User Management Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Configuring a UUP

WebLogic Portal includes a Unified User Profile (UUP) service that lets you add and manage users and their properties in a single logical location—even if the user data is stored in external systems, such as an LDAP server. You can add this additional data to a User’s Profile.

A UUP extension lets WebLogic Portal read property values stored in external data stores, such as openLDAP servers, legacy applications, Netscape iPlanet user stores, and flat files. If you have an existing provider with users, groups, and additional properties (such as address, e-mail address, phone number, and so on), you can use a UUP to bring those user properties into WebLogic Portal.

A UUP allows you to access existing user information without migrating that data into the portal schema. See Planning to Use a UUP to determine when to use UUP.

Whether or not you have additional properties stored in your external user store, the external users and groups you connect to WebLogic Portal are automatically assigned the default user property values you have set up in WebLogic Portal (without using a UUP). With the Administration Console, you can change the WebLogic Portal property values for those users. These values are stored in WebLogic Portal's RDBMS user store using the portal schema.

In WebLogic Portal, you can retrieve and edit user property values and use those property values to set up Personalization, Delegated Administration, and Visitor Entitlement. See the Security Guide for instructions on setting up Delegated Administration and Visitor Entitlement.

Note: In WebLogic Portal 8.1, you configured a UUP by creating an EJB and then adding the appropriate descriptors to the ejb-jar.xml file and the weblogic-ejb-jar.xml file in the p13n-ejb-jar file. In WebLogic Portal 9.2, you can use Workshop for WebLogic during portal application development, or you can use the Administration Console during portal runtime to register a UUP EJB and avoid manually editing the JAR and XML files. See Choosing a Method to Configure a UUP and Creating a UUP EJB.

Figure 6-1 shows where a UUP fits between an external user store and the WebLogic product environment.

Figure 6-1 Unified User Profile

Unified User Profile

Table 1 Unified User Profile
1
External RDBMS User Store – The user store supports authentication, and contains users and passwords in one database table and groups in another. Giving a user store authentication capabilities (as an authentication provider or identity asserter) involves configuration steps that are not associated with the UUP configuration process. UUP configuration is not dependent on the user store configuration and vice versa.
After the RDBMS user store is connected to WebLogic Server, both WebLogic Server and WebLogic Portal can see those users and groups. Those users can log into your portal applications, and you can include those users and groups in your rules for Personalization, Delegated Administration, and Visitor Entitlement. Also, WebLogic Portal's ProfileWrapper maps the principals to properties kept in the portal schema, thereby establishing the User Profile.
2
UUP – The same external table that contains users and passwords also contains additional properties (e-mail and phone) for each user. These additional properties are not part of authentication, but they can be part of each User's Profile. If you want to access these properties in your portal applications (with the WebLogic Portal JSP tags, controls, or API), you must configure a UUP for the RDBMS user store. When you configure the UUP, the ProfileWrapper includes the external properties in the User Profile. The UUP extension consists of a stateless session bean and associated classes that you create.
If you want to surface any of these properties in the Administration Console to define rules for Personalization, Delegated Administration, or Visitor Entitlement, create a User Profile property set for the external user store in addition to implementing your UUP session bean. The property set provides metadata about your external properties so that Workshop for WebLogic and the Administration Console can display them.
Properties from an external data store are typically read only in the Administration Console.
3
BEA Workshop for WebLogic Platform and Administration Console – You can create default user and group properties and set default values for those properties. Any user or group in WebLogic Server, whether created in the default RDBMS user store or brought in through a connection to an external user store, is automatically assigned those default property values. You can change the default values for each user or group, either programmatically or in the Administration Console. This does not involve a UUP, because the properties being retrieved are WebLogic Portal properties, so they are not stored in an external user store.
After the user store or identity asserter provides the users and groups, as shown in Figure 6-1, the ProfileWrapper combines the users and groups with the external properties of e-mail and phone (retrieved by the UUP) and the default WebLogic Portal properties of address and postal code, all of which make up the complete User Profile.

