Before configuring the settings on the Security Service Module
tab, you must perform the following prerequisite tasks:
Test the SSM Installation
Because the Enterprise Gateway is running a Java SSM internally, it is recommended that the example Java
SSM client that ships with the OES installation is set up and configured. This example can be found
in the following directory:
/ales32-ssm/java-ssm/examples/JavaAPIExample
Follow the instructions in the README file in this directory to test the installation. When the
testing of the JavaAPIExample is complete, all the configuration files for an SSM
instance are located in the /ales32-ssm/java-ssm/SSM-Name directory, where
SSM-Name is the name of the SSM setup when testing the example.
Configure the Enterprise Gateway Classpath
The Enterprise Gateway classpath must be updated to include the JARs and configuration files for
the SSM instance. The jvm.xml file must be updated so that various
environment variables and the SSM-Name are updated to reflect the installation
of the Java SSM. At minimum, the following must be updated in jvm.xml :
| | |
|
<Environment name="BEA_HOME" value="/opt/apps/bea" >
<Environment name="INSTANCE_NAME" value="SSM-Name" >
| |
| | |
|
For example, to modify the classpath, place the following jvm.xml
in the conf directory of the Enterprise Gateway installation:
| | |
|
<!--Additional JVM settings to run with Oracle Entitlements Server BEA_HOME must be set to
the location where the SSM is installed-->
<ConfigurationFragment>
<!-- Environment variables -->
<!-- change these to match the location where the SSM has been installed and configured -->
<Environment name="BEA_HOME" value="/opt/apps/bea" />
<Environment name="ALES_SHARED_HOME" value="$BEA_HOME/ales32-shared" />
<!-- Name of the SSM running in the Gateway, replace the "SSM-Name" with the name of the
SSM for the Gateway -->
<Environment name="INSTANCE_NAME" value="SSM-Name" />
<Environment name="INSTANCE_HOME" value="$BEA_HOME/ales32-ssm/java-ssm/instance/$INSTANCE_NAME" />
<Environment name="PDP_PROXY" value="$INSTANCE_HOME/pdpproxy" />
<!-- Location of the Java SSM libraries -->
<!-- <ClassDir name="$BEA_HOME" /> -->
<ClassDir name="$BEA_HOME/ales32-ssm/java-ssm/lib" />
<ClassDir name="$BEA_HOME/ales32-ssm/java-ssm/lib/providers/ales" />
<!-- Add location of the SSM configuration to classpath -->
<ClassPath name="$INSTANCE_HOME/config/" />
<!-- Additional JVM parameters based on the %JAVA-OPTIONS% of set-env script in the SSM
instance running in the Gateway $BEA_HOME/ales32-ssm/java-ssm/instance/ssm-name/config-->
<VMArg name="-Dwles.scm.port=7005" />
<VMArg name="-Dwles.arme.port=8000" />
<VMArg name="-Dwles.config.signer=Oracle Entitlements Serverdemo.oracle.com" />
<VMArg name="-Dlog4j.configuration=file:$INSTANCE_HOME/config/log4j.properties" />
<VMArg name="-Dlog4j.ignoreTCL=true" />
<VMArg name="-Dwles.ssl.passwordFile=$ALES_SHARED_HOME/keys/password.xml" />
<VMArg name="-Dwles.ssl.passwordKeyFile=$ALES_SHARED_HOME/keys/password.key" />
<VMArg name="-Dwles.ssl.identityKeyStore=$ALES_SHARED_HOME/keys/identity.jceks" />
<VMArg name="-Dwles.ssl.identityKeyAlias=wles-ssm" />
<VMArg name="-Dwles.ssl.identityKeyPasswordAlias=wles-ssm" />
<VMArg name="-Dwles.ssl.trustedCAKeyStore=$ALES_SHARED_HOME/keys/trust.jks" />
<VMArg name="-Dwles.ssl.trustedPeerKeyStore=$ALES_SHARED_HOME/keys/peer.jks" />
<VMArg name="-Djava.io.tmpdir=$INSTANCE_HOME/work/jar_temp" />
<VMArg name="-Darme.configuration=$INSTANCE_HOME/config/WLESarme.properties" />
<VMArg name="-Dales.blm.home=$INSTANCE_HOME" />
<VMArg name="-Dkodo.Log=log4j" />
<VMArg name="-Dwles.scm.useSSL=true" />
<VMArg name="-Dwles.providers.dir=$BEA_HOME/ales32-ssm/java-ssm/lib/providers"/>
<VMArg name="-Dpdp.configuration.properties.location=$PDP_PROXY/PDPProxyConfiguration.properties"/>
</ConfigurationFragment>
| |
| | |
|
Centralize All Trace Output
Oracle’s Java SSM uses log4j to output any diagnostics. You can also add these messages
to the Enterprise Gateway trace output by adding the log4j that ships with the Enterprise Gateway to
the following file:
/ales32-ssm/java-ssm/SSM-NAME/conf/log4j.properties
Then the log4j.rootCategory=WARN, A1, ASIlogFile line includes a new
appender called VordelTrace as follows:
| | |
|
log4j.rootCategory=WARN, A1, ASIlogFile, VordelTrace
| |
| | |
|
Add the configuration for this new appender by adding the following line to the file:
| | |
|
log4j.appender.VordelTrace=com.vordel.trace.VordelTraceAppender
| |
| | |
|
You can now start the Enterprise Gateway so that it runs with the Java SSM classpath
and the centralized trace output.
Further Information
For more details on configuring and testing SSMs, see the Oracle SSM Installation
and Configuration Guide.
|