3 Configuring OC4J for Oracle Real-Time Decisions

Oracle RTD runs on the Oracle Containers for J2EE (OC4J) component of Oracle Application Server. You can choose to use either a standalone version of OC4J, or the version of OC4J that comes with Oracle Application Server.

Oracle RTD is supported on both UNIX and Windows platforms for OC4J. The following instructions describe how to install the Real-Time Decision Server on OC4J.

Note:

Although the Real-Time Decision Server runs on either UNIX or Windows, the Oracle RTD client tools must be run from a Windows platform.

This chapter contains the following topics:

• Section 3.1, "Configuring Server Properties"

• Section 3.2, "Providing JDBC Access to the Oracle RTD Database"

• Section 3.3, "Creating Oracle RTD Roles and Users"

• Section 3.4, "Installing the Oracle Real-Time Decisions Application on OC4J"

• Section 3.5, "Assigning Permissions to Custom Roles"

• Section 3.6, "Starting Oracle Real-Time Decisions"

• Section 3.7, "Uninstalling the Oracle Real-Time Decisions Application from OC4J"

• Section 3.8, "Configuring SSL for Real-Time Decision Server (Recommended)"

• Section 3.9, "Setting Up JConsole Security for OC4J"

• Section 3.10, "Changing the Oracle Real-Time Decisions Port Number in OC4J"

3.1 Configuring Server Properties

Perform the steps in the following sections to configure OC4J for Oracle RTD. Before you begin, make sure that OC4J is not running.

This section contains the following topics:

• Section 3.1.1, "Configuring Server Properties for Standalone OC4J"

• Section 3.1.2, "Configuring Server Properties for Oracle Application Server"

3.1.1 Configuring Server Properties for Standalone OC4J

Follow these steps to configure server properties for standalone OC4J:

1. Follow the steps appropriate to your operating system:

   • On Windows: Locate the file OC4J_HOME\bin\oc4j.cmd and open it for editing. After the line :oc4j, insert the following new lines. For jmx_remote_port, enter the value you want to use as the JConsole port number (for example, 12345).

     set JVMARGS=%JVMARGS% -Dcom.sun.management.jmxremote=true
     set JVMARGS=%JVMARGS% -Dcom.sun.management.jmxremote.port=jmx_remote_port
     set JVMARGS=%JVMARGS% -Dcom.sun.management.jmxremote.authenticate=false
     set JVMARGS=%JVMARGS% -Dcom.sun.management.jmxremote.ssl=false
     set JVMARGS=%JVMARGS% -Djava.net.preferIPv4Stack=true
     set JVMARGS=%JVMARGS% -Xmx512M -XX:MaxPermsize=128M -server
     

     Tips:

     1. If you get the error OutOfMemoryError, set the -Xmx argument to -Xmx1024M.

     2. If you get the error OutOfMemoryError:PermGen, set the -XX:MaxPermSize argument to -XX:MaxPermSize=256M.

     Then, save and close the file.

   • On UNIX: Locate the file OC4J_HOME/bin/oc4j and open it for editing. After the line echo "Starting OC4J from $J2EE_HOME ...", insert the following new lines. For jmx_remote_port, enter the value you want to use as the JConsole port number (for example, 12345).

     JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote=true
     JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote.port=jmx_remote_port
     JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote.authenticate=false
     JVMARGS=$JVMARGS -Dcom.sun.management.jmxremote.ssl=false
     JVMARGS=$JVMARGS -Djava.net.preferIPv4Stack=true
     JVMARGS=$JVMARGS -Xmx512M -XX:MaxPermsize=128M -server
     

     Tips:

     1. If you get the error OutOfMemoryError, set the -Xmx argument to -Xmx1024M.

     2. If you get the error OutOfMemoryError:PermGen, set the -XX:MaxPermSize argument to -XX:MaxPermSize=256M.

     Then, save and close the file.

     Note:

     In order to perform this step, you may need to grant execute permission to the OC4J_HOME/bin/oc4j file.

2. Locate the file OC4J_HOME/j2ee/home/config/default-web-site.xml and copy it to the same location, renaming it to rtd-web-site.xml. In the renamed file, make the following changes:

   • In the <web-site> tag, set the port attribute to 8080.

   • In the <web-site> tag, set the protocol attribute to http.

   • In the <web-site> tag, set the display-name attribute to OC4J RTD Web Site.

   • Delete all <web-app> tags.

   • In the <access-log> tag, set the path attribute to ../log/rtd-web-access.log.

   For example:

   <?xml version="1.0"?>
   <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd"  port="8080" protocol="http" display-name="OC4J RTD Web Site" schema-major-version="10" schema-minor-version="0" >
   <default-web-app application="default" name="defaultWebApp" root="/j2ee" />
   <access-log path="../log/rtd-web-access.log" split="day" />
   </web-site>
   

   Then, save and close the file.

3. Locate the file OC4J_HOME/j2ee/home/config/server.xml and open it for editing. After <web-site default="true" path="./default-web-site.xml" />, add the following line:

   <web-site path="./rtd-web-site.xml" />
   

   Then, save and close the file.

4. If you are using either SQL Server or DB2 for your Oracle RTD Database, copy the database JDBC jar files to the OC4J applib directory, as follows:

   • For SQL Server: Copy the file sqljdbc.jar in the directory RTD_HOME/lib/jdbc to the directory OC4J_HOME/j2ee/home/applib

   • For DB2: Copy the files db2jcc.jar and db2jcc_license_cu.jar in RTD_HOME/lib/jdbc to the directory OC4J_HOME/j2ee/home/applib

3.1.2 Configuring Server Properties for Oracle Application Server

Follow these steps to configure server properties for Oracle Application Server:

1. Locate the file ORACLE_AS_HOME/opmn/conf/opmn.xml and open it for editing. Add the following line to the end of the value attribute for the java-options tag, under the tags default_group, oc4j_instance (for example, home), and start-parameters:

   -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=jmx_remote_port -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.net.preferIPv4Stack=true
   

   Make sure to enter this text as one continuous line. If you copy the text from this document, remove any line breaks that may appear. For jmx_remote_port, provide the value you want to use as the JConsole port number (for example, 12345).

   For example:

   <ias-component id="default_group">
     <process-type id="home" module-id="OC4J" status="enabled">
       <module-data>
         <category id="start-parameters">
           <data id="java-options" value="... -Dcom.sun.management.jmxremote=true -Dcom.sun.management.jmxremote.port=12345 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false 
   -Djava.net.preferIPv4Stack=true"/>
   

   Note:

   In the preceding example, the ... that appears before -Dcom.sun.management.jmxremote=true represents additional Java options parameters that are not shown in this example.

   Then, save and close the file.

2. Locate the file ORACLE_AS_HOME/j2ee/oc4j_instance/config/default-web-site.xml and copy it to the same location, renaming it to rtd-web-site.xml.

   Note:

   The value oc4j_instance refers to the particular instance of OC4J where you plan to deploy Oracle RTD. For example, if you plan to deploy Oracle RTD to the default OC4J instance, the path is: ORACLE_AS_HOME/j2ee/home/config/default-web- site.xml.

3. In the renamed file, make the following changes:

   • In the <web-site> tag, set the port attribute to 8080.

   • In the <web-site> tag, set the display-name attribute to OC4J RTD Web Site.

   • Delete all <web-app> tags.

   • In the <access-log> tag, set the path attribute to ../log/rtd-web-access.log.

   For example:

   <?xml version="1.0"?>
   <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd"  port="8080" display-name="OC4J RTD Web Site" schema-major-version="10" schema-minor-version="0" >
   <default-web-app application="default" name="defaultWebApp" root="/j2ee" />
   <access-log path="../log/rtd-web-access.log" split="day" />
   </web-site>
   

   Then, save and close the file.

4. Locate the file ORACLE_AS_HOME/j2ee/oc4j_instance/config/server.xml and open it for editing. After <web-site default="true" path="./default-web-site.xml" />, add the following line:

   <web-site path="./rtd-web-site.xml" />
   

   Then, save and close the file.

5. If you are using either SQL Server or DB2 for your Oracle RTD Database, copy the database JDBC jar files to the OC4J applib directory, as follows:

   • For SQL Server: Copy the file sqljdbc.jar in the directory RTD_HOME/lib/jdbc to the directory ORACLE_AS_HOME/j2ee/oc4j_instance/applib

   • For DB2: Copy the files db2jcc.jar and db2jcc_license_cu.jar in RTD_HOME/lib/jdbc to the directory ORACLE_AS_HOME/j2ee/oc4j_instance/applib

3.2 Providing JDBC Access to the Oracle RTD Database

Use the OC4J management console, called the Application Server Control, to provide JDBC access to the Oracle RTD Database. For more information about how to use the Application Server Control, refer to the OC4J documentation.

This section describes how to create the required OC4J management elements, and how to combine the creation steps with the deployment of Oracle RTD on to OC4J.

The first step to perform is to create a shared library, as described in Section 3.2.1, "Creating the Shared Library oracle.rtd.jdbc."

