CEPM Java Developer Guide - Using New PAP APIs [Cisco Policy Administration Point]

Table Of Contents

Using New PAP APIs

Customizing the PAP Client

Implementing New APIs

Using the PAP Client

Common Steps for Creating an Entity

Creating Hierarchical Entities Using New APIs

Method createUser

Method createRole

Method createRoleType

Method getRole

Method updateRole

Method createGroup

Method getGroup

Method updateGroup

Method createResource

Method getResource

Method updateResource

Method mapUsersToRole

Method createPolicy

Method importData

Method exportData

Method importPolicies

Method exportPolicies

Using New PAP APIs

The CEPM V3.3.0.0 supports web service client. The CEPM includes a set of administrative APIs, which will enable enterprise and third-party developers to create entities and mappings according to their requirements. Several new APIs have also been added to provide more efficient interactions between the CEPM and client applications. These APIs support WS-I compliant WSDLs which can be used as clients for any language such as DotNet, C, and COM. As a result, if you want to create a CEPM entity, you can call the CEPM Services or PAP client.

Note Before calling the PAP APIs, make sure that you have placed papclient-V3.3.0.0_xxxxxxxx.jar, Cisco_rapi-V3.3.0.0_xxxxxxxx.jar and CEPM_Commons-V3.3.0.0_xxxxxxxx.jar files in the client classpath.

Customizing the PAP Client

One way to create the entities using the new APIs is by using the PAP client stubs (wrapper classes), which are available in the ServiceLocator. These wrapper classes facilitate the creation of the entities by calling the CEPM's own services. Another way to write your own PAP client is by making use of these WSDLs as per your application requirement.

You can access the WSDLs for the corresponding entities from the following service URLs:
For Application Group services: 
http://<host>:<port>/cepm/services/AdminApplicationGroupService?wsdl
For Application services: 
http://<host>:<port>/cepm/services/AdminApplicationService?wsdl
For Resource services: 
http://<host>:<port>/cepm/services/AdminResourceService?wsdl
For User services: 
http://<host>:<port>/cepm/services/AdminUserService?wsdl
For Group services: 
http://<host>:<port>/cepm/services/AdminGroupService?wsdl
For Role services: 
http://<host>:<port>/cepm/services/AdminRoleService?wsdl
For Context services: 
http://<host>:<port>/cepm/services/AdminContextService?wsdl
For RoleBundle services: 
http://<host>:<port>/cepm/services/AdminRoleBundleService?wsdl
where you need to replace the host name and port number arguments in the URL with the correct values corresponding to where you have deployed the administration console.

You can access the common XML Schema Definition (xsd) files from the following service URLs:
http://<host>:<port>/cepm/services/vo.xsd
http://<host>:<port>/cepm/services/exception.xsd
These files are common for all the previously mentioned WSDLs.

Implementing New APIs

Using the PAP Client

If you are using the PAP client, you must call the service from the corresponding service locator. For example if you want to create a role, you must call the following service:
iRole = ServiceLocator.getInstance().getRoleManager(endPoint, userName, password, 
domainName, 1000);
where:

•endpoint refers to the URL of the server machine where the PAP is running.

•Username and password refers to the PAP user credentials.

•DomainName refers to the repository under which the objects will be created.

•Session expired time must be given in milliseconds.

For example:
iRole = ServiceLocator.getInstance().getRoleManager("http://localhost:9090/cepm", 
"superuser", "admin", "Default Domain", 1000000);
You can also call the ServiceLocator without giving the preceding parameters. For example:
iRole = ServiceLocator.getInstance().getRoleManager()
In this case, the required details will be retrieved from the <api> tag of the pep_config.xml file.

Common Steps for Creating an Entity

To create an entity using the new APIs, follow these common steps:

Step 1 Access the necessary WSDL for the entity.

Step 2 Generate the required stub (it is optional as you can make use of the PAP client as well).

Step 3 Call the corresponding service.

Creating Hierarchical Entities Using New APIs

Creation of hierarchical entities is made easy through these APIs. You can create multiple entities for each object, which are hierarchical by nature (for example, roles, groups, and resources). This is achieved through engaging various WSDLs that will perform a single call on any object and manage the results in creating multiple entities in the specified hierarchical structure.

Figure 4-1 Resource Hierarchy

Let's take for example the creation of resources. All you need to do is construct a resource graph that may include the parent resource and the child resources up to any level.

As shown in the preceding figure, all the nodes (levels) and component objects (resources) must be identified and linked each of them in a tree structure. The object (Resource L1) must be referenced to the application group and application. (See the example for sample resource creation.)

The API method createResource(), when called, sets the capabilities of the object and all the branches up to the leaf level to match their anticipated attributes before compiling the complete hierarchy. The concurrency and serializability is controlled by setting two parameters, such as Transactional and Override. There may be various reasons for failure, such as wrong FQN or entity unique IDs.

Transactional: This is a Boolean expression. When set to false, if any of the objects fails to create due to any reason during compilation, it will ignore the failure and complete the task by throwing an exception "Creation of following objects are failed and hence skipped" at the end of process. If set to true, it will throw an exception immediately after it finds any of the objects has failed to create and rollback the creation of object. The value for this parameter is set to false by default.

Override: This is a Boolean expression. When set to false, if it finds a duplicate role (having the same fully qualified name) within the hierarchy during compilation, it will throw a DuplicateRole exception and complete the task without updating the existing role. If set to true, it will update the existing role with the corresponding inputs of the new role. The value for this parameter is set to false by default.

It is important to note that before updating or deleting an object, you must call the getObject method. This method returns the entire child objects up to the specified level along with a unique object ID (for every object) for updating or deletion of the same.

Following are the sample implementation of a few of the important APIs (mainly for hierarchical objects) with sample codes. These examples elaborate the procedures to create an object (createObject), get the object for updating, and deleting that object (getObject and updateObject).

Method createUser

This method is used to create a user in global/application group/application level. To create a user, follow this procedure:

Step 1 Follow the three common steps.

Step 2 Initialize the user object.
User user = new User();
Step 3 Set the user parmaeters such as first name, last name, etc.
user.setFirstName("Mary");
user.setLastName("L");
user.setUserEmail("ml@abc1.com");
user.setUserName("TestUser");
user.setParentFQN("Prime group:Prime portal");
user.setUserDescription("This is a test");
Step 4 Set the user types (assuming that the usertypes are already created).
UserType userType = new UserType();
userType.setName("Default");
userType.setApplicationName("Global");
user.setUserType(userType);
Step 5 Create the user.
iUser.createUser(user);
Step 6 Log in to the administration console and verify creation of the role

Method createRole

This method is used to create a role (parent role) and its child roles up to the nth level in a single API call. Consider the following role hierarchy. Using the new createRole API, you can construct the whole hierarchy in a single API call.

Figure 4-2 Role hierarchy

Step 1 Follow the three common steps.

