Roles in WLP
Hi all,
I need to put WLP users in different roles. On WebLogic Portal Admin console, I was able to add created users to on PortalSystemDelegator role. I was not able to add users to roles like Admin, Authenticated Visitor, AppTester etc.
Can you provide any document which details out this requirement? Does there exist any way to add created users to these roles through WLP admin console?
Please guide.
Regards,
Shakti
Hi
if you want to get the list of roles for the currently logged in user thats possible.
If you want to get the roles for any logged in user, its possible if you know what the entitlement definition is before hand. if the entitlement is based on directly assigning users to the role or groups to the role, then its fine and can be done without needing the code to know which role is which group, it can be done programmatically.
if you have a more complicated and or clauses in the role definitiob or do not know the entitlement definition before hand then I dont think it is.
Which scenario applies to you?
Similar Messages
-
Are Visitor Entitlement Roles == Scoped Roles
I'm working on the security implementation for a WebLogic 8.1 Portal application.
I've been doing some prototyping and am trying to determine where Visitor Entitlement
roles are stored. Are these implemented as scoped roles from a WL platform viewpoint.
I created two test roles for my portal and do not see any scoped roles under
the application or the portal node in the WebLogic console.
I'm trying to determine if these portal entitlement roles are/can be treated as
weblogic platform roles and can be used in security annotations for an EJB or
Java Control, and if they can be used for IsCallerInRole. I can create a security
policy to protect the portal resource, but I'm looking for a way to apply the
corresponding security in the business layer.
Thanks in advance for any advice.
JimJim,
The WLP roles are stored in the default role mapper provider. They are
scoped roles, but only attachable to WLP resources (pages, portlets, etc.)
and cannot be used to protect J2EE resources. The basic reason for this
is because WLP roles can include custom predicates (date/time/profile
attributes) that rely on layered product classes that the base application
server is unaware of and cannot edit using the WLS console.
In Service Pack 3, the WLP admin tools will allow the converse - that is,
you'll be able to reference/use WLS global roles in WLP policies.
Service Pack2 adds a new tag to the auth taglib which allows you to
do a isUserInRole check against the WLP (and WLS) roles.
-Phil
"Jim Maycott" <[email protected]> wrote in message
news:[email protected]..
>
I'm working on the security implementation for a WebLogic 8.1 Portalapplication.
I've been doing some prototyping and am trying to determine where VisitorEntitlement
roles are stored. Are these implemented as scoped roles from a WLplatform viewpoint.
I created two test roles for my portal and do not see any scoped rolesunder
the application or the portal node in the WebLogic console.
I'm trying to determine if these portal entitlement roles are/can betreated as
weblogic platform roles and can be used in security annotations for an EJBor
Java Control, and if they can be used for IsCallerInRole. I can create asecurity
policy to protect the portal resource, but I'm looking for a way to applythe
corresponding security in the business layer.
Thanks in advance for any advice.
Jim -
How works the assignation of a group to a role visitor in WLP
Hi everyone,
I have some problems with Siteminder integration with security in Weblogic Portal.
Basically when I try to show the groups in my SM security provider for assign to a Role Visitor it produces a siteminder API error:
weblogic.management.utils.NotFoundException:
at com.netegrity.siteminder.weblogic.sspi.auth.ci.h(DashoA10*..)
at com.netegrity.siteminder.weblogic.sspi.auth.SiteMinderAuthenticationProviderImpl.listMemberGroups(DashoA10*..)
at com.netegrity.siteminder.weblogic.sspi.auth.SiteMinderAuthenticationProviderMBeanImpl.listMemberGroups(DashoA10*..)
at sun.reflect.GeneratedMethodAccessor4239.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.bea.p13n.usermgmt.AtnProviderProxy$Runner.run(AtnProviderProxy.java:156)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:363)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at com.bea.p13n.usermgmt.AtnProviderProxy.invoke(AtnProviderProxy.java:113)
at $Proxy369.listMemberGroups(Unknown Source)
at com.bea.p13n.security.management.authentication.internal.GroupProvider.getParentGroupNames(GroupProvider.java:363)
... 112 more
Caused by: com.netegrity.siteminder.weblogic.sspi.auth.dw: Could not obtain groups for user: fnp_sane_plasan_plapro_actpet_bpm_grupActuacio
at com.netegrity.siteminder.weblogic.sspi.auth.b9.b(DashoA10*..)
This error is reported to the provider but we haven't solution yet and we need a workaround and I would like to know how is done the relationship between the role visitor and the assigned groups, is this information in LDAP? who I can introduce this relationship manually?
Thank you.I have the role visitor created. I am trying to assign a group to the role visitor in PAT, but when I selected the Siteminder Provider to view all the groups this error happens.
The Siteminder error is recognized by Siteminder as a bug and is making a patch (5 months ago) and we haven't answer yet, and then I would like to find a workaround to this problem.
I try it with the API but Oracle recognize me another bug when I try to create a visitor role for Enterprise Scoped Applicaction, only works in Web Application scope. (1 month ago)
And then the last solution is doing this assign manually... and I would like to know how I can do it in LDAP (if LDAP is the repository of this information) -
Hundreds of roles for a J2EE application using SSO/OID
We are starting to develope a J2EE software that will have hundreds of logical roles. These logical roles must be assignable to users and groups on OID.
When prototyping this scenario, we were not able to make this work well enough. Namely, in OIDDAS (which will be used by the end users to administrate users), all the "role groups" and user groups are always shown in one listing.
Ideally, what we would want is to only have configurable user groups visible in OIDDAS and all the fine-grained roles would be assignable to users and groups separately. Tthe "Roles Assignment" section in user/group edit screen is quite close to the idea though having hundreds of low-level roles listed there will make administration a bit complex.
We have also considered hiding the raw "role groups" from OID by moving the low-level administration to Enterprise Manager, where multiple logical roles would be mapped to composite OID groups. However, we currently don't see this as a viable option since we don't want to allow normal login administrators access to OEM where they can break too many things.
How have you guys solved the problem of mapping hundreds of roles to user-configurable groups and users? What would you suggest? Is our planned approach (map logical roles to LDAP groups) the wrong way to try to solve the issue? What would be a better way?
Thanks in advance,
KekeHi Peter,
Thanks a lot for your post.
