Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
Note: Alternatively, you can place the cursor
over each individual icon in the following steps to load and view only the screenshot
associated with that step.
The screenshots will not reflect the specific environment
you are using. They are provided to give you an idea of where to locate specific
functionality in Oracle Role Manager.
Overview
Oracle Role Manager is an enterprise-class application for managing business and organizational relationships, roles, and entitlements. An authoritative source for role life-cycle management, it drives automation of role-based provisioning and access control across the IT infrastructure.
Features and benefits of Oracle Role Manager include:
Role and rule mining: An enterprise can accelerate its role-management implementation by importing existing data about users, resources, and entitlements to discover candidate roles and membership policies.
Context-aware, polyarchy-enabled role engine: A powerful role engine uses an enterprise’s business policies and traverses relationships between users and organizations to derive accurate, real-time role memberships.
Authoritative role and entitlement repository: An enterprise aggregates and manages contextual business information (such as organizational relationships) into a comprehensive role repository. Serving as the central source of information for roles, these complex relationships supply authoritative entitlement data to enterprise systems.
Configurable and extensible role and relationship model: Oracle Role Manager models enterprise structures and relationships, and provides tools for customizing the user interface.
Role delegation: By providing delegated administration of roles, Oracle Role Manager enables users to delegate access and privileges easily without violating existing business policies.
Linda works as a network administrator for Mydo Main Corporation. In Mydo Main, Linda is responsible for managing business and organizational relationships, roles, and entitlements to resources for users within the company. To perform these tasks, she must install, configure, and launch Oracle Role Manager.
By using Oracle Role Manager, Linda can create and manage roles for users and entitlements these users have for the company's resources. As a result, Linda can manage user roles and entitlements for resources across the enterprise setup of Mydo Main.
Configure a predefined Oracle Database for Oracle Role Manager
Create accounts for two Oracle Role Manager database users. The first user is the database owner. This user owns all objects in the database. The second user is the application user. This user performs runtime operations against the objects in the database.
To prepare the database, Linda must run the create-tablespace.sql script, which creates database tables for Oracle Role Manager. To create the database user accounts, she must run the create-schema-owner.sqland create-app-user.sqlscripts. These scripts create accounts for the database owner and application user, and place these accounts in the database tables Linda creates for Oracle Role Manager.
To prepare a database and its users, perform the
following steps:
1.
From Windows Explorer, navigate to the directory that contains the create-tablespace.sql script file. For this OBE, the file is located in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory.
2.
Copy the create-tablespace.sql script file. Paste it onto the Desktop.
Note: Copying the create-tablespace.sql file to the Desktop is a precautionary step to recover the script if it becomes corrupted.
3.
Open a DOS window. Go to the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory.
Note: For this OBE, the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory represents the directory for Oracle Role Manager script files.
The following table explains each value in greater detail:
Value
Description
[system_pw]
The password for the system database user account. For this OBE, the password is system.
[db_service]
The name of the database. For this OBE, the database name is orcl.
[data_dir]
This directory is to contain the data tablespaces for the database. For this OBE, the data directory is c:\oracle\product\10.2.0\oradata\orcl.
[index_dir]
This directory is to contain the index tablespaces for the database. For this OBE, the index directory is c:\oracle\product\10.2.0\oradata\orcl.
[temp_dir]
This directory is to contain the temporary and undo tablespaces for the database. For this OBE, the index directory is c:\oracle\product\10.2.0\oradata\orcl.
Note: By specifying the same folder path for the data, index, and temp directories, the data, index, and undo tablespaces are to be placed in one, centralized location.
[new_log_path]
This directory is to contain the log file for the create-tablespace.sql script. For this OBE, the log file is to be placed in the c:\oracle\product\10.2.0\db_1\log directory.
