Deploying an OPSS Application
Purpose
This tutorial covers deploying an Oracle Platform Security Services (OPSS) enabled application.
After completing this exercise, you should be able to:
- Deploy an OPSS-enabled application using FMW Control
- Configure OPSS security settings within FMW Control during deployment
Time to Complete
Approximately 30 minutes
Overview
OPSS is Oracle's security framework for developing and managing security services in Java SE and EE environments. This tutorial is Deploying an OPSS Application.
Deploying an OPSS Application
This is the architecture that depicts the environment used for deploying an OPSS-enabled application. This OBE covers how to use FMW Control to configure security settings and deploy the application. This OBE focuses on the aspect of the diagram after the EAR file has been generated, as represented by the red box in the image above.
The environment consists of the following:
- A single OPSS-enabled WebLogic AdminServer running on port 7001
- The FMW Control console used to configure security settings and deploy the application
- The jps-config.xml file where OPSS configuration settings are stored
- The OpssADFDemoApp.ear file which is the enterprise application being deployed. This application contains declarative security configured within OPSS-based XML files. This security configuration is migrated to the OPSS security store during deployment.
- The OPSS security store where security data contained within the EAR file is migrated to during deployment
Software and Hardware Requirements
The following is a list of requirements:
- All software and hardware requirements are outlined in the OPSS Environment Set Up OBE
Prerequisites
Before starting this tutorial, complete the following prerequisites:
. |
This OBE requires that you have completed the OPSS Environment Set Up OBE. |
|---|---|
. |
This OBE requires that you have completed the OPSS Configuring an OID Authentication Provider in WebLogic OBE. |
Deploying an OPSS Application
Follow the steps below to configure and deploy an OPSS application:
. |
Start myxmldomain: Click the cd $DOMAINS/myxmldomain Make sure the WebLogic Server is running before continuing on to the next step.
|
|---|---|
. |
Open FMW Control: Open Firefox and browse to http://localhost:7001/em to open Enterprise Manager (EM) and gain access to FMW Control. Login using the following credentials: User name: weblogic
|
. |
Deploy OpssADFDemoApp application: Expand the WebLogic Domain node in the left-hand pane, then right-clcik myxmldomain to show the FMW Control menu. Select Application Deployment>Deploy to start the deployment process:
|
. |
Use Deployment wizard: The FMW Control deployment wizard appears. The first step involves selecting the application you would like to deploy from the file system. In our case, the EAR file is local to where the web browser is running and where Enterprise Manager is running so either choice would work ok. In our case, we just used the "local to web browser" option and browsed for the /home/oracle/labs/apps/OpssADFDemoApp.ear file. Leave the deployment plan options as the default "Create a new deployment plan when deployment configuration is done" selection, and click Next.
The second step in the deployment wizard is for targetting a deployment to the servers of a domain. Your domain only has one server and it should already be selected as the target for the deployment. Ensure that it is and click Next.
The third step in the deployment wizard is for setting attributes related to an application's deployment, such as the application name and the context root of a web application. These options will be different for every application based on what components make up the application. For your application, leave the default OpssADFDemoApp as the name and context root, and click Next:
The fourth step is for configuring deployment settings. This is where you configure OPSS security settings. Click the Configure Security Settings edit icon to look at the current configuration:
This displays the Configure Application Security page. Ensure that Overwrite is selected for Application Policy Migration. This ensures that any remaining policies that may exist for the related application stripe are overwritten with the new policy specified in the application files. You can also ensure that when the application is undeployed that all policies associated with the application stripe are removed from the OPSS security store as part of the process. These options are set by default. Click Apply to save the settings.
This returns you to the previous Deployment Settings page. Click Deploy to start the deployment process:
The deployment process window is displayed. This window shows the status of the deployment. When the process is finished, it should say that the deployment was successful. Click Close to exit the window.:
|
. |
Run application: Now that the application is deployed to the domain, you must run the application to verify that it was deployed successfully and that the application's security data was migrated to the OPSS security store.. Using Firefox, browse to http://localhost:7001/OpssADFDemoApp/faces/view1 to use the OpssADFDemoApp application. Click the Start Here button as shown below.
You are then presented with a log in page. This demonstrates that the application is deployed on the server. However, you still need to determine if its security data was migrated to the OPSS security store. Use each of the credentials below to log in separately to witness the behavior of the application. You will have to restart Firefox for each login to ensure a new session is getting created. Optionally, you can also use Firefox private browsing features to control session handling. Credential 1: Credential 2:
Within the application, an authorization request is made to determine if the currently logged in user can access the task flow that shows the calendar for the development workspace. Users that can see the calendar are granted access while users that cannot see the calendar are denied access. The joeuser account should be able to see the calendar, and the weblogic user should not be able to see the calendar. If the application behaves this way, then its security data was successfully migrated to the OPSS security store.
|
. |
Shut down myxmldomain: Shutdown myxmldomain by pressing Ctrl-C in the terminal window where you started it.
|
icon to open a terminal window. Enter the following commands to start the 
Summary
You have now completed the Deploying an OPSS Application OBE . You are ready to continue with the other OBE tutorials included in this series.
In this tutorial, you have learned how to:
- Deploy an OPSS-enabled application using FMW Control
- Configure OPSS security settings within FMW Control during deployment
Resources
- Oracle Platform Security Services (OPSS) 11gR1 Self-Study Series
- Oracle FMW Application Security Guide
- To learn more about Oracle FMW products, refer to additional OBEs in the OLL Web site
Credits
- Lead Curriculum Developer: Mark Lindros
- Other Contributors: Srikant Tirumalai, Shankar Raman, Sachin Kapur, Robert La Vallie, Linda Ross, William Cai, Michael Khalandovsky, Andre Neto, Ganesh Kirti, Jason Haley, Akila Natarajan, Steve Jackal, Sophia Maler, Anand Vaidyanathan, Ganesh Kirti, Diganta Choudhury
 |
Copyright © 2012, Oracle and/or its affiliates. All rights reserved |