Oracle Financial Services Lending and Leasing

Oracle Financial Services Lending and Leasing
Application Installation Guide
Oracle Financial Services Lending and Leasing
Release 14.2.0.0.0
Part No. E59770-01
December 2014
Application Installation Guide
December 2014
Oracle Financial Services Software Limited
Oracle Park
Off Western Express Highway
Goregaon (East)
Mumbai, Maharashtra 400 063
India
Worldwide Inquiries:
Phone: +91 22 6718 3000
Fax:+91 22 6718 3001
www.oracle.com/financialservices/
Copyright © 2007, 2014, Oracle and/or its affiliates. All rights reserved.
Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective
owners.
U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed
on the hardware, and/or documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to
the applicable Federal Acquisition Regulation and agency-specific supplemental regulations. As such, use, duplication, disclosure,
modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the
hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other
rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or
intended for use in any inherently dangerous applications, including applications that may create a risk of personal injury. If you use
this software or hardware in dangerous applications, then you shall be responsible to take all appropriate failsafe, backup,
redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages
caused by use of this software or hardware in dangerous applications.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and
are protected by intellectual property laws. Except as expressly permitted in your license agreement or allowed by law, you may
not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform, publish or display any part, in
any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for
interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors,
please report them to us in writing.
This software or hardware and documentation may provide access to or information on content, products and services from third
parties. Oracle Corporation and its affiliates are not responsible for and expressly disclaim all warranties of any kind with respect
to third-party content, products, and services. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or
damages incurred due to your access to or use of third-party content, products, or services.
Table of Contents
1.
Preface ...................................................................................................... 1-1
1.1
1.2
1.3
2.
Installing Software ................................................................................... 2-1
2.1
2.2
3.
3.8
3.9
Configuring Password Policy for SQL Authenticator ............................................... 4-1
Configuring User Lockout Policy ............................................................................. 4-3
Deploying Application ............................................................................. 5-1
5.1
6.
7.
8.
9.
10.
11.
Creating Domain and Servers ................................................................................. 3-1
Applying the JRF Template ..................................................................................... 3-8
Creating Schemas using Repository Creation Utility............................................... 3-9
Creating Metadata Repository............................................................................... 3-15
Creating Data Source ............................................................................................ 3-18
Creating SQL Authentication Provider................................................................... 3-24
Creating User Groups and Users .......................................................................... 3-29
3.7.1 Creating Users.......................................................................................... 3-29
3.7.2 Creating User Groups............................................................................... 3-31
3.7.3 Assigning Users to Groups....................................................................... 3-32
3.7.4 Resetting password via weblogic console ................................................ 3-32
Implementing JMX Policy for Change Password................................................... 3-33
Migrating Policy from File to Database.................................................................. 3-38
Configuring Policies ................................................................................ 4-1
4.1
4.2
5.
Installing Oracle WebLogic Server 11g ................................................................... 2-1
Installing Oracle ADF Runtime ................................................................................ 2-7
Creating Domains, Repositories, Data Sources ................................... 3-1
3.1
3.2
3.3
3.4
3.5
3.6
3.7
4.
Prerequisites............................................................................................................ 1-1
Audience.................................................................................................................. 1-2
Conventions Used ................................................................................................... 1-2
Deploying Application .............................................................................................. 5-1
Enabling SSL ............................................................................................ 6-1
Launching Application ............................................................................ 7-1
Mapping Enterprise Group with Application Role ................................ 8-1
Configuring Oracle BI Publisher for Application .................................. 9-1
Configuring JNDI name for HTTP Listener .......................................... 10-1
Appendix ..................................................................................................A-1
11.1 XManager Usage..................................................................................................... A-1
1. Preface
This document contains notes and installation steps needed to install and setup Oracle
Financial Services Lending and Leasing. Oracle Financial Services Lending and Leasing
relies on several pieces of Oracle software in order to run and this document is in no way
meant to replace Oracle documentation supplied with these Oracle products or available via
Oracle technical support. The purpose of this document is only meant to supplement the
Oracle documentation and to provide Oracle Financial Services Lending and Leasing specific
installation instructions.
For recommendations on security configuration, refer Security Configuration Guide.
It is assumed that anyone installing Oracle Financial Services Lending and Leasing will have
a thorough knowledge and understanding of Oracle Weblogic Server 10.3.6, Oracle BI
Publisher 11.1.1.7.
Application installation is a nine step process.
1. Installing Software
2. Creating Domains, Repositories, Data Sources
3. Configuring Policies
4. Deploying Application
5. Enabling SSL
6. Launching Application
7. Mapping Enterprise Group with Application Role
8. Configuring Oracle BI Publisher for Application
9. Configuring JNDI name for HTTP Listener
1.1
Prerequisites
The following software are required to install Oracle Financial Services Lending and Leasing
application and they are available from the following sources:

