-
Notifications
You must be signed in to change notification settings - Fork 2
Account Manager Console
Edit ./src/main/java/resources/resource.properties to specify the database credentials. At the moment, the library only includes a PostGre 9.x schema.
Run mvn package from ./src/AccountManagerConsole to create the AccountManagerConsole.jar file and stage the dependent libraries in the target directory. A manifest is generated for the jar so it is not necessary to manually specify everything in the class path.
Note: The following is a syntactical example. Refer to the setup instructions for the specific command used to rebuild the database with the core and extension schemas.
Run the following command to rebuild the database schema and populate the default entities.
java -jar AccountManagerConsole.jar -setup -rootPassword password -schema /Users/Steve/Projects/Source/db/AM4_PG9_Schema.txt
This will raise a warning message that the -confirm parameter is needed. This step was added for sanity checking.
java -jar AccountManagerConsole.jar -setup -rootPassword password -schema /Users/Steve/Projects/Source/db/AM4_PG9_Schema.txt -confirm
A number of warnings will be issued from the EffectiveAuthorizationService because role participation is checked and the result is a negative value. This is expected on setup.
Virtually all aspects of the Account Manager data structure are delineated by organizations. Crossing organizational boundaries is not usually supported except for certain administration activities.
To add an organization to an existing top level organization, such as Public (/Public), Development (/Development), or System (/System), use the following command:
java -jar AccountManagerConsole.jar -addOrganization -name NewOrg -organization /Development -adminPassword devOrgAdminPassword -password newOrgPassword
To add an organization to the previously created organization, include the new organization in the organization path, and update the passwords as needed.
java -jar AccountManagerConsole.jar -addOrganization -name NewChildOrg -organization /Development/NewOrg -adminPassword newOrgPassword -password newChildOrgPassword
To add a new top level organization, such as NewOrg (/NewOrg), it is necessary to enable unauthenticated operations because the root organization does not define its own user or entitlement model.
/// Change the following property in AccountManagerConsole/.../ConsoleMain.java and repackage the library
///
enableUnauthenticatedResets = true;
This setting will bypass administrative authentication for certain actions, such as managing organizations and user credentials.
Add the top level organization with the following command, and supply an invalid password for the administrative password:
java -jar AccountManagerConsole.jar -addOrganization -name NewTopLevelOrg -organization / -adminPassword doesntmatter -password password
Then, reset enableUnauthenticatedResets to false.
Account Manager includes three different types of entities related to users:
- PersonType is a general descriptor that describes an identity, and which includes zero or more references to contact information, accounts, and/or users. A person cannot own any Account Manager objects.
- AccountType is a descriptor of a set of users, including zero or more references to contact information and/or users. An account cannot own any Account Manager objects.
- UserType is a descriptor of an Account Manager user, including zero or more references to contact information. A user can own Account Manager objects, and all Account Manager objects must be owned.
When creating a new user through the example registration process or the console, the UserType is created, followed by a PersonType owned by that UserType, along with the contact information stubs. This keep contact information (eg: Email addresses) loosely coupled to the user object.
To create a new user on the console:
java -jar AccountManagerConsole.jar -addUser -organization /Public -name TestUser1 -password newUserPassword -adminPassword publicOrgPassword