Page 1 of 16

Oracle WebCenter Portal 11g Developer Workshop

Lab 06 – Securing the Portal

Page 2 of 16

Overview

For production environments, WebCenter Portal needs a LDAP server to store user identities. For our demo environment, you can use the LDAP server that comes embedded with Weblogic Server (keep in mind this is not supported by Oracle). WebCenter Portal uses ADF security to protect the portals, pages and resources. The security layer of Portal is very powerful and flexible. For this lab, we will only go over the main security concepts, and do a simple configuration to separate access between Nurses and Doctors. We will also see how to enable self-registration for visitors. At the end of this exercise, you will be able to: 1. Assign users to groups

2. Configure roles and permissions for portals, and add users for portals

3. Configure security settings for pages and components

4. Configure Portal settings and self-registration

Page 3 of 16

Instructions

1. For some of the future labs in this workshop, we will login as other users. We need to configure them to be able to use the Portal with the appropriate permissions.

2. Access the Weblogic Console application (http://server:7777/console) and login as weblogic. In the Domain Structure panel, click on Security Realms.

3. Click on the myrealm link and go to the Users and Groups tab.

4. Now you will create the users that will be part of the scenario. Click on the New button to create a user. In the Create a New User page, set the following information:

o Name: achrist

o Description: Agatha Christie

Page 4 of 16

5. Set a password for the user. Click OK to create the user.

6. Repeat these steps to create the other users:

o cdickens (Charles Dickens)

o cdoyle (Arthur Conan Doyle)

o fkafka (Franz Kafka)

o jausten (Jane Austen)

o mtwain (Mark Twain)

7. Click on the Groups tab and click on the New button.

Page 5 of 16

8. Name the group contributor and click OK to create it.

9. Go back to the Users tab, click on the first user in the list (achrist), go to the Groups tab and move the contributor group to the Chosen box. Click Save.

Page 6 of 16

10. In the breadcrumb above, click on the Users and Groups link. Repeat these steps for the following users: cdickens, cdoyle, fkafka, jausten and mtwain.

11. Logout from Weblogic Console. Access OraHealth home page (http://server:7777/webcenter/portal/orahealth). Login as weblogic, and go to the Administration page of the OraHealth portal.

12. First we will configure the roles for this Portal. Go to the Security tab and click on the Roles tab.

13. Click on the Create Role button.

Page 7 of 16

14. Name the role Doctor and set Participant as the Role Template.

15. Create another role called Nurse, also based on the Participant role.

16. Select the Doctor role and click on the Edit Permissions button.

17. Check the following permissions, by section:

o Administration: leave all unchecked.

o Basic Services: check all.

o Assets: check Create, Edit and Delete.

o Documents: check all.

Page 8 of 16

18. Click Save.

19. Edit the Nurse role. Set the following permissions:

o Administration: leave all unchecked.

o Basic Services: leave only View Pages and Content checked.

o Assets: leave all unchecked.

o Documents: check View Documents.

20. Click Save.

21. Go to the Members tab. Add the following users in the portal, with the roles:

Page 9 of 16

o achrist (Agatha Christie) – Role: Nurse

o cdickens (Charles Dickens) – Role: Doctor

o cdoyle (Arthur Conan Doyle) – Role: Doctor

o fkafka (Franz Kafka) – Role: Doctor

o jausten (Jane Austen) – Role: Doctor

o mtwain (Mark Twain) – Role: Doctor

22. PS: As you can see, their profiles have no information, and there are no pictures. We will fix this further ahead in the lab.

23. The Medical Services page should be visible only to users with the Doctor role. Go to the Pages tab. Select the Medical Services page, go to the Security tab in the right-side panel and click on Override Security. Uncheck all permissions from the Nurse and Participant roles. Remove the View permission for the other roles.

Page 10 of 16

24. Click Save.

25. Open the Portal in a new browser (a different browser, not in a different tab on the same browser) and see how the Medical Services link no longer appears on the navigation menu.

