Profiles

A profile is the collection of attributes or characteristics that describe a user or other object. Note that a profile is not the serialized object itself although you may re-create the object from the attributes. You can store profile data in multiple repositories and may even include data from real-time sources. The profile factory lets you configure where attributes are retrieved from and returns a single response that contains attributes from all the configured sources. The profile factory architecture is modular and allows the easy integration of new data sources. One of the key benefits of the profile factory is that it provides an easy way for Oware applications to access data from external or legacy sources.

Attribute mapping means that applications may use their own attribute names regardless of the identifier used by the attribute data source. This means that you could change sources without changing your code. Mapping also provides a way to resolve name space conflicts.

The Profile Factory using the profileconfig.xml file. The file has two sections. The first section controls the mapping of attributes. The second section provides configuration settings for each data source.

Attribute mapping is configured for each class name used in Profile Factory queries. For each attribute a data source is specified along with the attribute name used by the specified source. The following is an example of attribute mapping configuration:

<Class name="profileTest.MixedTestObject">

<sourceObject source="LDAP" sourceAttrName="cn" attrName="cn" />

<sourceObject source="LDAP" sourceAttrName="acl" attrName="acl" />

<sourceObject source="BOM" sourceAttrName="Balance" attrName="AccountBalance" />

<sourceObject source="LDAP" sourceAttrName="groupMembership" attrName="groups" />

</Class>

Data sources are configured by providing a source name, the name of the java class used to access the data source, and any properties required to initialize the connection to the data source.

<OWProfileSource name="LDAP" delegateClass="com.dorado.core.profile.OWLDAPProfileDelegate" >

<Property ID="providerCount" value="3" />

<Property ID="providerURL1" value="ldap://192.168.0.88:636" />

<Property ID="providerDN1" value="cn=admin,o=dorado" />

<Property ID="providerPW1" value="password" />

<Property ID="providerURL2" value="ldap://192.168.0.88:636" />

<Property ID="providerDN2" value="cn=admin,o=dorado" />

<Property ID="providerPW2" value="password" />

<Property ID="providerURL3"value="ldap://192.168.0.88:636" />

<Property ID="providerDN3" value="cn=admin,o=dorado" />

<Property ID="providerPW3" value="password" />

<Property ID="roleSearchFilter" value="(|(ObjectClass=group)(ObjectClass=organizationalRole))" />

<Property ID="userSearchFilter" value="(|(ObjectClass=inetorgperson)(ObjectClass=user))" />

<Property ID="roleAttributes" value="cn,OWRoleName,dn" />

<Property ID="userAttributes" value="cn,dn" />

<Property ID="timeOut" value="2000" />

<Property ID="derefLinkFlag" value="false" />

<Property ID="rtnCountLimit" value="1000" />

<Property ID="authMethod" value="simple" />

<Property ID="searchScope" value="subtree" />

<Property ID="roleSearchScope" value="subtree" />

<Property ID="userSearchScope" value="subtree" />

<Property ID="searchRoot" value="o=dorado" />

<Property ID="userRoleFilter" value="securityEquals" />

<Property ID="roleSearchRoot" value="" />

<Property ID="userSearchRoot" value="" />

 

<Property ID="provider" value="NDS" />

</OWProfileSource>

Recommended Reading: JAAS documentation, and Inside Java 2 Platform Security, by Li Gong, ISBN 0-201-31000-7.