Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 1 of 36
Customizing Oracle Identity Governance: Configuring JDeveloper
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 2 of 36
Customizing Oracle Identity Governance : Configuring JDeveloper
Overview
Customizing the user interface in Oracle Identity Governance involves writing managed beans and ADF task flows using the Java programming language. This document describes the steps to
create a JDeveloper project of the correct type
build the project, resulting in a Java library containing the compiled code
deploy the library to Oracle Identity Governance
configure authorization policies so that task flows are displayed
Pre-requisites Before starting this tutorial, you should:
Have installed a Linux environment.
Have downloaded, installed, and configured Oracle Identity Governance 11g, release 2
PS1 in the /u01/app/Oracle/Middleware directory structure with an instance
name of Oracle_IDM1. If your installation path and the instance name are different, make a note of the values. You will need it for this tutorial.
Have created an environment variable called $OIM_ORACLE_HOME in the
/u01/app/Oracle/Middleware directory structure for Oracle Identity Governance
11g, release 2 PS1.
Have downloaded, installed, and configured Oracle JDeveloper 11.1.1.6.0 in the
/stage/JDeveloper directory structure. If your installation path is different, make a
note of the value. You will need it for this tutorial.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 3 of 36
Step 1: Creating a JDeveloper project
1. Start JDeveloper.
2. Select the Default Role radio button and click OK.
3. Create a new JDeveloper application workspace. To do this, either:
click New Application in the Application Navigator
or select Application > New from the menu.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 4 of 36
4. Enter the name of the JDeveloper application workspace, the directory in which to store the application workspace, and the package prefix for the application. Select the Generic Application application template, and click Next.
5. Click Finish to create the default project.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 5 of 36
6. Delete the default project from the workspace. To do this, right-click the project in the project pane, and select Delete Project.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 6 of 36
7. Select "Remove project and delete all of its contents." Click Yes and Yes to confirm the deletion of the project.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 7 of 36
8. Create a new ADF ViewController project. To do this:
a. Right click in the project pane, and select New Project.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 8 of 36
b. In the left pane, select General > Projects. In the right pane, select ADF ViewController Project and click OK.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 9 of 36
c. In the Project Name field, enter the name of the project. In this example, the project is called "System News." Click Next.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 10 of 36
d. Accept the default values on the Java Settings page, and click Finish.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 11 of 36
The new project appears in the projects pane in JDeveloper.
9. Set project properties for the new project. To do this:
a. Right-click the project, and select Project Properties.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 12 of 36
b. Select the "Libraries and Classpath" node, and click Add Library.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 13 of 36
c. Click Load Dir
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 14 of 36
d. In the file browser, browse to the $OIM_ORACLE_HOME/server/jdev.lib directory,
and click Select. OIM_ORACLE_HOME is the installation directory for the Oracle Identity
Governance product. In this example, $OIM_ORACLE_HOME maps to the directory
/u01/app/Oracle/Middleware/Oracle_IDM1.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 15 of 36
e. Select all three OIM libraries by holding down the Control key, and clicking on each of the OIM libraries. Click OK.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 16 of 36
f. Verify that the libraries have been added to the project classpath. Click OK.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 17 of 36
10. Modify the deployment profile so that a build creates an ADF library. To do this:
a. Right-click on the project, and select Project Properties.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 18 of 36
b. Select the Deployment node. Select the default deployment profile and click Delete.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 19 of 36
c. Click New to create a new deployment profile.
d. In the Create Deployment Profile dialog, select ADF Library JAR File from the Archive Type drop-down. The name of the deployment profile is updated automatically. Click OK.
e. If you are prompted to edit the Deployment Profile Properties, leave the settings at the defaults, and click OK.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 20 of 36
f. Click OK to close the Project Properties dialog.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 21 of 36
You are ready to start creating Java classes to implement ADF task flows in the ViewController project.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 22 of 36
Step 2: Building the ADF library
Once you have created the ADF taskflow in JDeveloper, the next step is to build the ADF library.
1. In JDeveloper, select the project in the Projects pane. Right-click the project (in this example, the SystemNews project) and select Deploy > DeploymentProfile (in this example, the Deployment Profile is adflibSystemNews1.)
2. Click Next
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 23 of 36
3. Click Finish
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 24 of 36
4. Select the Deployment tab in the Log pane, to view build and deployment messages.
In this example, the JAVA library adflibSystemNews1.jar has been built in the
/stage/jdeveloper/projects/UICustomization/SystemNews/deploy directory.
You have built the ADF library in JDeveloper.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 25 of 36
Step 3: Deploying the ADF library
The ADF library (a Java library containing the custom task flows) must be deployed as part of a
placeholder WAR file oracle.iam.ui.custom-dev-starter-pack.war. This WAR file is
located in the $OIM_ORACLE_HOME/server/apps directory. In this example, this WAR file is
located in the /u01/app/Oracle/Middleware/Oracle_IDM1/server/apps directory.
1. Open a Terminal window, and navigate to the $OIM_ORACLE_HOME/server/apps
directory.
$ cd /u01/app/Oracle/Middleware/Oracle_IDM1/server/apps
2. Create a new temporary directory and unpack the WAR file into this directory.
$ mkdir custom-dev-starter-pack
$ cd custom-dev-starter-pack
$ jar xf ../oracle.iam.ui.custom-dev-starter-pack.war
3. Copy the ADF library into the WEB-INF/lib directory. In this example, the ADF is called
adflibSystemNews1.jar, and is located in the
/stage/jdeveloper/projects/UICustomization/SystemNews/deploy directory.
$ cp
/stage/developer/projects/UICustomization/SystemNews/deploy/adfl
ibSystemNews1.jar WEB-INF/lib
4. At this point, any other necessary customizations should be carried out. For example, when
creating a Home Page Portlet, the custom-catalog.xml file must be edited.
5. Once all necessary customizations are complete, repackage the WAR file, being careful not
to overwrite the manifest file. If you are using the jar command, the option to not create a
manifest file is "M".
$ jar cMf ../oracle.iam.ui.custom-dev-starter-pack.war *
6. Stop the managed server for Oracle Identity Governance. If the server is not stopped, updating the WAR file in WebLogic Server will not succeed.
7. Open a web browser, and launch the WebLogic administration console. The default URL for
this is http://<hostname>:7001/console.
8. Sign in as the weblogic user.
9. In the Domain Structure section, select Deployments.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 26 of 36
10. In the Deployments table, use the Previous and Next links to find the oracle.iam.ui.custom deployment.
11. Select the checkbox for oracle.iam.ui.custom, and click Update.
12. Click Next.
14. Click Finish.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 27 of 36
A confirmation message is displayed.
15. Start the managed server for Oracle Identity Governance.
You have deployed the ADF library to Oracle Identity Governance.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 28 of 36
Step 4: Configuring Authorization Policies
Oracle Identity Governance uses an embedded instance of Oracle Entitlements Server (OES) to implement authorization policies. The final step in adding a custom task flow to Oracle Identity Governance is to configure the authorization policies in the OES administration console to allow the new task flow.
For a deployment of Oracle Identity Governance (OIG), only one Resource Type needs to be created in OES. Therefore, for each deployment of OIG, steps 3 to 5 need only be performed once. Perform steps 6 to 13 for each new task flow that you add to OIG.
1. Open a web browser, and launch the Oracle Entitlements Server (OES) administration
console. The default URL for the OES console is http://<hostname>:7001/apm.
2. Sign in as the weblogic user.
3. Navigate to the Applications > OracleIdentityManager > Resource Types node, and click New.
4. Use the table below to complete the form, and click Save.
Field Name Field Value
Display Name ADF Taskflows
Name ADFTaskflows
Actions personalize
customize
grant
view
Hint: Click New to add each action
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 29 of 36
Supports Resource Hierarchy
No
Resource Delimiter Slash (/)
Evaluation Logic Permission Class
Permission Class oracle.adf.controller.security.TaskFlowPermission
Action Name Delimiter
Comma(,)
Use the image below to guide you.
5. Navigate to the Applications > OracleIdentityManager > Default Policy Domain > Resource Catalog > Resources node, and click New.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 30 of 36
6. Use the table below to complete the form, and click Save.
Field Name Field Value Comment
Resource Type ADF Taskflows This is the Resource Type created in steps 3 to 5
Display Name System News Portlet This is a user-friendly name of the taskflow to be added. In this example, it is System News Portlet
Name /WEB-INF/system-news.xml#system-news This is the path to the XML file and attribute containing the definition of the taskflow, stored in the ADF library deployed to OIM. In this example, the taskflow has the
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 31 of 36
name system-
news, and is defined
in the XML file system-news.xml
in the WEB-INF
folder in the ADF library.
Use the image below to guide you.
7. Navigate to the Applications > OracleIdentityManager > Default Policy Domain > Authorization Policies node, and click Open.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 32 of 36
8. Click Search.
9. Select the policy where you wish to expose the task flow. Most task flows will be in the Identity Self Service Console, for authenticated users, so select the "Policy for authenticated role" policy. Click Open.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 33 of 36
10. Click Add Targets.
11. Select the Resource tab, and click Search.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 34 of 36
12. Select the taskflow that you wish to add to the policy. In this example, the taskflow is the System News Portlet. Click Add Selected to add the taskflow to the Selected Targets list, and click Add Targets.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 35 of 36
13. Find the taskflow that you added to the policy (you may have to scroll down the list). Expand the taskflow using the expand control to the left of the taskflow, and select the permissions that you wish to apply to the taskflow. Most taskflows only require the "view" permission. Click Apply.
Copyright © Oracle, 2013.. All rights reserved.
Customizing Oracle Identity Governance : Configuring JDeveloper
Page 36 of 36
You have configured the authorization policies in OES to make the newly added taskflow visible in OIG.