SSM Installation and Configuration Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Configuring the Oracle SSM

The Oracle SSM makes use of a feature in Oracle 10g called Fine Grained Access Control (FGAC). This allows an Oracle customer to define access policies that restrict access to database tables for DML operations.

FGAC is used to intercept DML queries on protected tables and filter the result sets based on user entitlements stored in OES. The Web Service SSM client library is used to invoke authorization queries.

This section describes how to configure and run the Oracle SSM.

 

Prerequisites

 

Create and Configure the Oracle SSM

  1. Make sure the Administration Server is running.
  2. If the enrollment process has not been performed for the BEA_HOME containing the SSM, then:
    1. Run the enroll tool, as described in Enrollment. You can use demo mode.
    2. Include the password for system in the encrypted password.xml by running the following in the ales32-shared/bin directory:

      3. asipassword.bat|sh system ../keys/password.xml ../keys/password.key

  3. Make sure the Web Service SSM is not running. Then launch BEA_HOME/ales32_SSM/oracle-ssm/adm/instancewizard.cmd|sh and complete the wizard fields as indicated in Table 5-1. These entries reflect the values specified in BEA_HOME/ales32-ssm/oracle-ssm/examples/OracleSSM/build properties.

    4. Table 5-1 Oracle SSM Instance Wizard
    Field
    Description
    Instance Name
    oraclessm
    SM WS Port
    9000
    SM WS Config ID
    ora_ws_ssm
    Location
    Accept the default value.

  4. In the new Oracle SSM instance’s bin directory, use an editor to make the following changes in set-env.bat|sh:
    1. If required, update JAVA_HOME.
    2. Make sure that SQLPlus is in the system path using a line such as the following:

      3. set PATH=C:\oracle\product\10.2.0\db1\bin;%PATH%

  5. In a command shell, set the following environment variables:

    6. ORACLE_HOME
    ORACLE_HOME/bin (must be the first element in path)
    ORACLE_SID (set to the SID of the database)

  6. Execute setupOracleSSM.bat|sh in the shell window. Substitute the actual values for each field.

    7. setupOracleSSM.bat|sh
    -jdbc_url <JDBC_URL>
    -oracle_home <c:/oracle/products/10.2.0/db2>
    -db_sys_user <system>
    -db_sys_password <password>
    -ales_ssm_home <c:/bea/ales32-ssm>
    -ales_shared_home <c:/bea/ales32-shared>
    -ws_ssm_instance_dir <c:/bea/ales32-ssm/webservice-ssm/<    instance>
    -db_user <ales_ora_user>
    -db_password <password>
    -load_example_table <true>

    Note: The -db_user value must not be the name of an existing user. This user is created when the script is run.

  7. Open a shell window and change the directory to ales32-ssm/oracle-ssm/examples/OracleSSM.
  8. Update build.properties and then execute set-env.bat|sh.
  9. Run ant dist config load.
  10. In Administration Console, perform the following steps:
    1. Go to the SSM Configuration of the Web Service SSM and click on Authentication> FGACIdentityAsserter.
    2. On the Details tab, enter the Key value of secret property defined in table oes_oracle_ssm_properties.

      3. Note: This value can be obtained from the database using the following SQL query:

      'select value from oes_oracle_ssm_properties where KEY='secret';')

    3. Navigate to the Deployment node and distribute the configuration.
  11. Start the Web Service SSM instance.
  12. To test the results, use SQLPlus to run the following queries:
    1. Run query as sysdba to see the complete data set.

      2. $ sqlplus sys/sys-password@oracle-listner as sysdba

      SQL> select * from ales_ora_user.cust_payment_info;

      FIRST    LAST       ORDER   CREDIT_CARD_NUMB
      Jon       Oldfield   10001  5446959708812985
      Chris     White      10002  5122358046082560
      Alan      Squire     10003  5595968943757920
      Mike      Anderson   10004  4929889576357400
      Annie     Schmidt    10005  4556988708236902
      Elliot    Meyer      10006  374366599711820
      Celine    Smith      10007  4716898533036
      Steve     Haslam     10008  340975900376858
      Albert    Einstein    10009  310654305412389

    2. Run query as ales_ora_user to see a subset of the data.

      3. $ sqlplus ales_ora_user/password@oracle-listner

      SQL> select * from cust_payment_info;

      $ sqlplus ales_ora_user/password@oracle-listner

      FIRST    LAST       ORDER   CREDIT_CARD_NUMB
      Chris     White      10002  5122358046082560

 

Client Run-Result

This section shows sample results by using run.bat|sh (a sample JDBC client).

Note: Before using run.bat|sh, update BEA_HOME/ales32-ssm/oracle-ssm/examples/OracleSSM/client.properties to reflect your {jdbcUrl,schemaName,queryType,query} settings.

Listing 5-1 shows a sample test result for a queryType of select, update, and delete.

Listing 5-1 Sample Oracle Client Run Result 
C:\buildTree\ales32-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : select
Query : select * from cust_payment_info
Executing SELECT query...
Last Name, First Name : White,Chris

C:\buildTree\ales32-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : update
Query : UPDATE cust_payment_info set first_name = 'Test' where 
first_name='Alan'

Executing UPDATE query...
0 rows updated

C:\buildTree\ales32-ssm\oracle-ssm\examples\OracleSSM>run
Properties loaded from file : ./Client.properties
Database URL : jdbc:oracle:thin:@192.168.200.10:1521:ORCL
User Name : smysore3
User Password : password
User (of database connection) : SMYSORE3
ClientIdentifier : smysore3
Query Type [select/update/delete] : delete
Query : DELETE from cust_payment_info where first_name='Alan'
Executing DELETE query...
0 rows deleted

  Back to Top       Previous  Next