38 Enabling Authorization in Test Installations
Learn how to use the SDK to enable authorization in an Oracle Communications Billing Care test installation.
Topics in this document:
About Enabling Authorization in Test Installations
You use authorization to grant users the privileges appropriate for their job functions, while denying access to other functionality. Billing Care uses Oracle Platform Security Services (OPSS) to handle all authorization tasks.
By default, Billing Care test installations are installed without OPSS. The authorization feature is also disabled in the test installations. This enables the testing Billing Care instances to connect directly to your BRM system using the native WebLogic server user management.
However, if you want to test authorization in your Billing Care test installation without installing OPSS, you can enable authorization in Billing Care by using the Billing Care SDK. See "Enabling Authorization in Test Installations".
Note:
Use the Billing Care SDK to enable authorization only in your test or development installation. Do not use this customization in production installations.
Enabling Authorization in Test Installations
This section provides a high level overview of the process on how to enable authorization in a Billing Care test installation by using the Billing Care SDK.
The Billing Care SDK includes a sample OPSS manager (CustomOPSSManager) in the SDK_home/samples directory, where SDK_home is the directory where you installed the SDK. This sample contains the necessary configuration to enable authorization. Use this sample to enable authorization in the Billing Care test installation.
To enable authorization in the Billing Care test installation:
-
Using the SDK_home/samples/CustomOPSSManager directory, create a NetBeans IDE project with the same folder structure of the CustomOPSSManager directory. See "Creating the Billing Care NetBeans IDE Project" for more information.
-
(Optional) Modify the default authorization policies in your CustomConfigurations.xml file. See "Modifying Default Authorization Policies" for more information.
-
(Optional) Add custom authorization resources or actions in your CustomConfigurations.xml file. See "Adding Custom Authorization Resources and Actions" for more information.
-
Deploy your customizations to your Billing Care domain. See "Deploying Customizations" for more information.
Modifying Default Authorization Policies
To modify default authorization policies:
-
In a text editor, open the myproject/src/java/custom/configurations/CustomConfigurations.xml file, where myproject is the NetBeans IDE project that you created using the sample OPSS manager.
-
Search for the authorizationJSON key in the file:
<keyvals> <key>authorizationJSON</key> <value>[{"extension":null,"resourceName":"SuperUserResource","grantedActions":[],"deniedActions":["ANY"]},...</value> <desc>...</desc> </keyvals> -
Change the default actions for the authorization resources in the authorizationJSON key value as required.
To authorize the logged in user to perform adjustments, change the actions for the adjustment resource as shown in the following example:
{"extension":null,"resourceName":"AdjustmentResource","grantedActions":["Allocate","Make"],"deniedActions":[]}To deny the logged in user to perform adjustments, change the actions for the adjustment resource as shown in the following example:
{"extension":null,"resourceName":"AdjustmentResource","grantedActions":[],"deniedActions":["Allocate","Make"]}See the discussion about Billing Care authorization resources in Billing Care Security Guide for more information on the default authorization resources and actions supported in Billing Care.
-
Change or add transaction limits (obligations) for authorization by doing the following:
-
Search for the transaction limit mapping in the file. For example:
<mapping> <key>weblogic</key> <map> <id>Maximum Currency Adjustment Amount</id> <key>4</key> </map> ... <desc>Obligation mapping for user. If there are multiple users for which obligation has to be mapped replicate the mapping section change the key to the username to which obligation is required. Also edit the obligation values as per requirement. Note that the obligation field that is the id should be as per BillingCare documentation. </desc> </mapping>
-
Change transaction limit values for authorizing users as required. For example, to authorize the WebLogic user to make payment only up to $50, change the maximum payment amount value under the WebLogic key to 50 in the mapping:
<key>weblogic</key> <map> <id>Maximum Payment Amount</id> <key>50</key> </map>
Note:
Do not change the mapping ID for the transaction limit; for example, Maximum Currency Adjustment Amount.
-
(Optional) Add new transaction limits for authorizing users as required. See the discussion about policies on transaction limits in Billing Care Security Guide for the list of transaction limits supported in Billing Care.
-
-
Save and close the file.
Adding Custom Authorization Resources and Actions
To add custom authorization resources and actions:
-
In a text editor, open the myproject/src/java/custom/configurations/CustomConfigurations.xml file, where myproject is the NetBeans IDE project that you created using the sample OPSS manager.
-
Search for the authorizationJSON key in the file:
<keyvals> <key>authorizationJSON</key> <value>[{"extension":null,"resourceName":"SuperUserResource","grantedActions":[],"deniedActions":["ANY"]},...</value> <desc>...</desc> </keyvals> -
Add custom authorization resources and actions in the authorizationJSON key value as required. For example, to authorize the logged in user to view invoices, add the authorize resource and action as shown in the following example:
{"extension":null,"resourceName":"InvoiceImageResource","grantedActions":["View"],"deniedActions":[]}Note:
Ensure that the key value structure is the same.
When you migrate from the Billing Care test installation to the production installation, make sure that the custom resources are added in OPSS.
-
Save and close the file.
See "About Custom Resource Authorization" for more information.
Deploying Customizations
Package and deploy your customizations using one of the methods described in "Using an Exploded Archive during Customization" or "Packaging and Deploying Customizations".