Fusion Middleware Security – Search user in AD using OPSS

Oracle Platform Security Services (OPSS) provides enterprise product development teams, systems integrators (SIs), and independent software vendors (ISVs) with a standards-based, portable, integrated, enterprise-grade security framework for Java Standard Edition (Java SE) and Java Enterprise Edition (Java EE) applications.

OPSS provides an abstraction layer in the form of standards-based application programming interfaces (APIs) that insulate developers from security and identity management implementation details. With OPSS, developers don’t need to know the details of cryptographic key management or interfaces with user repositories and other identity management infrastructures. Thanks to OPSS, in-house developed applications, third-party applications, and integrated applications benefit from the same, uniform security, identity management, and audit services across the enterprise.

OPSS is the underlying security platform that provides security to Oracle Fusion Middleware including products like WebLogic Server, SOA, WebCenter, ADF, OES to name a few. OPSS is designed from the ground up to be portable to third-party application servers. As a result, developers can use OPSS as the single security framework for both Oracle and third-party environments, thus decreasing application development, administration, and maintenance costs.

Products which use OPSS

  1. Oracle WebLogic Server
  2. Oracle ADF
  3. Oracle WebCenter
  4. Oracle SOA
  5. Oracle Entitlement server
  6. Oracle WebService Manager
  7. Java Authorization for Containers (JAAC)
     

OPSS provides an integrated security platform that supports:

  • Authentication
  • Identity assertion
  • Authorization, based on fine-grained JAAS permissions
  • The specification and management of application policies
  • Secure storage and access of system credentials through the Credential Store Framework
  • Auditing
  • Role administration and role mappings
  • The User and Role API
  • Identity Virtualization
  • Security configuration and management
  • SAML and XACML
  • Oracle Security Developer Tools, including cryptography tools
  • Policy Management API
  • Java Authorization for Containers (JAAC)

 

OPSS Architecture

 


 

 

Now moving further with use of OPSS with ADF/WebCenter application. We have features , so that user can search user from LDAP using name, last name or email. How can we achieve that.

Something like below image.

 


 

 

 

User click on Search User-This will search in Active directory user mapped with WebLogic security provider.

 


 

In Search box, enter Name, Last Name or email and click on Search icon .


 

Or try with email

 


 

 

So you can add some more custom parameters with that and search it. Now we will focus how we did that.

Following is code to search with parameter in OPSS

 

    public List<userProfileId> getUserDetails() {
        if (this.userDetails.size() == 0) {

            if (peopleName != null) {
                try {

                    JpsContextFactory ctxFactory = JpsContextFactory.getContextFactory();
                    JpsContext ctx = ctxFactory.getContext();
                    LdapIdentityStore idstoreService =
                        (LdapIdentityStore) ctx.getServiceInstance(IdentityStoreService.class);
                    IdentityStore idmIdentityStore = idstoreService.getIdmStore();
                    //  User user = idmIdentityStore.searchUser(peopleName.getValue().toString());

                    if (peopleName.getValue() != null) {
                        SimpleSearchFilter simpleSearchFilter[] = new SimpleSearchFilter[3];

                        simpleSearchFilter[0] =
                            idmIdentityStore.getSimpleSearchFilter(UserProfile.LAST_NAME, SimpleSearchFilter.TYPE_EQUAL,
                                                                   peopleName.getValue().toString());
                        simpleSearchFilter[1] =
                            idmIdentityStore.getSimpleSearchFilter(UserProfile.BUSINESS_EMAIL,
                                                                   SimpleSearchFilter.TYPE_EQUAL,
                                                                   peopleName.getValue().toString());
                        simpleSearchFilter[2] =
                            idmIdentityStore.getSimpleSearchFilter(UserProfile.NAME, SimpleSearchFilter.TYPE_EQUAL,
                                                                   peopleName.getValue().toString());

                    
                    ComplexSearchFilter cf =
                        idmIdentityStore.getComplexSearchFilter(simpleSearchFilter, ComplexSearchFilter.TYPE_OR);
                    /* Creating Search Parameters with Complex Search Filters */
                    
                    SearchParameters spUser = new SearchParameters(cf, SearchParameters.SEARCH_USERS_ONLY);
                    SearchResponse searchResponse = idmIdentityStore.searchUsers(spUser);
                    while (searchResponse.hasNext()) {
                        System.out.println("Count " + searchResponse.getResultCount());
                        UserProfile up = (UserProfile) searchResponse.next();
                        System.out.println("User Profile:" + up.getPrincipal());
                        name = up.getName();
                        email = up.getBusinessEmail();
                        UserID = up.getLastName();
                        UserName = up.getUserName();
                        userDetails.add(new userProfileId(name, UserID, email, UserName));
                    }
                    }

                    //    uprofile.setUserDetailss(userDetails);
                    /*  UserProfile up = user.getUserProfile();*/

                } catch (JpsException e) {
                    e.printStackTrace();
                    System.out.println(e);

                } catch (IMException e) {
                    System.out.println(e);
                } catch (Exception e) {
                    System.out.println(e);
                }
            }
        }

        return userDetails;
    }

That’s it. You can use this following ocde in pure ADF or WebCenter Portal applications easily. Do let me know your thoughts.
Happy Learning with Techartifact.

Introduction to Docker and Docker Compose

Aim- What is Docker and Docker Compose. I will try to explain about linux container then goes more into Docker and Docker Compose for a beginner.

Now in this cloud buzz world, what developers want –

● Scalability, maintainability, Agility, Portability.
● DevOps tools.
● Improved resource utilization.
● A continuum of abstraction levels.

Linux Containers -contain applications in a way that keep them isolated from the host system that they run on. Containers allow a developer to package up an application with all of the parts it needs, such as libraries and other dependencies, and ship it all out as one package. And they are designed to make it easier to provide a consistent experience as developers and system administrators move code from development environments into production in a fast and replicable way.
In a way, containers behave like a virtual machine. To the outside world, they can look like their own complete system. But unlike a virtual machine, rather than creating a whole virtual operating system, containers don’t need to replicate an entire operating system, only the individual components they need in order to operate. This gives a significant performance boost and reduces the size of the application. They also operate much faster, as unlike traditional virtualization the process is essentially running natively on its host, just with an additional layer of protection around it

Linux Containers
● Use Linux kernel isolation features to give a VM like environment.
● Process isolation /Sandboxing.
● Example: Lxc, lmctfy, Docker.

Now, What is Docker
● An easy to use Linux container technology.
● Docker image format.
● It helps in application packaging and delivery.

Docker is a tool that can package an application and its dependencies in a virtual container that can run on any Linux server. This helps enable flexibility and portability on where the application can run, whether on-premises, public cloud, private cloud, bare metal, etc. (Wikipedia)


Docker Vs Virtualization-

– Docker is lighter than virtual machines.
– The size of Docker images is very small compared.
– We can run more Docker container on a reasonably sized host.
– Deploying and scaling is relatively easy.
– Docker has less start up time.

Technologies behind docker
● Control groups:
○ Control Groups are another key component of Linux Containers
○ With Cgroup we can implement resource accounting and limit.
○ Ensure that each container gets its fair share of memory, CPU, disk I/O.
○ Thanks to Cgroup, we can make sure that single container cannot bring the system down by exhausting resources.

● Union file systems: ○ Layered file system so you can have a read only part and a write part, and merge those together. ○ Docker images made up with are layers.

● Namespaces
○ It helps to create an isolated workspace for each process.
○ When you run a container, Docker creates a set of namespaces for that container.
● SELinux
○ SELinux provides secure separation of containers by applying SELinux policy and labels.

