Wednesday, November 19, 2008

Hints for ADF 11g Application Credential and Policy Migration to Standalone WebLogic Servers

Recently I was deploying our ADF 11g application on standalone WebLogic server. Deployment itself is straightforward, however it is little bit more complex with security metadata migration from development environment to test environment. I have migrated application credentials and policy data using steps described in Steve Muench document - Simplified ADF 11g Application Credential and Policy Migration to Standalone WebLogic Servers. This document is very clear and useful, I would recommend to read and use for everyone who will face problem with security metadata migration to standalone WebLogic.

So, after you will read Steve's document, probably you will find those my 2 hints useful as well:

1) Even if you are not using ADF Security in your application, still in the most of the cases you will need to migrate application credentials. You will need to do this, if you are using JDBC URL as Connection Type to database, since database connection credentials are stored in credentials file. There is no need to migrate application credentials if you are using JDBC DataSource instead of JDBC URL. If credentials for JDBC URL Connection Type will not be migrated, most probably you will get similar error on runtime - Incomplete connection information:


2) After you will succeed to migrate application credentials and policy to the test environment, this doesn't mean you will be able to run your application immediately (in a case of DD Only Security Model). Its because system-jazn-data.xml available on standalone WebLogic is populated with users and policies from development environment, however those users are not mirrored to standalone WebLogic. This means, authentication step will not be completed.

In order to solve this issue, you can go to WebLogic console and in Security Realms (myrealm by default) you can define users you want to authenticate. There is no need to define roles for those users, since authorization will be done based on policies stored in system-jazn-data.xml available on standalone WebLogic after migration.

No comments: