Installing, Configuring, and Launching Oracle Role Manager

Purpose

This OBE tutorial describes and shows you how to install, configure, and launch Oracle Role Manager. This process involves:

  • Preparing a database for Oracle Role Manager
  • Creating accounts for Oracle Role Manager database users
  • Installing Oracle Role Manager
  • Configuring JBoss, the application server to be used with Oracle Role Manager
  • Launching Oracle Role Manager

This OBE tutorial also lists the preinstallation requirements for Oracle Role Manager.

Time to Complete

Approximately 2 hours

Topics

This OBE tutorial covers the following topics:

 Overview
 Scenario
 Prerequisites
 Preparing a Database and Its Users
 Installing Oracle Role Manager
 Configuring JBoss
 Launching Oracle Role Manager
 Summary
 Related Information

Viewing Screenshots

 Place the cursor over this icon to load and view all the screenshots for this tutorial. (Caution: Because this action loads all screenshots simultaneously, response time may be slow depending on your Internet connection.)

Note: Alternatively, you can place the cursor over each individual icon in the following steps to load and view only the screenshot associated with that step.

The screenshots will not reflect the specific environment you are using. They are provided to give you an idea of where to locate specific functionality in Oracle Role Manager.

Overview

Oracle Role Manager is an enterprise-class application for managing business and organizational relationships, roles, and entitlements. An authoritative source for role life-cycle management, it drives automation of role-based provisioning and access control across the IT infrastructure.

Features and benefits of Oracle Role Manager include:

Back to Topic List

Scenario

Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, Linda is responsible for managing business and organizational relationships, roles, and entitlements to resources for users within the company. To perform these tasks, she must install, configure, and launch Oracle Role Manager.

By using Oracle Role Manager, Linda can create and manage roles for users and entitlements these users have for the company's resources. As a result, Linda can manage user roles and entitlements for resources across the enterprise setup of Mydo Main.

Back to Topic List

Prerequisites

Before installing Oracle Role Manager, make sure your system environment meets the following requirements:

Software Requirements

The following products and conditions should apply to your setup:

Hardware Requirements

Item Specification
Processor Type Intel Xeon or Pentium IV
Processor Speed 2.4 GHz or higher
Number of Processors 1 or more (if required)
Memory 2 GB
Hard Disk Space 40 GB (initial size)
Operating System MS Windows 2003 Server with SP1

Back to Topic List

Preparing a Database and Its Users

Linda is ready to complete the following actions:

To prepare the database, Linda must run the create-tablespace.sql script, which creates database tables for Oracle Role Manager. To create the database user accounts, she must run the create-schema-owner.sql and create-app-user.sql scripts. These scripts create accounts for the database owner and application user, and place these accounts in the database tables Linda creates for Oracle Role Manager.

To prepare a database and its users, perform the following steps:

1.

From Windows Explorer, navigate to the directory that contains the create-tablespace.sql script file. For this OBE, the file is located in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory.

 

2.

Copy the create-tablespace.sql script file. Paste it onto the Desktop.

Note: Copying the create-tablespace.sql file to the Desktop is a precautionary step to recover the script if it becomes corrupted.

 

3.

Open a DOS window. Go to the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory.

Note: For this OBE, the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory represents the directory for Oracle Role Manager script files.

 

4.

Run the create-tablespace.sql script, as follows:

sqlplus system/[system_pw]@[db_service] @create-tablespace [data_dir] [index_dir] [temp_dir] spool [new_log_path]/create-tablespace.log

The following table explains each value in greater detail:

Value Description
[system_pw] The password for the system database user account. For this OBE, the password is system.
[db_service] The name of the database. For this OBE, the database name is orcl.
[data_dir] This directory is to contain the data tablespaces for the database. For this OBE, the data directory is c:\oracle\product\10.2.0\oradata\orcl.
[index_dir] This directory is to contain the index tablespaces for the database. For this OBE, the index directory is c:\oracle\product\10.2.0\oradata\orcl.
[temp_dir]

This directory is to contain the temporary and undo tablespaces for the database. For this OBE, the index directory is c:\oracle\product\10.2.0\oradata\orcl.

