Weblogic API for modifying users/roles

I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it.

I searched the newsgroup and found that somebody addressed this issue.
"Andrey" <[email protected]> wrote in message
news:[email protected]...
>
WebLogic 7.0
I have read a number of questions on how to do these but not many answers,so
after figuring it all out, I thought I would post a message describing allthese
tasts (It would be great if BEA would start something like 'HOW-TOs forLinux'
for WebLogic)
-1. Imports required :
import weblogic.jndi.Environment;
import weblogic.management.MBeanHome;
import weblogic.management.WebLogicObjectName;
import weblogic.management.configuration.DomainMBean;
import weblogic.management.configuration.SecurityConfigurationMBean;
import weblogic.management.security.RealmMBean;
importweblogic.management.security.authentication.AuthenticationProviderMBean;
import weblogic.management.security.authentication.GroupEditorMBean;
import weblogic.management.security.authentication.UserEditorMBean;
importweblogic.management.security.authentication.UserPasswordEditorMBean;
import weblogic.security.providers.authentication.*;
0. Code to retrieve DefaultAuthenticatorMBean (this code is running insideWebLogic
server - I have it inside EJB):
DefaultAuthenticatorMBean authBean;
Context ctx = new InitialContext();
MBeanHome mbeanHome = (MBeanHome)ctx.lookup(MBeanHome.ADMIN_JNDI_NAME);
>
//Find UserEditorMBean
DomainMBean dmb = mbeanHome.getActiveDomain();
SecurityConfigurationMBean scmb =dmb.getSecurityConfiguration();
RealmMBean rmb = scmb.findDefaultRealm();
AuthenticationProviderMBean[] providers =rmb.getAuthenticationProviders();
>
for (int i = 0; i < providers.length; i++) {
if (providers[i] instanceof DefaultAuthenticatorMBean) {
authBean = (DefaultAuthenticatorMBean) providers;
break;
1. Create/Drop/Update users
to perform these tasks, the user must be logged in into weblogic and be in
Administrators
group. Then, the code is as follows:
create user: authBean.createUser(username, password, description);
remove user: authBean.removeUser(username);
change user's description: authBean.setUserDescription(username,newDescription);
>
remove user from group: authBean.removeMemberFromGroup(groupname,username);
>
add user to group: authBean.addMemberToGroup(groupname,username);
>
2. Change other users' passwords (MUST BE ADMIN TO DO THIS - by Admin Imean be
a member of Administrators group)
authBean.resetUserPassword(username, newPassword);
3. Change your own password:
this is a bit trickier, because if you are not an admin, you can't changeyour
own password!!!! This is a part that I personally don't understand - seemslike
a screw up on BEA's part. So, to allow users to change their ownpasswords, you
must change security context in the middle of processing to that of Adminuser
and run this function as Admin user. Although a bit ackward, it's veryeasy to
do. Suppose you have two EJBs - EJB A and EJB B. EJB A does normalprocessing
for the user and always runs in logged in user's security context. Now,suppose
you want to add a method to EJB A to change current password. The methodmay
look like:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
Now, there is no way to do it in EJB A, because for most users, it willrun in
a 'non-admin' security context. So, to get around it, you create another
EJB - EJB B. This EJB has one method:
public void changePassword(String logon, String oldpwd, String newpwd)
throws some exceptions
and one major difference - this EJB always runs in a secrity context ofadmin
user. To get an EJB B running 'as admin user', all you have to do in EJBA is
the following
EJB A:
public void changePassword(String logon, String oldpwd, String newpwd)
Hashtable props = new Hashtable();
props.put(Context.SECURITY_PRINCIPAL, "wlmanager");
props.put(Context.SECURITY_CREDENTIALS, "password");
// get context that with different credentials
Context ctx = new InitialContext(props);
EJBBHome home = (EJBBHome) ctx.lookup("EJBBHome");
EJBBLocal adminEJB = home.create();
adminEJB.changePassword(logon, oldpwd, newpwd);
adminEJB.remove();
of course, this poses a problem of hardcoding user id and password foradmin user
in your application - you can come up with your own ways to secure that.
THAT's IT!!! You can use the method explained in part 3 to allownon-admin users
to do pretty much everything, however for the sake of security, I woulddefinetly
vote against it and use part 3 to ONLY allow users change their ownpasswords
>
Enjoy
Andrey
"Yonatan Taub" <[email protected]> wrote in message
news:[email protected]...
I need to write an application which will enable adding users to weblogic
domain and configuring roles.
Does Weblogic provide such API?
If so, what are the relevant packages?
P.S.
I wasn't sure which exact newsgroup my question belongs to.
If anyone has a better suggestions please provide it.