My requirement is such that I have to fetch nodes from WLP content management system and all the associated data (content, security related info) with that node. Since security for a particular node is in the form of roles, I need to fetch the roles list for the node under processing.
However my application requirement is such that any user can ask for retrieval of node(its contents). In that case I need to check whether user lies in the list of roles defined for the current node (node for which user asked).
Thus my requirement becomes: Checking whether a user is in the given list of roles.
A careful investigation if the API's helped me find out a method isUserInRole(role, rolemap), but this method provides information for the logged in user only.
My application will login thru admin credentials(weblogic, weblogic) and will chekc other users say bryan, linda are in the roles list of the nodes under procesing.
Please guide.
Regards,
Shakti -
How to configure a form based login page with entitlement role
We need to have login page to our portal app.
When using "form based" authentication is it possible to map the security on a
"entitlement role" ?
Our need is to be abled to give direct url acces to some pages of the portal (for
exemple by sending urls like "http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_pageLabel=mypage")"
by email to portal users) and need a simple mecanism of authentication before
redirecting to the portal page.
InsteOlivier,
You can't reference WLP visitor roles in weblogic.xml, but you can
reference global roles (created using the WLS console):
- <security-role-assignment>
<role-name>PortalSystemAdministrator</role-name>
<externally-defined />
</security-role-assignment>
-Phil
"Olivier" <[email protected]> wrote in message
news:[email protected]..
>
We need to have login page to our portal app.
When using "form based" authentication is it possible to map the securityon a
"entitlement role" ?
Our need is to be abled to give direct url acces to some pages of theportal (for
exemple by sending urls like"http://server/appcontextpath/appmanager/myportal/mydesktop?_nfpb=true&_page
Label=mypage")"
by email to portal users) and need a simple mecanism of authenticationbefore
redirecting to the portal page.
Inste -
UCM with VCR in WLP error while fetching
Hi,
I am getting this error after 6 hours and unable to fetch the query in placeholder in WLP 10.3 for the first time i am able to see the content
Placehoder:
<?xml version="1.0" encoding="UTF-8"?>
<placeholder is-complete="true" xsi:schemaLocation="http://www.bea.com/servers/p13n/xsd/placeholder/1.1.1 placeholder-1_1_1.xsd" xmlns="http://www.bea.com/servers/p13n/xsd/placeholder/1.1.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cq="http://www.bea.com/servers/p13n/xsd/content/query/1.1.1">
<name>tet</name>
<type>Ad</type>
<mixGlobals>false</mixGlobals>
<contentQueries>
<queryDefinition>
<queryName/>
<cq:contentQuery logic="and">
<cq:contentPropertyComparison logic="and" propertySet="UCMRepository/IDC:Folder" name="dDocAuthor" type="string">
<cq:like-ignore-case>
<cq:literal>sysadmin</cq:literal>
</cq:like-ignore-case>
</cq:contentPropertyComparison>
</cq:contentQuery>
<queryPriority>normal</queryPriority>
</queryDefinition>
</contentQueries>
</placeholder>
content-config.xml:
<content-store>
<name>UCMRepository</name>
<description>UCM Repository Configuration</description>
<class-name>com.oracle.content.spi.ucm.RepositoryImpl</class-name>
<!-- <username>sysadmin</username> -->
<username>venu</username>
<repository-property>
<description>Hostname on which the UCM Content Server is running </description>
<name>ContentServerHostname</name>
<!-- <value>sncbcolbertncoe.mcafee.int</value> -->
<value>10.226.173.4</value>
</repository-property>
<repository-property>
<description>Port on which the UCM Content Server is running (on host named above) </description>
<name>ContentServerPort</name>
<value>4444</value>
</repository-property>
<repository-property>
<description>Content Server Username in Admin role, used for security checks</description>
<name>ContentServerAdminUser</name>
<!-- <value>sysadmin</value> -->
<value>venu</value>
</repository-property>
<repository-property>
<description>Protocol used to connect with the UCM Server. Valid options are INTRADOR or INTRADOC_SSL</description>
<name>ContentServerServiceType</name>
<value>INTRADOC</value>
</repository-property>
<repository-property>
<description>List of folder ObjectClasses</description>
<name>folder_badge_objectClasses</name>
<value>IDC:Folder</value>
</repository-property>
<repository-property>
<description>Polling interval in minutes for the UCM Adapter CacheInvalidatorInterval job (must be greater than 2 minutes). This cache automatically invalidates cached content in WLP as content is changed on the UCM server</description>
<name>CacheInvalidationInterval</name>
<value>2</value>
</repository-property>
<repository-property>
<name>useNativeSecurity</name>
<value>true</value>
</repository-property>
<repository-property>
<description>Specifies a UCM user account that is used to retrieve all types (ObjectClasses) from UCM.</description>
<name>TypeRetrievalShapeUser</name>
<!-- <value>sysadmin</value>-->
<value>venu</value>
</repository-property>
<read-only>true</read-only>
<binary-cache-max-entry-size>102400</binary-cache-max-entry-size>
<search-is-enabled>true</search-is-enabled>
<fulltext-search-is-enabled>true</fulltext-search-is-enabled>
<search-indexing-is-enabled>false</search-indexing-is-enabled>
</content-store>
p13n-cache-config.xml
<cache>
<name>nodeCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>60000</time-to-live>
<max-entries>50</max-entries>
</cache>
<cache>
<name>nodePathCache.UCMRepository</name>
<description>Caches node path to node instance for UCMRepository</description>
<time-to-live>60000</time-to-live>
<max-entries>50</max-entries>
</cache>
<cache>
<name>typeCache.UCMRepository</name>
<description>Caches binary property values for UCMRepository</description>
<time-to-live>300000</time-to-live>
<max-entries>200</max-entries>
</cache>
<cache>
<name>typenameCache.UCMRepository</name>
<description>Caches type id to content type for UCMRepository</description>
<time-to-live>300000</time-to-live>
<max-entries>200</max-entries>
</cache>
<cache>
<name>binaryCache.UCMRepository</name>
<description>Caches type name to content type for UCMRepository</description>
<time-to-live>60000</time-to-live>
<max-entries>10</max-entries>
</cache>
<cache>
<name>searchCache.UCMRepository</name>
<description>Caches node id to node for UCMRepository</description>
<time-to-live>300000</time-to-live>
<max-entries>200</max-entries>
</cache>
<cache>
<name>nativeAuthCacheUCMRepository</name>
<description>Caches node path to node for UCMRepository</description>
<time-to-live>5000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.typeNameCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.nodePathToUidCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.nodeUidCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.securityInfoCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.typeNamesCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.indexedFieldsCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
Error stacktrace:
<Jan 13, 2010 6:08:14 PM IST> <Error> <WebLogicServer> <BEA-000337> <[STUCK] ExecuteThread: '20' for queue: 'weblogic.kernel.Default (self-tuning)' has been busy for "700" seconds working on the request "weblogic.servlet.internal.ServletRequestImpl@1b86f4b[
POST /testprojectEARToolSupport/PlaceholderPreview?phtype=Ad HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 666
Cache-Control: no-cache
Pragma: no-cache
User-Agent: Java/1.6.0_05
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Connection: keep-alive
Authorization: Basic d2VibG9naWM6d2VibG9naWM=
]", which is more than the configured time (StuckThreadMaxTime) of "600" seconds. Stack trace:
java.lang.AbstractStringBuilder.append(AbstractStringBuilder.java:390)
java.lang.StringBuilder.append(StringBuilder.java:119)
com.bea.content.spi.flexspi.common.capability.MethodCapabilityDefinition.buildId(MethodCapabilityDefinition.java:112)
com.bea.content.spi.flexspi.common.capability.MethodCapabilityDefinition.<init>(MethodCapabilityDefinition.java:40)
com.bea.content.federated.internal.delegate.RepositoryManagerDelegate.getMethodCapabilities(RepositoryManagerDelegate.java:268)
com.bea.content.federated.internal.delegate.RepositoryManagerDelegate.findTicketCapabilities(RepositoryManagerDelegate.java:413)
com.bea.content.federated.internal.delegate.RepositoryManagerDelegate.getTicketInterfaceCapabilities(RepositoryManagerDelegate.java:655)
com.bea.content.federated.internal.delegate.RepositoryManagerDelegate.connectToRepository(RepositoryManagerDelegate.java:987)
com.bea.content.federated.internal.delegate.RepositoryManagerDelegate.ensureConnectedToRepository(RepositoryManagerDelegate.java:808)
com.bea.content.federated.internal.delegate.RepositoryManagerDelegate.connect(RepositoryManagerDelegate.java:1100)
com.bea.content.federated.internal.delegate.RepositoryHelper.getInterface(RepositoryHelper.java:642)
com.bea.content.federated.internal.delegate.DelegateFactory.getLatestObjectClassOps(DelegateFactory.java:111)
com.bea.content.federated.internal.delegate.DelegateFactory.getObjectClassOpsDelegate(DelegateFactory.java:47)
com.bea.content.federated.internal.delegate.SPIObjectHelper.configurePropertyDefinition(SPIObjectHelper.java:463)
com.bea.content.federated.internal.delegate.SPIObjectHelper.configureObjectClass(SPIObjectHelper.java:426)
com.bea.content.federated.internal.delegate.LatestObjectClassOpsDelegate.getObjectClassWithId(LatestObjectClassOpsDelegate.java:157)
com.bea.content.Node.getObjectClass(Node.java:600)
com.bea.content.Node.getPrimaryProperty(Node.java:828)
com.bea.p13n.content.internal.RenderableContentNodeWrapper.getPrimaryProperty(RenderableContentNodeWrapper.java:34)
com.bea.p13n.ad.AdHelper.getPrimaryProperty(AdHelper.java:448)
com.bea.p13n.ad.AdHelper.getPrimaryMimeType(AdHelper.java:581)
com.bea.p13n.ad.internal.AdBucketServiceBean.previewContent(AdBucketServiceBean.java:594)
com.bea.p13n.ad.internal.AdBucketService_2bd1ao_EOImpl.previewContent(AdBucketService_2bd1ao_EOImpl.java:504)
com.bea.p13n.placeholder.internal.PlaceholderServiceImpl.previewContent(PlaceholderServiceImpl.java:314)
com.bea.p13n.placeholder.internal.PlaceholderService_snavek_EOImpl.previewContent(PlaceholderService_snavek_EOImpl.java:433)
com.bea.p13n.placeholder.servlets.PlaceholderPreviewServlet.showResults(PlaceholderPreviewServlet.java:355)
com.bea.p13n.placeholder.servlets.PlaceholderPreviewServlet.doGet(PlaceholderPreviewServlet.java:156)
com.bea.p13n.placeholder.servlets.PlaceholderPreviewServlet.doPost(PlaceholderPreviewServlet.java:169)
javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3502)
weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
weblogic.security.service.SecurityManager.runAs(Unknown Source)
weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2186)
weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2092)
weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1406)
weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
Any Clues????????
Thanks in Advance,
user8867138Hi Venu,
Normally if you can see the UCM content in the admin console, it means the adapter is configured correctly and the placeholder should work. There's a couple of things I can suggest:
1. Did you include the oracle-ucm-spi-app-lib.ear file in your project as documented under the heading Add a Reference to the UCM VCR Adapter Shared Library in the UCM VCR adapter installation docs ( [http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/ucm_adapter/install.html|http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/ucm_adapter/install.html] )?
2. Browse to a document in the repository in the admin console. Pick one of the fields there (e.g. IDC:Folder.dDocId), grab the value and run a query using the placeholder. Do you get a single result?
3. The original poster (user8867138) mentions a query along the lines of returning all folders that has dDocAuthor = sysadmin. If your UCM system had 10,000 folders all created by sysadmin, the adapter might be timing out? IIRC, you can adjust the timeout in UCM.
4. Did you try a similar query using Content Selector instead?
5. If the WLP server domain is running on a separate machine, is UCM configured to accept connections from the WLP server but not your machine?
I would suggest getting the latest patches for WLP too as some of them are related to the UCM VCR adapter.
Cheers,
Cappa -
UCM-VCR Adapter in WLP error while publishing content-config.xml changes
Hi,
I am getting this error when i publish my changes to server for UCM-VCR Adapter in WLP 10.3.2.
weblogic.application.ModuleException: Error reading descriptor: META-INF/content
-config.xml for app module ucmEAR
at weblogic.application.config.DefaultModule.parseDescriptorBean(Default
Module.java:483)
at weblogic.application.config.DefaultModule.prepare(DefaultModule.java:
282)
at weblogic.application.internal.flow.ModuleListenerInvoker.prepare(Modu
leListenerInvoker.java:199)
at weblogic.application.internal.flow.DeploymentCallbackFlow$1.next(Depl
oymentCallbackFlow.java:391)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineD
river.java:83)
Truncated. see log file for complete stacktrace
Caused By: weblogic.descriptor.BeanAlreadyExistsException: Bean already exists:
"com.bea.content.config.RepositoryPropertyBeanImpl@d0b61789(/[UCMRepository]/Rep
ositoryProperties[ContentServerAdminUser])"
at weblogic.descriptor.internal.ReferenceManager.registerBean(ReferenceM
anager.java:227)
at com.bea.content.config.ContentStoreBeanImpl.setRepositoryProperties(U
nknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
Truncated. see log file for complete stacktrace
>
i also add oracle-ucm-spi-app-lib.ear in weblogic-application.xml's WebLogic Shared Library.
please find the related files.
content-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<content-config xmlns="http://www.bea.com/ns/portal/90/content-config">
<!-- This is a default content repository applications can use.
The IDE should copy this to META-INF/content-config.xml of the
application.
This repository is not required for WLP services, so you can remove
it or change it as needed. -->
<content-store>
<name>UCMRepository</name>
<class-name>com.oracle.content.spi.ucm.RepositoryImpl
</class-name>
<username>wlpApp</username>
<repository-property>
<description>Hostname on which the UCM Content Server is running
</description>
<name>ContentServerHostname</name>
<value>172.23.210.16</value>
</repository-property>
<repository-property>
<description>Port on which the UCM Content Server is running (on host named above)
</description>
<name>ContentServerPort</name>
<value>4444</value>
</repository-property>
<repository-property>
<description>Content Server uname in Admin role, for
security checks
</description>
<name>ContentServerAdminUser</name>
<value>sysadmin</value>
</repository-property>
<repository-property>
<description>List of folder ObjectClasses</description>
<name>folder_badge_objectClasses</name>
<value>IDC:Folder</value>
</repository-property>
<repository-property>
<description>Single user for all type related interactions
</description>
<name>TypeRetrievalShapeUser</name>
<value>typeShapeUser</value>
</repository-property>
<repository-property>
<name>useNativeSecurity</name>
<value>false</value>
</repository-property>
<repository-property>
<description>Protocol used to connect with the UCM Server.
Valid
options are INTRADOC or INTRADOC_SSL. INTRADOC is the
default.
</description>
<name>ContentServerServiceType</name>
<value>INTRADOC</value>
</repository-property>
<repository-property>
<description>Content Server Username in Admin role, used
for security
checks
</description>
<name>ContentServerAdminUser</name>
<value>sysadmin</value>
</repository-property>
<repository-property>
<description>Polling interval for the
CacheInvalidator IntervalJob
(must be equal to or greater than 2 min)
</description>
<name>CacheInvalidationInterval</name>
<value>2</value>
</repository-property>
<repository-property>
<description>Location on the filesystem of the
client SSL keystore
file. Only used when ContentServerServiceType
is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystoreFile</name>
<value>c:/client_keystore</value>
</repository-property>
<repository-property>
<description>SSL keystore password. Only used when
ContentServerServiceType is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystorePassword</name>
<value>idcidc</value>
</repository-property>
<repository-property>
<description>SSL keystore alias name. Only used when
ContentServerServiceType is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystoreAlias</name>
<value>SecureClient</value>
</repository-property>
<repository-property>
<description>SSL keystore alias password. Only used when
ContentServerServiceType is INTRADOC_SSL
</description>
<name>ContentServerSSLKeystoreAliasPassword</name>
<value>idcidc</value>
</repository-property>
<read-only>true</read-only>
<binary-cache-max-entry-size>102400</binary-cache-max-entry-size>
<!-- metadata search -->
<search-is-enabled>true</search-is-enabled>
<!-- full text search -->
<fulltext-search-is-enabled>true</fulltext-search-is-enabled>
<search-indexing-is-enabled>false</search-indexing-is-enabled>
</content-store>
</content-config>
p13n-cache-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<p13n-cache-config xmlns="http://www.bea.com/ns/p13n/90/p13n-cache-config">
<!--
This is the caches for the default content repository. The IDE should
copy this to META-INF/p13n-cache-config.xml of the application. These
caches are for the default WLP Repository. You can modify these to fit
your needs. If you remove the WLP Repository, you can remove these
entries.
-->
<cache>
<name>nodeCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>60000</time-to-live>
<max-entries>50</max-entries>
</cache>
<cache>
<name>nodePathCache.UCMRepository</name>
<description>Caches node path to node instance for UCMRepository</description>
<time-to-live>60000</time-to-live>
<max-entries>50</max-entries>
</cache>
<cache>
<name>typeCache.UCMRepository</name>
<description>Caches binary property values for UCMRepository</description>
<time-to-live>300000</time-to-live>
<max-entries>200</max-entries>
</cache>
<cache>
<name>typeNameCache.UCMRepository</name>
<description>Caches type id to content type for UCMRepository</description>
<time-to-live>300000</time-to-live>
<max-entries>200</max-entries>
</cache>
<cache>
<name>binaryCache.UCMRepository</name>
<description>Caches type name to content type for UCMRepository</description>
<time-to-live>60000</time-to-live>
<max-entries>10</max-entries>
</cache>
<cache>
<name>searchCache.UCMRepository</name>
<description>Caches node id to node for UCMRepository</description>
<time-to-live>300000</time-to-live>
<max-entries>200</max-entries>
</cache>
<cache>
<name>nativeAuthCacheUCMRepository</name>
<description>Caches node path to node for UCMRepository</description>
<time-to-live>5000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.typeNameCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.nodePathToUidCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.nodeUidCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.securityInfoCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.typeNamesCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
<cache>
<name>repo.ucm.indexedFieldsCache.UCMRepository</name>
<description>Caches node id to node instance for UCMRepository</description>
<time-to-live>1800000</time-to-live>
<max-entries>5000</max-entries>
</cache>
</p13n-cache-config>Hi Venu,
Normally if you can see the UCM content in the admin console, it means the adapter is configured correctly and the placeholder should work. There's a couple of things I can suggest:
1. Did you include the oracle-ucm-spi-app-lib.ear file in your project as documented under the heading Add a Reference to the UCM VCR Adapter Shared Library in the UCM VCR adapter installation docs ( [http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/ucm_adapter/install.html|http://download.oracle.com/docs/cd/E13155_01/wlp/docs103/ucm_adapter/install.html] )?
