We are delighted to announce that our custom development offering, soapClient.jar, has been uploaded to the Belkast GIT repository.

We use IntelliJ IDEA Community Edition for our Java development. We have previously used Eclipse, but we now find that IntelliJ is far superior in almost every way.

We also use the Azul LTS JDK for compiling the program, as the JDK is supported until 2029.

What is soapClient?

It ia a JAVA program, soapClient.jar, that allows one to send data to a SOAP service using an XML template file and an input CSV file. The program reads a configuration file which defines different aspects of the program including:

  • SOAP Service URL
  • SOAP Service Username
  • SOAP Service Password
  • Does SOAP Service require authentication
  • Whether to use SSL
  • Java Keystore
  • Java Keystore Password
  • XML template File
  • CSV input File
  • Are empty CSV values allowed
  • Username format for authentication

Command line parameters

–props

This is the location of the properties file to be processed by the program. If not specified, props.conf will be used.

–key

This is the key (must be 16 characters) which is used to encrypt the password that is stored in the configuration file.

–encrypt

This is the value to encrypt using the encryption key. You need to pass both –key and –encrypt in order to get a correct result.

–debug

This parameter takes no value and, if present, displays debug information on the screen. The debug information is always written to the debug.log file.

Helper scripts

linux_verify.sh

The bash script shown below can be used to verify the contents of the CSV input file.

#!/bin/bash

JAVA=/usr/local/bin/java
$JAVA -cp lib/commons-codec-1.17.1.jar:lib/commons-csv-1.12.0.jar:lib/commons-io-2.18.0.jar:lib/jcommander-1.82.jar:lib/soapClient.jar com.belkast.soap.userVerify

linux_runner.sh

The bash script shown below can be used to run the program.

#!/bin/bash

JAVA=/usr/local/bin/java
$JAVA -cp lib/commons-codec-1.17.1.jar:lib/commons-csv-1.12.0.jar:lib/commons-io-2.18.0.jar:lib/jcommander-1.82.jar:lib/soapClient.jar com.belkast.soap.webService "$@"

Program components

Do not forget to include the following four JAR files as dependencies when building the soapClient.jar.

Configuration file

This is the main file containing the settings used by the program, and one with settings similar to those shown below is all you need to get started.

SHIM_URL = https://test.mycompany.com:8443/IDMProv/role/service
USERNAME = cn=keitha,ou=active,ou=users,o=belkast
PASSWORD = PT9TKHwFgJCxATJtAAMtMwtIF0UjFal6fo5riBN+ExY=
AUTH_REQUIRED = true
SSL = true 
JAVA_KS_LOCATION = ldap.keystore
JAVA_KS_PASSWORD = changeit
XML_FILE = USER_TO_ROLE.xml
CSV_FILE = msalah.csv
CSV_ALLOW_EMPTY_COLUMN_VALUES = true
USERNAME_FORMAT = (cn=.+?),ou=Active,ou=Users,o=Belkast

Default Values

The settings listed below are not required to be included in the configuration file. If not present, they will be assigned the default values shown below.

  AUTH_REQUIRED : true
  SSL : true
  CSV_ALLOW_EMPTY_COLUMN_VALUES : false
  USERNAME_FORMAT : ^.+$

Username and Password

If the configuration file specifies that authentication to the SOAP Service is required, and either the USERNAME or PASSWORD is not specified, you will be asked to enter the missing values.

Please enter a username [ (cn=.+?),ou=Active,ou=Users,o=Belkast ] :
Please enter your password :

XML template file

This is the XML file that is sent to the SOAP service once all search and replace tokens have been processed.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://www.novell.com/role/service">
   <soapenv:Header/>
   <soapenv:Body>
      <ser:requestRolesAssignmentRequest>
         <!--Optional:-->
         <ser:assignRequest>
            <ser:actionType>grant</ser:actionType>
            <ser:assignmentType>USER_TO_ROLE</ser:assignmentType>
            <ser:identity>USER_DN</ser:identity>
            <ser:reason>DESC</ser:reason>
            <ser:roles>
               <!--Zero or more repetitions:-->
               <ser:dnstring>
              	<ser:dn>ROLE_DN</ser:dn>
               </ser:dnstring>
            </ser:roles>
         </ser:assignRequest>
      </ser:requestRolesAssignmentRequest>
   </soapenv:Body>
</soapenv:Envelope>

Java keystore

If the SOAP service uses https you have one of two options when choosing which keystore to use:

  • Use a local keystore, which must be specified in the configuration file and must contain all necessary certificates
  • Use the systemwide JRE or JDK keystore. Once again, this must contain all necessary certificates

Encrypt a password

To encrypt a password value, run the linux_runner.sh bash script as shown below.

./linux_runner.sh --key 420CondoCondo420 --encrypt Password123

Clear Text Password : Password123
Encryption Key      : 420CondoCondo420
Encrypted / Encoded : PT9TKHwFgJCxATJtAAMtMwtIF0UjFal6fo5riBN+ExY=
Decoded / Decrypted : Password123

Verification of the CSV input file

To verify the CSV input file, run the linux_verify.sh bash script as shown below.

./linux_verify.sh

Assume we want to process the CSV input file, msalah.csv, shown below.

USER_DN,ROLE_DN,DESC
"cn=msalah,ou=admins,o=belkast","cn=TestRole,o=belkast","Test Load"

Running the linux_verify.sh bash script would result in the following output.

./linux_verify.sh

Please enter the name of the CSV file to validate : msalah.csv
Invalidate a line if there are empty column values? (Y/n) : Y

CSV input file     : msalah.csv
CSV block on empty : true
CSV header tokens  : USER_DN,ROLE_DN,DESC

## 2 [passed]

CSV lines read    : 1
CSV lines passed  : 1
CSV lines failed  : 0

record 1 key : USER_DN
record 1 val : cn=msalah,ou=admins,o=belkast
record 1 key : ROLE_DN
record 1 val : cn=TestRole,o=belkast
record 1 key : DESC
record 1 val : Test Load

CSV file records  : 1
CSV file is valid : true

If we had a second line with a missing DESC value, the program would return an error as shown below.

...
USER_DN,ROLE_DN,DESC
"cn=msalah,ou=admins,o=belkast","cn=TestRole,o=belkast","Test Load 1"
"cn=msalah,ou=admins,o=belkast","cn=TestRole,o=belkast",""

## line 2 [passed]
!! line 3 [failed] : the DESC token value is empty
!! line 3 [failed] : "cn=msalah,ou=admins,o=belkast","cn=TestRole,o=belkast",""
!! line 3 [failed] : {DESC=, ROLE_DN=cn=TestRole,o=belkast, USER_DN=cn=msalah,ou=admins,o=belkast}

CSV lines read   : 2
CSV lines passed : 1
CSV lines failed : 1

CSV file records  : 0
CSV file is valid : false

Example usage

To run the program, just run the linux_runner.sh bash script shown at the beginning of this README.

Getting Help

If you run the linux_runner.sh bash script with no command line parameters, you will receive a help screen as shown below.

./linux_runner.sh 

Usage: <main class> [options]
  Options:
    --debug
      Display debug information on the screen (no value required)
      Default: false
    --encrypt
      Value to encrypt using the encryption key
    --key
      Encryption key (must be 16 characters)
    --props
      Location of the properties file

With command line parameters

Please note that if the –key command line parameter and the –encrypt command line parameter are specified, the program will encrypt the passed value and exit.

The program checks for the following potential issues before sending the SOAP XML to the SOAP service:

  • The --key command line parameter is specified:
    • If specified, it must have a length of 16 characters
    • If NOT specified, you will be asked to enter it
  • The --props command line parameter is specified:
    • If specified, there is a check to make sure that the file exists
  • If configured, check that the encrypted password can be decrypted
  • The CSV input file must exist
  • The XML template file must exist

A simple example is shown below.

./linux_runner.sh --debug true --key 420CondoCondo420 --props props_USER_TO_ROLE.conf

props_USER_TO_ROLE.conf => SOAP URL : https://test.mycompany.com:8443/IDMProv/role/service
props_USER_TO_ROLE.conf => Authentication required : true
props_USER_TO_ROLE.conf => Use SSL : true
props_USER_TO_ROLE.conf => JAVA keystore : ldap.keystore
props_USER_TO_ROLE.conf => JAVA keystore password : changeit
props_USER_TO_ROLE.conf => XML File : USER_TO_ROLE.xml
props_USER_TO_ROLE.conf => CSV File : msalah.csv
props_USER_TO_ROLE.conf => CSV allow empty : false
props_USER_TO_ROLE.conf => Username : cn=keitha,ou=active,ou=users,o=belkast
msalah.csv : CSV file is valid  : true
msalah.csv : records to process : 1

Processing record 1
Record 1 : [cn=msalah,ou=admins,o=belkast, cn=TestRole,o=belkast, Test Load]
Record 1 : USER_DN => cn=msalah,ou=admins,o=belkast
Record 1 : ROLE_DN => cn=TestRole,o=belkast
Record 1 : DESC => Test Load

For each of the lines in the input CSV file, the corresponding XML data is sent to the SOAP service. The XML data shown below is the data that is sent for our particular example. Notice that the tokens have been replaced with the data from the corresponding line in the CSV input file.

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ser="http://www.novell.com/role/service">
<soapenv:Header/>
<soapenv:Body>
   <ser:requestRolesAssignmentRequest>
   <!--Optional:-->
      <ser:assignRequest>
         <ser:actionType>grant</ser:actionType>
         <ser:assignmentType>USER_TO_ROLE</ser:assignmentType>
         <ser:identity>cn=msalah,ou=admins,o=belkast</ser:identity>
         <ser:reason>Test Load</ser:reason>
         <ser:roles>
         <!--Zero or more repetitions:-->
            <ser:dnstring>
               <ser:dn>cn=TestRole,o=belkast</ser:dn>
            </ser:dnstring>
         </ser:roles>
      </ser:assignRequest>
   </ser:requestRolesAssignmentRequest>
</soapenv:Body></soapenv:Envelope>