Expand my Community achievements bar.

Don’t miss the AEM Skill Exchange in SF on Nov 14—hear from industry leaders, learn best practices, and enhance your AEM strategy with practical tips.
SOLVED

How to get the user domain with the Flex API

Avatar

Level 1

Hi there

i made a custom application runing inside the LC workspace. There I get the LC SessionMap for the server communication as well as some user information:

// Get the session from the owning application
var session:SessionMap = SessionMap(Application.application.session);
var manager:ISessionManager = ISessionManager(session.getObject("lc.core.ISessionManager"));
username = manager.authenticatedUser.userid;
userdomain = manager.authenticatedUser.domain;

but unfortunately the userdomain is always null regardless that the user is definitely related to the default domain "DefaultDom". So how else can I load the domainname for the logged in user?

Thx Simon

1 Accepted Solution

Avatar

Correct answer by
Level 4

Hi Simon,

You can also look into using the DirectoryManagerServiceClient from you Java component and use its findPrincipal API. This would allow you to invoke the LC UserManager API from Java code itself and would obviate the need for going via DB

View solution in original post

7 Replies

Avatar

Level 10

Try to directly access the Adobe DB and find the Domain using the UserId (UIDSTRING column) in EDCPRINCIPALUSERENTITY table

Here are some tips:

1. Find the REFPRINCIPALID from EDCPRINCIPALUSERENTITY table for the given UIDSTRING

2. Find the REFDOMAINID from EDCPRINCIPALENTITY table for the given ID as retrieved from step1

3. Find the COMMONNAME from EDCPRINCIPALDOMAINENTITY table for the given ID as retrieved from step 2

Nith

Avatar

Level 4

Simon,

This looks like a bug. Would try to confirm that with the team.

Now to get the Domain. You can try invoking the DirectoryManager.findPrincipal(oid). It would return a Principal object from there you can use domainName and domainCommonName to get the Domain details. The oid can be obtained from the user object returned by the sessionmanager

Nith - Thanks for suggesting the approach. But a user can use LC API to get user details rather than directly accessing the DB. The brute force should be used as a last resort

Avatar

Level 1

Hi

I'm actually using this dirty workaround mentioned by $Nith$ at the moment. I'm doing this because I need to invoke a custom java compoent anyway at this point and in the code it is quite easy for me to query the database directly. But a proper solution would be preferable anyway! So hoping that a bugfix for that will be included in one of the next versions.

Thanx anyway!

Simon

Avatar

Correct answer by
Level 4

Hi Simon,

You can also look into using the DirectoryManagerServiceClient from you Java component and use its findPrincipal API. This would allow you to invoke the LC UserManager API from Java code itself and would obviate the need for going via DB

Avatar

Level 1

Oh yes, that looks really good! It's a pity that it is quite hard to find such information in the documentation!

Avatar

Former Community Member

I know you've indicated that you are getting this info by some custom java coding but thought you might be interested in an alternative.  First, regardless of which approach you use, you should only make a server call to get the domainName if it is empty. We will be updating the code to populate the domainName field of User object in a (ES2) ServicePack so your code should prepare for this.

The Workspace SessionManger class has a getRemotingEndpoint() method that can be used to hit any LiveCycle service that supports the REMOTING connector.  Since the DirectoryManagerService is only accessible by admins/system contexts and you likely don't want to open up all the APIs on this service to the masses, I suggest that you use Workbench to create a new process called getDomain with the following contents:

- an input var called oid (a string),

- an output called domainName (also a string),

- uses the UserLookupService.findUser service (set to ExactMatch, map oid to the Universal ID filter field and map the output to a variable called user (type = User),

- add a SetValue that sets the domainName output var from the user.domainName field

From the Adminui, set the Security on the getDomain service to give AllPrincipals the INVOKE_PERM permission and set the RunAs to System (latter is to permit the UserLookupService call to work).

The Workspace code to call this is:

var theService:RemoteObject = sessionManager.getRemotingEndpoint("testapp/getDomain");
var theOperation:AbstractOperation = theService.getOperation("invoke");
var theToken:AsyncToken = theOperation.send({oid:sessionManager.authenticatedUser.oid});
theToken.addResponder(new DefaultResponder(
     function /* result handler */(event:ResultEvent):void
     {
         trace("getDomain RemotingCall Success");
         trace("**** domainName="+event.result.domainName);
     },
     function /* fault handler */(event:FaultEvent):void
     {
         trace("getDomain RemotingCall Fault");
     }
));

This was all done on ES2 but the concept is applicable to ES Update 1 as well ( I just didn't test it there).

Avatar

Level 1

thanks jon, this is a really elegant solution! Sure, we keep in mind that this bug (hopefully) will be fixed in on of the next LC releases and we are able to remove this temporary solution.

greez simon