For this OBE, Linda uses the following values to run the create-tablespace.sql script:
Creates the data, index, temporary, and undo tablespaces
Commits the changes to the database
Disconnects from the database
The content of the create-tablespace.sql script being run is, as follows:
SQL*Plus: Release 10.2.0.3.0 - Production on Thu Jul 31 06:17:11 2008
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL>
SQL> define DATA_PATH=&1
SQL> define INDEX_PATH=&2
SQL> define TEMP_PATH=&3
SQL>
SQL> create tablespace ORM_DATA
2 datafile '&DATA_PATH\ORM_DATA.DBF' size 50M
3 autoextend on next 10M
4 default storage (initial 64K next 64K pctincrease 0)
5 online;
old 2: datafile '&DATA_PATH\ORM_DATA.DBF' size 50M
new 2: datafile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_DATA.DBF' size 50M
Tablespace created.
SQL>
SQL> create tablespace ORM_INDEX
2 datafile '&INDEX_PATH\ORM_INDEX.DBF' size 100M
3 autoextend on next 10M
4 default storage (initial 64K next 64K pctincrease 0)
5 online;
old 2: datafile '&INDEX_PATH\ORM_INDEX.DBF' size 100M
new 2: datafile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_INDEX.DBF' size 100M
Tablespace created.
SQL>
SQL> create temporary tablespace ORM_TEMP
2 tempfile '&TEMP_PATH\ORM_TEMP.DBF' size 50M
3 autoextend on next 10M;
old 2: tempfile '&TEMP_PATH\ORM_TEMP.DBF' size 50M
new 2: tempfile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_TEMP.DBF' size 50M
Tablespace created.
SQL>
SQL> REM The following statement assumes that your database
SQL> REM is using the Automatic Undo Management feature recommended
SQL> REM by Oracle.
SQL>
SQL> create undo tablespace ORM_UNDO
2 datafile '&DATA_PATH\ORM_UNDO1.DBF'
3 size 1024M;
old 2: datafile '&DATA_PATH\ORM_UNDO1.DBF'
new 2: datafile 'C:\oracle\product\10.2.0\oradata\orcl\ORM_UNDO1.DBF'
Tablespace created.
SQL>
SQL> spool off;
not spooling currently
SQL> set echo off;
Commit complete.
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Pr
oduction
With the Partitioning, OLAP and Data Mining options
C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>
Linda configured a predefined Oracle Database for Oracle Role Manager. She is ready to create accounts for two Oracle Role Manager database users. The first user is the database owner. This user owns all objects in the database. The second user is the application user. This user performs runtime operations against the objects in the database.
To create the database user accounts, she must run the create-schema-owner.sql and create-app-user.sql scripts. These scripts create accounts for the database owner and application user, and place these accounts in the database tables Linda created for Oracle Role Manager.
5.
From Windows Explorer, navigate to the directory that contains the create-app-user.sql and create-schema-owner.sql script files. For this OBE, the files are located in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory.
6.
Copy the create-app-user.sql and create-schema-owner.sql script files. Paste them onto the Desktop.
Note: Copying the create-app-user.sql and create-schema-owner.sql files to the Desktop is a precautionary step to recover the scripts if they become corrupted.
7.
Make the DOS window active. Verify the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle directory is the directory that appears at the DOS prompt.
8.
Run the create-schema-owner.sql script, as follows:
The following table explains each value in greater detail:
Value
Description
[system_pw]
The password for the system database user account. For this OBE, the password is system.
[db_service]
The name of the database. For this OBE, the database name is orcl.
[owner_username]
The name of the database owner account. For this OBE, the name is dbowner1.
[owner_password]
The password for the database owner account. For this OBE, the password is dead_line1.
For this OBE, Linda uses the following values to run the create-schema-owner.sql script:
C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>sqlplus
system/system@orcl @create-schema-owner dbowner1 dead_line1
The create-schema-owner.sql script:
Connects to the database
Creates the database owner account
Commits the changes to the database
Disconnects from the database
The content of the create-schema-owner.sql script being run is, as follows:
SQL*Plus: Release 10.2.0.3.0 - Production on Thu Jul 31 07:36:17 2008
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 -
Production
With the Partitioning, OLAP and Data Mining options
SQL>
SQL> begin
2 for crs in (select sid,serial# from v$session where username = '&1') loop
3 execute immediate 'alter system kill session '''||crs.sid||','||crs.serial#||''' immediate';
4 end loop;
5 end;
6 /
old 2: for crs in (select sid,serial# from v$session where username = '&1')
loop
new 2: for crs in (select sid,serial# from v$session where username = 'dbowner1') loop
PL/SQL procedure successfully completed.
