Let us switch the old Java SM application to use RMI SM, like always no code changes and no recompilation!
Before executing these steps make sure that you have completed Hello OES World.
Create SM Definition
1) Log into Oracle Entitlements Server Admin
2) Follow steps “Define a new Web Services SM and bind an application” listed in blog article “Oracle Entitlements Server Web Services SM – Part 1”. But use “Sample-RMI-SM” instead of “Sample-WS-SM” for SM name
Create an SM Instance
1) CD to OES-SM-Home/oessm/SMConfigTool (for e.g. /home/oes/Oracle/Middleware/oes_client/oessm/SMConfigTool)
2) Copy file “smconfig.rmi.controlled.prp” to “my-rmi.prp”
3) Edit the file “my-rmi.prp” and set the 2 parameters below
4) Cd to “../bin”
5) To create an RMI SM which listens on port 9000 for inbound requests, run command “./config.sh -smConfigId Sample-RMI-SM -RMIListeningPort 9000 -prpFileName OES-SM-Home /oessm/SMConfigTool/my-rmi.prp”. Sample output
6) Check to make sure that the directory OES-SM-Home/oes_sm_instances/Sample-RMI-SM was created
This completes creation of SM instance
Run the Application:
1) Make sure your old Java application still works
2) Copy the old Java class file (that you used for Java SM Hello OES World) to “OES-SM-Home/oes_sm_instances/Sample-RMI-SM”
3) Start RMI SM Server:
a. Open a new window
b. CD to “OES-SM-Home/oes_sm_instances/Sample-RMI-SM”
c. Start RMI SM process by running “./startRMIServer.sh”
d. Wait till you see “RMI SM has started”
4) CD to “OES-SM-Home/oes_sm_instances/Sample-RMI-SM”
5) Make sure you class path is set to “CLASSPATH=../../modules/oracle.oes.sm_11.1.1/oes-ws-client.jar:.”
6) To start the application (RMI SM client), run “java -Doracle.security.jps.config=./config/rmiclient/jps-config.xml HelloOESworld”. You will see:
You just switched your application from Java SM to RMI SM without even recompiling the code
Subbu, good post.
In Java SM, the initial authorization request returns false until the policies are synchronized with the server. The risk that the policies are not synchronized while the policies are run is minimized in the RMI and WS SM since they are long running and synchronize with the server often or when distributed from the server. Is there a way / configuration to make sure that the policies are synchronized (atleast once) before accepting requests?
You can set parameter “oracle.security.jps.runtime.pd.client.waitDistributionTime”
Please look at the official docs for more info:
…it specifies the amount of time that a Security Module will wait for initial policy distribution to happen. During this wait period, authorization requests are blocked until either the initial policy distribution completes or the configured period expires…
Thanks,
Subbu Devulapalli
Hi Subbu,
I had to create a Weblogic SM and I followed the steps, but with a slight twist. I did not have the SM existing in OES Admin. Lets say the name of SM is WLS-SM. So I did not have WLS-SM in APM and then I created an SM instance as mentioned in step 5) of Create an SM Instance of your post. Now, after the SM Weblogic instance was created, I went back to APM console and created WLS-SM. Would this work?
Thanks
Alok
Hi Alok,
When an SM (in this case WebLogic) starts, it sends out a request to OES Admin saying “I am running at , please send me any policy updates”. In your case, restarting WLS container should be sufficient to clear the problem.
Bye,
Subbu
Hi Subbu,
Thanks for your great blog. Almost the only up to date and freely availble resource for OES on the whole web.
I was trying to use RMI SM server rather than WebService SM for faster communication with SM but there seems to be no docs in this topic.
I my scenario, I don’t want to use RMI in place of Java SM in the same host, but consume the services remotely relaying only on rmi-stub and weblogic client jar files. Would you please provide a sample code for an RMI client consuming services published by above RMI server (e.g. authorization, role, service locator).
BTW any javadocs describing RMI SM classes (e.g. rmi-types.jar) would be helpful too.
Thanks
Amin
Hi again Subbu,
I just got it working with a little help of a Java decompiler. Had to set my serverHost in socketConfiguration. I think that is required for serviceLocator pattern used here. Will be thankful to see your response and will post my own method in a blog entry soon.
Thank again,
Amin Abbaspour
Hi Amin,
thanks very much for letting me know
Bye,
Subbu
Hi,
As I promised, here is the link to the post:
http://aminsblog.wordpress.com/2011/11/21/oracle-entitlement-server-oes-lightweight-rmi-client/
Have a look at it and see if anything is missing.
Amin
Amin,
thanks very much for the blog post. BTW, the new BP01 (Bundled Patch 01) addresses the distribution status page. Sorry for delay in getting back to you. I was recovering from a long vacation
Bye,
That’s a good news Subbu. Hope you enjoyed vacation
Thanks Subbu, much appreciated.
Had another question, For policy evaluation role mapping/authorization, I wanted to see OES logs. These logs would suggest what are the principals associated with a subject and why a grant/deny decision was taken by OES.
I created a logging.properties file in /oracle/middleware/oes_client/oes_sm_instances/My_SM/config/logging.properties. And also enabled the following loggers:
oracle.oes.sm.level=FINEST
oracle.jps.authorization.level=FINEST
oracle.oes.pd=FINEST
But I dont see the file being created. I tried creating logging.properties in /oracle/middleware/user_projects/domains/oes_my_domain/config/logging.properties and enabled the same loggers. Please suggest.
Thanks
Alok
[...] to posts from Subbu one finds it easy to create and configure an RMI client to OES by replacing jps-config of a normal [...]