Oracle Software Delivery Cloud (http://edelivery.oracle.com/)

Oracle Technology Network (OTN)
1. Sun JDK Version 1.7.0_55 or above http://www.oracle.com/technetwork/java/javase/
downloads/index.html
2. Oracle Repository Creation Utility (RCU) Version 11.1.1.7.0. Download RCU for the
respective platform from the "Required Additional Software" section of http://
www.oracle.com/technetwork/middleware/bi-publisher/downloads/index.html. RCU is
available only on Linux and Windows operating systems. Either the Linux RCU or
Windows RCU may be used to create schemas in a supported database.
3. Oracle Repository Creation Utility (RCU) Version 11.1.1.7.0. Download RCU for the
respective platform from the "Required Additional Software" section of
http://www.oracle.com/technetwork/middleware/bi-publisher/downloads/index.html
4. Oracle WebLogic Server 11gR1 Version 10.3.6
(http://www.oracle.com/technetwork/middleware/weblogic/downloads/wls-main097127.html)
Navigate to Oracle WebLogic Server 11gR1 (10.3.6) + Coherence - Package Installer and
download the file for respective OS.
1-1
To use WebLogic Server with 64-bit JVM's on Linux and Solaris or to use WLS on other
supported platforms, use the WebLogic Server generic installer listed under "Additional
Platforms". The generic installers do not include a JVM/JDK. These are to be downloaded
and installed prior to installing the Weblogic Server.
5. Oracle ADF 11g
http://www.oracle.com/technetwork/developer-tools/adf/downloads/index.html
Note
Please use all 64-bit software’s for machine hosted with 64-bit O/S.
Note
Use XManager for remote UNIX/LINUX machine. Please refer XManager Usage.
1.2
Audience
This document is intended for system administrators or application developers who are
installing Oracle Financial Services Lending and Leasing Application.
1.3
Conventions Used
Term
Refers to
Application
Oracle Financial Services Lending and Leasing
1-2
2. Installing Software
2.1
Installing Oracle WebLogic Server 11g
To install using generic Weblogic installer 1. Run the command  java -jar wls1036_generic.jar
2. Welcome screen is displayed as shown below.
3. Click Next to continue.
2-1
4. Select Create a new Middleware Home as Middleware Home Type
5. Specify the path for Middleware Home Directory, and then click Next.
6. The following window is displayed.
2-2
7. . Uncheck the check box as in the above screen and click Next. Confirmation window is
displayed . Click on Yes
8. Click on Next The following window is displayed.
9. Select ‘Typical’ as the ‘Install Type’ and click Next. The following window is displayed.
2-3
10. Click Browse button and select existing JDK Home Path as shown below.
2-4
11. The selected Java Home is displayed as shown below.
12. Click Next. The following window is displayed.
13. Click Next. The following window is displayed.
2-5
Note
You can change the Oracle WebLogic Server and Oracle Coherence paths, if required. ..
14. Click Next. The weblogic installation starts. After its done the following window is
displayed.
15. Click Done to close the window.
2-6
2.2
Installing Oracle ADF Runtime
1. Extract the zipped file ofm_appdev_generic_11.1.1.7.0_disk1_1of1.zip.
2. Go to Disk1 folder of the above unzipped file. Run the following command
In Unix\Linux:./runInstaller
3. Enter JDK/JRE Home Path, when prompted.
4. Welcome window is displayed.
2-7
5. Click Next. The following window is displayed.
6. Select Skip Software Updates and click Next. The following window is displayed.
2-8
7. Click Next. The following window is displayed.
8. Select Oracle Middleware Home Path as highlighted and click Next. The following
window is displayed.
2-9
9. Select WebLogic Server and click Next. The following window is displayed.
10. Click Install. The following window is displayed.
2-10
11. Once the installation is complete, click Next. The following window is displayed.
12. Click Finish to close the window.
2-11
3. Creating Domains, Repositories, Data Sources
3.1
Creating Domain and Servers
1. In Unix/Linux machine, once the Oracle WebLogic Server is installed, navigate to the
following path.
<WL_HOME>/wlserver_10.3/common/bin
Note
Use XManager for remote UNIX/LINUX machine. Refer XManager Usage.
Here, WL_HOME is /home/Oracle/Middleware.
2. In Unix run config.sh.,
3. Click Configuration Wizard icon.
3-1
4. Select Create a new WebLogic domain and click Next. The following window is
displayed.
5. Select Generate a domain configured automatically to support the following
products option.
6. Select Oracle Enterprise Manager - 11.1.1.0 [oracle_common] check box.
7. Select Oracle JRF - 11.1.1.0 [oracle_common] check box.
8. Click Next. The following window is displayed.
3-2
9. Enter Domain Name and click Next. The following window is displayed.
10. Edit Domain Location, if needed.
11. Enter credentials for the following:

Name

User password

Confirm user password

Description
3-3
12. Click Next. The following window is displayed.
13. Select Production Mode and JDK from Available JDKs
OR
Select Other JDK option to select any other JDK.
14. Click Next. The following window is displayed.
3-4
15. Select Administration Server and Managed Servers, Clusters and Machines and
click Next. The following window is displayed.
16. Enter Administration Server Name and Listen Port details. Check the SSL port and click
Next. The following window is displayed..
17. Click Add button. Enter Name and Listen Port details in Configure Managed Servers
window. Check the SSL port and click Next. The following window is displayed.
3-5
18. Configure as required and click Next. The following window is displayed.
3-6
19. Configure as required and click Next. The following window is displayed.
20. Click Create. The following window is displayed.
21. Once the creation of the Domain is complete, click Done to close the window.
3-7
Note
The default Weblogic installation will be running JVM with 512MB, this has to be increased
for the ADF managed server. Say, for a 2 CPU Quad Core with 16 GB it could have the
JVM running at 8 GB as:
USER_MEM_ARGS="-Xms8192m –Xmx8192m -XX:PermSize=2048m -XX:MaxPermSize=2048m"
22. The "$MW_HOME/user_projects/domains/mydomain" directory contains a script that can
be used to start the Admin server.
$ cd $MW_HOME/user_projects/domains/mydomain/bin
$ ./startWebLogic.sh
If the server is required to be running and access to command line needs to be returned
use “nohup” and “&”
$ nohup ./startWebLogic.sh &
23. To Start Managed Server
$ cd $MW_HOME/user_projects/domains/mydomain/bin
$ ./$MW_HOME/user_projects/domains/mydomain/bin/startManagedWebLogic.sh
{ManagedServer_name} {AdminServer URL}
If the server is required to be running and access to command line needs to be returned
use "nohup" and "&".
$ nohup ./$MW_HOME/user_projects/domains/mydomain/bin/
startManagedWebLogic.sh {ManagedServer_name} {AdminServer URL} &
3.2
Applying the JRF Template
1. Start Oracle WebLogic Server
2. Login to Oracle Enterprise Manager 11g Console (http://hostname:port/em).
3-8
3. On Left window panel, expand WebLogic Domain  OFSLL_domain and click
OFSLL_ManagedServer as shown below.
4. On right window panel, click Apply JRF Template Button. The confirmation message is
displayed as shown below.
3.3
Creating Schemas using Repository Creation Utility
1. Download Oracle Repository Creation Utility Tool
(ofm_rcu_linux_11.1.1.7.0_disk1_1of1.zip) from the link mentioned in prerequisites.
2. Unzip the ofm_rcu_linux_11.1.1.7.0_disk1_1of1.zip to your local drive.
3. Open command prompt on Unix and browse to $RCU_HOME/bin and run ./rcu
3-9
4. The following window is displayed.
5. Select Create to create new schemas and click Next. The following screen is displayed.
3-10
6. Provide database details where schemas need to be created, as shown in the above
screen. Click on Next. The following window is displayed.
7. Provide database details where you want to create schemas, as shown in the above
screen.
3-11
Note
You will require a user with SYSDBA role to create schemas.
8. Select Create a new Prefix option and specify value. For example, OFSS.Check