Step 2 Initialize the role object.
Role rl = new Role();
Step 3 Define the role type as Global:Default.
RoleType rlType = new RoleType();
rlType.setName("Default");
rlType.setApplicationName("Global");
Step 4 Set the role name, application name, description, and status.
rl.setRoleType(rlType);
rl.setRoleName("TestRole");
rl.setParentFQN("Prime group:Prime portal");
rl.setRoleDescription("This is a test");
rl.setRoleStatus("STATIC");
Step 5 Initialize the object for the first level. Specify the level number (levelOne) and the number of role to be created. (In this example, two roles are created thus the array should be passed as Role[2].)
Role[] levelOne = new Role[2];
Step 6 Configure the child roles for the first level by specifying the role name, its parent role name, description, role status, and owner as shown here.
levelOne[0] = new Role();
levelOne[0].setRoleType(rlType);
levelOne[0].setParentFQN("Prime group:Prime portal:TestRole");
levelOne[0].setRoleName("Role_1");
levelOne[0].setRoleDescription("This is a test for level 1");
levelOne[0].setRoleStatus("STATIC");
levelOne[0].setOwner("superuser");
levelOne[1] = new Role();
levelOne[1].setRoleType(rlType);
levelOne[1].setParentFQN("Prime group:Prime portal:TestRole");
levelOne[1].setRoleName("Role_2");
levelOne[1].setRoleDescription("This is a test for level 1");
levelOne[1].setRoleStatus("STATIC");
levelOne[1].setOwner("superuser");
// Set the child roles of parent role 
rl.setChildren(levelOne);
Step 7 Initialize the object for the second level role.
Role[] levelTwo = new Role[1];
levelTwo[0] = new Role();
levelTwo[0].setRoleType(rlType);
//Parent role FQN for Role_3 will be Prime group:Prime portal:TestRole:Role_2
levelTwo[0].setParentFQN("Prime group:Prime portal:TestRole:Role_2");
levelTwo[0].setRoleName("Role_3");
levelTwo[0].setRoleDescription("This is a test for level 2");
levelTwo[0].setRoleStatus("STATIC");
levelTwo[0].setOwner("superuser");
// Set the child roles of Level 1 role i.e. Role_2
levelOne[0].setChildren(levelTwo);
Step 8 Initialize the object for third level role.
Role[] levelThree = new Role[1];
levelThree[0] = new Role();
levelThree[0].setRoleType(rlType);
//Parent role FQN for Role_4 will be 
Prime group:Prime portal:TestRole:Role_2:Role_3
levelThree[0].setParentFQN("Prime group:Prime portal:TestRole:Role_2:Role_3");
levelThree[0].setRoleName("Role_3");
levelThree[0].setRoleDescription("This is a test for level 3");
levelThree[0].setRoleStatus("STATIC");
levelThree[0].setOwner("superuser");
// Set the child roles of Level 2 role i.e. Role_3
levelTwo[0].setChildren(levelThree);
Step 9 Create the role by setting the value for Transactional and Override.
iRole.createRole(rl, false, false);
Step 10 Log in to the administration console and verify creation of the role.

Figure 4-3 Roles Page

Method createRoleType

This method is used to create role types. To create a role type, follow this procedure:

Step 1 Follow the three common steps.

Step 2 Initialize the role type object.
RoleType roletype = new RoleType();
Step 3 Set the role type parameters such as name, description, etc.
roletype.setName("rtype2");
roletype.setDescription("rtype2");
roletype.setApplicationName("Prime group:Prime portal");
roletype.setOwner("superuser");
Step 4 Set role type attributes:
attr[0] = new Attribute();
//first attribute
attr[0].setAttributeName("Att_rtype1");
attr[0].setAttributeType("String");
attr[0].setAttributeValueType("Single");
//second attribute
attr[1] = new Attribute();
attr[1].setAttributeName("Att2_rtype1");
attr[1].setAttributeType("Enum");
attr[1].setAttributeValueType("Multiple");
attr[1].setAttributeTypeValue("100,200,300,400,500");
roletype.setAttributes(attr);
Step 5 Create the role type.
IRoleType.createRoleType(roletype, false, false)
This creates the required roletype with the specified attributes.

Note The same procedure should be followed to create role types and resource types.

Step 6 Log in to the administration console and verify the group creation.

Method getRole

When this method is invoked, it gives all the roles present under the specified role up to the given level. The level value can be 0, -1, or n.

•0 refers to the same level of the specified role.

•-1 refers up to the leaf level of the specified role of the hierarchy.

•n can be any number of levels. For example, if you set 1 in the above hierarchy, this method will return all the roles present up to the first level, that is Role1 and Role2.

For example: To get all the roles present in this role hierarchy, you must set the role name and the level as shown here.
Role role = iRole.getRole("Prime group:Prime portal:TestRole", -1);
This method will return all the roles with their fully qualified names and a unique RoleID to be used for further operations (mainly update and delete).

Method updateRole

This method is used to update an existing role.

To update an existing role (for example, Role_3 in the sample hierarchy), follow these steps:

Step 1 Follow the three common steps.

Step 2 Invoke getRole method for Role_3 as given above, which will return a RoleId for Role_3 (RoleID is 15 in the following example).

Step 3 Initialize the Role object:
Role role = new Role();
Step 4 Modify Role3 parameters by adding a new RoleType. In the following sample code, old RoleType is commented (in green text) which is replaced with `TestRoleType'. You must ensure that the RoleID should not be changed.
role.setRoleName("Role3");
role.setRoleId("15");
role.setParentFQN("Prime group:Prime portal:TestRole:Role2");
role.setRoleStatus("STATIC");
role.setRoleDescription("This is the updated Role3");
// To Change the RoleType
RoleType roleType = iRole.getRoleType("Prime group:Prime portal:roleType1");
// To add/update attribute values
Attribute[] attributes = roleType.getAttributes();
NVPair[] nvPair = new NVPair[attributes.length];
if (attributes != null) {
for (int i = 0; i < attributes.length; i++) {
Attribute attribute = attributes[i];
nvPair[i] = new NVPair();
nvPair[i].setKey(attribute.getAttributeName());
nvPair[i].setValue(attribute.getAttributeName()+" Value");
	}
}
role.setNvPair(nvPair);
role.setRoleType(roleType);
Step 5 Update the role after evaluating the Transactional and Override parameters:
iRole.updateRole(role, false, false);
Method createGroup

This method is used to create a group along with its child group up to n-th level. The procedure to create a group hierarchy is same as that of creating roles.

To create a group object, follow these steps:

Step 1 Follow the three common steps.

