Friday, June 28, 2013

Handy active directory command line script to set all the user to not expire

dsquery user -startnode "ou=users,dc=train,dc=company,dc=com" -limit 30000 | dsmod user -pwdneverexpires yes

Thursday, June 27, 2013

Web Center: using a custom security provider other than LDAP [custom identity store]

So far everything looks like it will work I am just using the default auth provider and UCM is picking up my groups on login so now to integrate with Web center and use my custom auth provider.

Custom authentication provider is done and I can log in to my content server and application and everything is working. The snag is not of the webcenter custom profile pictures and webcenter goodies are working (it uses the JpsContextFactory etc and that ignores my provider and looks up the default weblogic provider and tries to use that).

I have replaced the identity store with a custom database implementation and everything seems to work [after a LOT of debugging].

Ok so step 1) The custom authentication provider - tons od documentation on how to do this eg: http://docs.oracle.com/cd/E12890_01/ales/docs32/dvspisec/progrmng.htmlhttp://docs.oracle.com/cd/E13222_01/wls/docs81/dvspisec/atn.html so I am not going to rehash this if you want I can post some code but it should not be necessary.

Quick Summary:

1) Create a class that implements javax.security.auth.spi.LoginModule and a ProviderImpl that implements weblogic.security.spi.AuthenticationProviderV2.

2) Create a Authentication provider xml see links for examples

3) Authenticator - I wanted my roles and users to be displayed on the weblogic console and the best way to get this done is via the AuthenticatorImpl. So extend weblogic.management.security.authentication.AuthenticatorImpl and implement the methods also name your CustomAutenticatorImpl the same name as your provider xml with an Impl.java at the end. (so CustomAutenticator.xml becomes CustomAutenticatorImpl).

Step 3) Ant - Ant build also dead simple and well documented but here is the crux:

<java classpath="../../deploy/otheclasses.jar;../../lib/com.bea.core.mbean.maker_1.5.0.0.jar;${oracle.weblogic.security.providers.library};${oracle.jdeveloper.weblogic.library};${oracle.jdeveloper.weblogic.commons.logging.library};${java.home}/../lib/tools.jar"
          classname="weblogic.management.commo.WebLogicMBeanMaker" fork="true"
          failonerror="true" >
      <jvmarg line="-Dfiles=${build_dir} -DMDFDIR=${build_dir} -DMJF=${build_dir}/${providersjar} -DpreserveStubs=true -DcreateStubs=true -DincludeSource=true"/>
</java>

Step 3) Custom Identity Store - this was the hard bit but thanks to this blog http://chintanblog.blogspot.com/2013/01/weblogic-custom-authentication-provider.html everything got a lot easier big thanks you saved me a LOT of time.

I just created my implementation of CustomSecurityProviderPlugin and configured the jps as detailed in the blog and it WORKED! (One note I had to change the following methods in CustomIdentityStore to get everything 100% for my enviroment)

    public oracle.security.idm.SearchResponse searchUsers(oracle.security.idm.SearchParameters p1, java.util.Set p2) {
        List userMap = this.customIdentityRepositoryHelper.searchUsers(p1.getFilter());
        SearchResponse response = createResponse(userMap);
        return response;
    }

    public SearchResponse createResponse(List users) {
        CustomSearchResponse respone = new CustomSearchResponse(this, users, Boolean.TRUE);
        return respone;
    }

    public StoreConfiguration getStoreConfiguration()
        throws IMException {
        return new CustomStoreConfiguration(properties);
    }

Step 4) Installation:
  Copy the authenticator jar to the [wl install]\wlserver_10.3\server\lib\mbeantypes
  Configure your provider as the first in the list and SUFFICIENT
  Configure your default provider as SUFFICIENT
  Copy the Identity Store jar into the classpath for weblogic
  Edit your jps-config.xml  [in YourDomainLocation\config\fmwconfig]

Everything should work now.

INSTALL PROBLEMS

Started with this today first problem installing webcenter on my local machine (with cluster) when starting node manager:

weblogic.nodemanager.common.ConfigException: Native version is enabled but nodem
anager native library could not be loaded

So I had to add a nodemanager.properties file in [wl_install_dir\wlserver_10.3\common\nodemanager] that has the following content

NativeVersionEnabled=false



Server is Running  in Development Mode and Native Library(terminalio) to read the password securely from commandline is not found.

Put the following in JAVA_OPTIONS in setDomain (just running locally so this should be ok and dont want to waste time looking for  terminalio)

-Dweblogic.management.allowPasswordEcho=true


Created the custom authentication provider: NOTE stop ALL managed servers and admin server before deploying the custom provider to server/lib/mbeantypes then restart. (else you get a weblogic.management.provider.UpdateExceptionThe prepare phase of the configuration update failed with an exception:)



Tuesday, June 11, 2013

Adding a custom attribute WebCenter menu...

Find the schema section in your menu xml --> ie default-navigation-model.xml

Add a descriptor:
    <descriptor shortLabelKey="TITLE.SHORT_PROMPT_KEY" multivalue="false"
                attributeId="NewAtrr" labelKey="TITLE.PROMPT_KEY"
                endUserVisible="true" searchable="true"
                xmlns="http://xmlns.oracle.com/adf/rcs/catalog"/>

Note: you can change the shortLabelKey and labelKey by adding a resourceBundle="..." but that is another post....

Looks a bit like this:
<schema resourceBundle="oracle.adf.rc.attribute.nls.AttributeBundle"
          xmlns="http://xmlns.oracle.com/adf/rcs/catalog">
    <descriptor shortLabelKey="TITLE.SHORT_PROMPT_KEY" multivalue="false"
                attributeId="Title" labelKey="TITLE.PROMPT_KEY"
                endUserVisible="true" searchable="true"
                xmlns="http://xmlns.oracle.com/adf/rcs/catalog"/>


Your new custom attribute is ready to use.

These attributes are accessible (el and programmaticly)

el : #{node.attributes['NewAtrr']}
programmaticly : node.getAttributes.get("NewAtrr");

Tuesday, June 4, 2013

Automated remote deployment of Webcenter ear to our development enviroment



All the usual undeploy / stop start code worked remotely but unfortunately the deploy was not going as planned - I wanted to set the MDS info on deployment so it was time for a new plan.

So this time on our build server would call WLST to deploy our web center app on the development weblogic enviroment.

Wlst commands I used:

Connect
  connect('weblogic','bobsentme', ''t3://remote.wl:7001')

Stop
  shutdown('ManagedServer1', force='true')

Start
  start(start('WC_Cluster', 'Cluster', 't3://remote.wl:7001'));

Deploy
archive = getMDSArchiveConfig(fromLocation='/tmp/pathto.ear')

archive.setAppMetadataRepository(repository='mds-CustomDS', partition='dev_partition', type='DB', jndi='jdbc/mds/CustomDS')");


archive.save()

deploy(appName='OurAppName', path='/tmp/pathto.ear', targets='WC_Cluster', stageMode='stage',   upload='true')

Undeploy
  undeploy('OurAppName')

Disconnect
  disconnect('true')


Scripts: to get the classpath and environment  variables correct I run the wlst.sh command and echo'ed the classpath and JAVA_OPTS and pulled them into my file not elegant but it did work.


Things still to do:

  • Use a secure connection t3s
  • Move from script to use wlst directly
  • Call setWLenv or something to setup the classpath and java opts for me
Something like:
/opt/Oracle/Middleware/wlserver_10.3/server/bin/setWLSEnv.sh
/opt/Oracle/Middleware/oracle_common/common/bin/setHomeDirs.sh
/opt/Oracle/Middleware/oracle_common/common/bin/setWlstEnv.sh