Similar Messages

OIA webservice for removing user role

Hi,
I need information regarding web services exposed in OIA for removing roles etc. We need it in our environment wherein we may not be having priviledge to make database query directly for removing user roles.
(the use case is as follows:
when user id disabled in OIM, assosciated database resource (DBAT, OIA database is used;rbx_users) is disabled ,and user's role is to be removed)
how this can be achieved via web-service call.
any pointers will be helpful
regards,
chhavi

Hi Pallavi,
i have the same problem, can you provide me more specific details?
-exactly oimjdbc.properties location please?
-which is what I have to modify?
Thanks in advance!

API for CRM Html Roles

Hello,
*(1)*
how to deallocate/revoke CRM html roles using API?
I found following API for assigning CRM roles:
jtf_auth_bulkload_pkg.assign_role(username, role)
Now I am unable to find API for deleting role assigned to particular user.
Please suggest the way to find any API related good reference and also API for revoking role.
*(2)*
what is functionality of jtf_auth_principals_pkg's delete_role function?
from where it is called?
Thank You.
Swati Thakkar
Edited by: Swati on Dec 30, 2011 3:49 AM

From the user guide:
http://download.oracle.com/docs/cd/A99488_01/acrobat/jta115ug.pdf
Roles are groupings of permissions, which are page level or function level granular
privileges used to maintain application security. A single user can be granted
several roles, each of which separately determines access rights to the user interface
details, the ability to perform certain transactions and the ability to access certain
data sets. During the registration process, users are granted the appropriate set of
roles that map to their job function. Although Oracle User Management contains the
following predefined roles, users with the appropriate access privileges can also
create and customize their own roles.
49.7.3.1 JTA_UM_DELEGATION_ACCESS
The JTA_UM_DELEGATION_ACCESS role is assigned the
JTA_UM_DELEGATION_ACCESS permission and provides users with all of the
access privileges associated with this permission.
49.7.3.2 JTA_UM_SETUP_ADMIN
The JTA_UM_SETUP_ADMIN role is assigned the JTA_UM_SETUP permission and
provides users with all of the access privileges associated with this permission.
49.7.3.3 JTF_APPROVER
The JTF_APPROVER role is assigned the JTF_APPROVER permission and provides
users with all access privileges associated with this permission.
49.7.3.4 JTF_PRIMARY_USER
The JTF_PRIMARY_USER role is assigned the JTF_PRIMARY_USER_SUMMARY
permission and provides users with all access privileges associated with this
permission.
49.7.3.5 JTF_SYSTEM_ADMIN_ROLE
The JTF_SYSTEM_ADMIN role is the global system administration role and
contains all permissions required to access and operate the System Administration
Console including JTF_SECURITY_ASSIGN_ROLE and JTA_UM_SETUP.

API for adding external roles/parties to an organization in oracle projects

Hi,
I need a help on the API for creating external roles/parties to an organization in oracle projects. There are two APIs in oracle for roles - pa_project_pub.load_org_roles and pa_project_pub.load_key_members. load_key_members api is used to load team members which are employees to a project and load_org_roles is used to add an organization role to a project. But how to use these API to load a party/external role to the organization role (or) is there any other api to do this functionality. Please suggest me on this.
Thanks,
Ramky

Hi all,
The order of blogs is:
/people/valery.silaev/blog/2005/09/14/a-bit-of-impractical-scripting-for-web-dynpro
and then
/people/bala.krishnan2/blog/2006/09/25/bid-adieu-to-bots--using-captchas
Help me soon...

Support parameters for downloadable user-role in the Aruba controller

Q:
What are the supported parameter for downloadable user-role that can be pushed from the cppm to the controller?
A: The downloadable user-roles are pushed from the CPPM server to the Aruba controllers after successful authentication.
The below parameters are only supported to be pushed from the cppm to the controller and rest all are not supported.
Net service
Net destination
mac/eth/session ACL
user-role
The other parameters in the cppm are intended for MAS and not for controllers.
If we try to push the unsupported parameters from the cppm server to the controller then we will the following error logs in the controller.
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line 'qos-profile HIGH-Q', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Itraffic-class 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idrop-precedence low', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idscp 63', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idot1p 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1492: Dldb Role aruba-3106-9: Rejected line '^Ivlan 100', contains unsupported keyword 'vlan'

Q:
What are the supported parameter for downloadable user-role that can be pushed from the cppm to the controller?
A: The downloadable user-roles are pushed from the CPPM server to the Aruba controllers after successful authentication.
The below parameters are only supported to be pushed from the cppm to the controller and rest all are not supported.
Net service
Net destination
mac/eth/session ACL
user-role
The other parameters in the cppm are intended for MAS and not for controllers.
If we try to push the unsupported parameters from the cppm server to the controller then we will the following error logs in the controller.
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line 'qos-profile HIGH-Q', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Itraffic-class 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idrop-precedence low', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idscp 63', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1757: Dldb Role aruba-3106-9: Rejected line '^Idot1p 7', contains unsupported keyword
Apr 24 15:55:38 authmgr[3417]: <199802> <ERRS> |authmgr| auth_cppm.c, auth_cppm_transform_writebuf:1492: Dldb Role aruba-3106-9: Rejected line '^Ivlan 100', contains unsupported keyword 'vlan'