What are components of Dockers

Docker Images – An image is an inert, immutable, file that’s essentially a snapshot of a container. Images are created with the build command, and they’ll produce a container when started with a run. Images are stored in a Docker registry such as registry.hub.docker.com
Docker containers – is an open source software development platform. Its main benefit is to package applications in “containers,” allowing them to be portable to any system running the Linux operating system
Docker Hub – is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts
Docker Registry -is a cloud-based registry service which allows you to link to code repositories, build your images and test them, stores manually pushed images, and links to Docker Cloud so you can deploy images to your hosts
Docker daemon -This is the part which does rest of the magic and knows how to talk to the kernel, makes the system calls to create, operate and manage containers, which we as users of Docker dont have to worry about.
Docker client – This is the utility we use when we run any docker commands e.g. docker run (Docker container run), Docker images, docker ps etc. It allows us to run these commands which a human can easily understand.

docker

As you see above screen shot, we have docker client where the user performs build, pull and run operation.The client interacts with a host which contains different container, Docker Daemon and images via Registry.

If you guy reading this line, then you must be getting something about docker now. You know basic components and vocabulary.
Now let’s take an example of real life applications.
● One application consists of multiple containers.
● One container is dependent on another.
● Mutual dependency/ startup order.
● Process involves building containers and then deploy them
● Long docker run commands
● Complexity is proportional to the number of containers involved

dockerwithMultiContainer

Take example of above image, this will look multicontainer docker .The containers include (1) NGINX container, (3) Tomcat containers, (1) MongoDB container, and (1) ELK container. But have’t docker came to help us, This look quite difficult process to manage it all. To rescue us, Docker Compose is there.

Docker Compose is a tool for defining and running multi-container Docker applications. With Compose, you use a Compose file to configure your application’s services. Then, using a single command, you create and start all the services from your configuration.Compose is great for development, testing, and staging environments, as well as CI workflows.

compose

Docker Compose
● Tool for defining and running multi-container Docker application.It is a YML file and compose contains information about how to build the containers and deploy containers. It is integrated with Docker Swarm. It competes with Kubernetes.

Compose is basically a three-step process.

1- Define your app’s environment with a Dockerfile so it can be reproduced anywhere.
2- Define the services that make up your app in docker-compose.yml so they can be run together in an isolated environment.
3- Lastly, run docker-compose up and Compose will start and run your entire app.

docker-yml

You can explore more with Docker Swarm, which I will explain in next post. Till then happy learning with Vinay

Oracle PaaS for SaaS Integration

Platform-as-a-Service (PaaS) is buzz word now. Every day you are going to hear more and more PaaS has quickly evolved into a standard for building an agile business platform, and that’s cause for excitement. Platform as a service (PaaS) is exciting for customers—not just those who want to move to the cloud, but also those who see PaaS as a way to build applications faster and more efficiently. As Oracle releases more development tools in the cloud, I believe that PaaS will become the de facto way to extend software as a service (SaaS).

Benefits of PaaS –
With PaaS, no longer have to worry about the cost and time associated with maintaining hardware or a data center. By bypassing the setup required for a development environment, your organization will achieve faster time to value on projects. Most PaaS offerings are on a consumption model: Much like buying gas, you fill up only when you need to, and you pay for only what you use. Finally, the quick-start, user-friendly, cloud-based development tools enable and foster continuous innovation.

PaaS4SaaS – PaaS-SaaS Integration is important.If you are running an Oracle Software as a Service (SaaS) application, for example, Oracle Sales Cloud, you can write extensions to that service and deploy them on Oracle Java Cloud Service – SaaS Extension.

Recently a use case came across for using Oracle Sales Cloud data and build a custom application with Sales Cloud data.This application can be deployed on Java cloud service (JCS) and linked can be put in OSC by customizing Oracle Sales cloud’s composer.

Custom application UI can build on ADF or Javascript UI technologies with the database as cloud service (DBCS)and deploy in JCS.
Application displays reports on sales cloud opportunities and order for the previous duration and product manager can see a custom dashboard with documents in a custom application deployed on JCS. This can be a great use case for PaaS4SaaS . There can be many use cases for enterprise applications. So how we can fix that. How we can define a standard for PaaS4SaaS’s applications.

