Merge pull request #361 from oracle-devrel/access-extension-notification

Add access-extension-notification scheduled task sample for OIG

Author: oheimburger

security/identity-and-access-management/oracle-identity-governance/scheduled-task-samples/access-extension-notification/LICENSE

@@ -0,0 +1,35 @@
+Copyright (c) 2023 Oracle and/or its affiliates.
+
+The Universal Permissive License (UPL), Version 1.0
+
+Subject to the condition set forth below, permission is hereby granted to any
+person obtaining a copy of this software, associated documentation and/or data
+(collectively the "Software"), free of charge and under any and all copyright
+rights in the Software, and any and all patent rights owned or freely
+licensable by each licensor hereunder covering either (i) the unmodified
+Software as contributed to or provided by such licensor, or (ii) the Larger
+Works (as defined below), to deal in both
+
+(a) the Software, and
+(b) any piece of software and/or hardware listed in the lrgrwrks.txt file if
+one is included with the Software (each a "Larger Work" to which the Software
+is contributed by such licensors),
+
+without restriction, including without limitation the rights to copy, create
+derivative works of, display, perform, and distribute the Software and make,
+use, sell, offer for sale, import, export, have made, and have sold the
+Software and the Larger Work(s), and to sublicense the foregoing rights on
+either these or other terms.
+
+This license is subject to the following condition:
+The above copyright notice and either this complete permission notice or at
+a minimum a reference to the UPL must be included in all copies or
+substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

security/identity-and-access-management/oracle-identity-governance/scheduled-task-samples/access-extension-notification/README.md

@@ -0,0 +1,60 @@
+# Access Extension Notification Scheduled Task
+
+This asset contains the code and deployment items for a scheduled task designed to notify users of any expiring access and to allow them to extend expiration dates by a set number of days. This is achieved by including unique actionable links in the notification emails.
+
+The scheduled task needs to be used in conjunction with the Extend Access WebService in order to provide the end-to-end access extension functionality.
+
+Developed on and compatible with OIG 11g R2 PS3 and above.
+
+## When to use this asset?
+
+When there's a need to provide or demonstrate the functionality described above or something similar, which can be adapted from the provided code.
+
+## How to use this asset?
+
+### Pre-requisites and dependencies
+
+The scheduled task uses the `javax.mail` interface in order to send emails, and also parts of the `jaxb-api` interface for generating UUIDs.
+
+As such, the following jar files are required as dependencies and need to be used during the build process, **and also uploaded as third party jars** to the OIM deployment node:
+- javax.mail.jar
+- jaxb-api-2.3.1.jar
+
+### Building and deployment
+
+Here's a short build and deployment checklist:
+
+1. Use an SQL client, such as SQLDeveloper, to connect to the OIM DB schema (e.g. DEV_OIM) and execute `EXTEND_ACCESS.sql` to create the required data table
+2. Import any additional artifacts using deployment manager, such as the `Access_Extension_Template.xml` file
+3. Generate a jar file containing the sample code.
+4. Upload the jar file to an OIG environment using OIG's command line "Jar Upload" utility. Also remember to upload the dependencies as "3. ThirdParty" jars.
+5. Use the Enterprise Manager web interface to upload the scheduled task metadata/definition into the MDS repository.
+6. Create a scheduled task in OIG based on the uploaded definition.
+
+Please see the useful link below for detailed build and deployment steps.
+
+### Executing the scheduled task
+
+The following items need to be populated as part of the scheduled job parameters:
+- Days Before Expiration: Number of days before the email is sent, e.g. 7
+- Extension Days: Extension days to be added to existing end dates, e.g. 60
+- Extension Link Text: Text to be included part of the actionable extension links, e.g. Click here to extend access
+- REST WS Endpoint URL: Endpoint URL for the access extension REST webservice, e.g. http://127.0.0.1:14000/extend_access/rest
+- Email Template Name: Email template name for the email, e.g. Access_Extension_Template
+- SMTP Mail Server Hostname: Hostname of the SMTP Mail server, e.g. localhost
+- SMTP Mail Server TLS: Enable or disable SMTP TLS, e.g. No
+- SMTP Mail Server Port: Port of the SMTP Mail server, e.g. 25
+
+[Consult this section](https://docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.4/omusg/managing-jobs-1.html#GUID-71BB3623-AEE2-4F64-BBD4-D921DCA39D7C) on how to manually start or schedule a job.
+
+## Useful Links
+
+[Oracle Identity Governance developer's guide - Developing scheduled tasks](https://docs.oracle.com/en/middleware/idm/identity-governance/12.2.1.4/omdev/developing-scheduled-tasks.html#GUID-F62EF833-1E70-41FC-9DCC-C1EAB407D151)
+
+# License
+
+Copyright (c) 2023 Oracle and/or its affiliates.
+
+Licensed under the Universal Permissive License (UPL), Version 1.0.
+
+See [LICENSE](https://github.com/oracle-devrel/technology-engineering/blob/main/LICENSE) for more details.

security/identity-and-access-management/oracle-identity-governance/scheduled-task-samples/access-extension-notification/files/Access_Extension_Notification.xml

@@ -0,0 +1,19 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<scheduledTasks xmlns="http://xmlns.oracle.com/oim/scheduler">
+<task>
+<name>Access Extension Notification</name>
+<class>com.oracle.sample.AccessExtensionNotification</class>
+<description>Access Extension Notification</description>
+<retry>1</retry>
+<parameters>
+<string-param required="true" encrypted="false" helpText="Number of days before the email is sent.">Days Before Expiration</string-param>
+<string-param required="true" encrypted="false" helpText="Extension days to be added to existing end dates.">Extension Days</string-param>
+<string-param required="true" encrypted="false" helpText="Text to be included part of the actionable extension links">Extension Link Text</string-param>
+<string-param required="true" encrypted="false" helpText="Endpoint URL for the access extension REST webservice.">REST WS Endpoint URL</string-param>
+<string-param required="true" encrypted="false" helpText="Email template name for the email.">Email Template Name</string-param>
+<string-param required="true" encrypted="false" helpText="Hostname of the SMTP Mail server.">SMTP Mail Server Hostname</string-param>
+<boolean-param required="true" encrypted="false" helpText="Enable or disable SMTP TLS.">SMTP Mail Server TLS</boolean-param>
+<string-param required="true" encrypted="false" helpText="Port of the SMTP Mail server (typically 25).">SMTP Mail Server Port</string-param>
+</parameters>
+</task>
+</scheduledTasks>

security/identity-and-access-management/oracle-identity-governance/scheduled-task-samples/access-extension-notification/files/Access_Extension_Template.xml

@@ -0,0 +1,9 @@
+<?xml version = '1.0' encoding = 'UTF-8'?>
+<xl-ddm-data version="12.2.1.4.0" user="XELSYSADM" database="" exported-date="1692272039167" description="Access_Extension_Template.xml"><NOTIFICATIONTEMPLATE repo-type="RDBMS" name="Access_Extension_Template"><CREATEUSER>1</CREATEUSER><CREATIONDATE>1614848134174</CREATIONDATE><DATALEVEL>0</DATALEVEL><EVENTNAME>EndDateNotificationEvent</EVENTNAME><LASTUSER>xelsysadm</LASTUSER><LASTUPDATED>1692180967014</LASTUPDATED><LOCALTEMPLATE repo-type="RDBMS" id="LOCALTEMPLATE481"><CREATEUSER>1</CREATEUSER><CONTENTTYPE>html</CONTENTTYPE><CREATIONDATE>1614848134282</CREATIONDATE><LOCALE>en_US</LOCALE><DATALEVEL>0</DATALEVEL><ENCODING>UTF-8</ENCODING><SUBJECT>Your access is expiring</SUBJECT><LONGMESSAGE>&lt;p>Hi $display_name,&lt;/p>
+
+&lt;p>Some of your access is expiring in $days day(s). Please find below a list of expiring access items.&lt;/p>
+
+&lt;p>$expiring_items&lt;/p>
+
+&lt;p>Kind regards,&lt;br>
+Your friendly OIM admin&lt;/p></LONGMESSAGE><LASTUSER>xelsysadm</LASTUSER><LASTUPDATED>1692180967018</LASTUPDATED></LOCALTEMPLATE></NOTIFICATIONTEMPLATE></xl-ddm-data>

security/identity-and-access-management/oracle-identity-governance/scheduled-task-samples/access-extension-notification/files/EXTEND_ACCESS.sql

@@ -0,0 +1,10 @@
+CREATE TABLE EXTEND_ACCESS 
+("EXT_UUID" VARCHAR2(255 CHAR) NOT NULL ENABLE, 
+"EXT_USR_KEY" NUMBER NOT NULL ENABLE, 
+"EXT_ACCESS_ID" NUMBER NOT NULL ENABLE, 
+"EXT_INSTANCE_ID" NUMBER NOT NULL ENABLE, 
+"EXT_INSTANCE_TYPE" VARCHAR2(255 CHAR) NOT NULL ENABLE, 
+"EXT_INSTANCE_NAME" VARCHAR2(255 CHAR) NOT NULL ENABLE, 
+"EXT_ACCESS_END_DATE" DATE NOT NULL ENABLE, 
+ CONSTRAINT "EXTEND_ACCESS_PK" PRIMARY KEY ("EXT_UUID")
+);