Sunday, September 17, 2006

Virtual Private Database - Discoverer and Java

I was out visiting a customer last week and talking about various bits of our technology. They are heavily dependent in all their new applications on Oracle Virtual Private Database as a way of keeping data confidentiality across a shared user population reporting and transacting against that data. As a result of this they depend on the user identity being propagated through to the database from the middle tier reporting and application layer to enable VPD to do its magic.

As the product set they were investigating included OracleAS Portal, BI Discoverer and Oracle Application Server (OC4J) , they had several questions around how their secure, as I came to think of it, "business intelligence portal" would work:

1. For reporting they have been prototyping quite successfully with BI Discoverer but now needed to understand if and how BI Discoverer + portal single signon work with VPD

2. For their custom Java applications, again how do they interact with successfully with VPD

For the first, it turns out to be quite simple and is well documented. There is direct integration between the OracleAS Portal single sign on solution and virtual private database. Here is the documentation:

http://download-west.oracle.com/docs/cd/B14099_19/bi.1012/b13918/security2.htm#sthref1008

For the second, it is slight more technical as the solution naturally is Java centric but fortunately the product management team for OC4J has put together a small sample that pretty much gives the answer in a few lines of code:

Article:
http://www.oracle.com/technology/tech/java/oc4j/1013/how_to/how-to-ds-proxy/doc/how-to-ds-proxy.html,

Source:
http://www.oracle.com/technology/tech/java/oc4j/1013/how_to/how-to-ds-proxy/how-to-ds-proxy.zip

In the second example, once the user identity is set on the proxy authentication, all the normal VPD machinery kicks into place and executes as expected.

This combination of 4 products - OracleAS Portal, Discoverer, Oracle SSO and OC4J - is quite interesting to see work together and can be quite compelling depending on the use case. Rather than stitching 4 heterogeneous products across 4 different vendors to get a secure business intelligence portal (business issue 1), not only has the product integration being done from the start, the key value this particular customer was after, VPD integration, has also been pre-done literally out of the box (business issue 2 - why I was there).