Metadata Services, Oracle Platform Security Services and Business Intelligence
Platform as shown in the above screen.
9. Click Next. The following window is displayed.
3-12
10. Once the operation is complete, click OK. The following window is displayed.
11. Select Specify different passwords for all schemas and provide Schema Passwords
for each server as shown above.
12. Click Next. The following window is displayed.
3-13
13. Click Next. The following window is displayed.
14. Click OK. The following window is displayed.
15. Click OK to continue to the next page. The following window is displayed.
3-14
16. Click Create. The following windows are displayed.
17. Click Close to close the window.
3.4
Creating Metadata Repository
Assuming that OFSS_MDS schema is created using Oracle Repository Creation Utility (RCU)
as mentioned in Creating Schemas using Repository Creation Utility section, follow the below
steps to create the repository.
3-15
1. Login to Oracle Enterprise Manager 11g console (http://hostname:port/em).
2. Click on domain name OFSLL_domain on the left side panel.
3. Expand Weblogic domain OFSLL_domain and click Metadata Repositories on right side
panel, as shown above screen.
4. The following window is displayed.
3-16
5. Click Register button. The following window is displayed.
6. Enter database instance details under Database Connection Information section and click
Query.
7. All available schemas in the given database instance are listed.
8. Select the schema you require and enter Repository Name (adf) and the password
under Selected Repository – Schema OFSS_MDS section.
9. Click OK. The following window is displayed.
3-17
10. Click Repository name mds-adf on left panel. You can even select it from right panel.
11. Click Add and target to OFSLL_AdminSever and OFSLL_ManagedServer as on right
panel.
3.5
Creating Data Source
1. Login to WebLogic Server 11g console (http://hostname:port/console).
3-18
2. The following window is displayed.
3. Click Domain Name
 Services  Data Sources.
4. The following window is displayed.
3-19
5. Click Lock & Edit button on the left panel. Click New on right panel and select Generic
Data Source.
6. Enter Data source Name
7. Enter JNDI Name as jdbc/ofsllDBConnDS.
8. Select Oracle as Database Type and click Next. The following window is displayed.
9. Select the Database Driver "Oracle's Driver(Thin) for Instance connections;
Versions:9.0.1 and later” as shown above.
3-20
10. Click Next. The following window is displayed.
11. Click Next. The following window is displayed.
3-21
12. Enter Database details click Next. The following window is displayed.
13. Click Test Configuration. The following window is displayed.
3-22
14. Displays confirmation message as “Connection test succeeded”. Click Next. The
following window is displayed.
15. Select target Servers OFSLL_AdminServer and OFSLL_ManagedServer and click
Finish. The following window is displayed.
16. Click Activate Changes on the left panel.
Update the following parameters in JDBC data source connection pool:
1. Select Services  Data Sources  select the OFSLL data source  Connection
Pool.
2. Initial capacity and Maximum capacity is defaulted to 15, if the number of concurrent
users are more this needs to be increased.
3. Click Advanced button and update the following:

Inactive Connection Timeout=900

Uncheck the "Wrap Data Types" parameter for better performance.
4. Click Save.
3-23
3.6
Creating SQL Authentication Provider
1. Login to WebLogic server administration console and click Security Realms in left panel.
The following window is displayed.
2. Click myrealm onright panel. The following window is displayed.
3-24
3. Click on Providers tab. The following window is displayed.
4. Click Lock & Edit to unlock the screen and click New button in Authentication Providers
sub tab. The following window is displayed.
5. Create Authentication provider with following values.
Name: OFSLLDBAuthenticator
Type: SQLAuthenticator
3-25
6. Click OK button. The following window is displayed.
Authentication order should be maintained as mentioned in the above screen.
7. OFSLLDBAuthenticator will be displayed as above.
8. Click on OFSLLDBAuthenticator.
9. The following window is displayed.
10. Select SUFFICIENT as the Control Flag and click Save.
3-26
11. Click Provider Specific sub tab under Configuration tab. The following window is
displayed.
12. Provide the following values in corresponding fields.
Data Source Name: OFSLLNEW
Password Style Retained: Uncheck
Password Algorithm: SHA-512
Password Style: SALTEDHASHED
Provide the SQL Queries from the column Corresponding SQL Queries as per OFSLL
Tables as given below.
Operation
Default SQL Query from Weblogic
Corresponding SQL Queries as per our Tables
SQL Get Users
Password:
SELECT U_PASSWORD FROM USERS
WHERE U_NAME = ?
SELECT UAU_USR_PASSWORD FROM
USER_AUTHORISATIONS WHERE
UAU_USR_CODE = ?
SQL Set User
Password:
UPDATE USERS SET
U_PASSWORD = ?
WHERE U_NAME = ?
UPDATE USER_AUTHORISATIONS SET
UAU_USR_PASSWORD = ? WHERE
UAU_USR_CODE = ?
SQL User
Exists:
SELECT U_NAME
FROM USERS
WHERE U_NAME = ?
SELECT UAU_USR_CODE FROM
USER_AUTHORISATIONS WHERE
UAU_USR_CODE = ?
SQL List
Users:
SELECT U_NAME
FROM USERS
WHERE U_NAME
LIKE ?
SELECT UAU_USR_CODE FROM
USER_AUTHORISATIONS WHERE
UAU_USR_CODE LIKE ?
3-27
Operation
Default SQL Query from Weblogic
Corresponding SQL Queries as per our Tables
SQL Create
User:
INSERT INTO USERS
VALUES ( ? , ? , ? )
INSERT INTO USER_AUTHORISATIONS(UAU_USR_CODE, UAU_USR_PASSWORD,UAU_DESC) VALUES(?,?,?)
SQL Remove
User:
DELETE FROM
USERS WHERE
U_NAME = ?
DELETE FROM USER_AUTHORISATIONS WHERE UAU_USR_CODE= ?
SQL List
Groups:
SELECT G_NAME
FROM GROUPS
WHERE G_NAME
LIKE ?
SELECT UGR_GROUP_CODE FROM
USER_GROUPS WHERE
UGR_GROUP_CODE LIKE ?
SQL Group
Exists:
SELECT G_NAME
FROM GROUPS
WHERE G_NAME = ?
SELECT UGR_GROUP_CODE FROM
USER_GROUPS WHERE
UGR_GROUP_CODE = ?
SQL Create
Group:
INSERT INTO
GROUPS VALUES ( ?
,?)
INSERT INTO
USER_GROUPS(UGR_GROUP_CODE,U
GR_GROUP_DESC) VALUES(?,?)
SQL Remove
Group:
DELETE FROM
GROUPS WHERE
G_NAME = ?
DELETE FROM USER_GROUPS WHERE
UGR_GROUP_CODE = ?
SQL Is Member:
SELECT G_MEMBER
FROM GROUPMEMBERS WHERE
G_NAME = ? AND
G_MEMBER = ?
SELECT UGM_MEMBER_USR_CODE
FROM USER_GROUP_MEMBERS
WHERE UGM_MEMBER_GROUP_CODE= ? AND
UGM_MEMBER_USR_CODE = ?
SQL List Member Groups:
SELECT G_NAME
FROM GROUPMEMBERS WHERE
G_MEMBER = ?
SELECT UGM_MEMBER_GROUP_CODE FROM
USER_GROUP_MEMBERS WHERE
UGM_MEMBER_USR_CODE= ?
SQL List
Group Members:
SELECT G_MEMBER
FROM GROUPMEMBERS WHERE
G_NAME = ? AND
G_MEMBER LIKE ?
SELECT UGM_MEMBER_USR_CODE
FROM USER_GROUP_MEMBERS
WHERE UGM_MEMBER_GROUP_CODE= ? AND
UGM_MEMBER_USR_CODE LIKE ?
SQL Remove
Group Memberships:
DELETE FROM
GROUPMEMBERS
WHERE G_MEMBER
= ? OR G_NAME = ?
DELETE FROM USER_GROUP_MEMBERS WHERE UGM_MEMBER_USR_CODE= ? OR
UGM_MEMBER_GROUP_CODE= ?
