Initial Configuration for Oracle Health Insurance Applications in Oracle WebLogic
Logging Configuration
Oracle Health Insurance uses the Logback library to generate log output.
That log output is controlled by a logback.xml file referenced in the
WebLogic Server configuration.
Through the configuration file, you can control the logging level and the output channels (referred to as "appenders") for log messages.
An example of an output channel for logging is a file.
Predefined Logging Configurations
Oracle Health Insurance applications include a predefined Logback configuration called logback.xml.
This default logging configuration can be used as a starting point and modified for specific use cases.
Use the -Dlogback.configurationFile Java option in the setDomainEnv script to point to a variant of the logback.xml file. For example:
-Dlogback.configurationFile=production-logback.xml or -Dlogback.configurationFile=trace-logback.xml
For more information, see Logging and Auditing Operations and Logging to a Central Database.
User Time Zone
The time zone can be set using the user.timezone Java parameter.
Use the -Duser.timezone Java option in the setDomainEnv script to set its value.
This setting ensures that when any date or time is recorded, it is recorded with this
time zone setting.
-Duser.timezone=Australia/Sydney
Set Required Defaults
The application requires default settings for a number of objects. Before default settings can be applied, users must be provisioned to access the system. Make sure the following prerequisites are met:
-
Set up users in an external user store, such as a directory server.
-
Provision users for Oracle Health Insurance applications. For this purpose, a Provisioning Service is provided.
Set Up a Directory for File Exchange
In a number of scenarios, Oracle Health Insurance processes files, for example, for the File Import integration points. It is recommended to set up a shared directory structure that can be accessed by any machine that runs the system.
For example:
-
For inbound files:
/<MOUNT_POINT>/ohi/transfer/in -
For outbound or response files:
/<MOUNT_POINT>/ohi/transfer/out
These directories can also be made application-specific for additional control.
Authentication, Authorization, and User Provisioning
To authenticate and subsequently access an Oracle Health Insurance application, a user needs a user account in that application. The administration of role-based access rights for users is handled in Oracle Health Insurance applications as part of their user account. The User Provisioning page supports creating and maintaining user accounts and their access rights.
Although user accounts are stored in the application, user passwords are not. Oracle Health Insurance delegates authentication to configurable WebLogic Authentication Providers. For more details, see User Authentication.
In the authentication process, the user account data that is stored in Oracle Health Insurance is accessed, for example, to log the last time the user successfully logged in to the system.
All pages (other than the login page) and REST APIs are available only to authenticated (and properly authorized) users.
-
JET UI pages support OAuth2 or Basic Authentication.
-
REST APIs support OAuth2 or Basic Authentication.
Seeded Users
During installation, two user accounts are seeded in the OHI_USERS table.
Their usage is explained in this section.
System User
The installation creates an account for the Internal System User with the following characteristics:
-
ID = 10
-
IND_ACTIVE = Y
-
DISPLAY_NAME = 'Internal System User'
-
LOGIN_NAME = null
This user cannot be used to log in to the application through the UI pages because LOGIN_NAME is null.
The Internal System User is used for internal processing. For example, records created or updated by an integration point have CREATED_BY and/or LAST_UPDATED_BY = 10 (the ID of the Internal System User).
Application-Specific Setup User
The installation creates an account for the application-specific Setup User with the following characteristics:
-
ID = 0
-
IND_ACTIVE = Y
-
DISPLAY_NAME = configured during the initial installation through
ohi_install.cfg -
LOGIN_NAME = configured during the initial installation through
ohi_install.cfg
Use the Setup User account to provision other user accounts. Before this account can be used, it must be available in the user store to which authentication is delegated.
Seeded Access Roles
After installation, new users should be created with appropriate roles assigned to them. For more information on Access Roles and Access Restrictions, see User Access Restriction Model.
SETUP_ACCESS_ROLE
The installation assigns the seeded access role SETUP_ACCESS_ROLE to the Setup User (LOGIN_NAME defined through ohi_install.cfg).
This role enables the Setup User to use the Users IP, the accessRoles API, the AccessRoles UI (FN0025), the Keyboard Shortcuts UI (CO0021),
and the CO0019 function, which provides access to the resources required to log in to the JET application, to administer roles and users further.
ALL_IP_ACCESS_ROLE
The ALL_IP_ACCESS_ROLE role is seeded to give access to all specific RESTful IP web services; that is, all access restrictions of type HTTP IP.
Set up a new user with the ALL_IP_ACCESS_ROLE in the same way that you assign other access roles.
GZIP Compression Settings
GZIP is a content-encoding compression that reduces file size for faster transfer of data over the network. It is recommended to enable GZIP for JET static resources like JavaScript, CSS, and HTML. See WLST or the WebLogic Remote Console documentation for more details about enabling GZIP compression for web applications. The following settings are recommended to configure GZIP at the domain level:
-
GZIP Compression Min. Content Length: 5120
-
GZIP Compression Content Type:
text/html, text/plain, text/js, text/css, text/json, text/javascript