Showing posts with label OracleAS. Show all posts
Showing posts with label OracleAS. Show all posts
Tuesday, June 03, 2008
Adding reCAPTCHA to Oracle SSO - now on sourceforge
Yes, it's time for some house cleaning!
One of my favourite little hacks is how to add reCAPTCHA to Oracle SSO, which I wrote about last year. I've now finally got around to setting it up with its own sourceforge project.
OssoRecaptcha is a demonstration of integrating the CAPTCHA service from recaptcha.org with Oracle Single-Sign-On. It can be used in production OSSO deployments, and also as an example of integrating any 3rd party authentication system with OSSO.
SourceForge.net Logo
One of my favourite little hacks is how to add reCAPTCHA to Oracle SSO, which I wrote about last year. I've now finally got around to setting it up with its own sourceforge project.
OssoRecaptcha is a demonstration of integrating the CAPTCHA service from recaptcha.org with Oracle Single-Sign-On. It can be used in production OSSO deployments, and also as an example of integrating any 3rd party authentication system with OSSO.
SourceForge.net Logo
(追記) (追記ここまで)
Monday, January 07, 2008
Backup your WebCenter Wiki. Yikes!
Previously I wrote about installing Oracle WebCenter Wiki, and also had my 2c worth.
One of the surprises is that it uses file storage by default. Database storage seems to be a work-in-progress (Toplink, hibernate and HSQLDB are all involved somehow), but not a documented option at this point.
Now if you are going to run WebCenter Wiki for real, that means as a dilligent system admin you want to be pretty sure you really understand how the file storage is working so you can have good backup and recovery procedures in place.
The documentation on Backing Up and Restoring Wiki Content sounds straight-forward. Just make a backup of the OC4J_HOME/applications/application_name/owc_wiki/pages folder.
But BEWARE!
Gotcha #1: Don't Forget Your Toothbrush!
A little poking around, and it is clear that this is NOT all you need to backup. I've noted content modifications in at least the following locations also:
So to be sure you haven't left anything behind, I'd suggest you probably want to be backing up the entire OC4J_HOME/applications/application_name/owc_wiki directory structure no matter what the doc says, and practice some restores!
Gotcha #2: Beware of EAR Re-deployments!
If you've worked with OracleAS/OC4J deployment before, and also noticed that the wiki content is stored in the application directory structure, I hope it rang an alarm!
Yes, if you touch or replace the owc_wiki.ear, then say goodbye to your wiki content and pray your backup is good and not too old! OC4J will redeploy the application and give you a nice fresh install, deleting all your wiki content and customisations;-)
I have always had a sneaking suspicion that there can be other circumstances in which OracleAS/OC4J may choose to redeploy an EAR. I can't really substantiate this, but I have had situations in production where EARs are redeployed for no immediately apparent reason.
This is of course very hairy for any non-trivial production deployment. The obvious first step would be to configure wiki content storage to some other location. This isn't documented however, and I'm not sure if its even possible with the product as it is.
So for now, it seems just backup or rsync deep and often, and enjoy the view as you walk the edge of the abyss;-)
WebCenter Wiki Future?
So far, there's no real news on what is planned for WebCenter Wiki in 11g. If you've read my posts, it will come as no surprise that my view is the 10g wiki is far from production-ready.
Which makes the question of what is in store for 11g so interesting. Maybe a significant revamp of the 10g (jzwiki) wiki? Maybe an internally developed replacement based on Content DB or UCM?
Or maybe something completely different? A collegue pointed me to Jive Clearspace today .. "discussions, blogs, files, instant messaging, and wiki documents under one unified umbrella" .. and since Oracle already have Jive Forums integrated in WebCenter it raises interesting possibilities!
One of the surprises is that it uses file storage by default. Database storage seems to be a work-in-progress (Toplink, hibernate and HSQLDB are all involved somehow), but not a documented option at this point.
Now if you are going to run WebCenter Wiki for real, that means as a dilligent system admin you want to be pretty sure you really understand how the file storage is working so you can have good backup and recovery procedures in place.
The documentation on Backing Up and Restoring Wiki Content sounds straight-forward. Just make a backup of the OC4J_HOME/applications/application_name/owc_wiki/pages folder.
But BEWARE!
Gotcha #1: Don't Forget Your Toothbrush!
A little poking around, and it is clear that this is NOT all you need to backup. I've noted content modifications in at least the following locations also:
OC4J_HOME/applications/application_name/owc_wiki/attachments [any uploaded attachments]The jzwiki backup/restore instructions also tell you to backup WEB-INF/classes/yawikiDB.script (WebCenter wiki is based on jzwiki)
OC4J_HOME/applications/application_name/owc_wiki/templates [added/changed page templates]
So to be sure you haven't left anything behind, I'd suggest you probably want to be backing up the entire OC4J_HOME/applications/application_name/owc_wiki directory structure no matter what the doc says, and practice some restores!
Gotcha #2: Beware of EAR Re-deployments!
If you've worked with OracleAS/OC4J deployment before, and also noticed that the wiki content is stored in the application directory structure, I hope it rang an alarm!
Yes, if you touch or replace the owc_wiki.ear, then say goodbye to your wiki content and pray your backup is good and not too old! OC4J will redeploy the application and give you a nice fresh install, deleting all your wiki content and customisations;-)
I have always had a sneaking suspicion that there can be other circumstances in which OracleAS/OC4J may choose to redeploy an EAR. I can't really substantiate this, but I have had situations in production where EARs are redeployed for no immediately apparent reason.
This is of course very hairy for any non-trivial production deployment. The obvious first step would be to configure wiki content storage to some other location. This isn't documented however, and I'm not sure if its even possible with the product as it is.
So for now, it seems just backup or rsync deep and often, and enjoy the view as you walk the edge of the abyss;-)
WebCenter Wiki Future?
So far, there's no real news on what is planned for WebCenter Wiki in 11g. If you've read my posts, it will come as no surprise that my view is the 10g wiki is far from production-ready.
Which makes the question of what is in store for 11g so interesting. Maybe a significant revamp of the 10g (jzwiki) wiki? Maybe an internally developed replacement based on Content DB or UCM?
Or maybe something completely different? A collegue pointed me to Jive Clearspace today .. "discussions, blogs, files, instant messaging, and wiki documents under one unified umbrella" .. and since Oracle already have Jive Forums integrated in WebCenter it raises interesting possibilities!
(追記) (追記ここまで)
Monday, December 17, 2007
WebCenter - First Thoughts. WATCH/HOLD
I just posted about installing Oracle WebCenter Wiki. So what do I think?
The current release of Oracle WebCenter is 10.1.3, and presents the first attempt at providing a Web 2.0 platform incorporating a (development) framework, integrated Services, and mobility ("WebCenter Anywhere"). The roadmap for 11g emphasises features focused on improving a developer’s productivity.
Having spent a bit of time going beyond the powerpoints and whitepapers, I guess I would emphasise the "..first attempt.." in the statement above. There are concerns I have about the product mission, the egregious approach to Open Source project integration, and a work-in-progress information architecture. While I'll be closely following Oracle's progress with WebCenter, my personal view is that a cautious "watch/hold" position is prudent.
The first reactions to WebCenter typically concerned it's positioning with respect to Oracle Portal. After many repetitions, I think Oracle have managed to get the message through that there's a distinct value prop for Portal (classic, monolithic Enterprise Portal) and WebCenter (platform and services for a loosly-coupled "Web 2.0" user experience).
However when it comes to WebCenter itself, there's still tension in the 10.1.3 version between two very different audiences/usages it targets.
Firstly, there's the developer audience. There's great emphasis by Oracle on WebCenter as a development framework in the whitepapers and podcasts (e.g. a great interview between Justin and Vince Casarez on Oracle Fusion Middleware Radio).
The catch is that at present developers are well served with JDeveloper and associated developer downloads. WebCenter's attraction seems mainly as a licence bundle of pre-existing Oracle products like Secure Enterprise Search, Content Database and the Mobility Server. There's nothing very Web 2.0 about all that, except that taken altogether, developers certainly could build Web 2.0-style.
In a wild daydream, you may have hoped WebCenter would be to Java what Rails is to Ruby. An opinionated, highly productive, pre-integrated framework. For now I'm afraid you will be disappointed.
The second audience I refer to is the IT Operations/Business audience. These are the people who don't expect to be coding, but want a quick Web 2.0 jumpstart for their enterprise. They don't have the time or inclination to take on the job of investigating, integrating and maintaining a hodge-podge of all the possible open source options. Basically they just want to install it, and are happy to pay for the convenience.
In other words, hoping that WebCenter is to Web 2.0 out-of-the-box experience what Astaro is to security appliances. Again, I'm afraid you would be disappointed for now. The 11g roadmap does include an out-of-the-box application to enable self-service community creation and management.
I guess my problem at this point is that I'm not convinced that Oracle have really decided where to take this. The development focus is clear, but it is not clear at all how much will end up being "only available WebCenter" - one could easily imagine WebCenter ending up as just a licensing artifact, with all the framework technology also available separately. And on the other hand, I have real concerns over the commitment to WebCenter becoming a killer "Web 2.0 appliance".
Personally I think Oracle may have misjudged the market on this. Of the 20 or so people I have had casual WebCenter discussion with, all bar two were just after a blog/wiki/discussions platform to install. That's hardly representative, but I have a feeling Oracle would be more succesful in the market if they just focused on delivering the "appliance", with all the supporting framework rolled into the JDeveloper/OracleAS/ADF base.
As it seems to be going, I wouldn't mind betting the primary audience for WebCenter will turn out to be Oracle's own Fusion Applications development team, with most customers just adopting it as a result of their Applications investment.
I am actually much more concerned about the approach Oracle have taken to integrate 3rd party open source components into the WebCenter Services layer.
Take the "standards-based, open-source wiki server that is included with Oracle WebCenter" for example (words from the 10.1.3.2 Technical whitepaper).
Oracle chose yawiki/jzwiki for their wiki component, and it certainly was (at least partially) an open source project. But in WebCenter, we seem to be dealing with a forked and closed source version. My concerns:
So I guess you could say I was underwhelmed. From a practical perspective of a wiki implementer, there seems to be little upside in chosing to go with WebCenter wiki over its true open source father, yawiki, or others such as xwiki. But some big downsides to consider.
I'd much prefer see Oracle take a very different tack with the integration of "open source" components into WebCenter.
The WebCenter whitepapers repeatedly mention phrases like "key technologies such as wiki, RSS, and blogs". The Datasheet still specifically claims WebCenter has a "wiki/blog server for collaborative authoring of documents and sharing of ideas".
Wiki - got, despite concerns already discussed. RSS - some, but not in all places that it counts (like the wiki!). But blog? It's MIA!
I have a sneaking suspicion that this is because yawiki used to have a blog capability, but the project team wanted to rethink the approach and dropped it. It is now in the planned feature list;-)
OK, these things happen. But in the WebCenter 11g roadmap, Oracle seem to have defined blogs out of existence - at least in terms of their relevance for the "Enterprise"! Was this to gloss over the missing blog feature in yawiki? Or is there a real belief that blogging is not part of the Enterprise 2.0 model? I'm not sure which view concerns me most!
Blog? blog? Where's the blog support?
It is even more curious when you consider (as Bex Huff recently reminded us) Oracle Universal Content Management has Blogs, Wikis, and RSS Feeds. And the roadmap for WebCenter 11g has UCM replacing Content DB.
I've presented some pretty frank views on WebCenter after my "first look". Take my comments with a grain of salt though. I have not investigated the framework developer experience in detail yet. But I would say that Oracle has a lot riding on the 11g release. I hope they make it a more "opinionated" and cohesive release and get to knock down some of my concerns.
The current release of Oracle WebCenter is 10.1.3, and presents the first attempt at providing a Web 2.0 platform incorporating a (development) framework, integrated Services, and mobility ("WebCenter Anywhere"). The roadmap for 11g emphasises features focused on improving a developer’s productivity.
Having spent a bit of time going beyond the powerpoints and whitepapers, I guess I would emphasise the "..first attempt.." in the statement above. There are concerns I have about the product mission, the egregious approach to Open Source project integration, and a work-in-progress information architecture. While I'll be closely following Oracle's progress with WebCenter, my personal view is that a cautious "watch/hold" position is prudent.
WebCenter as an out-of-the-box Web 2.0 Experience?
The first reactions to WebCenter typically concerned it's positioning with respect to Oracle Portal. After many repetitions, I think Oracle have managed to get the message through that there's a distinct value prop for Portal (classic, monolithic Enterprise Portal) and WebCenter (platform and services for a loosly-coupled "Web 2.0" user experience).
However when it comes to WebCenter itself, there's still tension in the 10.1.3 version between two very different audiences/usages it targets.
Firstly, there's the developer audience. There's great emphasis by Oracle on WebCenter as a development framework in the whitepapers and podcasts (e.g. a great interview between Justin and Vince Casarez on Oracle Fusion Middleware Radio).
Oracle WebCenter injects new capabilities into the standard JavaServer Faces development environment to allow developers to create context-rich applications that satisfy these needs.
The catch is that at present developers are well served with JDeveloper and associated developer downloads. WebCenter's attraction seems mainly as a licence bundle of pre-existing Oracle products like Secure Enterprise Search, Content Database and the Mobility Server. There's nothing very Web 2.0 about all that, except that taken altogether, developers certainly could build Web 2.0-style.
In a wild daydream, you may have hoped WebCenter would be to Java what Rails is to Ruby. An opinionated, highly productive, pre-integrated framework. For now I'm afraid you will be disappointed.
The second audience I refer to is the IT Operations/Business audience. These are the people who don't expect to be coding, but want a quick Web 2.0 jumpstart for their enterprise. They don't have the time or inclination to take on the job of investigating, integrating and maintaining a hodge-podge of all the possible open source options. Basically they just want to install it, and are happy to pay for the convenience.
In other words, hoping that WebCenter is to Web 2.0 out-of-the-box experience what Astaro is to security appliances. Again, I'm afraid you would be disappointed for now. The 11g roadmap does include an out-of-the-box application to enable self-service community creation and management.
I guess my problem at this point is that I'm not convinced that Oracle have really decided where to take this. The development focus is clear, but it is not clear at all how much will end up being "only available WebCenter" - one could easily imagine WebCenter ending up as just a licensing artifact, with all the framework technology also available separately. And on the other hand, I have real concerns over the commitment to WebCenter becoming a killer "Web 2.0 appliance".
Personally I think Oracle may have misjudged the market on this. Of the 20 or so people I have had casual WebCenter discussion with, all bar two were just after a blog/wiki/discussions platform to install. That's hardly representative, but I have a feeling Oracle would be more succesful in the market if they just focused on delivering the "appliance", with all the supporting framework rolled into the JDeveloper/OracleAS/ADF base.
As it seems to be going, I wouldn't mind betting the primary audience for WebCenter will turn out to be Oracle's own Fusion Applications development team, with most customers just adopting it as a result of their Applications investment.
Open Source Closure?
I am actually much more concerned about the approach Oracle have taken to integrate 3rd party open source components into the WebCenter Services layer.
Take the "standards-based, open-source wiki server that is included with Oracle WebCenter" for example (words from the 10.1.3.2 Technical whitepaper).
Oracle chose yawiki/jzwiki for their wiki component, and it certainly was (at least partially) an open source project. But in WebCenter, we seem to be dealing with a forked and closed source version. My concerns:
- Oracle is not shipping source code for the Java classes in owc_wiki.ear
- While some classes are available from the yawiki project, Oracle have made enhancements (I suspect the main cases being the controller to incorporate AdfAuthentiation; JSR-168 and WSRP portlet support). These are not provided as open source.
- yawiki includes some packages (like jZonic-web.jar which contains the main controller framework) which are purportedly open source, but for which there seems to be no source code available on the Internet [Postscript: I take this back having since discovered that the source of jzonic-web.jar is from the femto module in the jZonic framework]
- The version of the wiki in WebCenter has been forked from yawiki. There is no procedure provided to merge the yawiki main line. WebCenter wiki users seem to be completely dependent on Oracle to merge enhancements in yawiki into WebCenter updates. Or not.
- There are already enhancements in yawiki that are not available in WebCenter (e.g. TagClouds, RSS feeds of page changes). And no procedure for adopting these enhancements.
- The WebCenter wiki seems to only be supporting the file-based HSQLDB (see backup/restore procedures for example), despite the fact that yawiki has or promised relational database support - even Oracle!
- Despite the customisation that Oracle have done to yawiki, there's currently no integration the content database component in WebCenter for content storage or tagging.
So I guess you could say I was underwhelmed. From a practical perspective of a wiki implementer, there seems to be little upside in chosing to go with WebCenter wiki over its true open source father, yawiki, or others such as xwiki. But some big downsides to consider.
I'd much prefer see Oracle take a very different tack with the integration of "open source" components into WebCenter.
- Ship mainline version of the open source project (don't close the source)
- Provide Oracle enhancements (for security integration etc) as patches to the open source project. Do not combine a version of the open source project with Oracle-written customisations, and ship as "closed source".
- Where possible, contribute the "WebCenter" patch to the open source project so that it can be maintained in sync with that project.
- Ideally, reach as many projects in the same category as possible (i.e. support a few different wikis in WebCenter). A great way to do this would be to encourage the community to do it themselves. Yawiki is OK, but there are certainly some great alternatives out there.
Wherefore art thou, my blog?
The WebCenter whitepapers repeatedly mention phrases like "key technologies such as wiki, RSS, and blogs". The Datasheet still specifically claims WebCenter has a "wiki/blog server for collaborative authoring of documents and sharing of ideas".
Wiki - got, despite concerns already discussed. RSS - some, but not in all places that it counts (like the wiki!). But blog? It's MIA!
I have a sneaking suspicion that this is because yawiki used to have a blog capability, but the project team wanted to rethink the approach and dropped it. It is now in the planned feature list;-)
OK, these things happen. But in the WebCenter 11g roadmap, Oracle seem to have defined blogs out of existence - at least in terms of their relevance for the "Enterprise"! Was this to gloss over the missing blog feature in yawiki? Or is there a real belief that blogging is not part of the Enterprise 2.0 model? I'm not sure which view concerns me most!
Blog? blog? Where's the blog support?
It is even more curious when you consider (as Bex Huff recently reminded us) Oracle Universal Content Management has Blogs, Wikis, and RSS Feeds. And the roadmap for WebCenter 11g has UCM replacing Content DB.
Conclusions?
I've presented some pretty frank views on WebCenter after my "first look". Take my comments with a grain of salt though. I have not investigated the framework developer experience in detail yet. But I would say that Oracle has a lot riding on the 11g release. I hope they make it a more "opinionated" and cohesive release and get to knock down some of my concerns.
(追記) (追記ここまで)
Sunday, December 16, 2007
WebCenter Wiki - Up and Running with OC4J 10.1.3
I finally had a chance to sit down with Oracle WebCenter recently, primarily to give the wiki functionality a test drive. I wanted to test in a virgin OC4J 10.1.3.3 container (as opposed to the Preconfigured Standalone OC4J) just to make it interesting and see all the moving parts. As far as I could discover, there's not a great deal of information available on the topic. In this post I'm going to chronical the specific installation procedure I used to get WebCenter Wiki running under OCJ4 10.1.3.3.
This is the end result we're after..
I refered to the following materials for the install:
It can all get a bit confusing, but the following diagram illustrates the installation dependencies
There are four downloads required, all readily available from OTN:
I'm going to document the install steps here in the order I actually executed them. Variations are possible. I'm installing this under Windows XP, but the same applies on other platforms (just switch \ to / and use the appropriate command shell syntax).
1. Get the OC4J container running
To be precise, I am using "Oracle Containers for J2EE (OC4J) 10g Release 3 (10.1.3.3)". I won't cover in detail here. Basically you need to unpack and startup. The only thing you may need to configure are the port settings to avoid conflicts with other services.
2. Install PDK-Java
Details for installing the Oracle Portlet Development Kit are in index.html from the Oracle Portlet Container and PDK-Java 10.1.3.2 download. Assuming we've exploded the download into "G:\pdksoftware", the following performs the installation into the 10.1.3.3 home:
3. Install the Portal Container
From the same kit, we install the Portlet container
4. Install and Test the Sample Portlets
Using Enterprise Manager (http://localhost:8888/em or similar), go to the "Applications" tab and deploy the %PDKPATH%\pdk\jpdk\v2\jpdk.ear.
Once done, you should be able to successfully access the sample providers at http://localhost:8888/jpdk/providers/sample and get a page like the one shown on the right.
5. Install ADF
Explode the Oracle ADF Installer, which uses a silent "runInstaller" to install.
First, you'll need to update the adfinstaller.properties file, paying particular attention to OracleHome, DesHome and type values. This is from my install:
And then run:
java -jar runinstaller.jar adfinstaller.properties
Restart OC4J at this point.
BUT, if you were like me, my container failed to start at this point with Error initializing server: Shared library "adf.oracle.domain" could not be found..
Annoying, but no panic. Edit ORACLE_HOME/j2ee/home/config/server.xml, re-order the shared library entry for "adf.oracle.domain" (I moved it to just after the "oracle.persistence" shared library) and try to startup again.
NB: after getting to this point, I find my OC4J does not completely shutdown after issuing a shutdown request via RMI %ORACLE_HOME%\bin\oc4j -shutdown -port %RMIPORT% -password %adminpwd%. Leaving that problem for another day.. :sigh:
6. Install Oracle Wiki (finally)
Using Enterprise Manager (http://localhost:8888/em or similar), deploy the owc_wiki.ear from the Oracle WebCenter Additional Services CD
7. Configuring Security
If you try and hit the wiki now (http://localhost:8888/owc_wiki) you will probably get a 500 error because security is not started or configured.
For this test, I'm just going to use the out-of-the-box Java SSO File-Based Security Provider.
In EM, startup the Java SSO application (look under the application group "Middleware Services> Other Services"). If you try and access the wiki now, you should see a login form but get an error when you submit because we need to generate the Symmetric Key. Every time I go to do this, following the Java SSO documentation, I struggle to find the right link in EM.
To be clear, in 10.1.3 look for "SSO Configuration" on the Administration tab of the OC4J container (below). Go to the page, make sure "Generate new symmetric key" is checked, select your key type, and click "Apply". You will be prompted to restart OC4J.
Browse to the wiki again and we have .. Success!
8. Adding users
Remember we're using the JAZN XML security provider rather than OID or other directory. Andreas had a nice post recently on how to Add a user to the JavaSSO, and that's what I need to do to add a personal account for myself..
JAZN is a bit dumb compared to using a real directory, so you need to restart OC4J again to pick up the new credentials.
And there we go. Oracle Wiki up and running in OC4J. Just 8 "simple" steps;-)
This is the end result we're after..
Documentation and Downloads
The documentation for WebCenter Wiki is a little obscure when it comes to installing in a "plain" OC4J container. It turns out to be pretty straight-forward, but just as mc said in the forums recently: "Oracle documentation just make it look difficult"!I refered to the following materials for the install:
- The installation documentation for Oracle WebCenter Wiki is actually found in the Oracle WebCenter Framework Developer's Guide.
- Splice in the instructions from 3.3 Enabling Oracle SOA Suite or a Standalone OC4J for WebCenter Applications
- Which points to Portlet Development Resources and Downloads for the additional portlet and ADF configuration required to prepare the OC4J container for WebCenter.
- Finally, the Java SSO configuration (which is supported by Oracle Wiki using AdfAuthentication)
It can all get a bit confusing, but the following diagram illustrates the installation dependencies
There are four downloads required, all readily available from OTN:
- OC4J 10.1.3.3 container
- Oracle WebCenter Additional Services CD
- Oracle Portlet Container and PDK-Java 10.1.3.2
- Oracle ADF Installer
Installation Procedure
I'm going to document the install steps here in the order I actually executed them. Variations are possible. I'm installing this under Windows XP, but the same applies on other platforms (just switch \ to / and use the appropriate command shell syntax).
1. Get the OC4J container running
To be precise, I am using "Oracle Containers for J2EE (OC4J) 10g Release 3 (10.1.3.3)". I won't cover in detail here. Basically you need to unpack and startup. The only thing you may need to configure are the port settings to avoid conflicts with other services.
2. Install PDK-Java
Details for installing the Oracle Portlet Development Kit are in index.html from the Oracle Portlet Container and PDK-Java 10.1.3.2 download. Assuming we've exploded the download into "G:\pdksoftware", the following performs the installation into the 10.1.3.3 home:
set ORACLE_HOME=G:\MyCache\oc4j_extended_101330
set J2EE_HOME=%ORACLE_HOME%\j2ee\home
set JAVA_HOME=C:\bin\jdk1.6.0_03
set PDKPATH=G:\pdksoftware
%JAVA_HOME%\bin\java -jar -classpath %ORACLE_HOME%\lib\xmlparserv2.jar -jar %PDKPATH%\pdk\jpdk\v2\pdkinstaller.jar %J2EE_HOME%
3. Install the Portal Container
From the same kit, we install the Portlet container
set ORACLE_HOME=G:\MyCache\oc4j_extended_101330
set J2EE_HOME=%ORACLE_HOME%\j2ee\home
set JAVA_HOME=C:\bin\jdk1.6.0_03
set PDKPATH=G:\pdksoftware
%JAVA_HOME%\bin\java -jar %PDKPATH%\pdk\portlet-container\portlet-server-install.jar %J2EE_HOME%
4. Install and Test the Sample Portlets
Using Enterprise Manager (http://localhost:8888/em or similar), go to the "Applications" tab and deploy the %PDKPATH%\pdk\jpdk\v2\jpdk.ear.
Once done, you should be able to successfully access the sample providers at http://localhost:8888/jpdk/providers/sample and get a page like the one shown on the right.
5. Install ADF
Explode the Oracle ADF Installer, which uses a silent "runInstaller" to install.
First, you'll need to update the adfinstaller.properties file, paying particular attention to OracleHome, DesHome and type values. This is from my install:
# The absolute path to the directory containing the ADF jars to be installed.
# This is the location of the directory where you unzipped the adfinsatller.zip
OracleHome = G:\\Sources\\incoming\\www.oracle.com\\OracleAS\\ADF\\adfinstaller
# Home directory for the destination application server,
# where the ADF Jars need to be installed
DesHome = G:\\MyCache\\oc4j_extended_101330
# Specify the platform for the Application Server where the ADF libraries need
# to be installed. This has to be one of the following choices.
# OC4J/AS/TOMCAT/JBOSS/WEBLOGIC
type = OC4J
And then run:
java -jar runinstaller.jar adfinstaller.properties
Restart OC4J at this point.
BUT, if you were like me, my container failed to start at this point with Error initializing server: Shared library "adf.oracle.domain" could not be found..
Annoying, but no panic. Edit ORACLE_HOME/j2ee/home/config/server.xml, re-order the shared library entry for "adf.oracle.domain" (I moved it to just after the "oracle.persistence" shared library) and try to startup again.
NB: after getting to this point, I find my OC4J does not completely shutdown after issuing a shutdown request via RMI %ORACLE_HOME%\bin\oc4j -shutdown -port %RMIPORT% -password %adminpwd%. Leaving that problem for another day.. :sigh:
6. Install Oracle Wiki (finally)
Using Enterprise Manager (http://localhost:8888/em or similar), deploy the owc_wiki.ear from the Oracle WebCenter Additional Services CD
7. Configuring Security
If you try and hit the wiki now (http://localhost:8888/owc_wiki) you will probably get a 500 error because security is not started or configured.
For this test, I'm just going to use the out-of-the-box Java SSO File-Based Security Provider.
In EM, startup the Java SSO application (look under the application group "Middleware Services> Other Services"). If you try and access the wiki now, you should see a login form but get an error when you submit because we need to generate the Symmetric Key. Every time I go to do this, following the Java SSO documentation, I struggle to find the right link in EM.
To be clear, in 10.1.3 look for "SSO Configuration" on the Administration tab of the OC4J container (below). Go to the page, make sure "Generate new symmetric key" is checked, select your key type, and click "Apply". You will be prompted to restart OC4J.
Browse to the wiki again and we have .. Success!
8. Adding users
Remember we're using the JAZN XML security provider rather than OID or other directory. Andreas had a nice post recently on how to Add a user to the JavaSSO, and that's what I need to do to add a personal account for myself..
set ORACLE_HOME=G:\MyCache\oc4j_extended_101330
set J2EE_HOME=%ORACLE_HOME%\j2ee\home
set JAVA_HOME=C:\bin\jdk1.6.0_03
%JAVA_HOME%\bin\java -jar %J2EE_HOME%\jazn.jar -adduser jazn.com paul password1
%JAVA_HOME%\bin\java -jar %J2EE_HOME%\jazn.jar -grantrole users jazn.com paul
JAZN is a bit dumb compared to using a real directory, so you need to restart OC4J again to pick up the new credentials.
And there we go. Oracle Wiki up and running in OC4J. Just 8 "simple" steps;-)
Wednesday, November 14, 2007
Rejoining the Oracle Social Mix
To the AppsLab team - a big thank you! As I mentioned in my last post, I'm now ex-Oracle, and one of the transition pains was cutting myself off from the internal Oracle Connect social networking site. But no sooner do I leave, and they graciously launch Oracle Mix - which is basically the combination of the IdeasFactory and Connect, but now open to the world. Yes!
I hope this is only the beginning, and we see some rapid development of the site into a premier channel for the Oracle community. I imagine a great deal of the effort in the 5-6 week development period went into integrating and refactoring the AppsLab code, and porting to the Oracle AS + jruby environment, so I'll be gentle with my comments for now;-)
I guess the main nudge I'd like to give the team would be to think a bit more about the idea generation/innovation process and adapt the site to suit. To be frank, I was getting a little disillusioned by the IdeaFactory because it was turning into a dumping ground - literally thousands of ideas going in, but little sight of what benefit was coming out.
Good ideas are hard to find - Scott Berkun does a grand job of demolishing this falsehood in The Myths of Innovation (required reading I would recommend for anyone working on "innovation tools"). The implication being that there should be no surprise in Oracle Mix attracting many great ideas, but more important is what happens next..
Do they get adopted by an Idea Angel to champion the cause? Do they get the protection and attention to make the transition from Idea to Innovation?
And perhaps even more significantly, how will the community learn about "Ideas that make it"? This will be critical to stimulate a virtuous feedback cycle that encourages people to submit more ideas because they can see it is worthwhile.
Dell included this critical ingredient for their IdeaStorm site in the simplest of ways .. Ideas in Action is just a blog of stories about how they have adopted and implemented ideas submitted and voted by their users:
I guess there are a few other points I could get cranky about, like some minor usability issues, and the bad policy of only allowing full features to users with "verified customer emails" (Dell's IdeaStorm doesn't). But I'll lay off for now, because overall I think the AppsLab team have made a fantastic start and I want to give them every encouragement to keep hammering away at this stuff!
Oracle Mix is truely a breath of fresh air!
NB: See Paul and Rich's launch announcements.
I hope this is only the beginning, and we see some rapid development of the site into a premier channel for the Oracle community. I imagine a great deal of the effort in the 5-6 week development period went into integrating and refactoring the AppsLab code, and porting to the Oracle AS + jruby environment, so I'll be gentle with my comments for now;-)
I guess the main nudge I'd like to give the team would be to think a bit more about the idea generation/innovation process and adapt the site to suit. To be frank, I was getting a little disillusioned by the IdeaFactory because it was turning into a dumping ground - literally thousands of ideas going in, but little sight of what benefit was coming out.
Good ideas are hard to find - Scott Berkun does a grand job of demolishing this falsehood in The Myths of Innovation (required reading I would recommend for anyone working on "innovation tools"). The implication being that there should be no surprise in Oracle Mix attracting many great ideas, but more important is what happens next..
Do they get adopted by an Idea Angel to champion the cause? Do they get the protection and attention to make the transition from Idea to Innovation?
And perhaps even more significantly, how will the community learn about "Ideas that make it"? This will be critical to stimulate a virtuous feedback cycle that encourages people to submit more ideas because they can see it is worthwhile.
Dell included this critical ingredient for their IdeaStorm site in the simplest of ways .. Ideas in Action is just a blog of stories about how they have adopted and implemented ideas submitted and voted by their users:
I guess there are a few other points I could get cranky about, like some minor usability issues, and the bad policy of only allowing full features to users with "verified customer emails" (Dell's IdeaStorm doesn't). But I'll lay off for now, because overall I think the AppsLab team have made a fantastic start and I want to give them every encouragement to keep hammering away at this stuff!
Oracle Mix is truely a breath of fresh air!
NB: See Paul and Rich's launch announcements.
Sunday, September 02, 2007
Adding reCAPTCHA to Oracle SSO
I've blogged previously about playing with the reCAPTCHA service in Perl. Seriously cool! Not because it's foolproof - it isn't - but the side-effect of helping to digitize old documents and books is a truely great idea.
I'm starting to see reCAPTCHA more often now. Bex Huff put it in his comment form, and blogged about it (though I can't find his posting anymore. Update: link from Bex, thanks!). But I haven't seen it used with Oracle SSO yet ... sounds like an interesting weekend project!
So I had a poke around, and like to share the solution. Although I am going to integrate the recaptcha service, you could use the same approach to add any 2nd or 3rd factor to the SSO authentication process. End result is the reCAPTCHA appearing and working in the Oracle SSO login page. The sample here is based on the Oracle Collaboration Suite 10g branding:
The sources for my example are available as OssoRecaptcha-1.0-src.zip. See readme.txt in the zip for more detailed instructions and discussion.
There are basically two things we need to take care of to integrate reCAPTCHA. First, customise the login page to render the captcha challenge. Secondly, we need to insert a custom authenticator to handle the captcha validation before the standard authentication.
I've used the ReCaptcha Java Library released by Tanesha Networks to simplify things.
Customising the Login Page
This is the simplest part, and pretty well documented in "Creating deployment-specific pages".
The following code renders the captcha challenge and just needs to be included in the login page at an appropriate point.
Customising SSO Authentication
We have a simple task: intercept and evaluate the catpcha response before allowing standard SSO authentiation to proceed. Simple, yet not exactly documented unfortunately. The documentation for "Integrating with Third-Party Access Management Systems" is almost what we need to do, but not quite.
The approach I have taken is to sub-class the standard authenticator (oracle.security.sso.server.auth.SSOServerAuth) rather than just implement an IPASAuthInterface plug-in.
The only method of significance is "authenticate", where if the captcha response is present, we evaluate it prior to handing off to the standard authentication.
Deployment
The most robust approach to deployment is to explode, modify and the rebuild the OC4J_SECURITY EAR file ($ORACLE_HOME/sso/lib/ossosvr.ear) once you are confident everything is working fine. I haven't covered how you do that here however.
Rather, I'm deploying the sample directly into an existing OC4J_SECURITY container. Note that with this approach, if you ever redeploy the OC4J_SECURITY application (which can happen during an upgrade or patch for example), then your changes
would be destroyed.
There's an Ant build script included in the sample that takes care of the details, but is pretty straightforward...
Firstly, two copy operations:
Postscript: Patrick Wolf obviously had a weekend free also, and has now posted a solution for adding reCATPCHA to APEX ;-) Cool!
Postscript 2008年06月03日: I finally got around to setting this up with its own sourceforge project.
I'm starting to see reCAPTCHA more often now. Bex Huff put it in his comment form, and blogged about it (though I can't find his posting anymore. Update: link from Bex, thanks!). But I haven't seen it used with Oracle SSO yet ... sounds like an interesting weekend project!
So I had a poke around, and like to share the solution. Although I am going to integrate the recaptcha service, you could use the same approach to add any 2nd or 3rd factor to the SSO authentication process. End result is the reCAPTCHA appearing and working in the Oracle SSO login page. The sample here is based on the Oracle Collaboration Suite 10g branding:
The sources for my example are available as OssoRecaptcha-1.0-src.zip. See readme.txt in the zip for more detailed instructions and discussion.
There are basically two things we need to take care of to integrate reCAPTCHA. First, customise the login page to render the captcha challenge. Secondly, we need to insert a custom authenticator to handle the captcha validation before the standard authentication.
I've used the ReCaptcha Java Library released by Tanesha Networks to simplify things.
Customising the Login Page
This is the simplest part, and pretty well documented in "Creating deployment-specific pages".
The following code renders the captcha challenge and just needs to be included in the login page at an appropriate point.
<%RecaptchaConf is a class included in the sample to hold your site-specific reCAPTCHA keys that you can easily get by registering at http://recaptcha.org.
// create recaptcha
ReCaptcha captcha = ReCaptchaFactory.newReCaptcha(RecaptchaConf.RECAPTCHA_PUBLIC_KEY, RecaptchaConf.RECAPTCHA_PRIVATE_KEY, false);
String captchaScript = captcha.createRecaptchaHtml(request.getParameter("error"), null);
out.print(captchaScript);
%>
Customising SSO Authentication
We have a simple task: intercept and evaluate the catpcha response before allowing standard SSO authentiation to proceed. Simple, yet not exactly documented unfortunately. The documentation for "Integrating with Third-Party Access Management Systems" is almost what we need to do, but not quite.
The approach I have taken is to sub-class the standard authenticator (oracle.security.sso.server.auth.SSOServerAuth) rather than just implement an IPASAuthInterface plug-in.
The only method of significance is "authenticate", where if the captcha response is present, we evaluate it prior to handing off to the standard authentication.
public IPASUserInfo authenticate(HttpServletRequest request)A couple of things to note:
throws IPASAuthException, IPASInsufficientCredException
{
SSODebug.print(SSODebug.INFO, "Processing OssoRecaptchaAuthenticator.authenticate for " + request.getRemoteAddr());
if (request.getParameter("recaptcha_challenge_field") == null) {
throw new IPASInsufficientCredException("");
} else {
// create recaptcha and test response before calling auth chain
ReCaptcha captcha = ReCaptchaFactory.newReCaptcha(RecaptchaConf.RECAPTCHA_PUBLIC_KEY, RecaptchaConf.RECAPTCHA_PRIVATE_KEY, false);
ReCaptchaResponse captcharesp = captcha.checkAnswer(request.getRemoteAddr(),
request.getParameter("recaptcha_challenge_field"),
request.getParameter("recaptcha_response_field"));
SSODebug.print(SSODebug.INFO, "ReCaptcha response errors = " + captcharesp.getErrorMessage());
if (!captcharesp.isValid()) {
throw new IPASAuthException(captcharesp.getErrorMessage());
}
return super.authenticate(request);
}
}
- This method is first called prior to the login challenge to see if you are already authenticated, hence the check for a captcha response before boldly going ahead to authenticate
- The specific exception messages raised in this class seem to get "lost" by the time the handler returns to the login page (at which point you always seem to have a generic failure message). In other words, users will basically just get told to try again. I haven't found a way around this yet.
- See the example usage of SSODebug to log messages which will appear in the SSO log (as configured in ORACLE_HOME/sso/conf/policy.properties)
- We'll deploy the custom class into the OC4J_SECURITY container, rather than to $ORACLE_HOME/sso/plugins since it seems plugins get a limited environment that does not include all of the required support classes. Deploying to OC4J_SECURITY avoids this problem.
Deployment
The most robust approach to deployment is to explode, modify and the rebuild the OC4J_SECURITY EAR file ($ORACLE_HOME/sso/lib/ossosvr.ear) once you are confident everything is working fine. I haven't covered how you do that here however.
Rather, I'm deploying the sample directly into an existing OC4J_SECURITY container. Note that with this approach, if you ever redeploy the OC4J_SECURITY application (which can happen during an upgrade or patch for example), then your changes
would be destroyed.
There's an Ant build script included in the sample that takes care of the details, but is pretty straightforward...
Firstly, two copy operations:
- Copy the login page to $ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/
- Copy the supporting jar files to $ORACLE_HOME/j2ee/OC4J_SECURITY/applications/sso/web/WEB-INF/lib/
MediumSecurity_AuthPlugin = oracle.security.sso.server.auth.SSOServerAuthFinally, we are ready to restart the OC4J_SECURITY container
# replaced with:
MediumSecurity_AuthPlugin = com.urion.captcha.OssoRecaptchaAuthenticator
opmnctl restartproc process-type=OC4J_SECURITYand test out the customised login. Try...
http://you.site:port/oiddasGive it a go! Love to hear from anyone who deploys reCAPTCHA on a production Oracle Portal or Applications site for example.
Postscript: Patrick Wolf obviously had a weekend free also, and has now posted a solution for adding reCATPCHA to APEX ;-) Cool!
Postscript 2008年06月03日: I finally got around to setting this up with its own sourceforge project.
Subscribe to:
Comments (Atom)