|Applies To||RSA ClearTrust Pre- and Post-Processing Hooks 5.0.1|
|Issue||How to use UserHookEvent, AdministrativeUserHookEvent, and GroupHookEvent|
The methods of UserHookEvent, AdministrativeUserHookEvent, and GroupHookEvent return objects of type sirrus.da.admin.User, sirrus.da.admin.AdministrativeUser, and sirrus.da.admin.Group, respectively. Classes sirrus.da.admin.User, sirrus.da.admin.AdministrativeUser, and sirrus.da.admin.Group are part of the internal Eserver implementation and not part of the documented server hook API. An application developer implementing a hook into the Eserver may have difficulty getting data into a readily usable format.
Depending of the requirements of the hook being implemented, User, AdministrativeUser, and Group methods may readily provide the data needed as an object of a base type (e.g. String). Unfortunately, methods of these classes that return other than simple objects return objects of other classes also internal to ClearTrust, outside the documented server hook API.
|Resolution||As a workaround, if more sophisticated functionality is required of the (Eserver) hook, the hook implementation should simply capture a key data element readily available, such as the user ID, and make the user ID available for a separate application process which would perform the necessary Admin API functions. For example, a UserHookEvent implementation might retrieve the user ID via User.getName and send a message to a separate process which establishes an Admin API connection that uses the user ID to access the user record.|
RSA Security strongly discourages implementing an Admin API connection from within the hook itself. During operation, this will result in excessive concurrent logins, and the Eserver potentially running out of memory.
|Legacy Article ID||a17910|