Getting started with OpenSSO

Few days back i have started reading about OpenSSO. OpenSSO is Sun's open Web access management project that's based on the Sun Java System Access Manager source code. Future versions of Sun Java System Access Manager will be built from OpenSSO. After getting a basic idea of OpenSSO i have followed a four part article given at Sun Developer Network to get a good feel of developing secure web application using OpenSSO.

Below are the steps to successfully complete the exercises given at http://developers.sun.com/identity/reference/techart/id-svcs.html

1. Follow the steps given at http://developers.sun.com/identity/reference/techart/opensso-glassfish.html to download and deploy the OpenSSO on Glassfish Application Server. (I have used OpenSSO V1 Build 5 Zip to complete the exercises.)
2. Follow the steps given for each one of the 4 exercises given at http://developers.sun.com/identity/reference/techart/id-svcs.html. The steps in each exercise are in detail and self explanatory. Below are those 4 exercises.

Exercise 1:-

Securing Applications With Identity Services, Part 1: AuthenticationThrough an example of a client web application(IdSvcsClient) built with the NetBeans IDE and deployed on GlassFish Application Server, this article, Part 1 of a series, shows you how to configure OpenSSO so as to authenticate—by means of identity services—users who access protected resources.

Exercise 2:-

Securing Applications With Identity Services, Part 2: AuthorizationHere in Part 2, again with IdSvcsClient, an example client application built with the NetBeans IDE, you learn how to further configure OpenSSO so as to allow authenticated users to perform tasks for which they have been authorized.

Exercise 3:-

Securing Applications With Identity Services, Part 3: User AttributesIn this exercise the task of obtaining the attributes of users whose tokens are passed in service calls will be handled. User attributes are also called profile attributes, This article, Part 3 of the series, describes how to fetch user attributes by means of the attribute service, still with IdSvcsClient as an example.

Exercise 4:-

Securing Applications With Identity Services, Part 4: Single Sign-On and Logout Here in Part 4, you're shown how to achieve single sign-on (SSO) and logout with REST. Even though the procedures in this part start with authentication as a key part of the process, the emphasis is on SSO and logout.

Note:- I have done all these exercise in VMWare WinXp-image. The size of WinXP-Image has reached to 4.13GB after installing NetBeans IDE, GlassFish Application Server and after deploying OpenSSO and sample client web application IdSvcsClient, so if you also want to do this in virtual environment, make sure you have sufficient memory available before starting these exercises and also make sure you have minimum 1GB RAM setting for the virtual image to get a better response. Ignore this note if you don't want to do these exercises in virtual environment.

How to write a HTTP Service in JCAPS to send a file content

Few days back one of my friends asked my “How do we implement a HTTP Service to send a flat file content to the client?” of course using JCAPS. He wants me to do it in JCAPS5.1.3, so I did. Here I am sharing the logic I have used, so if any one of you has such requirement in future you can simply check this blog :-) . As you would have expected, i have used JCAPS's HTTP eWay(Adapter) for this exercise. If some one is new to HTTP eWay check this Link for documentation. I chose Java Collaboration to implement the HTTP Service(Alternatively we can use the Business Process also to accomplish the same). Below is the problem statement and the steps i have followed to implement the HTTP Service using HTTP eWay in JCAPS 5.1.3.

Problem Statement:

Implement a HTTP service which accepts the file name (should exists in a local file system - server) and send the file content as a response.


1.) Create a project in eDesigner, i gave the project name as 'prjHTTPService'.

2.) Create a Java Collaboration (jcd) with name 'jcdHTTPService'. In the second step of Collaboration Wizard, select the repository(HEAD)-->Sun SeeBeyond-->eWays-->HTTPServer-->processRequest as the 'Web Service Operation' to implement.

3.) Optionally add any otds that you think will be required to implement the service. For this example i have not used any otds because i am just reading the file data(using java.io) and sending it as a response. Finally click on Finish button to create the jcd.

4.) Open the 'Java Source' editor for above jcd and put the logic given in below screenshot.




5.) As its mentioned in the line#24 (in above screen shot) we need to set the 'Content Type' property of the HTTP Response to the respective MIME type of the file content(plain text, XML, html, etc ....)

6.) My code above is assuming only one request parameter in the input HTTP request, that is why i am reading the file name through index position( input.getRequest().getParameterInfo().getWebParameterList( 0 ).getValues( 0 ) ). If there are more than one request parameters in the HTTP request this logic need to be changed( we can get it through request attribute name also, for more info refer HTTPRequest java docs)

7.) readFileInfo() method is a utility method i have written using java.io to read the file content(screenshot is pasted below). Alternately we can use BatchLocalFile eWay also for this purpose but i don't prefer this approach for such a simple tasks.

Note:- This method will work only for the files whose data can be read as a meaningful String. If some one want to send a file content which can not be read as a String, this logic needs to be changed a little bit(by using Bytes instead of String).




8.) That is it for the logic. Create the Connectivity Map and Deployment profile for the project and deploy it. In case of any problem in setting the configurations parameters in Connectivity Map and Deployment Profile Refer Sun SeeBeyond eWay(TM) HTTPS Adapter User's Guide.

9.) To test the project, open the url "http://<Host Name>:<port>/<Deployment Profile Name>_servlet_<servlet-url property value given in Connectivity Map>/<servlet-url property value given in Connectivity Map>?FileName=<FileName>" in the web browser, the browser should show the file content.

Hope this helps :-) in case of any problems just drop me a mail to srinivasa.mataboyina@sun.com or to srinivasarao.mataboyina@gmail.com. I am happy to help on this.

Check my Next blog "How to Write a HTTP Client in JCAPS to get a file content"

My first impression on JCAPS

It was on 16^th September 2006 I got a chance to listen the detailed instructions session on Sun SeeBeyond ICAN (Integrated Composite Application Network) Suite. I was in a training session conducted by sun professional services department in Hyderabad, India. My initial impression on the product was ‘wow its great’ because in my graduation day’s we used to dream on things like enterprise designer – which generates the code automatically on drag and drop of components. One more reason for such first impression on the product would be the nature of work I was doing at that time; I was spending a lot time in coding and I have never came across the products like eDesigner before the training. I am not only impressed with eDesigner, I am impressed with the availability of numerous adapters (eWays) the product suite is offering. The similar kind of adapters and features may also available in other EAI products as well but ICAN is the first product I have experienced. 24^th September 2006 (the last day of our training) was the day I have decided to start my career in EAI domain and I was able to join SUN SOABI Professional Services department on 11^th December 2006 as a consultant.