Note: By specifying the same folder path for the data, index, and temp directories, the data, index, and undo tablespaces are to be placed in one, centralized location.

[new_log_path] This directory is to contain the log file for the create-tablespace.sql script. For this OBE, the log file is to be placed in the c:\oracle\product\10.2.0\db_1\log directory.

For this OBE, Linda uses the following values to run the create-tablespace.sql script:

C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>sqlplus
system/system@orcl @create-tablespace C:\oracle\product\10.2.0\oradata\orcl
C:\oracle\product\10.2.0\oradata\orcl C:\oracle\product\10.2.0\oradata\orcl spool
C:\oracle\product\10.2.0\db_1\log\create-tablespace.log

The create-tablespace.sql script:

  • Connects to the database
  • Creates the data, index, temporary, and undo tablespaces
  • Commits the changes to the database
  • Disconnects from the database

The content of the create-tablespace.sql script being run is, as follows:

SQL*Plus: Release 10.2.0.3.0 - Production on Thu Jul 31 06:17:11 2008

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL>
SQL> define DATA_PATH=&1
SQL> define INDEX_PATH=&2
SQL> define TEMP_PATH=&3
SQL>
SQL> create tablespace ORM_DATA
2 datafile '&DATA_PATH\ORM_DATA.DBF' size 50M
3 autoextend on next 10M
4 default storage (initial 64K next 64K pctincrease 0)
5 online;
old 2: datafile '&DATA_PATH\ORM_DATA.DBF' size 50M
new 2: datafile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_DATA.DBF' size 50M

Tablespace created.

SQL>
SQL> create tablespace ORM_INDEX
2 datafile '&INDEX_PATH\ORM_INDEX.DBF' size 100M
3 autoextend on next 10M
4 default storage (initial 64K next 64K pctincrease 0)
5 online;
old 2: datafile '&INDEX_PATH\ORM_INDEX.DBF' size 100M
new 2: datafile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_INDEX.DBF' size 100M

Tablespace created.

SQL>
SQL> create temporary tablespace ORM_TEMP
2 tempfile '&TEMP_PATH\ORM_TEMP.DBF' size 50M
3 autoextend on next 10M;
old 2: tempfile '&TEMP_PATH\ORM_TEMP.DBF' size 50M
new 2: tempfile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_TEMP.DBF' size 50M

Tablespace created.

SQL>
SQL> REM The following statement assumes that your database
SQL> REM is using the Automatic Undo Management feature recommended
SQL> REM by Oracle.
SQL>
SQL> create undo tablespace ORM_UNDO
2 datafile '&DATA_PATH\ORM_UNDO1.DBF'
3 size 1024M;
old 2: datafile '&DATA_PATH\ORM_UNDO1.DBF'
new 2: datafile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_UNDO1.DBF'

Tablespace created.

SQL>
SQL> spool off;
not spooling currently
SQL> set echo off;

Commit complete.

Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Pr
oduction
With the Partitioning, OLAP and Data Mining options

C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>

Linda configured a predefined Oracle Database for Oracle Role Manager. She is ready to create accounts for two Oracle Role Manager database users. The first user is the database owner. This user owns all objects in the database. The second user is the application user. This user performs runtime operations against the objects in the database.

To create the database user accounts, she must run the create-schema-owner.sql and create-app-user.sql scripts. These scripts create accounts for the database owner and application user, and place these accounts in the database tables Linda created for Oracle Role Manager.

 

5.

From Windows Explorer, navigate to the directory that contains the create-app-user.sql and create-schema-owner.sql script files. For this OBE, the files are located in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory.

 

6.

Copy the create-app-user.sql and create-schema-owner.sql script files. Paste them onto the Desktop.

Note: Copying the create-app-user.sql and create-schema-owner.sql files to the Desktop is a precautionary step to recover the scripts if they become corrupted.

 

7.

Make the DOS window active. Verify the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory is the directory that appears at the DOS prompt.

 

8.

Run the create-schema-owner.sql script, as follows:

sqlplus system/[system_pw]@[db_service] @create-schema-owner [owner_username] [owner_password]

The following table explains each value in greater detail:

Value Description
[system_pw] The password for the system database user account. For this OBE, the password is system.
[db_service] The name of the database. For this OBE, the database name is orcl.
[owner_username] The name of the database owner account. For this OBE, the name is dbowner1.
[owner_password] The password for the database owner account. For this OBE, the password is dead_line1.

For this OBE, Linda uses the following values to run the create-schema-owner.sql script:

C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>sqlplus
system/system@orcl @create-schema-owner dbowner1 dead_line1

The create-schema-owner.sql script:

  • Connects to the database
  • Creates the database owner account
  • Commits the changes to the database
  • Disconnects from the database

The content of the create-schema-owner.sql script being run is, as follows:

SQL*Plus: Release 10.2.0.3.0 - Production on Thu Jul 31 07:36:17 2008

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 -

Production
With the Partitioning, OLAP and Data Mining options

SQL>
SQL> begin
2 for crs in (select sid,serial# from v$session where username = '&1') loop
3 execute immediate 'alter system kill session '''||crs.sid||','||crs.serial#||''' immediate';
4 end loop;
5 end;
6 /
old 2: for crs in (select sid,serial# from v$session where username = '&1') loop
new 2: for crs in (select sid,serial# from v$session where username = 'dbowner1') loop
PL/SQL procedure successfully completed.

SQL>
SQL> drop user &1 cascade;
old 1: drop user &1 cascade
new 1: drop user dbowner1 cascade
drop user dbowner1 cascade
*
ERROR at line 1:
ORA-01918: user 'DBOWNER1' does not exist

SQL> create user &1 identified by &2
2 default tablespace ORM_DATA
3 temporary tablespace ORM_TEMP;
old 1: create user &1 identified by &2
new 1: create user dbowner1 identified by dead_line1

User created.

SQL>
SQL> grant connect to &1;
old 1: grant connect to &1
new 1: grant connect to dbowner1

Grant succeeded.

SQL> grant create session to &1;
old 1: grant create session to &1
new 1: grant create session to dbowner1

Grant succeeded.

SQL> grant resource to &1;
old 1: grant resource to &1
new 1: grant resource to dbowner1

Grant succeeded.

SQL> grant create view to &1;
old 1: grant create view to &1
new 1: grant create view to dbowner1

Grant succeeded.

SQL> grant create materialized view to &1;
old 1: grant create materialized view to &1
new 1: grant create materialized view to dbowner1

Grant succeeded.

SQL> grant create synonym to &1;
old 1: grant create synonym to &1
new 1: grant create synonym to dbowner1

Grant succeeded.

SQL> grant query rewrite to &1;
old 1: grant query rewrite to &1
new 1: grant query rewrite to dbowner1

Grant succeeded.

SQL> alter user &1 default role all;
old 1: alter user &1 default role all
new 1: alter user dbowner1 default role all

User altered.

SQL> exit;
Disconnected from Oracle Database 10g Enterprise Edition Release

10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options

C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>

Linda created an account for the database owner. She is ready to create an account for the application user.

 

9.

Run the create-app-user.sql script, as follows:

sqlplus system/[system_pw]@[db_service] @create-app-user [app_username] [app_password]

The following table explains each value in greater detail:

Value Description
[system_pw] The password for the system database user account. For this OBE, the password is system.
[db_service] The name of the database. For this OBE, the database name is orcl.
[app_username] The name of the application user account. For this OBE, the name is appuser1.
[app_password] The password for the application user account. For this OBE, the password is dead_line1.

For this OBE, Linda uses the following values to run the create-app-user.sql script:

C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>sqlplus
system/system@orcl @create-app-user appuser1 dead_line1

The create-app-user.sql script:

  • Connects to the database
  • Creates the application user account
  • Commits the changes to the database
  • Disconnects from the database

The content of the create-app-user.sql script being run is, as follows:

SQL*Plus: Release 10.2.0.3.0 - Production on Thu Jul 31 07:36:17 2008

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 -

Production
With the Partitioning, OLAP and Data Mining options

SQL>
SQL> begin
2 for crs in (select sid,serial# from v$session where username = '&1') loop
3 execute immediate 'alter system kill session '''||crs.sid||','||crs.serial#||''' immmediate';
4 end loop;
5 end;
6 /
old 2: for crs in (select sid,serial# from v$session where username = '&1') loop
new 2: for crs in (select sid,serial# from v$session where username = 'appuser1') loop

PL/SQL procedure successfully completed.

SQL>
SQL> drop user &1 cascade;
old 1: drop user &1 cascade
new 1: drop user appuser1 cascade
drop user appuser1 cascade
*
ERROR at line 1:
ORA-01918: user 'APPUSER1' does not exist

SQL> create user &1 identified by &2
2 default tablespace ORM_DATA
3 temporary tablespace ORM_TEMP;
old 1: create user &1 identified by &2
new 1: create user appuser1 identified by dead_line1

User created.

SQL>
SQL> grant connect to &1;
old 1: grant connect to &1
new 1: grant connect to appuser1

Grant succeeded.

SQL> grant create session to &1;
old 1: grant create session to &1
new 1: grant create session to appuser1

Grant succeeded.

SQL> grant resource to &1;
old 1: grant resource to &1
new 1: grant resource to appuser1

Grant succeeded.

SQL> grant create view to &1;
old 1: grant create view to &1
new 1: grant create view to appuser1

Grant succeeded.

SQL> grant create materialized view to &1;
old 1: grant create materialized view to &1
new 1: grant create materialized view to appuser1

Grant succeeded.

SQL> grant create synonym to &1;
old 1: grant create synonym to &1
new 1: grant create synonym to appuser1

Grant succeeded.

SQL> exit;
Disconnected from Oracle Database 10g Enterprise Edition Release

10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options

C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>

Tip: To verify that the database owner and application user accounts are created, log into SQL*Plus with the system database user account. For this OBE, the password for this account is system.

At the SQL prompt, enter select * from all_users; All user accounts in the database appear, including the database owner and application user accounts.

Linda is ready to set permissions for transaction recoveries.

 

10.

Use SQL*Plus to log into the database with the sys database user account. For this OBE, the password for this account is system.

 

11.

At the SQL prompt, enter the following commands (and press Enter after each command):

grant select on pending_trans$ to public;
grant select on dba_2pc_pending to public;
grant select on dba_pending_transactions to public;
grant execute on dbms_system to [app_username];

Note: [appuser_name] represents the name of the application user account. For this OBE, the name is appuser1.

For this OBE, Linda uses the following values to set permissions for transaction recoveries:

grant select on pending_trans$ to public;
grant select on dba_2pc_pending to public;
grant select on dba_pending_transactions to public;
grant execute on dbms_system to appuser1;

The content of the permissions for transmission recoveries being set is, as follows:

SQL*Plus: Release 10.2.0.3.0 - Production on Mon Aug 4 06:56:43 2008

Copyright (c) 1982, 2006, Oracle. All Rights Reserved.

Enter user-name: sys
Enter password:

Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options

SQL> grant select on pending_trans$ to public;

Grant succeeded.

SQL> grant select on dba_2pc_pending to public;

Grant succeeded.

SQL> grant select on dba_pending_transactions to public;

Grant succeeded.

SQL> grant execute on dbms_system to appuser1;

Grant succeeded.

SQL>

Linda configured a predefined Oracle Database for Oracle Role Manager. She also created accounts for two Oracle Role Manager database users: the database owner and the application user. She is ready to install Oracle Role Manager.

 

Back to Topic List

Installing Oracle Role Manager

In the previous section of this OBE, Linda configured a predefined Oracle Database for Oracle Role Manager. She also created accounts for two Oracle Role Manager database users: the database owner and the application user. She is ready to install Oracle Role Manager. For this OBE, she installs this product on the same computer that runs JBoss Application Server and Oracle Database.

To install the Oracle Role Manager, perform the following steps:

1.

Double-click the setup.exe file, located in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\install directory.

 

2.

On the Welcome screen, click Next.

 

3.

Populate the fields of the Specify File Locations screen, as follows (and click Next):

Field Value
Source Path C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\stage\products.xml
Destination Name orm1
Destination Path C:\ORMHome_1

Note: The Source Path points to the folder that contains the Oracle Role Manager installation media. The Destination Name is a unique identifier for Oracle Role Manager. The Destination Path points to the base directory where Oracle Role Manager is to be installed.

 

4.

On the Select Installation Type screen, select the Install Software and Configure option (because, in subsequent OBEs, Linda is to use Oracle Role Manager with Oracle Identity Manager). Click Next.

 

5.

On the Specify Configuration Options screen, make sure the following check boxes are selected (and click Next):

  • Standard Data Model
  • Oracle Identity Manager Integration

Note: By selecting the Standard Data Model check box, Linda can use Oracle Role Manager's graphical user interface. By selecting the Oracle Identity Manager Integration check box, Linda can use Oracle Role Manager with Oracle Identity Manager.

 

6.

Populate the fields of the Specify Database Details screen, as follows (and click Next):

Field Value
Database Host localhost
Database Port 1521
Database Service Name orcl
Database Owner dbowner1
Database Owner Password dead_line1
Application User appuser1
Application User Password dead_line1

Note: The Database Host field contains the name (or IP address) of the computer on which the database resides. The host name for the database (that is, localhost ) is case-sensitive.

The Database Port field contains the Transmission Control Protocol (TCP) port on which Oracle Database listens for connections.

The Database Service Name field displays the name of Oracle Database prepared in the section of this OBE titled Preparing a Database and Its Users.

The Database Owner, Database Owner Password, Application User, and Application User Password fields contain the IDs and passwords of the database owner and application user accounts created for Oracle Role Manager in the section of this OBE titled Preparing a Database and Its Users . For security purposes, the passwords appear as a series of asterisks.

 

7.

Populate the fields of the Specify ORM Administrator screen, as follows (and click Next):

Field Value
ORM Administrator admin
Password dead_line1
Confirm Password dead_line1

The ORM Administrator field contains the ID of the Oracle Role Manager system administrator. The Password and Confirm Password fields contain the password for this administrator's account. For security purposes, the password appears as a series of asterisks.

 

8.

On the Summary screen, click Install.

 

9.

On the End of Installation screen, click Exit.

 

10.

On the Exit screen, click Yes.

The script ends. Linda installed Oracle Role Manager. She is ready to configure JBoss Application Server to function with Oracle Role Manager.

 

Back to Topic List

Configuring JBoss

Linda is a network administrator for Mydo Main Corporation, responsible for configuring JBoss Application Server to function with Oracle Role Manager. This application server provides the life-cycle management, security, deployment, and run-time services to logical components that support Oracle Role Manager.

For JBoss to function with Oracle Role Manager, Linda must complete the following actions:

  1. Create a JAVA_HOME environment variable, and set its value to be equivalent to the folder path of Java JDK that is installed. For this OBE, the path is C:\Program Files\Java\jdk1.5.0_08.
  2. Configure the Path environment variable so that the first JDK reference that appears is version 1.5.0_08 (the version of Java JDK installed and configured on the computer).
  3. Set JBoss’ minimum and maximum memory parameters to 512 MB and 1,024 MB (to optimize the application server’s performance).
  4. Copy Oracle Role Manager-specific files to JBoss' directory structure.
  5. Encrypt the password for the Oracle Role Manager application user created in the section of this OBE titled Preparing a Database and Its Users.

Create JBoss' JAVA_HOME Environment Variable

Linda is ready to complete her first action to configure JBoss to function with Oracle Role Manager. She is to create a JAVA_HOME environment variable, and set its value to be equivalent to the folder path of Java JDK that is installed. For this OBE, the path is C:\Program Files\Java\jdk1.5.0_08.

To complete this action, perform the following steps:

1.

Open the Control Panel. To do so, from the Windows Start Menu, select Control Panel.

 

2.

Double-click the System icon.

 

3.

Click the Advanced tab. Then, click the Environment Variables button.

 

4.

On the “User variables for stcurr” region of this window, click New.

 

5.

On the New User Variable window, fill in the parameter values, as follows:

Field Value
Variable name JAVA_HOME
Variable value C:\Program Files\Java\jdk1.5.0_08

Note: The directory Linda enters in the “Variable value” field is the directory that contains the application server’s JDK.

 

6.

Click OK to commit the entry.

The Environment Variables window is active. Within the “User variables for stcurr” region of this window, the JAVA_HOME environment variable appears. Linda set this variable. She is ready to configure the Path environment variable.

 

Configure JBoss' Path System Variable

Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to configure the Path environment variable so that the first JDK reference that appears is version 1.5.0_08 (the version of Java JDK installed and configured on the computer).

To complete this action, perform the following steps:

1.

Locate and highlight the Path environment variable that appears in the “System variables” region of the Environment Variables window. Click Edit.

 

2.

On the Edit System Variable window, make sure the cursor appears to the extreme left of the string of text in the “Variable value” field. Then add the following value to this field.

Field Value
Variable value C:\Program Files\Java\jdk1.5.0_08\bin;

Note: The directory Linda enters in the “Variable value” field is the directory that contains the application server’s binary files.

 

3.

Click OK to commit the change.

The Environment Variables window is active. Within the “System variables” region of this window, the Path environment variable displays the name of the directory specified in step 2. Linda set this variable.

 

4.

Click OK twice to commit all of the changes. Linda is ready to set JBoss' minimum and maximum memory parameters.

 

 

Configure JBoss' Memory Parameters

Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to set JBoss’ minimum and maximum memory parameters to 512 MB and 1,024 MB. By doing so, Linda optimizes the application server’s performance.

To complete this action, perform the following steps:

1.

Using a text editor, open the run.bat file, found in the C:\stage\jboss-4.0.5.GA\bin folder.

 

2.

Locate the following piece of code:

set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx512m

 

3.

Modify this code, as follows:

set JAVA_OPTS=%JAVA_OPTS% -Xms512m -Xmx1024m

Note: By modifying this code, Linda designates 512 MB and 1,024 MB to be the minimum and maximum memory parameters for JBoss. As a result, she optimizes the application server’s performance to function with Oracle Role Manager.

 

4.

Save and close the run.bat file. Linda is ready to copy files, specific to Oracle Role Manager, into JBoss' directory structure.

 




Copy Oracle Role Manager-specific Files

Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to copy files, specific to Oracle Role Manager, into JBoss' directory structure. These files include:

To complete this action, perform the following steps:

1.

Copy the orm-ds.xml and orm-service.xml files, found in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\jboss\4.0.5 directory. Paste these files into the directory of JBoss Application Server where Oracle Role Manager is to be deployed. For this OBE, the directory is C:\stage\jboss-4.0.5.GA\server\default\deploy.

 

2.

Encrypt the password of the Oracle Role Manager application user. Linda created this user in the section of this OBE titled Preparing a Database and Its Users.

Important: Do not continue with this procedure until you encrypt the password of the Oracle Role Manager application user. For more information about encrypting this password, refer to the section of this OBE titled Encrypt the Password for the Oracle Role Manager Application User.

 

3.

Using a text editor, open the orm-ds.xml file, found in the C:\stage\jboss-4.0.5.GA\server\default\deploy directory.

 

4.

Locate the following line of code, which appears after the <no-tx-datasource> opening tag:

<!-- Authentication: replace USER_NAME and PASSWORD -->

 

5.

Add the following lines of code:

<user-name>appuser1</user-name>
<password> 734bc2e0ac239e2c3b82c3803605f233</password>

Note: appuser1 is the name of the Oracle Role Manager application user Linda created in the in the section of this OBE titled Preparing a Database and Its Users. 734bc2e0ac239e2c3b82c3803605f233 represents the encoded value of the application user's password that Linda encrypted in the section of this OBE titled Encrypt the Password for the Oracle Role Manager Application User.

 

6.

Locate the following line of code, which appears after the <local-tx-datasource> opening tag:

<!-- Authentication: replace USER_NAME and PASSWORD -->

 

7.

Add the following lines of code:

<user-name>appuser1</user-name>
<password> 734bc2e0ac239e2c3b82c3803605f233</password>

 

8.

Locate the following line of code, which appears after the <no-tx-datasource> opening tag:

<connection-url>jdbc:oracle:thin:@SERVER_NAME:1521:SID</connection-url>

 

9.

Replace the placeholders in this line of code with the following values:

Placeholder Value
SERVER_NAME localhost
SID orcl

Note: The SERVER NAME of localhost and SID of orcl correspond to the hostname and service name of the database. Linda specified these values when she installed Oracle Role Manager.

 

10.

Locate the following line of code, which appears after the <local-tx-datasource> opening tag:

<connection-url>jdbc:oracle:thin:@SERVER_NAME:1521:SID</connection-url>

 

11.

Replace the placeholders in this line of code with the following values:

Placeholder Value
SERVER_NAME localhost
SID orcl

 

12.

Save and close the orm-ds.xml file.

 

13.

Copy the server.ear file, found in the C:\ORMHome_1\lib directory. Paste this file into the directory of JBoss Application Server where Oracle Role Manager is to be deployed. For this OBE, the directory is C:\stage\jboss-4.0.5.GA\server\default\deploy.

Note: C:\ORMHome_1 is the base directory of Oracle Role Manager. Linda specified this directory when she installed Oracle Role Manager.

 

14.

Copy the webui.war file, found in the C:\ORMHome_1\webui\jboss\4.0.5 directory. Paste this file into the C:\stage\jboss-4.0.5.GA\server\default\deploy directory.

Linda configured JBoss to function with Oracle Role Manager. She is ready to launch Oracle Role Manager.

 

Encrypt the Password for the Oracle Role Manager Application User

Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to encrypt the password of the Oracle Role Manager application user. Linda created this user in the section of this OBE titled Preparing a Database and Its Users.

After encrypting the application user's password, she must modify the orm-ds.xml and login-config.xml files of JBoss Application Server so that they can access the encrypted form of the password (instead of the clear-text version).

To complete this action, perform the following steps:

1.

Open a DOS window. Go to the home directory of JBoss Application Server. For this OBE, the directory is C:\stage\jboss-4.0.5.GA.

 

2.

Enter the following command at the DOS prompt:

java -cp "[JBoss_home_directory]/lib/jboss-jmx.jar;lib/jboss-common.jar;server/default/lib/jboss-jca.jar;server/default/lib/jbosssx.jar" org.jboss.resource.security.SecureIdentityLoginModule [app_password]

The following table explains each value in greater detail:

Value Description
[JBoss_home_directory] The home directory of JBoss Application Server. For this OBE, the directory is C:\stage\jboss-4.0.5.GA.
[app_password] The password for the application user account. For this OBE, the password is dead_line1.

For this OBE, Linda uses the following values to encrypt the application user's password:

java -cp " C:/stage/jboss-4.0.5.GA/lib/jboss-jmx.jar;lib/jboss-common.jar;server/default/lib/jboss-jca.jar;server/default/lib/jbosssx.jar" org.jboss.resource.security.SecureIdentityLoginModule dead_line1

The command returns an encoded form of the password Linda specifies. For this example, the password dead_line1 is encoded as 734bc2e0ac239e2c3b82c3803605f233.

Linda is ready to modify the orm-ds.xml and login-config.xml files of JBoss Application Server so that they can access the encrypted form of the password (instead of the clear-text version).

 

3.

Using a text editor, open the orm-ds.xml file, found in the C:\stage\jboss-4.0.5.GA\server\default\deploy directory.

 

4.

Locate the following lines of code, which appear after the <no-tx-datasource> opening tag:

<user-name>USER_NAME</user-name>
<password>PASSWORD</password>

 

5.

Delete these lines of code. Add the following line of code so that it precedes the </no-tx-datasource> closing tag:

<security-domain>EncryptDBPassword</security-domain>

 

6.

Locate the following lines of code, which appear after the <local-tx-datasource> opening tag:

<user-name>USER_NAME</user-name>
<password>PASSWORD</password>

 

7.

Delete these lines of code. Add the following line of code so that it precedes the </local-tx-datasource> closing tag:

<security-domain>EncryptXADBPassword</security-domain>

 

8.

Save and close the orm-ds.xml file.

 

9.

Using a text editor, open the login-config.xml file, found in the C:\stage\jboss-4.0.5.GA\server\default\conf directory.

 

10.

Place the cursor after the following comments, which appear after the <policy> opening tag:

<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs. -->

 

11.

Add the following lines of code:

<application-policy name = "EncryptXADBPassword">
<authentication>
<login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
<module-option name = "username">appuser1</module-option>
<module-option name = "password"> 734bc2e0ac239e2c3b82c3803605f233</module-option>
<module-option name = "managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=ORMServerXADS</module-option>
</login-module>
</authentication>
</application-policy>

<application-policy name = "EncryptDBPassword">
<authentication>
<login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
<module-option name = "username">appuser1</module-option>
<module-option name = "password"> 734bc2e0ac239e2c3b82c3803605f233</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=NoTxCM,name=ORMServerDS</module-option> </login-module>
</authentication>
</application-policy>

Note: appuser1 is the name of the Oracle Role Manager application user Linda created in the in the section of this OBE titled Preparing a Database and Its Users. 734bc2e0ac239e2c3b82c3803605f233 represents the encoded value of the application user's password that Linda encrypted in step 2 of this procedure.

 

12.

Save and close the login-config.xml file. Linda encrypted the password of the Oracle Role Manager application user. Then, she modified the orm-ds.xml and login-config.xml files of JBoss Application Server so that they can access the encrypted form of the password (instead of the clear-text version).

Linda is ready to proceed with step 3 of the section of this OBE titled Copy Oracle Role Manager-specific Files.

 

Back to Topic List

Launching Oracle Role Manager

In this previous section of this OBE, Linda configured JBoss Application Server to function with Oracle Role Manager. She is ready to launch Oracle Role Manager. To start this product, Linda:

To launch Oracle Role Manager, perform the following steps:

1.

Start JBoss Application Server. To do so, double-click the run.bat file, found in the application server's bin directory. For this OBE, the file is located in the C:\stage\jboss-4.0.5.GA\bin directory.

 

2.

Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:

  • localhost (Oracle Database, JBoss Application Server, and Oracle Role Manager reside on the same computer.)
  • 8087 (the port number for JBoss Application Server)
  • webui (A literal that is case-sensitive.)

As a result, the URL should have the following naming convention:

http://localhost:8087/webui

 

3.

Populate the fields of the Oracle Role Manager login page, as follows (and click Sign In):

Field Value
User ID admin
Password dead_line1

Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. She created this account when she installed Oracle Role Manager. Also, the password is encrypted for security purposes.

The Home page of Oracle Role Manager appears:

Linda started Oracle Role Manager. In this OBE, she learned how to install, configure, and launch Oracle Role Manager.

 

Back to Topic List

Summary

In this lesson, you learned how to:

 Prepare a database and its users
 Install Oracle Role Manager
 Configure JBoss
 Launch Oracle Role Manager

Back to Topic List

Related Information

 To ask a question about this OBE tutorial, post a query on the OBE Discussion Forum.

Back to Topic List

 Place the cursor over this icon to hide all screenshots.

 

Left Curve
Popular Downloads
Right Curve
Untitled Document