Using OpenLDAP as security provider in WebLogic

The post of Frank Nimphius on OTN over using OID as security provider in WebLogic inspired me to use OpenLDAP instead of OID. I will be using the standard LDAPAuthenticator for OpenLDAP too. Here are my steps to make it work.

Here is the ldif file I used.

First we create a organisation unit called groups

Do the same for persons

Add some persons to the persons organisation unit.

We can create a new group called ICT in the groups organisation unit and add the just created persons as member attributes.

Go to the default security realm and a new LDAPAuthenticator provider called OpenLDAP

Select the OpenLDAP provider and go to the Provider Specific tab where we will change some properties.

These are the openldap settings

• User Name Attribute: sn
• Principal: o=sgi,c=us
• Enable Propagate Cause For Login Exception
• Host: localhost
• User Object Class: person
• Static Member DN Attribute: member
• Group From Name Filter: (&(cn=%g)(objectclass=groupofNames))
• Static Group DNs from Member DN Filter: (&(member=%M)(objectclass=groupofNames))
• Enable Use Retrieved User Name as Principal
• Credential: your ldap password
• Confirm Credential: your ldap password
• Group Base DN: ou=groups, o=thecompany, o=sgi,c=us
• User From Name Filter: (&(sn=%u)(objectclass=person))
• Static Group Name Attribute: cn
• User Base DN: ou=persons, o=thecompany, o=sgi,c=us
• Static Group Object Class: groupofNames

Restart Weblogic and go the users and groups tab of the default security realm

Lookup Oracle database queue (AQ) with jndi and LDAP

In my previous blog entry I explained how you can register tnsnames entries and database connections in OpenLDAP, this blog entry goes a little further. This blog explains how you can register Oracle database queues (AQ) in ldap and use them with JNDI. I don't use OID because the product takes too many resources. I just want to lookup some queues. So I downloaded openldap and create the oracle ldap schema and add this to openldap. Now I can register oracle object in LDAP and use it in java.

Here you see how my LDAP tree looks like. Click here to get the LDIF file
SCOTT.TEST is a queue called test in the scott oracle schema. SCOTT.TEST_TABLE is the queue table of the test queue.
The LDAP attributes of the queue entry and this queue has a pointer to the queue table (first attribute)
The queue table attributes

The database connection registration which you can use for the connection factory
Here is the plsql code to create the queue and queue table

begin 
  sys.dbms_aqadm.create_queue_table(   
       queue_table => 'TEST_TABLE',
       queue_payload_type => 'SYS.AQ$_JMS_MESSAGE',
       sort_list => 'PRIORITY',   
       compatible => '10.0.0',   
       primary_instance => 0,   
       secondary_instance => 0,   
       storage_clause => 'tablespace USERS pctfree 10 initrans 1 maxtrans 255 storage ( initial 64K minextents 1 maxextents unlimited )');
end;
/
begin 
    sys.dbms_aqadm.create_queue(   
       queue_name => 'TEST',   
       queue_table => 'TEST_TABLE',   
       queue_type => sys.dbms_aqadm.normal_queue,
       max_retries => 5,   
       retry_delay => 0,   
       retention_time => 0);
end;
/

The java code where we do a lookup of the database connection to create the connection factory and do a lookup to create a queue.

package jms2;

import java.util.Hashtable;
import javax.jms.JMSException;
import javax.jms.Queue;
import javax.jms.QueueConnection;
import javax.jms.QueueConnectionFactory;
import javax.jms.QueueReceiver;
import javax.jms.QueueSender;
import javax.jms.QueueSession;

import javax.jms.TextMessage;

import javax.naming.Context;
import javax.naming.NamingException;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;