After this, the sequence of steps to perform depends on the database type of your Oracle RTD Database:

• If the database is in SQL Server or DB2, the instructions to perform are in the following order::

  1. Section 3.2.2, "Creating a JDBC Provider for the Oracle RTD Database in SQLServer and DB2"

  2. Section 3.4, "Installing the Oracle Real-Time Decisions Application on OC4J"

• If the database is in Oracle, the instructions to perform are described in Section 3.2.3, "Creating a JDBC Provider for the Oracle RTD Database in Oracle."

This section consists of the folowing topics:

• Section 3.2.1, "Creating the Shared Library oracle.rtd.jdbc"

• Section 3.2.2, "Creating a JDBC Provider for the Oracle RTD Database in SQLServer and DB2"

• Section 3.2.3, "Creating a JDBC Provider for the Oracle RTD Database in Oracle"

3.2.1 Creating the Shared Library oracle.rtd.jdbc

Before you proceed, make sure that your OC4J server is not running.

To create the shared library oracle.rtd.jdbc, perform the following steps:

1. Start the OC4J server.

   If you are using the standalone version of OC4J, open a command prompt and go to OC4J_HOME/bin, then run the command oc4j -start.

   If you are using OC4J as part of Oracle Application Server, go to ORACLE_AS_HOME/opmn/bin, and use opmnctl to manage OC4J.

   See Oracle Containers for J2EE Configuration and Administration Guide for more information.

2. Log in to the Application Server Control as the oc4jadmin user. You can access the Application Server Control at http://oc4j_host:port/em. For the standalone version of OC4J, the port number is typically 8888. For OC4J as part of Oracle Application Server, the port number is typically 80.

3. If you are using the standalone version of OC4J, go to the Administration tab, then click the Go to Task icon for the Shared Libraries task under the Properties heading.

   If you are using OC4J as part of Oracle Application Server, first click home under the Groups heading, then proceed to the Administration tab.

4. On the Shared Libraries page, click Create, then enter the following data:

   • Shared Library Name = oracle.rtd.jdbc

   • Shared Library Version = 10.2.0.4

5. Click Next.

6. On the Create Shared Libraries: Add Archives page, click Add, then Browse to select the file RTD_HOME\lib\jdbc\ojdbc14.jar.

7. Click Continue, then Finish.

3.2.2 Creating a JDBC Provider for the Oracle RTD Database in SQLServer and DB2

To create a JDBC provider for the Oracle RTD Database in SQL Server and DB2, perform the following steps:

1. If you have not already done so, log in to the OC4J Application Server Control, as described in steps 1 and 2 of Section 3.2.1, "Creating the Shared Library oracle.rtd.jdbc."

2. Go to the Administration tab, then click the JDBC Resources task under the Services heading. Under the Connection Pools heading, click Create to create a new connection pool for your Oracle RTD Database.

   If you are using OC4J as part of Oracle Application Server, first click home under the Groups heading, then proceed to the Administration tab.

3. On the Create Connection Pool - Application page, ensure that default is selected for Application, and that New Connection Pool is selected for Connection Pool Type. Then, click Continue.

4. On the Create Connection Pool page, enter RTDConnectionPool for Name.

5. For Connection Factory Class, enter one of the following:

   • SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver

   • DB2: com.ibm.db2.jcc.DB2Driver

6. For JDBC URL, enter one of the following:

   • SQL Server: jdbc:sqlserver://db_host:db_port;databaseName=db_name

     Note:

     If you installed your Oracle RTD Database on a SQL Server named instance, specify the db_host parameter using the format host_name\instance_name.

   • DB2: jdbc:db2://db_host:db_port/db_name

   db_host is the name of the server running the Oracle RTD Database, db_port is the port number for connecting to the database server, and db_name is the name of the Oracle RTD Database instance.

7. Under the Credentials heading, for Username, provide a database user name with system administration privileges for the Oracle RTD Database instance. Then, provide the corresponding password. See Oracle Fusion Middleware Security Guide for information about whether to provide a cleartext password or an indirect password.

8. Click Finish.

9. On the JDBC Resources page, under the Data Sources heading, click Create to define a new data source.

10. On the Create Data Source - Application & Type page, ensure that default is selected for Application, and that Managed Data Source is selected for Data Source Type. Then, click Continue.

11. On the Create Data Source - Managed Data Source page, enter RTD_DS for Name, jdbc/SDDS for JNDI Location, and select RTDConnectionPool for Connection Pool. Keep the defaults for the other options. Then, click Finish.

12. On the JDBC Resources page, in the Data Sources table, click Test Connection for the RTD_DS data source. Follow these steps to test the RTD_DS data source:

    • Change the SQL Statement to select * from SDAPPS, then click Test.

