Wednesday, October 7, 2009

Calling OES from inside a J2EE web app

For my OpenWorld demo I needed to make calls to OES from inside my J2EE web application. There are a bunch of ways to do that - calling the Java API, making SOAP or RMI calls to a remote Security Module, using the tag library, and a few other lesser known ways. All of those ways are just fine, but my all time favorite way to call OES when I'm running inside WebLogic is to let someone else do all the hard work... so I use the OES Control.

The public javadoc describes the ALESControl at a high level. From that you gather that the control is a plug-in to Workshop for WebLogic that makes calling OES for WebLogic Portal or WebLogic Interaction easier. But why am I talking about it here when I am writing an app that has nothing to do with Portal or Interaction?

I'm glad you asked.

As long as you're code is running inside WebLogic the ALESControl provides the simplest interface to OES that you can imagine. Here's an example of calling OES using the ALESControl.


ALESControl ctrl = new ALESControlImpl();
if ( ctrl.isAccessAllowed(resource, action, m))
System.out.println( "access is allowed" );
else
System.out.println( "access is denied" );


The params resource and action are each a simple String. The third param, m, is a Map.

Notice what's not there? For one thing the user's identity - that comes from WebLogic's security context automatically. You also don't have to do any initialization, configuration or indeed anything that could be called hard or messy.

I tend to wrap even this simple code in my own interface so that if I ever repurpose some of my code and need to use some other interface to OES my changes are localized in one place.

Anyway here's my wrapper, or at least the part of it that you care about.


public class AZRequestHandler implements AZRequestInterface
{
private String action = "";
private String resource = "";
private HashMap m = new HashMap();

public void setAction( String action )
{
this.action = action;
}

public void setResource( String resource )
{
this.resource = "Application/" + resource;
}

public void addAttribute(String name, String value) {
(String) value '" + value + "'" );
m.put(name, value);
}

public void addAttribute(String name, int value) {
(integer) value " + value );
m.put(name, value);
}

public String[] getRoles()
{
ALESControl ctrl = new ALESControlImpl();

String roles[] = null;

try {
Collection x = ctrl.getRoles(resource, action, m);

roles = new String[x.size()];
int i = 0;
Iterator it = x.iterator();
while( it.hasNext() )
{
roles[i++] = (String)it.next().toString();
}
}
catch (ALESControlException e) {
// TODO Auto-generated catch block
System.out.println( "Exception caught" );
e.printStackTrace();
}

return roles;
}

public boolean isAuthorized() {
ALESControl ctrl = new ALESControlImpl();

// Fall through = return false (fail safely)
boolean retval = false;

try {
if ( ctrl.isAccessAllowed(resource, action, m))
retval = true;

} catch (ALESControlException e) {
// TODO Auto-generated catch block
System.out.println( "Exception caught" );
e.printStackTrace();
}

return retval;
}
}


Yes, there are some System.out.println() calls in there and there's no actual handling of Exceptions. I leave that to you, but this is good enough for my little demo.

If you happen to be using JDeveloper to make your web app then to get the ALESControl interface all you need to do is add Oracle/Middleware/ales32-ssm/wls-ssm/lib.eclipsePlugins/ALESControl.jar to your projects Classpath entry. Then deploy the app as normal.

Sometimes simple is best.

2 comments:

  1. HI,
    I am working on the same concept, could you please let me know how to set the application context.

    Thanks and Regards,
    Sridhar

    ReplyDelete
  2. Hi Sridar.

    I assume you're trying to find the equivalent call to ales:setSecurityContext? If so there isn't an equivalent. You can see above I just remember to prefix the prefix you want on the resource string you are authorizing.

    This is because the ALESControl is not actually the tag library code.

    Chris

    ReplyDelete

Note: Only a member of this blog may post a comment.