//import oracle.jms.AQjmsOracleDebug;


public class jmsclient2 {

  Hashtable env = null;
  boolean envSet = false;
  private QueueConnection         connection  = null;
  private QueueSession            session     = null;
  private QueueSender             sender      = null;
  private QueueReceiver           receiver    = null;
  private QueueConnectionFactory  queueConnectionFact = null;;
  private Queue                   queue        = null;;


  public void testRegistration() {
//    AQjmsOracleDebug.setLogStream(out);
//    AQjmsOracleDebug.setTraceLevel(AQjmsOracleDebug.AQ_ORA_TR6);
//    AQjmsOracleDebug.setDebug(true);

     env = new Hashtable(5, 0.75f);
     env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
     env.put(Context.PROVIDER_URL           , "ldap://localhost:389");
     env.put(Context.SECURITY_AUTHENTICATION, "simple");
     env.put(Context.SECURITY_PRINCIPAL     , "o=sgi,c=us");
     env.put(Context.SECURITY_CREDENTIALS   , "secret");

    DirContext dirContext = null;
    try {
      dirContext = new InitialDirContext(env);

      dirContext=(DirContext)dirContext.lookup("cn=ORCL, cn=OracleContext, ou=Services, o=sgi,c=us");
      DirContext destctxCF = (DirContext)dirContext.lookup("cn=oracledbconnections");
      DirContext destctxQF = (DirContext)dirContext.lookup("cn=OracleDBQueues");

      queueConnectionFact = (QueueConnectionFactory)destctxCF.lookup("cn=SCOTT");
      queue               = (Queue)                 destctxQF.lookup("cn=SCOTT.TEST");

      connection = queueConnectionFact.createQueueConnection();
      session = connection.createQueueSession(true, QueueSession.AUTO_ACKNOWLEDGE);
      connection.start();

      sender = session.createSender(queue);
      String xmlData = "1111";
      TextMessage message = session.createTextMessage(xmlData);
      sender.send(message);

      receiver = session.createReceiver(queue); 
      TextMessage textMessage = (javax.jms.TextMessage)receiver.receive();
      String xmlText = textMessage.getText();
      System.out.println(xmlText);

      
    } catch (NamingException ne) {
      ne.printStackTrace();
    } catch (JMSException jmse) {
      jmse.printStackTrace();
    }
  }
  
  public static void main (String[] args) {
      jmsclient2 client = new jmsclient2();
      client.testRegistration();

  }
}

That's all.

Using OpenLDAP for net8 and AQ connection factory

In this blog I will show you can use OpenLDAP to lookup your Oracle Net (tnsnames) connections or AQ connection factories. Now you don't need to have an Oracle Internet Directory (OID) installed. The first step is to download openldap. Install this and download my oracle.schema and put this in the schema folder of openldap. This file has to be included in the slapd.conf.
Edit slapd.conf and add
"include schema/java.schema"
"include schema/oracle.schema" .
Make sure anonymous can read the tnsnames entries.
access to dn="" by * read
access to *
by self write
by users read
by anonymous read
We have to configure the ldap for Oracle by making an OracleContext and oracledbconnections entry.

I do this with ldapbrowser. You can download it here. For this free java application I made some templates which you can use.

Do the same for oracledbconnections ( this is for the AQ entries) Now use the queue template in ldapbrowser.

To make a tnsnames entry I select the OracleContext ldap entry and I use the orclNetService template to create a new Oracle connection.

We are ready to use it, we only has to create ldap.ora in the network\admin folder. The ldap.ora looks like this.
DIRECTORY_SERVERS= (localhost:389:636)

DEFAULT_ADMIN_CONTEXT = "o=sgi,c=us"

DIRECTORY_SERVER_TYPE = OID

We start sqlplus and use the ldap name as tnsnames entry. I can also start net manager and go the Directory menuitem to see our ldap entry

The second part shows you can lookup an AQ connection factory with JNDI and ldap. first let's register a new connection in the ldap server. For this I only need the following jars files. jndi-1.2.1.jar,jta-1.0.1.jar, jms-1.1.jar,aqapi.jar and the jdbc jar of oracle

package jms2;

import java.util.Hashtable;
import java.util.Properties;
import javax.jms.JMSException;
import javax.naming.Context;
import oracle.jms.AQjmsFactory;

public class register_jms_to_oid {
    public register_jms_to_oid() {
        Hashtable env = new Hashtable(5, 0.75f);
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://localhost:389");
        env.put("server_dn", "o=sgi,c=us");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "o=sgi,c=us");
        env.put(Context.SECURITY_CREDENTIALS, "secret");
        String url = "jdbc:oracle:thin:@XPCND7010XMP:1521:orcl";
        Properties properties =  new Properties();
        properties.setProperty("user","scott");
        properties.setProperty("password","tiger");
        try {
             AQjmsFactory.registerConnectionFactory(env, "scott3", url ,properties, "queue");
        } catch ( JMSException e) {
            e.printStackTrace();
        }
    }
    public static void main(String[] args) {
        register_jms_to_oid register_jms_to_oid = new register_jms_to_oid();
    }
}

Now we can lookup this entry with standard jms calls.

package jms2;

import java.util.Hashtable;
import javax.jms.JMSException;
import javax.jms.Queue;
import javax.jms.QueueConnection;
import javax.jms.QueueSender;
import javax.jms.QueueSession;
import javax.jms.TextMessage;
import javax.jms.QueueConnectionFactory;
import javax.naming.Context;
import javax.naming.directory.DirContext;
import javax.naming.directory.InitialDirContext;
import javax.naming.NamingException;

public class lookup_jndi_queue {

    private QueueConnection         connection  = null;
    private QueueSession            session     = null;
    private QueueSender             sender      = null;

    public lookup_jndi_queue() {
   
        Hashtable              env = new Hashtable(5, 0.75f);
        DirContext             ctx;
        QueueConnectionFactory queueConnectionFact;
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://localhost:389");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "o=sgi,c=us");
        env.put(Context.SECURITY_CREDENTIALS, "secret");

        try {
            ctx = new InitialDirContext(env);
            ctx = (DirContext)ctx.lookup("cn=connections, o=sgi,c=us");
            Object reference = ctx.lookup("cn=scott");
            queueConnectionFact = (QueueConnectionFactory)reference;
            try {
                connection = queueConnectionFact.createQueueConnection();
                session = connection.createQueueSession(true, QueueSession.CLIENT_ACKNOWLEDGE);
                connection.start();
                QueueSession session = connection.createQueueSession(true, QueueSession.AUTO_ACKNOWLEDGE);
                Queue queue = session.createQueue("JMS_IN");
                sender = session.createSender(queue);
                String xmlData = "1111";
                TextMessage message = session.createTextMessage(xmlData);
                sender.send(message);
                session.commit();
            } catch (JMSException e) {
                // TODO
                e.printStackTrace();
            }
        } catch (NamingException ee) {
            // TODO
            ee.printStackTrace();
        }
    }

    public static void main(String[] args) {
        lookup_jndi_queue lookup_jndi_queue = new lookup_jndi_queue();
    }
}

You can also use the ldapbrowser template. The entry look this in ldap.

JNDI connections lookup with RMI and LDAP

In java you can lookup connections and datasources with JNDI. The Oracle java libraries enables you to do this against the OC4J Container with rmi or against the OID server with ldap ( probably this will work with other ldap servers too). The first part of this blog is about the ldap jndi lookup and second part is about the rmi lookup.
I use the ldap server of Oracle Identity Management 10g (10.1.4.0.1) to register the connection, which you can download at otn. First we have to rename the object OracleDBConnection and its cn attribute to lowercase. Now we can register the connection with java. We have to set server_dn so java can find the oracledbconnection object. In all the Oracle examples they use searchbase but this is not going to work then you get the following error message cn=oracledbconnections,null.

        Hashtable env = new Hashtable(5, 0.75f);
//        env.put(Context.INITIAL_CONTEXT_FACTORY, AQjmsConstants.INIT_CTX_FACTORY);
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://win2003_2:389");
        env.put("server_dn", "cn=IDENT, cn=OracleContext");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "cn=orcladmin");
        env.put(Context.SECURITY_CREDENTIALS, "Welcome01");
       
        String url = "jdbc:oracle:thin:@XPCND7010XMP:1521:orcl";
        Properties properties =  new Properties();
        properties.setProperty("user","scott");
        properties.setProperty("password","tiger");
       
        try {
             AQjmsFactory.registerConnectionFactory(env, "scott", url ,properties, "queue");

        } catch ( JMSException e) {
            e.printStackTrace();
        }

This is how it looks in ldap.



Now we can try to lookup the scott connection and create a queueconnection so we can dequeue the scott.JMS_IN queue

        Hashtable              env = new Hashtable(5, 0.75f);
        DirContext             ctx;
        QueueConnectionFactory queueConnectionFact;

        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL, "ldap://win2003_2:389");
        env.put(Context.SECURITY_AUTHENTICATION, "simple");
        env.put(Context.SECURITY_PRINCIPAL, "cn=orcladmin");
        env.put(Context.SECURITY_CREDENTIALS, "Welcome01");

        try {
            ctx = new InitialDirContext(env);
            ctx = (DirContext)ctx.lookup("cn=oracledbconnections,cn=IDENT,cn=OracleContext");
            queueConnectionFact = (QueueConnectionFactory)ctx.lookup("cn=scott");
            //  Start QueueConnection
            try {
                connection = queueConnectionFact.createQueueConnection();

                session = connection.createQueueSession(true, QueueSession.CLIENT_ACKNOWLEDGE);
                connection.start();
                queue = ((AQjmsSession)session).getQueue("scott", "JMS_IN");
                sender = ((AQjmsSession)session).createSender(queue);

                String xmlData = "1111";
                TextMessage message = session.createTextMessage(xmlData);
                sender.send(message);
                session.commit();
            } catch (JMSException e) {
                // TODO
                e.printStackTrace();
            }
        } catch (NamingException ee) {
            // TODO
            ee.printStackTrace();
        }

We can also lookup the jdbc/scott datasource with JNDI and rmi. First we have to create a datasource in the oc4j container. You can do this with the em webapp or go the datasources.xml in the config folder. You need a lot of oc4j container libraries to get this working. ( oc4jclient.jar , oc4j-internal.jar, connector.jar, bcel.jar, pcl.jar, jazn.jar and adminclient.jar )

        Context ctx;
        try {
            Properties parm = new Properties();
            parm.setProperty("java.naming.factory.initial","com.evermind.server.rmi.RMIInitialContextFactory");
            parm.setProperty("java.naming.provider.url","ormi://localhost:23791/");
            parm.setProperty("java.naming.security.principal","oc4jadmin");
            parm.setProperty("java.naming.security.credentials","welcome");
            
            ctx = new InitialContext(parm);
            DataSource ds = (DataSource)ctx.lookup("jdbc/scott");
            //Bepaal dbUser:
            Connection conn = ds.getConnection();
            dbUser = conn.getMetaData().getUserName();
            conn.close();
            factory = AQjmsFactory.getQueueConnectionFactory(ds);
            //  Maak QueueConnection
            connection = factory.createQueueConnection();
            //  Maak QueueSession
            session = connection.createQueueSession(true, Session.CLIENT_ACKNOWLEDGE);
            //  Start QueueConnection
            connection.start();
            //  Haal Queue op
            queue = ((AQjmsSession)session).getQueue(dbUser, queueTable);
            //  Maak QueueSender
            sender = ((AQjmsSession)session).createSender(queue);
        } catch (NamingException e) {
            throw new RuntimeException("Fout opgetreden bij het starten ",
                                       e);
        } catch (JMSException je) {
            throw new RuntimeException("Fout opgetreden bij het starten ",
                                       je);
        } catch (Throwable t) {
            throw new RuntimeException("Fout opgetreden bij het starten ",
                                       t);
        }

Now you can store your connection in the ldap or Application Server.

Here is the example project. My jdeveloper home is D:\oracle\jdevstudio10133. This is voor j2ee rmi libs