Web Security Role: cisusers
By Acshorten-Oracle on Jul 06, 2011
During the installation process for Oracle Utilities Application Framework products, a Web Security role is specified for use in the J2EE Web Application Server (i.e. Oracle WebLogic or IBM WebSphere). This role is used by the J2EE Web Application Server to give permission to the authenticated users to the J2EE resources used by the product.
By default, the value is set to cisusers. Whilst this is sufficient for most implementations to use (in particular non-production) as it quickly sets up a default for the site to use. In production, most customers take the default as well but if the default value is not desired or does not meet your site standards you can change the value a number of ways:
- If you are using Oracle Utilities Application Framework V2.x or V4.0, you can manually make the change to the web.xml file for the online (a copy of it it is located in etc/conf/WEB-INF directory). You will need to replace all occurances of cisusers to the desired value (remember it cannot include embedded blanks). You will need to change web.xml AND web.xml.XAIApp to complete the change for the online and XAI respectively. If you want to retain the change across upgrades or service packs you should create a custom template as outlined in the Operations and Configuration Guide or Server Administration Guide for your product.
- If you are using Oracle Utilities Application Framework V4.1, you can set the value using the configureEnv[.sh] utility. You use the -a option (for advanced configuration) and press 52 (for Advanced Web Application Configuration). Change the value of Web Security Role and Web Principal Name (the latter is used for Identity Management Suite integration but should be used regardless) and that will set the values in the appropriate places.
After doing this, connecting users to this group in your J2EE Web Application Server or in the configured security repository will connect users to the online and Web Service components of your products. As a matter of interest, most sites use cisusers as their default but the process above can be used if the default value is inappropriate.