
Wednesday, March 14, 2012

PART I, writing an app with google provisioning api in Luminis

Since my first encounter with the Tomcat and javaservlets, I had learned a few things about Javascript, that I want to post in here, but not at the moment.  Today I want to describe the process of writing an application that eventually will allow the student using our Luminis system to get a new password for their brand new gmail account.
See, Luminis stores the password of the user inside the LDAP  userPassword entry. It is stored using  a SSHA algorithm, seeded SHA. This is a very good encryption scheme, I believe, but it is not compatible with the Google Directory Sync application (GDSync), not even using the latest version of it today. (I'll check later on the current version number to post it here).
So the idea of reading the ldap directory entry using the GDSync application is not available. That gives us with several different options:
Create random passwords, populate some ldap entry not in use in the Luminis LDAP and make GDSync read it and use it for the initial password of the gmail account. How to let the student know what is the new password?
  One idea, a not very secure one, is to tell them that the initial password is some combination of birth date, some digits of their SS, phone number, part of their first name of last name, etc.
Another idea, send them the new password by mail...I personally hate that idea because of the effort, time and cost of the implementation when you are dealing with thousands of students. 

And my favorite idea, let the student be the one in control of when to change the password and aware of where to receive it.
So I have a plan to implement that favorite idea. Some parts of this plan are not yet implemented, so in future posts you will find the actual implementation:

In the Luminis Login page, the student will be presented with another form to enter his current username and password. Instead of login to Luminis, I will check his/her credentials against the Lumins LDAP and if it authenticate, another html form will be displayed. This form is going to be an HTML showing the student, all the emails account that he/she has registered in the Banner Database. So the student will select to which of the emails he will receive the new temporary password of his gmail account. The submit button will then call the servlet that eventually run the Google Apps provisioning API, that will update the gmail account, and then send the student the email with the information.

Because I just started with this Google Apps API, lets talk about how to make it work in the Luminis 4x server.
   Our Luminis sever had already all the software in place. mail.jar, sevlet-api.jar, jdk (1.5), activation.jar and ant. Ant is the only one that had the incorrect version, so I had to get the latest source (1.8.3) unzip it, and export the variable ANT_HOME to point to the folder that was created by the unzip action. I don't know how to use ant anyway, and all the tests I  have done so far have been using the compiler directly and only one java source at the time. Probably that's why it took me a while to get all  necessary jar files point by the CLASSPATH variable before my first successful compilation;, which is provided by the Getting Started with the Google Data Java Client Library ( At this moment my CLASSPATH is looking ugly and like this:



import sample.util.*; 
public class CalendarTest {

    public static void main(String[] args) {
        CalendarService myService = new CalendarService("exampleCo-exampleApp-1.0");
        myService.setUserCredentials("", "pa$$word");

        URL feedUrl = new URL("");
        CalendarFeed resultFeed = myService.getFeed(feedUrl, CalendarFeed.class);

        System.out.println("Your calendars:");

        for (int i = 0; i < resultFeed.getEntries().size(); i++) {
          CalendarEntry entry = resultFeed.getEntries().get(i);
          System.out.println("\t" + entry.getTitle().getPlainText());

The above code did not compile. I have to change it to add a try/catch block before it compiled successfully. It seems that I am not the only one because I found another person in some forum asking for that problem.

So, now the first code. This is obvious, just the first code, it is extremely raw, with no validation code, no error handling, but it does change the password of the gmail account.

import java.util.List;
import sample.appsforyourdomain.AppsForYourDomainClient;
public class changepassword {
   public void update(String username,String password){
 String domain="yourdomain"; String admin="adminaccount"; String adminpwd="adminpwd";
       // Create a new Apps Provisioning service
 AppsForYourDomainClient client=new AppsForYourDomainClient(admin, adminpwd,domain);
 UserEntry user = client.retrieveUser(username);
            catch(Exception e) { System.out.print(e);}
   public static void main(String args[])
   String user="student_username"; String passwd="student_new_password_on_gmail";
   changepassword upusr=new changepassword();

The above code compiles, and it works.  There it is. Now, you have a basic class that will change the password on the gmail account. Much more to come, as I advance in the other parts of the plan.
I think that if you are also starting like me testing the waters of luminis/gmail/ java/tomcat/servlets this might be of some help.

No comments:

Post a Comment