Skip to main content


Showing posts from 2011

User Role API development with Oracle Platform Security Services

I have recently had a chance to work with Oracle Platform Security Services. OPSS is a combination of application programming interfaces that provide abstraction layer over identity management implementations. Before I go into details with OPSS, let me give you a quick background on the application that started using OPSS recently for user and role management purposes. The project is a custom built Spring based web application. The main purpose of the application is to provide services over our user repository which is Oracle Internet Directory. This application is responsible for providing user and role management. SpringLdap template was heavily used before it was replaced with OPSS through the application to query, and modify OID. The application is deployed to WebLogic Server 10.3.4. The current version of OID is which is at the end of it support life and our client is considering moving away from it. The fact that our client was thinking of migrating away from OID wa

CAS Proxy Ticket Utility for Alfresco Share Dashlets

Alfresco Share dashlet controllers can be used to call internal (Alfresco Repository) as well as external restful web services. In our environment our external restful web services are protected by CAS. In order to authenticate calls from Alfresco Share dashlets, CAS proxy authentication protocol is used. You can find much about CAS, its supported clients and protocols on their web site at Cas ProxyAuthentication requires proxy tickets to be submitted with each service call. Therefore, proxy ticket must be generated and attached to each http call from an Alfresco Share dashlet. Here is snippet of a controller from one of our dashlets.  var hoursServiceUrl = remote.getEndpointURL("casProtectedService") + "/users/" + + "/hours.json"; var proxyTicket = proxyTicketUtil.proxyTicket(hoursServiceUrl); var hoursUrl = hoursServiceUrl + "?ticket=" + proxyTicket; var hoursConnector = remote.connect(" casProte

Spring MVC and Reflection

Annotation based Spring MVC controllers and annotations in general provide flexibility for rapid application development in today's JAVA development environment. When you combine annotations with reflection you get quick, neat and powerful solutions. Here is an example that combines a simple annotated Spring MVC form with reflection. @RequestMapping(method = RequestMethod.POST) public String processSubmit(@ModelAttribute TestPlan testPlan, BindingResult result) { if (result.hasErrors()) { return "test/form"; } else { try { prepareTestPlan(testPlan); // find the right method and execute it Method[] methods = WebServiceTestForm.class.getMethods(); for (Method m : methods) { TestDesc t = m.getAnnotation(TestDesc.class); if (t != null && != null && {

How to Externally Generate WSRP Portlet Producer Package

In our recent project, we started working on creating WSRP portlets and deploying these portlets into Oracle WebLogic Server. As you can imagine JDeveloper integrates really well with the rest of the Oracle technology stack. You can use JDeveloper to directly deploy portlet application into remote application servers. During this process JDeveloper performs modification operations on the ear artifacts. It generates the necessary WSDL configuration for WSRP portlet deployments. You can find extensive Oracle documentation here that talks about creating portlets and deploying portlets with JDeveloper. One problem with this scenario is that JDeveloper must have access to remote application server. In our project, this is not possible. Therefore we needed to find way to quickly generate the same ear file with WSRP WSDL configuration. It turns out there is a jar utility that JDeveloper itself uses to generate the ear file and it is called wsrp-predeploy.jar. This jar utility is loca

Oracle Internet Directory plug-in to remove users from groups

Oracle Internet Directory is an LDAP compliant user directory. To my surprise I  recently found out that it does not remove membership attributes from groups when users get disabled. This is at least true for the version I am not sure if the behavior is different in the 11g version. This became an issue for us because the IT security department wanted to ensure that memberships were removed when users were disabled. Our solution was to basically create a plug-in and register the plug-in with OID. Oracle Identity Management Application Developers Guide located here  provides detailed information on how to extend the behavior of OID. This document has sections for building custom plug-ins and their deployment. I used their JAVA API to build this plug-in. Before I start sharing some code, here is some general information about the plug-in. 1. The plug-in will get executed whenever OID performs a modify operation. 2. The plug-in will determine if the modify operation inv