Thursday, October 28, 2010

Set up read-only access for the BPEL Console 10g

These instructions describe how to set up a read-only BPEL Console on Oracle SOA Suite 10g.

Please note the following:
  • A Viewers role is created and used to provide read-only access
  • Filtering is done via the bpelfilters.txt file (no modification needed to this file)
  • Access to BPEL Admin is denied by default to all read-only users

Instructions

1. Download BPELConsoleFilter.java.txt to your server and rename it to BPELConsoleFilter.java

2. Download bpelfilters.txt to your server

3. Run these steps to compile the class and move both the class and the filter to the appropriate locations:
export CLASSPATH=$ORACLE_HOME/j2ee/home/lib/servlet.jar

$ORACLE_HOME/jdk/bin/javac BPELConsoleFilter.java

mkdir -p $ORACLE_HOME/j2ee/oc4j_soa/applib/com/sawft/applications/bpel

cp BPELConsoleFilter.class $ORACLE_HOME/j2ee/oc4j_soa/applib/com/sawft/applications/bpel

cp bpelfilters.txt $ORACLE_HOME/j2ee/oc4j_soa/applib
4.Edit $ORACLE_HOME/j2ee/oc4j_soa/applications/orabpel/console/WEB-INF/web.xml.

Insert the following before the first <filter>:
    <filter>
      <filter-name>BPELConsoleFilter</filter-name>
      <filter-class>com.sawft.applications.bpel.BPELConsoleFilter</filter-class>
    </filter>
Insert the following before the first <filter-mapping>:
    <filter-mapping>
      <filter-name>BPELConsoleFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
Insert the following before the first <security-role>:
    <security-role>
      <description>BPEL PM User</description>
      <role-name>Viewers</role-name>
    </security-role>
5. Edit $ORACLE_HOME/j2ee/oc4j_soa/applications/orabpel/admin/WEB-INF/web.xml.

Insert the following before the first <AdminConsole>:
    <filter>
      <filter-name>BPELConsoleFilter</filter-name>
      <filter-class>com.sawft.applications.bpel.BPELConsoleFilter</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>BPELConsoleFilter</filter-name>
      <url-pattern>/*</url-pattern>
    </filter-mapping>
Insert the following before the first <security-role>:
    <security-role>
      <description>BPEL PM User</description>
      <role-name>Viewers</role-name>
    </security-role>
6. Create read-only group and account (repeat on all oc4j_soa containers):
  • Log in to EM (Enterprise Manager)
  • Click on oc4j_soa
  • Click on Administration
  • Click on Security Providers
  • Click on Instance Level Security
  • Click on Realms
  • Click on the number under Roles
  • Click on Create
  • Enter "Viewers" and select the roles BPMDefaultDomainAdmin and BPMSystemAdmin
  • Click OK
  • Click on Instance Level Security
  • Click on the number under Users
  • Click on Create
  • Enter "bpelreadonly" and welcome1 twice, for the username and passsword respectively
  • Select the Viewers role
  • Click OK
7. Restart the container (e.g., opmnctl restartproc process-type=oc4j-soa) and try logging in as bpelreadonly.

Applicable Versions

Oracle SOA Suite 10g (10.1.3.x)

References

http://chintanblog.blogspot.com/2010/04/bpel-readonly-console.html
http://chintanblog.blogspot.com/2007/12/i-saw-numerous-people-asking-about-bpel_290.html

No comments: