Oracle® Internet Directory Application Developer's Guide 10g (9.0.4) Part Number B10461-01 |
|
This chapter explains how developers can use the Oracle Delegated Administration Services URL service units to achieve integration with Oracle Delegated Administration Services.
It contains the following sections:
Oracle Delegated Administration Services are a set of pre-defined, Web-based service units for performing directory operations on behalf of a user. Oracle Delegated Administration Services units enable Oracle Internet Directory to use the self-service model for directory users to, for instance, update their own information in an employee directory.
Delegated Administration Services enable you to more easily develop tools for administering application data in the directory. They provide most of the functionality that directory-enabled applications require, such as creating a user entry, creating a group entry, searching for entries, and changing user passwords.
You can embed Delegated Administration Service units into your applications. For example, if you are building a Web portal, you can add Oracle Delegated Administration Services units to enable users to change application passwords stored in the directory. Each service unit has a corresponding URL stored in the directory. An application can invoke an Oracle Delegated Administration Services unit by URL discovery at runtime by querying the directory.
There are three main areas where applications based on Oracle Delegated Administration Services are more advanced than those based on earlier types of APIs.
First, because Oracle Delegated Administration Services units are Web-based, an application developed with them are language-independent. In practice, this means that the application can handle input and requests from any type of user or application, eliminating the need for a costly custom solution or configuration.
Second, Oracle Delegated Administration Services comes with the Oracle Internet Directory Self-Service Console, a GUI development tool that automates many of the directory-oriented application requirements (such as Create, Edit, and Delete). This tool reduces design and development time for these basic functions.
Third, Oracle Delegated Administration Services is integrated with Oracle Application Server Single Sign-On, so an application based on Oracle Delegated Administration Services is automatically authenticated with Oracle Application Server Single Sign-On. This means that an application using Oracle Delegated Administration Services can proxy as a user to query the directory on behalf of a user, for better security.
This section contains these topics:
For an application to integrate with Oracle Delegated Administration Services units, the following must be true:
mod_osso
or through partner application.
Table 6-1discusses the various considerations for integrating an application with Oracle Delegated Administration Services.
This use case shows how to integrate the Create User
Oracle Delegated Administration Services unit with a custom application. In the custom application page, Create User
is shown as a link.
baseUrl = Util.getDASUrl(ctx,DASURL_BASE
).
This API returns the Oracle Delegated Administration Services base URL in the following form: http://
host_name
:
port
/
Create User
Oracle Delegated Administration Services unit, by using the string:
relUrl = Util.getDASUrl ( ctx , DASURL_CREATE_USER )
The return value is the relative URL to access the Create User unit.
The specific URL is the information needed to generate the link dynamically for our application.
Next we will look at the parameters that can be customized for this unit. This unit takes following parameters:
baseUrl = http://acme.mydomain.com:7777/ relUrl = oiddas/ui/oracle/ldap/das/admin/AppCreateUserInfoAdmin homeURL = http://acme.mydomain.com/myapp cancelURL = http://acme.mydomain.com/myapp doneURL = http://acme.mydomain.com/myapp enablePA = true
The complete URL looks like the following:
http://acme.mydomain.com:7777/oiddas/ui/oracle/ldap/das/admin/AppCreateUserI nfoAdmin? homeURL=http://acme.mydomain.com/myapp& cancelURL=http://acme.mydomain.com/myapp & doneURL=http://acme.mydomain.com/myapp& enablePA=true
Oracle Delegated Administration Services List of Values (LOV) is implemented using JavaScript to invoke and pass values between the LOV calling window and Oracle Delegated Administration Services LOV page. The application invoking the LOV needs to open a popup window using JavaScript. Since the Java scripts have the security restrictions, data passing across the domains is not possible. Due to this limitation, only the pages in the same domain can access the Oracle Delegated Administration Services LOV units.
The base and the relative URL can be invoked the same way as Create User. Sample files are located at:
$ORACLE_HOME/ldap/das/samples/lov
This sample illustrates how the LOV can be invoked and data can be passed between the calling application and Oracle Delegated Administration Services unit. Complete illustration of the LOV invocation is beyond the scope of this chapter.
To discover the Oracle Delegated Administration Services URLs, Java APIs can be used. More details about the Java API are described in Chapter 3, "Developing Applications with Oracle Extensions to the Standard LDAP APIs" and Chapter 10, "DAS_URL Interface Reference". The API functions which address the Oracle Delegated Administration Services URL discovery are:
|
![]() Copyright © 1999, 2003 Oracle Corporation. All Rights Reserved. |
|