Steps to Build and Run the Docker Image
-
Download the domain binary files, Service Layer Distribution as mentioned in the Pre-requisites section of this document.
- Extract the Service distribution.
- Create a directory named externallibs to place the third-party application libraries, configuration, and the property files required.
-
Copy the downloaded Service distribution zip under the externallibs/zip.
- Copy the following configuration files from <Service distribution zip>/conf directory into the externallibs/conf directory:
- EDKeyValue.dat
- Encryption.properties
- ESAPI.properties
- Service.properties
- service-coherence-cache-config.xml
- service-coherence-config.xml
- logging.properties
- Copy the following files from the <Service distribution zip>/libs directory into the externallibs directory:
commons-logging-1.3.5.jar
eclipselink-2.7.16.jar
jakarta.persistence-2.2.3.jar
Note: Rename all the jars without version names. This is to avoid version updates in the Docker script.
Example
commons-logging.jar
eclipselink.jar
jakarta.persistence.jar
Download aspectj 1.9.1.jar from
https://www.eclipse.org/downloads/download.php?file=/tools/aspectj/aspectj-1.9.1.jar
Open aspectj-1.9.1.jar with an unzipping software and retrieve aspectjrt.jar and aspectjweaver.jar from the lib folder.
Copy aspectjrt.jar and aspectjweaver.jar into externallibs sub-directory.
Coherence Jars
Copy Coherence Executor jars from Oracle WebLogic Installation directory to externallibs folder
.. ../Middleware/Oracle_Home/coherence/lib/coherence.jar
-
If the Service Layer application is ATP compliant, then copy the required ATP (Autonomous Transaction Processing) database files under the externallibs/shared directory.
The sample folder structure is as follows:
- Under the ojdbc folder:
-
Copy all the libs to the ojdbc folder.
-
Under the wallet folder:
Note: Maintain the externallibs folder and place the required libraries and the supported files which are discussed in earlier steps.
The sample folder structure is as follows:
Under the conf folder,
Note: Place the Service Layer build artifacts that are downloaded from the Oracle Software Delivery Cloud in the externallibs> zip directory.
Provide the ServiceLayer Security realm details in “realm.properties” file (externallibs/jmeter/)
From the copied location, execute the below command:
docker build format:
$ docker build -t <Image_Name>:<Image_Tag> --build-arg APP_DOMAIN_NAME="<Domain_Name>" --build-arg APP_VERSION="<Build Release Version>" .
docker build example:
$ docker build -t sl_wls:12.1.0.0 --build-arg APP_DOMAIN_NAME="sl_domain" --build-arg APP_VERSION="12.1.0.0"
To start the containerized Service Layer application, run
docker run format:
$ docker run -itd --privileged -v /path/to/the/externallibs:/u01/oracle/externallibs --env-file /path/to/the/sl_env.dat --name <Container_Name> --hostname <Container_HostName> -p <AdminServer_External_Port>:<AdminServer_Container_Port> -p <MS_External_Port>:<MS_Container_Port> <Image_Name>:<Image_Tag> createServer.sh $DB_TYPE
docker run example:
For Oracle:
docker run -itd --privileged -v /path/to/the/externallibs/:/u01/oracle/externallibs --env-file /home/sl_env.dat --name sl_wls --hostname slwlsadmin -p 8030:8030 -p 8031:8031 --sysctl net.ipv4.ip_local_port_range="1024 65000" sl_wls:12.1.0.0 createServer.sh ORACLE
For MSSQL:
docker run -itd --privileged -v /path/to/the/externallibs/:/u01/oracle/externallibs --env-file /home/sl_env.dat --name sl_wls --hostname slwlsadmin -p 8030:8030 -p 8031:8031 --sysctl net.ipv4.ip_local_port_range="1024 65000" sl_wls:12.1.0.0 createServer.sh MSSQL
Make Sure you define the Database names as below only (Case Sensitive)
Oracle Database: ORACLE
SQL Database: MSSQL
Check docker logs:
$ docker logs -f sl_wls
Note: The "APP_DOMAIN_NAME" build argument from the "docker build ...." command and the "--hostname" flag from the "docker run" commands should be the same which you denoted in the sl_env.dat file.
RBAC: Role Based Access Control
Service Layer authorization model is based on role based access control. Roles and Policies will be defined for each service and that will determine the access privilege a user or a group of users would have in the system. RBAC is made of four elements:
-
Roles - Bring Users, Groups, Policies together. Roles define what users can do with a resource.
-
Users - Principal that is requesting access to a resource.
-
Policies - List of rules that defines access to a resource.
-
Resources - Things that the user needs to grant access to.