Step 2 Initialize the group object.
Group gp = new Group();
Step 3 Define the group type as Global:Default.
GroupType gpType = new GroupType();
gpType.setName("Default");
gpType.setApplicationName("Global");
Step 4 Specify the group name, application name, description, and status.
gp.setGroupType(gpType);
gp.setGroupName("TestGroup");
gp.setParentFQN("Prime group:Prime portal");
gp.setGroupDescription("This is a test");
gp.setGroupStoreDetails("Local Database");
gp.setGroupStatus("STATIC");
Step 5 Initialize the object for the first level. Specify the level number (levelOne) and the number of groups to be created in an array (for example, Group[1]).
Group[] childGp = new Group[1];
Step 6 Configure the child groups for the first level by specifying the group name, its parent group name, description, group status, and owner as shown here.
levelOne[0] = new Group();
levelOne[0].setGroupType(gpType);
levelOne[0].setParentFQN("Prime group:Prime portal:TestGroup");
levelOne[0].setGroupName("Group_1");
levelOne[0].setGroupDescription("This is a test for level 1");
childGp[0].setGroupStoreDetails("Local Database");
levelOne[0].setGroupStatus("STATIC");
levelOne[0].setOwner("superuser");
rl.setChildren(levelOne);
Step 7 Initialize the object for the second level group.
Group[] levelTwo = new Group[1];
levelTwo[0] = new Group();
levelTwo[0].setGroupType(rlType);
//Parent role FQN for Group_2 will be Prime group:Prime portal:TestGroup:Group_1
levelTwo[0].setParentFQN("Prime group:Prime portal:TestGroup:Group_1");
levelTwo[0].setGroupName("Group_2");
levelTwo[0].setGroupDescription("This is a test for level 2");
childGp[0].setGroupStoreDetails("Local Database");
levelTwo[0].setGroupStatus("STATIC");
levelTwo[0].setOwner("superuser");
levelOne[0].setChildren(levelTwo);
Step 8 Initialize the object for third level group.
Group[] levelThree = new Group[1];
levelThree[0] = new Group();
levelThree[0].setGroupType(gpType);
//Parent group FQN for Group_3 will be 
Prime group:Prime portal:TestGroup:Group_1:Group_2
levelThree[0].setParentFQN("Prime group:Prime portal:TestGroup:Group_1:Group_2");
levelThree[0].setGroupName("Group_3");
levelThree[0].setGroupDescription("This is a test for level 3");
childGp[0].setGroupStoreDetails("Local Database");
levelThree[0].setGroupStatus("STATIC");
levelThree[0].setOwner("superuser");
levelTwo[0].setChildren(levelThree);
Step 9 Create the group by setting the value for Transactional and Override.
iGroup.createGroup(rl, false, false);
Step 10 Log in to the administration console and verify the group creation.

Figure 4-4 Groups Page

Method getGroup

This method is used to get all the groups present under the specified role up to the given level. The level of the resources can be 0 (for same level), -1 (up to leaf level under the specified resource), or n (any level, for example, 1, 2, 3 ...).

For example, to get all groups present under TestGroup you must pass the group name and the level as shown here.
Group group = iGroup.getGroup("Prime group:Prime portal:TestGroup", -1);
This method will return all the groups with their fully qualified names and a unique GroupId to be used for further operations (mainly update and delete).

Method updateGroup

This method is used to update a group in the hierarchy. All the mandatory parameters such as group name and parent group name, must be given properly. In the following example, Group_2 (as created above) is going to be updated.

To modify the group type attributes of a group, follow these steps:

Step 1 Follow the three common steps.

Step 2 Initialize the group object.
Group group = new Group();
Step 3 Update the Group_2 parameters.
group.setGroupName("Grp2");
group.setGroupId("2");
group.setParentFQN("Prime group:Prime portal");
GroupType restype = new GroupType();
restype.setName("test group type");
restype.setApplicationName("Prime group:Prime portal");
Attribute att1 = new Attribute();
att1.setAttributeName("GroupAtt");
att1.setAttributeType("String");
Attribute att2 = new Attribute();
att2.setAttributeName("MultiAtt");
att2.setAttributeType("Enum");
att2.setEnumerationValue("g11,g22,g33");
Attribute[] atts = new Attribute[2];
atts[0] = att1;
atts[1] = att2;
restype.setAttributes(atts);
group.setGroupType(restype);
iGroup.updateGroup(group, false, false);
Method createResource

This method is used to create a resource along with its child resource up to n-th level. The procedure to create a resource hierarchy is same as that to create roles.

To create a resource object, follow these steps:

Step 1 Follow the three common steps.

Step 2 Initialize the resource object.
Resource resource = new Resource();
Step 3 Set the parent resource TestRes.
resource.setParent(parentResource);
resource.setResourceType(resourceType);
resource.setResourceName("TestRes");
resource.setResourceDescription("This is a test");
resource.setParentFQN("Prime group:Prime portal");
resource.setOwner("superuser");
resource.setStatus("Active");
resource.setParent(parentResource);
Step 4 Set the first level resources Res1 and Res2.
Resource[] levelOne = new Resource[2];
levelOne[0] = new Resource();
levelOne[0].setResourceName("Res1");
levelOne[0].setResourceDescription("This is a test for level1");
levelOne[0].setParentFQN("Prime group:Prime portal:TestRes");
levelOne[0].setOwner("superuser");
levelOne[0].setStatus("Active");
levelOne[0].setResourceType(resourceType);
levelOne[1] = new Resource();
levelOne[1].setResourceName("Res2");
levelOne[1].setResourceDescription("This is a test for level1");
levelOne[1].setParentFQN("Prime group:Prime portal:TestRes");
levelOne[1].setOwner("superuser");
levelOne[1].setStatus("Active");
levelOne[1].setResourceType(resourceType);
resource.setChildren(levelOne);
Step 5 Set the second level resources Res3 and Res4 under Res1.
Resource[] levelTwo = new Resource[2];
levelTwo[0] = new Resource();
levelTwo[0].setResourceName("Res3");
levelTwo[0].setResourceDescription("This is a test for level2");
levelTwo[0].setParentFQN("Prime group:Prime portal:TestRes:Res1");
levelTwo[0].setOwner("superuser");
levelTwo[0].setStatus("Active");
levelTwo[0].setResourceType(resourceType);
levelTwo[1] = new Resource();
levelTwo[1].setResourceName("Res4");
levelTwo[1].setResourceDescription("This is a test for level2");
levelTwo[1].setParentFQN("Prime group:Prime portal:TestRes:Res1");
levelTwo[1].setOwner("superuser");
levelTwo[1].setStatus("Active");
levelTwo[1].setResourceType(resourceType);
levelOne[0].setChildren(levelTwo);
Step 6 Create the resource by setting the value for Transactional and Override.
iResource.createResource(resource, false, false);
Step 7 Log in to the administration console and verify the resource creation.

Figure 4-5 Resources Page

Method getResource

This method is used to get all the child resources of the specified resource up to the given level. The level of the resources can be 0 (for same level), -1 (up to leaf level under the specified resource), or n (any level, for example, 1, 2, 3 ...). When this method is invoked, it returns the resources with a unique resource ID to be used while updating or deleting the resource. This ID must not be changed in any situation.

For example, to get all resources present under TestRes, you must pass the group name, groupType name, and the level as shown here.
Resource resource= iResource.getResource("Prime group:Prime 
portal:TestRes","Global:Default", -1);
This method will return all the resources with their fully qualified names and a unique resourceId to be used for further operations such as update resource.

Method updateResource

This method is used to update a resource. Before invoking this method you must make use of getResource method, which will return a unique Resource ID to be used for updating the same.

To update a resource (for example, Res3 in the sample hierarchy), follow these steps:

Step 1 Follow the three common steps.

Step 2 Invoke getResource method for Res_3 as given above, which will return a ResId for Res_3. (ResId is 5 in the following example.)

Step 3 Initialize the resource object.
resource1.setParentFQN("Prime group:Prime portal:TestRes:Res_1");
//Modifying the Resource Type from `Default' to `ResType'
ResourceType resourceType = iResource.getResourceType("Prime group:ResType");
resourceType.setOwner("superuser");
Resource parentResource = new Resource();
parentResource.setResourceName("Prime group:Prime portal:TestRes:Res_1");
parentResource.setResourceDescription("This is a test");
parentResource.setParentFQN("Prime group:Prime portal:TestRes:Res_1");
parentResource.setResourceId("5");
parentResource.setResourceType(resourceType);
Resource resource1 = new Resource();
resource1.setParent(parentResource);
resource1.setResourceType(resourceType);
resource1.setResourceName("Res1");
resource1.setResourceDescription("This is modified Res_3");
resource1.setParentFQN("Prime group:Prime portal:TestRes:Res_1");
resource1.setOwner("superuser");
resource1.setStatus("Active");
Step 4 Upate the group by setting the value for Transactional and Override.
iResource.updateResource(resource, false, false);
Step 5 Log in to the administration console and verify creation of the resource.

