't know?

    I don't really have a "for sure" answer to this, but because people here can't seem to deal with a question that hasn't been answered I'll provide the best answer I did receive from ServerFault.com user Nathan:
    I can feel your pain with using old software on terminal servers ...the solution I've come up with definitely won't scale as it requires some manual configuration, but I've gotten this method to work with our label printers (which require to be
    printed to an LPT port...yep, that old).
    Share your USB-connected printers to the network on each machine. Then, have the user log in on aunique session for each of them
    (a TS account cannot be shared among computers for this to work) and install a network printer pointing to the USB one they shared. Try to use a DNS name to account for possible DHCP movements.
    After, it should work. Each user can do this since display names can be identical as long as the ports are different (which they are).
    This was clarified by the following series of comments:
    I think you are on to something here, and I originally advised the admin to do this. The problem he ran into is that it setup the printer names in the TS as "printer on usersworkstation"
    and he could not rename it except to change the "printer" to whatever. E.g. the "on userworkstation" remained. I believe there is another way of installing the printer which avoids this, but I can't find it. Ages ago, one used to do NET
    USE LPT2 \\computer\printer password /USER:domain\user /PERSISTENT:YES and then tell the driver to print to LPT2 –  James
    Newton Mar
    17 at 16:21   
    @JamesNewton That's actually the exact method we used. The way around the "network printer" part is to install it as local printer and map it to a TCP/IP port that way. –  Nathan
    C Mar
    17 at 16:28
    You mean in the case where the printers are TCP/IP connected and not local USB / LPT to the users workstation? That makes sense. Wonder if this will work for USB connected printers... –  James
    NewtonMar
    17 at 16:35   
    @JamesNewton You'd share the local printer on the client's PC then on the server connect via TCP/IP to it. You'd need static addresses or use DNS names if DHCP, though. –  Nathan
    C Mar
    17 at 16:51
    Ah. Yes. I see. Looks like the LPT thing should work even with a USB connected printer:superuser.com/questions/182655/… –  James
    Newton Mar
    17 at 17:09   

  • Export/import login server and user grup security

    Hi,
    I followed the instructions to export Login server, user group
    security using the ssoexp.csh, secexp.csh. Then I imported the
    login server, and user group security using the ssoimp.csh,
    secimp.csh .
    I then logged into Portal and check the users, all the users are
    imported properly. However, I didn't see any group that are
    supposed to be imported. Do I missing anything?
    The syntax to run the secimp is as follows:
    secimp.csh -s portal30 -p portal30 -o portal30 -m reuse -d
    sec.dmp -c target_database
    The import finished w/o error. How can I see the groups in the
    new portal instance that I tried to import objects in?
    I noticed that the wwsec_group$ in the source area is over 3000,
    and in the target the count is only 10, which is the number of
    group I have before the import. But during the export, I don't
    see the wwsec_group$ table being exported, is that the problem?
    P.S. versions are: 9iAS 1.0.2, portal version 3.0.9.8 on solaris.
    Thanks;
    Kelly.

    This question is best suited to the Oracle9iAS SSO and Portal Security forum.
    Thanks

  • Development Environment for Server APIs in Webcenter Interaction 10.3

    Hi, I installed “Oracle Web Center Interaction 10.3" on standard environment mentioned by oracle (Window 2003 server, IIS6.0, SQL Server 2005). Everything works fine concerning the portal and services.
    I also have visual studio 2005 on the same machine and trying to setup a development environment where I can user server APIs (I start with creating IPTSession).
    I am using follwong code to start with:
    /String serverConfigDir = ConfigPathResolver.GetOpenConfigPath();
    IOKContext configContext = OKConfigFactory.createInstance(serverConfigDir, "portal");
    PortalObjectsFactory.Init(configContext);
    IPTSession ptSession = PortalObjectsFactory.CreateSession();
    Problem: code compiles if I add few dlls, but it do not run, it throws following error
    com.plumtree.openkernel.exceptions.OKFactoryException: Error in AOKFactory.createAndInitializeInstance, unable to create object with name 'com.plumtree.openkernel.impl.config.Config' in assembly or JAR file 'openconfig'.
    I think either server APIs are not more supported in 10.3 or I do not know how to setup the development environment for server APIs.
    Can anyone help??

