2013年12月17日火曜日

Oracle Entitlements Server with Java SM

1.  Create New Application (go to Authorization management > Application > click new Application)
2.   Create New Security Module (go to System Configuration > Security Module > click New)
3.  Create New Resource Type (go to Newly Created Application > Resource Types > Click new)
4.  Create New Resource (go to Newly Created Application > Default Policy Domain > Resources Catalog > Resources > Create New)
5.  Create New Permit Authorization Policy (go to Newly Created Application > Default Policy Domain > Application Policies > Create New)
6.  Create New Deny Authorization Policy (go to Newly Created Application > Default Policy Domain > Application Policies > Create New)
7.  Edit the following file
$OES_CLIENT_HOME/oessm/SMConfigTool/smconfig.java.controlled.prp
8.  Run the config.sh
9.  This will create a directory in $OES_CLIENT_HOME/oes_sm_instances/< SM_NAME_AS _IN_PRP_FILE >
10.   Create a sample application to validate the authorization request. Code  Snippet is as follows-
11.   Run the program to check that it is authorizing the user initiating the resource request.

Sample source:
******************************************************************
public class HelloWBworld2 {

    /**
     * @param args
     */
    public static void main(String[] args) {
        // TODO Auto-generated method stub
         WLSUserImpl p = new WLSUserImpl("weblogic_wc");
          System.out.println("HelloWBworld :: principal :: "+p);
          Subject user = new Subject();
          System.out.println("HelloWBworld :: Subject :: "+user);
//           user.getPrincipals().add(p);
          System.out.println("HelloWBworld :: Subject after add :: "+user);
          // Resource being accessed AppName/ResourceType/ResouceName
          String resourceString = "HelloWBWorld/MyWBResourceType/MyWBResource";
          System.out.println("HelloWBworld :: resourceString :: " +resourceString);
          // Action initiated by the user
          String action = "write";
          System.out.println("HelloWBworld :: action :: "+action);
          // Environmental/Context attributes
          while (true)
          {
              System.out.println("HelloWBworld :: while start ");
              try {
                 // get Authorization response from OES
                 PrepareResponse response = PepRequestFactoryImpl.getPepRequestFactory()
                             .newPepRequest(
                                     user,
                                    action,
                                    resourceString,
                                    null).decide();
                System.out.println( "Request: {" + user + " " + action + " " + resourceString +  "} \nResult: " + response.allowed());
              } catch (PepException e) {
                 System.out.println( "***** Caught exception:  " + e.getMessage());
                 e.printStackTrace();
                 System.exit(1);
              }
        }
    }
}****************************************************************
http://docs.oracle.com/cd/E37115_01/dev.1112/e27154/handle_auth_calls.htm

2013年12月2日月曜日

How to download OES Client Software

Oracle Entitlement Server (OES) is a fine grained autorization software from Oracle. For OES there is server side component (installation steps omit ) and client side component called as Security Module.

1. OES consists of :
a) OES 11g Administration Console : Authorization Policy Manager (APM) : This is server side components installed as part of Identity & Access Management software.

b) OES 11g Client (SM) : OES Security Module is a client side component (this acts as Policy Enforcement Point and can also acts as Policy Decision point) that queries and enforces policies. OES Client (SM) is installed as separate software.
OES – Oracle Entitlement Server
PDP – Policy Decision Point
PEP – Policy Enforcement Point
JRF – Java Required Files
SM – Security Module

OES server component is part of Oracle Identity & Access Management (IDAM) software where as OES Security Module (client side component) is available as separate installer. You can download OES client (Security Module) from eDelivery
– > Oracle Fusion Middleware -> Oracle Fusion Middleware Identity Management XXXX -> Oracle Entitlement Server Security Module


About Oracle Entitlements Server Security Module 11g (11.1.2.2.0) , You can refer to following URL: