Today, I will explain how to achieve and configure a ldap connection in Oracle Soa Suite and to create a ldap adapter to add, search, and compare entities in ldap in a bpel process.We'll use compare operation along with a Java Embedding component that include a SSHA digest operation to achieve authentication of a user through Ldap. However, lets first see how to enable the LdapAdapter in Soa Suite environment using the application console, and see how to build a Ldap environment using the Apache Directory Studio to use in our examples.
Configure the Application Console to Use Ldap:
Open the address http://localhost:7101/console in your browser after starting the integrated weblogic server. Enter the credentials you stated during the installation, and click the 'Deployments' in the left menu.Find the LdapAdapter in the Deployements list like in Figure 1.
Figure 1
Then go to the Targets tab and check the DefaultServer to target the LdapAdapter to your default server.See in Figure 2.
Open the directory studio and start the ApacheDS server.We'll create the users under ou=users,ou=system directory.The default password type will be SSHA.You can see the Ldap Browser view in the Apache Directory Studio's schema editor.
Figure 2
Next, go to the Configuration -> OutBound Connection Pools and choose one of the Jndi configuration.Say eis/ldap/master.Then configure the Jndi properties specifying bindDN, hostName, password and port.See in Figure 3 and 4.
Figure 3
Figure 4
Install and Configure Apache Directory Studio:
Download and install the Apache Directory Studio from the link below.
http://directory.apache.org/studio/download/download-windows.html
Figure 5
Create the SOA Project to Achieve Add Ldap Operation:
To add an entity to the Ldap we have to assing the dn, cn, sn, uid and userPassword properties of Ldap configuration.So, let's create a synchron bpel process that has a xsd file with these properties like in Figure 6.
Figure 6
Dn is the 'Distinguished Name' that identifiy the user's entity in the entire Ldap environment.Cn is the 'Common Name', Sn is the 'Surname', uid is the 'User Identifier' and the userPassword is the 'Password' field.
Now, create a Ldap adapter by right clicking the external references part of your composite page and rename it like in Figure 7.
Figure 7
On the next page, click to the plus sign and create a Ldap connection and test it entering the connection properties like in Figure 8.
Figure 8
Figure 23
Figure 24
Figure 25
Figure 37
Figure 38
Choose the Jndi name eis/ldap/master that we configured in the application console in the next page of the wizard.See in Figure 9 and 10.
Figure 9
Figure 10
Choose the Add operation in the next page, then choose the object classes 'inetOrgPerson' and 'person' and their attributes cn, sn, uid and userPassword to insert like in Figure 11 and 12.
Figure 11
Figure 12
After completing the Ldap adapter wizard, you will get the xsd file like in Figure 13 for the input of Ldap add operation and the final composite will look like in Figure 14.Also see how to configure the input variable of the Ldap component in Figure 15 and 16.
Figure 13
Figure 14
Figure 15
Figure 16
Example input and output of this bpel process can be seen in Figure 17.
Figure 17
You can see the added user in the ldap schema editor like in Figure 18.
Figure 18
Create the SOA Project to Achieve Search Ldap Operation:
To search an entity in the Ldap we have to define a baseDN and a searchFilter.Create a synchron bpel process that has just a uid in xsd and create a Ldap adapter in the composite page, rename it and choose the Search operation.See in Figure 19.
Figure 19
In the next page choose the default search base and the default search filter and then choose the response objects and the attributes that you want to return from the operation like in Figure 20 and 21.We just want to return the userPassword attribute of the person object.
Figure 20
Figure 21
At the end we get the following composite.
Figure 22
This time choose both input and output variables in the invoke component of search operation like in Figure 23 and drag and drop two assign activities after receiveInput and after invokeForSearch components for search and return values respectively.See in Figure 24, 25 and 26.In Figure 24, you can see we just use the concat function to obtain a search filter in the format 'uid=testUser'.
Figure 24
Figure 25
The final bpel process will be the following.
Figure 26
Example input and output of this bpel process can be seen in Figure 27.
Figure 27
Create the SOA Project to Achieve Compare Ldap Operation to Use in Authentication:
We'll now use a Compare Ldap operation to authenticate a user.Firstly, create a bpel process with a xsd file with two input variables uid and userPassword.
Figure 28
Create a Ldap adapter with compare operation like in Figure 29.
Figure 29
Define the input and output variables of the compare invoke component.
Figure 30
Since the password is kept as SSHA digest value in the Ldap server, before compare it we have to obtain the digest of the user password.SSHA is an acronomy for Salted Secure Hash Algorithm and used to obtain a more secure digest value with the help of a salt value.We'll use Java Embedding component to get the SSHA digest of the password input and use the digest of password and the uid together to authenticate a user.We'll need sun.misc.Base64Decoder.jar so obtain it from the internet if you don't have it.Then put the Base64Decoder.jar to the $PROJECT_DIR\SOA\SCA-INF\lib folder, set the jar file to the classpath from the Project Properties -> Libraries and Classpath.See in Figure 31.
Figure 31
We need to get the salt value that used in the Ldap server.Thus look for the password editor in the Apache Directory Studio to get the salt value.We'll use it in our SSHA class.
Figure 32
Now, create a java class named SSHA like in Figure 33.
Figure 33
We can then use this class in our Java Embedding code.Drag and drop a Java Embedding component after the receiveInput component and type the following codes in it.
Figure 34
Remember to put the required imports to the bpel source for the XMLElement and SSHA classes using the import tag.
Now, drag and drog two assing activities after the Java Embedding and InvokeForCompare components to set the compare and result values respectively.The assing activity for the InvokeForCompare component can be seen in Figure 32.We use concat function to set the dn attribute of the compare request as in the form 'uid=testUser,ou=users,ou=system' and we set the name as 'userPassword' and set the value from the result of the Java Embedding component.
Figure 35
The final bpel process for the Compare ldap operation will be the following.
Figure 36
The possible inputs and outputs of this bpel process can be seen in Figure 37 and 38.Also you can see the return value in the debug screen in Figure 39.
Figure 38
Figure 39
Conclusion:
I try to explain the usage of Ldap in SOA Suite using add, search and compare operations of bpel ldap adapter.Before that we saw how to configure Ldap adapter in application console and also see how to install and configure the Apache Directory Studio.In the compare example we see how to authenticate a user with the help of a Java Embedding including a SSHA digester class.To test and debug the projects developed in this write, you can see the detail of debugging and testing a project in this write.
You can download the source code from here.