Initial Configuration for Oracle Health Insurance Applications in Oracle WebLogic

Logging Configuration

Oracle Health Insurance uses the Logback library for generating log output. That log output is controlled by a logback.xml file that is referenced in the WebLogic Server configuration. Through the configuration file, the logging level can be controlled as well as the output channels (referred to as 'appenders') for log messages. An example of an output channel for logging is a file.

Predefined Logging Configurations

Oracle Health Insurance applications come bundled with a predefined logback configuration called logback.xml.

This default logging configuration can be used as a starting point and may be altered for specific use cases. Use the -Dlogback.configurationFile Java option in the setDomainEnv script to point to a variant of the logback.xml file, for example:

-Dlogback.configurationFile=production-logback.xml
or
-Dlogback.configurationFile=trace-logback.xml

User Timezone

The timezone can be set using the java parameter user.timezone. Use the -Duser.timezone Java option in the setDomainEnv script to set its value. This setting ensures when any data or time is recorded, it is recorded with this timezone setting.

-Duser.timezone=Australia/Sydney

Set Required Defaults

The application requires default settings for a number of objects. Before default settings can be applied, users must be provisioned in order to access the system. Make sure the following prerequisites are met:

  • Set up users in an external user store like a Directory Server.

  • Provision users for Oracle Health Insurance applications. For this purpose, a Provisioning service is provided.

Set Up a Directory for File Exchange

In a number of scenarios Oracle Health Insurance processes files, for example for the File Import integration points. It is recommended to set up a shared directory structure that can be accessed by any machine that executes the system.

For example:

  • For inbound files: /<MOUNT_POINT>/ohi/transfer/in

  • For outbound or response files: /<MOUNT_POINT>/ohi/transfer/out

These directories can also be made application-specific For additional control.

Authentication, Authorization and User Provisioning

To authenticate and subsequently access an Oracle Health Insurance application, a user needs a user-account in that application. The administration of role-based access rights for the users is handled in Oracle Health Insurance applications as part of their user-account. The User Provisioning supports creating and maintaining user accounts and their access-rights.

Although user accounts are stored in the application, user passwords are not. Oracle Health Insurance delegates authentication to configurable WebLogic Authentication Providers. For more details see User Authentication.

In the authentication process, the user account data that is stored in Oracle Health Insurance is accessed, for example for logging the last time the user successfully logged in to the system.

All pages (other than the login page) and REST APIs are only available to authenticated (and properly authorized) users.

  • JET UI pages: support OAuth2 or the use of Basic Authentication.

  • REST APIs: support OAuth2 or the use of Basic Authentication.

Seeded Users

During installation, two user accounts are seeded in the OHI_USERS table. Their usage is explained in this paragraph.

System User

The installation creates an account for the Internal System User with the following characteristics:

  • ID = 10

  • IND_ACTIVE = Y

  • DISPLAY_NAME = 'Internal System User'

  • LOGIN_NAME = null

This user cannot be used to log in to the application via the UI pages, because the LOGIN_NAME is null. The Internal System User is used for internal processing. For example, records created or updated by an Integration Point, will have CREATED_BY and/or LAST_UPDATED_BY = 10 (the id of the internal system user).

Application Specific Setup User

The installation creates an account for the Internal System User with the following characteristics:

  • ID = 0

  • IND_ACTIVE = Y

  • DISPLAY_NAME = this is configured during the initial installation, through ohi_install.cfg

  • LOGIN_NAME= this is configured during the initial installation, through ohi_install.cfg

Use the Setup User account to provision other user accounts. Before this account can be used it must be available in the user store to which authentication is delegated.

Seeded Access Roles

After the installation new users should be created with appropriate roles assigned to them. For more information on Access Roles and Access Restrictions see the User Access Restriction Model

SETUP_ACCESS_ROLE

The installation assigns the seeded Access Role SETUP_ACCESS_ROLE to the Setup User (login name defined through ohi_install.cfg). This role enables the Setup User to use the Users IP, the accessRoles API and the AccessRoles UI function to further administer roles and users.

ALL_IP_ACCESS_ROLE

The role ALL_IP_ACCESS_ROLE is seeded to give access to all specific RESTful IP web services, that is all access restrictions of type 'HTTP IP'.

Steps to setup a new user with the ALL_IP_ACCESS_ROLE are the same as previously described for the ALL_FUNCTIONS_ACCESS_ROLE.

ALL_API_ACCESS_ROLE

The role ALL_API_ACCESS_ROLE is seeded to give access to all generic RESTful API web services that is all access restrictions of type 'HTTP API'.

Steps to setup a new user with the ALL_API_ACCESS_ROLE are the same as previously described for the ALL_FUNCTIONS_ACCESS_ROLE.

GZip Compression settings

GZip is a content-encoding compression that reduces file size for faster transfer of data over the network. It is recommended to enable GZip for Jet-static resources like Javascript, CSS, and HTML. See WLST or WebLogic console for more details to enable GZip compression for web applications. Following are the recommendations to configure GZip at the domain level:

  • GZIP Compression Min. Content Length: 5120

  • GZIP Compression Content Type: text/html, text/plain, text/js, text/css, text/json, text/javascript