This chapter describes how to create a login and password for custom applications to access Oracle Communications Billing and Revenue Management (BRM). It also includes a section about modifying the customer login policy to avoid duplicate login/service combinations in branding environments.
For general information about permissions and passwords, see "Implementing system security" in BRM System Administrator's Guide.
You can use the default root account to login. However, to properly manage access and permissions to BRM, you must create a BRM account for each custom application that you create.
To change the default login for your application, perform the following tasks:
Use Customer Center to create a BRM account with pcm_client service for your application.
See "Creating an Account for Your Application".
You can create an account for each instance of the application to manage permissions to a fine detail of control.
Provide the login and password to the application at runtime. See "Providing Login and Password to Your Custom Application" for instructions.
To prevent unwanted billing, the account that owns your custom /service/pcm_client and /service/admin_client services must be nonbilling. You create a nonbilling account by specifying the billing type to PIN_BILL_TYPE_UNDEFINED.
For a complete list of billing types, see the BRM_Home/include/pin_cust.h file, where BRM_Home is the directory in which you installed BRM components.
To set up a nonbilling account:
Create an /account storable object.
For information on creating objects, see "Creating Custom Fields and Storable Classes".
Change its PIN_FLD_BILL_TYPE value to PIN_BILL_TYPE_UNDEFINED.
Use Customer Center to create an account with service/pcm_client for your custom application.
You can use one of the following methods to pass the login and password to your application:
You can have the application user enter the login and password at runtime. This is the most secure way because there are no configuration files to be read.
To use this method, call PCM_CONTEXT_OPEN in your application and build a login flist.
You can get the login name and password from the application configuration file. This method allows the application to start automatically and reconnect. However, you must secure the configuration file to prevent unauthorized access.
To use this method, call PCM_CONNECT in your application to open a PCM context.
This routine reads the login type, name and password entries from your application configuration file. It then calls PCM_CONTEXT_OPEN with an input flist containing values for login type, name, and password from the configuration file.
For an example of how to use this routine, see sample_app.c located in BRM_SDK_Home/source/samples/apps/c.
After you create the new service and account for your application, edit the userid entry in your application configuration file to point to the new service you created.
You can specify that your application requires a login name and password to connect to BRM by setting the login type to 1 in the login information section of your applications's configuration file.
In your application's configuration file, include entries for login type, name, and password using this syntax:
- nap login_type login_type - nap login_name login_name - nap login_pw password
Example:
- nap login_type 1 - nap login_name Portal_user - nap login_pw
You can create several admin_client services with different permissions to manage access and permissions to BRM components. Permissions are stored in the /service/admin_client storable object in the PIN_FLD_PERMITTEDS array.
Create the /service/admin_client storable objects that are owned by several accounts.
For information on creating storable objects, see "Creating Custom Fields and Storable Classes".
Add as many permissions to the service permissions array (PIN_FLD_PERMITTEDS) as you want.
For information about the array's format, see the /service/admin_client storable class specification.
You can use the optional RADIUS Manager to require a login and password for all access to BRM. You can configure RADIUS Manager to do login and password checking for any custom situation, such as Web access. To enable this feature:
Modify your application to intercept request for access to BRM from all applications.
Make verification function calls to verify the request before allowing access to BRM.
See the descriptions of the following opcodes for more information:
PCM_OP_ACT_POL_SPEC_VERIFY
PCM_OP_ACT_FIND_VERIFY
PCM_OP_CUST_POL_PREP_LOGIN
PCM_OP_CUST_POL_PREP_PASSWD
PCM_OP_CUST_POL_VALID_LOGIN
PCM_OP_CUST_POL_VALID_PASSWD
PCM_OP_MAIL_LOGIN_VERIFY
PCM_OP_MAIL_DELIV_VERIFY
If your BRM environment uses branding, you may need to ensure that only one brand contains a particular login/service combination. You can modify the customer login policy to extract the brand's domain name from the brand account's uniform resource locator (URL) field, and append it to the customer's login. The domain used for the customer's login is the domain defined for the brand in Configuration Center. For example, if the URL for the brand "East Coast Enterprises" is www.ecoastent.com, and a user has the login jmcgee, the login policy changes the login to jmcgee@ecoastent.com.
By default, the login policy retrieves the domain name for a customer login ID from the CM pin.conf file. If you have a branded BRM system, you can customize this policy to retrieve the domain name from the brand account's URL field, and append it to a customer's login ID.
To retrieve the domain name for a customer's email address, follow the example below.
Open the fm_cust_pol_prep_login.c source file.
Define the GetDomain() function:
static char * GetDomain pcm_context_t *ctxp, poid_t *o_pdp, pin_errbuf_t *ebufp, int32 *err);
Locate the following lines of code that look up the pin.conf file for the default domain name:
/* If conf'ed force default domain */ pin_conf("fm_cust_pol", "domain", PIN_FLDT_STR, (caddr_t *)&(domain), &(err)); if (domain != (char *)NULL) {
Replace this code with the following lines:
if (!strncmp(type, "/service/email", 14)) { /* force brand-specific domain */ domain = GetDomain(ctxp, o_pdp, ebufp, &err); if (domain != (char *)NULL) {
This causes BRM to use the brand domain for customers' email service.
Add the following lines to the fm_cust_pol_prep_login.c source file:
/************************************************************** * Begin Customization **************************************************************/ static char * GetDomain( pcm_context_t *ctxp, poid_t *o_pdp, pin_errbuf_t *ebufp, int32 *err) { char *domain = NULL, *tmp = NULL; char buf[80]; pin_flist_t *i_flistp = NULL; pin_flist_t *r_flistp = NULL; poid_t *a_pdp = NULL; poid_t *b_pdp = NULL; //Get Account POID i_flistp = PIN_FLIST_CREATE(ebufp); PIN_FLIST_FLD_SET(i_flistp, PIN_FLD_POID, o_pdp, ebufp); PIN_FLIST_FLD_SET(i_flistp, PIN_FLD_ACCOUNT_OBJ, NULL, ebufp); PIN_ERR_LOG_FLIST(PIN_ERR_LEVEL_DEBUG, "Get Account POID input", i_flistp); PCM_OP(ctxp, PCM_OP_READ_FLDS, 0, i_flistp, &r_flistp, ebufp); PIN_ERR_LOG_FLIST(PIN_ERR_LEVEL_DEBUG, "Get Account POID output", r_flistp); if (PIN_ERR_IS_ERR(ebufp)) { if (i_flistp) PIN_FLIST_DESTROY(i_flistp, ebufp); if (r_flistp) PIN_FLIST_DESTROY(r_flistp, ebufp); return NULL; } a_pdp = PIN_FLIST_FLD_TAKE(r_flistp, PIN_FLD_ACCOUNT_OBJ, 0, ebufp); //Now you have the account POID in a_pdp PIN_FLIST_DESTROY(i_flistp, ebufp); PIN_FLIST_DESTROY(r_flistp, ebufp); i_flistp = r_flistp = NULL; //Get the account type i_flistp = PIN_FLIST_CREATE(ebufp); PIN_FLIST_FLD_PUT(i_flistp, PIN_FLD_POID, a_pdp, ebufp); PIN_FLIST_FLD_SET(i_flistp, PIN_FLD_ACCOUNT_TYPE, NULL, ebufp); PIN_FLIST_FLD_SET(i_flistp, PIN_FLD_BRAND_OBJ, NULL, ebufp); PIN_ERR_LOG_FLIST(PIN_ERR_LEVEL_DEBUG, "Get Account type input", i_flistp); PCM_OP(ctxp, PCM_OP_READ_FLDS, 0, i_flistp, &r_flistp, ebufp); PIN_ERR_LOG_FLIST(PIN_ERR_LEVEL_DEBUG, "Get Account type output", r_flistp); if (PIN_ERR_IS_ERR(ebufp)) { if (i_flistp) PIN_FLIST_DESTROY(i_flistp, ebufp); if (r_flistp) PIN_FLIST_DESTROY(r_flistp, ebufp); return NULL; } //Get the brand object b_pdp = PIN_FLIST_FLD_TAKE(r_flistp, PIN_FLD_BRAND_OBJ, 0, ebufp); PIN_FLIST_DESTROY(i_flistp, ebufp); PIN_FLIST_DESTROY(r_flistp, ebufp); i_flistp = r_flistp = NULL; //if a brand exists if (PIN_POID_GET_ID(b_pdp) != 1) { //Get the brand URL i_flistp = PIN_FLIST_CREATE(ebufp); PIN_FLIST_FLD_PUT(i_flistp, PIN_FLD_POID, b_pdp, ebufp); PIN_FLIST_FLD_SET(i_flistp, PIN_FLD_AAC_SOURCE, NULL, ebufp); PIN_ERR_LOG_FLIST(PIN_ERR_LEVEL_DEBUG, "Get Brand POID input", i_flistp); PCM_OP(ctxp, PCM_OP_READ_FLDS, 0, i_flistp, &r_flistp, ebufp); PIN_ERR_LOG_FLIST(PIN_ERR_LEVEL_DEBUG, "Get Brand POID output", r_flistp); if (PIN_ERR_IS_ERR(ebufp)) { PIN_FLIST_DESTROY_EX(&i_flistp, ebufp); PIN_FLIST_DESTROY_EX(&r_flistp, ebufp); if (b_pdp) PIN_POID_DESTROY(b_pdp, ebufp); return NULL; } tmp = PIN_FLIST_FLD_GET(r_flistp, PIN_FLD_AAC_SOURCE, 1, ebufp); // if we get the URL if (tmp) { domain = (char *) malloc(255); //You have the URL; now extract the domain name from it if(strchr(tmp, '.')) { strcpy(domain, (strchr(tmp, '.')+1)); } else { strcpy(domain, tmp); } } else // else use system default { pin_conf("fm_cust_pol", "domain", PIN_FLDT_STR, (caddr_t *)&(domain), err); } PIN_FLIST_DESTROY_EX(&i_flistp, ebufp); PIN_FLIST_DESTROY_EX(&r_flistp, ebufp); i_flistp = r_flistp = NULL; } else { PIN_POID_DESTROY(b_pdp, ebufp); pin_conf("fm_cust_pol", "domain", PIN_FLDT_STR, (caddr_t *)&(domain), err); } return domain; } /************************************************************** * End Customization ********************************************************/