11 Managing Content Repositories

This chapter describes how to configure and manage content repositories used by WebCenter Portal applications.

This chapter contains the following sections:

Audience

The content of this chapter is intended for Fusion Middleware administrators (users granted the Admin or Operator role through the Oracle WebLogic Server Administration Console). See Section 1.8, "Understanding Administrative Operations, Roles, and Tools".

11.1 What You Should Know About Content Repositories

Oracle WebCenter Portal's support of the JCR 1.0 open document standard enables integration with multiple back-end content stores. Oracle WebCenter Portal supports the following content repositories: Oracle WebCenter Content Server (Content Server), Microsoft SharePoint, Oracle Portal, and the file system.

Oracle WebCenter Portal enables content integration through:

  • Content Repository data controls, which enable read-only access to a content repository, and maintain tight control over the way the content displays in a WebCenter Portal: Framework application.

  • The Documents service, which enables users to view and manage documents and other types of content in your organization's content repositories.

  • Content Presenter, which enables end users to select content in a variety of ways and then display those items using available display templates. A Content Presenter task flow can be added during development of a WebCenter Portal: Framework application, or can be added to editable pages at runtime.

For more information about managing and including content in WebCenter Portal applications, see also:

Note:

Content repository configuration changes that you make through Fusion Middleware Control or using WLST are not dynamic; you need to restart the managed server on which the WebCenter Portal: Framework application is deployed for your changes to take effect. See Section 8.2, "Starting and Stopping Managed Servers for WebCenter Portal Application Deployments".

Prerequisites for each content repository are described in the following sections:

WebCenter Portal users need to store, publish, and share files. The Documents service provides content management and storage capabilities for WebCenter Portal applications, including content upload, file and folder creation and management, file check out, versioning, and so on. To do this, the Documents service requires at least one content repository connection (WebCenter Portal applications can support multiple content repository connections) to be made active (default):

  • WebCenter Portal: Spaces - In the Spaces application, every Home space and any spaces that have the Documents service provisioned have their own document folder. This data is stored in the Oracle WebCenter Content Server (Content Server) repository, which must be configured as the primary content repository for Spaces. Although Spaces requires that Content Server be the active or default content repository, you can also connect Spaces to any of the other supported repositories. See Section 11.8, "Modifying Content Repository Connection Details" for information about setting the default content repository, and setting additional Document Spaces properties required for a Spaces content repository.

  • Other WebCenter Portal: Framework applications - When a content repository is made active (see Section 11.8, "Modifying Content Repository Connection Details"), the Documents service task flows use that content repository in instances where no specific connection details are provided. There is no particular requirement on the default content repository used.

When Content Server is the primary active content repository (required for Spaces), the Documents service and Content Server must be connected to the same identity store that is used by that WebCenter Portal application.

Just like other service connections, post-deployment content repository connections are registered and managed through Fusion Middleware Control or using the WLST command-line tool. Connection information is stored in configuration files and in the MDS repository. For more information, see Section 1.3.5, "WebCenter Portal Configuration Considerations."

Always use Fusion Middleware Control or the WLST command-line tool to review and configure back-end services for WebCenter Portal applications. Any changes that you make to WebCenter Portal applications, post-deployment, are stored in the Oracle Metadata Service (MDS) repository as customizations.

Once connection details are defined, WebCenter Portal application users can expose the content of the connected content repositories through several ADF Faces components, such as <af:image>, <af:inlineFrame>, and <af:goLink>, and built-in Documents service task flows (Document Manager, Folder Viewer, and Recent Documents). For more information, see "Working with Page Content" and "Working with the Documents Service" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

11.2 Configuring Oracle WebCenter Content Server Repositories

This section provides step-by-step instructions for configuring an Oracle WebCenter Content Server 11g (Content Server) content repository for WebCenter Portal: Spaces and WebCenter Portal: Framework applications. Unless otherwise noted, these instructions are common to both Spaces and Framework applications.

This section contains the following subsections:

11.2.1 Prerequisites to Configuring Content Server

Read this section to understand the prerequisites and other considerations before continuing with Section 11.2.3, "Configuring Content Server for WebCenter Portal Applications."

This section includes the following subsections:

11.2.1.1 Installation Prerequisites

Content Server

Prior to configuring Oracle WebCenter Content Server 11g (Content Server), you should already have installed Content Server. Content Server is installed as a part of Oracle WebCenter Content, which is an Oracle Fusion Middleware component, and is described in the Oracle WebCenter Content Installation Guide.

If you already have an earlier version of Content Server installed, upgrade your installation to Oracle WebCenter Content Server 11g prior to configuring Content Server 11g. For information about upgrading to Oracle WebCenter Content Server 11g, see "Upgrading Your Oracle Enterprise Content Management Suite Environment" in the Oracle Fusion Middleware Upgrade Guide for Enterprise Content Management.

Inbound Refinery

Oracle recommends that you also install Oracle WebCenter Content: Inbound Refinery (Inbound Refinery) as part of the installation. Inbound Refinery is a conversion server that manages file conversions for electronic assets such as documents, digital images, and motion videos. It also provides thumbnail functionality for documents and images and storyboarding for videos. You can use Inbound Refinery to convert content items stored in Content Server. Installing Inbound Refinery is also described in the Oracle WebCenter Content Installation Guide.

Note:

Content Server and Inbound Refinery must be installed in the same domain. Oracle recommends that you install Content Server and Inbound Refinery in the same domain as WebCenter Portal. When they are installed in the same domain, no additional configuration is required to use an external LDAP authentication provider.

11.2.1.2 Configuration Prerequisites

After installing Content Server and Inbound Refinery, you should also have configured the initial post-installation settings described in "Configuring the Content Server Instance" in the Oracle WebCenter Content Installation Guide. Settings should be configured for both Content Server and Inbound Refinery including the additional WebCenter Portal-specific instructions provided in the tables below. Be sure to restart the servers after updating the settings.

Content Server

Setting Description

Server Socket Port

This is the intradoc port that we connect to using RIDC. This value is stored in the configuration file for the Managed Server as IntradocServerPort.

Incoming Socket Connection Address Security Filter

Server filter specifying what machines can access Content Server through a socket connection. This value is stored in the configuration file for the Managed Server as SocketHostAddressSecurityFilter.

Full Text Search

(Optional but recommended)

Internal


Inbound Refinery

Setting Description

Server Socket Port

This is the intradoc port that we connect to using RIDC. This value is stored in the configuration file for the Managed Server as IntradocServerPort.

Incoming Socket Connection Address Security Filter

Server filter specifying what machines can access Inboudn refinery through RIDC. This value is stored in the configuration file for the Managed Server as SocketHostAddressSecurityFilter.

Full Text Search

(Optional but recommended)

Internal


11.2.1.3 Security Prerequisites

Content Server must be configured to use the same identity store LDAP server as the Spaces application or Framework application. For information on how to reassociate the identity store with an external LDAP server, see Section 29.1, "Reassociating the Identity Store with an External LDAP Server."

Content Server and Inbound Refinery must be installed in the same domain. Oracle recommends that you install Content Server and Inbound Refinery in the same domain as WebCenter Portal. When they are installed in the same domain, no additional configuration is required to use an external LDAP authentication provider.

11.2.2 Configuration Roadmap for Content Server

The flow chart in Figure 11-1 provides an overview of the prerequisites and tasks required to get Content Server working in WebCenter Portal applications (Spaces and Framework applications). The steps in the flow chart is described in Table 11-1 and the subsections in Section 11.2.3, "Configuring Content Server for WebCenter Portal Applications."

Figure 11-1 Configuring Content Server for WebCenter Portal Applications

Description of Figure 11-1 follows Enable the mandatory components Configure the Dynamic Converter component Configure the Inbound Refinery Configure Secure Sockets Layer (SSL) for Content Server Enable the iFraming UI in WebCenter Portal Configure the SES Crawler Configure Site Studio Enable OracleTextSearch Create Content Profiles Configure Item Level Security Additional Optional Configurations Configure Security Register the Content Server Connection
Description of "Figure 11-1 Configuring Content Server for WebCenter Portal Applications"

Table 11-1 WebCenter Portal-specific Configuration Tasks for Content Server

Task Description Documentation

Enable the mandatory components

Mandatory

You must enable the Folders_g component (which provides a hierarchical folder interface to content in Content Server), and the WebCenterConfigure component (which configures an instance of Content Server for WebCenter Portal applications). You must also disable the FrameworkFolders folders component (which is not compatible with the Folders_g component)

See Section 11.2.3.1, "Enabling Mandatory Components."

Configure the Dynamic Converter component

Optional, but strongly recommended

This component enables HTML renditions. Slide Previewer is available in WebCenter Portal when both DynamicConverter and the WebCenterConfigure components are installed.

See Section 11.2.3.2, "Configuring the Dynamic Converter Component."

Configure the Inbound Refinery

Optional, but strongly recommended

This is a conversion server that manages file conversions for electronic assets such as documents, digital images, and motion videos. It also provides thumbnail functionality for documents and images and storyboarding for videos. You can use Inbound refinery to convert content items stored in Content Server.

See Section 11.2.3.3, "Configuring the Inbound Refinery."

Configure Secure Sockets Layer (SSL) for Content Server

Optional, but strongly recommended

To ensure secure identity propagation, you should set up SSL for Content Server.

See Section 33.7, "Securing the Spaces Connection to Content Server with SSL."

Also see Section 11.2.3.4, "Setting Up SSL for Content Server."

Enable the iFraming UI in WebCenter Portal

Optional, but strongly recommended

If iFraming is not configured, some functionality, such as Document Manager document rendition support, advanced metadata edit, the IFRAME functionality, and so on, will not be available.

See Section 11.2.3.5, "Enabling the iFraming UI in WebCenter Portal."

For more information, also see Appendix B, "Oracle HTTP Server Configuration for WebCenter Portal."

Configure the SES Crawler

Optional

You can override the default search adapters and use Oracle SES to get unified ranking results for WebCenter Portal resources such as documents, pages, people, and so on.

See Section 22.6.2, "Setting Up Oracle WebCenter Portal: Content Server for Oracle SES Search."

Also see Section 11.2.3.6, "Configuring the SES Crawler."

Configure Site Studio

Optional, but recommended

Configuring Site Studio lets you use Site Studio to create and use Site Studio assets (region definitions and display templates) in Content Presenter.

See Section 11.2.3.7, "Setting Up Site Studio."

For information, see also the section "Enabling and Disabling a Component" in Oracle WebCenter Content System Administrator's Guide for Content Server and the section "Publishing Content in Content Presenter" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces. See also Oracle WebCenter Administrator and Manager's Guide for Site Studio.

Enable OracleTextSearch

Optional, but recommended

Although configuring full-text searching and indexing capabilities is optional, Oracle recommends that you use the OracleTextSearch option for full-text search. Note that this option should only be used in conjunction with an Oracle database.

See Section 11.2.3.8, "Enabling OracleTextSearch."

For more information, also see the section "Configuring Oracle Text Search for Oracle Content Server" in Oracle WebCenter Content Installation Guide and the section "Site Studio Integration" in Oracle WebCenter Application Administrator's Guide for Content Server.

Create Content Profiles

Optional

When iFraming is enabled in a WebCenter Portal application, users have the option to upload content based on Content Server Profiles

See Section 11.2.3.9, "Creating Content Profiles in Content Server."

For more information about creating content profiles, see the chapter "Managing Metadata" in the Oracle WebCenter Application Administrator's Guide for Content Server.

Configure Item Level Security

Optional

The Documents service can use Item Level Security (ILS) to override the default Spaces document security model, or to expose Content Server document security in a Framework application. Using ILS allows Content Server folders (and their children) or individual documents to have unique security permissions.

See Section 11.2.3.10, "Configuring Item Level Security in WebCenter Portal Applications."

See also, "Setting Security Options on a Folder or File" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces

Additional Optional Configurations

Optional

After completing the rest of your configuration, you can optionally configure the FileStore Provider component and set up Node Manager.

See Section 11.2.3.11, "Additional Optional Configurations."

Configure Security between Content Server and Framework applications

Mandatory for Framework applications (not applicable to Spaces)

To configure Content Server to work with a Framework application, you must first set up content security and users in a development environment and then migrate them to a production environment.

See Section 11.2.3.12, "Configuring Security Between Content Server and WebCenter Portal: Framework Applications."

Register the Content Server Connection

Mandatory

For Framework applications, you must configure the connection from the application to Content Server. For Spaces, although in most cases the connection will be configured when Spaces first starts up, you should at least test it to make sure it has been configured correctly for your environment, and that data has been correctly seeded.

For Framework applications, see Section 11.2.3.13.1, "Configuring the Content Server Connection for Framework Applications." For Spaces, see Section 11.2.3.13.2, "Configuring the Content Server Connection for Spaces." For Spaces, be sure to also check the seeded data as described in Section 11.2.3.13.3, "Checking the Spaces Data Seeded in Content Server."


11.2.3 Configuring Content Server for WebCenter Portal Applications

After installing or upgrading to Content Server 11g, perform the configuration tasks listed in Table 11-1. Unless otherwise noted, these tasks are common to both Spaces and Framework applications.

Note:

Prior to beginning the configuration you must have completed the installation and configuration steps described in Section 11.2.1, "Prerequisites to Configuring Content Server" that define the starting point for the configuration steps in this section.

This section includes the following subsections:

11.2.3.1 Enabling Mandatory Components

Mandatory

Follow the steps below to enable components required by Content Server. This includes Making sure that the FrameworkFolders folders component (which is not compatible with the the Folders_g component) is disabled, enabling the Folders_g component (which provides a hierarchical folder interface to content in Content Server), and enabling the WebCenterConfigure component (which configures an instance of Content Server for WebCenter Portal applications). For more information about what the WebCenterConfigure component does, see Section 11.2.3.1.1, "What You Should Know About the WebCenterConfigure Component."

To enable required components:

  1. Log onto the Administration server and open the Admin Server page.

    You can access the Admin Server page through Content Server by going to Administration > Admin Server.

  2. Click Component Manager.

    The Component Manager page displays.

  3. Make sure that the FrameworkFolders checkbox is unchecked.

  4. Check the WebCenterConfigure checkbox and any other components that you want to enable.

    On the Component Manager page, make sure that the InboundRefinerySupport checkbox is checked if you have installed and plan to use the Inbound Refinery. If you plan to use the Dynamic Converter, you can also select it here as you'll otherwise need to enable it later.

  5. Click Update.

  6. Click Advanced Component Manager.

    The Advanced Component Manager page displays.

  7. Select Folders_g in the Disabled Components list box and click Enable.

  8. Restart the Content Server instance.

11.2.3.1.1 What You Should Know About the WebCenterConfigure Component

Enabling the WebCenterConfigure component performs the following tasks (Table 11-2) in Content Server:

Table 11-2 Tasks Associated with the WebCenterConfigure Component

Tasks Pointers to Verify the Completion of Tasks

Enables accounts

Content Server > Administration > Admin Server > General Configuration > Enable Accounts checkbox

or

FMW_HOME/user_projects/domains/ucm_domain/ucm/cs/config/config.cfg file. The setting in this file is UseAccounts=1.

Allows updates to documents that are yet to be released

Content Server > Administration > Admin Server > General Configuration > Additional Configuration Variables

or

FMW_HOME/user_projects/domains/ucm_domain/ucm/cs/config/config.cfg

The setting is AllowUpdateForGenwww=1

Disables the cache for folders

If the Folders_g component is enabled,CollectionUseCache is set to false by the WebCenterConfigure component each time the server starts up. This setting is visible in Administration > System Audit Information > Configuration Entry Information > Click All Environment Keys > shows all environment settings.

or

See the FMW_HOME/user_projects/domains/ucm_domain/ucm/cs/config/config.cfg file.The setting is CollectionUseCache=1.

Adds metadata fields:

  • xWCTags

  • xWCPageId

  • xWCWorkflowAssignment

  • xWCWorkflowApproverUserList

You can view, edit, and add metadata fields here: Content Server > Administration > Admin Applets > Configuration Manager > Information Fields tab.

Sets Folder settings if the Folders_g component is enabled:

  • System Default Information Field Configuration: Doc Type = Document

  • Information Field Inherit Configuration


    xWCWorkflowAssignment
    xWCWorkflowApproverUserList

Content Server > Administration > Folder Configuration > System Default Information Field Configuration

Content Server > Administration > Folder Configuration > Information Field Inherit Configuration

Adds the WCWorkflowApproverUserToken workflow token

Content Server > Administration > Admin Applets > Workflow Admin > Options > Tokens menu

Adds three DynamicConverter templates

If the DynamicConverter component is enabled, the DynamicConverter service is called to create the three DynamicConverter templates:

  • SLIDE-PREVIEW

  • SLIDE-PREVIEW-TEXT

  • SLIDE-PREVIEW-LARGE

Overrides certain behavior of the Site Studio Switch Content wizard to make Site Studio work in the WebCenter Portal environment

This provides access to the Site Studio Switch Content wizard and the Site Studio Contributor editor from within Content Presenter to allow for adding and editing Site Studio documents from WebCenter Portal.

  • The contentwizard.hcsp and contentwizard.js files are copied from the /WebCenterConfigure.zip/component/WebCenterConfigure/publish/contentwizard/ directory to the OCS_HOME/cs/weblayout/resources/wcm/custom/sitestudio/contentwizard/webcenter/ directory.

  • The wcm.sitestudio.form.js file is copied from the /WebCenterConfigure.zip/component/WebCenterConfigure/publish/contentwizard/directory to the OCS_HOME/cs/weblayout/resources/wcm/custom/sitestudio/ directory.

Upgrades the PersonalSpace role and default attributes to 11.1.1.6.0 format

If Content Server contains an older version (11.1.1.5.0 and earlier) of the PersonalSpace role format, then enabling WebCenterConfigure upgrades the PersonalSpace role and default attributes to 11.1.1.6.0 format

11.1.1.5.0 and earlier format:

Roles:

  • PersonalSpaceRole with RWD permissions on the PersonalSpaces security group

Default Attributes:

  • All users (public and authenticated) get the PersonalSpaceRole

11.1.1.6.0 format:

Roles:

  • PersonalSpaceRole with R permission on the PersonalSpaces security group

  • PersonalSpaceAuthenRole with RWD on the PersonalSpaces security group

Default Attributes:

  • All public users get the PersonalSpaceRole

  • All authenticated users get the PersonalSpaceAuthenRole


11.2.3.2 Configuring the Dynamic Converter Component

Optional, but strongly recommended

This configuration is required for the Slide Previewer capability in WebCenter Portal, which makes use of the HTML renditions generated on the fly by the Dynamic Converter.

The configuration for the Dynamic Converter consists of two steps: enabling the Dynamic Converter, and defining the file types for which the Dynamic Converter is available. If you enabled the Dynamic Converter previously when you were enabling the mandatory components, you can skip the steps to enable it and go directly to the steps for defining the file types.

Enabling the Dynamic Converter

To enable the Dynamic Converter:

  1. Log onto the Administration server and open the Admin Server page.

    You can access the Admin Server page through Content Server by going to Administration > Admin Server.

  2. On the Component Manager page check the DynamicConverter checkbox.

  3. Click Update.

  4. Restart the Content Server instance.

Setting the file types to be sent to the Dynamic Converter

To define the file types for which Dynamic Converter is available:

  1. Log in to the Content Server and select Administration > Dynamic Converter Admin > Configuration Settings > Conversion Formats.

    Note that the Dynamic Converter Admin menu option will not be visible until after you restart the Content Server instance after enabling the Dynamic Converter component.

  2. Select the file formats from the dropdown list for which the Dynamic Converter will be enabled. Choose all the document formats for which you want HTML renditions such as Word, Excel, PowerPoint, and PDF.

11.2.3.3 Configuring the Inbound Refinery

Optional, but strongly recommended

The Inbound Refinery is a conversion server that manages file conversions for electronic assets such as documents, digital images, and motion videos. It also provides thumbnail functionality for documents and images and storyboarding for videos. You can use Inbound Refinery to convert content items stored in Content Server.

To configure Inbound Refinery, you must set up an outgoing provider from Content Server to Inbound Refinery, and specify the file types that will be converted. You also need to enable PDFExportConverter and set other conversion settings on Inbound Refinery. Although optional, you may also want to enable the conversion of wikis and blogs to PDF.

Prior to configuring Inbound Refinery, you should have:

This section contains the following subsections:

11.2.3.3.1 Creating an Outbound Provider

Before Content Server can send files to Inbound Refinery for conversion, you must set up an outgoing provider from Content Server to Inbound Refinery with the Handles Inbound Refinery Conversion Jobs option checked.

To create an outbound provider:

  1. From the Content Server Administration menu, choose Providers.

  2. In the Create a New Provider section of the Providers page, click Add in the outgoing row.

  3. Enter values for these fields:

    • Provider Name: Any short name with no spaces describing the Inbound Refinery instance the outgoing provider is for. It is a good idea to use the same name as the Inbound Refinery Instance Name.

    • Provider Description: A description of the outgoing provider.

    • Server Host Name: The name of the host machine where the Inbound Refinery instance is running (for example, myhost.example.com).

    • HTTP Server Address: The address of the Inbound Refinery instance (for example, http://myhost.example.com:16250 where 16250 is the Web port).

    • Server Port: The IntradocServerPort value for the Inbound Refinery instance. This value was entered on the post-installation configuration page, and can be found on the Inbound Refinery configuration information page under Server Port. You can also find it in the FMW_HOME/user_projects/domains/ucm_domain/ucm/ibr/config/config.cfg file as IntradocServerPort.

      To display the Inbound Refinery configuration information page:

      • Log in to the Content Server and choose Administration > Configuration for <instanceName>.

      • Click Server Configurations to display the server configurations.

    • Instance Name: The instance name for Inbound Refinery (the IDC_Name value in the config.cfg file). This value was entered on the post-installation configuration page as Server Instance Name, and can be found on the Inbound Refinery configuration information page.

    • Relative Web Root: The web root of the Inbound Refinery instance (for example, /ibr/).

  4. Under Conversion Options, check Handles Inbound Refinery Conversion Jobs. Do not check Inbound Refinery Read Only Mode.

  5. Click Add.

  6. Restart Content Server.

  7. Go back to the Providers page, and check that the Connection State value is good for the provider.

    If the value is not good, double-check that you entered all the preceding entries correctly, and check that the Content Server and Inbound Refinery instances can ping each other.

11.2.3.3.2 Enabling PDFExportConverter in Inbound Refinery

PDFExportConverter uses OutsideIn to convert documents directly to PDF files. The conversion can be cross-platform and does not require any third-party product. You can enable PDFExportConverter for Inbound Refinery as a server feature.

To enable PDFExportConverter on Inbound Refinery:

  1. From the Inbound Refinery Administration menu, select Admin Server and then Component Manager.

  2. Select PDFExportConverter, and click Update.

  3. Click OK to enable this feature.

  4. Restart Inbound Refinery.

To set the PDF converter settings:

  1. Log in to Inbound Refinery again.

  2. Select Conversion Settings, then select Primary Web Rendition.

  3. Check Convert to PDF using PDF Export.

  4. Select Conversion Settings, then select Additional Renditions.

  5. Check Create Thumbnail Images using Outside In.

  6. Select Conversion Settings > Third Party Application Settings > General OutsideIn Filter Options > Options.

  7. Set the Path to fonts to the fonts on the Inbound Refinery system.

  8. Select Use internal graphics rendering under UNIX Rendering Options.

  9. Click Update.

For more information, see "Setting PDF Files as the Primary Web-Viewable Rendition" in Oracle Fusion Middleware Administrator's Guide for Conversion.

11.2.3.3.3 Selecting the File Formats To Be Converted

To tell Content Server which files to send to Inbound Refinery to be converted, you need to select the file formats.

To select the file formats to be converted:

  1. From the Content Server Administration menu, choose Refinery Administration and then File Formats Wizard.

    Note:

    Refinery Administration is not listed when there is no valid outgoing provider to an Inbound Refinery instance, or the InboundRefinerySupport component is not enabled.

    Content Server displays the File Formats Wizard page. This page configures which file formats will be sent to Inbound Refinery for conversion when they are checked into Content Server.

  2. Select the formats you want converted.

    Make sure you check all the file types you want sent to Inbound Refinery for conversion. Do not to check HTML, and also do not check wiki and blog unless you have enabled their conversion through the WebCenterConversions component as described in Section 11.2.3.3.4, "Enabling the Conversion of Wikis and Blogs into PDFs."

  3. Click Update.

11.2.3.3.4 Enabling the Conversion of Wikis and Blogs into PDFs

Optional

Before you can enable the conversion of wikis and blogs into PDFs in WebCenter Portal applications, you must first:

Enabling the conversion of wikis and blogs into PDFs requires you to first install the WebCenterConversions component, then configure OpenOffice, which converts HTMLs to PDFs, in the Inbound Refinery server and Content Server respectively. The WebCenterConversions component adds the HtmToPDFOpenOffice conversion option, which makes use of OpenOffice conversion in Inbound Refinery (and therefore requires OpenOffice to be configured for that Inbound Refinery).

Note that you must complete the steps below in sequence. If you enable Wiki and Blogs by selecting them in the file Formats Wizard without first installing and enabling the Inbound Refinery the Wiki and Blogs documents will be stuck in the Inbound Refinery conversion queues.

To install the WebCenterConversion component:

  1. Log in to the Inbound Refinery server.

  2. Click Administration and then select Admin Server.

    The Inbound Refinery Admin Server page displays.

  3. In the Component Manager, click the advanced component manager link.

    The Advanced Component Manager page displays.

  4. In the Install New Component section, select WebCenterConversions.zip from the companion CD, then click Install.

    The WebCenterConversion component displays in the Disabled Components box.

  5. Select WebCenterConversion and click Enable.

  6. Restart the Inbound Refinery server.

To enable the WebCenterConversion component:

  1. In the Inbound Refinery server, under Conversion Settings, click the Conversion Listing link.

    This displays the Conversion Listing page.

  2. In the Conversions table, select the Accept checkbox for HtmToPDFOpenOffice, and click Update.

The Wiki and Blog options will now appear in Content Server's File Formats Wizard in the associated Content Server instance.

To enable Wiki and Blogs to be converted to PDFs in Content Server:

  1. Log in to Content Server.

  2. Expand the Administration node, then Refinery Administration, and then click File Formats Wizard.

  3. Under Select File Types, select the Wiki and Blogs checkboxes and click Update.

11.2.3.4 Setting Up SSL for Content Server

If the Spaces or Framework application and the Content Server you intend to create a repository connection to are not on the same system or the same trusted private network, then identity propagation is not secure. To ensure secure identity propagation you must also configure SSL for Content Server. For a step-by-step description of how to set up SSL for Content server, see Section 33.7, "Securing the Spaces Connection to Content Server with SSL."

11.2.3.5 Enabling the iFraming UI in WebCenter Portal

Optional, but strongly recommended

WebCenter Portal applications (that is Spaces and Framework applications) use Content Server UI presented in an iFrame for certain functionality, such as Document Manager document rendition and advanced metadata editing. iFrame does not support cross-domain communications, so if the WebCenter Portal application and Content Server are not in the same domain (in terms of their web address) you must configure the Oracle HTTP Server (OHS), as described below, or iFraming functionality not be available.

Note:

Before enabling support for iFraming, you should already have installed and configured the Oracle HTTP Server (OHS) as described Section 31.2.5, "Installing and Configuring the Oracle HTTP Server."

To enable the iFraming UI in the WebCenter Portal application:

  1. Open the mod_wl_ohs.conf file and make sure it points to the right Content Server instance.

    The default location of this file is: OHS_HOME/Oracle_WT1/instances/instance1/config/OHS/ohs1/mod_wl_ohs.conf

  2. Update the connection property of the Content Server to:

    webContextRoot='/cs'

    Note that this setting should never be set if OHS is not set up or it is not working correctly.

  3. If there is more than one Content Server, reconfigure the second one to use a different context root.

  4. Configure OHS by updating the mod_wl_ohs.conf file with the Content Server and adfAuthentication protected URI information. For example:

    <Location /cs>
    SetHandler weblogic-handler
    WeblogicHost example.com
    WeblogicPort 9400
    </Location>
    
    <Location /adfAuthentication>
    SetHandler weblogic-handler
    WeblogicHost example.com
    WeblogicPort 9400
    </Location>
    

    For more information about configuring OHS through the the mod_wl_ohs.conf file, see Appendix B, "Oracle HTTP Server Configuration for WebCenter Portal."

  5. Open the Spaces or Framework application and check that the iFraming functionality is available.

    Note that since the WebCenter Portal application is now front-ended by OHS, when you access Spaces or the Framework application you need to do so through OHS. Consequently, you would access your application using the following:

    http://<host>:<OHSPort>/webcenter
    

    For example:

    http://example.com:7777/webcenter
    

11.2.3.6 Configuring the SES Crawler

Optional

Follow the steps in Section 22.6.2, "Setting Up Oracle WebCenter Portal: Content Server for Oracle SES Search" to configure the SES crawler.

11.2.3.7 Setting Up Site Studio

Optional, but recommended

Configuring Site Studio is optional, but without it you will not be able to create and use Site Studio-related assets in Content Presenter.

To enable Site Studio:

  1. Log in to Content Server and open the Admin Server Page.

    The Component Manager Page displays.

  2. Click All Features.

    All components from the Document Management, Folders, Inbound Refinery, Integration, and Web Content Management categories are displayed.

  3. Select the checkbox for each component you want to enable. The following components should be enabled:

    • LinkManager

    • SiteStudio

    • SiteStudioExternalApplications

    • DBSearchContainsOpSupport (not required for Oracle Text Search)

      Site Studio supports either Oracle Text Search or Full Text Search (Metadata search is not supported). If Oracle Text Search is configured, then DBSearchContainsOpSupport should not be enabled. However, if Full Text Search is configured, then DBSearchContainsOpSupport must be enabled for Site Studio Designer to work properly.

  4. Click Update.

  5. Restart the Content Server instance.

  6. Log back into Content Server and open the Administration page.

  7. Select Site Studio Administration, and then Set Default Project Document Information.

  8. Accept the defaults and click Update.

  9. Select Site Studio Administration, and then Set Default Web Asset Document Information.

  10. Accept the defaults and click Update.

  11. To use the Site Studio Designer, log into the Content Server console and navigate to my downloads, download Site Studio Designer and install it.

11.2.3.8 Enabling OracleTextSearch

Optional, but recommended

Although optional, for full-text search, Oracle recommends that you use the OracleTextSearch option. By default, the database used by Content Server is set up to provide metadata-only searching and indexing capabilities. However, you can modify the default configuration of the database to additionally support full-text searching and indexing.

Note that this option should only be used in conjunction with an Oracle database; the OracleTextSearch index must always be in an Oracle database, regardless of the database type used for the main schema. For more information, see the section "Configuring Oracle Text Search for Oracle Content Server" in Oracle WebCenter Content Installation Guide, and the section "Site Studio Integration" in Oracle WebCenter Application Administrator's Guide for Content Server.

11.2.3.9 Creating Content Profiles in Content Server

Optional

When iFraming is enabled in a WebCenter Portal application, users have the option to upload content using Content Server Profiles. For more information on Content Server Profiles, see "Using Profiles to Customize Content Screens" in the Oracle WebCenter Application Administrator's Guide for Content Server.

The fields described in the section "Content Check-In Form" (see the table) in the "User Interface" appendix in the Oracle WebCenter User's Guide for Content Server are mandatory for Content Server. All content profiles must include them, otherwise the check-in will fail. As indicated in the table, some fields can be added as hidden or information fields to the profile.

In addition to the mandatory fields needed to upload files to Content Server, for the upload profiles to work correctly in Document Library and Spaces, the Content Server profiles should also contain the following fields:

  • xCollectionID - for the folder name to be persisted

  • xIdcProfile - for the profile value to be persisted

  • dRevLabel - required by the CHECKIN_SEL_FORM API to enable a new version to be checked in

These fields can be added as hidden fields to the profile.

11.2.3.10 Configuring Item Level Security in WebCenter Portal Applications

Optional

The Documents service can use Item Level Security (ILS) to override the default Spaces document security model, or to expose Content Server document security in a Framework application. Using ILS allows Content Server folders (and their children) or individual documents to have unique security permissions.

This section includes the following sections:

11.2.3.10.1 What You Should Know About Item Level Security

Oracle WebCenter Portal allows custom permissions to be set on a file or a folder. This feature is referred to as Item level Security (ILS). Once configured, the feature can be accessed from the WebCenter Portal Administration Console by selecting File > Security when viewing a file or folder (see Section 36.6.1, "Managing Content").

Note:

In Spaces, using ILS as the primary security mechanism for a space may become difficult to administer when the number of users grow. Moreover, ILS may not be as efficient as the Spaces security model. Therefore, Oracle recommends using ILS only to define security for the documents or folders that do not fit within the Spaces security model. For example, documents and folders to which only a restricted set of users have access. For information about security, see the section "Managing Roles and Permissions for a Space" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

ILS can be used to replace the existing file or folder security with a custom set of permissions.

  • When applied to a file, the custom permissions affect only that file.

  • When applied to a folder, the updated security is propagated to all child files and folders recursively, stopping when a folder is encountered with its own custom permissions. The propagation does not affect a file with its own custom permissions, if already set.

Note:

ILS cannot be applied to the root folder of a space in the Spaces application. This is so that the space's security can be correctly restored on a file or folder when its item level security is removed.

Within the Content Server, ILS is implemented as a combination of ACL, account, and other metadata field settings. Content Server must be correctly configured to enable ILS. See, Section 11.2.3.10, "Configuring Item Level Security in WebCenter Portal Applications" and Section 11.2.3.12, "Configuring Security Between Content Server and WebCenter Portal: Framework Applications."

What Happens in Content Server on Setting Custom Permissions 

The following occurs in Content Server on setting custom permissions for a file or folder from the Item Level Security dialog:

  • The account is changed to account WCILS/original_account.

    All AUTHENTICATED users are by default granted RWDA on account WCILS, and all PUBLIC users are granted R on the account WCILS. Changing the account to WCILS/original_account ensures that only the custom permissions determine the security on the content.

  • The ACL content metadata fields, xClbraUserList and xClbraRoleList are updated with the custom permissions. (xClbraUserList contains the permissions a user has on a document or folder, and xClbraRoleList contains the permissions a group has on the document or folder.)

  • The content metadata field, xInhibitUpdate is set to true, to prevent ILS from overwriting an item's own custom security with a parent folder's custom permissions.

What Happens in Content Server on Removing Custom Permissions 

Removing custom permissions from a folder or file attempts to revert the security on that item to the security set on the item's parent folder. When you remove custom permissions, the following changes take place within Content Server:

  • The item's account is changed to be the account of its parent folder.

  • The item's ACL content metadata fields, xClbraUserList and xClbraRoleList are cleared.

  • The content metadata field, xInhibitUpdate is set to false.

These changes are propagated in the same way as when the item level security is set.

Prerequisites for Using Item Level Security in WebCenter Portal: Framework Applications 

For a WebCenter Portal application, the Item Level Security (ILS) feature is supported only if the application's Content Server security configuration meets certain prerequisities. In most scenarios ILS is not required, and therefore, it should not be enabled unless explicitly needed. Typical reasons for using ILS are application situations when the Content Server security models need to be overridden or supplemented to handle exception cases to security policies for individual users or groups of users, on a per document basis. Please be aware that there are performance impacts and additional administrative overhead when using ILS.

Note:

Oracle recommends using Content Server security because it is efficient and scales easily for a large number of users and content objects compared with item level security. From an administrative perspective, Content Server's security is also easier to maintain. For information about configuring security, see Section 11.2.3.12, "Configuring Security Between Content Server and WebCenter Portal: Framework Applications."

The following are the Content Server security ILS prerequisites for a WebCenter Portal application:

  • Security is based on Content Server Accounts alone.

    Since all content must also have a security group, this means all application users must have RWD permissions granted to the application's security group. This is necessary because of how ILS works, that is, on setting the custom permissions, the account automatically changes to WCILS/original_account, which is an account all users have RWDA granted to. This is so that the custom permissions alone determine the security on the document or folder.

  • The content metadata field, xForceFolderSecurity is set to true for the entire application content. That is, Folder security settings are enforced on child folders and documents. This is necessary to support the propagation of custom permissions.

11.2.3.10.2 Configuring Item Level Security

To configure Item Level Security (ILS):

  1. Log on to your Content Server instance.

  2. From the Administration menu, choose Admin Server to open Component Manager.

  3. In the Component Manager section, click the Advanced Component Manager link.

  4. In the Advanced Component Manager page, scroll down to the Disabled Components list, select RoleEntityACL, as shown in Figure 11-2, and then click Enable.

    Figure 11-2 Advanced Component Manager - RoleEntityACL Component

    Description of Figure 11-2 follows
    Description of "Figure 11-2 Advanced Component Manager - RoleEntityACL Component"

  5. From the Options pane on left, select General Configuration.

  6. Under the General Configuration page, in the Additional Configuration Variables box, add the following parameters:

    UseEntitySecurity=1
    SpecialAuthGroups=PersonalSpaces,securityGroup 
    

    where:

    SpecialAuthGroups is a comma separated list (no spaces allowed between values) of security groups. The ILS option is enabled only on content in these security groups.

    • For WebCenter Portal applications, the securityGroup is the name of the security group in which content is created.

    • For Spaces, the name of the security group that contains the Spaces data is the same as the Document Spaces properties application name. You can find the application name using either Fusion Middleware Control or WLST.

      In Fusion Middleware Control, the application name is displayed as part of the Content Server default connection in the Spaces connections.

      In WLST, the application name is shown using the listDocumentsSpacesProperties command. For example:

      listDocumentsSpacesProperties('webcenter')
      
      The Documents Spaces container is "/myspacesroot"
      The Documents repository administrator is "weblogic"
      The Documents application name is "myspacesapp" <- applicationName
      The Documents primary connection is "myucm"
      
  7. Restart Content Server.

11.2.3.10.3 Configuring Additional Settings for WebCenter Portal: Framework Applications

For a Framework application, in addition to the steps described in Section 11.2.3.10.2, "Configuring Item Level Security", ensure that all users by default are granted RWDA on the WCILS account. To do this, use the SET_DEFAULT_ATTRIBUTES service. For information about the SET_DEFAULT_ATTRIBUTES service, see the section "SET_DEFAULT_ATTRIBUTES" in Oracle WebCenter Content Services Reference Guide.

To run the SET_DEFAULT_ATTRIBUTES service through a browser:

  1. From a browser, log into Content Server as an administrative user.

  2. View the source for the page, and find the value of the idcToken by searching for a line containing var idcToken = (for example, var idcToken = 1316188662243:6FE5F809A3B122277B7A1D19912FBB5).

  3. While in the same browser window, enter the URL in the format:

    http://host:port/cs/idcplg?IdcService=SET_DEFAULT_ATTRIBUTES&dECPropSubKey=<Security Group>&dDefAttribs=account,WCILS,15&idcToken=<idcToken>&IsSoap=1
    

    For example:

    http://myhost.com:4444/cs/idcplg?IdcService=SET_DEFAULT_ATTRIBUTES&dECPropSubKey=Custom&dDefAttribs=account,WCILS,15&idcToken=1291297336399:6E324367FC9D2F8BE525F4CEBF4463FC&IsSoap=1
    

11.2.3.11 Additional Optional Configurations

This section describes additional optional configurations that are not required for Content Server to function correctly, but nonetheless offer value and comprise best practices for a Content Server enterprise installation.

This section includes the following subsections:

11.2.3.11.1 Configuring the File Store Provider

A file store for data management is used in the Content Server system instead of the traditional file system for storing and organizing content. The File Store Provider component is installed, enabled, and upgraded by default for a new Content Server instance (with no documents in it). The File Store Provider component automatically upgrades the default file store (DefaultFileStore) to make use of functionality exposed by the component, including modifying the web, vault, and web URL path expressions.

The File Store Provider component exposes the file store functionality in the Content Server interface and allows additional configuration options. For example, you can configure the Content Server instance to use binary large object (BLOB) data types to store content in a database, instead of using a file system.

With File Store Provider, checked-in content and associated metadata are examined and assigned a storage rule based on criteria established by a system administrator. Criteria can include metadata, profiles, or other considerations. The storage rule determines how vault and web files are stored by the Content Server system and how they are accessed by a web server.

The File Store Provider component enables you to define data-driven rules to store and access content managed by the Content Server system. The configuration steps below create a storage rule that ensures content is stored in the database rather than on the file system.

To create a storage rule:

  1. Log in to the Content Server instance as system administrator.

  2. Select Administration, then Providers.

    The Providers Page displays.

  3. Click Info in the Action column next to the DefaultFileStore provider.

    The File Store Provider Information Page displays.

  4. Specify a name for the rule (for example, DBStorage) and select JDBC Storage.

  5. Click OK.

    The Edit File Store Provider Page displays.

  6. Click Update.

  7. Restart the Content Server instance.

11.2.3.11.2 Setting Up Node Manager

As an additional step to configuring and managing Content Server and the other servers in the domain in which it resides, you may want to consider using Oracle WebLogic Server Node Manager. Node Manager lets you start and stop WebLogic Server instances remotely, monitor them, and automatically restart them after an unexpected failure. You can configure Content Server, the Administration Server, and Node Manager to work together in a WebLogic Server domain. Node Manager is installed on all the machines that host any server instance. For more information about using Node Manager, see “Using Node Manager with Oracle WebCenter Content” in the Oracle WebCenter Content Installation Guide.

11.2.3.12 Configuring Security Between Content Server and WebCenter Portal: Framework Applications

Mandatory for Framework applications

To configure Content Server to work with a Framework application, you must first set up content security and users in a development environment and then migrate them to a production environment. For detailed information about security, see also the chapter "Managing Security and User Access" in Oracle WebCenter Content System Administrator's Guide for Content Server.

This section describes the following mandatory steps:

The procedures described in this section apply to the Documents service (including wikis and blogs) and Content Presenter.

11.2.3.12.1 Creating a Security Group Using the Content Server Console

To create a security group:

  1. Log into the Content Server Console as an administrator.

  2. From the Administration menu, choose Admin Applets.

  3. On the Administration Applet page, click User Admin to display the User Admin dialog.

  4. From the Security menu, choose Permissions by Group.

  5. In the Permission By Group dialog, click Add Group.

  6. In the Add New Group dialog, enter a group name, for example, WikiBlog.

  7. Click OK.

The security group, which you will use when you create a folder in Section 11.2.3.12.4, "Creating a Folder Using the Content Server Console," is created.

11.2.3.12.2 Creating Roles Using the Content Server Console

This section describes how to set up two roles in Content Server that mimic those you'll set up in the Framework application: one granting only read permission to the security group, and another granting all permissions to the security group.

To create roles:

  1. Log into the Content Server Console as an administrator.

  2. From the Administration menu, choose Admin Applets.

  3. On the Administration Applet page, click User Admin to display the User Admin dialog.

  4. Create a new role with full access:

    1. From the Security menu, choose Permissions by Role.

    2. In the Permission By Group dialog, click Add New Role.

    3. In the Add New Role dialog, enter a name, for example, WikiBlog.

    4. Click OK. This displays the Permission By Role dialog.

    5. In the Groups/Rights column, select the security group that you created earlier (for example, WikiBlog), as described in Section 11.2.3.12.1, "Creating a Security Group Using the Content Server Console."

    6. Click Edit Permissions.

    7. In the Edit Permissions dialog, select all checkboxes: Read, Write, Delete, and Admin, and click OK.

      RWDA access is enabled, as shown in Figure 11-3.

      Figure 11-3 RWDA Permissions

      Description of Figure 11-3 follows
      Description of "Figure 11-3 RWDA Permissions"

  5. Create another role (for example WikiBlogRO) with only Read access following steps 4a to 4f and selecting the Read checkbox in the Edit Permissions dialog in step 4g.

11.2.3.12.3 Creating Roles (Groups) Using Fusion Middleware Control

This section steps you through creating two roles in the Framwork application: one role with read access, and another with full access (read, write, delete, administer) .

To create roles (groups):

  1. Log into Fusion Middleware Control as an administrator.

  2. Under Domain Structure, click Security Realms.

  3. In the table under the Summary of Security Realms section, click myrealm, for example.

    IMPORTANT: myrealm uses the embedded LDAP that ships with Oracle WebCenter Portal. If your installation uses a different LDAP, you must select that instead of the embedded LDAP.

  4. Select the Users and Groups tab and then the Groups subtab.

  5. Under the Groups section, click New to display the Create a New Group section.

  6. In the Name field, enter the name of the role to which you granted full access in Content Server (for example, WikiBlog), as described in Section 11.2.3.12.2, "Creating Roles Using the Content Server Console", and click OK.

  7. Create a role or group with the read permission (for example, WikiBlogRO) by performing steps 5 and 6. The name of this role must match that you specified in Content Server, as described in Section 11.2.3.12.2, "Creating Roles Using the Content Server Console."

11.2.3.12.4 Creating a Folder Using the Content Server Console

To create a folder:

  1. Log into the Content Server Console as an administrator.

  2. From the Browse Content menu, choose Contribution Folders to display the root directory in which you will create a folder.

  3. On the Contribution Folders page, from the New Item menu, choose New Folder to display the Hierarchy Folder Configuration page.

  4. In the Virtual Folder Name field, enter a meaningful name (for example WikiBlog).

  5. Under the Folder Information section, in the Title field, enter a meaningful title (for example, WikiBlog).

  6. From the Security Group dropdown, select the security group that you created as described in Section 11.2.3.12.1, "Creating a Security Group Using the Content Server Console."

    All items in this folder will inherit the security from this security group.

  7. Click Save.

11.2.3.12.5 Creating Users Using Fusion Middleware Control

This section steps you through creating two users: a user for the read role, and a role for the full access (read, write, delete, administer) role.

To create users:

  1. Log into Fusion Middleware Control as an administrator.

  2. Under Domain Structure, click Security Realms.

  3. In the table under the Summary of Security Realms section, click myrealm, the built-in realm that works with the integrated LDAP.

  4. Select the Users and Groups tab and then the Users subtab.

  5. Under the Users section, click New to display the Create a New User section.

  6. In the Name field, specify a name, for example Joe.

  7. In the Password field, specify a password.

  8. In the Confirm Password field, enter the password again, and then click OK.

  9. Create another user by performing steps 4 to 8.

11.2.3.12.6 Granting a Role to a User Using Fusion Middleware Control

This section steps you through granting the roles you created in Section 11.2.3.12.3, "Creating Roles (Groups) Using Fusion Middleware Control" to the users you created in Section 11.2.3.12.5, "Creating Users Using Fusion Middleware Control".

To grant a role to a user:

  1. Log into Fusion Middleware Control as an administrator.

  2. Under Domain Structure, click Security Realms.

  3. In the table under the Summary of Security Realms section, click myrealm, the built-in realm that works with the integrated LDAP.

  4. Select the Users and Groups tab and then the Users subtab.

  5. In the table under the Users section, click the name of the user you created in Section 11.2.3.12.5, "Creating Users Using Fusion Middleware Control", to display the settings section.

  6. Select the Groups tab.

  7. Under Parent Groups, in the Available column, select the role with the read permission (for example, WikiBlogRO) that you created in Section 11.2.3.12.3, "Creating Roles (Groups) Using Fusion Middleware Control".

  8. Move this role to the Chosen column and click Save.

  9. Repeat steps 5 to 8 and grant the role with the full access permission to another user you created.

11.2.3.12.7 Migrating Security to a Production Environment

For information about migrating security from a development environment to a production environment, see Section 28.2.5, "Post-deployment Security Configuration Tasks."

11.2.3.12.8 Checking Your Security Group and Roles Configuration

After completing your configuration, follow the steps below to check that the security group and roles have been created correctly, and that a root folder has been created.

To verify that the security group and roles have been created:

  1. Log in to the Content Server Console as an administrator.

  2. From the Administration menu, choose Admin Applets.

  3. On the Administration Applet page, click User Admin to display the User Admin dialog.

  4. From the Security menu, choose Permissions by Group.

  5. In the Permission By Group dialog, make sure that the security group is listed in the Groups list. The name of the security group ID should be the same as the Application Name in the Spaces document properties.

  6. Select the security group in the groups list.

  7. Check that the Roles list contains the two roles: <applicationName>User and <applicationName>AuthenUser with R and RWD permissions for the group space respectively.