Page 11 of 16

26. Still in that browser, click on the Insurance page. As you can see, the Document Explorer Task Flow presents an error message. This happens because non-authenticated users do not have permissions on the Documents service. What we want to do is to hide this Task Flow so it doesn’t show on the page if the user is not logged in.

27. Go back to the browser where the Portal Administration page is open, select the Insurance page and click on the Edit link.

28. Click on the Edit button ( ) for the Document Explorer Task Flow. Go to the Display Options tab, and click on the icon ( ) next to the Show Component option and click on Expression Builder.

29. The following expression will evaluate if the user has the roles Moderator, Doctor or Nurse. Only users in this role will be able to see the Task Flow:

o #{WCSecurityContext.userInScopedRole['Moderator'] || WCSecurityContext.userInScopedRole['Doctor'] || WCSecurityContext.userInScopedRole['Nurse']}

Page 12 of 16

30. Click on the Test button to make sure the rule works. Click OK and OK to close the properties window.

o PS: Use this expression if you want only authenticated users to see the Task Flow:

#{securityContext.authenticated}

31. Save the page. Go back to the other browser and refresh the page. The Document Explorer Task Flow will no longer appear.

32. Now we will login as each user and set their basic information. In the other browser window, click on the Login link and login as achrist.

33. Click on the link with the user’s name. This will take you to the User Profile page.

34. To edit the user’s information, click on the Edit Profile button.

Page 13 of 16

35. Fill the information fields with information that is relevant to the POC that we are building. You can find pictures for all the doctors in the lab_assets/OraHealth/images/doctors folder.

36. Logout and login with each of the other users, and do the same configuration to each. If you want, also update the profile of user weblogic.

37. We will now change the default settings for Portals in the server. We want to change the default portal to OraHealth. Go to the Administration page and scroll down to find the Default Portal options.

38. Click on Open a Specific Portal for the Authenticated Users option. Select the OraHealth portal as the default location. Make the same configuration for Public Users. You can create groups of users and have different home portals, depending on the users. For this lab, we will make every user see the OraHealth portal when they first access the Portal.

Page 14 of 16

39. Click the Save button on the top of the page to save the settings.

40. Start a new browser and go to http://server:7777/webcenter. You will notice that OraHealth will be the portal automatically loaded.

41. Finally, we will see how to enable self-registration.

42. Go to the Administration page, and scroll all the way down. You will see the Self-Registration options at the end of the page. Check the Allow Public Users to Self-Register option and click Save.

43. On the other browser window, logout from Portal. You will notice the Register link in the upper link bar.

44. Click on the Login link. You will notice a Register option in the login screen.

Page 15 of 16

45. Click on the Register link and create a new user with your name.

46. Login with your new user. You will not see the Medical Services link, or the Document Explorer Task Flow in the Insurance page. That happens because the new user has not received the necessary roles yet. If you want, set the user’s profile information.

Page 16 of 16

Oracle WebCenter Portal 11g Developer Workshop – LAB 06 Securing the Portal

September, 2014

Author: Denis Abrantes

Oracle Corporation

World Headquarters

500 Oracle Parkway

Redwood Shores, CA 94065

U.S.A.

Worldwide Inquiries:

Phone: +1.650.506.7000

Fax: +1.650.506.7200

oracle.com

Copyright © 2014, Oracle. All rights reserved.

This document is provided for information purposes only and the

contents hereof are subject to change without notice.

This document is not warranted to be error-free, nor subject to any

other warranties or conditions, whether expressed orally or implied

in law, including implied warranties and conditions of merchantability

or fitness for a particular purpose. We specifically disclaim any

liability with respect to this document and no contractual obligations

are formed either directly or indirectly by this document. This document

may not be reproduced or transmitted in any form or by any means,

electronic or mechanical, for any purpose, without our prior written permission.

Oracle, JD Edwards, PeopleSoft, Fatwire and Siebel are registered trademarks of Oracle

Corporation and/or its affiliates. Other names may be trademarks

of their respective owners.