Oracle Java Cloud Service – SaaS Extension reduces the complexity associated with the deployment and maintenance of enterprise Java applications. It enables you to create Oracle Java Cloud Service – SaaS Extension instances quickly. You can deploy your applications to a service instance, then secure and manage them without worrying about the underlying infrastructure.

Oracle Java Cloud Service - SaaS Extension Architecture
Oracle Java Cloud Service – SaaS Extension Architecture

Source- Oracle Documentation.

provides a platform to develop and deploy business applications in the cloud. With Oracle Java Cloud Service – SaaS Extension, businesses can maximize productivity with instant access to a cloud environment powered by Oracle WebLogic Server, complete with integrated security and database access.

PaaS-SaaS Integration – If you using Oracle Software as a Service (SaaS) application, for example, Oracle Sales Cloud, you can write extensions to that service and deploy them on Oracle Java Cloud Service – SaaS Extension

Integrating services such as Oracle Sales Cloud and Oracle Java Cloud Service – SaaS Extension allows them to be associated so that single sign-on can be enabled, thus allowing one service to act as the identity provider for both.
Identity Propagation can be done using SAML and OAuth.

If you develop PaaS extensions on Java Cloud Service -SaaS Extension for your HCM, ERP or CX Cloud etc then you should following key points before you start.

1. RESTFUL API Catalog Key point of building PaaS extensions for Oracle SaaS Application is interact SaaS application (HCM, ERP).

Every Oracle SaaS applications have exposed set of web-services to communicate to external applications and we should be aware of these available web services, this is very important as any PaaS extension require a call to the SaaS application.Read this webservice in depth before starting development.

API catalog

2. Cloud Rapid Development Kit – The Oracle Applications Cloud User Experience Rapid Development Kit (RDK) is a set of free resources that will help you learn faster, design simpler and build quickly your PaaS extensions. RDK is one of the great resources to start developing your extension today with minimal learning curve. RDK provides great resources as summarized below:

222

This will comes also with samples for PaaS4SaaS. Open Samples in Jdeveloper.Get all samples in GitHub

3333

You can navigate to DemoMaster->WebContent->Index.html and run it . You should able to see below screen

4444

3. Design Patterns/Template/wireframes – Rapid Development Kit provides wireframe template in ppt format, can be download from RDK wireframe templates. RDK also provides UX design patterns ebook. These two are exceptional resources to design PaaS Extension for Cloud Applications. You got all what you want to draw your layout/format and get your user feedback/comments before start developing.

– Design patterns eBook: Offers guidance on how to design your mobile cloud apps. These design patterns are referenced throughout this mobile wireframe template.

– Technical eBook: Offers guidance on how to use the Rapid Development Kit (RDK) to build and deploy applications that have the same look and feel as Oracle Mobile Applications. This eBook is packaged with the kit.

You can make your own template. Use, reuse, and resize these icons in your wireframes. Most of these icons are sized 44px to facilitate selection. You may need to reduce them from 44px x 44px to 16px x 16px.

4. Deploy Paas extension – .war and .ear file can be deployed on JCS using simple GUI. See example – Deploying an Application to Oracle Java Cloud Service – SaaS Extension.

5. Developer environment – Oracle Java Cloud Service – SX Software Development Kit (SDK) is a downloadable package that provides tools that facilitate the management of Oracle Java Cloud Service – SaaS Extension instances and the development of applications for the Oracle Java Cloud Service – SaaS Extension in Oracle Cloud. Apart from this you have a choice to use your favorite IDE (Integrated Development Environment). You can use:

• Oracle JDeveloper with Oracle Java Cloud Service – SaaS Extension
• NetBeans with Oracle Java Cloud Service – SaaS Extension
• Oracle Enterprise Pack for Eclipse with Oracle Java Cloud Service – SaaS Extension

Chose IDE which is best suited to you or you have already working experience, this choice will enable you to start developing quickly.

If you came across any more tips or knowledge , Please share in comments. Happy cloud development