SQL>
SQL> drop user &1 cascade;
old 1: drop user &1 cascade
new 1: drop user dbowner1 cascade
drop user dbowner1 cascade
*
ERROR at line 1:
ORA-01918: user 'DBOWNER1' does not exist
SQL> create user &1 identified by &2
2 default tablespace ORM_DATA
3 temporary tablespace ORM_TEMP;
old 1: create user &1 identified by &2
new 1: create user dbowner1 identified by dead_line1
User created.
SQL>
SQL> grant connect to &1;
old 1: grant connect to &1
new 1: grant connect to dbowner1
Grant succeeded.
SQL> grant create session to &1;
old 1: grant create session to &1
new 1: grant create session to dbowner1
Grant succeeded.
SQL> grant resource to &1;
old 1: grant resource to &1
new 1: grant resource to dbowner1
Grant succeeded.
SQL> grant create view to &1;
old 1: grant create view to &1
new 1: grant create view to dbowner1
Grant succeeded.
SQL> grant create materialized view to &1;
old 1: grant create materialized view to &1
new 1: grant create materialized view to dbowner1
Grant succeeded.
SQL> grant create synonym to &1;
old 1: grant create synonym to &1
new 1: grant create synonym to dbowner1
Grant succeeded.
SQL> grant query rewrite to &1;
old 1: grant query rewrite to &1
new 1: grant query rewrite to dbowner1
Grant succeeded.
SQL> alter user &1 default role all;
old 1: alter user &1 default role all
new 1: alter user dbowner1 default role all
User altered.
SQL> exit;
Disconnected from Oracle Database 10g Enterprise Edition Release
10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options
C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>
Linda created an account for the database owner. She is ready to create an account for the application user.
The following table explains each value in greater detail:
Value
Description
[system_pw]
The password for the system database user account. For this OBE, the password is system.
[db_service]
The name of the database. For this OBE, the database name is orcl.
[app_username]
The name of the application user account. For this OBE, the name is appuser1.
[app_password]
The password for the application user account. For this OBE, the password is dead_line1.
For this OBE, Linda uses the following values to run the create-app-user.sql script:
C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>sqlplus
system/system@orcl @create-app-user appuser1 dead_line1
The create-app-user.sql script:
Connects to the database
Creates the application user account
Commits the changes to the database
Disconnects from the database
The content of the create-app-user.sql script being run is, as follows:
SQL*Plus: Release 10.2.0.3.0 - Production on Thu Jul 31 07:36:17 2008
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 -
Production
With the Partitioning, OLAP and Data Mining options
SQL>
SQL> begin
2 for crs in (select sid,serial# from v$session where username = '&1') loop
3 execute immediate 'alter system kill session '''||crs.sid||','||crs.serial#||''' immmediate';
4 end loop;
5 end;
6 /
old 2: for crs in (select sid,serial# from v$session where username = '&1')
loop
new 2: for crs in (select sid,serial# from v$session where username = 'appuser1') loop
PL/SQL procedure successfully completed.
SQL>
SQL> drop user &1 cascade;
old 1: drop user &1 cascade
new 1: drop user appuser1 cascade
drop user appuser1 cascade
*
ERROR at line 1:
ORA-01918: user 'APPUSER1' does not exist
SQL> create user &1 identified by &2
2 default tablespace ORM_DATA
3 temporary tablespace ORM_TEMP;
old 1: create user &1 identified by &2
new 1: create user appuser1 identified by dead_line1
User created.
SQL>
SQL> grant connect to &1;
old 1: grant connect to &1
new 1: grant connect to appuser1
Grant succeeded.
SQL> grant create session to &1;
old 1: grant create session to &1
new 1: grant create session to appuser1
Grant succeeded.
SQL> grant resource to &1;
old 1: grant resource to &1
new 1: grant resource to appuser1
Grant succeeded.
