DB Authenticator for BPM Applications

DB Authenticator is an alternative to the default option of LDAP authenticator for BPM setup.

Following tables are required for the db authenticator setup for BPM Application.

1) Users 

CREATE TABLE USERS (U_NAME VARCHAR(200) NOT NULL,
U_PASSWORD VARCHAR(50) NOT NULL
,U_DESCRIPTION VARCHAR(1000));

ALTER TABLE USERS ADD CONSTRAINT PK_USERS PRIMARY KEY (U_NAME);

2) Groups
CREATE TABLE GROUPS (G_NAME VARCHAR(200) NOT NULL,
G_DESCRIPTION VARCHAR(1000) NULL) ;

ALTER TABLE GROUPS ADD CONSTRAINT PK_GROUPS PRIMARY KEY (G_NAME);

3) Group Members
CREATE TABLE GROUPMEMBERS (G_NAME VARCHAR(200) NOT NULL,
G_MEMBER VARCHAR(200) NOT NULL);

ALTER TABLE GROUPMEMBERS ADD
CONSTRAINT PK_GROUPMEMS PRIMARY KEY (G_NAME,G_MEMBER);

ALTER TABLE GROUPMEMBERS ADD CONSTRAINT FK1_GROUPMEMBERS
FOREIGN KEY ( G_NAME ) REFERENCES GROUPS (G_NAME) ON DELETE CASCADE;

Create a DataSource 

DB Authenticator needs a datasource in Weblogic. The tables above should be available in the data base connecting through the datasource created.



Create a SQL Authenticator

From the Security Realms > myrealms > Providers. Create a new SQL Authenticator.








Click OK.

The new SQL Authenticator will be listed in the Providers list.






Click on the DBAuthenticator and change the provider specific details 

Make sure the datasource name is provided and check the "Plaintext Password Enabled" option selected.

All the other SQL queries can be edited based on the tables name created.You have to edit the provider jar file if you are changing the table names here.The jar file can be downloaded from https://support.us.oracle.com Searching for SQLAuthenticator.











Changes for Worklist Application

1) Copy the jar file to MW_HOME/user_projects/domains/soadomain/lib folder 

2) Edit the MW_HOME/user_projects/domains/soadomain/config/fmwconfig/jps-config.xml file.



1) In the section starting with <jpsContext name="default" modify



<serviceInstanceRef ref="idstore.ldap"/> 

to 

<serviceInstanceRef ref="idstore.custom"/>



2) Within the <serviceInstances>...</serviceInstances> section, add the following 



<serviceInstance name="idstore.custom" provider="custom.provider" location="dumb">

<description>Custom Identity Store Service Instance</description>

<property name="idstore.type" value="CUSTOM"/>

<property name="ADF_IM_FACTORY_CLASS" value="org.sample.providers.db.DBIdentityStoreFactory"/>

<property name="DATASOURCE_NAME" value="<datasource_jndi>"/>

</serviceInstance>



3) Within the <serviceProviders>...</serviceProviders> section, add the following



<serviceProvider type="IDENTITY_STORE" name="custom.provider" class="oracle.security.jps.internal.idstore.generic.GenericIdentityStoreProvider"><description>Custom IdStore Provider</description>

</serviceProvider>





Common Errors :





a) BPMIdentityService encountered soap error in method invoke with fault "".

Ensure that the soap message is properly formed and has all necessary attributes and elements. Contact Oracle Support Services if error is not fixable.

ORABPEL-10592





We faced this issue because we had an OSSOAsserter layer used to enable the sso for the application. Some how the user email returning from the SSO and the users table was not matching in as the one returning from SSO was capital case and what we had in the db was  in small case. We fixed this issue by changing the sql queries shown above in the provider specific section.




b) Caused By: ORABPEL-30504




Internal error in Verification Service.

Internal error in Verification Service for user XXXXX@YYY.COM. lookupUser.

Check the underlying exception and correct the error. If the error persists, contact Oracle Support Services.

We had to fix the DBUserSearchResponse.java in the dbprovider.jar file by putting the correct case comparison in the sql queries.

Ant tasks for BPM application

Some Useful ant tasks to package and deploy BPM applications

1) To package BPM application

 <target name="build">
        <property file="${OS_ENV.HOME}/build.properties"/>
                <ant antfile="${OS_ENV.MW_HOME}/jdeveloper/bin/ant-sca-package.xml"
                     inheritall="false">
                        <property name="compositeDir"
                                  value="/scratch/BPMApps/PartyApproval"/>
                        <property name="compositeName"
                                  value="ThirdPartyApproval"/>
                        <property name="revision" value="${sca.version}"/>
                        <property name="scac.application.home"
                                  value="/scratch/BPMApps"/>
                </ant>
        </target>

2) Deploy BPM application

<target name="deploy">
                <property file="${OS_ENV.HOME}/build.properties"/>
                <ant antfile="${OS_ENV.MW_HOME}/jdeveloper/bin/ant-sca-deploy.xml"
                     inheritall="false">
                        <property name="serverURL"
                                  value="http://${weblogic.machine}:${weblogic.port}"/>
                        <property name="sarLocation"
                                  value="/scratch/PartyApproval/deploy/sca_PartyApproval_rev1.0.jar"/>
                        <property name="overwrite" value="true"/>
                        <property name="user" value="${weblogic.user}"/>
                        <property name="password" value="${weblogic.password}"/>
                        <property name="forceDefault" value="true"/>
                </ant>
        </target>
3) Undeploy BPM Application

