How it’s done: Password change functionality in OBIEE

How it’s done: Password change functionality in OBIEE

I recently received a client requirement to build something in Oracle Business Intelligence Enterprise Edition (OBIEE) so end users could change their own passwords. The client is using WebLogic LDAP for controlling access to OBIEE 11g and it doesn’t support native password changes. Most Oracle Business Intelligence (OBI) implementations have integrated Active Directory for authenticating users, so it’s not really necessary to provide a password change option within OBIEE, although I think it’s a “nice-to-have” feature.

To do this, OBI provides two types of Web services:

1. OBI session-based Web services

2. OBI Web services for SOA

You can use OBI session-based Web services to programmatically invoke many different business intelligence items.  Or, the OBI Web services for SOA provides a unique Web service for each analysis, condition or agent saved to the Oracle BI Presentation Catalog.

In my case, I will use OBI session-based Web services, because it’s an application programming interface (API) that implements a simple object access protocol (SOAP). This is designed for programmatic use in which you use one Web service for invoking many different business intelligence objects.

The OBI session-based Web services let me perform three types of functions:

1. Extract results from OBI Presentation Services and deliver them to external and Web application environments.

2. Perform OBI Presentation Services management functions.

3. Execute Oracle BI EE alerts (known as Intelligent Agents).

The formal definition of services and methods in Oracle BI EE Web Services can be retrieved in WSDL format. You can use a proxy generation tool to create proxy/stub code to access the services and access the WSDL document at the following Oracle BI EE Web services URL:

http://host:port/analytics/saw.dll/wsdl/

There are extensive API’s available in OBIEE 11g WebLogic that we can use. In our case, we need to find the default authentication methods already built into the enterprise manager. To do this, we can explore the “Mbean tree” in the enterprise manager to see the methods related to the Authenticators (DefualtAuthenticator).

OBIEE1

This is the method that we need to invoke to change user passwords. So at a high level, here’s what we need to do:

  • Write a Java class for password change functionality that uses the “Mbean changeUserPassword” method.
  • Build that into a Web service.
  • Deploy it to OBI WebLogic server.
  • Create a dashboard page for password change with “Action” link on it.
  • Create an “Action” link that will invoke this Web service.

Java Class: All we have to do is write couple of methods to connect to WebLogic and build password change logic in another method.

Use the method below to connect to WebLogic:

@WebMethod(exclude = true)

public static void initConnection(String hostname, String portString) throws IOException, MalformedURLException

{

Integer portInteger = Integer.valueOf(portString);

int port = portInteger.intValue();

String mserver = “/weblogic.management.mbeanservers.runtime”;

JMXServiceURL serviceURL = new JMXServiceURL(“service:jmx:iiop:///jndi/iiop://” + hostname + “:” + port + mserver);

Hashtable h = new Hashtable();

String[] credentials = new String[] {webLogicUsername, webLogicPassword };

h.put(“jmx.remote.credentials”, credentials);

jmxConnector = JMXConnectorFactory.connect(serviceURL, h);

//jmxConnector = JMXConnectorFactory.connect(serviceURL);

mBeanServerConnection = jmxConnector.getMBeanServerConnection();

}

Use the method below for password change and validation:

@WebMethod(exclude = true)

public String changeUserPassword( String userId, String oldPassword, String newPassword, String confirmPassword ) throws Exception

{

ObjectName securityMBeanName = new ObjectName(“Security:Name=myrealmDefaultAuthenticator”);

Object objUser[] = new Object[]{(userId), (oldPassword), (newPassword) };

String objStr[] = new String[]{(“java.lang.String”), (“java.lang.String”), (“java.lang.String”) };

try

{

if ( confirmPassword.equals(newPassword) )

{

mBeanServerConnection.invoke(securityMBeanName, “changeUserPassword”, objUser, objStr);

return “Password successfully changed.”;

}

else

{

return “New passwords do not match.”;

}

}

catch (Exception e)

{

if( e.getCause().getMessage().contains( validationFailed ) )

return “Validation of old password failed.”;

else if ( e.getCause().getMessage().contains( mustBeEightChars ) )

return “Password must be at least 8 characters long.”;

else if ( e.getCause().getMessage().contains( missingSpecialChars ) )

return “Password must contain at least 1 number or special character.”;

else

return “Can not reset password at this time. Please contact an Administrator.”;

}

}

Call the above two methods in the main method:

public String passwordChange( String userId, String oldPassword, String newPassword, String confirmPassword ) throws Exception

{

Changepwd c = new Changepwd();

initConnection(webLogicHostname, webLogicPort);

String result = c.changeUserPassword( userId, oldPassword, newPassword, confirmPassword );

jmxConnector.close();

return result;

}

Follow the normal process of deploying an application onto the WebLogic server. Once this is deployed onto WebLogic server as a Web service, create a dashboard with an “Action” link on it that will call the password change Web service:

  • Create a new dashboard.
  • Create an “Action” link.
  • Place the “Action” link in the newly created dashboard.

I will brief the process of creating an “Action” link as the rest is pretty trivial:

1. Select “New” then “Action” and this should open up the options below:

OBIEE2

2. Select “Invoke a Web Service”. Provide the WSDL link as shown in the screenshot below.

http://localhost:9704/OBIEEPasswordChange/ChangePasswordService?WSDL (Your WSDL URL could be different. Please check the deployment settings in the console for details.)

OBIEE3

3. If you face any difficulty identifying the URL, go to “WebLogic Console” and select “Deployment”, “OBIEEPasswordChangeEAR”,” ChangePasswordService” and go to the “Testing” tab as shown below:

OBIEE4

Click on “?WSDL” link and it should open the Web page. Copy that URL into the box shown in step 2.

4. Expand the folder as shown in step 2 to “Invoke a Web Service” operation, select “passwordChange” and press OK. This will open the dialog box below:

OBIEE6

Change your prompt labels to something meaningful.

Arg0: User Name

Arg1: Old Password

Arg2: New Password

Arg3: Confirm Password

5. Set the “Value” for Arg0 to session variable “USER” and mark it as fixed and hidden so users won’t be able to change passwords for anyone other than themselves. Leave the remaining values empty.

After completion of the above steps, your “Edit Action” dialog box should appear as below:

OBIEE7

6. You can click on the “Options” button for additional settings, although these are not required.

OBIEE8

7. Click on the “Action Results” tab and apply the settings below:

Dialog Text: @{passwordChangeResponse}

Name: passwordChangeResponse

XPath Expression: Body/passwordChangeResponse/return

Dialog Title: Results

OBIEE9

8. Click “OK” and save your action.

9.Place it onto the dashboard with a user-friendly message and it’s ready to go. This is how it should look:

OBIEE10

Click on the “Change Password” link to open the dialog box below:

OBIEE11

Tags:

Write a Comment

x

Contact Us Close