Authorization Policy for Modify user in OIM 11gR2

Hi Experts,
Requirement: I want the users in particular org not to modify certain user attributes and users from other org should be allowed to modify user.
I have created user1 whose organization is org1 and role is role1. I have also created user user2 under same org and same role. I assigned the Admin Role "User Administrator" role to user2.
So If user2 from same org1 tries to modify certain attributes then OIM should throw error message. I have completed till this.
But when the user from diff org say org2 with Admin Role "User Administrator" tries to modify user, OIM is not allowing to modify user which should not be the case.
I want the Auth Policy to trigger only for Org1. I have specified the below condition for my custom policy in OES admin console but it is not triggering.
The condition is
IF ( OrclOIMTargetEntity = 'true' AND OrclOIMUserOrganizations = 'true' AND STRING_AT_LEAST_ONE_MEMBER_OF(OrclOIMUserOrganizations,['25','1000000']) = true )
What am I missing?
Any help is much appreciated.

Hi
Can anyone let me know the steps to restrict modify user operation for the users belonging to specific organization in OIM 11gR2. The condition which I specified under Authorization Policy in APM console is not triggering at all.
Thanks!

Obtaining url patterns for a user Role/Group

I am looking for a way to find out how to obtain a the list of accessible urls (url
patterns) for a role/group defined in weblogic.
I have gotton as far as if checking if a user is in a group using: javax.ejb.SessionContext
isCallerInRole(java.lang.String roleName)
After checking if a user is in a role/group I want to access the url pattern authorised
for a particular role under weblogic.
Can this be done.

I am looking for a way to find out how to obtain a the list of accessible urls (url
patterns) for a role/group defined in weblogic.
I have gotton as far as if checking if a user is in a group using: javax.ejb.SessionContext
isCallerInRole(java.lang.String roleName)
After checking if a user is in a role/group I want to access the url pattern authorised
for a particular role under weblogic.
Can this be done.

Modify user roles through SPML?

Hi everyone,
I've been stuck for a few days now on trying to modify the assigned role of a user through SPML. I'll be brutally honest with everyone: I have no idea whatsoever of what I'm doing, I just gather information and try to chuck along.
Up to this point, I've been able to create users and search for users through SPML, and that's where everything falls down very rapidly. I'm using SPML 2.0 for creating users and SPML 1.0 for searching them.
The IDM server has a specific role implemented named ITACCESS, which launches a process that calls other servers and things like that once it is assigned to a user. My goal is thus to modify the "Roles assigned" value of a specific user to "ITACCESS", basically.
Am I wrong in thinking I can use SPML for this? What other ways of accessing the IDM server do I have available?
The server is configured with the regular spml.xml and spml2.xml (stock sample ones, not modified). I have tried simply sending an SPML 2.0 modifyRequest, but to no avail:
<modifyRequest xmlns='urn:oasis:names:tc:SPML:2:0' requestID='IDMConnector-01' executionMode='synchronous' returnData='data'>
<psoID ID='jlauwers'/>
<modification>
    <dsml:modification xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='roles' operation='replace'>
      <dsml:value>ITACCESS</dsml:value>
    </dsml:modification>
</modification>
</modifyRequest>
===========================
<modifyResponse xmlns='urn:oasis:names:tc:SPML:2:0' status='success' requestID='IDMConnector-01'>
<pso>
    <psoID ID='jlauwers'/>
    <data>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='objectclass'>
        <dsml:value>spml2Person</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='accountId'>
        <dsml:value>jlauwers</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='credentials'>
        <dsml:value>LighthouseFakePassword</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='firstname'>
        <dsml:value>John</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='lastname'>
        <dsml:value>Lauwers</dsml:value>
      </dsml:attr>
      <dsml:attr xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' name='emailAddress'>
        <dsml:value>[email protected]</dsml:value>
      </dsml:attr>
    </data>
</pso>
</modifyResponse>Any help would be gladly appreciated.
Thanks for reading

Hi everyone,
I have had some amazing help and have finally been able to resolve this issue.
For future reference:
There is no need to change any attribute mapping or anything complicated, the following code and XML demonstrates an example to change assign a new role to a user in Sun IDM:
LighthouseClient client = new LighthouseClient();
client.setUrl("http://idmserver:8080/servlet/rpcrouter2");
client.setUser("administrator");
client.setPassword("administrator");
ModifyRequest req = new ModifyRequest();
SpmlResponse modifyResponse = new ModifyResponse();
// enable server side trace
req.setOperationalAttribute("trace", "true");
// Set the objectclass
req.setOperationalAttribute("objectclass", "userview");
// Set the IDM Username
req.setIdentifier("user:someuser");
java.util.ArrayList al = new java.util.ArrayList();
al.Add("NewRole");
// Create, build and add a Modification to the request
Modification m = new Modification("waveset.roles", al);
req.addModification(m);
modifyResponse = client.request(req);
if (modifyResponse.getResult().Equals(SpmlResponse.RESULT_SUCCESS))
     Log.append("Modification succeeded");
else
     Log.append("Modification not completed");The following is the typical XML exchange:
<spml:modifyRequest xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core'>
<spml:operationalAttributes>
    <dsml:attr name='trace'>
      <dsml:value>true</dsml:value>
    </dsml:attr>
    <dsml:attr name='objectclass'>
      <dsml:value>userview</dsml:value>
    </dsml:attr>
    <dsml:attr name='session'>
      <dsml:value>AAAFJgAAILoAAAUGH4sIAAAAAAAAAMVaW2+jOBh9n1+B1Ic8rdpcmklH6UiEkK41BBCEVtqXiBI36y0BxGVGmV+/BnLB2DFgHqZP6fkcn2Nsvpszt7P3/6CXSoF7gM8DeXdAAUrS2E3DeCDF0N0ZgX98HqRxBgdSUg7eoAMMs/R5MJ4+5H8DyQ/3KFiHu5c4zKLnwR1Y3s0mTxNlPBrLT8PJZDKefvvr61AdrR5m34aj4UxVV6uJMsPgajXD33eTVPY8mCT53M+D4Wgyefw6epg+PE1Hg+9fJGluxijwUOT6Sf4vBoxCiwU/pPQY4e84CcSS0a6kr62Etbz7GxMVo4qVVKbzvDALUok9Ldu4Q0nku0e9GOOArbxcA/3FMhxzKyuK4eibEuokJF+lxFXDG8GR5Niq1UPXK4K/pHILShkVgMP6CtS3groTmYZXVMydnNmqCIdOA/amoLPF+CQ8juYs0c4TFgbJCn1ITkngTYsp/t9ahqYKLElxI/cd+ShFNQmkoUmDIpvyAmhgA0REGPHeDdBvN0VhQKqoWZpkGNaLrIN/5A0wdAEdZugjr/4grmATu2loQBF6AHK2Qzfo66bG0+AsQR8pFkzCLPZqKipokwBLtQ3HUvpwS4WRreBia6tjW2AiaqjXsuULKfgqWhnFl7Xjc4T4/oT3XIXxgeY8oW14V4a17sZdRKE1TF0p/0TEpgraFKDW6kYuPomFRAcoYfCB9lRovBg6piI4TyoDjwMqOUgV7TKhgtO8FBLBm4A4T0exVHmjdg/gVCwVC6P46QV58soMITeMvNUYuq4qfQLJmbPuzGm8hQwhN35mojw5w9BCg5g/r3PVXPpNcwdBIo79wlv17TWwjYTOHv7MQTjdGtiCuLvrdaJd/dUmIF49YC6FXu0l9GGNkoA4lEtVU3tQguWaRXuFm6nxWBH6KA5/ogT7lxp/HecKMC3jFdjY5Qi408BHwSe5zVWIt826BvQfIpRukqB9UCMlQC6tbNvgRWCtauC+++T5IiAOqarLC03kfKGE4iQx3sYCW4zVgjkTQUpAHE4Lr3QtQGni7fsVxjt2Y+GWlSPExLv8ZlhLgYaC8q8b7KHEl9QwiOdT/5b1F7WPQBy9YNqgjz+Gu4O2uumjDhyiME6J00NAHG6wNg1rI+SFQo/yQleI74UMRcALyVHuYvN+F7Mvd8PKa8yZuRvOO2E5husOS94YHd9bnEicmS/nAGPSFeRtPE4uLiq6nscim6K4z1lWO/5zfiWkoZpr13VUbe204DxcTIZ8jULMHtdtO+9oXAOWeMfrnPSxVLFtLfLC3moYnUimqYUW0X5kNRsm+gQMQ8tUuXu34I/l6ba51qSyhD/TEhDvWGqa8bbNR+fde9XuRrzI/E/+dQJvBEfWwtF+9LhOKFib7zoahzUp7HnrUfAz+ic03iREtJNSPgG6zKPxxkchWPAVTIyqj8abFIjWf1WmehHItrVUIlQOnhjZNeENY7OeHtVheRRY9RrL0nhMhCu3ExtVqtJ4swaxorVgYhSQNN6kQLSULPefUU8yDI2Hgqos5/fkLfnciIqu50ng2o3KT+VnNUjjo/QJjzjY4CiTn0awHEg/XT/DhHc2jiX0Lf54OJ1N1YdRfouvPD4NF4+Lp/wWfzw7Pwdq8uLHATjh85FXJH8XCiU8HNxgJ2kowC9nkML4w/Xg5Xnen/TO7y/LmN+ffq/w/cv/lfR9TrogAACMAwenmPTYv5nNkZAnqXXTe+MZ/Q==</dsml:value>
    </dsml:attr>
</spml:operationalAttributes>
<spml:identifier type='urn:oasis:names:tc:SPML:1:0#GUID'>
    <spml:id>user:someuser</spml:id>
</spml:identifier>
<spml:modifications>
    <dsml:modification name='waveset.roles' operation='replace'>
      <dsml:value>NewRole</dsml:value>
    </dsml:modification>
</spml:modifications>
</spml:modifyRequest>
========================
<spml:modifyResponse xmlns:spml='urn:oasis:names:tc:SPML:1:0' xmlns:dsml='urn:oasis:names:tc:DSML:2:0:core' result='urn:oasis:names:tc:SPML:1:0#success'>
<spml:operationalAttributes>
    <dsml:attr name='session'>
      <dsml:value>AAAFJwAAILoAAAUHH4sIAAAAAAAAAMVaW2+jOBh9n1+BNA95WrW5tE1H6UiEkK41BBCEVtqXihK36y0BxGVGnV+/xuSCwbHBPEyf0vM5PsfYfDdn4Rav/8EgVyJ/Dx9G6m6PIpTlqZ/H6UhJob+zovDzYZSnBRwpWTV4i/YwLvKH0fT2uvwbKWH8jqJNvHtM4yJ5GH0Fq6/z2f1Mm06m6v14NptNb7/9dTfWJ+vr+bfxZDzX9fV6ps0xuF7P8ff9LFeDAGZZOffDaDyZzW7uJtc3d9Prm9H3L4qysFMUBSjxw6z8FwMW0eLANyX/TPB3vAxiyWhX0TdWwlre1YWJyCiyktp0QRAXUa6wp2UbdyhLQv/TJGM88KKuNsB8dCzPflE1zfLMbQX1ElKuUuGq4Y3gSPJc3Rmg6wnBX0q1BZWMGsBhfQL6M6HuRWbgFZG5syNbHeHQGcDdEjpXjk/B49qcFdp7QmJQnDiE9JQULloM+f/FsQxdYkman/ivKEQ5akigDSINmmqrS2CALZARYaXvfoR++zmKI1pFwyKSYTmPqgn+UbfAMiV02HGIguaDOIMidtsygCb1ANRihy7QN03C0+CtwBApDsziIg0aKmqoSICju5bnaEO4FWJkKzjZuup4IZiMmtZr2fGFlHwVnaLFV3Tj86T4/oT3XMfpvs15QLvwri1n04+bRKENzH2l/ETFphoqClAbfauST3Ih0QNaHL2h91ZoPBl6piI4T6oCjwdqOUgd7TOhhtO8HFLBm4I4T0dzdHWr9w/grVgqF0bx04vK5JUZQi4YeauxTFPXhgSSI2fTmbfxDjKk3PiRqeXJGYYOGuT8eZOr4dIvmnsIknHsJ966b2+AXST09vBHDsrpNsAOxP1dr5fsmq82BfHqAXsl9WqvYAgblBTEoVzphj6AEqw2LNozLKbGY2XokzT+iTLsXxr8TZwrwHasJ+BilyPhTqMQRR/0Ntch3jabBjB/yFD6WYbeowYpBXJpVdcFjxJr1SP/NaTPFwVxSHVTXRoy5wtlLU4a420scOVYHVgyUaQUxOF08Eo3EpQ23r5fcbpjNxYuWTlCbLzLz5azkmgoaP/60TtU+JIEg3g+9W/VfNSHCMTRC+YCffwx3B109e0QdWCfxGlOnR4K4nCDjW05WykvFActL3SG+F7I0iS8kJqULrbsdzH7chesvMacXbrhshNWYrjucNSt1fO9xYnEkfl0DjCmnEHexuPk4qSi73kk2VSL+5hldeM/5ldSGuq5dlNH3dZNC87D5WSo5yjE7HFdtvOOxjlgyXe8jkkfSxXb1iEvHKyG0Ylkmjpoke1H1rNhqk/AMHRMlft3C/5Ynu7aG0OpSvgjLQXxjqVhWM8v5eiye6+7/YiXRfjBv07gjeDIWnrGjwHXCYRVfNchHCZSOPDWg/Az+idtXCREtpNSPYF2mdfGhY9CsuAjTIyqr42LFMjWf3WmZhHItnVUIlUOHhjZNeEFo1jPgOqwOgqseo1lER4T6crtwNYqVdu4WINc0UqYGAVkGxcpkC0lq/1n1JMMg/BQtCrLxRV9S76wEtL1PAjc+En1qfqsR3n6qXzATxxscJQpTyNYjZSfflhgwq8ujiXtW/zp+HZ+q19Pylt87eZ+vLxZ3pe3+NP58Tm0Jic/DsAJX4gCkvydKLR4v/ejnWKgCL+cUQ7TNz+Ap+d5ddC7uDotY3F1+L3C9y//A9c39n66IAAAcSF27Dd5WEeyXvWz8UvVSYrS48Y=</dsml:value>
    </dsml:attr>
</spml:operationalAttributes>
</spml:modifyResponse>HTH,