SQL> grant create view to &1;
old 1: grant create view to &1
new 1: grant create view to appuser1
Grant succeeded.
SQL> grant create materialized view to &1;
old 1: grant create materialized view to &1
new 1: grant create materialized view to appuser1
Grant succeeded.
SQL> grant create synonym to &1;
old 1: grant create synonym to &1
new 1: grant create synonym to appuser1
Grant succeeded.
SQL> exit;
Disconnected from Oracle Database 10g Enterprise Edition Release
10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options
C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\sqlscripts\oracle>
Tip: To verify that the database owner and application user accounts are created, log into SQL*Plus with the system database user account. For this OBE, the password for this account is system.
At the SQL prompt, enter select * from all_users; All user accounts in the database appear, including the database owner and application user accounts.
Linda is ready to set permissions for transaction recoveries.
10.
Use SQL*Plus to log into the database with the sys database user account. For this OBE, the password for this account is system.
11.
At the SQL prompt, enter the following commands (and press Enter after each command):
grant select on pending_trans$ to public; grant select on dba_2pc_pending to public; grant select on dba_pending_transactions to public; grant execute on dbms_system to [app_username];
Note:[appuser_name] represents the name of the application user account. For this OBE, the name is appuser1.
For this OBE, Linda uses the following values to set permissions for transaction recoveries:
grant select on pending_trans$ to public; grant select on dba_2pc_pending to public; grant select on dba_pending_transactions to public; grant execute on dbms_system to appuser1;
The content of the permissions for transmission recoveries being set is, as follows:
SQL*Plus: Release 10.2.0.3.0 - Production on Mon Aug 4 06:56:43 2008
Copyright (c) 1982, 2006, Oracle. All Rights Reserved.
Enter user-name: sys
Enter password:
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Production
With the Partitioning, OLAP and Data Mining options
SQL> grant select on pending_trans$ to public;
Grant succeeded.
SQL> grant select on dba_2pc_pending to public;
Grant succeeded.
SQL> grant select on dba_pending_transactions to public;
Grant succeeded.
SQL> grant execute on dbms_system to appuser1;
Grant succeeded.
SQL>
Linda configured a predefined Oracle Database for Oracle Role Manager. She also created accounts for two Oracle Role Manager database users: the database owner and the application user. She is ready to install Oracle Role Manager.
In the previous section of this OBE, Linda configured a predefined Oracle Database for Oracle Role Manager. She also created accounts for two Oracle Role Manager database users: the database owner and the application user. She is ready to install Oracle Role Manager. For this OBE, she installs this product on the same computer that runs JBoss Application Server and Oracle Database.
To install the Oracle Role Manager,
perform the following steps:
1.
Double-click the setup.exe file, located in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\install directory.
2.
On the Welcome screen, click Next.
3.
Populate the fields of the Specify File Locations screen, as follows (and click Next):
Field
Value
Source Path
C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\stage\products.xml
Destination Name
orm1
Destination Path
C:\ORMHome_1
Note: The Source Path points to the folder that contains the Oracle Role Manager installation media. The Destination Name is a unique identifier for Oracle Role Manager. The Destination Path points to the base directory where Oracle Role Manager is to be installed.
4.
On the Select Installation Type screen, select the Install Software and Configure option (because, in subsequent OBEs, Linda is to use Oracle Role Manager with Oracle Identity Manager). Click Next.
5.
On the Specify Configuration Options screen, make sure the following check boxes are selected (and click Next):
Standard Data Model
Oracle Identity Manager Integration
Note: By selecting the Standard Data Model check box, Linda can use Oracle Role Manager's graphical user interface. By selecting the Oracle Identity Manager Integration check box, Linda can use Oracle Role Manager with Oracle Identity Manager.
6.
Populate the fields of the Specify Database Details screen, as follows (and click Next):
Field
Value
Database Host
localhost
Database Port
1521
Database Service Name
orcl
Database Owner
dbowner1
Database Owner Password
dead_line1
Application User
appuser1
Application User Password
dead_line1
Note: The Database Host field contains the name (or IP address) of the computer on which the database resides. The host name for the database (that is, localhost) is case-sensitive.
The Database Port field contains the Transmission Control Protocol (TCP) port on which Oracle Database listens for connections.
The Database Service Name field displays the name of Oracle Database prepared in the section of this OBE titledPreparing a Database and Its Users.
The Database Owner, Database Owner Password, Application User, and Application User Password fields contain the IDs and passwords of the database owner and application user accounts created for Oracle Role Managerin the section of this OBE titledPreparing a Database and Its Users. For security purposes, the passwords appear as a series of asterisks.
7.
Populate the fields of the Specify ORM Administrator screen, as follows (and click Next):
Field
Value
ORM Administrator
admin
Password
dead_line1
Confirm Password
dead_line1
The ORM Administrator field contains the ID of the Oracle Role Manager system administrator. The Password and Confirm Password fields contain the password for this administrator's account. For security purposes, the password appears as a series of asterisks.
8.
On the Summary screen, click Install.
9.
On the End of Installation screen, click Exit.
10.
On the Exit screen, click Yes.
The script ends. Linda installed Oracle Role Manager. She is ready to configure JBoss Application Server to function with Oracle Role Manager.
Linda is a network administrator for Mydo Main Corporation, responsible for configuring JBoss Application Server to function with Oracle Role Manager. This application server provides the life-cycle management, security, deployment, and run-time services to logical components that support Oracle Role Manager.
For JBoss to function with Oracle Role Manager, Linda must complete the following actions:
Create a JAVA_HOME environment variable, and set its value to be equivalent to the folder path of Java JDK that is installed. For this OBE, the path is C:\Program Files\Java\jdk1.5.0_08.
Configure the Path environment variable so that the first JDK reference that appears is version 1.5.0_08 (the version of Java JDK installed and configured on the computer).
Set JBoss’ minimum and maximum memory parameters to 512 MB and 1,024 MB (to optimize the application server’s performance).
Copy Oracle Role Manager-specific files to JBoss' directory structure.
Encrypt the password for the Oracle Role Manager application user created in the section of this OBE titled Preparing a Database and Its Users.
Create JBoss' JAVA_HOME Environment Variable
Linda is ready to complete her first action to configure JBoss to function with Oracle Role Manager. She is to create a JAVA_HOME environment variable, and set its value to be equivalent to the folder path of Java JDK that is installed. For this OBE, the path is C:\Program Files\Java\jdk1.5.0_08.
To complete this action, perform the following steps:
1.
Open the Control Panel. To do so, from the Windows Start Menu, select Control Panel.
2.
Double-click the System icon.
3.
Click the Advanced tab. Then, click the Environment Variables button.
4.
On the “User variables for stcurr” region of this window, click New.
5.
On the New User Variable window, fill in the parameter values, as follows:
Field
Value
Variable name
JAVA_HOME
Variable value
C:\Program Files\Java\jdk1.5.0_08
Note: The directory Linda enters in the “Variable value” field is the directory that contains the application server’s JDK.
6.
Click OK to commit the entry.
The Environment Variables window is active. Within the “User variables for stcurr” region of this window, the JAVA_HOME environment variable appears. Linda set this variable. She is ready to configure the Path environment variable.
Configure JBoss' Path System Variable
Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to configure the Path environment variable so that the first JDK reference that appears is version 1.5.0_08 (the version of Java JDK installed and configured on the computer).
To complete this action, perform the following steps:
1.
Locate and highlight the Path environment variable that appears in the “System variables” region of the Environment Variables window. Click Edit.
2.
On the Edit System Variable window, make sure the cursor appears to the extreme left of the string of text in the “Variable value” field. Then add the following value to this field.
Field
Value
Variable value
C:\Program Files\Java\jdk1.5.0_08\bin;
Note: The directory Linda enters in the “Variable value” field is the directory that contains the application server’s binary files.
3.
Click OK to commit the change.
The Environment Variables window is active. Within the “System variables” region of this window, the Path environment variable displays the name of the directory specified in step 2. Linda set this variable.
4.
