Oracle9iAS Portal Developer Kit (PDK)
Securing the Edit Provider UI

Introduction

While configuring the providers, you will come across steps where you need to edit the provider. The UI displayed when edit the provider, in default installation, is not secured. This UI can be secured only for OC4J instance deployment in Oracle9iAS.

Securing the UI

You need to go to the $IAS_HOME ($IAS_HOME refers to the root directory of your Oracle9iAS installation). Open the file $IAS_HOME/portal/conf/portal.conf and go the section marked with "Provider-UI mod_osso authentication directive". Here you should add the following entry between <IfModule mod_osso.c> and </ifModule>.

    <Location /portalTools/builder/providerui>
        AuthType Basic
        require valid-user
    </Location>

The entry in this file should look like as below :

# Provider-UI mod_osso authentication directive
<IfModule mod_osso.c>

    <Location /jpdk/providerui>
        AuthType Basic
        require valid-user
    </Location>

    <Location /portalTools/builder/providerui>
        AuthType Basic
        require valid-user
    </Location>

</IfModule>

After this, you should edit $IAS_HOME/j2ee/OC4J_Portal/applications/portalTools/providerBuilder/WEB-INF/deployment_providerui/provideruiacls.xml file ( replace OC4J_Portal with OC4J instance in your Oracle9iAS installation where you have deployed Portal Tools application) -
In this file, you can grant privileges to various users.
Here is a sample provideruiacls.xml file:

<providerui xmlns="http://www.oracle.com/portal/providerui/1.0">
          <objectType name="ALL_OBJECTS">
                       <object name="ANY_PROVIDER" owner="providerui">
                                <user name="any_provider_manager_user" privilege="500"/>
                               <user name="any_provider_edit_user" privilege="400"/>
                                <user name="any_provider_execute_user" privilege="300"/>
                      </object>
           </objectType>
          <objectType name="PROVIDER">
                     <object name="TEST_PROVIDER" owner="providerui">
                               <user name="provider_manage_user" privilege="500"/>
                               <user name="provider_edit_user" privilege="400"/>
                              <user name="provider_execute_user" privilege="300"/>
                     </object>
         </objectType>
</providerui>

You can define the privileges at global level or at object level.

These are the global level privileges (as shown in the sample file above):

• any_provider_manage_user - can create/edit/delete/open any provider and portlets under them.

• any_provider_edit_user - can create/edit any provider and execute the portlets under them.

• any_provider_execute_user - can open any provider and execute the portlets under them.

These are the object level privileges (as shown in the sample file above):

• provider_manage_user - can edit/delete/open the provider called "TEST_PROVIDER" and the portlets under it.

• provider_edit_user - can edit the provider called "TEST_PROVIDER" and execute portlets under it.

• provider_execute_user - can open the provider called "TEST_PROVIDER" and execute portlets under it.