When you have requirement to build some application which is deployed in OIM managed server and have to perform operation in OIM using OIM API, you need oimclient object to initialize api.
There are different ways to initialize the oimclient like using signature base login, using oim admin user's credentials. But you cant keep the user credentials in plain text in properties file. Using credential maps in em you can access admin user's credentials but again you have to be aware that whenever you are changing that user's password, you have to update the map.
To avoid all these steps OIM PS3 version provides one more way to initialize oimclient. Below are the steps/configuration you have to do in your custom application to get the oimclient object initialized.
1. Write a method in custom application class where you can initialize oimclient as shown below:
public void login() {
OIMInternalClient _oimClient;
try {
System.out.println("Trying to initialize oimclient");
_oimClient = new OIMInternalClient(new Hashtable());
_oimClient.loginAsAdmin();
System.out.println("OIM Client login successful");
} catch (Exception e) {
e.printStackTrace();
}
}
Note: Here I have used OIMInternalClient, you can type case this object to oimclient once its initialize.
2. Create jazn-data.xml file and add below details to it.
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<!DOCTYPE jazn-data PUBLIC "JAZN-XML Data" "http://xmlns.oracle.com/ias/dtds/jazn-data.dtd">
<jazn-data>
<jazn-policy>
<grant>
<grantee>
<codesource>
<url>file:${domain.home}/servers/${weblogic.Name}/tmp/_WL_user/CustomEAR/-</url> -- Specify the location where your application is deployed.
</codesource>
</grantee>
<permissions>
<permission>
<class>oracle.security.jps.JpsPermission</class>
<name>IdentityAssertion</name>
</permission>
</permissions>
</grant>
</jazn-policy>
</jazn-data>
3. Create weblogic-application.xml file and add below details to it.
<?xml version = '1.0' encoding = 'windows-1252'?>
<weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application/1.0/weblogic-application.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-application">
<application-param>
<param-name>jps.credstore.migration</param-name>
<param-value>MERGE</param-value>
</application-param>
<application-param>
<param-name>jps.policystore.migration</param-name>
<param-value>MERGE</param-value>
</application-param>
<listener>
<listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
</listener>
</weblogic-application>
4. Copy both jazn-data.xml and weblogic-application.xml to META-INF folder of ear.
5. Build the ear and deploy on OIM Managed server. When your will call the login method, it will initialize oimclient for you.
There are different ways to initialize the oimclient like using signature base login, using oim admin user's credentials. But you cant keep the user credentials in plain text in properties file. Using credential maps in em you can access admin user's credentials but again you have to be aware that whenever you are changing that user's password, you have to update the map.
To avoid all these steps OIM PS3 version provides one more way to initialize oimclient. Below are the steps/configuration you have to do in your custom application to get the oimclient object initialized.
1. Write a method in custom application class where you can initialize oimclient as shown below:
public void login() {
OIMInternalClient _oimClient;
try {
System.out.println("Trying to initialize oimclient");
_oimClient = new OIMInternalClient(new Hashtable());
_oimClient.loginAsAdmin();
System.out.println("OIM Client login successful");
} catch (Exception e) {
e.printStackTrace();
}
}
Note: Here I have used OIMInternalClient, you can type case this object to oimclient once its initialize.
2. Create jazn-data.xml file and add below details to it.
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<!DOCTYPE jazn-data PUBLIC "JAZN-XML Data" "http://xmlns.oracle.com/ias/dtds/jazn-data.dtd">
<jazn-data>
<jazn-policy>
<grant>
<grantee>
<codesource>
<url>file:${domain.home}/servers/${weblogic.Name}/tmp/_WL_user/CustomEAR/-</url> -- Specify the location where your application is deployed.
</codesource>
</grantee>
<permissions>
<permission>
<class>oracle.security.jps.JpsPermission</class>
<name>IdentityAssertion</name>
</permission>
</permissions>
</grant>
</jazn-policy>
</jazn-data>
3. Create weblogic-application.xml file and add below details to it.
<?xml version = '1.0' encoding = 'windows-1252'?>
<weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application/1.0/weblogic-application.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-application">
<application-param>
<param-name>jps.credstore.migration</param-name>
<param-value>MERGE</param-value>
</application-param>
<application-param>
<param-name>jps.policystore.migration</param-name>
<param-value>MERGE</param-value>
</application-param>
<listener>
<listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>
</listener>
</weblogic-application>
4. Copy both jazn-data.xml and weblogic-application.xml to META-INF folder of ear.
5. Build the ear and deploy on OIM Managed server. When your will call the login method, it will initialize oimclient for you.
You mentioned jazn-data.xml in both the files.I think one of them is weblogic-application.xml
ReplyDelete