SQL Add
Member To
Group:
INSERT INTO
GROUPMEMBERS
VALUES( ?, ?)
INSERT INTO USER_GROUP_MEMBERS (UGM_MEMBER_GROUP_CODE,UGM_MEMBER_US
R_CODE) VALUES(?,?)
3-28
Operation
Default SQL Query from Weblogic
Corresponding SQL Queries as per our Tables
SQL Remove
Member From
Group:
DELETE FROM
GROUPMEMBERS
WHERE G_NAME = ?
AND G_MEMBER = ?
DELETE FROM USER_GROUP_MEMBERS WHERE UGM_MEMBER_GROUP_CODE= ? AND
UGM_MEMBER_USR_CODE= ?
SQL Remove
Group Member:
DELETE FROM
GROUPMEMBERS
WHERE G_NAME = ?
DELETE FROM USER_GROUP_MEMBERS WHERE UGM_MEMBER_GROUP_CODE= ?
SQL Get User
Description:
SELECT U_DESCRIPTION FROM USERS
WHERE U_NAME = ?
SELECT UAU_DESC FROM USER_AUTHORISATIONS WHERE UAU_USR_CODE = ?
SQLSet User
Description:
UPDATE USERS SET
U_DESCRIPTION = ?
WHERE U_NAME = ?
UPDATE USER_AUTHORISATIONS SET
UAU_DESC= ? WHERE UAU_USR_CODE= ?
SQL Get
Group Description:
SELECT G_DESCRIPTION FROM
GROUPS WHERE
G_NAME = ?
SELECT UGR_GROUP_DESC FROM
USER_GROUPS WHERE
UGR_GROUP_CODE= ?
SQL Set Group
Description:
UPDATE GROUPS
SET G_DESCRIPTION = ? WHERE
G_NAME = ?
UPDATE USER_GROUPS SET
UGR_GROUP_DESC= ? WHERE
UGR_GROUP_CODE= ?
Provider Name
OFSLLDBAuthenticator
13. Click Save.
Note
Application server needs to be restarted for these changes to take effect.
3.7
Creating User Groups and Users
3.7.1
Creating Users
Create an OFSLL application super user to login to the application.
A script is provided in the distribution media in the dba_utils folder to create an user.
Note
By default there are no users created to login to OFSLL application.
3-29
Run the script "crt_app_user.sql script" as a OFSLL application owner user.
1. Login into WebLogic server console.
2. Click Security Realms on the left panel.
3. Click myrealm on the right panel..
1. Select Users tab under Users and Groups.
3-30
2. If SQLAuthenticator is configured as a Security Provider for the OFSLL application, the
Users are automatically created in weblogic when created through an application.
3.7.2
Creating User Groups
1. Select Groups tab under Users and Groups.
2. If SQLAuthenticator is configured as a Security Provider for the OFSLL application, the
Groups are automatically created in weblogic when created through an application.
3-31
3.7.3
Assigning Users to Groups
The USERS are automatically mapped to default application group - OFSLL_USER.
3.7.4
Resetting password via weblogic console
1. Click on User. Select Passwords tab. The following window is displayed.
3-32
2. Enter the new password and confirm password.
3. Click on Save.The following window displayed.
3.8
Implementing JMX Policy for Change Password
1. Login to Oracle WebLogic Server 11g console (http://hostname:port/console)
Note
The Change Password feature uses the JMX Policy configured on the domain. Hence, the
AdminServer is required to be up and running to enable this.
3-33
2. Click Domain
 Security  myrealm  Configuration
3. To enable JMX policy select the "Use Authorization Providers to Protect JMX Access"
check box on the right panel
4. Click Save and restart the server.
5. Re-login to console.
6. Click Domain
 Security  myrealm  Roles and Policies  Realm Policies
3-34
Note
If server is not restarted, JMX Policy Editor option will not appear
7. Click on JMX Policy Editor to configure
8. Select GLOBAL SCOPE
3-35
9. Click Next
10. Select weblogic.security.providers.authentication.
11. Select "SQLAuthenticatorMBean". Click Next.
12. Expand "Operations: Permissions to Invoke" and select "ChangePassword"
13. Click "Create Policy"
3-36