 <target name="undeploy">
                <property file="${OS_ENV.HOME}/build.properties"/>
                <ant antfile="${OS_ENV.MW_HOME}/jdeveloper/bin/ant-sca-deploy.xml"
                     inheritall="false" target="undeploy">
                   
                        <property name="serverURL"
                                  value="http://${weblogic.machine}:${weblogic.port}"/>
                        <property name="compositeName"
                                  value="ThirdPartyApproval"/>
                        <property name="sarLocation"
                                  value="/scratch/PartyApproval/deploy/sca_PartyApproval_rev1.0.jar"/>
                        <property name="revision" value="${sca.version}"/>
                        <property name="user" value="${weblogic.user}"/>
                        <property name="password" value="${weblogic.password}"/>
                </ant>
        </target>

Ant packaging for SOA composite application : oramds error

Ant target used for packaging the soa composite application. Poin to note here the normal ojdeploy tasks wont work for soa composite application.


 <target name="build-bpmtp">
        <ant antfile="${OS_ENV.MW_HOME}/jdeveloper/bin/ant-sca-package.xml"
                     inheritall="false">
                        <property name="compositeDir"
                                  value="${OS_ENV.ADE_VIEW_ROOT}/BPMApps/PartyApproval"/>
                        <property name="compositeName"
                                  value="ThirdPartyApproval"/>
                        <property name="revision" value="1.0"/>
                        <property name="scac.application.home"
                                  value="${OS_ENV.ADE_VIEW_ROOT}/PLSBPMApps"/>
                </ant>
        </target>
One of the issue I got while compilation is the oramds error because of some wsdl are not loading properly.

oramds:/soa/shared/workflow/TaskServiceInterface.wsdl: MDS-00054: The file to be loaded 

The way to resolve is to provide the correct values in ${APPHOME}/.adf/META-INF/adf-config.xml file. A sample file is as shown below.


<?xml version="1.0" encoding="US-ASCII" ?>
<adf-config xmlns="http://xmlns.oracle.com/adf/config"
            xmlns:config="http://xmlns.oracle.com/bc4j/configuration"
            xmlns:adf="http://xmlns.oracle.com/adf/config/properties"
            xmlns:sec="http://xmlns.oracle.com/adf/security/config">
  <adf-adfm-config xmlns="http://xmlns.oracle.com/adfm/config">
    <defaults useBindVarsForViewCriteriaLiterals="true"/>
    <startup>
      <amconfig-overrides>
        <config:Database jbo.locking.mode="optimistic"/>
      </amconfig-overrides>
    </startup>
  </adf-adfm-config>
  <adf:adf-properties-child xmlns="http://xmlns.oracle.com/adf/config/properties">
    <adf-property name="adfAppUID" value="PLSBPMApps-5883"/>
  </adf:adf-properties-child>
  <sec:adf-security-child xmlns="http://xmlns.oracle.com/adf/security/config">
    <CredentialStoreContext credentialStoreClass="oracle.adf.share.security.providers.jps.CSFCredentialStore"
                            credentialStoreLocation="../../src/META-INF/jps-config.xml"/>
  </sec:adf-security-child>
  <adf-mds-config xmlns="http://xmlns.oracle.com/adf/mds/config">
    <mds-config xmlns="http://xmlns.oracle.com/mds/config">
      <persistence-config>
        <metadata-namespaces>
          <namespace path="/soa/shared" metadata-store-usage="mstore-usage_1"/>
        </metadata-namespaces>
        <metadata-store-usages>
          <metadata-store-usage id="mstore-usage_1">
            <metadata-store class-name="oracle.mds.persistence.stores.file.FileMetadataStore">
              <property name="metadata-path"
                        value="${oracle.home}/integration"/>
              <property name="partition-name" value="seed"/>
            </metadata-store>
          </metadata-store-usage>
        </metadata-store-usages>
      </persistence-config>
    </mds-config>
  </adf-mds-config>
</adf-config>
We need to provide correct entries for the    <metadata-store-usages> section of the xml file. In our case the ${oracle.home} was pointing to the jdeveloper directory .
Metadata storage can also be  a db storage as below :

<metadata-store-usage id="mstore-usage_2">
<metadata-store class-name="oracle.mds.persistence.stores.db.DBMetadataStore">
<property name="jdbc-userid" value="@db.user@"/>
<property name="jdbc-password" value="@db.password@"/>
<property name="jdbc-url" value="@db.url@"/>
<property name="partition-name" value="@partition@"/>
</metadata-store>
</metadata-store-usage>

SecurityProvider service class name for OSSOAsserter is not specified

While starting the managed server from weblogic console its throwing the error from myrealms with SecurityProvider service class name for OSSOAsserter  is not specified. Inorder to fix this error go to 

<MW_HOME>/wlserver_10.3/common/nodemanager/nodemager.properties 

Set the StartScriptEnabled  property to true

Creating Managed Server in Weblogic

1) Start the node manager from WEBLOGIC_HOME/wlserver_10.3/common/bin/ startManagedWebLogic.sh

2) Create the machine

Login to the Admin console . From the Doman> Machines , Create a new machine

Provide
a) Machine Name
b) Machine OS
Click on Next

Provide Node manager details
 Type : SSL
Listening Address : m/c name or local host
Listening Port : 5556

Click on the monitor tab and you can see the status below.

3) Create the managed server from the Environment> Server link

4) Start the managed server from Admin console.

Compare files in linux

There are many file compare tools available in Linux. Following are some of the commonly used

1) diff file1 file2
2) kompare file1 file2
3) sdiff file1 file2
4) vimdiff file1 file2
5) Meld
6) Guiffy
7)kdiff3
8)xxdiff