About this task
The connector is designed to support the internal WebCenter Content's security model
regarding security groups, roles, and aliases. If other security systems are used on top of, or in
conjunction with, WebCenter Content's security model, the late binding proxy can be configured to
rely on WebCenter Content to do the security resolution at search time. Only use the late binding
proxy if this describes your environment. Otherwise, use the standard security configuration
described in Configuring your WebCenter Content collection for security.
Note: The security late binding proxy is located in the following directory:
extras/webcenter_content/late-binding-proxy
To install and use the late binding proxy do the following:
Procedure
-
Copy the RIDC client jar (10g or 11g, depending on your WebCenter Content version) to
the following directory:
extras/webcenter_content/late-binding-proxy/usr/servers/defaultServer/apps/webcenter_content-late-binding-proxy/WEB-INF/lib
-
Enable SSL security for the late binding proxy server:
-
Ensure the proxy server is stopped.
Use the securityUtility.bat command to create a default SSL
certificate for use by the WebSphere Liberty profile configuration:
-
Open a command prompt
Navigate to the following directory of your Watson™ Explorer Engine installation:
extras/webcenter_content/late-binding-proxy
-
Enter one of the following commands based on your Watson Explorer Engine installation
environment:
Note:
In the following code samples, the -- command line arguments
are presented in multiple lines for formatting reason only. They only need to be
separated by a space when provided on a command-line.
-
Creating SSL certificate in a Linux environment
To create an SSL certificate on Linux environment enter the following command
and command line arguments:
bin/securityUtility createSSLCertificate
--server=defaultServer
--password=PASSWORD-OF-YOUR-CHOOSING
--validity=NUMBER-OF-DAYS (on linux)
-
Creating SSL certificate in a Windows environment
To create an SSL certificate on Windows environment enter the following command
and command line
arguments:
bin\securityUtility.bat createSSLCertificate
--server=defaultServer
--password=PASSWORD-OF-YOUR-CHOOSING
--validity=NUMBER-OF-DAYS (on windows)
The command will create a SSL certificate that will be valid for the number of days
you set.
The command will also output to the console the keyStore password that needs to be
updated in the server.xml configuration file.
-
Change directory to:
/extras/webcenter_content/late-binding-proxy/usr/servers/defaultServer/
-
Edit the server.xml file.
-
Replace the password value from the following line:
<keyStore id="defaultKeyStore" password=" (replace it with
the encrypted password)" />
With the password generated during the creation of the SSL certificate noted
earlier in this procedure.
-
Save the file.
-
Start the proxy
(see section below about how to start the proxy).
-
Starting and stopping the proxy server.
Start and Stop the proxy server (as needed):
To start the proxy on a Linux environment
-
Navigate to the following directory of your Watson Explorer Engine
Installation:
extras/webcenter_content/late-binding-proxy
-
Run the following command:
If you are using a Microsoft Windows environment
-
Navigate to the same directory
-
Enter the following in a command prompt:
bin\server.bat start (Microsoft Windows)
To stop the proxy on a Linux environment
-
Navigate to the following directory of your Watson Explorer Engine Installation:
extras -> webcenter_content ->
late-binding-proxy -> bin
-
Run the following command:
Alternatively, on a Microsoft Windows environment
Enter bin\server.bat stop
-
To see more options for the proxy:
-
Navigate to the following directory of your Watson Explorer Engine installation:
extras/webcenter_content/late-binding-proxy/bin
-
Run the following command:
Alternatively, on a Microsoft Windows environment
-
Navigate to the same directory
-
Enter bin\server.bat help
-
Configure the data collection to base ACLs on a Document Property.
When using the late binding proxy, the security check at search time is based on a
particular document property, for example the dID. Therefore, you will need to
select which document property to use (the dID is the default and recommended property).
To do that, edit the data collection configuration and set the option Base ACLs on a
Document Property (for late binding security) in the Advanced seed configuration
section to true and enter the property to use in the ACL Property
option. Save these changes. You need to complete a full re-crawl of your collection for
these changes to be applied to all the documents in your collection and be able to use
the late binding proxy.
-
Adding the Rights component to the source.
When using the late binding proxy you will need to use a different rights component.
Remove the Oracle WebCenter Content Rights if it was added previously to your
source and remove any unsecured source that was added previously if you were using the
standard security configuration without late binding proxy. Go to the source of your
data collection and add one of the two possible rights functions to the form: Oracle
WebCenter Content Document ID Based Rights or "Oracle WebCenter Content
Document ID Based Rights (Paged). The paged version is optimized for better
performance for queries that return many results.
Results
Important: If you receive an error indicating that the proxy could not find java,
then you will need to set the JAVA_HOME environment variable to point
to a valid Java Runtime. You can use the Java Runtime installed on Watson Explorer Engine. To do so, set the
JAVA_HOME environment variable to
DE_INSTALL_DIR/jre (replace
DE_INSTALL_DIR with the full path to your Watson Explorer Engine installation directory.