認証情報マネージャ Java API の例
javaAPIExample.java は Java API の使用方法の理解に役立ちます。
capamnew
javaAPIExample.java は Java API の使用方法の理解に役立ちます。
認証情報マネージャで使用するための Java API ベース アプリケーションの実装例を以下に示します。
import java.util.ArrayList; import java.util.List; import com.cloakware.cspm.common.AdminAPICommandNames; import com.cloakware.cspm.common.AdminAPIParameterNames; import com.cloakware.cspm.server.bo.Agent; import com.cloakware.cspm.server.bo.Authorization; import com.cloakware.cspm.server.bo.Filter; import com.cloakware.cspm.server.bo.Group; import com.cloakware.cspm.server.bo.PasswordPolicy; import com.cloakware.cspm.server.bo.PasswordViewPolicy; import com.cloakware.cspm.server.bo.RequestScript; import com.cloakware.cspm.server.bo.RequestServer; import com.cloakware.cspm.server.bo.Role; import com.cloakware.cspm.server.bo.TargetAccount; import com.cloakware.cspm.server.bo.TargetAlias; import com.cloakware.cspm.server.bo.TargetApplication; import com.cloakware.cspm.server.bo.TargetServer; import com.cloakware.cspm.server.bo.User; import com.cloakware.cspm.server.bo.UserGroup; import com.cloakware.cspm.server.ui.AdminAPI; import com.cloakware.cspm.server.ui.AdminAPIFactory; import com.cloakware.cspm.server.ui.Request; import com.cloakware.cspm.server.ui.Result; /** * An implementation of a Java API based application. * * This program does not contain a complete list of commands and parameters. * Refer to the Java Documentation for the Password * Authority Java API or the CLI Documentation for the complete list. * * This program can be instantiated in your own program or can be executed * through the Command Line. * * The Password Authority cliTool.jar must be in your Class Path to * use this application. * * This application should only be used in Password Authority version 4.2.1 or * above and Java 1.5 or above. * */ public class JavaAPIExample { private AdminAPI adminAPI; private Result result; private Request request; private String passwordAuthorityServerKeyStore = "C:\\Program Files\\CAPAM\\capam.keystore"; private String passwordAuthorityUserName = "super"; private String passwordAuthorityUserPassword = "admin4cspm!"; private String passwordAuthorityServerHostName = "localhost"; private TargetServer targetServer; private TargetApplication targetApplication; private TargetAccount targetAccount; private TargetAlias targetAlias; private RequestServer requestServer; private RequestScript requestScript; private Authorization authorization; private Group targetGroup; private Group requestGroup; private Role role; private UserGroup userGroup; private PasswordPolicy passwordPolicy; private PasswordViewPolicy passwordViewPolicy; private User user; //Target Server private static final String TARGET_SERVER_HOST_NAME = "hostname.cloakware.com"; //Target Application private static final String TARGET_APPLICATION_NAME = "Target Application"; private static final String TARGET_APPLICATION_TYPE = "unix"; private static final String SSH_PORT_ATTRIBUTE = "sshPort"; private static final String SSH_PORT = "22"; //Target Account private static final String TARGET_ACCOUNT_USER_NAME = "username"; private static final String TARGET_ACCOUNT_USER_PASSWORD = "password123!"; private static final String USE_OTHER_ACCOUNT_TO_CHANGE_PASSWORD_ATTRIBUTE = "useOtherAccountToChangePassword"; //Target Alias private static final String TARGET_ALIAS_NAME = "targetAlias"; //Request Server private static final String REQUEST_SERVER_HOST_NAME = "requestserver.cloakware.com"; //Request Script private static final String REQUEST_SCRIPT_NAME = "example.pl"; private static final String REQUEST_SCRIPT_EXECUTION_PATH = "C:\\test"; private static final String REQUEST_SCRIPT_FILE_PATH = "C:\\test"; private static final String REQUEST_SCRIPT_TYPE = "Perl"; //Target Group private static final String TARGET_GROUP_NAME = "targetGroup"; //Request Group private static final String REQUEST_GROUP_NAME = "requestGroup"; //Filter private static final String FILTER_EXPRESSION = REQUEST_SERVER_HOST_NAME; //Role private static final String ROLE_NAME = "roleName"; private static final String ROLE_ADD_REQUEST_SERVER = "addRequestServer"; private static final String ROLE_UPDATE_REQUEST_SERVER = "updateRequestServer"; private static final String ROLE_DELETE_REQUEST_SERVER = "deleteRequestServer"; //User Group private static final String USER_GROUP_NAME = "userGroup"; private static final String USER_GROUP_DESCRIPTION = "userGroupDescription"; //User private static final String USER_USER_NAME = "userName"; private static final String USER_USER_PASSWORD = "admin4cspm!"; //Password Policy private static final String PASSWORD_POLICY_NAME = "passwordPolicy"; private static final String PASSWORD_POLICY_DESCRIPTION = "passwordPolicyDesc"; private static final int MINIMUM_PASSWORD_LENGTH = 3; private static final int MAXIMUM_PASSWORD_LENGTH = 8; //Password View Policy private static final String PASSWORD_VIEW_POLICY_NAME = "passwordViewPolicy"; //View Target Account Password private static final String VIEW_TARGET_ACCOUNT_USER_NAME = "admin"; private static final String VIEW_TARGET_ACCOUNT_USER_PASSWORD = "admin4cspm!"; private static final String VIEW_TARGET_ACCOUNT_REASON = "I need access to the server."; //Update Agent private static final int AGENT_ID = 1000; private static final String AGENT_HOST_NAME = "test.ca.com"; private static final String AGENT_DEVICE_NAME = "WindowsProxyTestMachine"; private static final String AGENT_DESCRIPTOR1 = "Testing update agent"; private static final String AGENT_DESCRIPTOR2 = "Update windows proxy descriptor2"; /** * This application can be run with no arguments or the following: * key store - Password Authority Key Store * user - Password Authority user name * password - Password of the user * host name - Password Authority Server * * The order of the arguments is fixed, however the arguments are * themselves optional. If no arguments are provided, it * uses the default values of a new Password Authority Windows Server * Installation. * * @param args - The list of command line arguments. */ public static void main(String[] args) { JavaAPIExample javaAPIExample = new JavaAPIExample(); javaAPIExample.init(args); javaAPIExample.runJavaAPIExample(); javaAPIExample.logout(); } /** * Initializes the Java API object and logs in to the Password Authority * Server. The String Array should contain the location of a Password * Authority key store, a Password Authority user name, the password of * that user, and the host name of a Password Authority Server. The order * of the arguments is fixed. If the String Array is null, the default * values will be used. * * @param args - The Java API arguments */ public void init(String[] args) { adminAPI = new AdminAPI(); if (args != null && args.length == 4) { if (args[0] != null) { passwordAuthorityServerKeyStore = args[0]; } if (args[1] != null) { passwordAuthorityUserName = args[0]; } if (args[2] != null) { passwordAuthorityUserPassword = args[0]; } if (args[3] != null) { passwordAuthorityServerHostName = args[0]; } } adminAPI.login(passwordAuthorityServerKeyStore, passwordAuthorityUserName, passwordAuthorityUserPassword, passwordAuthorityServerHostName ); } /** * A helper method which runs all add, update, search, view and delete * example methods. * */ public void runJavaAPIExample() { //Add addTargetServer(); addTargetApplication(); addTargetAccount(); addTargetAlias(); addRequestServer(); addRequestScript(); addAuthorization(); addTargetGroup(); addRequestGroup(); addFilter(); addRole(); addUserGroup(); addUser(); addPasswordPolicy(); addPasswordViewPolicy(); //Update updateUserGroup(); updateAgent(); //Search searchRequestServer(); //View Target Account Password viewTargetAccountPassword(); //Delete deletePasswordViewPolicy(); deletePasswordPolicy(); deleteUser(); deleteUserGroup(); deleteRole(); deleteRequestGroup(); deleteTargetGroup(); deleteAuthorization(); deleteTargetAlias(); deleteTargetServer(); deleteRequestScript(); deleteRequestServer(); } /** * Logs out of the Password Authority Server. */ public void logout() { adminAPI.logout(); } /** * Adds a Target Server. */ public void addTargetServer() { //Create a TargetServer instance by using AdminAPIFactory targetServer = AdminAPIFactory.createTargetServer(); targetServer.setHostName(TARGET_SERVER_HOST_NAME); //Use the add method to create a Target Server result = adminAPI.add(targetServer); System.out.println("addTargetServer: "+ result.getStatusMessage()); //Retrieves a target server object from the result of the add command. targetServer = result.getValueAsTargetServer(); //Prints the newly added Target server data. System.out.println("Target Server ID: " + targetServer.getID()); System.out.println("Target Server host name: " + targetServer.getHostName()); System.out.println("Target Server IP Address: "+ targetServer.getIPAddress()); } /** * Adds a Target Application. */ public void addTargetApplication() { //Create a Unix TargetApplication instance by using AdminAPIFactory targetApplication = AdminAPIFactory.createTargetApplication(); targetApplication.setTargetServerID(targetServer.getID()); targetApplication.setName(TARGET_APPLICATION_NAME); targetApplication.setType(TARGET_APPLICATION_TYPE); targetApplication.setExtendedAttribute(SSH_PORT_ATTRIBUTE, SSH_PORT); result = adminAPI.add(targetApplication); System.out.println("addTargetApplication: "+ result.getStatusMessage()); targetApplication = result.getValueAsTargetApplication(); } /** * Adds a Target Account. */ public void addTargetAccount() { //Create a TargetAccount instance by using AdminAPIFactory targetAccount = AdminAPIFactory.createTargetAccount(); targetAccount.setTargetApplicationID(targetApplication.getID()); targetAccount.setUserName(TARGET_ACCOUNT_USER_NAME); targetAccount.setPassword(TARGET_ACCOUNT_USER_PASSWORD); targetAccount.setPrivileged(false); //change setSynchronize to true if the Target Account is //to be synchronized. targetAccount.setSynchronize(false); targetAccount.setExtendedAttribute(USE_OTHER_ACCOUNT_TO_CHANGE_PASSWORD_ATTRIBUTE, String.valueOf(false)); result = adminAPI.add(targetAccount); System.out.println("addTargetAccount: "+ result.getStatusMessage()); targetAccount = result.getValueAsTargetAccount(); } /** * Adds a Target Alias. */ public void addTargetAlias() { //Create a TargetAlias instance by using AdminAPIFactory targetAlias = AdminAPIFactory.createTargetAlias(); targetAlias.setAccountID(targetAccount.getID()); targetAlias.setName(TARGET_ALIAS_NAME); result = adminAPI.add(targetAlias); System.out.println("addTargetAlias: "+ result.getStatusMessage()); targetAlias = result.getValueAsTargetAlias(); } /** * Adds a Request Server. */ public void addRequestServer() { //Create a RequestServer instance by using AdminAPIFactory requestServer = AdminAPIFactory.createRequestServer(); requestServer.setHostName(REQUEST_SERVER_HOST_NAME); result = adminAPI.add(requestServer); System.out.println("addRequestServer: "+ result.getStatusMessage()); requestServer = result.getValueAsRequestServer(); } /** * Adds a Request Script. */ public void addRequestScript() { //Create a RequestScript instance by using AdminAPIFactory requestScript = AdminAPIFactory.createRequestScript(); requestScript.setRequestServerID(requestServer.getID()); requestScript.setName(REQUEST_SCRIPT_NAME); requestScript.setExecutionPath(REQUEST_SCRIPT_EXECUTION_PATH); requestScript.setFilePath(REQUEST_SCRIPT_FILE_PATH); requestScript.setType(REQUEST_SCRIPT_TYPE); result = adminAPI.add(requestScript); System.out.println("addRequestScript: "+ result.getStatusMessage()); requestScript = result.getValueAsRequestScript(); } /** * Adds an Authorization. */ public void addAuthorization() { //Create an Authorization instance by using AdminAPIFactory authorization = AdminAPIFactory.createAuthorization(); authorization.setRequestServerID(requestServer.getID()); authorization.setScriptID(requestScript.getID()); authorization.setTargetAliasID(targetAlias.getID()); result = adminAPI.add(authorization); System.out.println("addAuthorization: "+ result.getStatusMessage()); authorization = result.getValueAsAuthorization(); } /** * Adds a Target Group. */ public void addTargetGroup() { //Create a Target Group instance by using AdminAPIFactory targetGroup = AdminAPIFactory.createGroup(); targetGroup.setName(TARGET_GROUP_NAME); targetGroup.setType(Group.TYPE_TARGET); result = adminAPI.add(targetGroup); System.out.println("addTargetGroup: "+ result.getStatusMessage()); targetGroup = result.getValueAsGroup(); } /** * Adds a Request Group. */ public void addRequestGroup() { //Create a Request Group instance by using AdminAPIFactory requestGroup = AdminAPIFactory.createGroup(); requestGroup.setName(REQUEST_GROUP_NAME); requestGroup.setType(Group.TYPE_REQUESTOR); result = adminAPI.add(requestGroup); System.out.println("addRequestGroup: "+ result.getStatusMessage()); requestGroup = result.getValueAsGroup(); } /** * Adds a Filter to an existing Group. */ public void addFilter() { //A filter can only be added to an existing group. Filter filter = AdminAPIFactory.createFilter(); //Set the group id to the id of an existing group object. filter.setGroupID(requestGroup.getID()); //AttributeName is the field on which to create the filter. filter.setAttributeName(RequestServer.BEAN_PROPERTY_HOSTNAME); filter.setType(Filter.TYPE_CONTAINS); //The object class id can be set to the CLASS_ID of any of the supported //objects. filter.setObjectClassID(RequestServer.CLASS_ID); filter.setExpression(FILTER_EXPRESSION); result = adminAPI.add(filter); System.out.println("addFilter: "+ result.getStatusMessage()); filter = result.getValueAsFilter(); } /** * Adds a Role with add, update and delete Request Server permissions. */ public void addRole() { //Create a Role instance by using AdminAPIFactory role = AdminAPIFactory.createRole(); role.setName(ROLE_NAME); role.addPermission(ROLE_ADD_REQUEST_SERVER); role.addPermission(ROLE_UPDATE_REQUEST_SERVER); role.addPermission(ROLE_DELETE_REQUEST_SERVER); result = adminAPI.add(role); System.out.println("addRole: "+ result.getStatusMessage()); role = result.getValueAsRole(); } /** * Adds a User Group. */ public void addUserGroup() { ArrayList newGroups = new ArrayList(); //Create a UserGroup instance by using AdminAPIFactory userGroup = AdminAPIFactory.createUserGroup(); userGroup.setName(USER_GROUP_NAME); //Create an ArrayList of the Group IDs that are to be added to the //UserGroup. newGroups.add(requestGroup.getID()); newGroups.add(targetGroup.getID()); userGroup.setGroupIDs(newGroups); userGroup.setRoleID(role.getID()); result = adminAPI.add(userGroup); System.out.println("addUserGroup: "+ result.getStatusMessage()); userGroup = result.getValueAsUserGroup(); } /** * Adds a Password Authority User. */ public void addUser() { ArrayList userGroupIDs = new ArrayList(); //Create a User instance by using AdminAPIFactory user = AdminAPIFactory.createUser(); user.setUserID(USER_USER_NAME); user.setPassword(USER_USER_PASSWORD); //Create an ArrayList of UserGroup IDs that are to be added to the //User. userGroupIDs.add(userGroup.getID()); user.setUserGroupIDs(userGroupIDs); result = adminAPI.add(user); System.out.println("addUser: "+ result.getStatusMessage()); user = result.getValueAsUser(); } /** * Adds a Password Composition Policy */ public void addPasswordPolicy() { //Create a PasswordPolicy instance by using AdminAPIFactory passwordPolicy = AdminAPIFactory.createPasswordPolicy(); passwordPolicy.setName(PASSWORD_POLICY_NAME); passwordPolicy.setDescription(PASSWORD_POLICY_DESCRIPTION); passwordPolicy.setExtendedAttribute(PasswordPolicy.MIN_LENGTH, String.valueOf(MINIMUM_PASSWORD_LENGTH)); passwordPolicy.setExtendedAttribute(PasswordPolicy.MAX_LENGTH, String.valueOf(MAXIMUM_PASSWORD_LENGTH)); passwordPolicy.setExtendedAttribute(PasswordPolicy.USE_ALPHA, String.valueOf(true)); result = adminAPI.add(passwordPolicy); System.out.println("addPasswordPolicy: "+ result.getStatusMessage()); passwordPolicy = result.getValueAsPasswordPolicy(); } /** * Adds a Password View Policy */ public void addPasswordViewPolicy() { //Create a PasswordViewPolicy instance by using AdminAPIFactory passwordViewPolicy = AdminAPIFactory.createPasswordViewPolicy(); passwordViewPolicy.setName(PASSWORD_VIEW_POLICY_NAME); passwordViewPolicy.setChangePasswordOnView(true); result = adminAPI.add(passwordViewPolicy); System.out.println("addPasswordViewPolicy: " + result.getStatusMessage()); passwordViewPolicy = result.getValueAsPasswordViewPolicy(); } /** * Updates an existing User Group. */ public void updateUserGroup() { //An update uses an object retrieved via a search command or //the output of a previous add or update. userGroup.setDescription(USER_GROUP_DESCRIPTION); result = adminAPI.update(userGroup); System.out.println("updateUserGroup: "+ result.getStatusMessage()); userGroup = result.getValueAsUserGroup(); System.out.println("updateUserGroup description: " + userGroup.getDescription()); } /** * Updates an Agent. */ public void updateAgent() { //Create an Agent instance by using AdminAPIFactory agent = AdminAPIFactory.createAgent(); agent.setID(AGENT_ID); agent.setHostName(AGENT_HOST_NAME); agent.setDeviceName(AGENT_DEVICE_NAME); agent.setActive(true); agent.setPreserveHostName(false); Attribute descriptor1 = AdminAPIFactory.createAttribute(); descriptor1.setName("descriptor1"); descriptor1.setValue(AGENT_DESCRIPTOR1); agent.setAttribute(descriptor1); Attribute descriptor2 = AdminAPIFactory.createAttribute(); descriptor2.setName("descriptor2"); descriptor2.setValue(AGENT_DESCRIPTOR2); agent.setAttribute(descriptor2); result = adminAPI.update(agent); System.out.println("addAgent: "+ result.getStatusMessage()); //Retrieves an agent object from the result of the add command. agent = result.getValueAsAgent(); //Print the newly added Agent data. System.out.println("Agent ID : " + agent.getID()); System.out.println("Agent Host Name : " + agent.getHostName()); System.out.println("Agent Device Name : " + agent.getDeviceName()); System.out.println("Agent Activation status : " + agent.isActive()); System.out.println("Agent Descriptor1 : " + agent.getExtendedAttributeValue("descriptor1")); System.out.println("Agent Descriptor2 : " + agent.getExtendedAttributeValue("descriptor2")); System.out.println("Agent Preserve Host Name : " + agent.isPreserveHostName()); } /** * Searches for a Request Server host name. * * If a parameter is specified, all matching Request Servers are * returned. If no parameter is specified, all Request Servers are * returned. */ public void searchRequestServer() { RequestServer searchRequestServer; List resultList; //To search, a Request object must be created and passed to the //AdminAPI execute method. request = new Request(); request.setCommand(AdminAPICommandNames.SEARCH_REQUEST_SERVER); request.setParameter( AdminAPIParameterNames.SEARCH_REQUEST_SERVER_HOST_NAME, REQUEST_SERVER_HOST_NAME); result = adminAPI.execute(request); System.out.println("searchRequestServer: "+ result.getStatusMessage()); //The search commands return a List object containing the result of //your search. resultList = result.getValueAsList(RequestServer.CLASS_ID); if (resultList.size() > 0) { searchRequestServer = (RequestServer) resultList.get(0); System.out.println("searchRequestServer host name: " + searchRequestServer.getHostName()); } } /** * Views a Target Account Password. The result depends on the Password * View Policy of the Target Account. */ public void viewTargetAccountPassword() { TargetAccount viewPasswordAccount; //To view a password, a Request object must be created and passed to //the AdminAPI execute method. request = new Request(); request.setCommand(AdminAPICommandNames.VIEW_ACCOUNT_PASSWORD); request.setParameter( AdminAPIParameterNames.VIEW_ACCOUNT_PASSWORD_TARGET_ACCOUNT_ID, targetAccount.getID()); request.setParameter( AdminAPIParameterNames.VIEW_ACCOUNT_PASSWORD_ADMIN_USER_ID, VIEW_TARGET_ACCOUNT_USER_NAME); request.setParameter( AdminAPIParameterNames.VIEW_ACCOUNT_PASSWORD_ADMIN_PASSWORD, VIEW_TARGET_ACCOUNT_USER_PASSWORD); request.setParameter( AdminAPIParameterNames.VIEW_ACCOUNT_PASSWORD_REASON, VIEW_TARGET_ACCOUNT_REASON); result = adminAPI.execute(request); System.out.println("viewTargetAccountPassword: "+ result.getStatusMessage()); if (result.getWarningMessage() != null && result.getWarningMessage().length() > 0) { System.out.println("viewTargetAccountPassword: " + result.getWarningMessage()); } viewPasswordAccount = result.getValueAsTargetAccount(); System.out.println("viewTargetAccountPassword password:" + viewPasswordAccount.getPassword()); } /** * Deletes an existing Password View Policy. */ public void deletePasswordViewPolicy() { //Delete a PasswordViewPolicy result = adminAPI.delete(passwordViewPolicy); //The delete method will return the deleted object for future reference. passwordViewPolicy = result.getValueAsPasswordViewPolicy(); System.out.println("deletePasswordViewPolicy: " + result.getStatusMessage()); } /** * Deletes a Password Composition Policy. */ public void deletePasswordPolicy() { //Delete a PasswordPolicy result = adminAPI.delete(passwordPolicy); System.out.println("deletePasswordPolicy: "+ result.getStatusMessage()); } /** * Deletes a Password Authority user. */ public void deleteUser() { result = adminAPI.delete(user); System.out.println("deleteUser: "+ result.getStatusMessage()); } /** * Deletes a Role. */ public void deleteRole() { result = adminAPI.delete(role); System.out.println("deleteRole: "+ result.getStatusMessage()); } /** * Deletes a User Group. */ public void deleteUserGroup() { result = adminAPI.delete(userGroup); System.out.println("deleteUserGroup: "+ result.getStatusMessage()); } /** * Deletes a Request Group. */ public void deleteRequestGroup() { //Delete a Group result = adminAPI.delete(requestGroup); System.out.println("deleteRequestGroup: "+ result.getStatusMessage()); } /** * Deletes a Target Group. */ public void deleteTargetGroup() { //Delete a Group result = adminAPI.delete(targetGroup); System.out.println("deleteTargetGroup: "+ result.getStatusMessage()); } /** * Deletes an Authorization. */ public void deleteAuthorization() { //Delete the Authorization result = adminAPI.delete(authorization); System.out.println("deleteAuthorization: "+ result.getStatusMessage()); } /** * Deletes a Target Alias. */ public void deleteTargetAlias() { //Delete the Target Alias result = adminAPI.delete(targetAlias); System.out.println("deleteTargetAlias: "+ result.getStatusMessage()); } /** * Deletes a Target Server. Deleting a Target Server will also delete * all associated Target Applications and Target Accounts. */ public void deleteTargetServer() { //Delete the Target Server result = adminAPI.delete(targetServer); System.out.println("deleteTargetServer: "+ result.getStatusMessage()); } /** * Deletes a Request Script. */ public void deleteRequestScript() { //Delete the Request Script result = adminAPI.delete(requestScript); System.out.println("deleteRequestScript: "+ result.getStatusMessage()); } /** * Deletes a Request Server. */ public void deleteRequestServer() { //Delete the Request Server result = adminAPI.delete(requestServer); System.out.println("deleteRequestServer: "+ result.getStatusMessage()); } }