27.1 About RIS

This section describes the Resource Information Services (RIS) facility, which is a standalone component that interacts with the Identity Manager User Application. RIS is built on a Resource Oriented Architecture (ROA). The RIS implementation resides in a WAR file called RIS.WAR, where RIS refers to Resource Information Services. The REST resources exposed through RIS make SOAP calls to gather information from various RBPM systems.

The methodology used to define these ROA services is based on the steps described by Leonard Richardson & Sam Ruby in the RESTful Web Services by O'Reilly.

27.1.1 How it Works

The code for RIS is contained in a WAR outside of the User Application. This is a standalone WAR (RIS.war) that uses SOAP calls to extract the necessary work item data.

Language support is determined by the “Accept-Language” header parameter.

The media type is determined by the “Accept” header parameter and must be equal to “application/json”.

The implementation does not support the use of extensions. It does not support the ability to enter a language or media extension at the end of a URI.

This implementation is based on the JSR-311 specification implemented by Sun's Jersey product.

You may see this error on the console:

09:52:52,684 ERROR [STDERR] Sep 30, 2008 9:52:52 AM
com.sun.jersey.api.core.ClasspathResourceConfig init
INFO: Root resource classes found:
  class com.novell.ris.spi.impl.Root

This is a Jersey message that is simply informational. The application should function normally. You can ignore the message.

Caching the SOAP stubs The web.xml file in the RIS.war includes an element that allows you to control the size of the stub connection pool.


The STUB_CONNECTION_POOL element defines the size of a pool for caching the SOAP stubs created by each user. The cache uses a Least Recently Used (LRU) eviction policy and defaults to a size of 10 if the element is not defined in web.xml.

Removing the administrator credential restrictions By default, the requirement for invoking the REST and SOAP services is that the HTTP session logged in user must have administrator credentials. The Provisioning and Directory Web Services require Provisioning Administrator credentials. The Roles Web Service requires Role Administrator credentials. The restrictions can be removed to allow a session with a logged in user who does not have administrator credentials to invoke the methods for the services by changing the configuration settings for the service. In order to do this, you must extract the configuration files from the User Application war, make the appropriate changes, and import the files back into the User Application WAR. The details for removing the restrictions is included with the documentation for each of the underlying SOAP services. For example, to remove the credential restriction for the Role Service, see Removing Administrator Credential Restrictions.

Media Type Supported

The only media type supported is JSON (application/json). The service uses a JSON Array format for list of items and a single JSON object for detail information. The media type is determined by the “Accept” header parameter. The implementation uses the Jettison JSON APIs to create the JSON structures.

Digital Signatures Not Supported

The REST interfaces do not support digital signatures. If you attempt to process a digital signature workflow through REST, an internal server error message will appear.

API Version Optional in URIs

The REST URIs work with or without the API version. For example, to access the roles service, you could specify either of the following URIs:


27.1.2 Configuring the RIS WAR

This section provides manual instructions for setting up the RIS WAR. In this release, the RIS WAR is configured automatically, so these steps are not required in most environments.

  1. Modify the host, port, and WAR context information for the identity applications deployment on Tomcat in the web.xml of the RIS WAR.

    1. Copy the RIS.war file to a test folder.

      For example: /home/lab/RIS

    2. Extract the web.xml from the RIS war, maintaining the folder structure.

      This will create the following structure: /home/lab/RIS/WEB-INF/web.xml

      1. Open the web.xml in a text editor.

      2. Locate the following entry:

      3. Modify the param-value as necessary. You need to use either the DNS name or the IP address of the server on which the RBPM war is deployed.

        IMPORTANT:Do not use localhost if you plan to use the REST identity services to access user photos. The photo URL is dependent on this entry. The photo URL must point to the User Application to retrieve the photo. The REST identity service does not provide the binaries for the photo, but does provide a link, which is based on this entry.

      4. Save the file.

    3. Add the web.xml file back to the RIS war using the jar command from the SUN JDK.

      For example: /home/lab/jdkversion/bin/jar -uf RIS.war WEB-INF/web.xml

  2. Copy the RIS war to the deployment directory of the Tomcat server.

  3. Extract the commons-codec.jar from the RBPM war into the %context%/lib directory of the Tomcat server where the RIS WAR will be deployed. Make sure to not maintain folder structure when extracting the file.

    For example: /home/lab/IDM46/idm/tomcat/server/IDMProv/lib

  4. Start Tomcat.