Java CAPS Sample Documentation


<font color="red">Working with the Oracle Java CAPS Samples for Access Manager</font>

Working with the Oracle Java CAPS Samples for Access Manager


The following procedures provide general instructions for setting up Access Manager and Access Server, and for configuring GlassFish. Documentation for Oracle Access Server is available at http://download.oracle.com/docs/cd/E12530_01/index.htm.

Part One: Configuring Access Manager and Java CAPS

  1. Download and install Oracle Access Core Components (OAM).

    You can download OAM core from http://www.oracle.com/technology/software/products/ias/htdocs/101401.html (download from OAM in the second row).

    For each Access Manager server instance, you need to install the following:

  2. Install Access Server SDK on the Java CAPS server machine.

  3. Configure Access Server SDK on the Java CAPS Server, navigate to AccessServerSDK-install-dir/oblix/tools/configureAccessGate and run the following command.

    configureAccessGate -i AccessServerSDK_Home_Dir -t AccessGate -w GlassfishAG -m open -h staqh24-5.us.oracle.com -p 6021 -a GlassfishAS

    where AccessServerSDK_Home_Dir is the path to your Access Server SDK home directory.

    Note: You might be prompted for a password for Access Gate. If you do not have the password, press the Enter key.

  4. Do the following to configure the GlassFish server:

    1. Copy jobacces.jar from from AccessServerSDK_Home_Dir/oblix/lib to JavaCAPS_Home/appserver/lib.

    2. In the GlassFish Admin Console, add the following to the Application Server JVM Options:

      -DOBACCESS_INSTALL_DIR=AccessServerSDK_Home_Dir

      where AccessServerSDK_Home_Dir is the path to your Access Server SDK home directory.

    3. On the GlassFish Admin Console, go to ApplicationServer->JVM Settings->Path Settings->Native Library Path Prefix and add AccessServerSDK_Home_Dir\oblix\lib.

    4. Set the environment variable OBACCESS_INSTALL_DIR.

    5. Add the following to the PATH variable: AccessServerSDK_Home_Dir/oblix/lib.

    6. Create an optional Oracle Access Configuration File named OAMConfig.properties.

      For a sample of this file, see OAMConfig.properties. This file supports one key named oam.resource.hostid.variation. The host ID of the actual resource to which a user is requesting access is replaced by the value of this setting.

      For example: oam.resource.hostid.variation=myhost.oracle.com

    7. Restart the GlassFish server.

  5. Create a Java CAPS project to use Oracle Access Manager with a policy definition similar to the following:

        <wsp:Policy wsu:Id="HttpBasicAuthBindingBindingOAMPolicy">
            <mysp:MustSupportBasicAuthentication on="true">
                <!-- authenticationType is one of simple, am, or realm -->
                <mysp:BasicAuthenticationDetail>
                   <mysp:OracleAccessManager authorization="true"/>
                </mysp:BasicAuthenticationDetail>
            </mysp:MustSupportBasicAuthentication>
        </wsp:Policy>

    The difference from Sun Access Manager is that the service provider is OracleAccessManager. Set authorization to true to enable resource authorization. A sample project is provided in BasicAuth.zip. You can see examples of the above policy in the WSDL document provided in the sample, SoapBasicAuth.wsdl. The WSDL document is also provided here. To download the sample, see Installing the Sample Projects.

  6. To use host ID variation, do the following:

    1. Create the OAMConfig.properties file as described above and place it in a local directory.

    2. On the NetBeans IDE Services window, expand Servers, GlassFish v2.x, JBI, and then Binding Components.

    3. Right-click sun-http-binding, and then select Properties.

    4. On the Properties window that appears, scroll to the Oracle Access Manager Configuration Directory property and specify the path to the properties file you created above.

    5. Click Close.

  7. Send a soap request to the endpoint

    The following response message should be returned: se from SoapBasicAuthAM. The default security setting is to allow access if no authorization theme is defined for the requested resource.

Installing the Sample Projects

Samples using the BPEL Service Engine and SOAP binding are provided on the Java CAPS Sample Code page. The ZIP file includes two projects, one BPEL project and one Composite Application for the BPEL project.

  1. Download BasicAuth.zip.

    This file is also available from the Java CAPS sample code site under the Access Manager tab.

  2. Extract the downloaded file into the location where you keep your NetBeans projects.

  3. Launch NetBeans.

  4. In the Projects window, right-click and then select Open Project.

  5. Navigate to the location where you extracted the projects, and select BasicAuth and BasicAuthBP.

  6. Click Open Project.

    The projects appear in the Projects window. If there are unresolved references, follow the instructions provided by NetBeans to resolve them.

  7. Before attempting to test the project, open SoapBasicAuth.wsdl and modify the SOAP address locations and WSP policies for your environment.


Part Two: Configuring Oracle Access Server

  1. Log in to Oracle Access Manager.

    There are links to three different consoles: Policy Manager, Access System Console, and Identity System.

  2. Select Identity System and create a new user.

  3. Select Access System Console and click Access System Configuration in the top right corner.

    From the menu on the left side, you can examine Access Server and Access Gate configurations. Specify Glassfish's Access Server (GlassfishAS) and Access Gate (GlassfishAG).

  4. Return to the Access Manager main window, and select Authentication Management. Select the authentication scheme named Glassfish BASIC over LDAP. Use the same scheme for Basic Authentication.

  5. Create a Host Identifier to list all possible hostids.

  6. Access Policy Manager by clicking the link on the top right corner. Create a Policy Domain.

  7. Define resources.

    For Type, specify http and for Host Identifier, specify the name of the host identifier you created earler.

  8. Create an authentication rule to grant access to the Java CAPS user.

  9. Create a default rule to use the Glassfish BASIC over LDAP authentication scheme:

  10. Define a policy to be enforced for all resources.


Part Three: Testing Your Projects

  1. From a SOAP interface, send a SOAP request with the Java CAPS username and password specified in the http header.

    You should receive a response message similar to the following: Response from SoapBasicAuthAM.

  2. Send a request specifying the username and password as glassfish/glassfish (glassfish is a valid user defined in Access Identity Server but is not granted access permissions for this resource).

    No response will be returned. In the server.log file, you should an exception similar to the following:

    com.sun.jbi.httpsoapbc.security.api.HttpBcSecurityException:
    com.sun.jbi.httpsoapbc.security.api.CredentialValidationException:
    Unauthorized user : glassfish for resource:
    http://Myserver.domain.com:12081/SoapBasicAuthService/SoapBasicAuthOAMPort
  3. Send a request specifying the username and password as test/test.

    No response will be returned. In server.log file, you should see the following exception:

    com.sun.jbi.httpsoapbc.security.api.HttpBcSecurityException:
    com.sun.jbi.httpsoapbc.security.oam.impl.OAMAuthorizationException:
    Invalid login for user: test