Oracle® Application Server Portal Configuration Guide 10g (9.0.4) Part Number B10356-01 |
|
OracleAS Portal gives you the ability to create various kinds of Web pages. You can supplement this ability with JavaServer Pages (JSPs).
This appendix describes how you can secure OracleAS Portal to allow access to only approved JSPs, and prevent unauthorized access by JSPs to portlet content. It also describes the steps required to allow access for protected external JSPs that require login.
The following topics are covered in this appendix:
Because almost any JSP using the tag library can request OracleAS Portal portlet content, there is a need for a secure way to ensure that only approved JSPs obtain access. You can control this through two mechanisms:
The configuration file identifies the OracleAS Portal instances, and page groups within those instances, to which an external JSP is allowed access.
The specific coding requirements of the configuration file are explained in Section F.1.1, "Contents of Your JavaServer Page Configuration File".
Your completed configuration file must then be identified to OracleAS Portal. This step is explained in Section F.1.3, "Location of Your JavaServer Page Configuration File".
This section contains the following sub-sections:
The required tags are:
The <jps> tag is a container tag that provides a list of OracleAS Portal instances to which external JSPs can have access.
<jps version="1.0">
Version must be set to 1.0 for the current OracleAS Portal release.
</jps>
The <portal> tag describes an individual OracleAS Portal instance.
<portal name="MyPortal" default="true">
</portal>
Only one default portal is allowed for each configuration file.
The <database> tag provides database connection information about a given OracleAS Portal instance. For example:
<database data-source="jdbc/MyPortal"/>
The data-source attribute value is the name of the data source, which must be specified in the data-sources.xml
file located in the J2EE_HOME
/config
directory.
Here is an example of a data-source definition:
<data-source class="com.evermind.sql.DriverManagerDataSource" name="MyPortal" location="jdbc/MyPortal" xa-location="jdbc/xa/MyPortal" ejb-location="jdbc/MyPortal" connection-driver="oracle.jdbc.driver.OracleDriver" username="portal_app" password="portal_app" url="jdbc:oracle:thin:@xyz.oracle.com:1521:orcl" inactivity-timeout="30" />
The username and password attributes must be set to the OracleAS Portal application schema user name and password.
The <url> tag provides connection information to the OracleAS Portal instance. For example:
<url protocol="http" host="defg.oracle.com" port="7500" path="/pls/portal"/>
The <cookie> tag describes the OracleAS Portal cookie. For example:
<cookie name="portal" maxAge="-1" path="/" domain=".oracle.com"/>
The <pageGroups> tag forms a container for the pageGroup tags. This tag has no attributes.
<pageGroups>
</pageGroups>
The <pageGroup> tag describes each individual page group's properties. For example:
<pageGroup name="JPSDemo" key="welcome" default="true"/>
Only one default page group is allowed for each portal instance.
The following is an example of a JSP configuration file:
<jps version="1.0"> <portal name="MyPortal" default="true"> <database data-source="jdbc/MyPortal"/> <url host="xyz.oracle.com" port="7500" path="/pls/portal"/> <cookie name="portal" maxAge="-1" path="/" /> <pageGroups> <pageGroup name="JPSDemo" key="welcome" default="true"/> <pageGroup name="JPSDemo2" key="welcome" default="false"/> </pageGroups> </portal> <portal name="AnotherPortal"> <database data-source="jdbc/AnotherPortal"/> <url protocol="http" host="abc.oracle.com" port="8888" path="/pls/portal90"/> <cookie name="portal90" maxAge="-1" path="/" /> <pageGroups> <pageGroup name="JPSDemo" key="welcome"/> <pageGroup name="JPSDemo1" key="welcome1"/> <pageGroup name="JPSDemo2" key="welcome2"/> <pageGroup name="JPSDemo3" key="welcome3"/> <pageGroup name="JPSDemo4" key="welcome4"/> </pageGroups> </portal> </jps>
By default, the name of the configuration file is assumed to be wwjps.xml
, and the default location of the file is:
J2EE_HOME/applications/portal/portal/WEB-INF
However, your configuration file can have any other name, and can be located anywhere in the file system.
You specify the location using a context parameter in the web.xml
file, which is located in the directory J2EE_HOME
/applications/portal/portal/WEB-INF
.
The context parameter in the web.xml
file is:
<context-param> <param-name>oracle.webdb.service.ConfigLoader</param-name> <param-value>/WEB-INF/wwjps.xml</param-value> <description>This parameter specifies the location of the JPS configuration file</description> </context-param>
External JSPs can be categorized by their login requirements:
Protected external JSPs have additional setup requirements. These are explained in the next section.
The following steps are required only for protected external JSPs. That is, external JSPs that require login.
In the external JSPs, if you need to log in to the portal, you need to use the following tag syntax:
<portal:usePortal id="AnyPortal" pagegroup="AnyPageGroup" login="true" />
When you execute this JSP, you will be redirected to the OracleAS Single Sign-On server if you are not already logged on. In order to make this work, look at the following sections:
By default, your Oracle HTTP Server is registered with the OracleAS Single Sign-On server. The following steps are given here only if that has been changed, and re-registration is necessary.
You need to register your Oracle HTTP Server with the OracleAS Single Sign-On server as a partner application. To do so:
http://abc.company.com:3000/pls/portal_sso/
Create a file (for example, portal.clr
) based on Example F-2. Replace the values in this example file with the values you got in the previous step (when you registered your application).
sso_server_version=v1.2 cipher_key=95CFC0004E594CB3 site_id=1325 site_token=NCZ4UZMV1325 login_url=http://abc.company.com:3000/pls/portal_sso/portal_sso.wwsso_a pp_admin.ls_login logout_url=http://abc.company..com:3000/pls/portal_sso/portal_sso.wwsso_app_ admin.ls_logout cancel_url=http://abc.company..com:3000/pls/portal_sso/
After making your changes in the file, place the file in the following directory:
<Oracle HTTPhome>/Oracle HTTP/Oracle HTTP/conf/osso/
Go to <Oracle HTTPhome>/Oracle HTTP/Oracle HTTP/conf/osso/
and run:
<Oracle HTTPhome>/Oracle HTTP/Oracle HTTP/bin/apobfuscate portal.clr osso.conf
In your httpd.conf
file, make sure the following line is not commented out:
include "<Oracle HTTPhome>/Oracle HTTP/Oracle HTTP/conf/mod_osso.conf"
After completing the earlier steps, restart the Oracle HTTP Server.
JAZN is the internal name for a Java Authentication and Authorization Service (JAAS) provider. JAAS is a Java package that enables applications to authenticate and enforce access controls upon users. The use of JAZN in OracleAS Portal is limited to the authentication of external JSPs
Confirm that the JAZN is working with the LDAP. (You can use the demo provided by the JAZN.)
Do the following additional step:
J2EE_HOME
/application-deployments/portal/orion-application.xml
and add the following:
<jazn provider="LDAP" location="ldap://<OIDHOST>:389" default-realm="oracle"> <jazn-web-app auth-method="SSO" /> </jazn>
Port number 389 is a default port for LDAP servers. However, any other port can be assigned. Contact your Oracle Internet Directory Administrator to obtain <host> and <port> information.
|
![]() Copyright © 2002, 2003 Oracle Corporation. All Rights Reserved. |
|