Sample Application Demonstrating Proxy Switching using Oracle Internet Directory Java API

PRODUCTS

Database
Middleware
Developer Tools
Enterprise Management
Applications Technology
Products A-Z

TECHNOLOGIES

BI & Data Warehousing
Embedded
Java
Linux
.NET
PHP
Security
Windows Server System
Technologies A-Z

ARCHITECTURE

Enterprise 2.0
Extreme Transaction Processing
Grid
Service-Oriented Architecture
Virtualization

COMMUNITY

Join OTN
Oracle ACEs
Oracle Wiki
Blogs
Podcasts
Events
Newsletters
Oracle Magazine
Oracle Books
Certification
User Groups
Partner White Papers

Printer View

E-mail this page

Bookmark

Sample Application Demonstrating Proxy Switching using Oracle Internet Directory Java API

Date: 06-Dec-2004

Table of Contents

Introduction
Application Overview
Software Requirements
Terminology
Configuring the Application
Deploying and Running the Application
Sample Application Files
Additional References

Introduction

Prerequisite
Technical Overview

Prerequisite

This sample program is intended for audience interested in integrating customer Java application with Oracle Identity Management. The specific usage here deals with user proxy switching using Oracle Internet Directory Java API.

To understand this sample application the user is expected to have knowledge in the following area,

JNDI
OID

Technical Overview

Often applications must perform operations that require impersonating an end user. For example, in an Oracle Application Server environment, the Oracle Delegated Administration Services proxies on behalf of the end user, and, through the Oracle Internet Directory Self-Service Console, performs operations on that user's behalf. In such a case, the access controls on the directory server eventually govern the operations that the user can perform.

To perform the proxy switching to an end user, the user DN must be available. Also, an LDAP v3 feature, proxying can only be performed using InitialLdapContext, a subclass of InitialDirContext. If you use the Oracle extension oracle.ldap.util.jndi.ConnectionUtil to establish a connection (see to this sample application), InitialLdapContext is always returned. If you use JNDI to establish the connection, make sure that it returns InitialLdapContext.

The LDAPv3 protocol uses controls to send and receive additional data to affect the behavior of predefined operations and for user proxying we need to have a class implementing javax.naming.ldap.Control to indicate at the server reconnection that a proxy operation is wanted.

Proxying on behalf of end users requires membership in the User Proxy Privilege Group. The ACL at the Users container in the default identity management realm allows User Proxy Privilege Group to proxy on behalf of the end user.

Application Overview

This is a sample Java program demonstrating user proxying found in Oracle Internet Directory Java API. It starts off by creating a LDAP connection bounded as a sample application that has only the proxy privilege (without surficient access rights to change an user's password.) Using this connection, the Java program fetches user's DN and then proceed to proxy as that user to reset the password on behalf of that user.

Software Requirements

The following softwares are required for configuring and running this sample application

Oracle Application Server 10g (10.1.2) including a complete Oracle Identity Management installation.

Terminology

<ORACLE_HOME>
Directory where Oracle 10g Application Server is installed. For example. D:\oracle or /private/oracle

<SAMPLE_HOME> The directory where the sample application is extracted

<JAVA_HOME> The directory where JAVA is installed

<OID_Host>
The hostname where Oracle Internet Directory is running

<OID_Port>
The non-SSL port number of Oracle Internet Directory

<Superuser_Password>
The password of superuser “cn=orcladmin”

Configuring the Application

Unzip the provided SampleGroup.zip. This creates the SampleGroup directory with all the source files. We will refer to this directory as <SAMPLE_HOME>.
To create and load the sample LDAP entries into OID, execute the following command against the provided <SAMPLE_HOME>/data/sample.ldif.
<ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/data/sample.ldif output_file=<SAMPLE_HOME>/data/sample_out.ldif –lookup dn="cn=orcladmin" password=<Superuser_Password> port=<OID_Port> host=<OID_Host> -load
The data created by sample_out.ldif consists of the following:
- A set of sample users under the user container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the users are created under "dc=sample_users,cn=users,dc=acme,dc=com".
- A set of sample groups under the group container of the default realm of the directory. For example, if the realm DN is "dc=acme,dc=com", then the groups are created under "dc=sample_groups,cn=groups,dc=acme,dc=com". The members of these groups consist of the sample users created above.
- Two application entities are created. The DNs are "orclApplicationCommonName=myTestApp1" and "orclApplicationCommonName=myTestApp2". Both application entities are given the UserProxyPrivilege to allow them to proxy as any end user under the realm user container. However, only application myTestApp1 is given the DASAdmin privilege that which grants it sufficient privileges for user/group management.
When done with the sample application, execute the following command against the provided <SAMPLE_HOME>/data/sample_del.ldif to delete the sample LDAP entries.
<ORACLE_HOME>/bin/ldifmigrator input_file=<SAMPLE_HOME>/data/sample_del.ldif output_file=<SAMPLE_HOME>/data/sample_del_out.ldif –lookup dn="cn=orcladmin" password=<Superuser_Password> port=<OID_Port> host=<OID_Host> -load

Deploying and Running the Application

In the <SAMPLE_HOME>/src directory, compile the SampleProxy and ProxyControl classes using the following command

On Windows

<JAVA_HOME>\bin\javac -d . –classpath .;<ORACLE_HOME>\jlib\ldapjclnt10.jar *.java

On Linux or Solaris

<JAVA_HOME>/bin/javac -d . –classpath .:<ORACLE_HOME>/jlib/ldapjclnt10.jar *.java

To run the SampleProxy class, run the following Java command from the <SAMPLE_HOME>/src directory

On Windows

<JAVA_HOME>\bin\java –classpath .;<ORACLE_HOME>\jlib\ldapjclnt10.jar oracle.otnsamples.oim.SampleProxy <OID_Host> <OID_Port>

On Linux or Solaris

<JAVA_HOME>/bin/java –classpath .:<ORACLE_HOME>/jlib/ldapjclnt10.jar oracle.otnsamples.oim.SampleProxy <OID_Host> <OID_Port>

Sample Application Files

This section will provide a tabular listing of the sample application files, along with their respective directory locations and a description of what they do in the overall scheme of the application.

Directory File Description

<SAMPLE_HOME>\doc

readme.html

This file

<SAMPLE_HOME>\src

*.java
Java source files used in this sample application

<SAMPLE_HOME>\data

*.ldif
LDIF files containing the sample LDAP data

Additional References

Please enter your comments about this sample application here.

E-mail this page

Printer View

	About Oracle \| \| Careers \| Contact Us \| Site Maps \| Legal Notices \| Terms of Use \| Privacy