Role Definition for Service Layer
The roles defined for Service Layer will be per service rather than per resource. Roles by service means that each service will define roles required to access that particular service. For instance, a Policy Service will define roles that will be used by Segments and Roles with-in that policy. The roles are not defined by resources or entities. Since segments and policy roles can not be accessed outside the context of a policy.
| Role Name | Role Description | Role Privilege | Role Association |
| SL_ADMIN | Service Layer Administrator | Permit All | All Services |
| POLICY_READ | Policy Read Access | GET | Policy |
| POLICY_CREATE | Policy Write Access For Create | POST | Policy |
| POLICY_UPDATE | Policy Write Access For Update | PUT | Policy |
| POLICY_DELETE | Policy Delete Access | DELETE | Policy |
| CLIENT_READ | Client Read Access | GET | Client |
| CLIENT_CREATE | Client Write Access For Create | POST | Client |
| CLIENT_UPDATE | Client Write Access For Update | PUT | Client |
| CLIENT_DELETE | Client Delete Access | DELETE | Client |
| CASE_READ | Case Read Access | GET | Case |
| CASE_CREATE | Case Write Access For Create | POST | Case |
| CASE_UPDATE | Case Write Access For Update | PUT | Case |
| CASE_DELETE | Case Delete Access | DELETE | Case |
| GROUPCUSTOMER_READ | Customer Read Access | GET | Customer |
|
GROUPCUSTOMER_CREATE |
Customer Write Access For Create | POST | Customer |
| GROUPCUSTOMER_UPDATE | Customer Write Access For Update | PUT | Customer |
| GROUPCUSTOMER_DELETE | Customer Delete Access | DELETE | Customer |
| CLIENTRELATIONSHIP_READ | Client Relationship | GET | Client Relationship |
|
CLIENTRELATIONSHIP_CREATE |
Client Relationship Write Access For Create |
POST | Client Relationship |
| CLIENTRELATIONSHIP_UPDATE |
Client Relationship Write Access For Update |
PUT | Client Relationship |
| CLIENTRELATIONSHIP_DELETE |
Client Relationship Delete Access |
DELETE | Client Relationship |
| QUERY_READ | Query Read Access | GET | Query |
| QUERY_CREATE, QUERY_UPDATE | Query Write Access | POST | Query |
| QUERY_DELETE | Query Delete Access | DELETE | Query |
| COMPANY_READ | Company Read Access | GET | Company |
| PRODUCT_READ | Product Read Access | GET | Product |
| PLAN_READ | Plan Read Access | GET | Plan |
| SEGMENT_READ | Segment Read Access | GET | Segment |
| SEGMENT_CREATE | Segment Write Access For Create | POST | Segment |
| SEGMENT_UPDATE | Segment Write Access For Update | PUT | Segment |
| SEGMENT_DELETE | Segment Delete Access | DELETE | Segment |
| ROLE_READ | Role Read Access | GET | Role |
| ROLE_CREATE | Role Write Access For Create | POST | Role |
| ROLE_UPDATE | Role Write Access For Update | PUT | Role |
| ROLE_DELETE | Role Delete Access | DELETE | Role |
| SEGMENTROLE_READ | Segment Role Read Access | GET | Segment Role |
| SEGMENTROLE_CREATE | Segment Role Write Access For Create | POST | Segment Role |
| SEGMENTROLE_UPDATE | Segment Role Write Access For Update | PUT | SegmentRole |
| SEGMENTROLE_DELETE | Segment Role Delete Access | DELETE | Segment Role |
| REQUIREMENT_READ | Requirement Read Access | GET | Requirement |
| REQUIREMENT_CREATE | Requirement Write Access For Create | POST | Requirement |
| REQUIREMENT_UPDATE | Requirement Write Access For Update | PUT | Requirement |
| REQUIREMENT_DELETE | Requirement Delete Access | DELETE | Requirement |
| IMPAIRMENT_READ | Impairment Read Access | GET | Impairment |
| ADDRESS_READ | Address Read Access | GET | Address |
| ADDRESS_CREATE | Address Write Access For Create | POST | Address |
| ADDRESS_UPDATE | Address Write Access For Update | PUT | Address |
| ADDRESS_DELETE | Address Delete Access | DELETE | Address |
| PHONE_READ | Phone Read Access | GET | Phone |
| PHONE_CREATE | Phone Write Access For Create | POST | Phone |
| PHONE_UPDATE | Phone Write Access For Update | PUT | Phone |
| PHONE_DELETE | Phone Delete Access | DELETE | Phone |
|
DOMAINS_READ |
Allowed Domains Read access |
GET |
DOMAINS_READ |
|
DOMAINS_CREATE |
Allowed Domains Access For Create |
