README.txt for JAAS Provide callerInfo Demo (JAZN-LDAP)
=======================================================

I. Introduction
===============

This demo illustrates the following features of the JAAS Provider(JAZN):
- integration with Oid for retrievals of users and groups
- integration of OC4J Web Container with LDAP authentication 
- integration of OC4J Web Container with Web Single-sign on 

Please refers to the README.txt for deploying callerInfo demo using JAZN-XML.


II. Configuration
=================

To use the demo with JAZN-LDAP, you will need to ensure that the JAZN Test Seed Data 
has been loaded into Oid and the demo realm (sample_subrealm) is successfully created.
Refer to $ORACLE_HOME/j2ee/home/jazn/install/README for further details.

By default, callerInfo is configured to use JAZN-XML.
You can configure callerInfo to use JAZN-LDAP by modifying the <user-manager> 
and <security-role-mapping> elements in orion-application.xml.
You will have to rebuild the application.  Refer to Appendix A for further details.


DEPLOY in OC4J
--------------

To deploy callerInfo into OC4J, use dcmctl. Refers to $ORACLE_HOME/dcm/README for reference.

e.g. $ORACLE_HOME/dcm/bin/dcmctl deployApplication -verbose -file $ORACLE_HOME/j2ee/home/jazn/demo/callerInfo/callerInfo.ear -application jazn -component home -t 240 

Alternatively, do the following 2 tasks:
1) $ORACLE_HOME/j2ee/home/config/server.xml:

Add this line:

	<application name="callerInfo" path="../jazn/demo/callerInfo/build/callerInfo.ear" />


2) $ORACLE_HOME/j2ee/home/config/default-web-site.xml (AJP + Apache) *OR* http-web-site.xml (HTTP):

Add this line:

	<web-app application="callerInfo" name="callerInfo-web" root="/jazn" />


III. Running the demo
=====================

Assuming you've all the components properly configured, you may launch 
JAZN-enabled OC4J Server (standalone mode) in this manner:

(This example assumes you are in directory $ORACLE_HOME/j2ee/home)

> $(JAVA_HOME)/bin/java -jar oc4j.jar

There are many different ways to launch OC4J, please refer to the OC4J documentation.

After OC4J is successfully launched, you may use your favorite
browser to point to the OC4J listener:

http://myoc4j.us.oracle.com:port/jazn

and follow instructions on the web page.

For logon using the default settings, you may use the following credentials:

ray/welcome		-> assigned role "manager"	    -> mapped to "sr_manager"
rachel/welcome		-> assigned role "developer"	    -> mapped to "sr_developer"

Note: this configuration will be using Http basic authentication. 


Appendix A: Building Instructions
=================================

Make sure you have installed Ant from Apache's Jakarta Project
(http://jakarta.apache.org/ant/index.html). Ant is a XML-based
build tool (similar to make).

Before building the demo, you may want to customize the following files:

- etc/orion-application.xml: 
	Specify your JAZN provider to use LDAP - default is XML
	[OPTIONAL]  specify your realm name - if you have more than one realm in your configuration file
	[OPTIONAL]  specify your security-role-mapping (the default mappings reference roles defined in jazn-data.xml)
	replace <<ldap_url>> with the LDAP service URL (e.g. "ldap://myoid.us.oracle.com:389")        
	[OPTIONAL] add the following within the <jazn> tags to orion-application.xml 
	to use SSO as the authentication method:
	
	<jazn-web-app auth-method="SSO" />
	


Once you have Ant installed and build.xml configured, simply type the following at 
the command line (assuming you're in jazn/demo/callerInfo directory)

> ant

a new directory ("build") will be created and the .EAR and .WAR files
for callerInfo will be created there.

Note that the default OC4J config files assume that callerInfo.ear resides 
in the callerInfo directory, not the build sub-directory.




Appendix B: Configuring & Running JAZN with Apache & SSO
========================================================

We currently only support use of JAZN-LDAP with SSO.

Apache/mod_osso 
---------------

http.conf: add the following to protect /jazn URI using SSO

<Location /jazn>
AuthType Basic
require valid-user
</Location>	


Apache/mod_oc4j (this is needed for using the Apache listener)
---------------
mod_oc4j.conf

Add redirection info to redirect uri jazn to the oc4j home instance.
For example:

Oc4jMount /jazn/* home
Oc4jMount /jazn   home


When redirected to SSO, you may enter either of the following credentials:

ray/welcome
rachel/welcome

If you enter the former, the callerInfo servlet will be executed and the
following page will be displayed in your browser:

Time stamp: Tue Jul 03 15:46:51 PDT 2001 request.getRemoteUser = sample_subrealm/ray
request.isUserInRole('FOO') = true
request.isUserInRole('ar_manager') = true
request.isUserInRole('ar_developer') = false
request.getUserPrincipal = [JAZNUserAdaptor: user=sample_subrealm/ray]

The time stamp of course will be different in your case.

If you enter "rachel/welcome" as the sign-on screen, you will get the
following page instead:

403 Forbidden

WebSSO: Access Denied


