When you have custom application code that contains Content Services WebServices code, and requires S2S (ServiceToServiceManager) authentication, you need to separately login to Content Services using the WebServices API -- but, to avoid that, you should use the S2S authentication.
With S2S, you authenticate against a registered application (specify which ever password you want), then, you just need the SSO username, without the password to login to Content Services.
S2STestSetup uses the repository API to create a new application entity for Service-to-
Service authentication testing. The application entity created is added to the trusted applications list.
It attempts to create an application under the IFS container with name S2STestApplication. The password for this application is set to welcome1. The DN ends up looking like:
orclApplicationCommonName=S2STestApplication,cn=IFS, cn=Products,cn=OracleContext
Steps to Do
Step 1:
The default configuration for an out-of-box Oracle Collaboration Suite installation allows Cleartext Authentication only if SSL has been enabled (and the Web Services connection string begins with https). See the authentication topic for details.
To allow Cleartext Authentication to take place over standard (non-SSL) HTTP, set the Oracle Collaboration Suite domain property IFS.DOMAIN.WS.CleartextAuthenticationRequiresHttps to false using Enterprise Manager (Application Server Control).
If the domain property above is not modified to false and Cleartext Authentication is attempted using using standard HTTP, an FdkException will be thrown:
ORACLE.FDK.UnexpectedError : ORACLE.FDK.FeatureNotEnabled
Step 2:
Download the Oracle Content Services Java Web Services Accelerator 10.1.2.3 release - (3983028 bytes)(JDeveloper 10.1.2 build 1811 support) from
http://www.oracle.com/technology/products/cs/developer/contentservicesdev/sourcepacka
ges/CS10gWS_for_ContentServices_10.1.2.3_RTM_For_JDEV_10.1.2_OTN_release.zip
Step 3:
Unzip the file to ORACLE_HOME so that a directory CS10gWS becomes available under ORACLE_HOME
Step 4:
Edit the java file to ensure OID superuser details are correct (aka orcladmin password).
ORACLE_HOME/CS10gWS/other/service_to_service/S2STestSetup.java
Step 5:
Compile S2StestSetup.java as shown below
$ javac -source 1.4 -classpath /ocsinfra/product/10.1.2/ocs_1/jlib/repository.jar
/ocsinfra/product/10.1.2/ocs_1/CS10gWS/other/service_to_service/S2STestSetup.java
$ zip -u -m S2STest.jar S2STestSetup.class
For the above commands to successfully run, make sure
1. ORACLE_HOME should be set to the middle-tier home.
2. LD_LIBRARY_PATH variable on Linux platform should be set to include
$ORACLE_HOME/lib
3. PATH variable on Windows should be set to include %ORACLE_HOME%\bin
Step 6:
The S2STest jar file must be configured in jazn-data.xml
The repository API is protected by JAZN using code based authentication. For this protection, the API itself needs to have a list of access controls that are specified in ORACLE_HOME/config/jazn-data.xml
e.g. Create an entry:
<grant> <grantee> <codesource> <url>file: /user2/ocsapps/product/10.1.2/ocs_2/CS10gWS/other/se rvice_to_service/S2STest.jar </url> </codesource> </grantee> <permissions> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>SchemaManager</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>addInstanceAccessToOIDEntry</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>addPrivilegeToOIDEntry</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>connectAs</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getAllSchemas</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getBaseSchema</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getDBConnect</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getDBPassword</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getInstallType</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getInstanceName</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getOIDConnect</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getOIDUser</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getOIDVersion</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getSSOConnect</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getSchema</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>getVirtualHostName</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>isProductChildExist</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>makeNewOIDEntry</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>setComponentSuccess</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>deleteOIDEntry</name> </permission> <permission> <class>oracle.ias.repository.schemaimpl.CheckRepositoryPermission</class> <name>removeInstanceAccessInOIDEntry</name> </permission> </permissions> </grant>
Step 7:
Then execute the following command to successfully start using S2S Authentication
$ java -classpath ORACLE_HOME/jlib/repository.jar:ORACLE_HOME/CS10gWS/other/service_to_service/S2STest.jar S2STestSetup
No comments:
Post a Comment