Bookshelf Home | Contents | Index | PDF     

Integration Guide for Oracle Billing Insight > Using an External Authentication System >

Configuring Oracle Billing Insight to use an LDAP System

You can configure Oracle Billing Insight for access using an LDAP user identity store. Spring Security supports LDAP authentication. Spring Security provides hooks for LDAP. You can customize the Spring Security implementation for your system requirements. For more information on how to implement customized hooks, see the Spring Security documentation at

http://static.springsource.org/spring-security

Also consult your LDAP system vender for information on integration with Spring Security.

Using an LDAP system replaces the Oracle Billing Insight user management functionality with the external system's functionality. You must customize your LDAP system to implement any Oracle Billing Insight user management features you require.

Example of Integrating Oracle Billing Insight with an LDAP System

This topic gives one example of integrating Oracle Billing Insight with an LDAP system on Oracle WebLogic. The specific steps and files required for your LDAP implementation will vary.

To configure Oracle Billing Insight to use an LDAP system

  1. Add the LDAP server URL to the spring-security.xml file, found in the EDX_HOME/\config\security\selfservice directory, where EDX_HOME is the directory where you installed Oracle Billing Insight:

    <security:ldap-server url="ldap://your_server_name:3060" />

  2. In the same file, change the authentication-provider to ldapAuthProvider:

    <security:authentication-manager alias="authenticationManager">
    <!--<security:authentication-provider ref="daoAuthenticationProvider" />-->
    <security:authentication-provider ref="ldapAuthProvider"/>
    </security:authentication-manager>

  3. Add the contextSource bean and set the LDAP URL, user dn, and password:

    <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://your_server_name:3060"/>
    <property name="userDn"
    value="cn=orcladmin,cn=Users,dc=us,dc=oracle,dc=com"/><property name="password" value="Welcome1"/></bean>

  4. Add the ldapAuthProvider bean, and configure the BindAuthenticator and DefaultLdapAuthoritiesPopulator. Implement the userDetailsContextMapper bean with your own class, for example:

    <bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
    <bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <constructor-arg ref="contextSource" /><property name="userSearch"><bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <constructor-arg index="0" value="cn=Users, dc=us,dc=oracle,dc=com"/>
    <constructor-arg index="1" value="(cn={0})"/>
    <constructor-arg index="2" ref="contextSource" />
    </bean></property></bean></constructor-arg><constructor-arg>
    <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="cn=Groups, dc=us,dc=oracle,dc=com" />
    <property name="groupSearchFilter" value="(uniquemember={0})"/>
    <property name="rolePrefix" value=""/>
    <property name="searchSubtree" value="true"/>
    <property name="convertToUpperCase" value="true"/>
    </bean>
    </constructor-arg>
    <property name="userDetailsContextMapper" ref="EBillingLdapUserDetailsMapper"/>
    </bean>
    <bean id="EBillingLdapUserDetailsMapper" class="com.edocs.common.security.authenticate.ldap.EBillingLdapUserDetailsMapper">
    <property name="userDetailsService"><ref bean="userDetailsService" />
    </property>
    </bean>

  5. Implement the UserDetailsContextMapper interface to map the LDAP context to Oracle Billing Insight user objects. The following example code represents a portion of such an implementation:

    public class EBillingLdapUserDetailsMapper extends LdapUserDetailsMapper { private EBillingUserDetailsService userDetailsService;public EBillingUserDetailsService getUserDetailsService() {return userDetailsService;}

    public void setUserDetailsService(EBillingUserDetailsService userDetailsService) {this.userDetailsService = userDetailsService;}

    public UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities) {return userDetailsService.loadUserByUsername(username);}}

    The creation of the UserDetails object is controlled by the provider's UserDetailsContextMapper implementation, which is responsible for mapping user objects to and from LDAP context data:

    public interface UserDetailsContextMapper {UserDetails mapUserFromContext(DirContextOperations ctx, String username, Collection<? extends GrantedAuthority> authorities);void mapUserToContext(UserDetails user, DirContextAdapter ctx);}

    
Integration Guide for Oracle Billing Insight Copyright © 2016, Oracle and/or its affiliates. All rights reserved. Legal Notices.