Enabling/Disabling a user with API calls examples in Java
Enabling and disabling users is more complicated due to the authorization grant flow. Hence, this process requires an extra step of creating another Authentication provider.
Go back to the web console and create a new oAuth Client (Access Control > Authentication Providers > Create New Provider or as described in this document). Fill in the blanks with the same information as your previous client but change the Provider Name and JWT Issuer to different names to avoid conflict with your other configuration. Additionally, change Authorization Grant Flow to Implicit. Note: a new Client ID has been generated.
Disabling a user
Now, to disable the user with an API call, follow the next steps.
- Create a new Java Class called
DisableUser. Make sure to replace the URLs with your own, theclientIdwith your newly generatedclientId, thescopewith yourscopeand theuserIdwith the user you want to disable.
import java.io.OutputStream;import java.net.HttpURLConnection;import java.net.URL;import java.net.URLEncoder;import java.nio.charset.StandardCharsets;import java.util.HashMap;import java.util.Map;import java.util.Scanner;public class DisableUser {public static void main(String[] args) {try {// [1] Authorization Endpoint URLString authorizationBaseUrl = "http://your-openiam-instance/idp/oauth2/authorize";String clientId = "your client id";String redirectUri = "http://localhost:5000/callback";String scope = "content-provider-name - /webconsole/rest/api/* user_name";// [2] Construct the authorization URLStringBuilder params = new StringBuilder();params.append("client_id=").append(URLEncoder.encode(clientId, StandardCharsets.UTF_8.toString()));params.append("&response_type=token");params.append("&redirect_uri=").append(URLEncoder.encode(redirectUri, StandardCharsets.UTF_8.toString()));params.append("&scope=").append(URLEncoder.encode(scope, StandardCharsets.UTF_8.toString()));String authorizationUrl = authorizationBaseUrl + "?" + params.toString();// [3] Redirect the user (manually open this URL in a browser)System.out.println("Open this URL in a browser and grant access:\n" + authorizationUrl);// [4] After user grants access, extract access token from redirect URLScanner scanner = new Scanner(System.in);System.out.print("Paste the full redirect URL after granting access:\n");String redirectResponseUrl = scanner.nextLine();// [5] Parse the URL fragment to get the access tokenString[] urlParts = redirectResponseUrl.split("#");String[] fragmentParts = urlParts[1].split("&");Map<String, String> tokenParams = new HashMap<>();for (String part : fragmentParts) {String[] keyValue = part.split("=");tokenParams.put(keyValue[0], keyValue[1]);}String accessToken = tokenParams.get("access_token");// [6] Example API request using the obtained access tokenString apiUrl = "http://your-openiam-instance/webconsole/rest/api/prov/disableUser";URL url = new URL(apiUrl);HttpURLConnection con = (HttpURLConnection) url.openConnection();con.setRequestMethod("POST");con.setRequestProperty("Authorization", "Bearer " + accessToken);con.setRequestProperty("Content-Type", "application/json");con.setDoOutput(true);// [7] Prepare JSON payload, replace userId hereString jsonInputString = "{\"userId\": \"user-to-be-disabled\", \"skipProvisioningManagedSystemSet\": null}";try (OutputStream os = con.getOutputStream()) {byte[] input = jsonInputString.getBytes(StandardCharsets.UTF_8);os.write(input, 0, input.length);}// [8] Handle the responseint responseCode = con.getResponseCode();Scanner responseScanner = new Scanner(con.getInputStream());StringBuilder response = new StringBuilder();while (responseScanner.hasNext()) {response.append(responseScanner.nextLine());}responseScanner.close();if (responseCode == HttpURLConnection.HTTP_OK) {System.out.println("User disabled successfully.");} else {System.out.println("Failed to disable user. Status code: " + responseCode);System.out.println("Response: " + response.toString());}} catch (Exception e) {e.printStackTrace();}}}
- Run the program, then open the URL under Open this URL in a browser and grant access in your browser.
- Open the following URL in a browser and grant access. http://localhost.openiam.com:8080/idp/oauth2/authorize?client_id=D314B207912549ECAA1C0FDA96398840&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fcallback&scope=openiam+-+%2Fwebconsole%2Frest%2Fapi%2F*+user_name.
- Paste the full redirect URL after granting access.
After doing so, your page should look as follows.
Note: You may also be brought to the sign-in page. If that happens, log-in, then the correct page should be displayed.
- Copy the URL in the browser and paste it into your terminal then press enter. If your user has been disabled successfully it will display User disabled successfully message.
- Paste the full redirect URL as shown below after granting access http://localhost:5000/callback#access_token=Cp0iaIqM5MMylIt9KTthYeLtP-KALBYGyGVp7hutjHO_M.ewP1q6hIdQf.NIKBlq001yho&expires_in=1800&token_type=Bearer
User disabled successfully.
Optional step: Go back to the webconsole, search for your user and double check that it has been disabled.
Enabling a user
To enable a user, follow the same steps as in disableUser.java above.
import java.io.OutputStream;import java.net.HttpURLConnection;import java.net.URL;import java.net.URLEncoder;import java.nio.charset.StandardCharsets;import java.util.HashMap;import java.util.Map;import java.util.Scanner;public class EnableUser {public static void main(String[] args) {try {// [1] Authorization Endpoint URLString authorizationBaseUrl = "http://your-openiam-instance/idp/oauth2/authorize";String clientId = "your client id";String redirectUri = "http://localhost:5000/callback";String scope = "content-provider-name - /webconsole/rest/api/* user_name";// [2] Construct the authorization URLStringBuilder params = new StringBuilder();params.append("client_id=").append(URLEncoder.encode(clientId, StandardCharsets.UTF_8.toString()));params.append("&response_type=token");params.append("&redirect_uri=").append(URLEncoder.encode(redirectUri, StandardCharsets.UTF_8.toString()));params.append("&scope=").append(URLEncoder.encode(scope, StandardCharsets.UTF_8.toString()));String authorizationUrl = authorizationBaseUrl + "?" + params.toString();// [3] Redirect the user (manually open this URL in a browser)System.out.println("Open this URL in a browser and grant access:\n" + authorizationUrl);// [4] After user grants access, extract access token from redirect URLScanner scanner = new Scanner(System.in);System.out.print("Paste the full redirect URL after granting access:\n");String redirectResponseUrl = scanner.nextLine();// [5] Parse the URL fragment to get the access tokenString[] urlParts = redirectResponseUrl.split("#");String[] fragmentParts = urlParts[1].split("&");Map<String, String> tokenParams = new HashMap<>();for (String part : fragmentParts) {String[] keyValue = part.split("=");tokenParams.put(keyValue[0], keyValue[1]);}String accessToken = tokenParams.get("access_token");// [6] Example API request using the obtained access tokenString apiUrl = "http://localhost.openiam.com:8080/webconsole/rest/api/prov/enableUser";URL url = new URL(apiUrl);HttpURLConnection con = (HttpURLConnection) url.openConnection();con.setRequestMethod("POST");con.setRequestProperty("Authorization", "Bearer " + accessToken);con.setRequestProperty("Content-Type", "application/json");con.setDoOutput(true);// [7] Prepare JSON payload, replace userId hereString jsonInputString = "{\"userId\": \"user-to-be-deleted\"}";try (OutputStream os = con.getOutputStream()) {byte[] input = jsonInputString.getBytes(StandardCharsets.UTF_8);os.write(input, 0, input.length);}// [8] Handle the responseint responseCode = con.getResponseCode();Scanner responseScanner = new Scanner(con.getInputStream());StringBuilder response = new StringBuilder();while (responseScanner.hasNext()) {response.append(responseScanner.nextLine());}responseScanner.close();if (responseCode == HttpURLConnection.HTTP_OK) {System.out.println("User activated successfully.");} else {System.out.println("Failed to activate user. Status code: " + responseCode);System.out.println("Response: " + response.toString());}} catch (Exception e) {e.printStackTrace();}}}
Open the following URL in a browser and grant access http://localhost.openiam.com:8080/idp/oauth2/authorize?client_id=D314B207912549ECAA1C0FDA96398840&response_type=token&redirect_uri=http%3A%2F%2Flocalhost%3A5000%2Fcallback&scope=openiam+-+%2Fwebconsole%2Frest%2Fapi%2F*+user_name
Paste the following full redirect URL after granting access. http://localhost:5000/callback#expires_in=1800&token_type=Bearer&access_token=IyojFs_QoM_BWo5Dxu8OnsZ_Cw_bWjjejsZPcifLOg11VX3OKLGsH6EIA9dMP411ERmryTYT1oGsoT3hXJZpRvBpVxAn.VJjD
User enabled successfully.