Searching Application by CompositeDefinition

Which IIQ version are you inquiring about?

8.3

Hi, I have a custom rule where I want to check all the Logical Applications which have LDAP as their primary tier.

I have the following code:

String targetAppName = "LDAP";
QueryOptions qo = new QueryOptions();
Filter filterLogicalApp = Filter.eq("type", "Logical");
Filter filterLDAP = Filter.eq("compositeDefinition.primaryTier", targetAppName);
Filter f3 = Filter.and(filterLogicalApp, filterLDAP);
qo.addFilter(f3);
IncrementalObjectIterator<ManagedAttribute> logicalIter = new IncrementalObjectIterator(context, Application.class, qo);

But I get an error: could not resolve property: compositeDefinition of: sailpoint.object.Application

In the application xml, the compositeDefinition is as follows:

<Attributes>
    <Map>
      <...>
      <entry key="compositeDefinition">
        <value>
          <CompositeDefinition accountRule="Rule" primaryTier="LDAP" remediationRule="Rule">
            <Tiers>
              <Tier application="LDAP" correlationRule="Rule"/>
            </Tiers>
          </CompositeDefinition>
        </value>
      </entry>
      <...>
    </Map>
  </Attributes>

I’m checking to see if it is possible to make a Filter to limit the results to those for which LDAP is the primaryTier.

Thanks

@tmamouros I can check if filter will work here but you can try by below approach

Solved: Searching on effective access (nested groups)? - Compass

 CompositeDefinition def = app.getCompositeDefinition();

  if (def != null){

  if(def.getPrimaryTier() == null) {

  logger.error("No primary tier. Please define the primary tier for " + app.getName());

  return null;

  }

  String AD_APP_NAME = def.getPrimaryTier(); //get primary tier 

The Filter.eq("compositeDefinition.primaryTier", targetAppName) syntax assumes compositeDefinition is a navigable property of the Application class, but it’s actually an embedded value within the Attributes map. The QueryOptions and Filter mechanisms in IIQ can’t directly traverse into map-based attributes like this. You’ll need to fetch the Application objects and then manually inspect the compositeDefinition within the Attributes map in your rule.

import sailpoint.object.*;
import sailpoint.tools.*;

String targetAppName = "LDAP";
QueryOptions qo = new QueryOptions();
qo.addFilter(Filter.eq("type", "Logical")); // Filter for Logical Applications only

// Get all Logical Applications
Iterator logicalIter = context.getObjects(Application.class, qo);
List matchingApps = new ArrayList<>();

while (logicalIter.hasNext()) {
    Application app = logicalIter.next();
    Attributes attrs = app.getAttributes(); // Get the Attributes map
    if (attrs != null && attrs.containsKey("compositeDefinition")) {
        CompositeDefinition compDef = (CompositeDefinition) attrs.get("compositeDefinition");
        if (compDef != null && targetAppName.equals(compDef.getPrimaryTier())) {
            matchingApps.add(app); // Add to list if primaryTier matches "LDAP"
        }
    }
}

// Clean up iterator
Util.flushIterator(logicalIter);

// Now 'matchingApps' contains all Logical Applications where primaryTier is "LDAP"
// You can process matchingApps as needed, e.g., log or return them
for (Application app : matchingApps) {
    log.debug("Found matching app: " + app.getName());
}

return matchingApps; // Or handle as required by your rule

For more insights, you might want to check these community blogs:

• Error Running Logical Application Aggregation
• How to extract an entry key value from XML attribute column
• Searching on effective access nested groups

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.