    If the connection is not established successfully, restart OC4J and then test the data source again. If it still fails, ensure that your connection pool settings are correct.

After you have created and tested all the objects in Application Server Control, you must deploy and start Oracle RTD, by performing the instructions in Section 3.4, "Installing the Oracle Real-Time Decisions Application on OC4J" and Section 3.6, "Starting Oracle Real-Time Decisions."

3.2.3 Creating a JDBC Provider for the Oracle RTD Database in Oracle

To create a JDBC provider for the Oracle RTD Database in Oracle, you must first deploy OracleRTD on to OC4J, then set up the JDBC resources in Application Server Control, as follows:

1. If you have not already done so, start the OC4J server, as described in step 1 of Section 3.2.1, "Creating the Shared Library oracle.rtd.jdbc."

2. Deploy OracleRTD on to OC4J, by performing the instructions in Section 3.4, "Installing the Oracle Real-Time Decisions Application on OC4J."

   Ignore any errors about the missing Oracle RTD database SDDS.

3. In the Application Server Control, go to the Administration tab, then click the JDBC Resources task under the Services heading. Under the Connection Pools heading, click Create to create a new connection pool for your Oracle RTD Database.

   If you are using OC4J as part of Oracle Application Server, first click home under the Groups heading, then proceed to the Administration tab.

4. On the Create Connection Pool - Application page, ensure that OracleRTD (and not default), is selected for Application, and that New Connection Pool is selected for Connection Pool Type. Then, click Continue.

5. On the Create Connection Pool page, enter RTDConnectionPool for Name.

6. For Connection Factory Class, enter:

   • oracle.jdbc.pool.OracleDataSource

7. For JDBC URL, enter :

   • jdbc:oracle:thin:@db_host:db_port:sid

   db_host is the name of the server running the Oracle RTD Database, db_port is the port number for connecting to the database server, and sid is the Oracle System Identifier that refers to the instance of the Oracle Database running on the server, for example, ORCL.

8. Under the Credentials heading, for Username, provide a database user name with system administration privileges for the Oracle RTD Database instance. Then, provide the corresponding password. See Oracle Fusion Middleware Security Guide for information about whether to provide a cleartext password or an indirect password.

9. Click Finish.

10. On the JDBC Resources page, under the Data Sources heading, click Create to define a new data source.

11. On the Create Data Source - Application & Type page, ensure that OracleRTD (and not default), is selected for Application, and that Managed Data Source is selected for Data Source Type. Then, click Continue.

12. On the Create Data Source - Managed Data Source page, enter RTD_DS for Name, jdbc/SDDS for JNDI Location, and select RTDConnectionPool for Connection Pool. Keep the defaults for the other options. Then, click Finish.

13. On the JDBC Resources page, in the Data Sources table, click Test Connection for the RTD_DS data source, then click Test.

    If the connection is not established successfully, restart OC4J and then test the data source again. If it still fails, ensure that your connection pool settings are correct.

After you have created and tested all the objects in Application Server Control, do not redeploy OracleRTD. Start Oracle RTD as described in Section 3.6, "Starting Oracle Real-Time Decisions."

3.3 Creating Oracle RTD Roles and Users

Note:

For general information about roles and permissions in Oracle RTD, see Chapter 7, "Configuring Security for Oracle Real-Time Decisions."

The instructions here apply to both Oracle Application Server (Oracle AS) and to Oracle Container for J2EE (OC4J).

For the default security provider that comes with OC4J, the term "role" is the same as what other vendors might call a "user group". A role is a collection of users and other roles. Roles are created, and users added to roles, using OC4J's administration console.

Role Inheritance

OC4J has the concept of role inheritance. If role B inherits role A, then anyone in role B is also in role A. Using set theory as an analogy, B can be thought of as a subset completely contained with set A.

This section consists of the following topics:

• Section 3.3.1, "Creating Oracle RTD Roles"

• Section 3.3.2, "Creating Oracle RTD Administrators and Other Users"

• Section 3.3.3, "Updating Oracle RTD's Deployment Descriptors"

3.3.1 Creating Oracle RTD Roles

Table 3-1 shows the standard roles, two custom roles, and their inheritance relationships. All roles must inherit from RTDUsers, directly or indirectly.