14. It opens the below screen for Authorization providers where you can add conditions to
setup the policy.
15. Click Add Condition. The below screen will be displayed.
16. For Predicate List, select Group for configuration.
3-37
17. Click Next.
18. Select user roles for application.
19. Click Finish. Click on Save to complete the configuration. The following window will be
displayed.
3.9
Migrating Policy from File to Database
For the scalability and manageability of the policy, you must migrate them from a file to
database.
3-38
To migrate policy from File to Database:
1. Create a data source for OPSS schema with non XA and non global transaction.
For data source creation refer Creating Data Source section of this chapter.
2. Go to $MW_Home/oracle_common/common/bin.
3. Run /setWlstEnv.sh
4. Run /wlst.sh.
5. When prompted, enter connect( )
6. Enter Username, Password and Server URL
7. Run the below command:
reassociateSecurityStore(domain="OFSLL_domain",servertype="DB_ORACLE",datasourcename="jdbc/devopss",jpsroot="cn=opssNode",join="false")
datasourcename is the data source created in Step 1.
8. The policy gets migrated from file to Database.
9. Restart the server for the changes to take effect.
3-39
4. Configuring Policies
4.1
Configuring Password Policy for SQL Authenticator
1. Login to the WebLogic server administration console with user login credentials.
2. Browse to Security Realms myrealm Providers as shown below. The following
window is displayed
3. Click Password Validation tab. The following window is displayed
4-1
4. Click SystemPasswordValidator link. The following window is displayed
5. Click Provider Specific Tab. The following window is displayed.
4-2
6. Configure the password policy as per the requirement. An example is provided below.
7. Click Save.
4.2
Configuring User Lockout Policy
1. To Change User lockout policy, browse to Security Realms  myrealm
Configuration Tab  User Lockout Tab. The following window is displayed
2. Configure the User Lockout details as per the requirement. An example is provided
above.
4-3
5. Deploying Application
5.1
Deploying Application
1. Login to the Oracle Enterprise Manager 11g console . (i.e. http://hostname:port/em)
2. Right click on OFSLL_ManagedServer in left panel, select Application Deployment 
Deploy. The following window is displayed.
3. Click Choose File button and select OFSLL application archive file i.e. ofsll_142.ear.
5-1
4. Click Next. The following window is displayed
5. Check target server as per the requirement OFSLL_ManagedServer and click Next.
6. The following window is displayed.
7. Click
button to select Repository Name. The following window is displayed.
5-2
8. Select Repository as per requirement and click OK.
9. Enter Partition name as per the requirement and click Next.
10. Click Deploy. The following window is displayed
5-3
11. Click Close once the message “Deploy operation completed” is displayed.The following
window is displayed with Application deployment status
5-4
6. Enabling SSL
The application is accessible only via https protocol; hence, after the deployment of the
application, you need to enable SSL.
To enable SSL:
1. Login to console.
2. $Domain_Home  Servers  Manage Servers  Configuration  General. The
below screen is displayed.
3. Check the ‘SSL Listen Port Enabled’ check box.
4. Specify the port for ‘SSL Listen Port’.
Note
It is recommended to disable http protocol.
6-1
7. Launching Application
Verifying Successful Application Deployment and Launching Application
Successful Application deployment can be verified by following:

Making sure that the state is ACTIVE and health in OK in the Weblogic.

Access and log into the application.
After you enable SSL you can launch the application via https:\\ protocol.
To launch application
1. Verify if the deployed OFSLL application is Active.
2. The URL of the OFSLL application will be
https://<hostname>:<Port>/<ContextName>/faces/pages/OfsllSignIn.jspx
(Example: https://localhost:7003/ofsll142/faces/pages/OfsllSignIn.jspx)
7-1
3. Login with the user credentials that was created in Users Creation.
4. After successful login, the following screen is displayed
7-2
8. Mapping Enterprise Group with Application Role
Follow the below steps to add an user to the group
1. Login to Oracle Enterprise Manager 11g console (http://hostname:port/em).
2. Click WebLogic Domain
 Security  Application Roles on the right panel.
3. On clicking Application Roles, The following screen is displayed:
4. Select Application Stripe from the drop-down menu.
5. Click the arrow head button. Details of the existing Roles are displayed below.
8-1
6. Select the Role Name. Membership details of the selected Role Name are displayed
under Membership for "role_name"..
7. Click Edit. The following window is displayed.
8-2
8. Click Add. Select type as Group. Click on the arrow head button.
9. Select the Principal "OFSLL_USER" to add and click OK. The following window is
displayed.
10. The selected Principal is listed under Members.
8-3
Click OK. The following window is displayed with the confirmation message as “The
Application role of ‘group_name’ has been updated”.
8-4
9. Configuring Oracle BI Publisher for Application
1. Copy the OfsllCommonCSF.jar from /WEB-INF/lib available in the staging area to
$DOMAIN_HOME/lib
2. Update the setDomainEnv.sh file ($MW_HOME/user_projects/domains/mydomain/bin
directory) by appending the above jar file path –
EXTRA_JAVA_PROPERTIES="…….. ${EXTRA_JAVA_PROPERTIES}
-Dofsll.csf.path=${DOMAIN_HOME}"
3. Configure Security via EMconsole
Note
It is assumed that BI Publisher is installed and configured. Refer BI Publisher Guide for
further details.
9-1
4. Click WebLogic Domain on the right panel. Select Security -> Credentials. Click ‘Create
Map’. The following window is displayed.
5. Enter the Map Name: ofsll.int.security
6. Click OK. The following window is displayed.
7. Click Create Key Button.
9-2
The following window is displayed.
8. Enter the details as per your requirement.
9. And provide User Name and Password of BI Publisher console.
10. Click OK. The following window is displayed.
9-3
11. On the left panel, right click on the domain OFSLL141_domain > Security > System
Policies. The following window is displayed. Click Create.
12. The following window is displayed. Enter the codebase as "file:${ofsll.csf.path}/lib/
OfsllCommonCSF.jar" and click Add.
13. The following window is displayed. Select the checkbox 'Select here to enter details for a
new permission' and enter the following details as the first permission class.

Permission Class: oracle.security.jps.service.credstore.CredentialAccessPermission

Resource Name: context=SYSTEM,mapName=ofsll.int.security,keyName=*
9-4

Permission Actions: read
Configuring JNDI Name for http Listener
1. Similarly, click Add to add the second permission class. Select the check box 'Select here
to enter details for a new permission' and enter the following details as the second
permission class.

Permission Class: oracle.security.jps.service.credstore.CredentialAccessPermission

Resource Name: context=SYSTEM,mapName=ofsll.http.listener.jndi,keyName=*

Permission Actions: read
2. Click OK. The following window is displayed.
3. Click OK. The following window is displayed.
9-5
10. Configuring JNDI name for HTTP Listener
1. Click WebLogic Domain on the right panel. Select Security
2. On clicking Credentials the following window is displayed.
10-1
 Credentials.
3. Click on Create Map. The following window is displayed.
4. Enter Map name as 'ofsll.http.listener.jndi'.
5. Click OK. The following window is displayed.
10-2
6. Click Create Key Button. The following window is displayed.
7. Enter the details as per your requirement.
Key: jndiname
Credential: java:comp/env/jdbc/ofsllDBConnDS
Type:Generic
10-3
8. Click OK. The following window is displayed.
10-4
A. Appendix
A.1
XManager Usage
To run any installer on remote non window machine user should have XManager software.
Give the following details
Session name:Give session name.
Host name:Give the UNIX machine address.
Protocol:This value depends on the operating system.
For ExampleE.g.:
Oracle Enterprise Linux: SSH
IBM AIX: TELNET
Solaris: SSH
UNIX: SSH
User Name:Give the UNIX user name.
Password:Give the password.
Execution Command: This value depends on the operating system.
E.g.:
A-1
Oracle Enterprise Linux: /usr/bin/xterm -ls -display $DISPLAY
IBM AIX: /usr/dt/bin/dtterm -ls -display $DISPLAY
Solaris: /usr/openwin/bin/xterm -ls -display $DISPLAY
UNIX: /usr/bin/X11/xterm -ls -display $DISPLAY
A-2
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement