working with xslt, xpath and ecma scripts: make it simpler with novell identity manager designer

Working with XSLT, XPATH and ECMAScript in Novell® Identity Manager PoliciesMade Simpler with Designer

David WagstaffConsulting Custom DevelopmentNovell

Vivek ThakyalIDM Software EngineerNovell

© Novell, Inc. All rights reserved.2

Outline

• Overview w/Comparison Demonstrations

• ECMAScript w/Demonstration

• Common Traps to Avoid

• Questions/More Demonstrations

Overview w/Comparison Demonstrations


Identity Manager Foundation

event-driven object synchronization though marshalling to xml, xml transformations, and unmarshalling

Whenever the Identity Vault (or a driver) detects an event like add User, it describes the event in an xml document that starts in the subscriber channel (or publisher channel). The xml document goes through a series of transformations before arriving at the end of the subscriber channel (or publisher channel) to add User on the other end.


Transformations

• Policy (DirXMLScript)

• Stylesheet (XSLT)

Identity Manager engine understands both. You can mix them within a policy set.

How to choose?


Extensions

• Java

• ECMAScript (Javascript via Rhino)

• JVM languages like Groovy

How to choose?


Common Tools

• Regular Expressions (regEx)

• XPath

How to choose?


Simple Demonstrations for ComparisonThe department name on a user in Identity Vault should start with an 'e', but on Active Directory should start with a 'j', e.g. enc127 vs jnc127• policy without regEx• policy with regEx• policy extended with Java• policy extended with ECMAScript• stylesheet

Hint: Where is more important than how.


Quiz

The department attribute is called Department Code in the Identity Vault and dept in the connected system. Which of the following would be good choice(s) to change the attribute name?• XPath• Regular Expressions• Java• ECMAScript• Policy• Stylesheet

ECMAScript w/Demonstration


ECMAScript

• A standardized version of Javascript

• Java like syntax

• Dynamically typed

• Very good String library

• Good Math library

• Works great with regular expressions


Strings in ECMAScript

• String Literal “text” or 'text'– use either single or double quotes

• Important functions:– substr (startIndex, numberOfChars)– substring (startIndex, endIndex)– charAt (indexOfChar) – indexOf (charSequence)– replace (regExp, replacement)– match (regExp) : returns an array of matches– search (regExp) : returns the index of the first match– split (separator, limit) : returns an array of split up strings


Regular Expressions in ECMAScript

• Regular expression literal in ECMAScript /[pattern]/[modifiers] e.g. /[a-z]+/gi

• Modifiers:– g (Global)– i (Case Insensitive)– m (Multi-line)

• Important Functions:– test (string) : returns true or false– exec (string) : returns an array of matches– compile (regExp, modifier) : compiles a regular expression

object


ECMAScript Demonstration

• Changing the Telephone Number format from

– (xxx) xxx-xxxx to a pure integer xxxxxxxxxx

– Pure integer xxxxxxxxxx to (xxx) xxx-xxxx

• Setting the correct area code (the first three digits) in a Telephone Number from a lookup table

Common Traps to Avoid


Java Traps

• Namespace

• Constructor

• Instance Method

• Static Method

• Hint: Static method is easiest and less error prone.


XPath Traps

• policy using absolute path

• // getting too much

• assuming order

• multiple attribute values

• string of XML


XSLT Traps

• bad XPath, see XPath Traps

• doing it in text editor

• not using a variety of sample inputs

• forgetting <apply-templates ...>


Regular Expression Traps

• globbing

• not escaping meta-characters

• groups within groups

• using non-Java dialects

• doing it in text editor


ECMAScript Traps

• Plus operator overloading

• Semicolon insertion at line feed

• String replace only replaces first occurrence – use the /text/g global modifier

• ParseInt function – use parseInt(num, 10) instead of parseInt(num) to be safe

Questions/More Demonstrations

Unpublished Work of Novell, Inc. All Rights Reserved.This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. Novell, Inc. makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. The development, release, and timing of features or functionality described for Novell products remains at the sole discretion of Novell. Further, Novell, Inc. reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

working with xslt, xpath and ecma scripts: make it simpler with novell identity manager designer

Documents