    i have already tried putting hardcoded path but it didn't help, morover the previous line gives me correct path.
    I issue i mentioned seems to be related with some setting or missing native dlls
    com.plumtree.openkernel.exceptions.OKFactoryException: Error in AOKFactory.createAndInitializeInstance, unable to create object with name 'com.plumtree.openkernel.impl.config.Config' in assembly or JAR file 'openconfig'.
    i got follwing extract from the wsserver-wrapper.log file
    INFO | jvm 1 | 2009/02/20 12:26:17 | 2-20-2009     12:26:17.606     Info     OpenKernel.Config     Disabled-1235112977434     WrapperStartStopAppMain     com.plumtree.openkernel.impl.config.providers.ConfigXMLFileProvider     Loading config data from C:\bea\alui\ptws\10.3.0\bin\..\..\..\common/../settings
    INFO | jvm 1 | 2009/02/20 12:26:18 | 2-20-2009     12:26:18.325     Info     OpenKernel.Config     Disabled-1235112977434     WrapperStartStopAppMain     com.plumtree.openkernel.impl.config.providers.ConfigXMLFileProvider     Setting subscription data.
    INFO | jvm 1 | 2009/02/20 12:26:18 | container config context:EAS:wsserver
    i didn't modified anything in any config file, just configured everything on one machine with oracle configuration manager

  • PortalObjectsFactory is not available in the server API

    Please tell me where I can find PortalObjectsFactory class. They mentioned this class in the server API documentation but I didn't found this in the actual jar (plumtreeserver.jar)

    The vSphere client uses some hidden API's. If you perform an action in the vSphere client that uses a hidden API, Onyx will report the "WARNING: Type 'xxx' is not available in the public API." message. This unfortunately limits what you can do with PowerCLI. Some know hidden API's are for tags, cluster EVC mode and for Storage Profiles.
    I don't know if Onyx is still under development. Maybe some from VMware can answer this question?

  • Best Practices for NCS/PI Server and Application Monitoring question

    Hello,
    I am deploying a virtual instance of Cisco Prime Infrastructure 1.2 (1.2.1.012) on an ESX infrastructure. This is being deployed in an enterprise enviroment. I have questions around the best practices for moniotring this appliance. I am looking to monitor application failures (services down, db issues) and "hardware" (I understand this is a virtual machine, but statistics on the filesystem and CPU/Memory is good).
    Firstly, I have enabled via the CLI the snmp-server and set the SNMP trap host destination. I have created a notification receiver for the SNMP traps inside the NCS GUI and enabled the "System" type alarm. This type includes alarms like NCS_DOWN and PI database is down. I am trying to understand what the difference between enabling SNMP-SERVER HOST via the CLI and setting the Notification destination inthe GUI is? Also how can I generate a NCS_DOWN alarm in my lab. Doing NCS stop does not generate any alarms. I have not been able to find much information on how to generate this as a test.
    Secondly, how and which processes should I be monitoring from the Management Station? I cannot easily identify the main NCS procsses from the output of ps -ef when logged in the shell as root.
    Thanks guys!

    Amihan_Zerrudo wrote:
    1.) What is the cost of having the scope in a <jsp:useBean> tag set to 'session'? I am aware that there are a list of scopes like page, application, etc. and that if i use 'session' my variable will live for as long as that session is alive. (did i get this right?). You should rather look to the functional requirements instead of costs. If the bean need to be session scoped (e.g. maintain the logged in user), then do it so. If it just need to be request scoped (e.g. single page form data), then keep it request scoped.
    2.)If the JSP Page where i use that <useBean> is to be accessed hundred of times a day, will it compensate my server resources? Right now i am using the Sun Glassfish Server.It will certainly eat resources. Just supply enough CPU speed and memory to a server. You cannot expect that a webserver running at a Pentium 500MHz with 256MB of memory can flawlessly serve 100 simultaneous users at the same second. But you may expect that it can serve 100 users per 24 hour.
    3.) Can you suggest best practice in memory management given the architecture i described above?Just write code so that it doesn't unnecessarily eat memory. Only allocate memory if your application need to do so. You should rather let the hardware depend on the application requirements, not to let the application depend on the hardware specs.
    4.)Also, I have implemented connection pooling in my architecture, but my application is to be used by thousands of clients everyday.. Can the Sun Glassfish Server take care of that or will I have to purchase a powerful sever?Glassfish is just an application server software, it is not server hardware. Your concerns are rather hardware related.

  • Acrobat Reader X with MAC Server based User Profiles

    Hello Forum,
    I'm a bit in trouble with Acrobat Reader X (10.0.0.3) on my Mac. We are using server based user profiles for the whole network. (SL Sever and SL Clients 10.6.7)
    Installing the Reader X has finished successfully. If I'm starting my Reader, a requester is popping up, asking me if Acrobat should be the default application for PDF files or not. Pushing any button causes the application to terminate after some seconds.
    Due it's working with a local profile without any errors I think the problem is the server based user profile.
    Any ideas how to solve this problem? Switching to local profiles is not possible ...
    Best Regards,
    Markus

    Hi Michael,
    sorry for using the wrong forum. I'll post my question to the Reader board ...
    To answer your question. That was my idea too, but it is not possible to copy a whole profile. They are a lot of other problems if you do that. I didn't find the settings only. may it would be enough to copy the settings for the reader.
    Best Regards,
    Markus

  • Server API for authorization

    Hello,
    I'm looking for something similar to FOR LOGON trigger in SQL Server, but FOR/AFTER AUTHORIZATION. I prefer solution in T_SQL. If there is any SQL Server API, to hook on event like OnAuthorization it is also OK (C++, C#, etc).
    Any idea?
    Thanks in advance,
    DG

    I need to do some work just after authorization is finished - I guess SQL Server executes query in the following workflow:
    Authorize --> If user not authorized than return Exception 
                   --> Else Parse query --> execute query --> return result
    Not really. Rather then interaction between client and server is:
    Client (knocks on the door): May I come in?
    Server: Show me you credentials.
    Client: OK, here they are.
    Server: (a) Ah welcome, please come in.
            (b) No, you don't belong here.
            (c) Your credentials were good, but the logon trigger threw you out.
    Some time passes, could be microseconds, could be days.
    Client: I have a query, please run it for me.
    Server: (a) OK, here is the result.
            (b) Nice try, but you need to study the SQL syntax a little closer.
            (d) No, you are not permitted to perform that action or read           that data.
            (d) Oops, I ran into a serious problem, goodbye!
    The above is repeated zero to N times and eventually:
    Client: Oh, gotta rush! See you later!
    Server: It was nice talking to you.
    That is, once the user has logged in, no further authorisation takes place except for permission checks. But there are no hooks for permission checks. Furthermore, permission checks can be performed during execution. For instance if a stored procedure calls
    a second procedure that has a different owner from the first procedure, the permission check does not occur until the EXEC statement is reached.
    If you explain what your really want to achieve (rather the solution you think you have), maybe we can come up with something.
    Erland Sommarskog, SQL Server MVP, [email protected]

  • Package com.sap.ip.me.api.logging and com.sap.ip.me.api.user not found.

    I don't have
    com.sap.ip.me.api.logging
    and
    com.sap.ip.me.api.user
    packages in me2lib.jar (and none of the jars in the lib folder of the SAPMobileEngine folder).
    Any ideas as to where these are ?

    I don't think you can use ME2.1 Client with MI2.5 Server. At least they have different login protocol, and maybe different synchronization protocol as well.
    The library MEg.jar, that I have inspected for the missing libraries, is a part of MI25 SP09. I heartily advise you to migrate your application to MI.
    Cheers,
    Todor

  • Server API for Looking up Web Applications

    Is there a public server API for obtaining a list of deployed web applications and configuration information for those deployed applications?
    Thanks.

    We strongly discourage to use the tomcat APIs. We may support those API's this version and may not support in next version. You can find the deployed app's from server.xml or admin interface. There is a work around to find the deployed applications programatically by using the command
    asadmin> ist-components --user admin_user [--password admin_password] [--host localhost] [--port 4848] [--secure | -s] [--passwordfile file_name] [--type application|ejb|web|connector] instancename

  • How to create snapshot portlet and snapshot query using server API

    How to create snapshot portlet and snapshot query using server API
    Regards
    Dheeraj

    Hi Sebastian,
    I have used the query and it is working fine. but, How could i include the headers of the query also in to the Excel Sheet.
    RehaanKhan. M
    see the method discussed here
    http://sqlblogcasts.com/blogs/madhivanan/archive/2008/10/10/export-to-excel-with-column-names.aspx
    Please Mark This As Answer if it solved your issue
    Please Vote This As Helpful if it helps to solve your issue
    Visakh
    My Wiki User Page
    My MSDN Page
    My Personal Blog
    My Facebook Page

  • Invoking plumtree job via plumtree server api

    Hi,
    I am trying to invoke a portal job identified by a job id using plumtree server api. How do i invoke it.
    I tried using IPTJob etc but couldn't succeed.
    I could do this using plumtree remote api like using IJobManager.
    My question is how to do it using plumtree serve api.
    regards
    raghu

    I think you're looking for something like this:
    public int startJob(java.lang.String sLoginToken, int nJobID, XPDateTime xpdtNextRunTime)
         // DCD: create a session fron this token
                IPTSession ptSession = createSession(sLoginToken);
         // DCD: Open the job in question, but don't lock it
         //IPTJob j = (IPTJob) ptSession.GetExternalOperations().Open(nJobID, false);
         IPTJob j = (IPTJob) ptSession.GetScheduler().GetScheduledJobs().Open(nJobID, false);
         // DCD: We need a server context to check/report lock status
         IPTServerContext sc = (IPTServerContext) j.GetInterfaces(&#034;IPTServerContext&#034;);
         // DCD: Is is locked?
         int nLockState = sc.GetLockState();
         // DCD: If anything other than &#034;unlocked&#034;, return immediately
         switch(nLockState)
              case PT_LOCKSTATES.PT_LOCKED:
              case PT_LOCKSTATES.PT_NEWLYCREATED:
                   return nLockState;
              case PT_LOCKSTATES.PT_NOLOCKINGREQUIRED:
              case PT_LOCKSTATES.PT_UNLOCKED:
                   // DCD: Looks like we're not locked, so get a lock
                    boolean bSucceeded = sc.LockObject();
                    if (false == bSucceeded)
                         return PT_LOCKSTATES.PT_LOCKED;
                    else
                         // DCD: We got a lock okay, so we're in business
                         XPDateTime dt = new XPDateTime();
                         j.SetSettings(PT_JOB_SETTINGS.PT_JOB_NEXTRUNTIME, xpdtNextRunTime);
                         sc.Store();
                         sc.UnlockObject();
                         return 0;
              default:
                   return nLockState;

  • Server API to Delete Room - 405 Returned

    I'm trying to use the server-server API to clean up my rooms and I keep getting a 405 (method not allowed) returned from the AFCS server.  I've looked through the AFCS.java source to see how it should be implemented and I believe I am formatting the URL properly but I must be missing something.
    I use the API to create rooms no problem, but can't seem to delete them.
    This is the URL I am posting to:
    https://na2.connectnow.acrobat.com:443/{appPath}/app/content/meetings/{roomid}?action=delete&response=inline&{authtoken}
    Substituting my account name for {appPath}, room I am trying to delete for {roomid} and the "gak=***.." style token for {authtoken}
    Any obvious issues here?
    Thanks,
    Steve

    Thanks for the offer but the integration is a little more involved than my question is letting on (not just doing one method)...we are doing all async requests out to your servers in order not to tie up our own execution threads so my example code wouldn't be too helpful for those looking for a simple .NET version of your server-server API.  But I could put that together very easily for you from the java code provided if that would be helpful for you guys to provide in your samples.
    Thanks for your quick help as always!

Maybe you are looking for