Using Oracle UCM Web Services 12-5 You can use the keytool utility to generate a self-signed certificate. Many of the values used in the following example are the defaults for the domain’s configfmwconfigjps-config.xml file explained in the next section: keytool -genkey -alias orakey -keyalg RSA -keystore default-keystore.jks -keypass welcome -storepass welcome Any relevant data can be entered in the keytool command, but the specifics do not matter except for the passwords for the keystore and the certificate, which the client uses.

12.4.2.2 Configuring Server JPS to Use the Keystore

Configuring the keystore on the Oracle WebLogic Server domain involves editing the domainconfigfmwconfigjps-config.xml file. A provider must be defined in serviceProviders. A provider should be defined by default. serviceProvider type=KEY_STORE name=keystore.provider class=oracle.security.jps.internal.keystore.KeyStoreProvider descriptionPKI Based Keystore Providerdescription property name=provider.property.name value=owsm serviceProvider When you have verified the provider, or created or modified a provider, a keystore instance must be defined in serviceInstances. A keystore instance should be defined by default. serviceInstance name=keystore provider=keystore.provider location=.default-keystore.jks descriptionDefault JPS Keystore Servicedescription property name=keystore.type value=JKS property name=keystore.csf.map value=oracle.wsm.security property name=keystore.pass.csf.key value=keystore-csf-key property name=keystore.sig.csf.key value=sign-csf-key property name=keystore.enc.csf.key value=enc-csf-key serviceInstance The location of the keystore instance must be set to the same location as when you created the keystore. Additionally, the keystore must be added to jpsContexts. This setting should be in the jps-config.xml file by default. jpsContext name=default serviceInstanceRef ref=credstore serviceInstanceRef ref=keystore serviceInstanceRef ref=policystore.xml serviceInstanceRef ref=audit serviceInstanceRef ref=idstore.ldap jpsContext

12.4.2.3 Creating a Client CSF

On the client, there must be a credential store to store the keys to unlock the keystore. A Credential Store Framework CSF can be made in a variety of ways, but one way is to use the Oracle WebLogic Server Scripting Tool WLST. You must use the wlst command from the EM interface. 12-6 Oracle Fusion Middleware Developers Guide for Oracle Universal Content Management To use WLST to create a credential, you must be connected to the Oracle WebLogic Server domain. Note that the resulting wallet can be used only on the client. .wlst.sh connect createCredmap=oracle.wsm.security, key=keystore-csf-key, user=keystore, password=welcome createCredmap=oracle.wsm.security, key=sign-csf-key, user=orakey, password=welcome createCredmap=oracle.wsm.security, key=enc-csf-key, user=orakey, password=welcome The preceding example creates a CSF wallet at domainconfigfmwconfigcwallet.sso that must be given to the client. You need to change the values from the example to match the alias and passwords from the keystore you created.

12.4.2.4 Configuring a Java Client to Use the Keystore and CSF

In order to configure a Java client to use the keystore and CSF, there are two requirements: ■ The Java client must have a copy of both the keystore and the CSF wallet. ■ There must be a client version of the jps-config.xml file. This file must contain entries for locating the keystore as well as the CSF wallet. To configure security, the Java system property “oracle.security.jps.config” must point towards the jps-config.xml file. This can be set during execution in the client. System.setPropertyoracle.security.jps.config, “jps-config.xml”; The following example shows a jps-config.xml file for clients based on the configuration provided in previous examples. jpsConfig xmlns:xsi=http:www.w3.org2001XMLSchema-instance xsi:noNamespaceSchemaLocation=jps-config.xsd serviceProviders serviceProvider name=credstoressp class=oracle.security.jps.internal.credstore.ssp.SspCredentialStoreProvider descriptionSecretStore-based CSF Providerdescription serviceProvider serviceProvider type=KEY_STORE name=keystore.provider class=oracle.security.jps.internal.keystore.KeyStoreProvider descriptionPKI Based Keystore Providerdescription property name=provider.property.name value=owsm serviceProvider serviceProviders serviceInstances serviceInstance name=credstore provider=credstoressp location=. descriptionFile Based Credential Store Service Instancedescription serviceInstance Using Oracle UCM Web Services 12-7 serviceInstance name=keystore provider=keystore.provider location=.default-keystore.jks descriptionDefault JPS Keystore Servicedescription property name=keystore.type value=JKS property name=keystore.csf.map value=oracle.wsm.security property name=keystore.pass.csf.key value=keystore-csf-key property name=keystore.sig.csf.key value=sign-csf-key property name=keystore.enc.csf.key value=enc-csf-key serviceInstance serviceInstances jpsContexts default=default jpsContext name=default serviceInstanceRef ref=credstore serviceInstanceRef ref=keystore jpsContext jpsContexts jpsConfig 12-8 Oracle Fusion Middleware Developers Guide for Oracle Universal Content Management 13 Customizing DesktopTag 13-1 13 Customizing DesktopTag This chapter describes how to customize the DesktopTag component of Oracle Content Server to specify properties for checked out versions of Microsoft Word, Excel, and PowerPoint files. This chapter includes the following sections: ■ Section 13.1, About the DesktopTag Component