Method mapUsersToRole

This method is used to map one or more users to a role. To map users with a role, follow these steps:

Step 1 Follow the three common steps.

Step 2 Call MapMgr.
IEntityMapping MapMgr = 
ServiceLocator.GetInstance().GetEntityManager("http://localhost:7070/cepm", "superuser", 
"h1BYu+lcwcM=", "Default Domain", 10000);
Step 3 Create the user array object and set the required user properties such as user types.
User[] users = new User[1];
User user = new User();
users[0] = user;
user.setuserName("User10122");
user.setparentFQN("Prime group:Prime portal");
UserType userType = new UserType();
userType.setname("UserType3012");
userType.setapplicationName("Prime group:Prime portal");
user.userType = userType;
users[0] = user;
Step 4 Create the role object and set the required role properties such as role types
Role role = new Role();
role.setroleName("Internal Dev");
role.setparentFQN("Prime group:Prime portal");
RoleType roleType = new RoleType();
roleType.setname("Default");
roleType.setapplicationName("Global");
role.roleType = roleType;
Step 5 Set the rolebundle and context.
string contextFQN = "Global Context:Global Context";
string roleBundleFQN = "Global:Default";
Step 6 Set the values for transaction and override parameters.
boolean transaction=false;
boolean @override=false;
Step 7 Map the users to role by setting the values for Transactional and Override.
IEntityMapping.mapUsersToRole(users, role, contextFQN, roleBundleFQN, transaction, 
@override);
Step 8 Log in to the administration console and verify policy creation on the specified resource.

Method createPolicy

This method is used to create policy on a resource. You can create user/group/role based policies on a specified resource by using this method. In the following example will create an Allow policy for the role called `Internal Dev' on the resource called `Send Trades'. To create this policy:

Step 1 Follow the three common steps.

Step 2 Set the targeted resource on which you wish to create a policy.
string targetFQN = "Prime group:Prime portal:Send Trades";
Step 3 Set the targeted entity for which you wish to create a policy on the above-mentioned resource. Because the Role based policy is considered in this example, the role FQN is given. For userbased policy, the entityFQN should be the User FQN and for groupbased policy, it should be the group FQN.
string entityFQN = "Prime group:Prime portal:Internal Dev";
Step 4 Define the value object constant for the entity.
string entity = com.cisco.epm.pap.api.vo.constants.ResourceConstants.ENTITY_TYPE_ROLE;
For userbased policy, the constant should be ENTITY_TYPE_USER and for groupbased policy, it should be ENTITY_TYPE_GROUP.

Step 5 Set the value of rhw permission. For `Allow' policy, the permission should be true and for deny policy it should be false.
bool permission = "true";
Step 6 Set the context.
string contextFQN = "Global Context:Global Context";
Step 7 Set the policy status. The status can be either active or inactive. If you set it to inactive, the PDP will not evaluate the policy even though it is configured on the specified resource.

string activeStatus = "Active";

Step 8 Call the pMgr.
pMgr.CreatePolicy(targetFQN, entityFQN, entity, permission, contextFQN, activeStatus);
Step 9 Log in to the administration console and verify the imported data.

Method importData

This method is used to import data into CEPM. The data may include user, role, resource and other attributes. To import data:

Step 1 Follow the three common steps.

Step 2 Set the location of the directory from where the data need to be imported and set the imported entities - a single entity (such as "user"), multiple entities in comma sepearated values such as "user,role,group,resource" or "all" to select all entiuties.
com.cisco.epm.pap.api.vo.EntityXmlVo dataOb = 
com.cisco.epm.util.DataConverter.prepareObjectFromFilePath("C:\\temp","all");
Step 3 Intitialize the Import Object by giving the CEPM application details such as Endpoint URL, user ID, password and domain name and timeout (in milliseconds):
com.cisco.epm.pap.api.services.IImport importMgr = 
ServiceLocator.getInstance().getImportManager("http://localhost:9090/cepm", "superuser", 
"admin", "Default Domain", 1000000);
Step 4 Call IImportManager.
importMgr.importData("Prime group:Prime portal",ImportExportConstants.USER,dataOb);
Where,

•`Prime group:Prime portal' is the application FQN from which the data is exported.

•ImportExportConstants.USER refers to the Users.xml to be exported from the specified application. If you want to export the roles, mention ImportExportConstants.ROLE. For resources, mention ImportExportConstants.RESOURCE. If you want to export the entire entities, mention ImportExportConstants.TOTAL_DATA.

Step 5 Log in to the administration console and verify the imported data.

Method exportData

This method is used to export data into CEPM. The data may include user, role, resource and other attributes. To export data:

Step 1 Follow the three common steps.

Step 2 Intitialize the Export Object by giving the CEPM application details such as Endpoint URL, user ID, password and domain name and timeout (in milliseconds):
com.cisco.epm.pap.api.services.IImport importMgr = 
ServiceLocator.getInstance().getImportManager("http://localhost:9090/cepm", "superuser", 
"admin", "Default Domain", 1000000);
Step 3 Call IExportManager.
exportMgr.exportData("Prime group:Prime portal",ImportExportConstants.USER,dataOb);
Where,

•`Prime group:Prime portal' is the application FQN from which the data is exported.

•ImportExportConstants.USER refers to the Users.xml to be exported from the specified application. If you want to export the roles, mention ImportExportConstants.ROLE. For resources, mention ImportExportConstants.RESOURCE. If you want to export the entire entities, mention ImportExportConstants.TOTAL_DATA.

Step 4 Set the directory path to which the data need to be exported:
com.cisco.epm.pap.api.vo.EntityXmlVo dataOb = 
com.cisco.epm.util.DataConverter.prepareObjectFromFilePath("C:\\temp");
Step 5 Go to the specified location and verify the exported data.

Method importPolicies

This method is used to import entitlement policies into a specified resource. To do this:

Step 1 Follow the three common steps.

Step 2 Call the Data Converter to convert the policy data.
com.cisco.epm.util.DataConverter converter=new com.cisco.epm.util.DataConverter();
Step 3 This in turn calls an internal method prepareObjectFromFilePath(), which takes the folder path and resource FQN as input parameters.
ResourcePolicySetWrapperVO dataOb = 
db.prepareObjectFromFilePath("C:/cepm/ApplicationPolicies","Prime group:Prime portal");
Step 4 Intialize IImport Manager.
importMgr.importPolicies(dataOb);
Step 5 Login to the CEPM PAP console and verify the imported data.

Method exportPolicies

This method is used to export policies of an application to specified location. To do this:

Step 1 Follow the three common steps.

Step 2 Initialize the IExport Manager and pass file path and `All', whcih indicates all policies created under the specified resource.
ResourcePolicySetWrapperVO dataOb = 
exportMgr.exportPolicies("C:/cepm/ApplicationPolicies", "All");
Step 3 Call the DataConverter to convert the policy data into the desired dataobject.
DataConverter db = new DataConverter();
Step 4 The data converter in turn will call an internal method saveObjectInFilePath(), which takes the dataobject and the file path where the policy data need is exported.
db.saveObjectInFilePath(dataOb, "C:/cepm/ApplicationPolicies");
Step 5 Go to the specified location and check the exported data.

