Prevent removing policies during undeploy

One of the most common issues during WebCenter Portal Applications deployment, re-deployment and undeployment is the security migration.

In the Application Properties -> Deployment can be found the properties about Credentials, Policies and Users and Groups.

 

Security properties
Security properties

 

About Checked configuration:

  • In case of Checked then Credentials and Policies it will overwrite the previously deployed in case of deploy and re-deploy of the applicaiton.
  • In case of Checked of Users and Groups then it will create in the target identity store the users and groups from the local jazn-data.xml (inside of the EAR file).

About Unchecked:

  • It will not migrate or override the values when re-deploying

When generates the EAR files, all security operations are written into weblogic-application.xml

 

<?xml version = '1.0' encoding = 'windows-1252'?>
<weblogic-application xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/weblogic-application http://www.bea.com/ns/weblogic/weblogic-application/1.0/weblogic-application.xsd" xmlns="http://www.bea.com/ns/weblogic/weblogic-application">
  <xml>
    <parser-factory>
      <saxparser-factory>oracle.xml.jaxp.JXSAXParserFactory</saxparser-factory>      
      <document-builder-factory>oracle.xml.jaxp.JXDocumentBuilderFactory</document-builder-factory>
      <transformer-factory>oracle.xml.jaxp.JXSAXTransformerFactory</transformer-factory>    
    </parser-factory>  
  </xml>    
    <application-param>        
        <param-name>jps.credstore.migration</param-name>        
        <param-value>OVERWRITE</param-value>    
    </application-param>    
    <application-param>        
        <param-name>jps.policystore.migration</param-name>        
        <param-value>OVERWRITE</param-value>    
    </application-param>  
  <listener>    
      <listener-class>oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener</listener-class>  
  </listener>  
  <listener>    
      <listener-class>oracle.mds.lcm.weblogic.WLLifecycleListener</listener-class>  
  </listener>  
  <listener>    
    <listener-class>oracle.webcenter.lifecycle.listener.FeatureMetricApplicationListener</listener-class>  
  </listener>    
    <listener>        
      <listener-class>oracle.security.jps.wls.listeners.JpsApplicationLifecycleListener</listener-class>    
    </listener>  
  <library-ref>    
      <library-name>adf.oracle.domain</library-name>  
  </library-ref>  
  <library-ref>    
    <library-name>oracle.jsp.next</library-name>  
  </library-ref>  
  <library-ref>    
    <library-name>oracle.webcenter.framework</library-name>    
    <specification-version>11.1.1</specification-version>  
  </library-ref>  
  <library-ref>    
    <library-name>oracle.webcenter.skin</library-name>    
    <specification-version>11.1.1</specification-version>  
  </library-ref>  
  <library-ref>    
    <library-name>oracle.sdp.client</library-name>  
  </library-ref>  
</weblogic-application>

What happens in case of undeploy?

During undeployment all the security (credentials, policies) are removed from the policy store of the environment. Sometimes it is necessary to maintain these policies because the application will be deployed again.

To achieve it add the following parameter to the weblogic-application.xml file

<application-param>  
  <param-name>jps.policystore.removal</param-name>  
  <param-value>OFF</param-value>  
</application-param>

References: