Oracle® Fusion Middleware Oracle WebCenter Content VCR Adapter Guide for Oracle WebLogic Portal 10g Release 3 (10.3.4) Part Number E14664-03 |
|
|
View PDF |
This chapter includes the following sections:
The installation process includes these tasks:
Section 2.1.1, "Ensure the Oracle WebCenter Content Components are Installed"
Section 2.1.2, "Add a Reference to the Oracle WebCenter Content VCR Adapter Shared Library"
You must have the following Oracle WebCenter Content (formerly called Universal Content Management or UCM) components installed to use the Oracle WebCenter Content VCR Adapter. For details on installing these components, refer to the WebCenter Content installation documentation.
Oracle Content Server 11gR1 (11.1.1.5.0) with Oracle Text Search (OracleTextSearch), Full Text Search (DATABASE.FULLTEXT), or Metadata-only Search (DATABASE.METADATA) configured.
Folders_g (Folders section)
The following components are required if you are using SiteStudio:
LinkManager8 (Document Management section)
DBSearchContainsOpSupport (Web Content Management section). This component is required if you are using SiteStudio and not using Oracle Text Search.
SiteStudio (Web Content Management section)
SiteStudioExternalApplications (Web Content Management section)
Oracle Content Server 10gR3 (10.1.3.3.3) with Oracle Text Search (OracleTextSearch), Full Text Search (DATABASE.FULLTEXT), or Metadata-only Search (DATABASE.METADATA) configured.
Content Server Update Bundle Component Version 10.1.3.5.0 (CS10gR35UpdateBundle - 2011_10_11 (build 100).
Folders_g (Included in CS10gR35UpdateBundle; unzip and install the file at component/CS10gR35UpdateBundle/extras/Folders_g.zip).
Site Studio 10gR4 (10.1.4.0.0) component
VCR/SPI for Site Studio 10gR4 (component named SiteStudioSPI-Only-10gR4_*.zip)
Note:
This component is available on Oracle E-Delivery as one of the components included in part number V16530-01 Oracle Universal Content Management Web Content Management 10gR3 (10.1.3.3.7) for Windows, Linux and Unix. You can also obtain this component athttp://www.oracle.com/technetwork/middleware/webcenter/content/downloads/index-ucm10g-082682.html
under the name VCR/SPI for Site Studio 10gR4.Custom Link Form (ss_docname_link_form.htm) must be checked in. This form is available on OTN.
LinkManager8 component (included in CS10gR35UpdateBundle). This component is necessary to resolve SiteStudio document links. For example, this component must be enabled to determine which SiteStudio documents link to a given document.
Use Oracle Enterprise Pack for Eclipse (OEPE) to add a library reference from your enterprise application to the Oracle WebCenter Content VCR Adapter library.
Start Oracle Enterprise Pack for Eclipse.
In the Package Explorer, navigate to the <EAR_PROJECT>/EarContent/META-INF
folder of your application.
Right-click the file weblogic-application.xml
and select Open With > WebLogic Application Deployment Descriptor Editor.
In the editor, select Shared Libraries.
In the Shared Libraries tab, click the Add shared library references link.
In the Select WebLogic Shared Library dialog, select oracle-ucm-spi-app-lib
.
Click OK.
The library appears in the Shared Libraries list of weblogic-application.xml
.
On your file system, the library is added to the path, <MW_HOME
>/modules/oracle.content.ucm.spi_10.3.4.0
.
Save the file weblogic-application.xml
.
You have successfully added the Oracle WebCenter Content VCR Adapter library to your portal project.
You can configure or adjust WebCenter Content repository caches in two ways: in the EAR project file META-INF/p13n-cache-config.xml
or in the Portal Administration Console (under Configuration & Monitoring > Service Administration). Cache settings made in the Portal Administration Console take precedence over the file-based settings. You can also flush the caches from the Portal Administration Console.
Notes:
If you already have ap13n-cache-config.xml
file configured for another repository, simply add the WebCenter Content repository cache settings into that file.Table 2-1 and Table 2-2 describe the available cache settings in p13n-cache-config.xml
. Table 2-1 describes the VCR caches, which are caches used by the VCR component. These caches are repository specific and can exist for any repository. Table 2-2 describes the SPI caches, which are specific to the Oracle WebCenter Content SPI Adapter component.
Note:
Cache settings described in Table 2-3, "Configuration File Elements" describe the configuration properties for the RIDC security cache, which is used for authorization decisions.The pattern for the cache entry names is <elementName>.<repositoryName>, where <repositoryName> is the name of the WebCenter Content repository as specified in the META-INF/content-config.xml
file. For example, nodeCache.StellentRepository
.
Note that <time-to-live>
values are specified in milliseconds.
Table 2-1 VCR-Level Cache Entry Descriptions
Cache Entry Name | Description |
---|---|
nodeCache.<repositoryName> |
Caches node id to node instance for this repository. Defaults: enabled = true; time-to-live = 120000, max-entries = 200. |
nodePathCache.<repositoryName> |
Caches node path to node id for this repository. Defaults: enabled = true; time-to-live = 120000, max-entries = 200. |
typeCache.<repositoryName> |
Caches type id to type instance for this repository Defaults: enabled = true; time-to-live = 600000, max-entries = 200. |
typeNameCache.<repositoryName> |
Caches type name to type id for this repository. Defaults: enabled = true; time-to-live = 600000, max-entries = 200. |
binaryCache.<repositoryName> |
Defaults: enabled = true; time-to-live = 300000, max-entries = 50. Note: The maximum binary entry size is specified as the repository property binaryCacheMaxEntrySize which has a default value of 102400 bytes (100 kb). |
searchCache.<repositoryName> |
The VCR search cache is not used to cache WebCenter Content search results; the WebCenter Content server-side search cache is used for this purpose. |
nativeAuthCache.<repositoryName> |
Authorization cache for this repository when using native security. Defaults: enabled = true; time-to-live = 5000, max-entries = 5000. |
repositoryConfigCache.<repositoryName> |
Maximum = 20, time-to-live = (-1) (forever), enabled = true |
searchFTSPathCriteriaCache |
Maximum = 500, time-to-live = 1 hour |
searchExpressionPathCriteriaCache |
Maximum = 500, time-to-live = 1 hour |
Table 2-2 SPI-Level Cache Entry Descriptions
Cache Entry Name | Description |
---|---|
repo.ucm.typeNameCache.<repositoryName> |
Caches WebCenter Content server type metadata by type name. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
repo.ucm.nodePathToUidCache.<repositoryName> |
Caches WebCenter Content server node ids by node path. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
repo.ucm.nodeUidCache.<repositoryName> |
Caches WebCenter Content server node metadata by node id. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
repo.ucm.securityInfoCache.<repositoryName> |
Caches WebCenter Content server node security information. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
repo.ucm.typeNamesCache.<repositoryName> |
Caches the list of WebCenter Content type names. Defaults: enabled=true, time-to-live=1800000 (30 minutes), max-entries=5000. |
repo.ucm.indexedFieldsCache.<repositoryName> |
Caches information about which WebCenter Content fields are indexed. Defaults: enabled=true, time-to-live=1800000 (30 minutes), max-entries=5000. |
repo.ucm.securityUserCache.<repositoryName> |
Stores the association between a WLP user and the associated WebCenter Content server userID. Defaults: 5000 entries, time-to-live = 30 minutes |
repo.ucm.searchCriteriaCache.<repositoryName> |
Caches search criteria so repeated searches perform well. Defaults: enabled=true, time-to-live=3600000 (1 hour), max-entries=500. |
Note:
To configure the Oracle WebCenter Content SPI RIDC security cache settings described in Table 2-3, you must add the entries as<repository-property>
elements in content-config.xml
.Example 2-1 presents a sample META-INF/p13n-cache-config.xml
file.
Example 2-1 Sample p13n-cache-config.xml File
<?xml version="1.0" encoding="UTF-8"?> <p13n-cache-config xmlns="http://www.bea.com/ns/p13n/90/p13n-cache-config"> <cache> <name>nodeCache.MyUcmRepo</name> <enabled>true</enabled> <time-to-live>600000</time-to-live> <max-entries>5000</max-entries> </cache> <cache> <name>repo.ucm.nodePathToUidCache.StellentRepository</name> <enabled>true</enabled> <time-to-live>10000</time-to-live> <max-entries>2000</max-entries> </cache> </p13n-cache-config>
After the adapter is added to your WLP project, you are ready to configure it. Configuring means specifying how the adapter will talk to the WebCenter Content repository. For example, the adapter has to know where the WebCenter Content server is running, its port number, an admin account name, and so on.
There are two configuration scenarios to consider. If you primarily work with the IDE in a development environment, you can configure the adapter by editing a configuration file. If you are a portal administrator who uses the WLP Administration Console, you can use the Administration Console to configure the adapter.
This section explains how to configure the adapter using a configuration file. Developers working primarily in the IDE commonly use this method.
Note:
Because of the way in which WLP uses deployment plans, adapter configurations made in the WLP Administration Console take precedence over configurations made in thecontent-config.xml
file.Open the content-config.xml
file. This file is located in the META-INF
directory of your Portal EAR Project.
Edit the required elements in the file using Table 2-3 and Example 2-2 as a guide.
Save the configuration file.
Redeploy the portal application.
Table 2-3 describes the elements in content-config.xml
that you must configure to successfully use the adapter.
Table 2-3 Configuration File Elements
Element | Description |
---|---|
class-name |
(Required) The class name of the adapter, which is com.oracle.content.spi.ucm.RepositoryImpl. |
username |
(Optional) If you use the global config user security option (see Section 2.4.1, "WLP-Secured Global Config User" or Section 2.4.2, "Natively-Secured Global Config User"), this element specifies the Oracle WebCenter Content Server user name that is used to retrieve data from WebCenter Content, regardless of the WLP user. In other words, all WLP users in an enterprise application will see the data for this WebCenter Content repository instance. Note: If you configure the identity propagation option, do not specify this element (see Section 2.4.3, "Identity Propagation with Native Security"). |
ContentServerHostname |
(Required) The hostname or IP address of the server on which the WebCenter Content repository is running. |
ContentServerPort |
(Required) The Intradoc port number on which the WebCenter Content repository is listening. This corresponds to the IntradocServerPort setting in the Content Server configuration file, which defaults to port 4444. You can also find this setting by accessing the WebCenter Content server with a browser as an admin, clicking on Administration > Configuration for xxx, then clicking on the Server Configurations link. Configure the Oracle WebCenter Content SPI to use the 'Server Port'. |
ContentServerAdminUser |
(Required) The user name of a valid administrative user of the WebCenter Content repository. This user must have the admin role. |
ContentServerServiceType |
(Required) Protocol used to connect with the WebCenter Content Server. Valid options are INTRADOC or INTRADOC_SSL. INTRADOC is the default. |
ContentServerSSLKeyStoreFile |
Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The absolute path to the client SSL keystore file. |
ContentServerSSLKeyStorePassword |
SSL keystore password. Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The SSL keystore password. |
ContentServerSSLKeyStoreAlias |
Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The SSL keystore alias name. |
ContentServerSSLKeyStoreAliasPassword |
Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The SSL keystore alias password. |
CacheInvalidationInterval |
(Optional) Polling interval in minutes for the Oracle WebCenter Content Adapter CacheInvalidator IntervalJob (must be equal to or greater than 2 minutes). This cache automatically invalidates cached content in WLP as content is changed on the WebCenter Content server. If you set it to 0, automatic cache invalidation will be disabled for this repository. |
folder_badge_objectClasses |
(Required) Specifies a list of Oracle WebCenter Content ObjectClasses that are displayed as folders in the WLP Administration Console. For the Oracle WebCenter Content VCR adapter, set this value to IDC:Folder. |
TypeRetrievalShapeUser |
(Required) Specifies a WebCenter Content user account that is used to retrieve all types (ObjectClasses) from WebCenter Content. WebCenter Content profiles can take into account the WebCenter Content user when determining which fields are on a profile. WLP uses this setting to ensure that the WebCenter Content type retrieval is identical regardless of the WLP user. This user account does not need any special roles on the WebCenter Content server. Note: If you want to create documents of various security groups, the configured |
useNativeSecurity |
When this element is enabled, the native WebCenter Content security will be used to secure content. When disabled, the VCR federated security (entitlements) will be used to secure content in addition to the native WebCenter Content security. Default is false (disabled). For more information, Section 2.4, "Security Mapping." Note: For best performance, use native security (useNativeSecurity = true). |
SecurityCacheSize |
Used in the default RIDC security cache configuration size. Add this entry as |
SecurityUserCacheTtl |
Used in the default RIDC security cache configuration. Add this entry as |
SecurityServerCacheTtl |
This time to live value is only used if accounts or ACL are used. Add this RIDC security cache entry as |
ContentServerConnectionTimeout |
(Optional) The maximum time (in msec) to wait when connecting to the WebCenter Content server. Default=30 seconds |
ContentServerConnectionPoolSize |
(Optional) Optional. The maximum connection pool size. Default=20 |
ContentServerSocketTimeout |
(Optional) The maximum time to wait (in msec) for a WebCenter Content server response. Default=70 seconds. |
ForceDeleteFolders |
(Optional) only used if the Trash folder is enabled on the Oracle WebCenter Content instance. If set to true, then deleting a folder or document will remove it immediately, bypassing the trash. If set to false, then deleting a folder or document will move it to the trash. |
Example 2-2 shows a sample configuration file with the required elements highlighted in bold type.
Example 2-2 Sample Configuration for the Oracle WebCenter Content VCR Adapter
<!-- UCM test repository --> <content-store> <name>UCMRepository</name> <class-name>com.oracle.content.spi.ucm.RepositoryImpl </class-name> <username>wlpApp</username> <repository-property> <description>Hostname on which the UCM Content Server is running </description> <name>ContentServerHostname</name> <value>10.221.19.72</value> </repository-property> <repository-property> <description>Port on which the UCM Content Server is running (on host named above) </description> <name>ContentServerPort</name> <value>4444</value> </repository-property> <repository-property> <description>Content Server uname in Admin role, for security checks </description> <name>ContentServerAdminUser</name> <value>sysadmin</value> </repository-property> <repository-property> <description>List of folder ObjectClasses</description> <name>folder_badge_objectClasses</name> <value>IDC:Folder</value> </repository-property> <repository-property> <description>Single user for all type related interactions </description> <name>TypeRetrievalShapeUser</name> <value>typeShapeUser</value> </repository-property> <repository-property> <name>useNativeSecurity</name> <value>false</value> </repository-property> <repository-property> <description>Protocol used to connect with the UCM Server. Valid options are INTRADOC or INTRADOC_SSL. INTRADOC is the default. </description> <name>ContentServerServiceType</name> <value>INTRADOC</value> </repository-property> <repository-property> <description>Content Server Username in Admin role, used for security checks </description> <name>ContentServerAdminUser</name> <value>sysadmin</value> </repository-property> <repository-property> <description>Polling interval for the CacheInvalidator IntervalJob (must be equal to or greater than 2 min) </description> <name>CacheInvalidationInterval</name> <value>2</value> </repository-property> <repository-property> <description>Location on the filesystem of the client SSL keystore file. Only used when ContentServerServiceType is INTRADOC_SSL </description> <name>ContentServerSSLKeystoreFile</name> <value>c:/client_keystore</value> </repository-property> <repository-property> <description>SSL keystore password. Only used when ContentServerServiceType is INTRADOC_SSL </description> <name>ContentServerSSLKeystorePassword</name> <value>idcidc</value> </repository-property> <repository-property> <description>SSL keystore alias name. Only used when ContentServerServiceType is INTRADOC_SSL </description> <name>ContentServerSSLKeystoreAlias</name> <value>SecureClient</value> </repository-property> <repository-property> <description>SSL keystore alias password. Only used when ContentServerServiceType is INTRADOC_SSL </description> <name>ContentServerSSLKeystoreAliasPassword</name> <value>idcidc</value> </repository-property> <read-only>true</read-only> <binary-cache-max-entry-size>102400</binary-cache-max-entry-size> <!-- metadata search --> <search-is-enabled>true</search-is-enabled> <!-- full text search --> <fulltext-search-is-enabled>true</fulltext-search-is-enabled> <search-indexing-is-enabled>false</search-indexing-is-enabled> </content-store>
Users who typically work on staged or production portals use the WebLogic Portal Administration Console to configure content repositories. This section summarizes the basic configuration steps for this scenario. For more detailed instructions, see "Configuring Additional Repositories" in the Oracle Fusion Middleware Content Management Guide for Oracle WebLogic Portal.
Once the WebCenter Content repository is deployed and running it must be connected to WebLogic Portal so that it appears as part of its Virtual Content Repository. To add the WebCenter Content repository:
Open the WebLogic Portal Administration Console.
Select the Content tab to enter the Content Management page.
Select the Repositories link to view the repositories. This link is above the tree view on the left.
Click Virtual Content Repository at the top of the repository tree.
In the editor pane to the right, click the Add Repository Connection button.
Complete the Add Repository Connection dialog with the following information:
Field | Description |
---|---|
Name | A name you choose for the adapter. |
Connection Class | (Required) The class name of the adapter, which is com.oracle.content.spi.ucm.RepositoryImpl. |
Datasource JNDI name | Not required. |
Username | If using the global config user option (all users of the application use the same credentials to connect to WebCenter Content), this field specifies the user name of a valid user of the WebCenter Content repository. If not using the global config user option, leave this field blank. For more information on security, see Section 2.4, "Security Mapping." |
Password | Not necessary for the Oracle WebCenter Content VCR Adapter. |
Enable Library Services | Set this field to false. |
Click Create. The new repository appears in the repository tree on the left hand side.
Note:
If you receive an error after clicking Create, click the Refresh Tree button. The words “can't connect” appear next to the new repository name in the Administration Console. To correct the problem, select the new repository and use the Add Property dialog to add the required properties indicated by the error message: ContentServerHostname, ContentServerPort, ContentServerAdminUser.Using the Administration Console, configure the same repository properties listed and described previously in Table 2-3, "Configuration File Elements".
This section explains how to configure WebCenter Content to work with the Oracle WebCenter Content VCR Adapter. Refer to the WebCenter Content documentation for details on performing the configurations described in this section.
The Intradoc server port requires two configurations:
IntradocServerPort – The Oracle WebCenter Content SPI accesses the WebCenter Content Server through the RIDC libraries. By default, the RIDC libraries communicate with the WebCenter Content server over the Intradoc server socket port.
SocketHostAddressSecurityFilter – The security filter setting specifies which client hosts are allowed to contact the WebCenter Content server over the Intradoc server socket port. The security filter must be configured to support, at a minimum, the set of hosts that the Oracle WebCenter Content SPI runs on.
To configure these server port settings:
In your WebCenter Content server config.cfg
file, enable the Intradoc server socket port and the security filter, by adding lines like the following:
IntradocServerPort=4444 SocketHostAddressSecurityFilter=10.143.121.150 or *.*.*.*
Restart the WebCenter Content server.
Note:
See the WebCenter Content documentation for more details on these settings.By default, a WebCenter Content server does not have a profile trigger field configured. This section explains how to select a profile trigger field if one has not already been selected.
Note:
The trigger field is an important setting in the WebCenter Content server. This field is used to customize the Content Server UI for various types of data. Once the trigger field is selected, it is difficult to change the setting, and doing so can affect the Content Server UI. It's important to carefully consider which trigger field to use. See WebCenter Content documentation for more details.To select a profile trigger field:
In a browser, access the content server and log in as an Administrator.
Select Admin Applets from the Administration menu.
Open the Configuration Manager applet.
Select the Profiles tab.
At the top of the screen, the current Trigger Field is displayed; for example: Trigger Field: dDocType.
If the Trigger Field is not currently configured, click Select and select the desired field.
Note:
Only perform this task if the Content Server is configured to use the OracleText search engine. You can verify configuration, inspect theSearchIndexerEngineName
setting in the WebCenter Content config.cfg
file. If it is set to OracleTextSearch
, then the OracleText search engine is in use.In the WebCenter Content server, the dOriginalName
field stores the filename of a document. By default, the OracleText search engine performs substring matches when searching on filenames, even if the VCR client requests an exact match.
To configure WebCenter Content so exact matches are possible:
Select Text Search Admin from the Administration menu.
In the set of non-optimized fields on the left-hand side, in the Special section, select Original Name and click the arrow to move it to the right side of the screen.
Click Update.
If necessary, rebuild the search index as follows:
Select Admin Applets from the Administration menu.
Open the Repository Manager applet and select the Indexer tab.
In the Collection Rebuild Cycle section, click Start to begin indexing.
When the State is Finished, the indexing is complete.
There are three ways to configure the security and credential mappings between the Oracle WebCenter Content Adapter and the WebCenter Content instance.
Section 2.4.3, "Identity Propagation with Native Security"
Note:
The VCR adapter user identity propagation to the Oracle WebCenter Content server will not work properly if the WebCenter Content Server users that are being referenced by WLP exist in an ActiveDirectory and the WebCenter Content Server has been configured to use a non-LDAP based ActiveDirectory. This configuration is not supported.A local or global user identity store will work, as will an external LDAP-based store (either ActiveDirectory or other LDAP).
Note:
For best performance, use native security (useNativeSecurity = true).Note:
By default, WebCenter Content allows users that do not exist in the WebCenter Content user store to connect. They are implicitly mapped to the guest role. For example, if you configure an invalid WebCenter Content username in the adapter configuration, WLP will access WebCenter Content as a user in the guest role. If not immediately apparent, this will generally become noticeable when you go to create content or edit content via the WLP Adapter, since users in the guest role generally cannot create or edit content in WebCenter Content.All users in the application use the same credentials to connect to the WebCenter Content instance. The data is secured through both WebCenter Content (based on the username) and WebLogic Portal. This is the configuration to use if you plan to use WLP Entitlements and/or Delegated Administration on content. Configure this type of security with these settings in the META-INF/content-config.xml
file in the EAR Project, as described in the following table.
Field | Value |
---|---|
Username | The user name of a valid user of the WebCenter Content repository. The WebCenter Content content this user can access may be further reduced by applying entitlements in WLP. If you plan to use WLP Entitlements or Delegated Administration, select a username with the desired level of access to content. WLP users will have 'at most' the privileges of this WebCenter Content username. |
useNativeSecurity | false |
All users in the application use the same credentials to connect to the WebCenter Content instance. Data is secured through WebCenter Content. WLP Content Entitlements will not apply. Configure this type of security with these settings in the META-INF/content-config.xml
file in the EAR Project:
Field | Value |
---|---|
Username | The user name of a valid user of the WebCenter Content repository. The WebCenter Content content this user can access will be exposed in WLP. |
useNativeSecurity | true |
WebLogic Portal and WebCenter Content use the same security store, such as a shared LDAP store. Each WLP user sees in the application what they are permitted to see on the WebCenter Content side. Entitlements (WLP content security) are disabled.
Field | Value |
---|---|
Username | Do not set a value for this field. |
useNativeSecurity | true |
To verify the installation, open the WLP Administration Console, go to the Content Management section, and attempt to browse to the WebCenter Content repository and view its contents or types.