	CEPM Java Developer Guide
	Using New PAP APIs
CEPM Java Developer Guide Preface Introduction PEP API Quick Start Guide Using Old PAP APIs Using New PAP APIs Using PDP WSDL PEP Tag Library Quick Start Guide PEP API Reference Guide PAP API Implementation	Download this chapter Using New PAP APIs Download the complete book CEPM Java Developer Guide (PDF - 2 MB) Feedback Table Of Contents Using New PAP APIs Customizing the PAP Client Implementing New APIs Using the PAP Client Common Steps for Creating an Entity Creating Hierarchical Entities Using New APIs Method createUser Method createRole Method createRoleType Method getRole Method updateRole Method createGroup Method getGroup Method updateGroup Method createResource Method getResource Method updateResource Method mapUsersToRole Method createPolicy Method importData Method exportData Method importPolicies Method exportPolicies Using New PAP APIs The CEPM V3.3.0.0 supports web service client. The CEPM includes a set of administrative APIs, which will enable enterprise and third-party developers to create entities and mappings according to their requirements. Several new APIs have also been added to provide more efficient interactions between the CEPM and client applications. These APIs support WS-I compliant WSDLs which can be used as clients for any language such as DotNet, C, and COM. As a result, if you want to create a CEPM entity, you can call the CEPM Services or PAP client. Note Before calling the PAP APIs, make sure that you have placed papclient-V3.3.0.0_xxxxxxxx.jar, Cisco_rapi-V3.3.0.0_xxxxxxxx.jar and CEPM_Commons-V3.3.0.0_xxxxxxxx.jar files in the client classpath. Customizing the PAP Client One way to create the entities using the new APIs is by using the PAP client stubs (wrapper classes), which are available in the ServiceLocator. These wrapper classes facilitate the creation of the entities by calling the CEPM's own services. Another way to write your own PAP client is by making use of these WSDLs as per your application requirement. You can access the WSDLs for the corresponding entities from the following service URLs: For Application Group services: http://<host>:<port>/cepm/services/AdminApplicationGroupService?wsdl For Application services: http://<host>:<port>/cepm/services/AdminApplicationService?wsdl For Resource services: http://<host>:<port>/cepm/services/AdminResourceService?wsdl For User services: http://<host>:<port>/cepm/services/AdminUserService?wsdl For Group services: http://<host>:<port>/cepm/services/AdminGroupService?wsdl For Role services: http://<host>:<port>/cepm/services/AdminRoleService?wsdl For Context services: http://<host>:<port>/cepm/services/AdminContextService?wsdl For RoleBundle services: http://<host>:<port>/cepm/services/AdminRoleBundleService?wsdl where you need to replace the host name and port number arguments in the URL with the correct values corresponding to where you have deployed the administration console. You can access the common XML Schema Definition (xsd) files from the following service URLs: http://<host>:<port>/cepm/services/vo.xsd http://<host>:<port>/cepm/services/exception.xsd These files are common for all the previously mentioned WSDLs. Implementing New APIs Using the PAP Client If you are using the PAP client, you must call the service from the corresponding service locator. For example if you want to create a role, you must call the following service: iRole = ServiceLocator.getInstance().getRoleManager(endPoint, userName, password, domainName, 1000); where: •endpoint refers to the URL of the server machine where the PAP is running. •Username and password refers to the PAP user credentials. •DomainName refers to the repository under which the objects will be created. •Session expired time must be given in milliseconds. For example: iRole = ServiceLocator.getInstance().getRoleManager("http://localhost:9090/cepm", "superuser", "admin", "Default Domain", 1000000); You can also call the ServiceLocator without giving the preceding parameters. For example: iRole = ServiceLocator.getInstance().getRoleManager() In this case, the required details will be retrieved from the <api> tag of the pep_config.xml file. Common Steps for Creating an Entity To create an entity using the new APIs, follow these common steps: Step 1 Access the necessary WSDL for the entity. Step 2 Generate the required stub (it is optional as you can make use of the PAP client as well). Step 3 Call the corresponding service. Creating Hierarchical Entities Using New APIs Creation of hierarchical entities is made easy through these APIs. You can create multiple entities for each object, which are hierarchical by nature (for example, roles, groups, and resources). This is achieved through engaging various WSDLs that will perform a single call on any object and manage the results in creating multiple entities in the specified hierarchical structure. Figure 4-1 Resource Hierarchy Let's take for example the creation of resources. All you need to do is construct a resource graph that may include the parent resource and the child resources up to any level. As shown in the preceding figure, all the nodes (levels) and component objects (resources) must be identified and linked each of them in a tree structure. The object (Resource L1) must be referenced to the application group and application. (See the example for sample resource creation.) The API method createResource(), when called, sets the capabilities of the object and all the branches up to the leaf level to match their anticipated attributes before compiling the complete hierarchy. The concurrency and serializability is controlled by setting two parameters, such as Transactional and Override. There may be various reasons for failure, such as wrong FQN or entity unique IDs. Transactional: This is a Boolean expression. When set to false, if any of the objects fails to create due to any reason during compilation, it will ignore the failure and complete the task by throwing an exception "Creation of following objects are failed and hence skipped" at the end of process. If set to true, it will throw an exception immediately after it finds any of the objects has failed to create and rollback the creation of object. The value for this parameter is set to false by default. Override: This is a Boolean expression. When set to false, if it finds a duplicate role (having the same fully qualified name) within the hierarchy during compilation, it will throw a DuplicateRole exception and complete the task without updating the existing role. If set to true, it will update the existing role with the corresponding inputs of the new role. The value for this parameter is set to false by default. It is important to note that before updating or deleting an object, you must call the getObject method. This method returns the entire child objects up to the specified level along with a unique object ID (for every object) for updating or deletion of the same. Following are the sample implementation of a few of the important APIs (mainly for hierarchical objects) with sample codes. These examples elaborate the procedures to create an object (createObject), get the object for updating, and deleting that object (getObject and updateObject). Method createUser This method is used to create a user in global/application group/application level. To create a user, follow this procedure: Step 1 Follow the three common steps. Step 2 Initialize the user object. User user = new User(); Step 3 Set the user parmaeters such as first name, last name, etc. user.setFirstName("Mary"); user.setLastName("L"); user.setUserEmail("ml@abc1.com"); user.setUserName("TestUser"); user.setParentFQN("Prime group:Prime portal"); user.setUserDescription("This is a test"); Step 4 Set the user types (assuming that the usertypes are already created). UserType userType = new UserType(); userType.setName("Default"); userType.setApplicationName("Global"); user.setUserType(userType); Step 