Child pages
  • Using a router filter to intercept, inspect and modify REST request data
Skip to end of metadata
Go to start of metadata

The following example demonstrates the use of a OpenIDM router filter which inspects incoming CREATE or UPDATE requests and modifies the request data based on the source of the request. The purpose of this example is to demonstrate how one could distinguish between managed objects being created or updated via reconciliation vs direct HTTP requests.

Creating the router filter

Add the following to your projects conf/router.json file:

Update request filter definition
{
    "pattern" : "^managed/user.*",
    "onRequest" : {
        "type" : "text/javascript",
        "file" : "script/updateRequest.js"
    },
    "methods" : [
        "create",
        "update"
    ]
}

 

Create the updateRequest.js script within your projects script directory:

script/updateRequest.js
var trigger = request.parent.parent['trigger'];

if (trigger === undefined || trigger === null) {
   request.value['description'] = "Updated by direct HTTP request.";
} else 
   request.value['description'] = "Updated by indirect trigger: " + trigger;
}

 

NOTE: Attached is a requestUpdateFilter.tar.gz file which contains the complete sample, including the LDAP provisioner configuration required by the sample.

 

Executing the Sample

Create managed user via direct HTTP request
curl -u openidm-admin:openidm-admin -d '{"email":"test@test.com","ldapGroups":[],"familyName":"User","userName":"test.user","givenName":"Test","displayName":"Test User","phoneNumber":"111-111-1111","accountStatus":"active","postalCode":"","stateProvince":"","address1":"","address2":"","country":"","city":""}' "http://localhost:8080/openidm/managed/user?_action=create"

{"_id":"3a4fe3aa-a61f-40d4-bfb9-ef59a1c0dd92","_rev":"0"}
Create LDAP account directly on external system
curl -u openidm-admin:openidm-admin -d '{"ldapGroups":[],"mail":"test2@test.com","sn":"User","cn":"Test2 User","uid":"test2.user","givenName":"Test2","dn":"uid=test2.user,ou=People,dc=example,dc=com"}' "http://localhost:8080/openidm/system/ldap/account?_action=create"

{"ldapGroups":[],"mail":"test2@test.com","sn":"User","cn":"Test2 User","uid":"test2.user","givenName":"Test2","dn":"uid=test2.user,ou=People,dc=example,dc=com","_id":"uid%3Dtest2.user%2Cou%3DPeople%2Cdc%3Dexample%2Cdc%3Dcom"}
Create managed user via LDAP recon
curl -u openidm-admin:openidm-admin --request POST "http://localhost:8080/openidm/recon?_action=recon&mapping=systemLdapAccounts_managedUser"

{"_id":"e6338d8f-2563-454a-af76-923ccc402945"}
Query managed users in repository
curl -u openidm-admin:openidm-admin --request GET "http://localhost:8080/openidm/managed/user/?_queryId=query-all-ids"

{"query-time-ms":0,"result":[{"_id":"3a4fe3aa-a61f-40d4-bfb9-ef59a1c0dd92","_rev":"0"},{"_id":"54ad7560-bb71-451e-9b0a-984370398864","_rev":"0"}],"conversion-time-ms":0}
Read managed users from the repository
curl -u openidm-admin:openidm-admin "http://localhost:8080/openidm/managed/user/3a4fe3aa-a61f-40d4-bfb9-ef59a1c0dd92"

{"_id":"3a4fe3aa-a61f-40d4-bfb9-ef59a1c0dd92","_rev":"0","email":"test@test.com","ldapGroups":[],"familyName":"User","userName":"test.user","givenName":"Test","displayName":"Test User","phoneNumber":"111-111-1111","accountStatus":"active","postalCode":"","stateProvince":"","address1":"","address2":"","country":"","city":"","description":"Updated by direct HTTP request."}


curl -u openidm-admin:openidm-admin "http://localhost:8080/openidm/managed/user/54ad7560-bb71-451e-9b0a-984370398864"

{"_id":"54ad7560-bb71-451e-9b0a-984370398864","_rev":"0","email":"test2@test.com","description":"Updated by indirect trigger: recon","familyName":"User","userName":"test2.user","givenName":"Test2","displayName":"Test2 User"}

 

Expected Results

  1. The managed user (test.user) which was created via direct HTTP request has it's description attribute set to "Updated by direct HTTP request.".
  2. The managed user (test2.user) which was create via LDAP recon has it's description attribute set to "Updated by indirect trigger: recon".

 

  • No labels