Oracle9iAS Portal Developer Kit (PDK)
Installing the Oracle Internet Directory Portlets

Last Update:	March 19, 2003
Status:	Production
Version:	PDK Release 2, (9.0.2.6 and later)

Introduction

Oracle9iAS Portal (Portal) uses Oracle9iAS Single Sign-On (SSO) to authenticate users. SSO in turn uses the Oracle Internet Directory (OID) as a repository of users, groups and permissions. The OID portlets use the OID server to get information about the user that is accessing the portlet.

The OID sample consists of two portlets: Contact portlet and Protected Portlet

The Contact portlet will display information differently based on the user logged in.
The Protected portlet will only display when you log into portal as a member of a group specified in the Web Provider.

Assumptions

You have installed the samples downloaded with PDK-Java and understand the steps required to display a Web portlet on an Oracle Portal page. For more information on installing the sample, please review the article on installing the PDK-Java Framework and Samples.
The Web Providers can access the OID server associated with the Portal(s) on which it is registered.
You have access to an OID account that has proxy privileges. For maximum security, you should create an OID account for each web provider. This allows you to control the OID privileges based on the individual requirements of each Web Provider.

Communicating the contact details of the OID server

This section describes the how to communicate the contact details of the OID server to your Web provider.

The Portal Developer Kit needs to open one or more connections to the OID server during its operation so that properties of a user can be queried. To open these connections the following information is required:-

Host machine where OID is hosted e.g."machine.domain.com"
Port used by OID server e.g. 389
User name for an OID account that has proxy privileges
Password for the OID account

For the purposes of this sample we provide an insecure extension of OidInfo called oracle.portal.sample.v2.devguide.oid.UnsafeOidInfo . As the name implies this is NOT a secure way of accessing the OID password and it should not be used in a production implementation. However, it enables you to quickly and easily provide your OID server contact details in the deployment properties file called oid.properties to render the samples.

When using portlet that access the OID server in production, you should create a java class that extends the abstract class oracle.portal.provider.v2.oid.OidInfo. This abstract class has public setters and package getters for the OID connection details. It also has a method public abstract void init(ProviderContext pc), which gets called immediately after your OidInfo extension is constructed. You can use this method to read deployment properties or other context information to locate and load the necessary information. When you create your own extension of OidInfo you need to ensure that the OID access information remains secure.

When you create your own extension of OidInfo you need to ensure that the OID access information remains secure.

Configuring the OidManager

To configure OidManager you need to modify the deployment properties file for the provider service. The OID sample provider service included with the PDK can be found in the following location:

[OC4J_INSTANCE}/applications/jpdk/jpdk/WEB-INF/deployment/oid.properties.

Open the deployment properties file and edit the following entries:

oidManager=true Switch on the Oid Manager it is switched off by default
oidAdminClass=<name of class that extends oracle.portal.provider.v2.oid.OidInfo>

This information is general about how to configure the OiDManager, but the following section describes how to configure the OidManager for the samples.

Configuring the OidManager using UnsafeOidInfo

To configure UnsafeOidInfo for this sample (remember is not a secure implementation) modify the deployment properties file [OC4J_INSTANCE}/applications/jpdk/jpdk/WEB-INF/deployment/oid.properties.

oidAdminClass=oracle.portal.sample.v2.devguide.oid.UnsafeOidInfo
oidHost= Host machine where OID is hosted e.g."machine.us.oracle.com"
oidPort= Port used by OID server e.g.389
oidUser= User name for an OID user that has proxy privileges
oidPasswd= Password for the OID user

The file should look something like

oidManager=true
oidAdminClass=oracle.portal.sample.v2.devguide.oid.UnsafeOidInfo
oidHost=machine.domain.com
oidPort=389
oidUser=webprovider1
oidPasswd=welcome1

Configuring the Group Security Manager

The Group Security Manager is an extension of the PortletSecurityManager that lets you control access to a portlet based on group membership. Only users who belong to the specified group(s) are allowed to access the portlet.

Your Provider must be configured to use the OidManager for this feature to work. Once you have configured your provider to use OidManager, you must modify your provider definition file for each portlet you want to protect with the GroupSecurityManager.

The OID sample provider definition file included with the PDK can be found in the following location:

[OC4J_INSTANCE}/applications/jpdk/jpdk/WEB-INF/providers/oid/provider.xml

Open the provider definition file and edit the <securityManager> tags :

<portlet class="oracle.portal.provider.v2.DefaultPortletDefinition">
  <id>2</id>
  <name>Protected</name>
  ...
  <renderer class="oracle.portal.provider.v2.render.RenderManager">
    <renderContainer>true</renderContainer>
    <contentType>text/html</contentType>
    <showPage>/htdocs/oid/protected.jsp</showPage>
  </renderer>
  <securityManager class="oracle.portal.provider.v2.security.GroupSecurityManager">
      <group>cn=group1,cn=groups,dc=us,dc=company,dc=com</group>
      <group>cn=group2,cn=groups,dc=us,dc=company,dc=com</group>
  </securityManager>
</portlet>

Since the group information is being queried directly from OID, the value you specify for each <group> tag must be the distinguished name (dn) of the OID group, not the name as it is displayed in Oracle Portal - which is usually just the common name (cn).

If you define multiple groups for a single GroupSecurityManager the portlet will be accessible to users who are members of at least one of the specified groups. Users who are not members of any of the groups will be denied access to the portlet.

Viewing the portlets

To view the sample portlets you must do the following:

configure the provider to use OidManager
completed in the Oid configuring section
configure the "Protected" portlet so it accessible to a group you are a member of
completed in the GroupSecurityManager configuring section
register the provider with a portal
The url will be like http://<host>:port/jpdk/providers/oid
This is the same instructions as the basic PDK samples.
See Oracle9iAS Portal Developer Kit - Installing the PDK-Java Framework and Samples
create a publicly accessible portal page and add the portlets to the page

Once you have created your portal page, you should be able to view the portlets. Try logging in as different users or not logging in at all and view the page. The "Contact" portlet will display different information depending on the user that is logged on. The "Protected" portlet will only be shown when you log into Oracle Portal as a user who is of a group you specified when configuring the GroupSecurityManager.

Revision History:

Revision No	Last Update
1.0	March 19, 2003

Oracle Corporation
World Headquarters
500 Oracle Parkway
Redwood Shores, CA 94065, USA
http://www.oracle.com/

Worldwide Inquiries:
1-800-ORACLE1
Fax 650.506.7200

Oracle9iAS Portal Developer Kit (PDK) Installing the Oracle Internet Directory Portlets