Posted on

Accessing global custom attributes in WebCenter Portal 12c

Global Attributes can be declared to share variables and information between all the Portals.

Out of the box, one of the attributes is the wcSessionTimeoutPeriod responsible for the session timeout. My friend Daniel already blogged about
accessing this on his blog entry.http://blog.vassit.co.uk/knowledge/access-global-custom-attributes

Way of accessing in EL is still working as following

HOW CAN BE ACCESSED USING EL EXPRESSIONS?

#{WCAppContext.application.applicationConfig.customAttributes[‘wcSessionTimeoutPeriod’]}

If you want to use Java API, one way to use

ADFUtils.evaluateEL("#{WCAppContext.application.applicationConfig.customAttributes['wcSessionTimeoutPeriod']}")

But if you are concern about performance, it’s not best practices to use evaluate EL in the java class. It is better to use OOTB API to access this. in 12c you can use following way

WCApplicationContext wcAppCtx = WCApplicationContext.getCurrentInstance();
WCApplication wcApp = wcAppCtx.getApplication();
WebCenterType wcMeta = wcApp.getApplicationConfig();
CustomAttributes customAttr = wcMeta.getCustomAttributes();
...

This will work in 12c.

Happy learning

Posted on

Custom Role Mapping Provider in Weblogic

The default (that is, active) security realm for WebLogic Server includes a WebLogic Role Mapping provider. The WebLogic Role Mapping provider computes dynamic security roles for a specific user (subject) with respect to a specific protected WebLogic resource for each of the default users and WebLogic resources. The WebLogic Role Mapping provider supports the deployment and undeployment of security roles within the system. The WebLogic Role Mapping provider uses the same security policy engine as the WebLogic Authorization provider. If you want to use a role mapping mechanism that already exists within your organization, you could create a custom role mapping provider to tie into that system.

You need 3 Files, a XML File with the configuration, the Provider and the Implementation of a Role.

The Config File:

<?xml version="1.0" ?>
<!DOCTYPE MBeanType SYSTEM "commo.dtd">

<MBeanType
 Name          = "MYRoleMapper"
 DisplayName   = "MYRoleMapper"
 Package       = "MY.security"
 Extends       = "weblogic.management.security. authorization.RoleMapper"
 PersistPolicy = "OnUpdate"
>
 <MBeanAttribute
  Name          = "ProviderClassName"
  Type          = "java.lang.String"
  Writeable     = "false"
  Preprocessor  = "weblogic.management.configuration.LegalHelper.checkClassName(value)"
  Default       = "&quot;MY.security.MYRoleMapperProviderImpl&quot;"
 />

 <MBeanAttribute
  Name          = "Description"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;MY RM provider &quot;"
 />

 <MBeanAttribute
  Name          = "Version"
  Type          = "java.lang.String"
  Writeable     = "false"
  Default       = "&quot;1.2&quot;"
 />

</MBeanType>

The Actual Provider MYRoleMapperProviderImpl.java:

public class MYRoleMapperProviderImpl implements RoleProvider, RoleMapper {
    private String description;
    private static final Map<String, SecurityRole> NO_ROLES = Collections.unmodifiableMap(new HashMap<String, SecurityRole>(1));

    private final static String RESSOURCE_URL = "<url>";
    private final static String RESSOURCE_EJB = "<ejb>";

    private enum rollen {
        READER;
    }

    @Override
    public void initialize(ProviderMBean mbean, SecurityServices services) {
        description = mbean.getDescription() + "\n" + mbean.getVersion();
    }

    @Override
    public String getDescription() {
        return description;
    }

    @Override
    public void shutdown() {

    }

    @Override
    public RoleMapper getRoleMapper() {
        return this;
    }

    @Override
    public Map<String, SecurityRole> getRoles(Subject subject, Resource resource, ContextHandler handler) {
        Map<String, SecurityRole> roles = new HashMap<String, SecurityRole>();
        Set<Principal> principals = subject.getPrincipals();
        for (Resource res = resource; res != null; res = res.getParentResource()) {
            getRoles(res, principals, roles);
        }
        if (roles.isEmpty()) {
            return NO_ROLES;
        }
        return roles;
    }

    private void getRoles(Resource resource, Set<Principal> principals, Map<String, SecurityRole> roles) {
        if (resource.getType() == RESSOURCE_URL || resource.getType() == RESSOURCE_EJB) {
                            roles.put(rollen.READER.toString(), new MYSecurityRoleImpl(rollen.READER.toString(), "READER Rolle"));          
            }
    }
}

simple Role Implementation:

package MY.security;

import weblogic.security.service.SecurityRole;

public class MYSecurityRoleImpl implements SecurityRole {

    private String _roleName;
       private String _description;
       private int _hashCode;

       public MYSecurityRoleImpl(String roleName, String description)
       {
          _roleName = roleName;
          _description = description;
          _hashCode = roleName.hashCode() + 17;
       }

       public boolean equals(Object secRole)
       {
          if (secRole == null) 
          {
             return false;
          }

          if (this == secRole) 
          {
             return true;
          }

          if (!(secRole instanceof MYSecurityRoleImpl)) 
          {
             return false;
          }

          MYSecurityRoleImpl anotherSecRole = (MYSecurityRoleImpl)secRole;

          if (!_roleName.equals(anotherSecRole.getName())) 
          {
             return false;
          }

          return true;
       }

       public String toString () { return _roleName; }
       public int hashCode () { return _hashCode; }
       public String getName () { return _roleName; }
       public String getDescription () { return _description; }
}

For more information go through documentation

Now you need to configure in weblogic admin console in security realms – providers- new

Happy learning with Vinay in techartifact…..

Posted on

Custom session timeout popup message in ADF/ Webcenter portal

Hi All,

In ADF and webcenter applications sometimes we have a requirement to show custom session time-out message.I have tried A team article approach as mentioned but this is not working for me in webcenter 11.1.1.8 not even in portal framework or run time portal. So I have tried something to handle this. In ADF application normally we have a popup before session time out and one after the session is expired.

So I need to disable standard warning message for expiry. I did that like below.

To disable to warning for session time out –

Add these entries in web.xml as

<context-param>
  <param-name>javax.faces.STATE_SAVING_METHOD</param-name>
  <param-value>client</param-value>
</context-param>

<context-param>
  <param-name>
     oracle.adf.view.rich.sessionHandling.WARNING_BEFORE_TIMEOUT
  </param-name>
    <param-value>0</param-value>
</context-param>

Fair enough. Now you will not see any ootb warning before session time out.But I need a customized session time out popup.Following is the solution for that.
Add this code in the your page template for ADF and webcenter application.

 <af:resource type="javascript">
     var timeoutID;
    resetTimeout();
    function resetTimeout(){
        if( timeoutID ) clearTimeout( timeoutID );
        timeoutID = setTimeout( ShowTimeoutWarning, 1500000 ); // this is popup will come if user is idle for 25 minutes(25*6000)
    }
    function ShowTimeoutWarning() {
       var popup = AdfPage.PAGE.findComponentByAbsoluteId('pt_p1');
       popup.show();
    }

    document.onkeyup   = resetTimeout;
    document.onkeydown = resetTimeout;
    document.onclick   = resetTimeout;

    </af:resource>

and in the page template add a popup.You can also skin your popup as you like through normal skinning.

 <af:popup id="pt_p1" animate="default">
           <af:dialog id="tod" title="Warning" closeIconVisible="false" type="ok">
              <af:outputText value="You session will expire in next 5 Minute." id="pt_ot1"/>
           </af:dialog>
         </af:popup>

Thats it. You can try this in ADF , webcenter portal framework and or runtime portal too.

Happy learning with Vinay in techartifact.