| Oracle® Identity Manager Concepts Release 9.1.0.1 Part Number E14065-01 |
|
|
View PDF |
| Oracle® Identity Manager Concepts Release 9.1.0.1 Part Number E14065-01 |
|
|
View PDF |
This chapter describes a context and its creation. It contains the following topics:
A context is the environment in which an Oracle Identity Manager operation is performed. For example, a user creation operation performed on the Admin console is carried out in the Web context. The following information constitutes the context or environment in which this operation is performed:
User performing the operation
IP address of the computer from which the user creation request originated
Date and time at which the request is submitted
Proxy that is used to reach the application server
At the same time, if the user is created by running the bulk load utility, then the context includes the user who started the bulk load utility, the computer from which the operation is being performed, and so on.
A context acts like a memory-based repository in which names and values of the context variables are stored. Each functional component involved in an operation can add variables into the context. Context values can only be set, they cannot be modified. The context values act as a means of communication across components involved in an operation.
Since, context values might be used in taking decisions during the operation, the context manager supports the concept of signed (verified) context values. In other words, context values placed in the context can be signed using a digital certificate. From that point onward, the context manager validates the value of a context variable whenever the value is loaded into the context. This validation includes a check, whether the value has been altered during either storage or communication, and if the system can trust the signer. However the context manager does not perform the validation as to if the signer can set that specific name and value. If such validations are to be performed, it will be the responsibility of the functional component that uses the name and value.
Context variable values are loaded into memory only when they are required. This enhances performance. A context also acts as a cache of the typical values required by event handlers. This helps reduce the need to fetch values from the repository each time the values are needed.
Each Context sits in a ThreadLocal variable so that multiple threads in the application server have their own Identity Management execution context.
A child context is a subcontext that is initiated while an operation is in progress. For example, if the Create User operation involves running a specific event handler, then the event handler is run in an environment that is a child of the one in which the user is being created. This means that contexts can be nested, and there can be a stack of contexts. New contexts can be created by functional components and further processing starts using the newly created context.
The context data is stored in the database. The format of the data is conducive to perform Extract, Transform, and Load (ETL) in the database so that it can be moved into reporting tables as required. The data model archives the data after its use.
A context can store values of different types, ranging from simple string, integer, and date types to complex types. The complex type is stored either as an XML value or a Binary value. Binary values are faster to retrieve, but XML values offer greater usability in terms of reporting.When the context values are transferred to remote services or used in BPEL or other XML formats, the following schema is applicable:
<?xml version="1.0" encoding="UTF-8"?>
<schema xmlns="http://www.w3.org/2001/XMLSchema"
xmlns:tns="http://www.example.org/context/"
targetNamespace="http://www.example.org/context/">
<complexType name="context-type">
<sequence>
<element name="context-value" type="tns:context-value-type">
</element>
<element name="parent-context" type="tns:context-type"></element>
</sequence>
</complexType>
<complexType name="context-value-type">
<sequence>
<element name="string-value" type="string"></element>
<element name="numaric-value" type="int"></element>
<element name="date-value" type="dateTime"></element>
<element name="large-string-value" type="any"></element>
<element name="binary-value" type="hexBinary"></element>
</sequence>
<attribute name="type" type="string"></attribute>
<attribute name="class" type="string"></attribute>
</complexType>
</schema>
The Context Manager creates an environment in which Oracle Identity Manager operations are performed. This environment/context is preserved in the database to allow Oracle Identity Manager operations to be executed asynchronously, and to enable auditing.
The Context Manager allows variables, objects, and run-time information to be stored in the context for the purposes of inter-component communication. The implication of having this intelligent context mechanism is far reaching. The Context Manager creates a place where the environment in which a specific operation is being performed is preserved.
The following sequence of steps outlines the working of a Context Manager.
Establish a new context.
Clear the context from the Thread.
Add a value to the context. While adding a value, assign a certificate to sign the value.
Note:
It is not possible to delete or modify a value once it is added to the context.Save the context into the database.
Load the context from the database.
Wrap the context into XML, so that the context can be passed while invoking remote methods.
Unwrap the XML context once it is retrieved in the remote API to re-establish the context.
|
 Copyright © 2009, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|