To verify that the root folder has been created:

  1. Log in to the Content Server Console as an administrator.

  2. From the Browse Content menu, check that the root folder is listed and select it.

  3. Verify that the child folder spacetemplate is listed

  4. Click Info to display the Hierarchical Folder Information screen.

  5. Verify that the Security Group is correct.

11.2.3.13 Registering the Content Server Connection

Mandatory for Framework applications/Optional, but strongly recommended for Spaces

For Framework applications, before you can use the configured Content Server, you must configure the connection between the application and Content Server. For Spaces, although the connection should be configured for you when the application first starts up, you should at least test the connection and check that the expected data has been properly seeded.

This section includes the following subsections:

11.2.3.13.1 Configuring the Content Server Connection for Framework Applications

After installing and configuring Content Server, continue by configuring the connection between the Framework application and Content Server. For more information about configuring the connection, see Section 11.6.2, "Registering Content Repositories Using Fusion Middleware Control" or Section 11.6.3, "Registering Content Repositories Using WLST."

11.2.3.13.2 Configuring the Content Server Connection for Spaces

Although the connection between Spaces and Content Server should have automatically been configured when the application first starts up, you should at least test the connection and check that it has been appropriately configured for your environment. For high availability environments, or for single sign-on environments, you may have to modify the Spaces host and port settings.

After installing and configuring Content Server, and restarting Spaces, check that your Spaces connection to Content Server is properly configured as described in Section 11.11.1, "Testing Content Server Connections." If your connection was not properly configured, then configure it as shown in Section 11.10, "Setting Connection Properties for the Spaces Content Repository." Note that Content Server should always be up and running before a Spaces instance is restarted.

Some WebCenter Portal components, such as the Documents service, rely on the data seeded in Content Server when Spaces first starts up. Before configuring other components with Spaces, check that the expected data has been properly seeded as described in Section 11.2.3.13.3, "Checking the Spaces Data Seeded in Content Server." Note also that

11.2.3.13.3 Checking the Spaces Data Seeded in Content Server

When Spaces first starts up, a set of default data is seeded in Content Server. The data seeded in Content Server for a Spaces instance is based on the Document Spaces properties for the active Content Repository Connection. For example:

Root folder = /WebCenter1
Application Name= WC1

If the data is not correct, or has only been partially seeded, check the Spaces log and your Content Server configuration, make the necessary corrections to the Document Spaces properties, and then restart the Spaces instance to reseed them. Note that Content Server should always be up and running before a Spaces instance is restarted. For information about setting the default content repository, and setting additional Document Spaces properties required for a Spaces content repository, see Section 11.8, "Modifying Content Repository Connection Details."

Table 11-3 illustrates the Group Spaces data that is seeded (Seeded Data), the naming for the data seeded (Naming) and how to check that the data is created in Content Server (Verify).

Table 11-3 Group Spaces Seeded Data

Seeded Data Naming Verify

Security Group

One security group is seeded:

ApplicationName

For example: WC1

In Content Server, go to Administration > Admin Applets > User Admin > Security> Permission by Group

Roles

Two roles are seeded:

  • ApplicationName
    User (with R permission on the security group)

  • ApplicationName
    AuthenUser (with RWD permission on the security group)

For example: WC1User and WC1AuthenUser

In Content Server, go to Administration > Admin Applets > User Admin > Security > Permission by Role

Root Folder name

RootFolder
(with Security Group =<ApplicationName>)

For example: /WebCenter1

Browse content (folder will be listed as a top-level folder)

Default Attributes - Public users

All public users have:

  • Read on the account prefix PUBLIC

  • Read on the account prefix WCILS

  • The ApplicationNameUser role

Query the ExtendedConfigProperties table, or after logging into Content Server, click on the username to view the user's profile page listing their roles and accounts, including the account PUBLIC and WCILS and the role <ApplicationName>User

Default Attributes - Authenticated users

All Authenticated users have:

  • Read permission on the account prefix AUTHEN

  • Read, Write, Delete,Admin permission on the account prefix WCILS

  • The ApplicationNameAuthenUser role

Query the ExtendedConfigProperties table, or after logging into Content Server, click on the username to view the user's profile page listing their roles and accounts, including the account AUTHEN and WCILS and the role ApplicationNameAuthenUser

Workflows

Three workflows are seeded:

  • ApplicationNameAllApprover

  • ApplicationNameAllReviewer

  • ApplicationNameSingleApprover

For example, WC1AllApprover, WC1AllReviewer, and WC1SingleApprover

In Content Server, go to Administration > User Admin > Workflow Admin > Criteria tab


Personal Space data is seeded only once in a Content Server, regardless of how many Spaces instances are using the same Content Server. Therefore, if you have multiple Spaces instances using the same Content Server, they will all share the same Personal Spaces data.

Table 11-4 illustrates the Personal Space data that is seeded (Seeded Data), the naming for the data seeded (Naming) and how to check that the data is created in Content Server (Verify).

Table 11-4 Personal Space Seeded Data

Seeded Data Naming Verify

Security Group

One security group is seeded:

PersonalSpaces

In Content Server, go to Administration > Admin Applets > User Admin > Security > Permission by Group

Roles

Two roles are seeded:

  • PersonalSpacesRole (with R permission on the security group PersonalSpaces)

  • PersonalSpacesAuthenRole
    (with RWD on the security group PersonalSpaces)

In Content Server, go to Administration > Admin Applets > User Admin > Security > Permission by Role

Root Folder name

PersonalSpaces
(with Security Group=PersonalSpaces)

Browse content (folder will be listed as a top-level folder)

Default Attributes - Public users

All public users have:

  • Read on the Root Folder's account

  • The PersonalSpaces role

Query the ExtendedConfigProperties table, or after logging into Content Server, click on the username to view the user's profile page listing their roles and accounts, including the account PEWebCenter/PU and the role PersonalSpacesRole

Default Attributes - Authenticated users

All Authenticated users have:

  • The PersonalSpacesAuthenRole role

Query the ExtendedConfigProperties table, or after logging into Content Server, click on the username to view the user's profile page listing their roles and accounts, including the role PersonalSpacesAuthenRole


11.3 Configuring Microsoft SharePoint Repositories

If you want to access a Microsoft SharePoint content repository from a WebCenter Portal application, you must install the Oracle WebCenter adapter for Microsoft SharePoint.The Oracle WebCenter adapter for Microsoft SharePoint supports the following features:

  • Reading content and metadata from the Microsoft SharePoint repository

  • Writing files and folders to the SharePoint document libraries

  • Running queries on the Microsoft SharePoint system

  • Enabling SharePoint security settings for the accessed content by leveraging native Microsoft SharePoint authentication and authorization

All features are implemented using native Microsoft SharePoint web services as the interface to Microsoft SharePoint content and services.

This section discusses prerequisites for connecting WebCenter Portal applications to Microsoft SharePoint:

Note:

To enable Microsoft SharePoint connections in Spaces, read the whitepaper "Integrating the SharePoint 2007 Adapter with WebCenter Spaces" available from Oracle Technology Network at http://www.oracle.com/technetwork/middleware/webcenter/overview/index.html.

11.3.1 Microsoft SharePoint - Installation

This section includes the following:

11.3.1.1 What You Should Know About Microsoft SharePoint Server Installation

Oracle WebCenter Portal supports the following Microsoft SharePoint versions:

  • Microsoft Office SharePoint Server (MOSS) 2007 SP2

  • Microsoft Windows SharePoint Services (WSS) version 3 SP2

Note:

A Microsoft SharePoint site configured for anonymous access is not supported by the adapter.

Refer to the appropriate Microsoft SharePoint documentation for installation information.

Oracle WebCenter Portal supports the following Microsoft SharePoint 2007 Document Library version settings:

  • Require Check Out: No

  • Content Approval: No

  • Document Version History: No versioning

If any other version settings are configured, Oracle WebCenter adapter for Microsoft SharePoint does not function correctly. For example, if Require CheckOut is set to yes, upload operations fail. Similarly, if document version history or content approval is enabled, new versions or documents have restricted visibility.

11.3.1.2 Installing Oracle WebCenter Adapter for Microsoft SharePoint

The files for Oracle WebCenter adapter for Microsoft SharePoint are located in the Oracle WebCenter Companion DVD in the ofm_wc_generic_jcr_sharepoint_adapter_11.1.1.4.0.zip file. When you extract this ZIP file to a temporary location, you will find the adapter files in the TEMP_LOCATION/WebCenter/services/content/adapters directory.

Before You Begin:

WebCenter adapter for Microsoft SharePoint must be installed in the same managed server as your WebCenter Portal application. If you have not done so already, create a managed server suitable for WebCenter Portal application deployments as described in Section 7.1.4, "Creating a Managed Server" and Section 7.1.5, "Creating and Registering the Metadata Service Repository."

To install WebCenter adapter for Microsoft SharePoint for a WebCenter Portal application:

  1. Log in to the WLS Administration Console.

    For information on logging into the WLS Administration Console, see Section 1.13.2, "Oracle WebLogic Server Administration Console."

  2. Navigate to the WLS Administration Console's Home page.

  3. From the Domain Structure pane, click Deployments.

  4. In the Summary of Deployments section, under Control, click Install.

  5. In Install Application Assistant, in Note, click the upload your file(s) link in the body of the text.

  6. Click Browse next to Deployment Archive, select the oracle.webcenter.content.jcr.sharepoint.ear file from the TEMP_LOCATION/WebCenter/services/content/adapters directory. This is the temporary directory in which you extracted the contents of the ofm_wc_generic_jcr_sharepoint_adapter_11.1.1.4.0.zip file from the Oracle WebCenter Companion DVD. Click Next.

  7. After you see the message that the EAR file has been uploaded successfully, as shown in Figure 11-4, click Next.

    Figure 11-4 Install Application Assistant

    Description of Figure 11-4 follows
    Description of "Figure 11-4 Install Application Assistant"

  8. Select Install this deployment as a library, if not already selected, and click Next.

  9. In Select deployment targets, select the managed server on which the WebCenter Portal: Framework application will be deployed. This must be a custom managed server (based on the Custom Portal template), not one of WebCenter Portal's out-of-the-box managed servers. For details, see the section "Using Templates to Create Custom Managed Servers" in Oracle Fusion Middleware Installation Guide for Oracle WebCenter Portal.

  10. Click Next.

  11. In Optional Settings, accept the defaults and click Finish.

11.3.1.3 Installing WLST Command Scripts for Managing Microsoft SharePoint Connections

  1. Extract the files DocLibSharePointWLST.py and DocLibGenericWLST.py from the ofm_wc_generic_jcr_sharepoint_adapter_11.1.1.4.0.zip file located in the Oracle WebCenter Companion DVD. These files are in the /WebCenter/services/content/adapters directory.

  2. Copy the extracted DocLibSharePointWLST.py and DocLibGenericWLST.py files and paste them in the ORACLE_HOME/common/wlst directory.

  3. To run WLST commands, see Section 1.13.3.1, "Running Oracle WebLogic Scripting Tool (WLST) Commands."

For information about managing connections using WLST, see Section 11.3.5, "Managing Microsoft SharePoint Connections Using WLST."

11.3.2 Microsoft SharePoint - Configuration

You must perform the following tasks to enable Microsoft SharePoint connections in WebCenter Portal applications:

  1. Install Oracle WebCenter adapter for Microsoft SharePoint in the same managed server where you plan to deploy your WebCenter Portal application.

  2. In JDeveloper, configure a connection to your Microsoft SharePoint repository. This must be an application connection created in Application Resources in the Application Navigator.

  3. (Optional) In JDeveloper, include a Documents task flow that uses the Microsoft SharePoint repository connection.

  4. Deploy your WebCenter Portal application.

    After deployment, you can access the Microsoft SharePoint repository that you configured in JDeveloper from your WebCenter Portal application.

  5. (Optional) Reconfigure Microsoft SharePoint connection details postdeployment, if required.

    1. Install WLST command scripts for managing Microsoft SharePoint connections postdeployment.

    2. Modify the existing connection details (setJCRSharePointConnection) or create a new Microsoft SharePoint repository connection (createJCRSharePointConnection).

    Note:

    To enable Microsoft SharePoint connections in Spaces, read the whitepaper "Integrating the SharePoint 2007 Adapter with WebCenter Spaces" available from Oracle Technology Network at http://www.oracle.com/technetwork/middleware/webcenter/overview/index.html.

11.3.3 Microsoft SharePoint - Security Considerations

Authentication through identity propagation is not supported on Microsoft SharePoint connections. However, you can use an external application to authenticate users against the Microsoft SharePoint repository. Use the WLST argument extAppId to specify the external application to use. For details, see Section 11.3.5.1, "createJCRSharePointConnection." Note that if the extAppId refers to an external application connection for which neither public nor shared credentials are defined, then Documents task flows will prompt for credentials. This allows per-user mapping of credentials as an alternative to identity propagation.

11.3.4 Microsoft SharePoint - Limitations in WebCenter Portal

The Spaces application does not support Microsoft SharePoint as the primary document store, and therefore, you must use Oracle WebCenter Content instead.

11.3.5 Managing Microsoft SharePoint Connections Using WLST

Use the commands listed in Table 11-5 to manage connections to SharePoint content repositories, postdeployment.

Configuration changes made using these WebCenter Portal WLST commands are only effective after you restart the Managed Server on which the WebCenter Portal application is deployed. For details, see Section 8.2, "Starting and Stopping Managed Servers for WebCenter Portal Application Deployments."

Table 11-5 SharePoint Content Repository WLST Commands

Use this command... To... Use with WLST...

createJCRSharePointConnection

Create a Microsoft SharePoint 2007 repository connection.

Online

setJCRSharePointConnection

Edit a Microsoft SharePoint 2007 repository connection.

Online

listJCRSharePointConnections

List all Microsoft SharePoint 2007 connections that are configured for a WebCenter Portal application.

Online


For information about how to install WLST scripts for Microsoft SharePoint, see Section 11.3.1.3, "Installing WLST Command Scripts for Managing Microsoft SharePoint Connections."

11.3.5.1 createJCRSharePointConnection

The createJCRSharePointConnection WLST command creates a connection to a Microsoft SharePoint 2007 repository. For syntax and other information about this WLST command, see "createJCRSharePointConnection" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

Note:

For WebCenter Portal applications, the createJCRSharePointConnection command works only if the application was developed to support Microsoft SharePoint connections in the first place. If the original WebCenter Portal application deployment does not include a Microsoft SharePoint connection, then the application will not contain the code necessary to support any new Microsoft SharePoint connections that you may want to create using this command. See also, Section 11.3.2, "Microsoft SharePoint - Configuration."

11.3.5.2 setJCRSharePointConnection

This WLST command edits an existing Microsoft SharePoint 2007 repository connection. For syntax and other information about this WLST command, see "setJCRSharePointConnection" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

11.3.5.3 listJCRSharePointConnections

This WLST command lists all of the SharePoint connections that are configured for a named WebCenter Portal application. For syntax and other information about this WLST command, see "listJCRSharePointConnection" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

11.4 Configuring Oracle Portal Repositories

This section discusses the prerequisites for an Oracle Portal content repository in the following subsections:

11.4.1 Oracle Portal - Installation

For information on installing Oracle Portal, see Oracle Fusion Middleware Installation Guide for Oracle Portal, Forms, Reports and Discoverer.

11.4.2 Oracle Portal - Configuration

Oracle Portal must be up-to-date with all the latest patches. For additional information about patches, see the product release notes. See also Oracle Fusion Middleware Administrator's Guide for Oracle Portal.

11.4.3 Oracle Portal - Security Considerations

None.

11.4.4 Oracle Portal - Limitations in WebCenter Portal

Oracle Portal integration with Oracle WebCenter Portal is read-only. It is not possible to create content in the portal from Oracle WebCenter Portal.

You can expose Oracle Portal pages in WebCenter Portal applications through the Federated Portal Adapter by publishing them as portlets in Oracle Portal. The following are not returned by the Federated Portal Adapter, and thus are not visible in Oracle WebCenter Portal:

  • Seeded page groups:

    • Oracle Portal repository.

    • Oracle Portal design-time pages.

  • Pages of the following types:

    • Mobile.

    • URL.

    • Navigation pages.

  • Items of the following types:

    • Navigation items.

    • PLSQL items.

    • Portlet.

    • Portlet instance.

    • URL items.

    • Mobile items.

    • Page links.

    • Item links.

  • Items defined as:

    • Expired.

    • Hidden.

11.5 Configuring a File System Repository

This section discusses the prerequisites for a file system content repository in the following subsections:

Caution:

File system connections must not be used in production or enterprise application deployments. This feature is provided for development purposes only. Connections created through the file system adapter can be used during the development of WebCenter Portal applications using Oracle JDeveloper.

WebCenter Portal: Spaces applications do not support file system connections.

11.5.1 File System - Security Considerations

All operations are executed as the system user under which the JVM is running and therefore inherit its permissions.

11.5.2 File System - Limitations in WebCenter Portal

File system connections must not be used in production or enterprise application deployments, and search capabilities are limited and slow due to the absence of an index. This feature is provided for development purposes only.

11.6 Registering Content Repositories

This section contains the following subsections:

11.6.1 What You Should Know About Registering Content Repositories for Spaces

Consider the following when registering Content Server repositories for WebCenter Portal: Spaces:

  • At start up, Spaces creates seed data (if it does not already exist) in the primary/active/default repository for Spaces.

  • For Spaces, a Content Server repository connection must always be provided as a primary connection, even if another repository such as Microsoft SharePoint is made available.

  • A user name with administrative rights for the Content Server instance is required (Content Administrator). This user will be used to create and maintain folders for Spaces content, security groups and roles, and manage content access rights. The default content administrator is sysadmin.

    Administrative privileges are required for this connection so that operations can be performed on behalf of Spaces users.

  • Root Folder and Application Name values:

    • For the active connection in Spaces, the Root Folder and Application Name values are used to create the seed data in the Spaces repository to enable storage of space-related data.

      WARNING:

      You should never change the Root Folder or Application Name values separately; you should always change both. That is, if you change the Root Folder value after configuring and running Spaces, then you must also change the Application Name value, and vice versa. That is, you must change both values (Root Folder and Application Name) to unique values if the Spaces application already contains the seed data.

      When you change these values, the existing seed data is not renamed in the Content Server repository. Instead, new seed data is created using the new values, when you start the application. Once the application is started, new Spaces data is created under the new Root Folder and existing data under the old Root Folder is no longer available. This means that the Documents service will now be disabled in Spaces where the Documents service was previously enabled, prior to changing the Root Folder.

      Note:

      Although the Root Folder and Application Name values change, the old root content repository folder still appears in search results, like any other root folder in Content Server.

    • The Root Folder value is used as the name for the root folder within the content repository under which all Spaces content is stored. For the Root Folder value, you must specify a content repository folder that does not yet exist. Use the format: /foldername. For example: /MyWebCenterSpaces. The Root Folder cannot be /, the root itself, and it must be unique across different WebCenter Portal applications. The folder specified is created for you when the WebCenter Portal application starts up. Invalid entries include: /, /foldername/, /foldername/subfolder.

    • The Application Name, which identifies the Spaces application within this content repository, must have a unique value (for example: MyWCS). The name must be 14 characters or less, begin with an alphabetical character, followed by any combination of alphanumeric characters or the underscore character. The name specified here is also used to name document-related workflows, as follows: <applicationName><WorkflowName> and <applicationName><WorkflowStepName>. When naming workflows, only the first 14 characters of the Application Name are used.

      The Application Name value is used for the following:

      • To separate data when multiple Spaces applications share the same content repository and should be unique across applications.

      • As the prefix to the seeded workflow and workflow steps.

      • As the name of the security group in which all data created in that Spaces application is stored.

      • As the prefix for the role (the name format is applicationNameUser and applicationNameAuthenUser).

      • To stripe users permissions on accounts for the particular Spaces application.

      • To stripe default attributes for the particular Spaces application.

      For information about security groups and roles, see Managing Security and User Access for Content Server. For information about folders, see Folders and WebDav Administration Guide. These guides are available at http://download.oracle.com/docs/cd/E10316_01/owc.htm.

11.6.2 Registering Content Repositories Using Fusion Middleware Control

Follow the steps below to register a Content Server, Oracle Portal, or file system content repository using Fusion Middleware Control. Note that to register a SharePoint repository you must use WLST as described in Section 11.6.3, "Registering Content Repositories Using WLST." For information on how to register a Content Server repository using WLST, see Section 11.10.2, "Setting Connection Properties for the Spaces Content Repository Using WLST."

To register a Content Server, Oracle Portal, or file system content repository:

  1. Log in to Fusion Middleware Control and navigate to the home page for the Spaces or Framework application:

  2. Do one of the following:

    • For WebCenter Portal: Spaces - From the WebCenter Portal menu, choose Settings > Service Configuration.

    • For WebCenter Portal: Framework applications - From the Application Deployment menu, choose WebCenter Portal > Service Configuration.

  3. From the list of services on the WebCenter Service Configuration page, select Content Repository.

  4. To connect to a new content repository, click Add (Figure 11-5).

    Figure 11-5 Configuring Content Repository Connections

    Configuring a Content Repository
  5. Enter a unique name for this connection, specify the content repository type, and indicate whether this connection is the active (or default) connection for the application. See Table 11-6.

    Table 11-6 Manage Content Repository Connections

    Field Description

    Connection Name

    Enter a unique name for this content repository connection. The name must be unique (across all connection types) within the WebCenter Portal application.

    Repository Type

    Choose the type of repository you want to connect to. Select one of the following:

    (Spaces) If you are setting up the back-end content repository for Spaces, that is, the repository used by Spaces to store space-related documents, you must select Content Server.

    Active Connection

    Select to make this the default or primary content repository for your WebCenter Portal application.

    You can connect your WebCenter Portal application to multiple content repositories; all connections are used. One connection must be designated the default (or active) connection. Do one of the following:

    • For the Spaces application:

      Select to make this the active connection, that is, the back-end repository that Spaces uses to store space-related documents. The active connection must be to an Content Server.

      If this is the active connection for Spaces, some additional configuration is required -- see Section 11.6.1, "What You Should Know About Registering Content Repositories for Spaces."

    • For Framework applications:

      Select to make this the active connection; that is, the default connection for Content Presenter, Document Manager, Document List Viewer, and Recent Documents task flows. When no specific connection details are provided for these task flows, this default (also called primary, active) connection is used.

    Deselecting this option does not disable the content repository connection. If a content repository is no longer required, you must delete the connection.


  6. (For the active connection in Spaces only.) Enter additional details for the Spaces repository. For information, see Section 11.6.1, "What You Should Know About Registering Content Repositories for Spaces."

  7. Enter connection details for the content repository. For detailed parameter information, see:

    Table 11-7 Content Server Connection Parameters

    Field Description

    RIDC Socket Type

    Specify whether Content Server connects on the content server listener port or the Web server filter, and whether the listener port is SSL enabled. Choose from:

    • Socket - Uses an intradoc socket connection to connect to the Content Server. The client IP address must be added to the list of authorized addresses in Content Server. In this case, the client is the machine on which Oracle WebCenter Portal is running.

    • Socket SSL - Uses an intradoc socket connection to connect to Content Server that is secured using the SSL protocol. The client's certificates must be imported in the server's trust store for the connection to be allowed. This is the most secure option, and the recommended option whenever identity propagation is required (for example, in Spaces).

    • Web - Uses an HTTP(S) connection to connect to Content Server.

    • JAX-WS - Uses an HTTP(S) connection to connect to Content Server.

    For Spaces, the Web option is not suitable for the active connection, that is, the back-end Content Server repository that is being used to store space-related documents because it does not allow identity propagation.

    Server Host

    Enter the host name of the machine where Content Server is running.

    For example: mycontentserver.mycompany.com

    Server Host is required when the RIDC Socket Type is set to Socket or Socket SSL.

    Server Port

    Enter the port on which the Content Server listens:

    • Socket - Port specified for the incoming provider in the server.

    • Socket SSL - Port specified for the sslincoming provider in the server.

    This property corresponds to the IntradocServerPort setting in the Content Server configuration file, which defaults to port 4444.

    Server Port is required when the RIDC Socket Type is set to Socket or Socket SSL.

    Web URL

    Enter the Web server URL for the Content Server.

    Use the format: http://hostname:portnumber/web_root/plugin_root

    For example: http://mycontentserver/cms/idcplg

    Web URL is applicable when the RIDC Socket Type is set to Web.

    Web Service URL

    Enter the Web service URL required to connect to Content Server when using the JAX-WS protocol.

    Use the format: http://hostname:port/web_root

    For example: http://myhost.com:9044/idcnativews

    Web Service URL is applicable when RIDC Socket Type is set to JAX-WS.

    Connection Timeout (ms)

    Specify the length of time allowed to log in to Content Server (in milliseconds) before issuing a connection timeout message. If no timeout is set, there is no time limit for the login operation.

    Authentication Method

    Choose from:

    • Identity Propagation - Content Server and the WebCenter Portal application use the same identity store to authenticate users.

      (Spaces) Identity propagation is required on the active connection for Spaces, that is, for the content repository being used to store space-related documents.

    • External Application - An external application authenticates users against the Content Server. Select this option if you want to use public, shared, or mapped credentials. See also, "Setting Security for the Documents Service" in the Oracle Fusion Middleware Developer's Guide for Oracle WebCenter Portal.

    If an external application is used for authentication, use the Associated External Application drop down list to identify the application. If the application you want is not listed, select Create New to define the external application now.

    Web Server Context Root

    Enter the Web server context root for Content Server. Use the format /<context_root>. For example, /cs.

    When specified, several Content Server features based on iFrame are available in the WebCenter Portal application. This includes:

    • Associating a content profile with files when uploading new or updated files to Content Server.

      For more information, see "Uploading New Files" and "Uploading a New Version of an Existing File" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

    • Using the document review functionality available in Oracle AutoVue.

      For more information, see "Reviewing and Collaborating on Documents Using AutoVue" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

    • Editing advanced document properties.

      For more information, see "Working with File Properties" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

    • Viewing folder and file workflow details.

      For more information, see “Viewing Workflow Assignments" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

    • Previewing files in a slide viewer.

      For more information, see "Opening a File" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

    • Site Studio integration

      Without OHS (and WebContextRoot configuration), it is still possible to create or edit Site Studio content from within Content Presenter, but the create and edit actions launch new browser windows (or tabs) rather than opening within the Content Presenter task flow. For more information, see "Using Content Presenter to Create or Edit Oracle Site Studio Content" in Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

    The Web Server Context Root property is only applicable when the Authentication Method is set to Identity Propagation.

    Note: Specifying the Web Server Context Root is an indicator that the WebCenter Portal application is front-ended by OHS. If you specify the Web Server Context Root and do not connect through OHS, a 404 error occurs while you attempt to edit the advanced metadata in the Document Viewer, upload using a profile, or click Details for a content item in a workflow in a space. For information about setting up OHS to front-end WebCenter Portal applications, see Appendix B, "Oracle HTTP Server Configuration for WebCenter Portal".

    If your WebCenter Portal application is connected to multiple Content Server servers, Oracle recommends that each Content Server server has a unique Web Server Context Root so that OHS re-direction works correctly.

    Associated External Application

    Select the external application used to authenticate users against Content Server.

    Associated External Application is applicable when RIDC Socket Type is set to Web and also when the RIDC Socket Type is Socket or Socket SSL (with Authentication Method set to External Application).

    Client Security Policy

    Enter the client security policy to be used when the RIDC Socket Type is JAX-WS. For example: oracle/wss11_saml_token_with_message_protection_service_policy

    The JAX-WS client security policy can be any valid OWSM policy, but must match the security policy configured for the Content Server's Native Web Services IdcWebLogin service. For more information about the IdcWebLogin service, see "WebCenter Content Web Services" in the Oracle WebCenter Content Developer's Guide for Content Server.

    Leave this field blank if your environment supports Global Policy Attachments (GPA).

    Administrator User Name

    Enter a user name with administrative rights for this Content Server instance. This user will be used to fetch content type information based on profiles and track document changes for cache invalidation purpose.

    Defaults to sysadmin.

    Administrator Password

    Enter the password for the Content Server administrator.

    Key Store Location

    Specify the location of key store that contains the private key used to sign the security assertions. The key store location must be an absolute path.

    For example: D:\keys\keystore.xyz

    Key Store Location is required when the RIDC Socket Type is set to Socket SSL.

    Key Store Password

    Enter the password required to access the keystore.

    For example: T0PS3CR3T

    Key Store Password is required when the RIDC Socket Type is set to Socket SSL.

    Private Key Alias

    Enter the client private key alias in the keystore. The key is used to sign messages to the server. The public key corresponding to this private key must be imported in the server keystore.

    Ensure that the alias does not contain special characters or white space. For example: enigma

    Private Key Alias is required when the RIDC Socket Type is set to Socket SSL.

    Private Key Password

    Enter the password to be used with the private key alias in the key store.

    For example: c0d3bR3ak3R

    Private Key Password is required when the RIDC Socket Type is set to Socket SSL.


    Table 11-8 Connection - Content Server - Cache Details

    Element Description

    Cache Invalidation Interval (minutes)

    Specify the frequency between checks for external Content Server content changes (in minutes). WebCenter Portal automatically clears items that have changed from the cache.

    The default is 0 which means that cache invalidation is disabled.

    The minimum interval is 2 minutes.

    Maximum Cached Document Size (bytes)

    Enter a maximum cacheable size (in bytes) for Content Server binary documents. Documents larger than this size are not cached by WebCenter Portal.

    The default is 102400 bytes (100K).

    Tune this value based on your machine's memory configuration and the types of binary documents that you expect to cache.


    Table 11-9 Oracle Portal Connection Parameters

    Field Description

    Data Source Name

    Enter the JNDI DataSource location used to connect to the portal.

    For example: jdbc/MyPortalDS

    The datasource must be on the server where the WebCenter Portal application is deployed.

    Connection Timeout (ms)

    Specify the length of time allowed to log in to Oracle Portal (in milliseconds) before issuing a connection timeout message. If no timeout is set, there is no time limit for the login operation.

    Authentication Method

    Specify how to authenticate users against Oracle Portal. Choose from:

    • Identity Propagation - Select this option when the WebCenter Portal application and Oracle Portal both use the same user identity store.

    • External Application - Use an external application to authenticate users against Oracle Portal. Select this option if you want to use public, shared, or mapped credentials.

    If an external application is used for authentication, use the Associated External Application dropdown list to identify the application.

    Associated External Application

    Associate Oracle Portal with an external application. External application credential information is used to authenticate Oracle Portal users.You can select an existing external application from the dropdown list, or click Create New to configure a new external application now.


    Table 11-10 File System Connection Parameters

    Field Description

    Base Path

    Enter the full path to a folder on a local file system in which your content is placed. For example: C:\MyContent

    Caution: File system content must not be used in production or enterprise application deployments. This feature is provided for development purposes only.


  8. Click OK to save this connection.

  9. Click Test to verify if the connection you created works. For a successful connection, the Test Status message displays the advice that to start using the new (active) connection, you must restart the managed server on which the WebCenter Portal application is deployed.

The registered connections are now available to Documents service and Content Presenter task flows, which you can add to pages in WebCenter Portal: Spaces or WebCenter Portal: Framework applications. See also, "Working with the Documents Service Task Flows and Document Components" in the Oracle Fusion Middleware User's Guide for Oracle WebCenter Portal: Spaces.

11.6.3 Registering Content Repositories Using WLST

Use the following WLST commands to register new content repository connections for Framework applications. For information on how to register a Content Server repository for Spaces using WLST, see Section 11.10.2, "Setting Connection Properties for the Spaces Content Repository Using WLST."

For command syntax and examples, see the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

To configure a particular connection as the default connection, set isPrimary='1'. See Section 11.7, "Changing the Active (or Default) Content Repository Connection".

For information on how to run WLST commands, see Section 1.13.3.1, "Running Oracle WebLogic Scripting Tool (WLST) Commands".

Note:

To start using the new (active) connection you must restart the managed server on which the Framework application is deployed. See "Starting and Stopping WebLogic Managed Servers Using the Command Line" in the Oracle Fusion Middleware Administrator's Guide.

11.7 Changing the Active (or Default) Content Repository Connection

WebCenter Portal applications support multiple content repository connections but only one content repository connection can be designated the active (or default) connection.

In Spaces, the active connection becomes the default back-end repository for space and Home space documents and the repository must be Content Server. The active connection is also used as the default connection for the Documents service and Content Presenter task flows.

For other WebCenter Portal applications, the active connection becomes the default connection for Content Presenter, Document Manager, Document List Viewer, and Recent Documents, and so on. When no specific connection details are provided for these task flows, the default (active) connection is used.

This section contains the following subsections:

11.7.1 Changing the Active (or Default) Content Repository Connection Using Fusion Middleware Control

To change the active (or default) content repository connection:

  1. Log in to Fusion Middleware Control and navigate to the home page for WebCenter Portal: Spaces or the WebCenter Portal: Framework application:

  2. Do one of the following:

    • For WebCenter Portal: Spaces - From the WebCenter Portal menu, choose Settings > Service Configuration.

    • For WebCenter Portal: Framework applications - From the Application Deployment menu, choose WebCenter Portal > Service Configuration.

  3. From the list of services on the WebCenter Portal Services Configuration page, select Content Repository.

    The Manage Content Repository Connections table indicates the current active connection (if any).

  4. Select the connection you want to become the active (or default) connection, and then click Edit.

  5. Select the Active Connection checkbox.

  6. Click OK to update the connection.

  7. Click Test to verify if the connection you activated works. For a successfully activated connection, the Test Status message displays the advice that to start using the updated connection you must restart the managed server on which the WebCenter Portal application is deployed.

11.7.2 Changing the Active (or Default) Content Repository Connection Using WLST

Use the following WLST commands with isPrimary='1' to designate an existing content repository connection as the default connection:

For command syntax and examples, see the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

To subsequently disable a default content repository connection, run the same WLST command with isPrimary='false'. Connection details are retained but the connection is no longer named as the primary connection in adf-config.xml.

For information on how to run WLST commands, see Section 1.13.3.1, "Running Oracle WebLogic Scripting Tool (WLST) Commands".

Note:

To start using the new (active) connection you must restart the managed server on which the WebCenter Portal application is deployed. See, "Starting and Stopping WebLogic Managed Servers Using the Command Line" in the Oracle Fusion Middleware Administrator's Guide.

11.8 Modifying Content Repository Connection Details

This section contains the following subsections:

11.8.1 Modifying Content Repository Connection Details Using Fusion Middleware Control

To update content repository connection details:

  1. Log in to Fusion Middleware Control and navigate to the home page for WebCenter Portal: Spaces or the WebCenter Portal: Framework application:

  2. Do one of the following:

    • For the Spaces application - From the WebCenter Portal menu, choose Settings > Service Configuration.

    • For Framework applications - From the Application Deployment menu, choose WebCenter Portal > Service Configuration.

  3. From the list of services on the WebCenter Portal Services Configuration page, choose Content Repository.

  4. Select the connection name, and click Edit.

  5. Edit connection details, as required. For detailed parameter information, see:

  6. Click OK to save your changes.

  7. Click Test to verify if the updated connection works. For a successfully updated connection, the Test Status message displays the advice that to start using the updated connection, you must restart the managed server on which the WebCenter Portal application is deployed.

11.8.2 Modifying Content Repository Connection Details Using WLST

Use the following WLST commands to edit content repository connections:

For command syntax and examples, see the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

To configure a particular connection as the active (or default) connection, set isPrimary='1'. See Section 11.7, "Changing the Active (or Default) Content Repository Connection".

For information on how to run WLST commands, see Section 1.13.3.1, "Running Oracle WebLogic Scripting Tool (WLST) Commands".

Note:

To start using the updated (active) connection details, you must restart the managed server on which the WebCenter Portal application is deployed. See "Starting and Stopping WebLogic Managed Servers Using the Command Line" in the Oracle Fusion Middleware Administrator's Guide.

11.8.3 Modifying Cache Settings for Content Presenter

The content management code for Content Presenter, the Content Management Interoperability Services (CMIS) REST APIs, and so on, are shipped out of the box with local (in-memory) caches. This code doesn't use Coherence by default, although Coherence is the recommended caching mechanism for production and a requirement for HA environments. You can enable Coherence for caches in the content-coherence-cache-config.xml file. For WebCenter Portal: Spaces this file is stored in the ORACLE_HOME/user_projects/applications/wc_domain/custom.webcenter.spaces.fwk/APP-INF/classes/ directory. For WebCenter Portal applications, developers must create the content-coherence-cache-config.xml file in the application (EAR) classpath or server's system classpath.

A sample Coherence configuration file, as shown in Example 11-1, is provided within the content-app-lib.ear file. This EAR file is located at: ORACLE_HOME/webcenter/modules/oracle.webcenter.content.integration_11.1.1/content-app-lib.ear. The sample file location is: /content-app-lib.ear/APP-INF/classes/sample-content-coherence-cache-config.xml file. You can copy this file and rename it to content-coherence-cache-config.xml, and then set the values to meet customer's deployment needs. Table 11-11 describes the cache entries in this file.

Example 11-1 Sample Coherence Configuration File

<!DOCTYPE cache-config SYSTEM "cache-config.dtd">
<cache-config>
  <caching-scheme-mapping>
    <cache-mapping>
      <cache-name>repo.ucm.nodeUidCache.*</cache-name>
      <scheme-name>ContentNodeCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name>repo.ucm.nodePathToUidCache.*</cache-name>
      <scheme-name>ContentNodeCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name>repo.ucm.securityInfoCache.*</cache-name>
      <scheme-name>ContentNodeCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name>repo.ucm.typeNameCache.*</cache-name>
      <scheme-name>ContentTypeCaches</scheme-name>
    </cache-mapping>
   <cache-mapping>
      <cache-name>repo.ucm.typeNamesCache.*</cache-name>
      <scheme-name>ContentTypeCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name>binaryCache.*</cache-name>
      <scheme-name>ContentBinaryCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name>repo.ucm.searchCriteriaCache.*</cache-name>
      <scheme-name>ContentSearchCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name> repo.ucm.indexedFieldsCache.*</cache-name>
      <scheme-name>ContentSearchCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name>repo.ucm.securityUserCache.*</cache-name>
      <scheme-name>ContentSecurityCaches</scheme-name>
    </cache-mapping>
    <cache-mapping>
      <cache-name>repo.ucm.profileTriggerValueCache.*</cache-name>
      <scheme-name>ContentProfileCaches</scheme-name>
    </cache-mapping>
  </caching-scheme-mapping>
  <caching-schemes>
<!--    The following schemes are all local.  For a clustered deployment,
    a distributed, replcated, or other clustered scheme is recommended.
    See Coherence documentation for more information.
    -->
    <local-scheme>
      <scheme-name>ContentNodeCaches</scheme-name>
      <expiry-delay>1m</expiry-delay>
      <high-units>100</high-units>
    </local-scheme>
    <local-scheme>
      <scheme-name>ContentTypeCaches</scheme-name>
      <expiry-delay>30m</expiry-delay>
      <high-units>50</high-units>
    </local-scheme>
    <local-scheme>
      <scheme-name>ContentBinaryCaches</scheme-name>
      <expiry-delay>1m</expiry-delay>
      <high-units>100000</high-units>
      <unit-calculator>
        <class-scheme>
          <class-name>com.tangosol.net.cache.SimpleMemoryCalculator</class-name>
        </class-scheme>
      </unit-calculator>
    </local-scheme>
    <local-scheme>
      <scheme-name>ContentSearchCaches</scheme-name>
      <expiry-delay>5m</expiry-delay>
      <high-units>50</high-units>
    </local-scheme>
   <local-scheme>
      <scheme-name>ContentSecurityCaches</scheme-name>
      <expiry-delay>10m</expiry-delay>
      <high-units>50</high-units>
    </local-scheme>
   <local-scheme>
      <scheme-name>ContentProfileCaches</scheme-name>
      <expiry-delay>1h</expiry-delay>
      <high-units>100</high-units>
    </local-scheme>
    <!--
    <class-scheme>
      <scheme-name>ContentDisabledCaches</scheme-name>
      <class-name>com.tangosol.util.NullImplementation$NullMap</class-name>
    </class-scheme>
    -->
  </caching-schemes>
</cache-config>

Table 11-11 Cache Entries in content-coherence-cache-config.xml

Cache Entry Name Description

repo.ucm.nodeUidCache.*

Stores a list of nodes for a repository based on an ID. The size of this cache entry depends upon the number of nodes in the active repository.This cache expires based on when the node data is refreshed and how many times the data is modified from another application. Key - Node UID - String

Value - A Content Server Node object

repo.ucm.nodePathToUidCache.*

Stores a list of nodes for a repository based on a path. The size of this cache depends upon the number of nodes in the active repository.This cache entry expires based on when the node data is refreshed and how many times the data is modified from another application. The size and expiration time must be the same as that of nodeUidCache.

Key - Node path - String

Value - Node UID - String

repo.ucm.securityInfoCache.*

Stores cached security information for a node. The size of this cache depends upon the number of nodes in the repository. This cache expires based on the frequency of node security data updates.

Key - Node UID - String

Value - Security information for a node

repo.ucm.typeNameCache.*

Caches Content Type information. The size of this cache depends upon the number of types in the repository. This cache expires based on when the type information is refreshed and how many times the types are modified from another application.

Key - Content Type UID - String

Value - A ContentType object

repo.ucm.typeNamesCache.*

Caches all the type names known to Content Server. All type names are cached together (one key), and thus all expire at the same time.

This cache expires based on the frequency of new types being created or removed.

Key - There is only one key to this cache: "typeNames"

Value - An ArrayList<String> of the type names

binaryCache.*

Caches binary property data. Only binaries that are smaller than the repository configuration property BinaryCacheMaxEntrySize are cached.

The size of this cache either depends on the number and frequency of the smaller binary properties (smaller than the BinaryCacheMaxEntrySize setting) usage, or it is based on the total amount of memory to be used for binary caches.

This cache expires based on when the binary data is refreshed and how many times this data is modified from another application.

Key - The Node UID and binary Property UID (nodeUid.propUid) - String

Value - The binary stream data - byte[]

repo.ucm.searchCriteriaCache.*

Caches a set of search query to parameters based on the Content Server search grammar. The size of this cache depends upon the number of unique searches expected to be repeatedly performed.

The expiration must be set to eventually expire unused searches and save on the cache memory.

Key - A set of search query parameters.

Value - A set of search query parameters, in Content Server terms.

repo.ucm.indexedFieldsCache.*

Holds the indexed (searchable) system properties for the repository. There are three keys in this cache:

  • "indexedFields" holds all Content Server indexed fields.

  • "indexedFolderProps" holds indexed system properties for folders.

  • "indexedDocProps" holds indexed system properties for documents.

This cache expires based on the frequency of the indexed fields changes.

Key - String

Value - Map<String,Boolean> holds a key for each indexed property name, and a boolean indicating if that property is also sortable.

repo.ucm.securityUserCache.*

Caches the mapping between local user names (current application) and the name of the same user in Content Server. The size of this cache depends upon the number of simultaneous and/or frequent users.

This cache expires based on the frequency of user identity mapping updates.

Key - Local user Id - String

Value - Content Server user Id - String

repo.ucm.profileTriggerValueCache.*

Caches the profile trigger value for a given profile, so it is available when documents are created. The maximum number of entries in this cache is implicitly limited to the maximum number of profiles on the Content Server server. The cache entry size is small. The primary entry to vary is the expiration, which depends upon how often the profile trigger field values are modified in Content Server. These values change rarely once a profile is configured on the Content Server system. Therefore, the expiration should be set appropriately.

Key - The Content Server profile name - String

Value - The Content Server profile trigger value - String


11.9 Deleting Content Repository Connections

This section contains the following subsections:

Caution:

Delete a content repository connection only if it is not in use. If a connection is marked as active, it should first be removed from the active list, and then deleted.

11.9.1 Deleting Content Repository Connections Using Fusion Middleware Control

To delete a content repository connection:

  1. Log in to Fusion Middleware Control and navigate to the home page for WebCenter Portal: Spaces or the WebCenter Portal: Framework application:

  2. Do one of the following:

    • For the Spaces application - From the WebCenter Portal menu, choose Settings > Service Configuration.

    • For Framework applications - From the Application Deployment menu, choose WebCenter Portal > Service Configuration.

  3. From the list of services on the WebCenter Portal Services Configuration page, choose Content Repository.

  4. Select the connection name, and click Delete.

  5. To effect this change you must restart the managed server on which the WebCenter Portal application is deployed.

11.9.2 Deleting Content Repository Connections Using WLST

Use the WLST command deleteConnection to remove a content repository connection. For command syntax and examples, see "deleteConnection" in the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

For information on how to run WLST commands, see Section 1.13.3.1, "Running Oracle WebLogic Scripting Tool (WLST) Commands".

Note:

To effect this change you must restart the managed server on which the WebCenter Portal application is deployed. See, "Starting and Stopping WebLogic Managed Servers Using the Command Line" in the Oracle Fusion Middleware Administrator's Guide.

11.10 Setting Connection Properties for the Spaces Content Repository

You can view, modify, and delete connection properties for the back-end Content Server repository that is being used by Spaces to store space and Home space documents. Specifically, you can define the root folder under which space content is stored, the name of the content repository administrator, and a unique application identifier for separating application data on Content Server.

This section contains the following subsections:

11.10.1 Setting Connection Properties for the Spaces Content Repository Using Fusion Middleware Control

To set content repository connection properties for Spaces:

  1. Log in to Fusion Middleware Control and navigate to the home page for the Spaces application. See Section 6.2, "Navigating to the Home Page for the Spaces Application".

  2. From the WebCenter Portal menu, choose Settings > Service Configuration.

  3. From the list of services on the WebCenter Portal Services Configuration page, choose Content Repository.

  4. Select the connection name, and click Edit.

  5. (For the active connection in Spaces only.) Set connection properties for the Spaces repository. For information, see Section 11.6.1, "What You Should Know About Registering Content Repositories for Spaces."

  6. Click OK to save your changes.

  7. To start using the updated (active) connection properties, you must restart the managed server on which the Spaces application is deployed.

11.10.2 Setting Connection Properties for the Spaces Content Repository Using WLST

The following commands are valid only for the Spaces application to view, set, and delete properties for the Content Server repository that is being used by Spaces to store space and Home space documents:

For command syntax and detailed examples, see the Oracle Fusion Middleware WebLogic Scripting Tool Command Reference.

For information on how to run WLST commands, see Section 1.13.3.1, "Running Oracle WebLogic Scripting Tool (WLST) Commands."

11.11 Testing Content Repository Connections

After setting up content repository connections, you can test them to make sure that you can access the content repository, as described in the following sections:

11.11.1 Testing Content Server Connections

To verify a connection of the socket type web, log in to the Web interface of Content Server as administrator. You can obtain the URL of a socket type connection through Fusion Middleware Control as follows:

  1. In Fusion Middleware Control, from the WebCenter Portal menu, choose Settings and select Service Configuration (Figure 11-6).

    Figure 11-6 Fusion Middleware Control WebCenter Portal Menu

    Fusion Middleware Control WebCenter Menu
  2. On the Manage Content Repository Connections page, select the connection and click Edit (Figure 11-7).

    Figure 11-7 Manage Content Repository Connections Page

    Manage Content Repository Connections Page
  3. On the Edit Content Repository Connection page, copy the Web URL (Figure 11-8).

    Note:

    Remove the /idcplg/ suffix from the URL before using it.

    The URL format is: http://host_name/web_root/
    For example: http://mycontentserver/cms/

    Figure 11-8 Edit Content Repository Connection Page

    Edit Content Repository Connection Page

11.11.2 Testing Oracle Portal Connections

To verify the full state of an Oracle Portal connection:

  1. In the Oracle WebLogic Administration Console, under Domain Structure, expand Services > JDBC, then double-click Data Sources (Figure 11-9).

    Figure 11-9 Oracle WebLogic Administration Console

    Oracle WebLogic Administration Console
  2. On the Summary of JDBC Data Sources page, select the data source you intend to test (Figure 11-10).

    Figure 11-10 Summary of JDBC Data Sources Page

    Sumary of JDBC Data Sources Page
  3. In the Settings for datasource_name section, select the tabs Monitoring, then Testing. Select the data source target server, then click Test Data Source to test the connection (Figure 11-11).

    Figure 11-11 Data Source Settings Section

    Data Source Settings Section

11.12 Changing the Maximum File Upload Size

By default, the maximum upload size for files is: