Tuesday, 27 November 2007

Connecting to OAS 10.1.3.x from JDeveloper without using oc4jadmin

Every now and then I get a request to be able to connect to OAS 10.1.3.x from JDeveloper 10.1.3.x using a custom user rather then the default oc4jadmin. A work mate of mine got this working and also found that only certain roles will allow such a connection remotely when using a custom user.



1. Go to OAS 10.1.3.x EM


2. Select an OC4J instance that you had created.
3. Select Administration.
4. In the Task Name section, under Security select the 'Go to Task' icon for Security Providers.
5. Press the button [Instance Level Security].
6. Select the tab link Realms.
7. In the section Security Provider Attributes: File-Based Security Provider there is a realm
named jazn.com. Select the number under the Users column.
8. Press the button [Create].
9. Add User screen:-

Name field : enter a user name
Password || Confirm Password fields : enter a valid password
In the Available Roles area, select the role like ascontrol_admin and move across to Selected Area.

Press [OK].

10. Restart OC4J container via ASC pressing the [Restart] button or use following commands:-

- opmnctl stopproc process-type=Tars
- opmnctl startproc process-type=Tars


1. In JDeveloper 10.1.3.X select Connections navigator.
2. Right-click Application Server node and select 'New Application Server Connection'.
3. On Welcome screen press [Next].
4. Step 1 of 4: Type screen :-

Connection Name field >> enter a app server connection name
Connection Type list field >> select "Oracle Application Server 10g 10.1.3".

Press [Next].

5. Step 2 of 4: Authentication screen:-

Username field : enter user name that was created in previous section at the OAS level.
Password field : enter same password was created in previous section at the OAS level.
Deploy Password checkbox : select.

Press [Next].

6. Step 3 of 4: Connection screen:-

Host Name field : enter host of OAS.
OPMN Port field : change to opmn remote port number
OC4J instance name field : enter of instance where user was created.

Press [Next].

7. Step 4 of 4: Test screen:-

Press [Test Connection]:

That should work but what we found is only 2 roles actually will work as shown by the test below which shows that only 2 roles actually work here, of course was never expecting the role "users" to work. We created 6 users each will the role shown next to them and found only ascontrol_admin and oc4j-administrators would allow such a remote connection

User1 (Role = ascontrol_admin) - SUCCESS
User2 (Role = ascontrol_appadmin) - FAILS
User3 (Role = ascontrol_monitor) - FAILS
User4 (Role = oc4j-administrators) - SUCCESS
User5 (Role = oc4j-app-administrators) - FAILS
User6 (Role = users) - FAILS

1 comment:

Wilfred said...

See http://blog.jpoot.com/2007/07/04/connect-jdeveloper-to-applicationserver-jazn-ldapoid/ for a similar solution based on Oracle Internet Directory/LDAP in stead of static jazn files