5 Create the user. iUser.createUser(user); Step 6 Log in to the administration console and verify creation of the role Method createRole This method is used to create a role (parent role) and its child roles up to the nth level in a single API call. Consider the following role hierarchy. Using the new createRole API, you can construct the whole hierarchy in a single API call. Figure 4-2 Role hierarchy Step 1 Follow the three common steps. Step 2 Initialize the role object. Role rl = new Role(); Step 3 Define the role type as Global:Default. RoleType rlType = new RoleType(); rlType.setName("Default"); rlType.setApplicationName("Global"); Step 4 Set the role name, application name, description, and status. rl.setRoleType(rlType); rl.setRoleName("TestRole"); rl.setParentFQN("Prime group:Prime portal"); rl.setRoleDescription("This is a test"); rl.setRoleStatus("STATIC"); Step 5 Initialize the object for the first level. Specify the level number (levelOne) and the number of role to be created. (In this example, two roles are created thus the array should be passed as Role[2].) Role[] levelOne = new Role[2]; Step 6 Configure the child roles for the first level by specifying the role name, its parent role name, description, role status, and owner as shown here. levelOne[0] = new Role(); levelOne[0].setRoleType(rlType); levelOne[0].setParentFQN("Prime group:Prime portal:TestRole"); levelOne[0].setRoleName("Role_1"); levelOne[0].setRoleDescription("This is a test for level 1"); levelOne[0].setRoleStatus("STATIC"); levelOne[0].setOwner("superuser"); levelOne[1] = new Role(); levelOne[1].setRoleType(rlType); levelOne[1].setParentFQN("Prime group:Prime portal:TestRole"); levelOne[1].setRoleName("Role_2"); levelOne[1].setRoleDescription("This is a test for level 1"); levelOne[1].setRoleStatus("STATIC"); levelOne[1].setOwner("superuser"); // Set the child roles of parent role rl.setChildren(levelOne); Step 7 Initialize the object for the second level role. Role[] levelTwo = new Role[1]; levelTwo[0] = new Role(); levelTwo[0].setRoleType(rlType); //Parent role FQN for Role_3 will be Prime group:Prime portal:TestRole:Role_2 levelTwo[0].setParentFQN("Prime group:Prime portal:TestRole:Role_2"); levelTwo[0].setRoleName("Role_3"); levelTwo[0].setRoleDescription("This is a test for level 2"); levelTwo[0].setRoleStatus("STATIC"); levelTwo[0].setOwner("superuser"); // Set the child roles of Level 1 role i.e. Role_2 levelOne[0].setChildren(levelTwo); Step 8 Initialize the object for third level role. Role[] levelThree = new Role[1]; levelThree[0] = new Role(); levelThree[0].setRoleType(rlType); //Parent role FQN for Role_4 will be Prime group:Prime portal:TestRole:Role_2:Role_3 levelThree[0].setParentFQN("Prime group:Prime portal:TestRole:Role_2:Role_3"); levelThree[0].setRoleName("Role_3"); levelThree[0].setRoleDescription("This is a test for level 3"); levelThree[0].setRoleStatus("STATIC"); levelThree[0].setOwner("superuser"); // Set the child roles of Level 2 role i.e. Role_3 levelTwo[0].setChildren(levelThree); Step 9 Create the role by setting the value for Transactional and Override. iRole.createRole(rl, false, false); Step 10 Log in to the administration console and verify creation of the role. Figure 4-3 Roles Page Method createRoleType This method is used to create role types. To create a role type, follow this procedure: Step 1 Follow the three common steps. Step 2 Initialize the role type object. RoleType roletype = new RoleType(); Step 3 Set the role type parameters such as name, description, etc. roletype.setName("rtype2"); roletype.setDescription("rtype2"); roletype.setApplicationName("Prime group:Prime portal"); roletype.setOwner("superuser"); Step 4 Set role type attributes: attr[0] = new Attribute(); //first attribute attr[0].setAttributeName("Att_rtype1"); attr[0].setAttributeType("String"); attr[0].setAttributeValueType("Single"); //second attribute attr[1] = new Attribute(); attr[1].setAttributeName("Att2_rtype1"); attr[1].setAttributeType("Enum"); attr[1].setAttributeValueType("Multiple"); attr[1].setAttributeTypeValue("100,200,300,400,500"); roletype.setAttributes(attr); Step 5 Create the role type. IRoleType.createRoleType(roletype, false, false) This creates the required roletype with the specified attributes. Note The same procedure should be followed to create role types and resource types. Step 6 Log in to the administration console and verify the group creation. Method getRole When this method is invoked, it gives all the roles present under the specified role up to the given level. The level value can be 0, -1, or n. •0 refers to the same level of the specified role. •-1 refers up to the leaf level of the specified role of the hierarchy. •n can be any number of levels. For example, if you set 1 in the above hierarchy, this method will return all the roles present up to the first level, that is Role1 and Role2. For example: To get all the roles present in this role hierarchy, you must set the role name and the level as shown here. Role role = iRole.getRole("Prime group:Prime portal:TestRole", -1); This method will return all the roles with their fully qualified names and a unique RoleID to be used for further operations (mainly update and delete). Method updateRole This method is used to update an existing role. To update an existing role (for example, Role_3 in the sample hierarchy), follow these steps: Step 1 Follow the three common steps. Step 2 Invoke getRole method for Role_3 as given above, which will return a RoleId for Role_3 (RoleID is 15 in the following example). Step 3 Initialize the Role object: Role role = new Role(); Step 4 Modify Role3 parameters by adding a new RoleType. In the following sample code, old RoleType is commented (in green text) which is replaced with `TestRoleType'. You must ensure that the RoleID should not be changed. role.setRoleName("Role3"); role.setRoleId("15"); role.setParentFQN("Prime group:Prime portal:TestRole:Role2"); role.setRoleStatus("STATIC"); role.setRoleDescription("This is the updated Role3"); // To Change the RoleType RoleType roleType = iRole.getRoleType("Prime group:Prime portal:roleType1"); // To add/update attribute values Attribute[] attributes = roleType.getAttributes(); NVPair[] nvPair = new NVPair[attributes.length]; if (attributes != null) { for (int i = 0; i < attributes.length; i++) { Attribute attribute = attributes[i]; nvPair[i] = new NVPair(); nvPair[i].setKey(attribute.getAttributeName()); nvPair[i].setValue(attribute.getAttributeName()+" Value"); } } role.setNvPair(nvPair); role.setRoleType(roleType); Step 5 Update the role after evaluating the Transactional and Override parameters: iRole.updateRole(role, false, false); Method createGroup This method is used to create a group along with its child group up to n-th level. The procedure to create a group hierarchy is same as that of creating roles. To create a group object, follow these steps: Step 1 Follow the three common steps. Step 2 Initialize the group object. Group gp = new Group(); Step 3 Define the group type as Global:Default. GroupType gpType = new GroupType(); gpType.setName("Default"); gpType.setApplicationName("Global"); Step 4 Specify the group name, application name, description, and status. gp.setGroupType(gpType); gp.setGroupName("TestGroup"); gp.setParentFQN("Prime group:Prime portal"); gp.setGroupDescription("This is a test"); gp.setGroupStoreDetails("Local Database"); gp.setGroupStatus("STATIC"); Step 5 Initialize the object for the first level. Specify the level number (levelOne) and the number of groups to be created in an array (for example, Group[1]). Group[] childGp = new Group[1]; Step 6 Configure the child groups for the first level by specifying the group name, its parent group name, description, group status, and owner as shown here. levelOne[0] = new Group(); levelOne[0].setGroupType(gpType); levelOne[0].setParentFQN("Prime group:Prime portal:TestGroup"); levelOne[0].setGroupName("Group_1"); levelOne[0].setGroupDescription("This is a test for level 1"); childGp[0].setGroupStoreDetails("Local Database"); levelOne[0].setGroupStatus("STATIC"); levelOne[0].setOwner("superuser"); rl.setChildren(levelOne); Step 7 Initialize the object for the second level group. Group[] levelTwo = new Group[1]; levelTwo[0] = new Group(); levelTwo[0].setGroupType(rlType); //Parent role FQN for Group_2 will be Prime group:Prime portal:TestGroup:Group_1 levelTwo[0].setParentFQN("Prime group:Prime portal:TestGroup:Group_1"); levelTwo[0].setGroupName("Group_2"); levelTwo[0].setGroupDescription("This is a test for level 2"); childGp[0].setGroupStoreDetails("Local Database"); levelTwo[0].setGroupStatus("STATIC"); levelTwo[0].setOwner("superuser"); levelOne[0].setChildren(levelTwo); Step 8 Initialize the object for third level group. Group[] levelThree = new Group[1]; levelThree[0] = new Group(); levelThree[0].setGroupType(gpType); //Parent group FQN for Group_3 will be Prime group:Prime portal:TestGroup:Group_1:Group_2 levelThree[0].setParentFQN("Prime group:Prime portal:TestGroup:Group_1:Group_2"); levelThree[0].setGroupName("Group_3"); levelThree[0].setGroupDescription("This is a test for level 3"); childGp[0].setGroupStoreDetails("Local Database"); levelThree[0].setGroupStatus("STATIC"); levelThree[0].setOwner("superuser"); levelTwo[0].setChildren(levelThree); Step 9 Create the group by setting the value for Transactional and Override. iGroup.createGroup(rl, false, false); Step 10 Log in to the administration console and verify the group creation. Figure 4-4 Groups Page Method getGroup This method is used to get all the groups present under the specified role up to the given level. The level of the resources can be 0 (for same level), -1 (up to leaf level under the specified resource), or n (any level, for example, 1, 2, 3 ...). For example, to get all groups present under TestGroup you must pass the group name and the level as shown here. Group group = iGroup.getGroup("Prime group:Prime portal:TestGroup", -1); This method will return all the groups with their fully qualified names and a unique GroupId to be used for further operations (mainly update and delete). Method updateGroup This method is used to update a group in the hierarchy. All the mandatory parameters such as group name and parent group name, must be given properly. In the following example, Group_2 (as created above) is going to be updated. To modify the group type attributes of a group, follow these steps: Step 1 Follow the three common steps. Step 2 Initialize the group object. Group group = new Group(); Step 3 Update the Group_2 parameters. group.setGroupName("Grp2"); group.setGroupId("2"); group.setParentFQN("Prime group:Prime portal"); GroupType restype = new GroupType(); restype.setName("test group type"); restype.setApplicationName("Prime group:Prime portal"); Attribute att1 = new Attribute(); att1.setAttributeName("GroupAtt"); att1.setAttributeType("String"); Attribute att2 = new Attribute(); att2.setAttributeName("MultiAtt"); att2.setAttributeType("Enum"); att2.setEnumerationValue("g11,g22,g33"); Attribute[] atts = new Attribute[2]; atts[0] = att1; atts[1] = att2; restype.setAttributes(atts); group.setGroupType(restype); iGroup.updateGroup(group, false, false); Method createResource This method is used to create a resource along with its child resource up to n-th level. The procedure to create a resource hierarchy is same as that to create roles. To create a resource object, follow these steps: Step 1 Follow the three common steps. Step 2 Initialize the resource object. Resource resource = new Resource(); Step 3 Set the parent resource TestRes. resource.setParent(parentResource); resource.setResourceType(resourceType); resource.setResourceName("TestRes"); resource.setResourceDescription("This is a test"); resource.setParentFQN("Prime group:Prime portal"); resource.setOwner("superuser"); resource.setStatus("Active"); resource.setParent(parentResource); Step 4 Set the first level resources Res1 and Res2. Resource[] levelOne = new Resource[2]; levelOne[0] = new Resource(); levelOne[0].setResourceName("Res1"); levelOne[0].setResourceDescription("This is a test for level1"); levelOne[0].setParentFQN("Prime group:Prime portal:TestRes"); levelOne[0].setOwner("superuser"); levelOne[0].setStatus("Active"); levelOne[0].setResourceType(resourceType); levelOne[1] = new Resource(); levelOne[1].setResourceName("Res2"); levelOne[1].setResourceDescription("This is a test for level1"); levelOne[1].setParentFQN("Prime group:Prime portal:TestRes"); levelOne[1].setOwner("superuser"); levelOne[1].setStatus("Active"); levelOne[1].setResourceType(resourceType); resource.setChildren(levelOne); Step 5 Set the second level resources Res3 and Res4 under Res1. Resource[] levelTwo = new Resource[2]; levelTwo[0] = new Resource(); levelTwo[0].setResourceName("Res3"); levelTwo[0].setResourceDescription("This is a test for level2"); levelTwo[0].setParentFQN("Prime group:Prime portal:TestRes:Res1"); levelTwo[0].setOwner("superuser"); levelTwo[0].setStatus("Active"); levelTwo[0].setResourceType(resourceType); levelTwo[1] = new Resource(); levelTwo[1].setResourceName("Res4"); levelTwo[1].setResourceDescription("This is a test for level2"); levelTwo[1].setParentFQN("Prime group:Prime portal:TestRes:Res1"); levelTwo[1].setOwner("superuser"); levelTwo[1].setStatus("Active"); levelTwo[1].setResourceType(resourceType); levelOne[0].setChildren(levelTwo); Step 6 Create the resource by setting the value for Transactional and Override. iResource.createResource(resource, false, false); Step 7 Log in to the administration console and verify the resource creation. Figure 4-5 Resources Page Method getResource This method is used to get all the child resources of the specified resource up to the given level. The level of the resources can be 0 (for same level), -1 (up to leaf level under the specified resource), or n (any level, for example, 1, 2, 3 ...). When this method is invoked, it returns the resources with a unique resource ID to be used while updating or deleting the resource. This ID must not be changed in any situation. For example, to get all resources present under TestRes, you must pass the group name, groupType name, and the level as shown here. Resource resource= iResource.getResource("Prime group:Prime portal:TestRes","Global:Default", -1); This method will return all the resources with their fully qualified names and a unique resourceId to be used for further operations such as update resource. Method updateResource This method is used to update a resource. Before invoking this method you must make use of getResource method, which will return a unique Resource ID to be used for updating the same. To update a resource (for example, Res3 in the sample hierarchy), follow these steps: Step 1 Follow the three common steps. Step 2 Invoke getResource method for Res_3 as given above, which will return a ResId for Res_3. (ResId is 5 in the following example.) Step 3 Initialize the resource object. resource1.setParentFQN("Prime group:Prime portal:TestRes:Res_1"); //Modifying the Resource Type from `Default' to `ResType' ResourceType resourceType = iResource.getResourceType("Prime group:ResType"); resourceType.setOwner("superuser"); Resource parentResource = new Resource(); parentResource.setResourceName("Prime group:Prime portal:TestRes:Res_1"); parentResource.setResourceDescription("This is a test"); parentResource.setParentFQN("Prime group:Prime portal:TestRes:Res_1"); parentResource.setResourceId("5"); parentResource.setResourceType(resourceType); Resource resource1 = new Resource(); resource1.setParent(parentResource); resource1.setResourceType(resourceType); resource1.setResourceName("Res1"); resource1.setResourceDescription("This is modified Res_3"); resource1.setParentFQN("Prime group:Prime portal:TestRes:Res_1"); resource1.setOwner("superuser"); resource1.setStatus("Active"); Step 4 Upate the group by setting the value for Transactional and Override. iResource.updateResource(resource, false, false); Step 5 Log in to the administration console and verify creation of the resource. Method mapUsersToRole This method is used to map one or more users to a role. To map users with a role, follow these steps: Step 1 Follow the three common steps. Step 2 Call MapMgr. IEntityMapping MapMgr = ServiceLocator.GetInstance().GetEntityManager("http://localhost:7070/cepm", "superuser", "h1BYu+lcwcM=", "Default Domain", 10000); Step 3 Create the user array object and set the required user properties such as user types. User[] users = new User[1]; User user = new User(); users[0] = user; user.setuserName("User10122"); user.setparentFQN("Prime group:Prime portal"); UserType userType = new UserType(); userType.setname("UserType3012"); userType.setapplicationName("Prime group:Prime portal"); user.userType = userType; users[0] = user; Step 4 Create the role object and set the required role properties such as role types Role role = new Role(); role.setroleName("Internal Dev"); role.setparentFQN("Prime group:Prime portal"); RoleType roleType = new RoleType(); roleType.setname("Default"); roleType.setapplicationName("Global"); role.roleType = roleType; Step 5 Set the rolebundle and context. string contextFQN = "Global Context:Global Context"; string roleBundleFQN = "Global:Default"; Step 6 Set the values for transaction and override parameters. boolean transaction=false; boolean @override=false; Step 7 Map the users to role by setting the values for Transactional and Override. IEntityMapping.mapUsersToRole(users, role, contextFQN, roleBundleFQN, transaction, @override); Step 8 Log in to the administration console and verify policy creation on the specified resource. Method createPolicy This method is used to create policy on a resource. You can create user/group/role based policies on a specified resource by using this method. In the following example will create an Allow policy for the role called `Internal Dev' on the resource called `Send Trades'. To create this policy: Step 1 Follow the three common steps. Step 2 Set the targeted resource on which you wish to create a policy. string targetFQN = "Prime group:Prime portal:Send Trades"; Step 3 Set the targeted entity for which you wish to create a policy on the above-mentioned resource. Because the Role based policy is considered in this example, the role FQN is given. For userbased policy, the entityFQN should be the User FQN and for groupbased policy, it should be the group FQN. string entityFQN = "Prime group:Prime portal:Internal Dev"; Step 4 Define the value object constant for the entity. string entity = com.cisco.epm.pap.api.vo.constants.ResourceConstants.ENTITY_TYPE_ROLE; For userbased policy, the constant should be ENTITY_TYPE_USER and for groupbased policy, it should be ENTITY_TYPE_GROUP. Step 5 Set the value of rhw permission. For `Allow' policy, the permission should be true and for deny policy it should be false. bool permission = "true"; Step 6 Set the context. string contextFQN = "Global Context:Global Context"; Step 7 Set the policy status. The status can be either active or inactive. If you set it to inactive, the PDP will not evaluate the policy even though it is configured on the specified resource. string activeStatus = "Active"; Step 8 Call the pMgr. pMgr.CreatePolicy(targetFQN, entityFQN, entity, permission, contextFQN, activeStatus); Step 9 Log in to the administration console and verify the imported data. Method importData This method is used to import data into CEPM. The data may include user, role, resource and other attributes. To import data: Step 1 Follow the three common steps. Step 2 Set the location of the directory from where the data need to be imported and set the imported entities - a single entity (such as "user"), multiple entities in comma sepearated values such as "user,role,group,resource" or "all" to select all entiuties. com.cisco.epm.pap.api.vo.EntityXmlVo dataOb = com.cisco.epm.util.DataConverter.prepareObjectFromFilePath("C:\\temp","all"); Step 3 Intitialize the Import Object by giving the CEPM application details such as Endpoint URL, user ID, password and domain name and timeout (in milliseconds): com.cisco.epm.pap.api.services.IImport importMgr = ServiceLocator.getInstance().getImportManager("http://localhost:9090/cepm", "superuser", "admin", "Default Domain", 1000000); Step 4 Call IImportManager. importMgr.importData("Prime group:Prime portal",ImportExportConstants.USER,dataOb); Where, •`Prime group:Prime portal' is the application FQN from which the data is exported. •ImportExportConstants.USER refers to the Users.xml to be exported from the specified application. If you want to export the roles, mention ImportExportConstants.ROLE. For resources, mention ImportExportConstants.RESOURCE. If you want to export the entire entities, mention ImportExportConstants.TOTAL_DATA. Step 5 Log in to the administration console and verify the imported data. Method exportData This method is used to export data into CEPM. The data may include user, role, resource and other attributes. To export data: Step 1 Follow the three common steps. Step 2 Intitialize the Export Object by giving the CEPM application details such as Endpoint URL, user ID, password and domain name and timeout (in milliseconds): com.cisco.epm.pap.api.services.IImport importMgr = ServiceLocator.getInstance().getImportManager("http://localhost:9090/cepm", "superuser", "admin", "Default Domain", 1000000); Step 3 Call IExportManager. exportMgr.exportData("Prime group:Prime portal",ImportExportConstants.USER,dataOb); Where, •`Prime group:Prime portal' is the application FQN from which the data is exported. •ImportExportConstants.USER refers to the Users.xml to be exported from the specified application. If you want to export the roles, mention ImportExportConstants.ROLE. For resources, mention ImportExportConstants.RESOURCE. If you want to export the entire entities, mention ImportExportConstants.TOTAL_DATA. Step 4 Set the directory path to which the data need to be exported: com.cisco.epm.pap.api.vo.EntityXmlVo dataOb = com.cisco.epm.util.DataConverter.prepareObjectFromFilePath("C:\\temp"); Step 5 Go to the specified location and verify the exported data. Method importPolicies This method is used to import entitlement policies into a specified resource. To do this: Step 1 Follow the three common steps. Step 2 Call the Data Converter to convert the policy data. com.cisco.epm.util.DataConverter converter=new com.cisco.epm.util.DataConverter(); Step 3 This in turn calls an internal method prepareObjectFromFilePath(), which takes the folder path and resource FQN as input parameters. ResourcePolicySetWrapperVO dataOb = db.prepareObjectFromFilePath("C:/cepm/ApplicationPolicies","Prime group:Prime portal"); Step 4 Intialize IImport Manager. importMgr.importPolicies(dataOb); Step 5 Login to the CEPM PAP console and verify the imported data. Method exportPolicies This method is used to export policies of an application to specified location. To do this: Step 1 Follow the three common steps. Step 2 Initialize the IExport Manager and pass file path and `All', whcih indicates all policies created under the specified resource. ResourcePolicySetWrapperVO dataOb = exportMgr.exportPolicies("C:/cepm/ApplicationPolicies", "All"); Step 3 Call the DataConverter to convert the policy data into the desired dataobject. DataConverter db = new DataConverter(); Step 4 The data converter in turn will call an internal method saveObjectInFilePath(), which takes the dataobject and the file path where the policy data need is exported. db.saveObjectInFilePath(dataOb, "C:/cepm/ApplicationPolicies"); Step 5 Go to the specified location and check the exported data.
	Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks