15-14 Oracle Fusion Middleware Upgrade Guide for Oracle SOA Suite, WebCenter, and ADF Figure 15–8 Security Settings of an Upgraded WebCenter Application To reconfigure ADF security in an upgraded WebCenter application: ■ Create a new realm in the jazn-data editor, if it does not already exist. Then re-create the required users and enterprise roles that existed in the security policies of your WebCenter 10.1.3.x application. Assign the newly created users to the enterprise roles as required. It is recommended that you name the realm as jazn.com. Creation of users and roles is necessary only to test the application in Integrated WebLogic Server WLS in JDeveloper. Typically, the required users and enterprise roles used in application policies are expected to exist in the production setup where the application is deployed. ■ Optionally, you can reconfigure application authorization data to use application roles, which are supported by Oracle WebCenter 11g applications. You can reconfigure ADF security to use application roles instead of enterprise roles. For more information about how to configure ADF security, see Oracle Fusion Middleware Fusion Developers Guide for Oracle Application Development Framework. Considerations When Upgrading ADF-Secured WebCenter Applications Grants are not migrated properly if a 10.1.3.x WebCenter application contains grants without any permissions. Prior to upgrading your application, you must inspect the app-jazn-data.xml file in the 10.1.3 workspace and remove any grants that have empty permission set. In Oracle WebCenter 10.1.3.x, the ADF framework performed the rowset, attribute, and method permission checks in addition to page permission checks. If a 10.1.3 WebCenter application grants the read permission on the rowset and attribute and the invoke permission on the method for all users, then the application functions as expected in Oracle WebCenter 11g without any additional setup. However, if the 10.1.3.x WebCenter application was designed to allow only certain users to view the rowset, attribute, or invoke method, then a special flag needs to be Note: The valid-users role, which specifies all authenticated users and usually maps to the users role in weblogic.xml, is not created in web.xml of the upgraded application, thereby restricting access to all authenticated users. If you want all authenticated users to have access to the upgraded application, you must manually create the valid-users role in web.xml and map it to the users role in weblogic.xml. Considerations When Upgrading Oracle WebCenter Applications 15-15 set to support this style of security. If this flag is not set, then anyone who has page access can view attributes and rowsets and invoke methods because in Oracle WebCenter 11g the permission check is performed only on pages and task flows. The flag must be set for each application in the adf-config.xml file, as shown in the following example: sec:adf-security-child xmlns=http:xmlns.oracle.comadfsecurityconfig JaasSecurityContext initialContextFactoryClass=oracle.adf.share.security.JAASInitialContextFactory jaasProviderClass=oracle.adf.share.security.providers.jps.JpsSecurityContext authorizationEnforce=true contextEnv name=oracle.adf.security.metadata value=false CredentialStoreContext credentialStoreClass= oracle.adf.share.security.providers.jps.CSFCredentialStore credentialStoreLocation=....srcMETA-INFjps-config.xml sec:adf-security-child You must also ensure that there are no duplicate JaasSecurityContext and CredentialStoreContext elements in the adf-config.xml file.

15.3.3.5 Upgrading Producer Registrations of Preconfigured Portlet Producers

During application upgrade, the port numbers of all preconfigured portlet producers such as Web Clipping and OmniPortlet are updated. All producer registrations from preconfigured portlet producers that existed in Oracle Application Server 10.1.3.x environment with port 6688 are migrated to port 7101. If you did not use default port numbers in your Oracle Application Server 10.1.3.x environment, you must manually change those port numbers to appropriate port numbers. When you upgrade a WebCenter application, port changes are not made to registrations of portlet producers other than preconfigured portlet producers.

15.3.3.6 Redeploying Your Applications

After upgrading your application to Oracle WebCenter 11g, you must recompile the application. To prepare your application for redeployment, create a WebLogic Managed Server instance and provision it with a required set of shared libraries. Also, create and register the Metadata Service MDS repository for your application on the WebLogic Domains Administration Server instance. You must then redeploy the application and verify that it has been deployed properly. For information, see the Deploying WebCenter Applications chapter in Oracle Fusion Middleware Administrators Guide for Oracle WebCenter.

15.4 Upgrading Portlet Producers

If your WebCenter 10.1.3.x application uses portlets, then in addition to upgrading your WebCenter consumer application, you may need to upgrade portlet producers to Oracle WebCenter 11g. Table 15–2 lists the tasks involved in upgrading portlet producers used by your WebCenter 10.1.3.x applications.