| Oracle® Fusion Middleware UCM VCR Adapter Guide for Oracle WebLogic Portal 10g Release 3 (10.3.2) Part Number E14664-01 |
|
|
View PDF |
| Oracle® Fusion Middleware UCM VCR Adapter Guide for Oracle WebLogic Portal 10g Release 3 (10.3.2) Part Number E14664-01 |
|
|
View PDF |
This chapter includes the following sections:
The installation process includes these tasks:
You must have the following UCM components installed to use the UCM VCR Adapter. For details on installing these components, refer to the UCM installation documentation.
Oracle Content Server 10gR3 (10.1.3.3.3) with Oracle Text Search (OracleTextSearch), Full Text Search (DATABASE.FULLTEXT), or Metadata-only Search (DATABASE.METADATA) configured.
Content Server Update Bundle Component Version 10.1.3.5.0 (CS10gR35UpdateBundle)
Folders_g (Included in CS10gR35UpdateBundle; unzip and install the file at component/CS10gR35UpdateBundle/extras/Folders_g.zip)
Site Studio 10gR4 (10.1.4.0.0) component
VCR/SPI for Site Studio 10gR4 (component named SiteStudioSPI-Only-10gR4_*.zip)
Note:
This component is available on Oracle E-Delivery as one of the components included in part number V16530-01 Oracle Universal Content Management Web Content Management 10gR3 (10.1.3.3.7) for Windows, Linux and Unix.Custom Link Form (ss_docname_link_form.htm) must be checked in. This form is available on OTN.
LinkManager8 component (included in CS10gR35UpdateBundle). This component is necessary to resolve SiteStudio document links. For example, this component must be enabled to determine which SiteStudio documents link to a given document.
Use Oracle Enterprise Pack for Eclipse (OEPE) to add a library reference from your enterprise application to the UCM VCR Adapter library.
Start Oracle Enterprise Pack for Eclipse.
In the Package Explorer, navigate to the <EAR_PROJECT>/EarContent/META-INF folder.
Right-click the file weblogic-application.xml and select Open With > WebLogic Deployment Descriptor Editor.
In the editor, select the Libraries tab.
Click the Add button, as shown in Figure 2-1.
In the Select WebLogic Shared Library dialog, click the Manage Shared Libraries link near the bottom of the dialog.
In the Preferences dialog, click Add.
In the Add WebLogic Shared Library dialog, click Browse, and open the following library:
<MW_HOME>/wlportal_10.3/content-mgmt/lib/j2ee-modules/ oracle-ucm-spi-app-lib.ear
In the Add WebLogic Shared Library dialog, click OK.
Verify that the library was added to the list of Shared Libraries and click OK.
In the Select WebLogic Shared Library dialog, select the oracle-ucm-spi-app-lib library, and click OK. The library appears in the Shared Libraries list of weblogic-application.xml.
Save the file weblogic-application.xml.
You have successfully added the UCM VCR Adapter library to your portal project.
You can configure or adjust UCM repository caches in two ways: in the EAR project file META-INF/p13n-cache-config.xml or in the Portal Administration Console (under Configuration & Monitoring > Service Administration). Cache settings made in the Portal Administration Console take precedence over the file-based settings. You can also flush the caches from the Portal Administration Console.
Notes:
If you already have a
p13n-cache-config.xml file configured for another repository, simply add the UCM repository cache settings into that file.Table 2-1 and Table 2-2 describe the available cache settings in p13n-cache-config.xml. Table 2-1 describes the VCR caches, which are caches used by the VCR component. These caches are repository specific and can exist for any repository. Table 2-2 describes the SPI caches, which are specific to the UCM SPI Adapter component.
Note:
Cache settings described in Table 2-3, "Configuration File Elements" describe the configuration properties for the RIDC security cache, which is used for authorization decisions.The pattern for the cache entry names is <elementName>.<repositoryName>, where <repositoryName> is the name of the UCM repository as specified in the META-INF/content-config.xml file. For example, nodeCache.StellentRepository.
Note that <time-to-live> values are specified in milliseconds.
Table 2-1 VCR-Level Cache Entry Descriptions
| Cache Entry Name | Description |
|---|---|
|
nodeCache.<repositoryName> |
Caches node id to node instance for this repository. Defaults: enabled = true; time-to-live = 120000, max-entries = 200. |
|
nodePathCache.<repositoryName> |
Caches node path to node id for this repository. Defaults: enabled = true; time-to-live = 120000, max-entries = 200. |
|
typeCache.<repositoryName> |
Caches type id to type instance for this repository Defaults: enabled = true; time-to-live = 600000, max-entries = 200. |
|
typeNameCache.<repositoryName> |
Caches type name to type id for this repository. Defaults: enabled = true; time-to-live = 600000, max-entries = 200. |
|
binaryCache.<repositoryName> |
Defaults: enabled = true; time-to-live = 300000, max-entries = 50. Note: The maximum binary entry size is specified as the repository property binaryCacheMaxEntrySize which has a default value of 102400 bytes (100 kb). |
|
searchCache.<repositoryName> |
Caches search results for this repository. Defaults: enabled = true; time-to-live = 300000, max-entries = 500. |
|
nativeAuthCache.<repositoryName> |
Authorization cache for this repository when using native security. Defaults: enabled = true; time-to-live = 5000, max-entries = 5000. |
|
repositoryConfigCache.<repositoryName> |
Maximum = 20, time-to-live = (-1) (forever), enabled = true |
|
searchFTSPathCriteriaCache |
Maximum = 500, time-to-live = 1 hour |
|
searchExpressionPathCriteriaCache |
Maximum = 500, time-to-live = 1 hour |
Table 2-2 SPI-Level Cache Entry Descriptions
| Cache Entry Name | Description |
|---|---|
|
repo.ucm.typeNameCache.<repositoryName> |
Caches UCM server type metadata by type name. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
|
repo.ucm.nodePathToUidCache.<repositoryName> |
Caches UCM server node ids by node path. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
|
repo.ucm.nodeUidCache.<repositoryName> |
Caches UCM server node metadata by node id. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
|
repo.ucm.securityInfoCache.<repositoryName> |
Caches UCM server node security information. Defaults: enabled = true; time-to-live = 1800000 (30 minutes), max-entries = 5000 |
|
repo.ucm.typeNamesCache.<repositoryName> |
Caches the list of UCM type names. Defaults: enabled=true, time-to-live=1800000 (30 minutes), max-entries=5000. |
|
repo.ucm.indexedFieldsCache.<repositoryName> |
Caches information about which UCM fields are indexed. Defaults: enabled=true, time-to-live=1800000 (30 minutes), max-entries=5000. |
|
repo.ucm.securityUserCache.<repositoryName> |
Stores the association between a WLP user and the associated UCM server userID. Defaults: 5000 entries, time-to-live = 30 minutes |
|
repo.ucm.searchCriteriaCache.<repositoryName> |
Caches search criteria so repeated searches perform well. Defaults: enabled=true, time-to-live=3600000 (1 hour), max-entries=500. |
Note:
To configure the UCM SPI RIDC security cache settings described in Table 2-3, you must add the entries as<repository-property> elements in content-config.xml.Example 2-1 presents a sample META-INF/p13n-cache-config.xml file.
Example 2-1 Sample p13n-cache-config.xml File
<?xml version="1.0" encoding="UTF-8"?>
<p13n-cache-config xmlns="http://www.bea.com/ns/p13n/90/p13n-cache-config">
<cache>
<name>nodeCache.MyUcmRepo</name>
<enabled>true</enabled>
<time-to-live>600000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.nodePathToUidCache.StellentRepository</name>
<enabled>true</enabled>
<time-to-live>10000</time-to-live>
<max-entries>2000</max-entries>
</cache>
</p13n-cache-config>
After the adapter is added to your WLP project, you are ready to configure it. Configuring means specifying how the adapter will talk to the UCM content repository. For example, the adapter has to know where the UCM server is running, its port number, an admin account name, and so on.
There are two configuration scenarios to consider. If you primarily work with the IDE in a development environment, you can configure the adapter by editing a configuration file. If you are a portal administrator who uses the WLP Administration Console, you can use the Administration Console to configure the adapter.
This section explains how to configure the adapter using a configuration file. Developers working primarily in the IDE commonly use this method.
Note:
Because of the way in which WLP uses deployment plans, adapter configurations made in the WLP Administration Console take precedence over configurations made in thecontent-config.xml file.Open the content-config.xml file. This file is located in the META-INF directory of your Portal EAR Project.
Edit the required elements in the file using Table 2-3 and Example 2-2 as a guide.
Save the configuration file.
Redeploy the portal application.
Table 2-3 describes the elements in content-config.xml that you must configure to successfully use the adapter.
Table 2-3 Configuration File Elements
| Element | Description |
|---|---|
|
class-name |
(Required) The class name of the adapter, which is com.oracle.content.spi.ucm.RepositoryImpl. |
|
username |
(Optional) If you use the global config user security option (see Section 2.4.1, "WLP-Secured Global Config User" or Section 2.4.2, "Natively-Secured Global Config User"), this element specifies the UCM Server user name that is used to retrieve data from UCM, regardless of the WLP user. In other words, all WLP users in an enterprise application will see the data for this UCM repository instance. Note: If you configure the identity propagation option, do not specify this element (see Section 2.4.3, "Identity Propagation with Native Security"). |
|
ContentServerHostname |
(Required) The hostname or IP address of the server on which the UCM repository is running. |
|
ContentServerPort |
(Required) The Intradoc port number on which the UCM repository is listening. This corresponds to the IntradocServerPort setting in the Content Server configuration file, which defaults to port 4444. You can also find this setting by accessing the UCM server with a browser as an admin, clicking on Administration > Configuration for xxx, then clicking on the Server Configurations link. Configure the UCM SPI to use the 'Server Port'. |
|
ContentServerAdminUser |
(Required) The user name of a valid administrative user of the UCM repository. This user must have the admin role. |
|
ContentServerServiceType |
(Required) Protocol used to connect with the UCM Server. Valid options are INTRADOC or INTRADOC_SSL. INTRADOC is the default. |
|
ContentServerSSLKeyStoreFile |
Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The absolute path to the client SSL keystore file. |
|
ContentServerSSLKeyStorePassword |
SSL keystore password. Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The SSL keystore password. |
|
ContentServerSSLKeyStoreAlias |
Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The SSL keystore alias name. |
|
ContentServerSSLKeyStoreAliasPassword |
Required (and only used) if ContentServerServiceType is INTRADOC_SSL. The SSL keystore alias password. |
|
CacheInvalidationInterval |
(Optional) Polling interval in minutes for the UCM Adapter CacheInvalidator IntervalJob (must be equal to or greater than 2 minutes). This cache automatically invalidates cached content in WLP as content is changed on the UCM server. If you set it to 0, automatic cache invalidation will be disabled for this repository. |
|
folder_badge_objectClasses |
(Required) Specifies a list of UCM ObjectClasses that are displayed as folders in the WLP Administration Console. For the UCM VCR adapter, set this value to IDC:Folder. |
|
TypeRetrievalShapeUser |
(Required) Specifies a UCM user account that is used to retrieve all types (ObjectClasses) from UCM. UCM profiles can take into account the UCM user when determining which fields are on a profile. WLP uses this setting to ensure that the UCM type retrieval is identical regardless of the WLP user. This user account does not need any special roles on the UCM server. Note: If you want to create documents of various security groups, the configured |
|
useNativeSecurity |
When this element is enabled, the native UCM security will be used to secure content. When disabled, the VCR federated security (entitlements) will be used to secure content in addition to the native UCM security. Default is false (disabled). For more information, Section 2.4, "Security Mapping." Note: For best performance, use native security (useNativeSecurity = true). |
|
SecurityCacheSize |
Used in the default RIDC security cache configuration size. Add this entry as |
|
SecurityUserCacheTtl |
Used in the default RIDC security cache configuration. Add this entry as |
|
SecurityServerCacheTtl |
This time to live value is only used if accounts or ACL are used. Add this RIDC security cache entry as |
|
ContentServerConnectionTimeout |
(Optional) The maximum time (in msec) to wait when connecting to the UCM server. Default=30 seconds |
|
ContentServerConnectionPoolSize |
(Optional) Optional. The maximum connection pool size. Default=20 |
|
ContentServerSocketTimeout |
(Optional) The maximum time to wait (in msec) for a UCM server response. Default=70 seconds. |
|
ForceDeleteFolders |
(Optional) only used if the Trash folder is enabled on the UCM instance. If set to true, then deleting a folder or document will remove it immediately, bypassing the trash. If set to false, then deleting a folder or document will move it to the trash. |
Example 2-2 shows a sample configuration file with the required elements highlighted in bold type.
Example 2-2 Sample Configuration for the UCM VCR Adapter
<!-- UCM test repository -->
<content-store>
<name>UCMRepository</name>
<class-name>com.oracle.content.spi.ucm.RepositoryImpl
</class-name>
<username>wlpApp</username>
<repository-property>
<description>Hostname on which the UCM Content Server is running
</description>
<name>ContentServerHostname</name>
<value>10.221.19.72</value>
</repository-property>
<repository-property>
<description>Port on which the UCM Content Server is running (on
host named above)
</description>
<name>ContentServerPort</name>
<value>4444</value>
</repository-property>
<repository-property>
<description>Content Server uname in Admin role, for
security checks
</description>
<name>ContentServerAdminUser</name>
<value>sysadmin</value>
</repository-property>
<repository-property>
<description>List of folder ObjectClasses</description>
<name>folder_badge_objectClasses</name>
<value>IDC:Folder</value>
</repository-property>
<repository-property>
<description>Single user for all type related interactions
</description>
<name>TypeRetrievalShapeUser</name>
<value>typeShapeUser</value>
</repository-property>
<repository-property>
<name>useNativeSecurity</name>
<value>false</value>
</repository-property>
<repository-property>
<description>Protocol used to connect with the UCM Server.
Valid options are INTRADOC or INTRADOC_SSL. INTRADOC is the
default.
</description>
<name>ContentServerServiceType</name>
<value>INTRADOC</value>
</repository-property>
<repository-property>
<description>Content Server Username in Admin role, used
for security checks
</description>
<name>ContentServerAdminUser</name>
<value>sysadmin</value>
</repository-property>
<repository-property>
<description>Polling interval for the
CacheInvalidator IntervalJob
(must be equal to or greater than 2 min)
</description>
<name>CacheInvalidationInterval</name>
<value>2</value>
</repository-property>
<repository-property>
<description>Location on the filesystem of the
client SSL keystore
file. Only used when ContentServerServiceType
is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystoreFile</name>
<value>c:/client_keystore</value>
</repository-property>
<repository-property>
<description>SSL keystore password. Only used when
ContentServerServiceType is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystorePassword</name>
<value>idcidc</value>
</repository-property>
<repository-property>
<description>SSL keystore alias name. Only used when
ContentServerServiceType is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystoreAlias</name>
<value>SecureClient</value>
</repository-property>
<repository-property>
<description>SSL keystore alias password. Only used when
ContentServerServiceType is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystoreAliasPassword</name>
<value>idcidc</value>
</repository-property>
<read-only>true</read-only>
<binary-cache-max-entry-size>102400</binary-cache-max-entry-size>
<!-- metadata search -->
<search-is-enabled>true</search-is-enabled>
<!-- full text search -->
<fulltext-search-is-enabled>true</fulltext-search-is-enabled>
<search-indexing-is-enabled>false</search-indexing-is-enabled>
</content-store>
Users who typically work on staged or production portals use the WebLogic Portal Administration Console to configure content repositories. This section summarizes the basic configuration steps for this scenario. For more detailed instructions, see "Configuring Additional Repositories" in the Oracle Fusion Middleware Content Management Guide for Oracle WebLogic Portal.
Once the UCM repository is deployed and running it must be connected to WebLogic Portal so that it appears as part of its Virtual Content Repository. To add the UCM repository:
Open the WebLogic Portal Administration Console.
Select the Content tab to enter the Content Management page.
Select the Repositories link to view the repositories. This link is above the tree view on the left.
Click Virtual Content Repository at the top of the repository tree.
In the editor pane to the right, click the Add Repository Connection button.
Complete the Add Repository Connection dialog with the following information:
| Field | Description |
|---|---|
| Name | A name you choose for the adapter. |
| Connection Class | (Required) The class name of the adapter, which is com.oracle.content.spi.ucm.RepositoryImpl. |
| Datasource JNDI name | Not required. |
| Username | If using the global config user option (all users of the application use the same credentials to connect to UCM), this field specifies the user name of a valid user of the UCM repository. If not using the global config user option, leave this field blank. For more information on security, see Section 2.4, "Security Mapping." |
| Password | Not necessary for the UCM VCR Adapter. |
| Enable Library Services | Set this field to false. |
Click Create. The new repository appears in the repository tree on the left hand side.
Note:
If you receive an error after clicking Create, click the Refresh Tree button. The words “can't connect” appear next to the new repository name in the Administration Console. To correct the problem, select the new repository and use the Add Property dialog to add the required properties indicated by the error message: ContentServerHostname, ContentServerPort, ContentServerAdminUser.Using the Administration Console, configure the same repository properties listed and described previously in Table 2-3, "Configuration File Elements".
This section explains how to configure UCM to work with the UCM VCR Adapter. Refer to the UCM documentation for details on performing the configurations described in this section.
The Intradoc server port requires two configurations:
IntradocServerPort – The UCM SPI accesses the UCM Content Server through the RIDC libraries. By default, the RIDC libraries communicate with the UCM server over the Intradoc server socket port.
SocketHostAddressSecurityFilter – The security filter setting specifies which client hosts are allowed to contact the UCM server over the Intradoc server socket port. The security filter must be configured to support, at a minimum, the set of hosts that the UCM SPI runs on.
To configure these server port settings:
In your UCM server config.cfg file, enable the Intradoc server socket port and the security filter, by adding lines like the following:
IntradocServerPort=4444 SocketHostAddressSecurityFilter=10.143.121.150 or *.*.*.*
Restart the UCM server.
Note:
See the UCM documentation for more details on these settings.By default, a UCM server does not have a profile trigger field configured. This section explains how to select a profile trigger field if one has not already been selected.
Note:
The trigger field is an important setting in the UCM server. This field is used to customize the Content Server UI for various types of data. Once the trigger field is selected, it is difficult to change the setting, and doing so can affect the Content Server UI. It's important to carefully consider which trigger field to use. See UCM documentation for more details.To select a profile trigger field:
In a browser, access the content server and log in as an Administrator.
Select Admin Applets from the Administration menu.
Open the Configuration Manager applet.
Select the Profiles tab.
At the top of the screen, the current Trigger Field is displayed; for example: Trigger Field: dDocType.
If the Trigger Field is not currently configured, click Select and select the desired field.
Note:
Only perform this task if the Content Server is configured to use the OracleText search engine. You can verify configuration, inspect theSearchIndexerEngineName setting in the UCM config.cfg file. If it is set to OracleTextSearch, then the OracleText search engine is in use.In the UCM server, the dOriginalName field stores the filename of a document. By default, the OracleText search engine performs substring matches when searching on filenames, even if the VCR client requests an exact match.
To configure UCM so exact matches are possible:
Select Text Search Admin from the Administration menu.
In the set of non-optimized fields on the left-hand side, in the Special section, select Original Name and click the arrow to move it to the right side of the screen.
Click Update.
If necessary, rebuild the search index as follows:
Select Admin Applets from the Administration menu.
Open the Repository Manager applet and select the Indexer tab.
In the Collection Rebuild Cycle section, click Start to begin indexing.
When the State is Finished, the indexing is complete.
There are three ways to configure the security and credential mappings between the UCM Adapter and the UCM instance.
Section 2.4.3, "Identity Propagation with Native Security"
Note:
The VCR adapter user identity propagation to the UCM content server will not work properly if the UCM Content Server users that are being referenced by WLP exist in an ActiveDirectory and the UCM Content Server has been configured to use a non-LDAP based ActiveDirectory. This configuration is not supported.A local or global user identity store will work, as will an external LDAP-based store (either ActiveDirectory or other LDAP).
Note:
For best performance, use native security (useNativeSecurity = true).Note:
By default, UCM allows users that do not exist in the UCM user store to connect. They are implicitly mapped to the guest role. For example, if you configure an invalid UCM username in the adapter configuration, WLP will access UCM as a user in the guest role. If not immediately apparent, this will generally become noticeable when you go to create content or edit content via the WLP Adapter, since users in the guest role generally cannot create or edit content in UCM.All users in the application use the same credentials to connect to the UCM instance. The data is secured through both UCM (based on the username) and WebLogic Portal. This is the configuration to use if you plan to use WLP Entitlements and/or Delegated Administration on content. Configure this type of security with these settings in the META-INF/content-config.xml file in the EAR Project, as described in the following table.
| Field | Value |
|---|---|
| Username | The user name of a valid user of the UCM repository. The UCM content this user can access may be further reduced by applying entitlements in WLP. If you plan to use WLP Entitlements or Delegated Administration, select a username with the desired level of access to content. WLP users will have 'at most' the privileges of this UCM username. |
| useNativeSecurity | false |
All users in the application use the same credentials to connect to the UCM instance. Data is secured through UCM. WLP Content Entitlements will not apply. Configure this type of security with these settings in the META-INF/content-config.xml file in the EAR Project:
| Field | Value |
|---|---|
| Username | The user name of a valid user of the UCM repository. The UCM content this user can access will be exposed in WLP. |
| useNativeSecurity | true |
WebLogic Portal and UCM use the same security store, such as a shared LDAP store. Each WLP user sees in the application what they are permitted to see on the UCM side. Entitlements (WLP content security) are disabled.
| Field | Value |
|---|---|
| Username | Do not set a value for this field. |
| useNativeSecurity | true |
To verify the installation, open the WLP Administration Console, go to the Content Management section, and attempt to browse to the UCM repository and view its contents or types.
|
 Copyright © 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
|