The chapter includes the following sections:

 

Choosing a Method to Configure a UUP

WebLogic Portal 9.2 provides three ways to configure a UUP, but the third method is not recommended:

  1. Configure a UUP in Workshop for WebLogic – Edit the p13n-profile-config.xml descriptor file in Workshop for WebLogic to configure the UUP extension during the portal development phase. The descriptor file is deployed with the packaged enterprise application. A UUP that is configured in Workshop for WebLogic the takes precedence over a manual configuration from EJB environment properties.
  2. Configure a UUP in the Administration Console – After you deploy your portal, you can still configure a UUP in the Service Administration menu in the Administration Console. A UUP that you create in the Administration Console modifies the deployment plan for the application and requires a redeployment. See the Production Operations Guide and the WebLogic Server documentation for more information. A UUP that is configured in the Administration Console takes precedence over a UUP created in Workshop for WebLogic or a manual configuration from EJB environment properties.
  3. Configure a UUP Manually – In WebLogic Portal 8.1, you could use a text editor to configure a UUP EJB and add the appropriate descriptors to the ejb-jar.xml file and the weblogic-ejb-jar.xml file in the p13n-ejb.jar file. You can still use this manual method in Portal 9.2, but it is not recommended because it is difficult to maintain and upgrade. You must unjar the archived library module file, modify the descriptors in their respective XML files, and then jar the contents of the archive to include the modifications. See Creating a UUP EJB for instructions.

    4. Whenever possible, you should configure a UUP in Workshop for WebLogic (rather than manually) because of the following reasons:

    • When you manually edit the EJB deployment descriptor files, you can make errors that are discovered only at runtime. (This is also true for a UUP configured in Workshop for WebLogic or the Administration Console.)
    • When you open the p13n_ejb.jar file to edit its contents, the result can be server down time.
    • If WebLogic Portal issues a patch or you do a Service Pack upgrade that touches one of the classes in the p13n_app.jar file (which is what occurs when you use Workshop for WebLogic), you must manually merge all the descriptor modifications into the new JAR file to make the UUP work again.

      • A UUP that you configured in the Administration Console at runtime uses the deployment plan and takes precedence over the same UUP that you create in Workshop for WebLogic during portal development. See Verifying the UUP. Existing UUPs that you configured manually in previous versions of WebLogic Portal can co-exist with new UUPs that you configure in the Administration Console or in Workshop for WebLogic. See Creating a UUP EJB for instructions for manually configuring a UUP for Portal 9.2.

      Tip: Manually creating and configuring a UUP can be prone to error and the UUP can be difficult to maintain and upgrade.

 

Configuring a UUP in the Administration Console

You can retrieve data from an external source by configuring a UUP in the Administration Console. The steps below assume that you have created a new Portal domain in Workshop for WebLogic. This section contains the following topics:

Before you configure the UUP, you must create an EntityPropertyManager Enterprise Java Bean (EJB) to represent the external data. See Creating an EntityPropertyManager EJB for instructions.

Perform the following steps to configure a UUP and add properties to it using the Administration Console:

  1. After you create the EntityPropertyManage EJB, open the Administration Console by launching a web browser and entering the URL for the application.
  2. After you log into the Administration Console, select Configuration Settings > Service Administration.
  3. In the Resource Tree, select Unified User Profiles.
  4. In the Browse tab, click Add UUP.
  5. In the Name field, enter an appropriate name for this new UUP and complete the Description field. For example, enter UUPExample. See Figure 6-2.
  6. In the Property Mapping field, enter the name of the property set that represents a namespace of the external data. This field is the name of a property set or a single property. For example, enter UUPExample.
  7. In the EJB JNDI Name field, enter the name of the new EJB Java Naming and Directory Interface (JNDI) that accesses the data in the Property Mapping field that you defined in step 6 . The EJB JNDI directs the Profile Manager EJB to find the new PropertyManager at runtime. The format of this field is <UUP JAR file name>#<EJB name defined in UUP ejb-jar.xml>. For example, UUPExample.jar#MyEntityPropertyManager.
  8. Select the Is Creator and the Is Remover check boxes if the PropertyManager you created earlier implements certain methods and receives callbacks from the ProfileManager when profiles are created and removed. The default for these fields is unchecked. See Figure 6-2.
    9. Figure 6-2 Configure A New UUP


    Configure A New UUP

  9. Click Update.
  10. After you create a UUP, you can add specific UUP adapter configuration parameters (called adapter properties) to it. Adding configuration parameters is optional. On the Browse UUPs tab, click the name of your new UUP.
  11. In the UUP Details page, click Add Property.
  12. In the Description field, enter text to represent each UUP adapter.
  13. In the Name field, enter a unique name that matches the name of the deployed custom PropertyManager in the EJB descriptor file.
  14. In the Value field, define a value for the new property. A new property is shown in Figure 6-3.
    15. Figure 6-3 Add Properties to a New UUP


    Add Properties to a New UUP

  15. Click Update. The new UUPExample appears in the Browse tab, as shown in Figure 6-4.
    16. Figure 6-4 The New UUP


    The New UUP

  16. Log out of the Administration Console and stop the WebLogic Server, if it is running. Stopping the server results in minimal down time using this method to configure the UUP.
  17. You must redeploy your application for the new UUP and new properties to take effect. During the deployment, the UUP adapter configurations are merged from the deployment plan and the p13n-profile-config descriptor file stored in the META-INF directory of the portal application. Then the ProfileManager resolves the EJB references to the deployed custom PropertyManager using the name in the EJB JNDI Name field. If the references resolve successfully, property set mappings are created according to the property-adapter section specifications in the descriptor bean. At runtime, the properties in this property set are routed to the new PropertyManager. The new PropertyManager can also use descriptor beans to retrieve adapter-specific configuration parameters stored in one or more of the <adapter-property> fields.

Verifying the UUP

After you configure the UUP in the Administration Console (or Workshop for WebLogic), perform the following steps in the Administration Console to verify the UUP:

  1. In the Administration Console, choose Users, Groups, & Roles > User Management.
  2. In the User Tree, select Everyone.
  3. In the Browse tab, click Create New Users.
  4. Enter the user’s Name and a Password, and click Create User.
  5. In the User Tree, select the name of the new user and select the User Profile tab. Figure 6-5 appears.
    6. Figure 6-5 User Profile Tab for the New User


    User Profile Tab for the New User

  6. From the Profile Values for Property Set field, select your UUP from the drop-down list. For example, select UUPExample.
  7. Click the Edit icon next to the attribute1 property.
  8. In the Edit Profile dialog, enter a value for the field and click Update. The new value appears.
Note: You can also verify that the data exists by checking your database.

Editing a UUP in the Administration Console

You can use the WebLogic Portal Administration Console to change the configuration settings or properties for your UUP.

  1. In the Administration Console, choose Configuration Settings and Service Administration.
  2. Select Unified User Profiles.
  3. In the Browse UUPs tab, locate the UUP you want to change and click Edit.
  4. Click the Configuration Settings for: UUPName link, as shown in Figure 6-6.
    5. Figure 6-6 Click the Configuration Settings for: UUPExample Link to Edit It


    Click the Configuration Settings for: UUPExample Link to Edit It

  5. Enter your edits and click Update.
    6. Note: You can also edit the properties in your UUP by locating the property name in the UUP Browse tab and clicking Edit.
  6. In the Properties section, click Edit.
  7. In the Edit Property dialog, enter a new Description or a new Value, and click Update.
  8. You must redeploy your application for the changes to take effect.

 

Configuring a UUP in Workshop for WebLogic

A second way to retrieve data from an external source is to configure a UUP in the Workshop for WebLogic. (The other way is through the Administration Console; see Configuring a UUP in the Administration Console.) A descriptor file called p13n-profile-config.xml lets you define the mappings for the UUP.

Before you configure the UUP, you must create an EntityPropertyManager Enterprise Java Bean (EJB) to represent the external data. See Creating an EntityPropertyManager EJB for instructions.

Perform the following steps to create a UUP in Workshop for WebLogic:

  1. After you create the EntityPropertyManage EJB, start Workshop for WebLogic, open the Portal Perspective, and open the Merged Projects View.
  2. Open an existing Portal EAR project or create one (see the Portal Development Guide for instructions on creating an EAR project). Locate the p13n-profile-config.xml file in the <UUPApp>/EARContent/META-INF directory.
  3. If the p13n-profile-config.xml file is italicized, it exists in a library module and is not in the project itself. Select the file, right-click, and choose Copy To Project. The filename changes from italics to a normal font.
  4. Change to the Package Explorer View, and navigate to the <UUPApp>/EARContent/META-INF directory.
  5. Open the p13n-profile-config.xml file by double-clicking it.
  6. Add the following entry to the file:

    7. <property-adapter>
    <name>UUPExample</name>
    <description>UUP EJB</description>
    <property-mapping>UUPExample</property-mapping>
    <ejb-jndi>UUPExample.jar#MyEntityPropertyManager</ejb-jndi>
    <is-creator>true</is-creator>
    <is-remover>true</is-remover>
    </property-adapter>

  7. Save the file.
  8. Create a new WebLogic Server definition and associate the new server with a domain. For instructions, see the Portal Development Guide.
  9. Associate your UUP application with your server by select the server in the Servers tab, right-clicking, and choosing Add and Remove Projects. Select the UUP application from the Available Projects section, click Add, and then click Finish.
  10. Build and publish your application. Verify the application by starting the WebLogic Server Administration Console and clicking Deployments. Verify that the UUP application is active. Then open the UUP application by expanding the tree and verifying that the UUP JAR file appears as an EJB.
  11. Verify the UUP by following the instructions in Verifying the UUP.

Editing a UUP in Workshop for WebLogic

You can use Workshop for WebLogic to change the configuration settings or properties for your UUP.

Perform the following steps to edit a UUP in Workshop for WebLogic:

  1. In Workshop for WebLogic, change to the Package Explorer View and navigate to the <UUPApp>/EARContent/META-INF directory.
  2. Open the p13n-profile-config.xml file by double-clicking it.
  3. Edit the <property-adapter> entry for your UUP.
  4. Save the file.
  5. If y ou have already associated your UUP application with the server, build and republish the application.
  6. Verify the UUP by following the instructions in Verifying the UUP.

 

Upgrading a UUP

When you upgrade a UUP from WebLogic Portal 8.1, the p13n_ejb.jar file is deleted and replaced with a new WebLogic Portal 9.2 version of this file. The new p13n_ejb.jar file is packaged in the library modules that ship with WebLogic Portal 9.2.

Perform the following steps to upgrade a UUP configured in WebLogic Portal 8.1 to WebLogic Portal 9.2:

  1. Start BEA Workshop for WebLogic Platform and create a new Workspace.
  2. Create a new portal domain. Do not create a Portal EAR Project. For instructions on creating a new domain, see the Portal Development Guide.
  3. Import your Portal 8.1 UUP application into your new environment by choosing File > Import.
  4. In the Select dialog, select Workshop 8.1 Application and click Next.
  5. In the Application Import dialog, click Browse and locate your 8.1 UUP application. Select the .work file and click Open. Verify that the check boxes for the UUP application are selected and click Next, as shown in Figure 6-7.
    6. Figure 6-7 Locate the 8.1 UUP Application


    Locate the 8.1 UUP Application

  6. In the Source Upgrade dialog, select the Use WebLogic 9.0 J2EE Shared Libraries check box and you can also select the Replace BEA NetUI tags with Apache Beehive tags check box (if desired) and click Finish.
  7. After the upgrade finishes, verify that the following actions occurred:
    • The p13n-ejb.jar file was removed from the EARContent directory of the UUP application.
    • The UUP EJB JAR file (for example, UUPExample.jar) exists in the EARContent directory of the UUP application.
    • The UUP EJB JAR file is referenced in a module entry in the application.xml file in the <UUPApplication>/EARContent/META-INF/ directory.
    • As an example, the cache entry below was added to the p13n-cache-config.xml file in the <UUPApplication>/EARContent/META-INF/ directory:
      • <p13n:cache>
           <p13n:name>UUPExampleCache</p13n:name>
           <p13n:description>Cache for UUP Example</p13n:description>
           <p13n:time-to-live>60000</p13n:time-to-live>
           <p13n:max-entries>100</p13n:max-entries>
      </p13n:cache>
    • Verify that the User Profile file (for example, UUPExample.usr) file exists in the data/src/userprofiles/ directory (or where your Datasync folder exists).
  8. Associate your portal application with your WebLogic Server by selecting the server in the Servers tab, right-clicking the server, and choosing Add and Remove Projects. Select the UUP application from the Available Projects section, click Add, and then click Finish.
  9. Build and publish your application. Verify the application by starting the WebLogic Server Administration Console and clicking Deployments. Verify that the UUP application is active. Then open the UUP application by expanding the tree and verifying that the UUP JAR file appears as an EJB.

For more information about upgrading other non-portal applications from WebLogic Portal 8.1, see the Upgrade Guide.


  Back to Top       Previous  Next