2. Browse to a document in the repository in the admin console. Pick one of the fields there (e.g. IDC:Folder.dDocId), grab the value and run a query using the placeholder. Do you get a single result?
3. The original poster (user8867138) mentions a query along the lines of returning all folders that has dDocAuthor = sysadmin. If your UCM system had 10,000 folders all created by sysadmin, the adapter might be timing out? IIRC, you can adjust the timeout in UCM.
4. Did you try a similar query using Content Selector instead?
5. If the WLP server domain is running on a separate machine, is UCM configured to accept connections from the WLP server but not your machine?
I would suggest getting the latest patches for WLP too as some of them are related to the UCM VCR adapter.
Cheers,
Cappa -
External LDAP + Roles in portal
Folks,
I use weblogic 8.1 portal.
Can we use an external LDAP for storing portal roles? If so, what is supported,
recommended, etc. Does BEA have a recommendation/document on how to support an
environment with multiple domains that share a common LDAP so that we don’t have
to keep them all sync.
Thanks
- LaraLara,
The WLS SSPI (plug-in provider architecture) allows you to add additional
role mappers, however the WLS out-of-the-box authorizer and role mapper are
still required for WLP. Also, in a WLS domain/cluster each managed server
has a copy of the LDAP which is automatically kept in sync by the admin
server.
-Phil
"Lara Man" <[email protected]> wrote in message
news:3f78852c$[email protected]..
>
Folks,
I use weblogic 8.1 portal.
Can we use an external LDAP for storing portal roles? If so, what issupported,
recommended, etc. Does BEA have a recommendation/document on how tosupport an
environment with multiple domains that share a common LDAP so that wedon't have
to keep them all sync.
Thanks
- Lara -
BEA User Broup based portal rendering in WLP 10.3
Hi,
We are connecting to an external LDAP system to get the user group informmation for the loggged in user and these user groups are already configured in portal admin.
How can I make sure for the logged in user with a valid user group, gets a portal with only those portlets that he can view?
Is there any API using which the portal is rendered as per user group privileges?
Thanks,
CAVisitor entitlements are used to restrict access to portal resources for portal users. Visitor entitlements are based on security roles. Security roles can be based on group membership.
See the docs at:
"Overview of Visitor Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/portlets/portlet_org.html#wp1012363
"Security Guide": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/index.html
"Visitor Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/intro.html#wp1020050
"Restricting Portal Visitor Access Using Entitlements": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/planning.html#wp1021317
"Creating Visitor Entitlement Roles": http://download-llnw.oracle.com/docs/cd/E13155_01/wlp/docs103/security/visitor_entitlemt.html#wp1057731
There are more that you will want to look at but if you start with these docs then you will find the links to the other stuff that you need to see.
Good luck. -
P13/Profile data sharing between two WLP instance
We are using WLP 10.3 with oracle as our portal database, we have lot of users in QA and their user profile data stored in one of our WLP-1 instance, now there is need of another WLP instance that we would like to use.
Here is what we did
1. We cloned the database information related to WLP-1 to another database intended for WLP-2
1. We created another WLP domain(WLP-2), and modified the all the data source to point to the 2nd database schema assuming that all the profile data and users will be availble to WLP-2.
Now we are deploying our application to WLP-2 domain, here is what we are getting while deploying, during deployment we do set entitlement information from a XML file(Imported/downloaded from our primary development machine where we do all the build/entitlements setting), not sure if there any other way to clone a WLP domain/ user profile.
Any help on this is much appreciated.
####<Nov 5, 2009 2:44:54 PM PST> <Info> <PortletServer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461094796> <BEA-420653> <[Portal] Deploying the portlet application in webapp [WEB-INF/portlet.xml].>
####<Nov 5, 2009 2:44:55 PM PST> <Info> <ServletContext-/Portal> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461095046> <BEA-000000> <Initializing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:06 PM PST> <Info> <ServletContext-/prnService> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461106633> <BEA-000000> <Initializing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:07 PM PST> <Error> <Entitlements> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107820> <BEA-402731> <Attempt to persist entitlements reference document failed. Attempted to ["createResourceRef"] at location ["ResourceRef: resourceRefID 4001 appID 2001 resourceName content Virtual Content Repository PRN Portal Document Repository description capability can_vis_view metaData null providerName XACMLRoleMapperPolicyRef: resourceRefID 4001 roleAppID 2001 resourceAppID 2001 resourceCapability can_vis_view roleID2001 providerName XACMLAuthorizer"] for document [""] failed.
java.sql.SQLException: [BEA][Oracle JDBC Driver][Oracle]ORA-00001: unique constraint (WLP_USER2.PK_ENT_POLICY) violated
at weblogic.jdbc.base.BaseExceptions.createException(Unknown Source)
at weblogic.jdbc.base.BaseExceptions.getException(Unknown Source)
at weblogic.jdbc.oracle.OracleImplStatement.execute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.commonExecute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.executeUpdateInternal(Unknown Source)
at weblogic.jdbc.base.BasePreparedStatement.executeUpdate(Unknown Source)
at weblogic.jdbc.wrapper.PreparedStatement.executeUpdate(PreparedStatement.java:159)
at com.bea.p13n.entitlements.management.internal.RDBMSEntitlementRefDelegate.createPolicyRef(RDBMSEntitlementRefDelegate.java:888)
at com.bea.p13n.entitlements.management.persistence.internal.RDBMSEntitlementRef.createResourceRef(RDBMSEntitlementRef.java:213)
at com.bea.p13n.entitlements.management.internal.RDBMSPolicyRefManager.setPolicyRefItem(RDBMSPolicyRefManager.java:126)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.processCreatePolicyRoles(RDBMSSecurityPolicyManager.java:1045)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.createSecurityPolicy(RDBMSSecurityPolicyManager.java:143)
at com.bea.p13n.entitlements.management.SecurityPolicyManager.createSecurityPolicy(SecurityPolicyManager.java:87)
at com.bea.content.federated.ContentSecurityHelper.createVisitorSecurityPolicy(ContentSecurityHelper.java:459)
at com.bea.content.manager.internal.ContentUpgradeListener.createDefaultViewPolicy(ContentUpgradeListener.java:204)
at com.bea.content.manager.internal.ContentUpgradeListener.postStartInternal(ContentUpgradeListener.java:95)
at com.bea.content.manager.internal.ContentUpgradeListener.access$000(ContentUpgradeListener.java:51)
at com.bea.content.manager.internal.ContentUpgradeListener$1.run(ContentUpgradeListener.java:69)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at com.bea.content.manager.internal.ContentUpgradeListener.postStart(ContentUpgradeListener.java:65)
at weblogic.application.internal.flow.BaseLifecycleFlow$PostStartAction.run(BaseLifecycleFlow.java:292)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:194)
at weblogic.application.internal.flow.BaseLifecycleFlow.postStart(BaseLifecycleFlow.java:66)
at weblogic.application.internal.flow.TailLifecycleFlow.activate(TailLifecycleFlow.java:33)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:16)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:162)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:140)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:106)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:820)
at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1227)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:436)
at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:163)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:181)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:12)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:67)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Nov 5, 2009 2:45:07 PM PST> <Error> <Entitlements> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107845> <BEA-402731> <Attempt to persist entitlements reference document failed. Attempted to ["createResourceRef"] at location ["ResourceRef: resourceRefID 2002 appID 2002 resourceName content MARKER_POLICY description capability MARKER_CAPABILITY metaData null providerName XACMLRoleMapperPolicyRef: resourceRefID 2002 roleAppID 2002 resourceAppID 2002 resourceCapability MARKER_CAPABILITY roleID2002 providerName XACMLAuthorizer"] for document [""] failed.
java.sql.SQLException: [BEA][Oracle JDBC Driver][Oracle]ORA-00001: unique constraint (WLP_USER2.PK_ENT_POLICY) violated
at weblogic.jdbc.base.BaseExceptions.createException(Unknown Source)
at weblogic.jdbc.base.BaseExceptions.getException(Unknown Source)
at weblogic.jdbc.oracle.OracleImplStatement.execute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.commonExecute(Unknown Source)
at weblogic.jdbc.base.BaseStatement.executeUpdateInternal(Unknown Source)
at weblogic.jdbc.base.BasePreparedStatement.executeUpdate(Unknown Source)
at weblogic.jdbc.wrapper.PreparedStatement.executeUpdate(PreparedStatement.java:159)
at com.bea.p13n.entitlements.management.internal.RDBMSEntitlementRefDelegate.createPolicyRef(RDBMSEntitlementRefDelegate.java:888)
at com.bea.p13n.entitlements.management.persistence.internal.RDBMSEntitlementRef.createResourceRef(RDBMSEntitlementRef.java:213)
at com.bea.p13n.entitlements.management.internal.RDBMSPolicyRefManager.setPolicyRefItem(RDBMSPolicyRefManager.java:126)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.processCreatePolicyRoles(RDBMSSecurityPolicyManager.java:1045)
at com.bea.p13n.entitlements.management.internal.RDBMSSecurityPolicyManager.createSecurityPolicy(RDBMSSecurityPolicyManager.java:143)
at com.bea.p13n.entitlements.management.SecurityPolicyManager.createSecurityPolicy(SecurityPolicyManager.java:87)
at com.bea.p13n.delegation.management.DelegationPolicyManager.createDelegationPolicy(DelegationPolicyManager.java:198)
at com.bea.content.federated.ContentSecurityHelper.createDAPolicy(ContentSecurityHelper.java:567)
at com.bea.content.manager.internal.ContentUpgradeListener.createMarkerPolicy(ContentUpgradeListener.java:152)
at com.bea.content.manager.internal.ContentUpgradeListener.postStartInternal(ContentUpgradeListener.java:98)
at com.bea.content.manager.internal.ContentUpgradeListener.access$000(ContentUpgradeListener.java:51)
at com.bea.content.manager.internal.ContentUpgradeListener$1.run(ContentUpgradeListener.java:69)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at com.bea.content.manager.internal.ContentUpgradeListener.postStart(ContentUpgradeListener.java:65)
at weblogic.application.internal.flow.BaseLifecycleFlow$PostStartAction.run(BaseLifecycleFlow.java:292)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.application.internal.flow.BaseLifecycleFlow$LifecycleListenerAction.invoke(BaseLifecycleFlow.java:194)
at weblogic.application.internal.flow.BaseLifecycleFlow.postStart(BaseLifecycleFlow.java:66)
at weblogic.application.internal.flow.TailLifecycleFlow.activate(TailLifecycleFlow.java:33)
at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:635)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:37)
at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:212)
at weblogic.application.internal.EarDeployment.activate(EarDeployment.java:16)
at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:162)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:79)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:569)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:140)
at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:106)
at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:323)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:820)
at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1227)
at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:436)
at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:163)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:181)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:12)
at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:67)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:516)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107851> <BEA-149059> <Module prnService of application PortalEar is transitioning from STATE_ADMIN to STATE_PREPARED on server AdminServer.>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <WlwConfigModule> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107852> <BEA-000000> <deactivate descriptor: WEB-INF/beehive-url-template-config.xml com.bea.wlw.runtime.descriptor.urltemplate.config.UrlTemplateConfigBeanImpl>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <ServletContext-/prnService> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461107884> <BEA-000000> <Closing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107924> <BEA-149060> <Module prnService of application PortalEar successfully transitioned from STATE_ADMIN to STATE_PREPARED on server AdminServer.>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107924> <BEA-149059> <Module Portal of application PortalEar is transitioning from STATE_ADMIN to STATE_PREPARED on server AdminServer.>
####<Nov 5, 2009 2:45:07 PM PST> <Info> <WlwConfigModule> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461107925> <BEA-000000> <deactivate descriptor: WEB-INF/beehive-url-template-config.xml com.bea.wlw.runtime.descriptor.urltemplate.config.UrlTemplateConfigBeanImpl>
####<Nov 5, 2009 2:45:08 PM PST> <Info> <ServletContext-/Portal> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<anonymous>> <> <> <1257461108016> <BEA-000000> <Closing Spring root WebApplicationContext>
####<Nov 5, 2009 2:45:08 PM PST> <Warning> <JMX> <sfrhvmportalqawl02.prn.com> <AdminServer> <listenerContainer-2> <<WLS Kernel>> <> <> <1257461108941> <BEA-149517> <An attempt was made to unregister an mbean that was already unregistered: weblogic.jms.frontend.FESession@275e1ed>
####<Nov 5, 2009 2:45:08 PM PST> <Info> <Deployer> <sfrhvmportalqawl02.prn.com> <AdminServer> <[STANDBY] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1257461108969> <BEA-149060> <Module Portal of application PortalEar successfully transitioned from STATE_ADMIN to STATE_PREPARED on server AdminServer.>No I think it is supported, here is my commit.log which says we can re-use a existing WLP RDBMS with a new WLP domain. I just don't know how to reset, We are not sharing the same db here, we have a copy of original portal schema/db
INFO (Nov 5, 2009 3:22:21 PM PST): Verbose logging has been disabled on the server.
INFO (Nov 5, 2009 3:22:21 PM PST): The propagation servlet is starting the [Commit] operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [allowMaintenanceModeDisabled] with a value of [true] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [cm_checkinComment] with a value of [My sample checkin comment.] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [allowSecurityOutOfSync] with a value of [true] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): The modifier [differenceStrategy] with a value of [pessimistic] will be used for this operation.
INFO (Nov 5, 2009 3:22:21 PM PST): Validating that current user is in the Admin role...SUCCESS
INFO (Nov 5, 2009 3:22:21 PM PST): Validating that the admin server is running...SUCCESS
INFO (Nov 5, 2009 3:22:21 PM PST): Validating that Maintenance Mode is enabled...SUCCESS
ERROR (Nov 5, 2009 3:22:23 PM PST): Validating that LDAP and RDBMS security resources are in sync...FAILURE
ERROR (Nov 5, 2009 3:22:23 PM PST): The security policy for resource [everyone PRNUsers PRN Administrator User Group] with capability [Create Update Delete User/Group] is missing in LDAP. If you have reset LDAP or configured a new WLP domain to use a pre-existing WLP RDBMS, then you must reset your RDBMS. Otherwise, insure all available patches have been applied to your installation. *
WARNING (Nov 5, 2009 3:22:23 PM PST): Because the modifier [allowSecurityOutOfSync] was enabled this validation failure will be ignored and the operation will proceed. However, this may cause propagation failures when accessing or modifiying security resources. *
ERROR (Nov 5, 2009 3:22:27 PM PST): Validating that manual elections have been fulfilled on the destination system...FAILURE
WARNING (Nov 5, 2009 3:22:27 PM PST): The following resources need to be updated on the destination application. Propagation does not handle updating these types of resources. They will need to be updated manually.
WARNING (Nov 5, 2009 3:22:27 PM PST): Resource [Application:portalservices:Portal.WebApp:Portal.Library:PRNHome.Portlet], Manual Explanation [This portlet definition is based on a .portlet file. If changes have been made to the .portlet file make sure to move the updated .portlet file to the destination application. If changes to the definition have been made using the Portal Administration Tools then propagation will make the necessary updates.].
WARNING (Nov 5, 2009 3:22:27 PM PST): Resource [Application:portalservices:Portal.WebApp:Portal.Library:campaignmodule.Portlet], Manual Explanation [This portlet definition is based on a .portlet file. If changes have been made to the .portlet file make sure to move the updated .portlet file to the destination application. If changes to the definition have been made using the Portal Administration Tools then propagation will make the necessary updates.].
INFO (Nov 5, 2009 3:22:27 PM PST): The commit operation will attempt to process [117] elections.
INFO (Nov 5, 2009 3:22:30 PM PST): The inventory was committed successfully.
INFO (Nov 5, 2009 3:22:30 PM PST): The propagation servlet has finished the [Commit] operation. -
How to create new page in wlp in runtime
hi,
How to create portal pages in run time (not at the admin console) give an option to the end users to create pages and configure it.
Thanks
ManuHi Manu
1) Can we entitle the page created to display to some users.
You mean the "Page(s)" created by the End User when he clicks on Customize link. If so, note that this page will be available ONLY to that user. There is no other special entitlements to be assigned to. Because every user who customizes desktop will have his own set of Books/Pages/Portlets in the backend Portal Database schema. BUT if you want to set Entitlements to the Pages created by the Adminstrator, then YES, you can always set Entitlements to that Page, so that only specific set of Users, Roles (users belong toRoles) can access those Pages.
2) Can we change the hyperlink of the page to some other external page.
I am not clear with this question. When we create a Page from WorkshopIDE or Portal Admin Console or through DVT, first thing is, this page will have a unique page definition label. Now assume this page is part of some Book. So When this portal (or deskop) is rendered, Portal Framework Look and Feel files, will iterate through list of all Books and for each Book list of all Pages and construct the Menu(s) which are nohting but Hyperlinks. During this process, the hyperlink will be appended with the definition labels of each Page etc which is retrieved from Database (or .portal xml file incase of filemode). So you cannot change the hyperlink to point to someother page. Worst case, if you really want, then you need to modify the portal framework menu rendering code, to change the urls for specific page. Say PageA should be reidrected to PageB. So in your custom menu rendering code, when you hit the PageA, there check for page def label of PageA and if it matches, then add a different page def label say for PageB definition label. This is complex, but can be achieved. But my very first question is why do you want to do this and what is your exact usecase.
Note that you can always generate dynamically Links for any Portal Pages using render url tags or APIs (PostbackURL, GenericURL etc). You can have this kind of code in any JSP or Pageflows.
PostbackURL homeURL = PostbackURL.createPostbackURL(request, response);
homeURL.addParameter(PostbackURL.PAGE_LABEL_PARAM, "page_card_services_1"); //page_card_services_1 is a page def label of some other page that I want to redirect to
3) Can we integrate the page creation to the BPEL workflow.
BPEL Workflow is nothing but a WebServices. Using CustomCode, this may be possible. One way I can think of is like this. First you need to have code/logic in some Pageflow or utility class to call BPEL Workflow. As mentioned first you need to create a WebServices client JAR for this BPEL WebServices. Then add this jar to the web-content/web-inf/lib folder. Then in pageflow or utility class, get the Service, Port and invoke process method on this BPEL and pass some input parameters. Now BPEL will do some internal processing and will return the page definition labels in the response XML object based on input parameters. Then in the Pagelfow or utility class, from this response object, extract page def label and use the above code snippet to redirect to that page. This should work.
4) is there a way allow users to create new portlets from ucm and add content to the portlets.
When we allow customization for end users, usually they can choose from list of Look and Feels, create or edit Books/Pages. They cannot create Brand New Portlets. From existing list of Portlets, they can add or remove them from any Page. NOW, if you use latest WLP 10.3.2, you can consume WebCenter ADF Portlets using WSRP. Also I guess there is a plug in for UCM with WLP 10.3.2. I did not work in this area so do not have full details. But assume that you already have some UCM Portlets integrated into your portal application by adminstrator. Then End User can choose to add these UCM Portlets to the pages that he cretaes. NOW coming to the content of the Portlets, this is something you can handle through Portlet Preferences. Considerr default out of box WLP original pageflow portlets. You can have some search criteria in a content portlet. This search criteria can be modified using Edit icon ie. Portlet Preferences. So user can customize the search criteria and get the results he is interested in.
Thanks
Ravi Jegga -
Hi,
I am in the process of starting a new service and have some trouble deciding
whether I should use
Oracle or MS-SQL Server as the database. I would prefer to use MS-SQL for
its ease of use
and due to the fact that the load will not be an issue.
My only concern is how hard it would be to port the WLPS DB-schemas to
MS-SQL.
Has anyone done this, and how hard is it?
Is there any other problems that I might expect if I go for the MS-SQL
solution?
Please note that this is not an invitation to a Oracle vs MsSQL flame war.
regards,
Lars Hansson
CTO
Compost Marketing ABYou may need some 'Actions' assigned to a role you have in the UME to be able to deploy drivers:
JDBC Drivers:
XMII_JDBCDriver_R
XMII_JDBCDriver_RWD
XMII_JDBCDriver_deploy
XMII_JDBCDriver_all
http://help.sap.com/saphelp_mii122sp01/helpdata/en/48/d0c6efbcb810b6e10000000a421138/content.htm?frameset=/en/45/5a399bec592a4de10000000a11466f/frameset.htm¤t_toc=/en/44/e13108c4cb19d7e10000000a422035/plain.htm&node_id=7 -
How to get list of roles decleared in the portal server 8.1
Hi,
I want to retrieve list of all the user security roles decleared in a portal application
programatically.
Can anyone help me in this?
Thanx
ManishSee http://edocs.bea.com/wlp/docs81/javadoc/index.html
and com.bea.p13n.entitlements.management.RolePolicyManager.
Pass EntitlementConstants.P13N_ROLE_POLICY_POOL
for the aResourceId. (Note javadoc return value is wrong).
public static String[] listRolesForResource(String anEntAppName,
String aWebAppName,
String aResourceId)-Phil"Manish
R" <[email protected]> wrote in message
news:3f4b7336$[email protected]..
>
Hi,
I want to retrieve list of all the user security roles decleared in aportal application
programatically.
Can anyone help me in this?
Thanx
Manish -
Delegated Admin and User Management in WLP 9.2
Hi,
I've made Delegated Administrator role and a user for it. The user is Delegated Admin for our users and groups. Still that user cannot create new users, only new groups.
The error message that shows when creating new user is "The subject does not have access to the specified group".
What should I do to make it work ?
Regards,
TanjaUnfortunately, you've run into a bug in the product. See CR282051 in the WLP 9.2 release notes.
http://edocs.bea.com/wlp/docs92/relnotes/relnotes.html#wp1147925
If you have a support contract, you might be able contact BEA Support to see if a patch might be available. -
Hello,
I am using Portal 8.1 and want to hide button based on roles defined through Portal
Administrator. Using Interaction Management feature how could i achieve this.
Content selectors, user segments and other features uses user properties as a
search criteria.
I would like to know is there any built-in portal feature that i can use to achieve
role based personalization.
Thanks for ur reply.
AjitHi Ajit,
When you mention 'roles', I'm not sure if you're referring to
a) User Segments (dynamic classifications of users based on properties and
other factors)
or
b) Entitlement Roles, as defined in the Entitlements section of the WLP
Admin tools.
if (a), then you can use the pz:div tag to dynamically show/hide sections of
a JSP based on whether a user is in the selected user segment. So you could
show/hide your buttons via this tag.
if (b), then you can base Entitlement roles on expressions, which can
include user properties among several other options. Then you could use the
Entitlement API/taglibs such as auth:isUserInRole to show/hide the buttons
based on whether the user is in the entitlement role.
-Steve
"Ajit" <[email protected]> wrote in message news:40d81d7e$1@mktnews1...
>
Hello,
I am using Portal 8.1 and want to hide button based on roles definedthrough Portal
Administrator. Using Interaction Management feature how could i achievethis.
>
>
Content selectors, user segments and other features uses user propertiesas a
search criteria.
I would like to know is there any built-in portal feature that i can useto achieve
role based personalization.
Thanks for ur reply.
Ajit
Maybe you are looking for
-
Hi, I have a requirement to dequeue message based on sort. 2 columns...Column1,column2 Example Message in Queue (Column1) ID : If varchar2 (Alpha Numiric) (Column2) Time format : (HH:MM:SS Format Time) Format can be changed if required. This is not s
-
Folder icon changes to envelopes
Twice in the last week the icons in Workflow have changed from the folder icon to envelopes and our users have not been able to open any Workflow items. Any idea what is causing this? I have had to restart the services on our Workflow server. Then th
-
How to add the Profit Center (Distribution Rule) at AR Invoice
Hi All, At SAP 2007 B PL10, Is it possible to assign the Profit Center at AR Invoice Document Line via DI API, because when I changed the Item's warehouse the profit center value is disappeared. Please give me any suggestio
-
C5-03 -how to send music files via bluetooth
hi i've c5-03 mobile 1.can any one tell me how to send music files via bluetooth 2.there only mark all option ann no mark several option can any one tell me r there any software updates for this Solved! Go to Solution.
-
Hi! This is the third time I post this question. Nobody knows the answer? Well let�s suppose that I have an Servlet called A wich overrides the doPost method. The B servlet is running and I want from B to call the A servlet. If I say response.sendRed