Click OK twice to commit all of the changes. Linda is ready to set JBoss' minimum and maximum memory parameters.
Configure JBoss' Memory Parameters
Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to set JBoss’ minimum and maximum memory parameters to 512 MB and 1,024 MB. By doing so, Linda optimizes the application server’s performance.
To complete this action, perform the following steps:
1.
Using a text editor, open the run.bat file, found in the C:\stage\jboss-4.0.5.GA\bin folder.
2.
Locate the following piece of code:
set JAVA_OPTS=%JAVA_OPTS% -Xms128m -Xmx512m
3.
Modify this code, as follows:
set JAVA_OPTS=%JAVA_OPTS% -Xms512m -Xmx1024m
Note: By modifying this code, Linda designates 512 MB and 1,024 MB to be the minimum and maximum memory parameters for JBoss. As a result, she optimizes the application server’s performance to function with Oracle Role Manager.
4.
Save and close the run.bat file. Linda is ready to copy files, specific to Oracle Role Manager, into JBoss' directory structure.
Copy Oracle Role Manager-specific Files
Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to copy files, specific to Oracle Role Manager, into JBoss' directory structure. These files include:
The orm-ds.xml file. This file contains information about Oracle Role Manager facilities for storing information (or data sources).
The orm-service.xml file. This file contains information about the Java Messaging Service (JMS) messaging queues associated with JBoss Application Server.
The server.ear file. This zipped file contains the files that compose the Oracle Role Manager Server.
The webui.war file. This zipped file contains the files that compose the Oracle Role Manager Web application.
The login-config.xml file. This file contains configuration settings to log into JBoss Application Server.
To complete this action, perform the following steps:
1.
Copy the orm-ds.xml and orm-service.xml files, found in the C:\stage\Oracle Role Manager 10.1.4.1.0\Disk1\samples\jboss\4.0.5 directory. Paste these files into the directory of JBoss Application Server where Oracle Role Manager is to be deployed. For this OBE, the directory is C:\stage\jboss-4.0.5.GA\server\default\deploy.
2.
Encrypt the password of the Oracle Role Manager application user. Linda created this user in the section of this OBE titled Preparing a Database and Its Users.
Important: Do not continue with this procedure until you encrypt the password of the Oracle Role Manager application user. For more information about encrypting this password, refer to the section of this OBE titled Encrypt the Password for the Oracle Role Manager Application User.
3.
Using a text editor, open the orm-ds.xml file, found in the C:\stage\jboss-4.0.5.GA\server\default\deploy directory.
4.
Locate the following line of code, which appears after the <no-tx-datasource> opening tag:
<!-- Authentication: replace USER_NAME and PASSWORD -->
Replace the placeholders in this line of code with the following values:
Placeholder
Value
SERVER_NAME
localhost
SID
orcl
Note: The SERVER NAME of localhost and SID of orcl correspond to the hostname and service name of the database. Linda specified these values when she installed Oracle Role Manager.
10.
Locate the following line of code, which appears after the <local-tx-datasource> opening tag:
Replace the placeholders in this line of code with the following values:
Placeholder
Value
SERVER_NAME
localhost
SID
orcl
12.
Save and close the orm-ds.xml file.
13.
Copy the server.ear file, found in the C:\ORMHome_1\lib directory. Paste this file into the directory of JBoss Application Server where Oracle Role Manager is to be deployed. For this OBE, the directory is C:\stage\jboss-4.0.5.GA\server\default\deploy.
Note:C:\ORMHome_1 is the base directory of Oracle Role Manager. Linda specified this directory when she installed Oracle Role Manager.
14.
Copy the webui.war file, found in the C:\ORMHome_1\webui\jboss\4.0.5 directory. Paste this file into the C:\stage\jboss-4.0.5.GA\server\default\deploy directory.
Linda configured JBoss to function with Oracle Role Manager. She is ready to launch Oracle Role Manager.
Encrypt the Password for the Oracle Role Manager Application User
Linda is ready to complete her next action to configure JBoss to function with Oracle Role Manager. She is to encrypt the password of the Oracle Role Manager application user. Linda created this user in the section of this OBE titled Preparing a Database and Its Users.
After encrypting the application user's password, she must modify the orm-ds.xml and login-config.xml files of JBoss Application Server so that they can access the encrypted form of the password (instead of the clear-text version).
To complete this action, perform the following steps:
1.
Open a DOS window. Go to the home directory of JBoss Application Server. For this OBE, the directory is C:\stage\jboss-4.0.5.GA.
The command returns an encoded form of the password Linda specifies. For this example, the password dead_line1 is encoded as 734bc2e0ac239e2c3b82c3803605f233.
Linda is ready to modify the orm-ds.xml and login-config.xml files of JBoss Application Server so that they can access the encrypted form of the password (instead of the clear-text version).
3.
Using a text editor, open the orm-ds.xml file, found in the C:\stage\jboss-4.0.5.GA\server\default\deploy directory.
4.
Locate the following lines of code, which appear after the <no-tx-datasource> opening tag:
Using a text editor, open the login-config.xml file, found in the C:\stage\jboss-4.0.5.GA\server\default\conf directory.
10.
Place the cursor after the following comments, which appear after the <policy> opening tag:
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
11.
Add the following lines of code:
<application-policy name = "EncryptXADBPassword">
<authentication>
<login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
<module-option name = "username">appuser1</module-option>
<module-option name = "password">734bc2e0ac239e2c3b82c3803605f233</module-option>
<module-option name = "managedConnectionFactoryName">
jboss.jca:service=LocalTxCM,name=ORMServerXADS</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name = "EncryptDBPassword"> <authentication> <login-module code = "org.jboss.resource.security.SecureIdentityLoginModule" flag = "required">
<module-option name = "username">appuser1</module-option>
<module-option name = "password">734bc2e0ac239e2c3b82c3803605f233</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=NoTxCM,name=ORMServerDS</module-option> </login-module>
</authentication>
</application-policy>
Note:appuser1 is the name of the Oracle Role Manager application user Linda created in the in the section of this OBE titled Preparing a Database and Its Users. 734bc2e0ac239e2c3b82c3803605f233 represents the encoded value of the application user's password that Linda encrypted in step 2 of this procedure.
12.
Save and close the login-config.xml file. Linda encrypted the password of the Oracle Role Manager application user. Then, she modified the orm-ds.xml and login-config.xml files of JBoss Application Server so that they can access the encrypted form of the password (instead of the clear-text version).
In this previous section of this OBE, Linda configured JBoss Application Server to function with Oracle Role Manager. She is ready to launch Oracle Role Manager. To start this product, Linda:
Starts JBoss Application Server
Opens a Microsoft Internet Explorer Web browser
Enters a URL in the Address field
Specifies login credentials for the Oracle Role Manager system administrator. Linda created this account when she installed Oracle Role Manager.
To launch Oracle Role Manager, perform the following steps:
1.
Start JBoss Application Server. To do so, double-click the run.bat file, found in the application server's bin directory. For this OBE, the file is located in the C:\stage\jboss-4.0.5.GA\bin directory.
2.
Open a Microsoft Internet Explorer Web browser. In the Address field, enter the following:
localhost (Oracle Database, JBoss Application Server, and Oracle Role Manager reside on the same computer.)
8087 (the port number for JBoss Application Server)
webui (A literal that is case-sensitive.)
As a result, the URL should have the following naming convention:
http://localhost:8087/webui
3.
Populate the fields of the Oracle Role Manager login page, as follows (and click Sign In):
Field
Value
User ID
admin
Password
dead_line1
Note: The login credentials Linda enters are for the Oracle Role Manager system administrator. She created this account when she installed Oracle Role Manager. Also, the password is encrypted for security purposes.
The Home page of Oracle Role Manager appears:
Linda started Oracle Role Manager. In this OBE, she learned how to install, configure, and launch Oracle Role Manager.
Bookmark
Place
the cursor over this icon to load and view all the screenshots for this tutorial.
(Caution: Because this action loads all screenshots simultaneously, response
time may be slow depending on your Internet connection.)
