Friday, 26 May 2017

Java code for Event Subscription (FileNet Content Engine API)

//Java code for Event Subscription (FileNet Content Engine API)

import java.util.Iterator;
import com.filenet.api.engine.EventActionHandler;
import com.filenet.api.events.ObjectChangeEvent;
import com.filenet.api.util.Id;
import com.filenet.api.property.*;
import com.filenet.api.core.*;
import com.filenet.api.constants.*;

public class MyCustomeEventHandler implements EventActionHandler
 {
public void onEvent(ObjectChangeEvent event, Id subId)
  {
try
     {
ObjectStore os = event.getObjectStore();
        Id id = event.get_SourceObjectId();
        System.out.println("Event Action Call Started");
        System.out.println("guid="+id);
        PropertyFilter pf = new PropertyFilter();
        pf.addIncludeType(0, null, Boolean.TRUE, FilteredPropertyType.ANY, null);
        Document doc = Factory.Document.fetchInstance(os,id,pf);
        doc.fetchProperties(pf);
        com.filenet.api.property.Properties props = doc.getProperties();      
        Iterator iter = props.iterator();
        System.out.println("Property" +"\t" + "Value");
 
        while (iter.hasNext() )
        {
            Property prop = (Property)iter.next();
            
            if (prop.getPropertyName().equals("DocumentTitle"))
            {
            String docTitle = prop.getStringValue();
                System.out.println("Doc title" + "\t" + docTitle );
            }

            if (prop.getPropertyName().equals("Creator"))
            {
            String createdBy = prop.getStringValue();
                System.out.println("Creator" + "\t" +createdBy );
            }
            if (prop.getPropertyName().equals("DateCreated"))
            {
            String createdOn = prop.getDateTimeValue().toString();
                System.out.println("Date Created" + "\t" +createdOn );
                
            }
        }
       
        doc.getProperties().putObjectValue("DocumentTitle", "changedtoEvent");
doc.save(RefreshMode.NO_REFRESH);
     
     }
     catch (Exception e)
     {
        throw new RuntimeException(e);
     }
  }

}

Java code for Downloading Document Content (Attachments) (FileNet Content Engine API)

//Java code for Downloading Document Content (Attachments) (FileNet Content Engine API)

import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
import javax.security.auth.Subject;
import com.filenet.api.collection.ContentElementList;
import com.filenet.api.collection.IndependentObjectSet;
import com.filenet.api.constants.RefreshMode;
import com.filenet.api.core.Connection;
import com.filenet.api.core.ContentTransfer;
import com.filenet.api.core.Document;
import com.filenet.api.core.Domain;
import com.filenet.api.core.Factory;
import com.filenet.api.core.ObjectStore;
import com.filenet.api.property.Properties;
import com.filenet.api.query.SearchSQL;
import com.filenet.api.query.SearchScope;
import com.filenet.api.util.UserContext;

public class DownloadContent {

private static Connection conn = null;
public static Connection getCEConn()
{

try {

String ceURI = "http://localhost:9080/wsi/FNCEWS40MTOM/";
String userName ="username";
String password ="password";
if(conn==null){
conn = Factory.Connection.getConnection(ceURI);
Subject subject = UserContext.createSubject(conn, userName, password, null);
UserContext uc = UserContext.get();
uc.pushSubject(subject);
}

} catch (Exception e1) {
// TODO Auto-generated catch block
e1.printStackTrace();
}
System.out.println("CE Conn :: "+conn);
return conn;
}
public static void downloadDoc(String osName) throws IOException{

try{
//get the CE document

Connection conn = getCEConn();
Domain domain = Factory.Domain.fetchInstance(conn,null, null);
ObjectStore objStore = Factory.ObjectStore.fetchInstance(domain, osName,null);
SearchScope searchScope = new SearchScope(objStore);

int count=1;
String sqlStr = "Select * FROM DocClass where Title='abcd'";
SearchSQL searchSQL = new SearchSQL(sqlStr);
System.out.println("Query ::"+sqlStr);
IndependentObjectSet independentObjectSet = searchScope.fetchObjects(searchSQL, new Integer(10), null, new Boolean(true)); 
String docTitle=null;
if(!(independentObjectSet.isEmpty())){
Iterator it=independentObjectSet.iterator();
while(it.hasNext()) {
Document doc=(Document)it.next();
Properties documentProperties = doc.getProperties();
docTitle=documentProperties.getStringValue("DocumentTitle");
System.out.println("Doc Title :: "+ docTitle);
ContentElementList docContentList = doc.get_ContentElements();
Iterator iter = docContentList.iterator();
String filepath = "D:\\";
FileOutputStream fos = new FileOutputStream(filepath+docTitle);
count++; 
while (iter.hasNext() )
{
   ContentTransfer ct = (ContentTransfer) iter.next();
   // Print element sequence number and content type of the element.
   System.out.println("\nElement Sequence number: " + ct.get_ElementSequenceNumber().intValue() + "\n" +"Content type: " + ct.get_ContentType() + "\n");
   InputStream stream = ct.accessContentStream();
   byte[] buffer = new byte[4096000];
   int bytesRead = 0;
   while ((bytesRead = stream.read(buffer)) != -1) {
    System.out.print(".");
    fos.write(buffer,0,bytesRead);
   }
   System.out.println("done!");
       fos.close();
   stream.close();
    }
}
System.out.println("Count:::;"+count);
System.out.println("Done");
}
}
catch(Exception e){
e.printStackTrace();
}
}
public static void main(String[] args) throws IOException {
downloadDoc("ObjectStore");
}


}

Sample Java code for Compound Document (Adding child documents to Parent document) (FileNet Content Engine api)

//Sample Java code for Compound Document (Adding child documents to Parent document)


import javax.security.auth.Subject;
import com.filenet.api.constants.ComponentRelationshipType;
import com.filenet.api.constants.CompoundDocumentState;
import com.filenet.api.constants.FilteredPropertyType;
import com.filenet.api.constants.RefreshMode;
import com.filenet.api.constants.VersionBindType;
import com.filenet.api.core.ComponentRelationship;
import com.filenet.api.core.Document;
import com.filenet.api.core.Domain;
import com.filenet.api.core.Factory;
import com.filenet.api.core.ObjectStore;
import com.filenet.api.property.PropertyFilter;
import com.filenet.api.util.Id;
import com.filenet.api.util.UserContext;


public class CompoudDoc {
public static void main(String[] args)
{
String[] childDocs = new String[10];
childDocs[0]="{GUID}";
childDocs[1]="{GUID}";
childDocs[2]="{GUID}";
String parentDocument = "{GUID}";
String jassStanzaName = "FileNetP8";
String password = "UserName";
String username = "password";
String objectStoreName = "ObjectStore";

String bootstrap_ceuri = "http://localhost:9080/wsi/FNCEWS40MTOM/";
Id parentDocumentId = null;
Id supportDocumentID=null;
String attachment = null;
com.filenet.api.core.Connection ceConnection = null;
String uri  = null;
String versionSeriesID = null;
String returnValue="start";
boolean att_found=false;
Document parentDoc=null;
Document ChildDoc = null;
PropertyFilter pf = new PropertyFilter();
try
{
if(bootstrap_ceuri!=null && !bootstrap_ceuri.equals(""))
uri=bootstrap_ceuri;
else
uri = System.getProperty("filenet.pe.bootstrap.ceuri");
returnValue += "pe.bootstrap.ceuri= : " + uri;

ceConnection = Factory.Connection.getConnection(uri); 
Subject subject = UserContext.createSubject( ceConnection,username,password,jassStanzaName); 
UserContext uc = UserContext.get(); 
uc.pushSubject(subject); 
Domain domain = Factory.Domain.fetchInstance(ceConnection, null,null); 
returnValue += "In domain : " + domain.get_Name();
ObjectStore os = Factory.ObjectStore.fetchInstance(domain, objectStoreName, null); 
returnValue += "In Object Store : " + os.get_Name();
pf.addIncludeType(0, null, Boolean.TRUE, FilteredPropertyType.ANY, null);

for (int count=0;count<childDocs.length;count++) {
attachment = childDocs[count];
System.out.println("attachment :: "+attachment);

if(attachment!=null && attachment!=null && !attachment.equals(""))
{

if(!att_found)
{
Document parent_doc = Factory.Document.fetchInstance(os,parentDocument,pf);
        parent_doc.fetchProperties(pf);
        parentDocumentId= parent_doc.get_VersionSeries().get_Id();
System.out.println("Vs ID :: "+parentDocumentId);
returnValue+="Src Id : "+parentDocumentId+ "\n";
att_found=true;
versionSeriesID = parentDocumentId.toString(); 
com.filenet.api.core.VersionSeries parentVersionSeries = (com.filenet.api.core.VersionSeries)com.filenet.api.core.Factory.VersionSeries.fetchInstance(os,new Id(versionSeriesID),null); 
parentDoc = (com.filenet.api.core.Document) parentVersionSeries.get_CurrentVersion(); 
parentDoc.set_CompoundDocumentState(CompoundDocumentState.COMPOUND_DOCUMENT);
parentDoc.save(RefreshMode.REFRESH);
}

        Document child_doc = Factory.Document.fetchInstance(os,attachment,null);
        child_doc.fetchProperties(pf);
        supportDocumentID= child_doc.get_VersionSeries().get_Id();
System.out.println("Vs ID :: "+supportDocumentID);
returnValue+="Src Id : "+supportDocumentID+ "\n";
attachment=supportDocumentID.toString();
returnValue+="Child ID:"+attachment+ "\n";
com.filenet.api.core.VersionSeries childVersionSeries =(com.filenet.api.core.VersionSeries)com.filenet.api.core.Factory.VersionSeries.fetchInstance(os,new Id(attachment),null); 
ChildDoc = (com.filenet.api.core.Document) childVersionSeries.get_CurrentVersion();
ComponentRelationship cr = Factory.ComponentRelationship.createInstance(os, null);
cr.set_ParentComponent(parentDoc);
cr.set_ChildComponent(ChildDoc);
cr.set_ComponentSortOrder(new Integer(count));
cr.set_ComponentRelationshipType(ComponentRelationshipType.DYNAMIC_CR);            
cr.set_VersionBindType(VersionBindType.LATEST_VERSION);
cr.save(RefreshMode.NO_REFRESH);
}
}
System.out.println("Return Value :: "+returnValue);
}

catch(Exception exp){
returnValue += "Exception:"+ exp.getMessage();
System.out.println("Exception :: "+returnValue);
}
}

}

Access Control List(ACL) and Access Control Entry(ACE) (FileNet Content Engine)

Access Control List(ACL) and Access Control Entry(ACE)


Access control from Workplace XT


The ACL is a list of ACEs. Each ACE defines the permissions for one security principal (grantee).

Diagram(Access control from Workplace XT)
The diagram shows a security page for an object in Workplace XT. Each row represents an Access Control Entry (ACE). Each ACE corresponds to a particular security principal, and shows which access levels are allowed or denied for that security principal on that object.

The Access Control List (ACL) is the collection of all of the ACEs for the object.



Access control from Enterprise Manager


Different terminology in Enterprise Manager and Workplace XT
The Properties pages for objects in Enterprise Manager use different terminology for access levels compared to what is used in Workplace XT.For example, the Owner Control access level in Workplace XT is the equivalent of the Full Control access level in Enterprise Manager.

Sources of security - Enterprise Manager security pages include a column that displays the source of the ACE. If an object is added using Enterprise Manager, the security source is Direct for the #CREATOR-OWNER and Default for the other security principals. If the security is modified after creation, the source becomes Direct. Other sources include security policies and inherited security, which are discussed in later lessons in this unit. The security source on objects added through Workplace XT depends on a combination of factors including how it was added and the value of certain Site Preference settings when it was added. When using the Add Document wizard through Workplace XT, the default instance security on the class becomes Direct security on the new object.


Diagram(Access control from Enterprise Manager- The diagram shows a security page for an object in Enterprise Manager. Each row represents an Access Control Entry (ACE). Each ACE corresponds to a particular security principal, and shows which access levels are allowed or denied for that security principal on that object, what the source of the security is for that ACE, and what child objects, if any, can inherit the ACE.




ACE features


A Deny access type is indicated by the red dot on the user or group icon. When a Deny ACE is selected, Deny is selected in the Type panel.

In the Properties pages within Enterprise Manager, default and direct Deny access types are displayed above default and direct Allow access types, which corresponds to the priority of Deny access types over Allow access types.

Inheritable depth is used with security inheritance features, which is discussed in more detail in a later lesson.


Diagram(ACE features) - The diagram shows the details of a specific ACE for an object in Enterprise Manager. The top row shows an ACE that denies access to a security principal. The selected ACE shows the Full Control access level is allowed on the object. The Rights pane shows the individual access rights associated with the selected access level. The Apply To field shows that the ACE is not inheritable by any other objects.



Access rights versus access levels



Important terminology - It is important to distinguish between access rights, which are a more detailed level of permissions on an object, and access levels, which are common groupings of access rights. This unit specifically uses these terms where appropriate.

Workplace XT - Access levels can be seen and edited by users with sufficient access. Access rights are not directly visible in Workplace XT.

Enterprise Manager - Access rights can be seen and edited using Enterprise Manager. When individual access rights are modified, the access level changes to Custom (unless the combined set of individual access rights exactly matches the set of rights in a predefined access level).


Diagram : The diagram shows the access level and corresponding access rights of an ACE on the Security page of an object in Enterprise Manager.

Example access levels and rights



Security Realms (FileNet Content Engine)

Realm
  • A collection of all user accounts and group memberships available to the FileNet P8 domain
  • Created, maintained, and authenticated by the authentication provider
  • Read and used by the FileNet P8 domain


Multiple realms

  • The IBM FileNet P8 platform supports multiple realms.
  • Security principals can be mapped between realms using the Security Map Wizard.
  • Realms must use the same security server type.


Logons from unconfigured LDAP realms
           IBM FileNet Content Manager can be configured to allow or disallow logon by users who belong to groups that exist in unconfigured LDAP realms. However, the user must belong to a configured realm.

Hidden group logons
FileNet Content Manager can authenticate users who are members of hidden security groups in the LDAP directory.

Authentication and Authorization (FileNet Content Engine)

Authentication: 

Who you are
Identifies the user attempting to log on.
Requires credentials (a user name and password).
Uses an authentication provider (LDAP directory service).
Creates a security token (a data structure that typically persists until the user logs out).
Uses JAAS and WS-Security standards.

Authentication - Authentication is the act of verifying a user identity based on credentials that the user presents. Authentication of individuals, or ideally of the roles that an individual has, through the external authentication mechanism is key to the security features in IBM FileNet Content Manager. The two standards at the core of the authentication process in FileNet Content Manager are the Java Authentication and Authorization Service (JAAS) standard and the Web Services Security standard. The JAAS standard forms the framework for security interoperability in the Java EE world, while the Web Services Security standard forms the framework for security interoperability in the heterogeneous world of clients and servers that communicate through web services interfaces.
Authentication provider - An authentication provider is a supported LDAP-compliant directory service that provides authentication for the FileNet P8 Domain. The authentication provider is identified during FileNet P8 installation. Supported directory service providers include IBM Tivoli Directory Server, CA Directory, Novell eDirectory, Sun Java Directory Server, Oracle Directory Server, and Microsoft Active Directory.

Token - The security token contains the user name, the user security ID, the group memberships of the user, and the group security IDs.

Authorization:

What you can do
Determines what the user can do (view, delete, modify, and so on).
Requires prior authentication.
Content Engine authorization is object based.

When a security principal that has already been authenticated attempts to access FileNet P8 objects, Content Engine or Process Engine will attempt to retrieve that principal's user and group memberships from the directory service provider. If successful, the user or group will be authorized to carry out actions described by the access rights placed on the object.

User roles
Different user roles are responsible for securing different types of objects. For example, administrators, solution builders, authors, and users might have different access rights to the same objects.

Even administrators with access to Enterprise Manager can have different levels of access to objects. For example, one administrator might have permission to modify document classes, properties and templates that another administrator has no access to.

Independent and dependent security

Most objects have Access control Lists (ACLs) that can be independently set. These objects are called independently securable.
Dependently securable objects are dependent on their parent object for their access rights. They are secured through the parent object.
Examples of dependently securable objects:
Content elements, which have the same security as the associated document object
A property assigned to a securable object, which has the same security as that object
The individual choices in a choice list, which have the same security as the object that the choice list is assigned to
A lifecycle state in a lifecycle policy
Security involves more than simply securing documents and folders. The security of the system design determines which objects are securable by which users. For example, administrators might be responsible for securing the domain root and the object stores. Application builders might be responsible for securing classes, instances like stored searches and entry templates, and property templates. Authors might be responsible for securing folders and documents depending on the design.

Object Store, Object Store Database, File Storage Area and Cache Area (FileNet Content Engine)

Object Store 

A repository for storing objects

 Object metadata is in a database.
 Content can be stored in the database. 
Or, it can be stored in one of the following:
 File storage area
 Fixed storage area


An object store consists of the following:

 One instance of a database (or tablespace) to manage objects
 One or more content stores to hold document content
 An entry in the FileNet P8 GCD

An object store can have one database store, and zero or more file storage areas, and fixed storage areas.
Metadata is information representing an object contained in an object store. The object name, the date it was added, the author, and so forth are all examples of metadata.
Document content is the file itself. Content is optional in an object store document.


For example, if a memorandum is added to an object store, the text in the memorandum is the document content, and the title, author, and date added information that is displayed in Workplace is the metadata. 

What is the object store database?


A container for the object store contents and properties

 Object store properties are metadata that identify the object store and define its behavior.
 Object store content includes metadata and (optional) object content.
Each object store uses one database.
Each database is exclusive to one object store.
Content can be stored directly within the database as BLOBs.

 Recommendation: Restrict size to 10 KB or smaller.

Many system and default metadata properties are available in object store, and user-defined properties can also be created. The unique identifier property for each entry in the object store is the GUID (Globally Unique Identifier), which is generated by the object store when an object is added. The GUID cannot be modified.

BLOB: Binary large object. This term refers to content that is stored in a compact binary format in a database field. Storing the content of large objects as a BLOB is not a very effective use of the database and can have serious impacts on the database performance. IBM recommends that the database store be used only for content that is no larger than 10 KB in size. Larger content sizes can be stored in a file storage area to avoid detrimental impact on the database performance.

A memorandum or report is a relatively small document, so both content and metadata are likely to be stored in the database. A large video file is likely to have the content stored in a file on a hard drive and not in the database for performance reasons. Metadata must include a reference to the video file location. 

What is a file storage area?

An area in the file system to store document content
 Located in a folder on a local or distributed file system.
 Associated metadata is stored in the database store.
Dependent on at least one object store
Use a file storage area in these circumstances:
 Document size is greater than 10 KB, to improve retrieval performance.
 Documents are grouped by different maintenance procedures.
 You must control file deletion technique.
Storage Policy
 To specify whichdocument classes usethe file storage area
 Covered laterContent

All object store content is stored in file storage areas, fixed storage areas, or database storage areas, all of which can be the objects of storage policies (covered later). Consider creating separate file storage areas to ensure efficient document management. For example, you can create a file storage area to group documents with the same deletion or backup requirements.

Database storage areas provide permanent storage for document content. A database storage area is managed by the Content Engine and converts document content into binary large objects (BLOBs) for storage in the database specified as the object store database.

A file storage area contains document content in a hierarchy of folders on a local or shared network drive accessible by the Content Engine server. The content is stored in a folder on a shared network drive.

A fixed storage area is a file storage area that has a connection to a third-party fixed-content system providing additional storage capacity and security. This connection is provided by a Content Engine object called a fixed-content device.

What is a content cache area?

A storage area in a file system used to temporarily hold files and database content for faster retrieval
 By providing local storage of frequently accessed documents without having to repeatedly request them over the network
Caches document content upon retrieval
 From databases 
 From file storage areas
Can be configured to cache content at the time it is added to the object store

A distributed FileNet P8 system has many clients reading content from either a remote file server (for example, over a WAN) or database (possibly on a remote server). To reduce network traffic, content can be cached in the file system on a local server.
Save files to cache when they are added. A cache can be configured to hold files at the time they are added to object stores. This feature is useful if the same documents are likely to be retrieved soon after adding. Do not enable this feature if a content cache area is intended for a site that is heavily used to create new documents if those documents are not subsequently retrieved.

Confidential documents. If you have sensitive or confidential documents, you need to consider whether caching is appropriate. Files are not automatically deleted from the content cache area when the document is deleted from the storage area.






FileNet P8 domain

FileNet P8 domain

A logical grouping of physical resources.
  • Content Engine servers
  • Sites
  • Object stores
  • Index areas
  • Storage areas
  • Content cache areas
  • Other elements
  • Global Configuration Database (GCD)
  • Holds the information defining the FileNet P8 domain.

The FileNet P8 domain is initially created when the FileNet P8 system is installed. After that, you can add new servers to the existing domain.

The Global Configuration Database (GCD) stores hierarchical configuration data related to the FileNet P8 domain. Only one GCD is available for each FileNet P8 domain. Data stored in the GCD includes the domain configuration (sites, virtual servers, and server instances), marking sets, object store definitions, add-ons, fixed content devices, and any other data that must be shared between all object store services in a FileNet P8 domain. The GCD is a proprietary format database, and contains a security descriptor which controls access to specific GCD objects.

Enterprise Manager is the FileNet P8 administrator interface to the GCD and its configuration data about the FileNet P8 domain. Enterprise Manager displays the domain hierarchy, object stores, and associated file and content cache stores for a single FileNet P8 domain, based on the information it finds in the GCD. The GCD needs to be backed up regularly. If the database server hosting the GCD database is unavailable, the system administrator cannot reach the FileNet P8 domain.

Stop and Start sequence of FileNet 5.1 system components (Same sequence for FileNet 5.0 also)

Start sequence

  1. Directory service (Ex: AD, TDS... )
  2. RDBMS (Ex: DB2, SQL,Oracle....)
  3. Machine for the Web application server hosting the Content Engine (Windows, UNIX, or Linux)
  4. Java EE application server hosting the Content Engine (IBM WebSphere, )
  5. Content Engine (FileNetEngine application, which can be set to start automatically)
  6. Machine for the Process Engine
  7. Process Engine server in Process Task Manager on Windows or UNIX, or if the Process Engine runs on a Windows machine, IMS ControlService and Process Engine Services Manager
  8. Machine for the Java EE application server hosting the Application Engine (Windows, UNIX, or Linux)
  9. Java EE application server hosting Workplace, Workplace XT
  10. Workplace (FileNetWorkplace) or Workplace XT (WorkplaceXT) application or both (can be set to start automatically)
  11. Process AE Services Manager, Process WP XT Services Manager, or both started on a Windows host machine for the user interface
  12. Component Managers on the host machine for the Application Engine or Workplace XT if a supported business solution uses a component.
  13. FileNet add-on products, such as Records Manager, Email Manager, or eForms Manager.

Stop Sequence

  1. Stop any FileNet add-on products first, such as Records Manager.
  2. Stop the Component Manager on the host server.
  3. Use WAS to stop the application WorkplaceXT.
  4. Stop the Process Engine with Process Task Manager.
  5. Use WAS to stop the application FileNetEngine(Content Engine).
  6. The directory service and RDBMS are stopped by their respective administrators if necessary.

Sample JAVA code to retrieve Realm, Group names and User names in FileNet (FileNet Content Engine API)

//Sample JAVA code to retrieve Realm, Group names and User names in FileNet

import java.io.IOException;
import java.util.Iterator;
import javax.security.auth.Subject;
import com.filenet.api.collection.GroupSet;
import com.filenet.api.collection.UserSet;
import com.filenet.api.constants.PrincipalSearchAttribute;
import com.filenet.api.constants.PrincipalSearchSortType;
import com.filenet.api.constants.PrincipalSearchType;
import com.filenet.api.core.Connection;
import com.filenet.api.core.Factory;
import com.filenet.api.util.UserContext;
public class CEUtil {
    private static Connection conn = null;

    public static Connection getCEConn()
    {
        try {
            String ceURI =    "http://localhost:9080/wsi/FNCEWS40MTOM/";
            String userName ="user";
            String password ="pwd";
            if(conn==null){
            conn = Factory.Connection.getConnection(ceURI);
            Subject subject = UserContext.createSubject(conn, userName, password, null);
            UserContext uc = UserContext.get();
            uc.pushSubject(subject);
            }

        } catch (Exception e1) {
            // TODO Auto-generated catch block
            e1.printStackTrace();
        }
        System.out.println("CE Connection"+conn);
        return conn;
    }
    public static void getRealm(String osName) throws IOException{
       
        try{
            Connection conn = getCEConn();
            com.filenet.api.core.EntireNetwork entireNetwork= Factory.EntireNetwork.fetchInstance(conn, null);
            com.filenet.api.security.Realm realm= entireNetwork.get_MyRealm();String realmName= realm.get_Name();
            System.out.println(realmName+ " is retrieved");
           
            //retrieve user names
            String pattern ="username";
            UserSet users = realm.findUsers(pattern, PrincipalSearchType.PREFIX_MATCH,PrincipalSearchAttribute.SHORT_NAME,PrincipalSearchSortType.NONE,Integer.valueOf("50"), null);
            com.filenet.api.security.User user;
            Iterator it = users.iterator();
            while (it.hasNext())
            {
            user = (com.filenet.api.security.User)it.next();
            System.out.println("distinguishedname =" +user.get_DistinguishedName());
            System.out.println("shortname =" + user.get_ShortName());
            System.out.println("name=" + user.get_Name());
            System.out.println("displayname =" + user.get_DisplayName());
            }
           
            //retrieve group names
            String pattern1="groupName";
            GroupSet groups = realm.findGroups(pattern1,PrincipalSearchType.PREFIX_MATCH,PrincipalSearchAttribute.SHORT_NAME,PrincipalSearchSortType.NONE,Integer.valueOf("50"), null);
            com.filenet.api.security.Group group;
            Iterator groupIt= groups.iterator();
            while (groupIt.hasNext())
            {
            group=(com.filenet.api.security.Group)groupIt.next();
            System.out.println("name=" + group.get_Name());
            System.out.println("Distinguishedname = " + group.get_DistinguishedName());
            System.out.println("shortname =" + group.get_ShortName());
            //System.out.println("Users =" + group.get_Users());
            }
           
            System.out.println("Done");


        }
        catch(Exception e){
            e.printStackTrace();
        }
    }
    public static void main(String[] args) throws IOException {
        getRealm("OSNAME");
    }
}