POST |
DOMAINS_CREATE |
|
DOMAINS_UPDATE |
Allowed Domains Access For Update |
PUT |
DOMAINS_UPDATE |
|
DOMAINS_DELETE |
Allowed Domains Delete Access |
DELETE |
DOMAINS_DELETE |
| REQUIREMENTRESULT_READ | RequirementResult Read Access | GET | RequirementResult |
| REQUIREMENTRESULT_CREATE | RequirementResult Write Access For Create | POST | RequirementResult |
| REQUIREMENTRESULT_UPDATE | RequirementResult Write Access For Update | PUT | RequirementResult |
| REQUIREMENTRESULT_PATCH | RequirementResult Patch Access | PATCH | RequirementResult |
| SUSPENSE_READ | Suspense Read Access | GET | Suspense |
| SUSPENSE_CREATE | Suspense Write Access For Create | POST | Suspense |
| SUSPENSE_UPDATE | Suspense Write Access For Update | PUT | Suspense |
| SUSPENSE_PATCH | Suspense Patch Access | PATCH | Suspense |
| WITHHOLDING_READ | Policy Withholding Read Access | GET | Policy Withholding |
| WITHHOLDING_CREATE | Policy Withholding Write Access For Create | POST | Policy Withholding |
| WITHHOLDING_UPDATE | Policy Withholding Write Access For Update | PUT | Policy Withholding |
| WITHHOLDING_PATCH | Policy Withholding Write Access For Patch | PATCH | Policy Withholding |
| WORKFLOWTASK_READ | WorkflowTask Read Access | GET | WorkflowTask |
| WORKFLOWTASK_CREATE | WorkflowTask Write Access For Create | POST | WorkflowTask |
| WORKFLOWTASK_UPDATE | WorkflowTask Write Access For Update | PUT | WorkflowTask |
| WORKFLOWTASK_PATCH | WorkflowTask Write Access For Patch | PATCH | WorkflowTask |
| RATEGROUP_READ | Rate Group Read Access | GET | Rate Group |
| RATEGROUP_CREATE | Rate Group Write Access For Create | POST | Rate Group |
| RATEGROUP_UPDATE | Rate Group Write Access For Update | PUT | Rate Group |
| RATEGROUP_PATCH | Rate Group Write Access For Patch | PATCH | Rate Group |
| RATE_READ | Rate Read Access | GET | Rate |
| RATE_CREATE | Rate Write Access For Create | POST | Rate |
| RATE_UPDATE | Rate Write Access For Update | PUT | Rate |
| RATE_PATCH | Rate Write Access For Patch | PATCH | Rate |
| RATE_DELETE | Rate Delete Access | DELETE | Rate |
| RATEGROUPRELATIONSHIP_READ | Rate Group Relationship Read Access | GET | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_CREATE | Rate Group Relationship Write Access For Create | POST | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_UPDATE | Rate Group Relationship Write Access For Update | PUT | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_PATCH | Rate Group Relationship Write Access For Patch | PATCH | Rate Group Relationship |
| RATEGROUPRELATIONSHIP_DELETE | Rate Group Relationship Delete Access | DELETE | Rate Group Relationship |
| POLICY_PATCH | Policy Patch Access | PATCH | Policy |
| SEGMENT_PATCH | Segment Patch Access | PATCH | Segment |
| ROLE_PATCH | Role Patch Access | PATCH | Role |
| SEGMENTROLE_PATCH | SegmentRole Patch Access | PATCH | SegmentRole |
| REQUIREMENT_PATCH | Requirement Patch Access | PATCH | Requirement |
| CLIENT_PATCH | Client Patch Access | PATCH | Client |
| ADDRESS_PATCH | Address Patch Access | PATCH | Address |
| PHONE_PATCH | Phone Patch Access | PATCH | Phone |
| CASE_PATCH | Case Patch Access | PATCH | Case |
| GROUPCUSTOMER_PATCH | GroupCustomer Patch Access | PATCH | GroupCustomer |
| USER_PATCH | User Patch Access | PATCH | User |
| SECURITYGROUP_PATCH | SecurityGroup Patch Access | PATCH | SecurityGroup |
| DOMAINS_PATCH | Domain Patch Access | PATCH | Domain |
| OUTBOUNDAPPLICATION_PATCH | JMSOutboundApplication Patch Access | PATCH | JMSOutboundApplication |
| OUTBOUNDAPPLICATION_PATCH | SoapOutboundApplication Patch Access | PATCH | SoapOutboundApplication |
| OUTBOUNDAPPLICATION_PATCH | RestOutboundApplication Patch Access | PATCH | RestOutboundApplication |
| OUTBOUNDSECURITY_PATCH | JmsSecurity Patch Access | PATCH | JmsSecurity |
| OUTBOUNDSECURITY_PATCH | SoapSecurity Patch Access | PATCH | SoapSecurity |
| OUTBOUNDSECURITY_PATCH | RestSecurity Patch Access | PATCH | RestSecurity |
Service Layer Admin Console Domain Structure
Deployments
OIPA Service Layer Documentation
