The objective of this post is to have a Cookbook format. The same steps can be found in Oracle’s documentation, except for some caveats and images that should smooth the process.
The picture above describes the deployment architecture as well as some basic interaction between the involved managed servers. Please notices that we have two different domains in the picture.
Deploying Task List Portlet
1. Because the task list portlet producer application uses the deployed library
oracle.soa.workflow.wc, you must confirm that the library is targeted to the Oracle WebLogic Server portlet managed server.
a. Log in to Oracle WebLogic Server Administration Console.
b. Go to Deployments > oracle.soa.workflow.wc >Targets.
c. See if WLS_Portlet is checked. If not, check it and save your updates.
2. In WebCenter PS3 there’s a shared lib issue. You also need to deploy rules.jar as a shared library in WC_Portlet. You can find rules.jar under <JDEV_INSTALL>/jdeveloper/soa/modules/oracle.rules_11.1.1/rules.jar.
3. Deploy the TaskListPortlet.ear file WC_Portlet.
a. You can find it under /Oracle_Home/SOA_Home/soa/applications/TaskListPortlet.ear.
b. Ensure that the WSRP producer application is running by accessing the WSDL from a web browser http://server:port/TaskListPortlet/portlets/wsrp2?WSDL.
Connecting Task List Producer to SOA Server
The next step is to configure the remote JNDI providers on WebCenter. As mentioned before, the task list portlet bring the info from SOA server through remote EJB calls.
1. Log in to WLS Console and navigate to Domain Structure > Services > Foreign JNDI Providers.
a. Click New. In the Name field, enter ForeignJNDIProvider-SOA, target it to WC_Portlet, and click OK.
b. Click the ForeignJNDIProvider-SOA link and enter the values in the table below.
Initial Context Factory weblogic.jndi.WLInitialContextFactory Provider URL t3://[soa_hostname]:[port]/soa-infra User weblogic Password Enter weblogic password. Confirm Password Password confirmation.
RuntimeConfigService ejb/bpel/services/workflow/TaskServiceBean ejb/bpel/services/workflow/TaskMetadataServiceBean TaskReportServiceBean TaskEvidenceServiceBean TaskQueryService UserMetadataService
Configuring EJB Identity Propagation
We’ll start by enabling global trust. Log in to the WLS Adm Console for WebCenter.On the left side of the page, click on Domain > Security > Advanced and modify the domain credentials.
Log in to the SOA server Admin Console and modify the domain credentials to the same password as entered for WebCenter.
Regarding application authorization, the same user logged-in to the Spaces application must be present in the Porlet and SOA identity stores, or the three servers could point to the same identity store. For this post we have OID setup as the common identity store. For more info please see Oracle doc.
Securing the Task List Portlet Producer Application Using Web Services SecurityWe’ll start by enabling WS-Security for the task list portlet producer application.
1. Open Oracle Enterprise Manager.
2. In the navigator on the left side, select Farm_wc_domain > WebLogic Domain.
3. Right-click wc_domain and select Security > Security Provider Configuration.
4. Access the Keystore section at the bottom of the provider configuration page and click Configure.
a. Let’s generate the keystore.
keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore default-keystore.jks -storepass welcome1 -validity 3600
b. Copy default-keystore
.jksfile to WEBCENTER_DOMAIN
c. Enter the details for keystore management and identity certificates as shown below.
d. Click OK.
e. Restart WC_Portlet and AdminServer in the WebCenter domain.
f. Follow the same steps starting at b, but now for the SOA domain. To make your life easier we’ll use the same default-keystores.jks file, which means that you don’t need to run the keytool command again.
Specifying the Inbound Security Policy1. Open Oracle Enterprise Manager.
2. Right-click Application Deployments > TaskListPortlet (WC_Portlet).
3. Select Web Services.
4. Click on WSRP_v2_Markup_Service.
5. Attach oracle/wss10_saml_token_with_message_protection_service_policy.
6. Click OK.
7. Restart WC_Portlet.
Consuming Task List Portlet from WebCenter Spaces
2. Register a new portlet producer with the following information.
3. Once the portlet producer is successfully register, open WebCenter Spaces and drop the portlet into any page. That’s how it should look like.
You can double check your task list content by logging in into Business Process Workspace with the same user, obviously. You should see the same tasks.