Sunday, January 3, 2010

WebCenter 11g Discussion Service in Oracle ADF

Everyone is familiar with various discussion services, for example OTN Forums. However, not everyone knows that you can use similar discussion services directly from ADF 11g application. Today I will describe how you can enable WebCenter 11g product component - Discussion Services. Before reading my post, I would recommend to walk through instructions available on George Maggessy blog - Oracle Discussions Configuration.  Also you should read Section 17.2.1 Setting up Connections for Discussions from WebCenter 11g Developer Guide.

Download sample application for today post - WebCenterDiscussions.zip. This application implements ADF table and Discussion Service from WebCenter server on the same page.

Before developer will be able to use Discussion Service, there should be defined Discussion Service connection in Application Resources. You can read about this in 17.2.1 section mentioned above. However, there is one trick with forum.connection.secure property. In that case, when application is protected by ADF Security, you must set this property to true and define additional properties.

If Discussion Service connection - DevDiscussions:



Is defined with default false value for forum.connection.secure property:



After user login:



Authentication Failure will be reported for Discussion Service Task Flow:



I know cases where same thing was working in JDeveloper 11g R1, but it didn't worked in JDeveloper 11g R1 PS1. It is correct, because connection must be secured, when ADF application is protected by ADF Security.

Let's enable secured Discussion Service connection:



When connection is declared as secured, you must obtain security certificates and declare additional properties for Discussion Service Connection. You can read about this in WebCenter 11g Administrator Guide Section 23.8 Configuring WS-Security. However, its very hard to understand described instructions. I got additional hints from Oracle about how to generate keys and certificates, will list them now in step-by-step way:

1. Generate new key

keytool -genkey -alias jive -keypass jive_password -keystore client_certs.keystore -storepass clientKeyStorePassword -dname "cn=jive" -keyalg RSA

Remember three Discussion Service Connection properties:

encryption.key.alias = jive
encryption.key.password = jive_password
keystore.password = clientKeyStorePassword

2. Generate client signed certificate client_certs.keystore

keytool -selfcert -alias jive -keystore client_certs.keystore -storepass clientKeyStorePassword -keypass jive_password

3. Export the public key from the certificate

keytool -export -alias jive -file client_public_key.jks -keystore client_certs.keystore -storepass clientKeyStorePassword

4. Import the public key into a web app accessible keystore

keytool -import -alias jive -file client_public_key.jks -keystore server_public_certs.keystore -storepass serverKeyStorePassword

Generated server_public_certs.keystore file will be used as server certificate

Up to this step you should have those three files generated:




5. Copy the server_public_certs.keystore to the WebCenter 11g server machine

In my case, file was copied to /home/oracle/keystore

6. Set up the Jive Server Properties

In the WebCenter domain home lib directory (/home/oracle/Oracle/Middleware/user_projects/domains/wc_domain/lib), create a file named keystore.properties.

Within this file add the following values (change them according your case):

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=serverKeyStorePassword
org.apache.ws.security.crypto.merlin.keystore.alias=jive
org.apache.ws.security.crypto.merlin.file=/home/oracle/keystore/server_public_certs.keystore

7. Place the keystore.properties file into a jar file named jive_crypto_props.jar

jar cvf jive_crypto_props.jar keystore.properties

8. Modify the Jive System Property

Login as the admin user, to the Jive admin page, for example: http://127.0.0.1:8890/owc_discussions/admin

Click on the System Properties link and add the following property:

webservices.soap.custom.crypto.fileName=keystore.properties

9. Restart WebCenter 11g Services Managed Server

10. Last step, define Additional Properties for Discussion Service Connection:



Now discussions will appear inside my sample ADF application:



Let's talk a bit more about discussions security configuration. In my sample I'm not using SSO, ADF application is deployed on JDeveloper 11g embedded WebLogic, while WebCenter 11g Services are running on standalone WebLogic domain. This means I should define same users in both systems. ADF application jazn-data.xml file contains two users - john and scott:



Same two users I have defined in standalone WebLogic domain embedded LDAP:



Those users will be used by Discussions Service. I will grant Moderator rights to user scott:



Discussion Service is based on the same embedded LDAP from standalone WebLogic, both users are propagated automatically:



Thats all about security, now you can enable Discussion Service inside your ADF application just by doing WebCenter 11g ADF Task Flow drag and drop:



Let's see how it works on runtime. If we login as user john, we can create new discussion topic:



New topic is created:



Now let's login as another user - scott, and answer to john question:



User scott is granted Moderator privileges, this means he can edit or even delete john post:



But if scott creates new topic about ADF trainings:



User john will be able to read it and reply:



However, will not be able to edit or remove it, because john is not granted with Moderator rights:



Its important to mention, same posts done through ADF application, can be accessed through external Discussions Service URL:


14 comments:

a..........RUN said...

hi,

I am trying to create a discussion forum in my webcenter application and follwing the steps you given in "WebCenter 11g Discussion Service in Oracle ADF" but i deployed to my server i am getting "error user scott unable to authenticate to discussion server." I have created the users in embded LDAP and checked with forum able to login but through my application its giving error.Please guide me how to do that .

G said...

When I tried to do the same setup provided in the blog, i am getting the below error:

java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)

Please help me on this

Mauro Flores said...

Hi, i have the same problem than G,does someone have an answer?

Thanks.

Mauro Flores said...

By the way thanks for your blog Andrejus, it had been very helpful.

Andrej Baranovskij said...

Hi,

May be your password is less then 7 charachters? Make sure you provide valid password.

Regards,
Andrejus

Anonymous said...

Hi ,

Thanks for this blog . Its good . But I get the exception as below.
Caused by: java.lang.RuntimeException: org.apache.ws.security.components.crypto.Merlin cannot create instance
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:155)
at org.apache.ws.security.components.crypto.CryptoFactory.loadClass(CryptoFactory.java:119)
at org.apache.ws.security.components.crypto.CryptoFactory.getInstance(CryptoFactory.java:72)

I am using JDEV 11G Release 1 and I am deploying on my Integrated Weblogic .

WebCenter is configured in a VM PS2.

Andrej Baranovskij said...

Hi,

You can run Discussions, only when ADF application is deployed on the same server with certificates are created. In your case you need to deploy to WebCenter VM.

Regards,
Andrejus

Anonymous said...

your blog is better than oracle documentation. thanks

Andrej Baranovskij said...

Thanks, I'm trying :)

Andrejus

Anonymous said...

Andrejus, I couldn't start Discussion built in the Webcenter. If I can't do that, then I am thinking of following your blog. Do you have any info on this? I have tried Oracle's docs, but they are somewhat not working.

Unknown said...

Hi Andrejus,

Thanks for this excellent post. It salved my problem.

Regards
Akhilanand Singh, Pune, India

Andrej Baranovskij said...

Hi,

Its simplified in PS3 - http://andrejusb.blogspot.com/2011/01/webcenter-spaces-ps3-discussion-server.html

Thanks,
Andrejus

DRS said...

HI,
i am trying the discussion server but there is no jive_startup.xml available as i am using webcenter extension
cudnot find these
& secondly i cudnot run rcu i m trying to run rcu.bat (11.1.1.5).
its opening a directory where jdeveloper is installed.
Kindly let me know how to check if MDS is installed or not
Thanks
DRS

Pradeep said...

Hi Andrejus,

Thanks for such a great post. However I am facing problems when I am trying to create the connection to the Discussion Server through JDeveloper.

Everytime I am getting "Failed to verify connection"

JDeveloper Version is: 11.1.1.6.0