Request Offerings not showing up for custom User role in SMPortal

Hello All,
I've created a custom End User role and scoped it to the domain users group.
To this role I want to show a specific set of Request Offerings on the portal
For that Purpose I created a new Service Offering and added these Request Offerings to it.
I then went on to create a Catalog Group and added the Service Offering to it.
I then created the custom user role based on the EndUser role and allowed them to see all Forms, all Queues, All CI's and on the Catalog group I select that they could only see the Catalog Group which I just created.
I then logged in into the SMPortal and was expecting that my Service Offering would be shown to them.
However, they don't see the service offering.
What could cause this?
Is there something I'm missing?
Thanks in advance!
Filip

You have to add the Service Offerings and the Request Offerings in the Catalog Group. Nesting doesn't work because Service Offerings and Request Offerings are different types of objects.
This offers the option the manage the access to Service Offerings and Request Offerings very granular if needed. For instance you can control access to a Service Offering in one Catalog Group related to one user role (A) and use two additional Catalog Groups
with different Request Offerings related to other user roles (B) and (C). Result will lead to:
User in Role A and B -> Can see Service Offerings A containing Request Offerings B
User in Role A and C -> Can see Service Offerings A containing Request Offerings C
User in Role A, B and C -> Can see Service Offerings A containing Request Offerings B and C
User in Role A only -> Don's see anything because of the missing permission on any Request Offering. So the "empty" Service Request won't show up in the portal.
Hope his helps.
Andreas Baumgarten | H&D International Group

Most popular api for modifying excel spreadsheets?

I googled a bit and it seems like POI and jexcel are the most popular ? I'm interested in hearing your opinions... I've tried POI and I find it OK, but I wish I had more features like copying a row and "pasting/inserting" it into another row and copying formulas and having it modified as you "paste" it to another cell.
edit:
scratch jexcel off the list... it's not free :(
Message was edited by:
lapchern

hi,
POI is best
The most popular API for manipulating Excel files is Apache POI (http://jakarta.apache.org/poi). This is an API for reading office-documents in general. For reading Excel there is the hssf subproject (http://jakarta.apache.org/poi/hssf). They also have a list of alternative projects that can be used for accessing Excel files (http://jakarta.apache.org/poi/hssf/alternatives.html)
You can also read in the excel file through the jexcel api (http://www.andykhan.com/jexcelapi/)
once you can read in the entire excel file into java, you can create your own Java object structure and go from there.
some other
http://www.download3k.com/Web-Authoring/Java-JavaScript-Editors/Download-SpreadsheetConverter-to-Java-JSP.html

API for modifying rep:Policy nodes

The JCR API does not work when we are trying to modify/create rep:policy nodes.
I tried to have a look at the CqActionsServlet and CQActions class but could not make much progress on understanding the implementation.
Is there any API documentation on how to do this.
Basically the idea is to have a package of permission nodes (rep:policy) in the svn. As part of build process, we want to read the rep_policy.xmls and configure the corresponding permissions in CQ using RMI.

Could you explain what you mean by the JCR API? While JCR 1.0 didn't have any API for managing access control policies, JCR 2.0 does.
I don't know think AccessControlManager works over RMI. The JIRA issue is still open: https://issues.apache.org/jira/browse/JCR-2113
There is a Sling bundle which you can install to manage ACLs via HTTP: http://sling.apache.org/site/managing-permissions-jackrabbitaccessmanager.html. Search this forum for prior discussions.
For the use case you describe, you should be able to do that with content packages.

How to access Task details using BPM API for substituting user

Hi Expert,
I need one help, we have a requirement, in which I wanted to access the BPM task details of a user which is substituting user using BPM API.
Substituting user's name is not exist in Potential owner of Task. That’s why Using method "getMyTaskAbstracts(Status)" we cant acess those task which assigned by Substited user.
Kindly let me know if there is any way, we can get task details of the task which assigned by substituted user to substituting user.
Regards
Div

Pl use this api.
getTaskAbstractsForMySubstitutedUsers.There are couple of variations u can use.
Thanks
Manish

Oracle APIs For Contacts and Role Responsibility

Hello,
Please, I need a direction on how to proceed about the use of the right API. I'm working with Oracle EBS R12. If this is not the place for this kind of doubt, please let me know the best one.
I already have a site for a customer, which was created by the ra_customers_interface_all, after loading the data and processing the interface.
Now I need to create (using Oracle APIs) a contact name, which will have at least a telephone number and an e-mail address.
I know that the contact name will be in table HZ_PARTIES, but later it will be related to a site. The registry that will be used for this has the Party_Type value equals to 'PARTY_RELATIONSHIP', according to what the customers interface did after being executed.
Then the telephone number and e-mail address will be in table HZ_CONTACT_POINTS. The Owner_Table_Name of it has to be 'HZ_PARTIES'. The Owner_Table_Id of it will have the value of Party_Id from table HZ_PARTIES, which has Party_Type value equals to 'PARTY_RELATIONSHIP'.
After this, my main goal is to create a role responsibility to the contact name. So I know there are other two tables involved. They are HZ_CUST_ACCOUNT_ROLES and HZ_ROLE_RESPONSIBILITY.
And I see there are two more tables involved, which are HZ_RELATIONSHIPS, which will do the PERSON x ORGANIZATION relation, and also table HZ_ORG_CONTACTS, which has the field PARTY_SITE_ID, to finally indicate that this contact is part of a site, which I already have.
I have all these tables in mind. I just need a tip on how to proceed. I'm able to create a party as PERSON, not yet as PARTY_RELATIONSHIP. I'm able to create a contact point (telephone number). I'm lacking the idea about what to do have this:
site -> contact name -> telephone number of this contact name inside this site
I can do this:
site -> telephone number of this site
Any help would be great.

Thanks for the reply but i stil have the problem...............
My Current machine.config has this to say in that particular section
<connectionStrings>
<add name="LocalSqlServer" connectionString="data source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|aspnetdb.mdf;User Instance=true" providerName="System.Data.SqlClient"/>
<add name="OraAspNetConString" providerName="Oracle.DataAccess.Client" connectionString=" "/>
</connectionStrings>
What can be done.........................in this case
Thanks

Need api for changing security role in web.xml !!

My requirement is to change the value of the deployment descriptor "security-role" (in web.xml) through an api and inturn to persist the new value in web.xml. Also I need to know if this change is automatically redeployed or an explicit redeployment is needed ? In that case how do I redeploy using an api call ?
I found a lot of apis related to roles like createRole, removeRole etc.. But there are no apis to change the name of the role and inturn persist in web.xml.
Do I need to provide any more information ? Let me know
Thanks,
Karthick

why and when do you change security-role? try to use ant task (perhaph you need xpath also). itÂ´s the better when you perform task about lifeÂ´s cycle of application.
please, describe your problem.
of course in you change web.xml you must restart the application.

API for creating User in Oracle E-Business Suite through BPEL

Hello,
I would like to use a BPEL process to create a new User in Oracle EBS. In the {color:#0000ff}Integration Repository {color}I was able to find an API called FND_USER_PKG/LOAD_ROW that creates/updates Application's User data. Is this the API I should be using? If so, I would like to better understand how to use this API. What are the required input parameter?
I have created a simple BPEL process and added an Oracle Application Service, which uses this FND_USER_PKG/LOAD_ROW API. I set the following parameter before Invoking the Oracle Application Service: X_USER_NAME, X_ENCRYPTED_USER_PASSWORD and X_START_DATE. When I run the BPEL process I get the following error. I suspect that I am not passing all the required input parameters. Does anyone have any sample data I can use to get this API to load correctly? If I am using the wrong API, please let me know.
Thank you kindly!
Christine
- <input>
- <Invoke_OracleEBS_SecurityUser_InputVariable>
- <part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="InputParameters">
- <InputParameters xmlns:db="http://xmlns.oracle.com/pcbpel/adapter/db/APPS/FND_USER_PKG/LOAD_ROW/" xmlns="http://xmlns.oracle.com/pcbpel/adapter/db/APPS/FND_USER_PKG/LOAD_ROW/">
<db:X_USER_NAME>
CRILEY
</db:X_USER_NAME>
<db:X_ENCRYPTED_USER_PASSWORD>
CRILEY
</db:X_ENCRYPTED_USER_PASSWORD>
<db:X_START_DATE>
2009-01-01
</db:X_START_DATE>
</InputParameters>
</part>
</Invoke_OracleEBS_SecurityUser_InputVariable>
</input>
- <fault>
- <bindingFault xmlns="http://schemas.oracle.com/bpel/extension">
- <part name="code">
<code>
20001
</code>
</part>
- <part name="summary">
<summary>
file:/E:/product/10.1.3.1/OracleAS_1/bpel/domains/default/tmp/.bpel_OracleEBS_OnBoarding_1.0_d71e16636aa9ff51b9975926da6faeb2.tmp/OracleEBS_SecurityUser.wsdl [ OracleEBS_SecurityUser_ptt::OracleEBS_SecurityUser(InputParameters) ] - WSIF JCA Execute of operation 'OracleEBS_SecurityUser' failed due to: Error while trying to prepare and execute an API.
An error occurred while preparing and executing the APPS.FND_USER_PKG.LOAD_ROW API. Cause: java.sql.SQLException: ORA-20001: APP-FND-02600: Unable to create user CRILEY due to the following reason(s):
Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
ORA-20001: Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
An unexpected error occurred. Please contact your System Administrator...
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 783
ORA-06512: at "APPS.FND_USER_PKG", line 916
ORA-06512: at "APPS.FND_USER_PKG", line 1035
ORA-06512: at "APPS.FND_USER_PKG", line 645
ORA-06512: at line 1
Edited by: Christine Riley on Jan 22, 2009 11:00 AM
Edited by: Christine Riley on Jan 27, 2009 1:07 PM

Hello,
I would like to use a BPEL process to create a new User in Oracle EBS. In the {color:#0000ff}Integration Repository {color}I was able to find an API called FND_USER_PKG/LOAD_ROW that creates/updates Application's User data. Is this the API I should be using? If so, I would like to better understand how to use this API. What are the required input parameter?
I have created a simple BPEL process and added an Oracle Application Service, which uses this FND_USER_PKG/LOAD_ROW API. I set the following parameter before Invoking the Oracle Application Service: X_USER_NAME, X_ENCRYPTED_USER_PASSWORD and X_START_DATE. When I run the BPEL process I get the following error. I suspect that I am not passing all the required input parameters. Does anyone have any sample data I can use to get this API to load correctly? If I am using the wrong API, please let me know.
Thank you kindly!
Christine
- <input>
- <Invoke_OracleEBS_SecurityUser_InputVariable>
- <part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="InputParameters">
- <InputParameters xmlns:db="http://xmlns.oracle.com/pcbpel/adapter/db/APPS/FND_USER_PKG/LOAD_ROW/" xmlns="http://xmlns.oracle.com/pcbpel/adapter/db/APPS/FND_USER_PKG/LOAD_ROW/">
<db:X_USER_NAME>
CRILEY
</db:X_USER_NAME>
<db:X_ENCRYPTED_USER_PASSWORD>
CRILEY
</db:X_ENCRYPTED_USER_PASSWORD>
<db:X_START_DATE>
2009-01-01
</db:X_START_DATE>
</InputParameters>
</part>
</Invoke_OracleEBS_SecurityUser_InputVariable>
</input>
- <fault>
- <bindingFault xmlns="http://schemas.oracle.com/bpel/extension">
- <part name="code">
<code>
20001
</code>
</part>
- <part name="summary">
<summary>
file:/E:/product/10.1.3.1/OracleAS_1/bpel/domains/default/tmp/.bpel_OracleEBS_OnBoarding_1.0_d71e16636aa9ff51b9975926da6faeb2.tmp/OracleEBS_SecurityUser.wsdl [ OracleEBS_SecurityUser_ptt::OracleEBS_SecurityUser(InputParameters) ] - WSIF JCA Execute of operation 'OracleEBS_SecurityUser' failed due to: Error while trying to prepare and execute an API.
An error occurred while preparing and executing the APPS.FND_USER_PKG.LOAD_ROW API. Cause: java.sql.SQLException: ORA-20001: APP-FND-02600: Unable to create user CRILEY due to the following reason(s):
Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
ORA-20001: Unabled to call fnd_ldap_wrapper.create_user due to the following reason:
An unexpected error occurred. Please contact your System Administrator...
ORA-06512: at "APPS.APP_EXCEPTION", line 72
ORA-06512: at "APPS.FND_USER_PKG", line 783
ORA-06512: at "APPS.FND_USER_PKG", line 916
ORA-06512: at "APPS.FND_USER_PKG", line 1035
ORA-06512: at "APPS.FND_USER_PKG", line 645
ORA-06512: at line 1
Edited by: Christine Riley on Jan 22, 2009 11:00 AM
Edited by: Christine Riley on Jan 27, 2009 1:07 PM

Weblogic API for modifying users/roles

Similar Messages

Maybe you are looking for