com.oracle.bpel.security.validator.bpmid
Class BPMIdentityValidator

java.lang.Object
BPELProcessValidator
com.oracle.bpel.security.validator.bpmid.BPMIdentityValidator

public class BPMIdentityValidator

extends BPELProcessValidator

Validator Bridge to use the configurable IdentityService provided by Oracle IDM Services - xml/oid/.. over JAAS

All mentioned properties should be put within the <configurations> tag under <BPELProcess> tag in the bpel suitcase (bpel.xml)

Order of Authentication/Authorization strategy:

• Check the deployment descriptor of the process and try to find
  • user - the user that is allowed to execute the process
  • pw - the corresponding credential
  • 
    Note: the password should be either in plaintext, with a leading ! character (eg. !welcome), or
    encrypted with the encrypt utility, $BPELHOME/bin/encrypt.bat\sh
    OR you can use the encryption attribute (encryption="encrypt")
  this will cause to validate the subject just against this provided information.
• Check the deployment descriptor of the process and try to find
  • role - describing which role a user must belong to, to exec. a process
  this will cause the bridge to validate the user against the service, and see if the given user belongs to the group specified here.
• Authenticate the user directly against the service, in this case the user must belong to a group named ProcessNameExecutionRole.

  Example: Process is named HelloWorld so the user must belong to a group called HelloWorldExecutionRole

  Note: Given a lot of processes, this is an immense overhead of admin on the corporate directory / or wherever this information is stored

Version:

1.3

Author:

clemens utschig-utschig (oracle corporation)

See Also:

Serialized Form

Constructor Summary

BPMIdentityValidator()
Public constructor, initialzes the IDM Bridge

Method Summary

java.lang.String	getValidatorDescription()
java.lang.String	getValidatorName()
boolean	isAllowedToExecuteActivity(javax.security.auth.Subject pSubject, java.lang.String pProcessId, java.lang.String pRevision, java.lang.String pActivityName) Not implemented!
boolean	isAllowedToExecuteProcess(javax.security.auth.Subject pSubject, java.lang.String pProcessId, java.lang.String pRevision)
boolean	isAllowedToLookupActivity(javax.security.auth.Subject pSubject, java.lang.String pProcessId, java.lang.String pRevision, java.lang.String pActivityName) Not implemented!
boolean	isAllowedToLookupProcess(javax.security.auth.Subject pSubject, java.lang.String pProcessId, java.lang.String pRevision)
void	releaseResources()
boolean	validateUser(javax.security.auth.Subject pSubject, java.lang.String pDomainId) Due to order of configuration, we just init here what we need the rest is

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

BPMIdentityValidator

public BPMIdentityValidator()
                     throws ServerException

Public constructor, initialzes the IDM Bridge

Throws:

ServerException - in case the IDM Bridge could not be initialized

Method Detail

validateUser

public boolean validateUser(javax.security.auth.Subject pSubject,
                            java.lang.String pDomainId)
                     throws ServerException

Due to order of configuration, we just init here what we need the rest is

Parameters:

pSubject - the subject

pDomainId - the domainId

Returns:

true - toherwise an Exception

Throws:

ServerException

isAllowedToLookupProcess

public boolean isAllowedToLookupProcess(javax.security.auth.Subject pSubject,
                                        java.lang.String pProcessId,
                                        java.lang.String pRevision)
                                 throws ServerException

Throws:

ServerException

See Also:

BPELProcessValidator#isAllowedToLookupProcess(Subject, String, String)

isAllowedToExecuteProcess

public boolean isAllowedToExecuteProcess(javax.security.auth.Subject pSubject,
                                         java.lang.String pProcessId,
                                         java.lang.String pRevision)
                                  throws ServerException

Throws:

ServerException

See Also:

BPELProcessValidator#isAllowedToExecuteProcess(Subject, String, String)

isAllowedToExecuteActivity

public boolean isAllowedToExecuteActivity(javax.security.auth.Subject pSubject,
                                          java.lang.String pProcessId,
                                          java.lang.String pRevision,
                                          java.lang.String pActivityName)
                                   throws ServerException

Not implemented!

Throws:

ServerException

See Also:

BPELProcessValidator#isAllowedToExecuteActivity(Subject, String, String, String)

isAllowedToLookupActivity

public boolean isAllowedToLookupActivity(javax.security.auth.Subject pSubject,
                                         java.lang.String pProcessId,
                                         java.lang.String pRevision,
                                         java.lang.String pActivityName)
                                  throws ServerException

Not implemented!

Throws:

ServerException

See Also:

BPELProcessValidator#isAllowedToLookupActivity(Subject, String, String, String)

releaseResources

public void releaseResources()
                      throws ServerException

Throws:

ServerException

See Also:

BPELProcessValidator#releaseResources()

getValidatorDescription

public final java.lang.String getValidatorDescription()

getValidatorName

public final java.lang.String getValidatorName()