Table 3-1 Standard Roles and Inherited Roles

Role	Inherited Roles	Standard or Custom?
RTDUsers	none	Standard
RTDAdministrators	RTDUsers	Standard
RTDDecisionCenterUsers	RTDUsers	Standard
RTDDecisionCenterEditors	RTDDecisionCenterUsers	Standard
RTDStudioDeployers	RTDUsers	Standard
RTDStudioDownloaders	RTDUsers	Standard
RTDBatchAdministrators	RTDUsers	Standard
RTDChoiceEditors	RTDUsers	Standard
ILS2Developers	RTDUsers	Custom
ILS2Users	RTDUsers	Custom

To create the standard roles, perform the following steps:

1. Open the OC4J administration console.

2. Click the Administration tab.

3. In the Task Name > Administration Tasks > Security > Security Providers line, click the Go to Task icon.

4. Click the Instance Level Security button.

5. Click the Realms tab.

6. In the Realm Name row for the default realm, jazn.com, click the number in the Roles column.

7. For each role in Table 3-1 to be created, perform the following steps:

   1. Click Create.

   2. Enter a name for the new role.

      Note:

      Do not select either of the following:

      • Grant RMI Login Permission

      • Grant Administration Permission

   3. Move any roles that should be inherited from the Available Roles list on the left to the Selected Roles list on the right.

   4. In the tree on the left, select Security Realms.

   5. In the window on the right, select the security realm to use.

   6. Click Apply.

3.3.2 Creating Oracle RTD Administrators and Other Users

To create a user, perform the following steps:

1. Open the OC4J administration console.

2. Click the Administration tab.

3. In the Task Name > Administration Tasks > Security > Security Providers line, click the Go to Task icon.

4. Click the Instance Level Security button.

5. Click the Realms tab.

6. In the Realm Name row for the default realm, jazn.com, click the number in the Users column.

7. For each user to be created, perform the following steps:

   1. Click Create.

   2. Enter a name for the new user.

   3. Enter a password for the user.

   4. Enter the password again, to confirm it.

   5. Move any roles for this user from the Available Roles list on the left to the Selected Roles list on the right.

      Note:

      Because of the way role inheritances are defined in Table 3-1, you do not need to explicitly add any users to the RTDUsers role.

   6. Click OK.

3.3.3 Updating Oracle RTD's Deployment Descriptors

Two of Oracle RTD's deployment descriptor files must be updated to reference any custom roles. These files are embedded within ui.war and soap.war, both of which are embedded within RTD.ear.

Note:

This section describes the changes that need to be made to two web.xml files, but does not describe precisely how to find and update those files. The process is similar to the process of updating the web.xml files to contain custom database resource references, as described in Section 8.1.3, "Adding the New Data Source to Oracle RTD."

Update ui.war

The file represented by this path must be updated to reference any custom roles:

• rtd.ear/ui.war/web-inf/web.xml

There are three places within the file web.xml that need to be updated to reference custom roles. Look for the three occurrences of the string, "RTD-Custom-Roles", inside comments.

The first two places are for inserting security-role-ref elements, as in the following:

<!-- RTD-Custom-Roles. Insert custom RTD roles here, as might be needed for
         ILS-specific access. For example, RTD_ILS2Developers could be a role for
         deploying the Inline Service named ILS2, and RTD_ILS2Users for viewing or
         editing ILS2 in Decision Center.
 -->
      <security-role-ref>
          <role-name>RTD_ILS2Developers</role-name>
          <role-link>RTD_ILS2Developers</role-link>
      </security-role-ref>
      <security-role-ref>
          <role-name>RTD_ILS2Users</role-name>
          <role-link>RTD_ILS2Users</role-link>
      </security-role-ref>

The third place for custom roles is for inserting security-role elements, as in the following:

<!-- RTD-Custom-Roles. Insert here security-role elements for any custom RTD roles,
         as might be needed for ILS-specific access. For example, RTD_ILS2Developers
         could be a role for deploying the Inline Service named ILS2, and RTD_ILS2Users
         for viewing or editing ILS2 in Decision Center.
-->
      <security-role>
          <role-name>RTD_ILS2Developers</role-name>
      </security-role>
      <security-role>
          <role-name>RTD_ILS2Users</role-name>
      </security-role>

Update soap.war

The file represented by this path must be updated to reference any custom roles:

• rtd.ear/soap.war/web-inf/web.xml

There are two places within the file web.xml that must be updated to reference custom roles. Look for the two occurrences of the string, "RTD-Custom-Roles", inside comments.

The first place is for inserting security-role-ref elements, as in the following:

<!-- RTD-Custom-Roles. Insert custom RTD roles here, as might be needed for
         ILS-specific access. For example, RTD_ILS2Developers could be a role for
         deploying the Inline Service named ILS2, and RTD_ILS2Users for viewing or
         editing ILS2 in Decision Center.
-->
      <security-role-ref>
          <role-name>RTD_ILS2Developers</role-name>
          <role-link>RTD_ILS2Developers</role-link>
      </security-role-ref>
      <security-role-ref>
          <role-name>RTD_ILS2Users</role-name>
          <role-link>RTD_ILS2Users</role-link>
      </security-role-ref>

The second place for custom roles is for inserting security-role elements, as in the following:

<!-- RTD-Custom-Roles. Insert here security-role elements for any custom RTD roles,
         as might be needed for ILS-specific access. For example, RTD_ILS2Developers
         could be a role for deploying the Inline Service named ILS2, and RTD_ILS2Users
         for viewing or editing ILS2 in Decision Center.
-->
      <security-role>
          <role-name>RTD_ILS2Developers</role-name>
      </security-role>
      <security-role>
          <role-name>RTD_ILS2Users</role-name>
      </security-role>

3.4 Installing the Oracle Real-Time Decisions Application on OC4J

Use the Application Server Control to install Oracle RTD on OC4J. Before you begin, ensure that OC4J is started.

To install Oracle RTD on OC4J:

1. If you have not already done so, log in to the Application Server Control as the oc4jadmin user. You can access the Application Server Control at http://oc4j_host:port/em. For the standalone version of OC4J, the port number is typically 8888. For OC4J as part of Oracle Application Server, the port number is typically 80

2. If you are using the standalone version of OC4J, on the OC4J home page, click the Applications tab.

   If you are using OC4J as part of Oracle Application Server, first click home under the Groups heading, then proceed to the Applications tab.

3. Click Deploy. On the Deploy: Select Archive page, under the Archive heading, browse to specify the archive location RTD_HOME/package/RTD.ear. Then, under the Deployment Plan heading, ensure that Automatically create a new deployment plan is selected and click Next.

4. On the Deploy: Application Attributes page, enter OracleRTD for Application Name, then choose rtd-web-site for Bind Web Module to Site. Then, click Next.

5. On the Deploy: Deployment Settings page, click Deploy. It may take a few minutes for deployment to complete. Then, check to see if Oracle RTD is running by going to Decision Center at the URL http://server_name:port/ui. The port is typically 8080.

3.5 Assigning Permissions to Custom Roles

As described in Section 7.4, "Assigning Permissions," assign Cluster permissions, Inline Service permissions, and Decision Center Perspective permissions to any custom roles.

3.6 Starting Oracle Real-Time Decisions

When you start OC4J, Oracle RTD is started automatically. To start Oracle RTD independently from OC4J, use the Application Server Control, as follows:

1. Log in to the Application Server Control as the oc4jadmin user. You can access the Application Server Control at http://oc4j_host:port/em.

2. Go to the Applications tab. In the Applications table, select OracleRTD and click Start. A green arrow pointing up in the Status column indicates that the application is started.

   If you are using OC4J as part of Oracle Application Server, first click home under the Groups heading, then proceed to the Applications tab.

3.7 Uninstalling the Oracle Real-Time Decisions Application from OC4J

You can use the Application Server Control to uninstall Oracle RTD from OC4J. Before you begin, ensure that OC4J is started.

To uninstall Oracle RTD from OC4J:

1. Log in to the Application Server Control as the oc4jadmin user. You can access the Application Server Control at http://oc4j_host:port/em.

2. Go to the Applications tab. In the Applications table, select OracleRTD and click Stop. A red arrow pointing down in the Status column indicates that the application is stopped.

   If you are using OC4J as part of Oracle Application Server, first click home under the Groups heading, then proceed to the Applications tab.

3. Click Undeploy, then click Yes on the Undeploy Application page.

These steps uninstall Oracle RTD from OC4J, but they do not remove the Oracle RTD files from the operating system. You must delete the Oracle RTD files manually.

3.8 Configuring SSL for Real-Time Decision Server (Recommended)

Follow the steps in this section to set up SSL for all client connections to Real-Time Decision Server. Before you begin, ensure that you followed the instructions in Section 2.6 to change the default Oracle RTD keystore password.

Note:

If you want to use your own keystore, you do not need to complete the instructions in Section 2.6.

This section contains the following topics:

• Section 3.8.1, "Setting Up SSL"

• Section 3.8.2, "Testing the SSL Configuration"

3.8.1 Setting Up SSL

To configure SSL for Real-Time Decision Server

1. If you are using standalone OC4J, follow the instructions appropriate for your operating system. If you are using Oracle Application Server, proceed to Step 2.

   • On Windows: Locate the file OC4J_HOME\bin\oc4j.cmd and open it for editing. Before each %JAVA_HOME%\bin\java line, insert the following new line:

     cd %J2EE_HOME%
     

   • On UNIX: Locate the file OC4J_HOME/bin/oc4j.sh and open it for editing. Before each $JAVA_HOME/bin/java line, insert the following new line:

     cd $J2EE_HOME
     

2. If you are using standalone OC4J, go to OC4J_HOME/jlib. If you are using Oracle Application Server, go to ORACLE_AS_HOME/jlib. Then, rename the file jssl-1_1.jar to jssl-1_1.jar.notused.

3. If you are using standalone OC4J, go to OC4J_HOME/j2ee/home/config. If you are using Oracle Application Server, go to ORACLE_AS_HOME/j2ee/oc4j_instance/config. Then, make a copy the of the file rtd-web-site.xml and rename the copied file to rtd-secure-web-site.xml.

4. Open rtd-secure-web-site.xml for editing and make the following changes:

   • In the <web-site> tag, set the port attribute to 8443.

   • In the <web-site> tag, add or set the secure attribute to true.

   • In the <web-site> tag, set the protocol attribute to https.

   • In the <web-site> tag, set the display-name attribute to OC4J RTD Secure Web Site.

   • For each <web-app> tag, add or set the shared attribute to true.

   • In the <access-log> tag, set the path attribute to ../log/rtd-secure-web-access.log.

   • Add the following line just before the </web-site> tag. Make sure to replace RTD_HOME with the actual Oracle RTD installation path.

     <ssl-config keystore="RTD_HOME/etc/ssl/sdserver.keystore" keystore-password="your_keystore_password" needs-client-auth="false" />
     

   For example:

   <?xml version="1.0" ?>
   <web-site xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd" port="8443" secure="true" protocol="https" display-name="OC4J Secure Default Web Site" schema-major-version="10" schema-minor-version="0" >
   <default-web-app application="default" name="defaultWebApp" />
   <web-app application="OracleRTD" name="ls" load-on-startup="true" root="/ls" shared="true" />
     <web-app application="OracleRTD" name="rtis" load-on-startup="true" root="/rtis" shared="true" />
     <web-app application="OracleRTD" name="soap" load-on-startup="true" root="/soap" shared="true" />
     <web-app application="OracleRTD" name="ui" load-on-startup="true" root="/ui" shared="true" />
     <web-app application="OracleRTD" name="schema" load-on-startup="true" root="/schema" shared="true" />
     <web-app application="OracleRTD" name="cactus" load-on-startup="true" root="/cactus" shared="true" />
     <access-log path="../log/rtd-secure-web-access.log" split="day" />
   <ssl-config keystore="C:\OracleBI\RTD\etc\ssl\sdserver.keystore" keystore-password="my_password" needs-client-auth="false" />
   </web-site>
   

   If you want to use your own keystore instead of using the default Oracle RTD keystore, provide the path to your own keystore in place of RTD_HOME/etc/ssl/sdserver.keystore.

5. Locate the file OC4J_HOME/j2ee/home/config/server.xml and open it for editing. After the line <web-site default="true" path="./default-web-site.xml" />, insert the following new line:

   <web-site path="./rtd-secure-web-site.xml" />
   

   Then, save and close the file.

6. Restart OC4J.

   Note:

   For a truly secure environment, you should also disable the regular HTTP port to ensure that all client connections are routed through the SSL port. To do this, perform the following step:

   1. Disable the HTTP port for your Web server using application server tools. Refer to the standalone OC4J or Oracle Application Server documentation for more information.

7. If you are using your own keystore and truststore, perform the following additional steps to enable SSL for Decision Studio and Load Generator. You do not need to perform these steps if you are using the default Oracle RTD keystore and truststore.

   1. Open RTD_HOME\eclipse\eclipse.ini for editing.

   2. Locate the following line:

      -Djava.net.ssl.trustStore="..\etc\ssl\sdtrust.store"
      

   3. Replace ..\etc\ssl\sdtruststore with the full path to your truststore file.

   4. Save and close the file.

   5. Open RTD_HOME\scripts\sdexec.cmd for editing.

   6. Locate the line beginning with %SD_START%, near the bottom of the file. Near the end of the line, locate the following string:

      -Djavax.net.ssl.trustStore="%SD_ROOT%\etc\ssl\sdtrust.store"
      

   7. Replace %SD_ROOT%\etc\ssl\sdtruststore with the full path to your truststore file.

   8. Save and close the file.

3.8.2 Testing the SSL Configuration

To verify that the SSL port is functioning properly, go to Decision Center at the URL https://server_name:ssl_port/ui. If the SSL port is functioning property, your browser will display the "Welcome to Decision Center" login screen.

You may get a message from your Web browser, similar to “Do you want to accept this certificate?” This message is generated because the browser does not know about the self-signed certificate that was shipped with the default Oracle RTD keystore. This self-signed certificate is suitable for development and test environments, but it is not recommended for production environments.

For production environments, Oracle recommends the self-signed certificate be replaced with a certificate from a trusted certificate authority (CA), like Verisign/Thawte, by submitting to the CA a certificate request generated by Sun's keytool utility. See:

http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/keytool.html for instructions on generating a certificate request, and for importing the certificate from the CA into the keystore.

3.9 Setting Up JConsole Security for OC4J

Perform the following steps to set up security for the JConsole management tool. Before you begin, ensure that OC4J is not running.

To set up security for JConsole:

1. If you are using standalone OC4J, follow the steps appropriate to your operating system:

   • On Windows: Locate the file OC4J_HOME\bin\oc4j.cmd and open it for editing. Locate the line:

     set JVMARGS=%JVMARGS% -Dcom.sun.management.jmxremote.authenticate=false
     

     Change the value of this line to true. Then, save and close the file.

   • On UNIX: Locate the file OC4J_HOME/bin/oc4j and open it for editing. Locate the line:

     JVMARGS=$JVMARGS :-Dcom.sun.management.jmxremote.authenticate=false
     

     Change the value of this line to true. Then, save and close the file.

2. If you are using Oracle Application Server, locate the file ORACLE_AS_HOME/opmn/conf/opmn.xml and open it for editing. Locate the string -Dcom.sun.management.jmxremote.authenticate=false, then set the value to true. Then, save and close the file.

3. Locate the JDK install directory on the computer where OC4J is running. Be sure to go to the JDK installation that is being used by OC4J.

   • If you are using standalone OC4J, create a copy of the file JDK_HOME/jre/lib/management/jmxremote.password.template file and rename it to jmxremote.password. If you are unsure where your JDK is installed, check the JAVA_HOME operating system environment variable.

   • If you are using Oracle Application Server, create a copy of the file ORACLE_AS_HOME/jdk/jre/lib/management/jmxremote.password.template and rename it to jmxremote.password.

     Note:

     If Oracle Application Server is running on an AIX-based system, you downloaded the IBM Java 5 SR2 JDK, as described in Section 1.3.2. For this configuration, go to the IBM Java 5 SR2 installation directory, rather than ORACLE_AS_HOME. Then, navigate to the jmx.remote.password.template file.

4. Open the jmxremote.password file for editing. At the end of the file, remove the pound character (#) in front of the following two lines:

   monitorRole QED
   controlRole R&D
   

   Each line lists a set of credentials, or in other words, a user name followed by the corresponding password. Optionally, you can add new user names and passwords on separate lines. If you decide to keep the default user names monitorRole and controlRole, change the default passwords to new ones of your choice.

   By default, the user name monitorRole allows JConsole MBean read-only permissions, while the user name controlRole allows for full JMX MBean control. The following step explains how to change these default permissions.

5. To set permissions for each set of credentials, open the jmxremote.access file, located in the same directory, for editing. Then, use the keywords readonly and readwrite to specify the access level for each set of credentials. For example:

   monitorRole readonly
   controlRole readwrite
   

   Make sure to add permissions for any new credentials you added to the jmxremote.password file.

6. Because the jmxremote.password file contains passwords in clear text, you need to restrict access to this file to the file owner by changing the file access permissions, as follows:

   • On Windows: Follow the instructions at:

     http://java.sun.com/j2se/1.5.0/docs/guide/management/security-windows.html
     

   • On UNIX: Run the command chmod 600 jmxremote.password

   For more information on JConsole security, go to:

   http://java.sun.com/j2se/1.5.0/docs/guide/management/agent.html#PasswordAccess
   

   Important:

   You must change the file access permissions for the jmxremote.password file. Do not skip this step.

7. Start OC4J.

You can now run JConsole and log in, using the user name and password combination defined in the jmxremote.password file. See Section 15.1, "Accessing JConsole" for more information.

3.10 Changing the Oracle Real-Time Decisions Port Number in OC4J

To change the Oracle RTD application port number, you must change the port number in OC4J, as follows:

1. Stop OC4J.

2. If you are using standalone OC4J, locate the file OC4J_HOME/j2ee/home/config/rtd-web-site.xml and open it for editing. If you are using Oracle Application Server, locate the file ORACLE_AS_HOME/j2ee/oc4j_instance/config/rtd-web-site.xml and open it for editing.

3. In the <web-site> tag, set the port attribute to the new port number.

4. If you are using SSL for client connections to Oracle RTD, repeat Steps 2 and 3 for rtd-secure-web-site.xml.

5. Start OC4J.