SCIM Bulk Endpoint Operations in WSO2 Identity Server

SCIM - (System for Cross-Domain Identity Management)
WSO2 Identity server has exposed the three major endpoints for SCIM operation as follows.
/Users , /Groups, /Bulk

Lets look at the SCIM Bulk operations supported by the Identity Server.
1. Create Users
Request -
[code language="java"]
curl -v -k --user admin:admin -H "Accept: application/json" -H "Content-type: application/json" -X POST -d "{\"failOnErrors\":2,\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"Operations\":[{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Users\",\"userName\":\"hasini\",\"method\":\"POST\",\"emails\":[{\"value\":\"hasini@gmail.com\"},{\"value\":\"hasinig@yahoo.com\"}],\"phoneNumbers\":[{\"value\":\"0772508354\"}],\"displayName\":\"Hasini\",\"externalId\":\"hasini@wso2.com\",\"password\":\"dummyPW1\",\"preferredLanguage\":\"Sinhala\",\"bulkId\":\"bulkIDUser1\"},\"path\":\"/Users\",\"method\":\"POST\",\"bulkId\":\"bulkIDUser1\"},{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Users\",\"userName\":\"dinuka\",\"method\":\"POST\",\"emails\":[{\"value\":\"dinuka.malalanayake@gmail.com\"},{\"value\":\"dinuka_malalanayake@yahoo.com\"}],\"phoneNumbers\":[{\"value\":\"0772508354\"}],\"displayName\":\"Dinuka\",\"externalId\":\"dinukam@wso2.com\",\"password\":\"myPassword\",\"preferredLanguage\":\"Sinhala\",\"bulkId\":\"bulkIDUser2\"},\"path\":\"/Users\",\"method\":\"POST\",\"bulkId\":\"bulkIDUser2\"}]}" https://localhost:9443/wso2/scim/Bulk
[/code]


Response -
[code language="java"]
{"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Users/bcbc6fed-6519-4eeb-a1ff-9b643fdab1b5","method":"POST","bulkId":"bulkIDUser1"},{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Users/ce6cf606-c4de-4260-bfdf-a751161eeae0","method":"POST","bulkId":"bulkIDUser2"}]}
[/code]


2. Create Groups - Here you need to change the existing user IDs.
Request -
[code language="java"]
curl -v -k --user admin:admin -H "Accept: application/json" -H "Content-type: application/json" -X POST -d "{\"failOnErrors\":2,\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"Operations\":[{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Groups\",\"method\":\"POST\",\"displayName\":\"engineer\",\"externalId\":\"engineer\",\"members\":[{\"value\":\"b1b03cf2-470f-4a73-b517-ae4faed8e61b\"},{\"value\":\"8e2c7178-e5bf-4013-b526-1193e0611d9a\"}],\"bulkId\":\"bulkGroup1\"},\"path\":\"/Groups\",\"method\":\"POST\",\"bulkId\":\"bulkGroup1\"},{\"data\":{\"schemas\":[\"urn:scim:schemas:core:1.0\"],\"path\":\"/Groups\",\"method\":\"POST\",\"displayName\":\"doctor\",\"externalId\":\"doctor\",\"members\":[{\"value\":\"8e2c7178-e5bf-4013-b526-1193e0611d9a\"},{\"value\":\"b1b03cf2-470f-4a73-b517-ae4faed8e61b\"}],\"bulkId\":\"bulkGroup2\"},\"path\":\"/Groups\",\"method\":\"POST\",\"bulkId\":\"bulkGroup2\"}]}" https://localhost:9443/wso2/scim/Bulk
[/code]


Response -
[code language="java"]
{"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Groups/6f008b6c-e990-4f67-9048-0fbcb3b52d5c","method":"POST","bulkId":"bulkGroup1"},{"status":{"code":"201"},"location":"https://localhost:9443/wso2/scim/Groups/1b7c44a8-26b8-4e81-9961-26d90fe68ac5","method":"POST","bulkId":"bulkGroup2"}]}
[/code]


3. Delete Users
Request -
[code language="java"]
{"failOnErrors":2,"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"path":"/Users/6f3fc3ee-f39c-4d53-bc4d-649775313e29","method":"DELETE"},{"path":"/Users/b75bdb63-a36d-436d-8462-edd1db7e6b29","method":"DELETE"}]}
[/code]


Response -
[code language="java"]
{"schemas":["urn:scim:schemas:core:1.0"],"Operations":[{"status":{"code":"200"},"location":"/Users/bcbc6fed-6519-4eeb-a1ff-9b643fdab1b5","method":"DELETE"},{"status":{"code":"200"},"location":"/Users/ce6cf606-c4de-4260-bfdf-a751161eeae0","method":"DELETE"}]}
[/code]

Analyze java source with "Yasca" and detecting security vulnerabilities

Here I'm going to explain how to analyze the source code by using the "Yasca"

1. First of all you can checkout the Yasca from "https://svn.wso2.org/repos/wso2/people/prabath/yasca"

2. Check whether the php installed in your machine. if not you have to install it first
(In Linux you can do easily "sudo apt-get install php5")

3. Go to the "yasca" directory and write the the following command
"./yasca $Source_Directory_path" for more command refer this


4. Go to your desktop the you can see the folder call Yasca and all the generated reports are located there


This is very useful for detecting security vulnerabilities and other issues in program source code.