You are here

Web Proxy channel - passing role attribute

Submitted by baumli on Fri, 01/09/2009 - 10:29

I've made a few of these types of channels to grab the username or display name, but how do I grab the user's roles? For example, I would like to know if someone has an admin role so that they can monitor the channel. Let's say user has Student,Faculty,Admin roles. When I send the roles, it only gets the last one. It doesn't send them all like in a string, or even an array. Am I missing something here, or am I asking too much out of the system?

Luminis Version:


If it's done via JSP, I *believe* you can just create an enumeration object, point it to the role variable, then loop through the enumeration.

If you are using jsp in your web proxy, this is the code we use to loop through pdsExternalSystemID's.
In this code, we are looking for the pdsExternalSystemID who ends in ::sct
So you could change it to 'admin' or whatever you want to search for, and change pdsExternalSystemID to pdsRole.

 private String getUserID(HttpServletRequest hsr)
	throws PortalSecurityException
 	StringBuffer sb = new StringBuffer(); 
	SimplePersonManager spm = new SimplePersonManager();
	IPerson i = spm.getPerson(hsr);
	Object [] idAllArray = i.getAttributeValues("pdsExternalSystemID") ; 
	String goodStr = "";
	for (int loop=0; loop  0) 
			if ((lowcheckStr.indexOf("::sctinb") 

Hey Jason,

Thanks for the post. We're having trouble using this code (our development machines) because
we keep getting "NullPointerExecption" errors. Instead of getting the "pdsExternalSystemID" we will
be getting "pdsRole".

Please advise.

Did you edit your personDirectory.xml file in $CP_WEBINF/uPortal/properties ?

Should look like this:
<entry key="pdsRole">

"entry key=pdsRole" is the name matching a ldap attribute, and the "<value>pdsRole</value>" is the variable name that you would like to use to return it.

Thanks for responding Jason.

Yes. We got that working but it only returns the last value "pdsRole ." Using your code would only return one value , but we know that "pdsRole" has more then one value.

Listed below is a portion of our mapping.

<entry key="sn"> <value>urn:mace:dir:sn</value></entry>
<entry key="displayName"> <value>urn:mace:dir:displayName</value></entry>
<entry key="givenName"> <value>urn:mace:dir:givenName</value></entry>
<entry key="pdsLoginId"> <value>urn:sungardhe:dir:loginId</value></entry>
<entry key="pdsAcademicMajor"> <value>urn:sungardhe:dir:academicMajor</value</entry>
<entry key="pdsRole"> <value>urn:sungardhe:dir:role</value></entry>

This may help, what I didn't realize is that it sends the variables like in a url for example:

When I was just grabbing role, it would only grab the last variable that was 'role'. What I needed to do instead was loop through each variable and save it in an array. I think your mapping is correct, it just sounds like you aren't looping through all the roles sent.

Try this to loop and get all the roles.

 private String getRole(HttpServletRequest hsr)
	throws PortalSecurityException
 	StringBuffer sb = new StringBuffer(); 
	SimplePersonManager spm = new SimplePersonManager();
	IPerson i = spm.getPerson(hsr);
	Object [] idAllArray = i.getAttributeValues("pdsRole") ; 
	String checkStr = "";
	for (int loop=0; loop < idAllArray.length; loop++) 
		checkStr = idAllArray[loop].toString() +","+ checkStr ;


	return sb.toString();
<%= getRole(request) %>

Listed below is the error I keep getting....


Maybe this method is expecting something in the "request" object (ie. URL) that
it not getting from the portal or something I'm have yet passed it ?????

Let me know if I'm wrong!!

You need to change your "value" section in your personDirectory.xml mapping for pdsRole to either match the code, or change pdsRole in my code to your value.

Personally, I prefer to make my own variable name (value) rather than use the longer urn:sungardhe type names.

For instance.

<entry key="pdsRole">
<value>pdsRole</value> <---What the jsp will use as the variable name for pdsRole

Also, make sure to wrap the value section with a set tag. I found that necessary when using custom value names.

Recently our school needs to develop a feature which shows the age of the user’s password in a channel against AD, that means once user login to luminis, a channel shows user’s password expired status to the user.

I saw your code, could you let me know how can you include your jsp to the channel, how can you pass the "hsr" to the jsp? You created your channel by using "jsp model II" typel?


Here's how we get the roles as a comma-delimited list using JSP:

		String[] role = request.getParameterValues("pdsRole");
 		String roles         = role[0];
		for(int i=1; i<role.length; i++)
				roles = roles.concat(",");
				roles = roles.concat(role[i]);

Jason are you really using the values passed via cWebProxy? For your code could you try this and see if it works too:

    	      PersonManager_3 i = (PersonManager_3) ManagerFactory.getManager( PersonManager_3.ID );
	      Person_3 thisUser = i.getCurrentPerson();
	      Map sIDs  = thisUser.getExternalSystemIds(); 
	      String sb = ( String ) sIDs.get("sct");		

Sorry for all the confusion, this is in PHP. I'm trying to do what the examples above are doing in JSP, however I can't ever get it to display more then 1 role.

Roles from cptool get user:
Role: admin, student, faculty

In PHP I get the roles (or try to)
$luminis_role = $_GET["urn:sungardhe:dir:role"];

Then display them:
echo "

Always displays only the last role from the cptool list.

Do I need to make a change somehow in the parameters passed to the channel? Right now I just have:
Default IPerson Attributes to Pass (cw_person) urn:sungardhe:dir:role
Restrict IPerson Attributes Passing to These (cw_personAllow) urn:sungardhe:dir:role

Oh your right, we weren't using Web Proxy. This would be an inline frame channel using the following

%@ page import="java.util.*" %>
%@ page import="*" %>
%@ page import="*" %>
%@ page import="javax.servlet.http.HttpServletRequest" %>
%@ page import="javax.servlet.http.HttpServletResponse" %>

I should note, to be honest, I've never understood the desire to use the web proxy channel when the ldap and db is available from personManager. But I should also note, I'm much more of an analyst, another person in our department actually coded the jsp:)

There are several channels that we have that are the webproxy type. The php server is seperate from luminis, but on the same box. We also have sql server connected to the php server, so we use the webproxy to send the username to the php which in turn sends it to the sql server. It probably would be easier to add all of this to the luminis db, however I would rather keep non-luminis information out of the luminis db. We had lots of problems bringing luminis online, I would rather not crash it while messing with a non-critical channel.

Oh, I do the same thing, but with jsp. We have a single-sign-on.jsp file that passes username/uid/whatever to external code on other systems.

Like, we have a 'order a parking permit' app written in coldfusion on another server. There is a link in the portal like single-sign-on.jsp?app=parking which grabs the iPerson/personManger info, hashes it, and then redirects that URL click to externalpage.cfml?username=someuser&hash=somehash

I just never liked having to devote an entire channel for the purpose of passing information to an external system. using the personManger/iPerson code, it can be a link in any channel type.

I would agree with you that you shouldn't use a channel just for grabbing the information, but we aren't using this as a pass through. One example is our shoutbox channel written in php. We grab the user's display name so that when they enter a message, their name is displayed next to it. Its good to use anytime you want to stay inside the channel, if you want to open a new window then a link is fine.

*After thinking about that, I suppose I could do the same thing, only instead of a webproxy channel, use a remote url and add the parameters to the url. Not sure of the advantage of that over the web proxy type though.

**I don't think that will work, doing a redirect to another page would break it out of the channel, unless you use an inline frame or something, then you are right back to using the web proxy type. It works fine for what we need to it do, but its always good to look at other options.

Created an account because I had to say thanks! The two last lines of code there really helped me!

Try this:
$myroles should contain a comma delimited list of roles, assuming your attribute is named 'role'.

	$php_self = $_SERVER['REQUEST_URI'];
	$qs     = split("\?",$php_self);
	$pr     = split("&",$qs[1]);
	$myroles = "";
	for($i=0; $i<sizeof($pr); $i++)
		$theRole = split("=",$pr[$i]);
		if($theRole[0] == "role")
			if(strlen($myroles) == 0)
				$myroles .= $theRole[1];
				$myroles .= "," . $theRole[1];
<?php echo "<p>ROLES: $myroles"; ?>

Try it out here:

That works perfect. I forgot that you could grab the url fields even though you didn't see them. So each time I was only grabbing the last one.

In the example above, instead of role, I had urn:sungardhe:dir:role since that was the attribute I was passing.

Hi guys,

Sometimes I get the java.lang.nullexecption when i call this method. I get this error most of the time when i call getRole method. But sometimes it gives me the required result.

Usually java.lang.nullexception occurs when the object  returns a null value.

Does any one get this message? How did you solve it for these methods?


 private String iPersonStuff(HttpServletRequest hsr)

throws PortalSecurityException


StringBuffer sb = new StringBuffer();

SimplePersonManager spm = new SimplePersonManager();

IPerson i = spm.getPerson(hsr);

sb.append( "IPerson username: " + (String)i.getAttribute("username") + "<br/>" );

sb.append( "IPerson pdsEmailDefaultAddress: " + (String)i.getAttribute("emailDefaultAddress") + "<br />" );

sb.append( "IPerson pdsRole: " + (String)i.getAttribute("role") + "<br />" );

sb.append( "IPerson displayName: " + (String)i.getAttribute("displayName") + "<br />" );

sb.append( "IPerson firstName: " + (String)i.getAttribute("firstName") + "<br />" );

sb.append( "IPerson lastName: " + (String)i.getAttribute("lastName") + "<br />" );

return sb.toString();





private String getEmail(HttpServletRequest hsr)

throws PortalSecurityException


StringBuffer sb = new StringBuffer();

SimplePersonManager spm = new SimplePersonManager();

IPerson i = spm.getPerson(hsr);


return sb.toString();


<% getEmail %>