Obiee 11g - Overview of Action Framework
-
Upload
shawn-nelson -
Category
Documents
-
view
897 -
download
7
Transcript of Obiee 11g - Overview of Action Framework
© Peak Indicators Limited
Oracle Business Intelligence 11g Overview of Action Framework
Antony Heljula
Technical Architect
© Peak Indicators Limited 2
Agenda
Action Framework Overview Types of Action
Navigate to BI Dashboard
Conditions
Action Links
Further AF Examples Invoke a Web Page (Run a Google Search)
Invoke a Browser Script (Get Google Directions)
OBIEE Web Services
Securing Web Services
© Peak Indicators Limited 3
Action Framework
Action Framework is an exciting new feature of OBIEE 11g that provides the facility to invoke a wide variety of actions or processes directly within the UI
This is a major enhancement, since OBIEE 10g is great for analysis but has limited capability for performing actions once your analysis is complete
OBIEE 11g Action Framework enables you to:
Navigate to related Oracle BI content
Invoke operations, functions, or processes in external systems
Actions can be initiated from:
Analyses
Dashboard pages
Agents (iBots in 10g)
Balanced Scorecard “objectives” and “initiatives”
KPIs
© Peak Indicators Limited 4
Creating Actions
Actions can be created as re-usable objects:
Or you can create “inline” actions: If you only want to use an Action once, you can define it directly within an analysis,
dashboard page, agent, scorecard objective, scorecard initiative, or KPI. These inline actions are not re-usable
© Peak Indicators Limited 5
Actions
There are various things an Action can do!
Types of Action
Note: When integrated with Siebel CRM it is also possible to “Navigate to Siebel CRM” (Appears by default with 11.1.1.5)
© Peak Indicators Limited 6
Examples
This supersedes “navigation” in OBIEE 10g:
Navigate to BI Content
© Peak Indicators Limited 7
Examples
It is possible to configure Action Links to appear conditionally
e.g. “View Sales Order Details” only appears if there are <500 Orders
Conditions
Vision Nordics has >500 orders so it is only possible to navigate to a
“summary” analysis
Vision UK and Ireland has <500 orders so it is possible to navigate
to a “detail” analysis
© Peak Indicators Limited 8
Examples
You can also configure Action Links to request confirmation before invoking the action:
Confirmation
© Peak Indicators Limited 9
Examples
Dashboard Pages can consist of “Action Links” and “Action Link Menus”
On Dashboards
© Peak Indicators Limited 10
Examples
An “Action Link” dashboard object will show an individual Action
On Dashboards: Action Links
NOTE: The Action Link can be displayed conditionally
© Peak Indicators Limited 11
Examples
An “Action Link Menu” dashboard object allows you to display a menu of multiple Action Links:
On Dashboards: Action Link Menus
© Peak Indicators Limited 12
Examples
KPIs can be configured with multiple Action Links
The KPI “Status” can be used to determine which Action Links appear
On KPIs
© Peak Indicators Limited 13
Balanced Scorecards can also be configured with multiple Action Links
The Objective or KPI “Status” can be used to determine which Action Links appear
Examples
On Balanced Scorecards
© Peak Indicators Limited 14
Examples
You can initiate multiple Actions once a Delivers Agent has completed:
The Actions can be initiated for every row returned by the Agent!
Delivers Agents
You can map the columns returned by the Agent to each of
the Action’s parameters
© Peak Indicators Limited 15
Further Examples
© Peak Indicators Limited 16
Example 1 : Navigate to a Web Page
In this example, we will demonstrate how to initiate an Action to navigate to a web page and run a Google search for a customer!
© Peak Indicators Limited 17
Example 1 : Navigate to a Web Page
The first thing to do is build a sample URL that achieves what you need
For example, the following URL will run a Google search on “Oracle Corporation”:
http://www.google.co.uk/search?q=Oracle Corporation
Notes
© Peak Indicators Limited 18
Example 2 : Invoke a Web Service
In this example, we will demonstrate to how to create an Action that will invoke a web service directly from a Dashboard
The Action will be called “Adjust Sales Forecast” will invoke a web service to modify a Sales Rep’s forecast target:
© Peak Indicators Limited 19
Example 2 : Invoke a Web Service
In order to invoke a web service, you typically need the URL for its Web Service Description Language (WSDL)
The owner of the site hosting the web service should be able to provide you with his
The WSDL returns an XML file providing details on all the web services that are available, such as the operations available and the parameters that need to be passed
For example, our web service has the following WSDL:
http://obiee11g:7001/Adjust_Sales_Forecast-Adjust_Sales_Forecast-context-root/Adjust_Sales_ForecastPort?WSDL
NOTE:
It is possible for the OBIEE administrator to set up a “Registry” containing a list of available web services, this means you don’t need to provide the WSDL URL
Setting up of this Registry will be discussed during a later topic
Notes
© Peak Indicators Limited 20
In this example, a “Get Directions” Action will be used to invoke a piece of browser script (Javascript) that will open Google Maps and show you the directions between your chosen location and the customer!
Example 3 : Invoke a Browser Script
© Peak Indicators Limited 21
Example 3 : Invoke a Browser Script
The following URL can be generated to get directions using Google Maps:
http://maps.google.co.uk/maps?&saddr={p1}&daddr={p2}
Parameters p1 and p2 can be anything such as a postcode or a set of Lang/Long co-ordinates (in the format “Lat,Long”)
In our example, we will pass 3 parameters to our javascript function:
Your location
Latitude of customer
Longitude of customer
The javascript function will concatenate the Lat/Long coordinates together and pass them to Google Maps as a single parameter
Notes
© Peak Indicators Limited 22
Example 3 : Invoke a Browser Script
There is a “UserScript.js” file provided on the OBIEE server in which you must place your custom Javascript functions
UserScript.js is located in the following location on the OBIEE server:
[bi_server1] \bi_server1\tmp\_WL_user\analytics_11.1.1\xxxxx\war\res\b_mozilla\actions
NOTE: the [bi_server1] path is the following location:
[Middleware Home]\user_projects\domains\bifoundation_domain\servers\bi_server1
Notes
© Peak Indicators Limited 23
Example 3 : Invoke a Browser Script
There is a special syntax for the UserScript.js file
For each Action you actually provide two separate Javascript functions!
The 1st function contains the actual code:
Notes
USERSCRIPT.getdirections = function(params)
{
var googleURL = "http://maps.google.co.uk/maps?&saddr="
+ params.your_loc
+ "&daddr="
+ params.dest_lat
+ ","
+ params.dest_long;
window.open(googleURL,"GetDirections");
};
Function name must be prefixed with “USERSCRIPT.”
The function accepts a single array of input parameters
Your refer to input parameters in the format: array.parameter
© Peak Indicators Limited 24
Example 3 : Invoke a Browser Script
The 2nd function is used to define your input parameters
OBIEE uses this to automatically know which parameters are required
It has the following format (in this case we are defining 3 input parameters):
Notes
USERSCRIPT.getdirections.publish =
{
parameters:[
new USERSCRIPT.parameter("your_loc" , "Your Location" ,""),
new USERSCRIPT.parameter("dest_lat" , "Latitude Destination" ,""),
new USERSCRIPT.parameter("dest_long", "Longitude Destination",""),
]
};
The function has the same name as before, but has
the postfix “.publish”
Each parameter has 3 elements: 1) Variable name 2) Description 3) Default Value
© Peak Indicators Limited 25
OBI EE Web Services
© Peak Indicators Limited 26
OBIEE Web Services
OBIEE 11g comes equipped with a wide range of web services
There are two different types:
“Session based” web services
Web services for SOA (new with OBIEE 11g)
Refer to the OBIEE 11g Integrator’s Guide for detailed information:
http://download.oracle.com/docs/cd/E14571_01/bi.1111/e16364/toc.htm
© Peak Indicators Limited 27
Session Based OBIEE Web Services
There are a variety of OBIEE “session based” web services are available: HtmlViewService - obtain HTML to render BI dashboards/reports
iBotService - initiate iBots
MetadataService - Retrieve info on Subject Areas, Tables, Columns
ReplicationService - Replication between Presentation Catalogues
ReportEditingService - Add filter and other conditions to BI requests
SAWSessionService - Login, Logoff, Impersonate authentication functions
SecurityService - Identify BI EE accounts and privileges
WebCatalogService - Browsing and Managing the Presentation Catalogue
XMLViewService - Retrieve Oracle BI query results in XML format
Each of these web services contain one or more methods
They are referred to as “session based” because you have to establish a session with OBIEE first before you can use them (you need to pass in a valid Session Id)
The Web Service Definition Language (WSDL) format for Oracle BI web services can be obtained using the following example URL: http://localhost:9704/analytics/saw.dll?WSDL
© Peak Indicators Limited 28
Session Based OBIEE Web Services
When returning results in XML format, the structure is as follows:
It is also possible to specify a parameter to return the meta-data for each column of data returned e.g. name, data format, length etc
XML Results
© Peak Indicators Limited 29
Session Based OBIEE Web Services
To satisfy a particular requirement, normally a number of BI EE web services will have to be called in sequence e.g. Log in / Authenticate (SAWSessionService)
Obtain results in XML format (XMLViewService)
Log off (SAWSessionService)
This means you have to programmatically call the web services one after the other You log in to obtain the Session Id
You call the next web service and pass the Session Id in as a parameter
You call the next web service ……
These session based web services are therefore not too compatible with Action Framework on their own Action Framework initiates individual Actions with no connection between
them
Encapsulating into Workflows
© Peak Indicators Limited 30
Session Based OBIEE Web Services
It could be advisable therefore to “encapsulate” the sequence into a BPEL workflow:
BPEL workflow will orchestrate the initiation of the BI EE web services
The BPEL workflow will itself then be presented as a web service
Action Framework can then initiate this single “Action”
This is where Oracle BPEL and SOA Suite come into play....we will discuss more about this later….
Encapsulating into Workflows
© Peak Indicators Limited 31
OBIEE Web Services for SOA
“OBIEE Web Services for SOA” are quite different to the “Session Based” web services. There are three actions available: Execute Agent
Execute Condition
Execute Analysis
You don’t need to pass in a valid Session Id to use them They are still secured using a username/password in the credential store
Prompted filters and presentation variables included in the business intelligence objects are supported For example: if your Analysis has 3 “Is Prompted” filters then you can pass
values in for these at run-time
Only XML results are returned
© Peak Indicators Limited 32
OBIEE Web Services for SOA
Instead of being provided with a WSDL URL, you are in fact provided with a WSIL (Web Service Inspection Language) URL:
http://localhost:9704/biservices/inspection?wsil
This allows OBIEE to dynamically build up the set of web services available based upon the objects in the BI Presentation Catalogue. If you open up the WSIL URL in a browser, you can see that you are able to browse through the catalogue structure and you’ll find a web service for each Analysis, Condition and Agent!
WSIL…..not WSDL
© Peak Indicators Limited 33
OBIEE Web Services for SOA
Consider this example where we have an Agent called “Sales History Agent”
We want to use Action Framework to invoke it…
Example
© Peak Indicators Limited 34
OBIEE Web Services for SOA
Create a new Action of type “Invoke a Web Service”
You can then browse through the catalog and invoke the web service associated with your Agent!
Create Action : Invoke a Web Service
The path to our Agent is: /shared/Agents/Sales History Agent
Here is the web service associated with the Agent
© Peak Indicators Limited 35
OBIEE Web Services for SOA
There are two parameters to configure, you can leave them “Optional”:
Session Country
Session Language
Configure Parameters
© Peak Indicators Limited 36
OBIEE Web Services for SOA
Execute the Action and see the “Alerts!” link appear:
Execute the Action!
© Peak Indicators Limited 37
OBIEE Web Services for SOA
There is some configuration required in order to use OBIEE Web Services for SOA
Firstly, you have to configure the FMW “credential store” with the username/password that will be used to browse the web services available
This account will always be used for browsing the web services, so users can only execute Actions on objects stored in “Shared” folders
Secondly we will configure the “ActionFrameworkConfig.xml” file with details such as:
The WSIL URL to use for browsing the web services
The authentication policy to determine what credentials etc are required to invoke the web services
Configuration
© Peak Indicators Limited 38
OBIEE Web Services for SOA
Open up Enterprise Manager and navigate to:
WebLogic Domain > bifoundation_domain
Then choose the menu option “Security > Credentails”
Configuration : Step 1
© Peak Indicators Limited 39
OBIEE Web Services for SOA
Within the “oracle.bi.enterprise” map, create a new credential key:
Key: wsil.browsing
Username: weblogic } for example
Password: welcome1 }
Configuration : Step 2
© Peak Indicators Limited 40
OBIEE Web Services for SOA
Create a new file called “wss_username_token_policy.xml” and paste in the following contents:
Save the file in the following location: [Middleware Home]\user_projects\domains\bifoundation_domain\config\fmwconfig\biinstances\coreapplication
Configuration : Step 3
<?xml version="1.0" encoding="UTF-8"?>
<oracle-webservice-clients>
<webservice-client>
<port-info>
<policy-references>
<policy-reference uri="oracle/log_policy" category="management"/>
<policy-reference uri="oracle/wss_username_token_client_policy" category="security"/>
</policy-references>
</port-info>
</webservice-client>
</oracle-webservice-clients>
© Peak Indicators Limited 41
OBIEE Web Services for SOA
Within the same folder, open up the “ActionFrameworkConfig.xml” file for editing
Configure the “<Registries>” tags to contain the following registry:
You should ensure the ?WSIL path is correct
Configuration : Step 4
<registries>
<registry>
<id>WS4SOA</id>
<name>OBIEE Web Services for SOA</name>
<content-type>webservices</content-type>
<provider-class>oracle.bi.action.registry.wsil.WSILRegistry</provider-class>
<description></description>
<location>
<path>http://localhost:9704/biservices/inspection?wsil</path>
</location>
<service-access>
<account>wsil.browsing</account>
<policy>wss_username_token_policy</policy>
<propagateIdentity>false</propagateIdentity>
</service-access>
</registry>
</registries>
© Peak Indicators Limited 42
OBIEE Web Services for SOA
Then configure the “<Accounts>” and “<Policies>” tags to contain the following configuration
You should not need to edit anything
Configuration : Step 5
<accounts>
<account>
<name>wsil.browsing</name>
<description>Account for BI WS for SOA</description>
<adminonly>false</adminonly>
<credentialkey>wsil.browsing</credentialkey>
<credentialmap>oracle.bi.enterprise</credentialmap>
</account>
</accounts>
<policies>
<policy>
<name>wss_username_token_policy</name>
<policyfile>wss_username_token_policy.xml</policyfile>
</policy>
</policies>
© Peak Indicators Limited 43
OBIEE Web Services for SOA
Save the “ActionFrameworkConfig.xml” file
Restart the following processes:
BI Presentation Services
Weblogic managed server “bi_server1”
Configuration : Step 6
© Peak Indicators Limited 44
OBIEE Web Services for SOA
Test! You should now be able to create an Action and see that the web services are automatically available for you to choose and execute:
Configuration : Step 7
© Peak Indicators Limited 45
OBIEE Web Services for SOA
Without further configuration, all the Web Services for SOA will be invoked as the same “wsil.browsing” account
Everyone has the same visibility of the common “Shared Folders” area
Everyone has the same visibility of the user’s own “My Folders” area
Common data visibility for all users
However, with further configuration it is possible to “secure” the web services to run as the user who is invoking the web service rather than the common “wsil.browsing” account
We will be dealing with securing web services in a later topic….
Important Note!
© Peak Indicators Limited 46
Securing Web Services
© Peak Indicators Limited 47
Securing Web Services
The securing of web services is obviously a very important topic
If you’re not careful, by default your custom web services will have no security so anyone can invoke them from anywhere!
You can secure web services within OWSM or within WebLogic. You secure a web service by assigning one or more “WS Policies”
In the example below, the “ExecuteAgent” web service has a security policy which enforces authentication using a username and password (Token):
© Peak Indicators Limited 48
Securing Web Services
There are two types of policy that can be attached to web services:
Oracle Web Services Manager (WSM) Policy
Policy provided by the OWSM
You can only attach OWSM security policies to JAX-WS Web services
You manage OWSM policies from with Oracle Enterprise Manager Fusion Middleware Control
WebLogic Web Service Policy
Policy provided by WebLogic Server
A subset of WebLogic Web service policies interoperate with Oracle WSM policies
You manage WebLogic Web service policies from the WebLogic Admin Console
NOTE:
It is recommended that you use OWSM policies over WebLogic policies whenever possible. You cannot mix your use of Oracle WSM and WebLogic Web service policies on the same web service
Policies
© Peak Indicators Limited 49
Securing Web Services
OWSM and WebLogic come with many predefined policies! The one to use largely depends on the customer’s needs:
As a general rule though you can simply consider the policies mentioned
on the next slides
Predefined Policies
© Peak Indicators Limited 50
Securing Web Services
By default, all the “OBIEE Web Services for SOA” are configured with a policy that requires a valid Username / Password credentials to be passed through:
The credentials are checked against whatever Identity Provider(s) is configured in WebLogic (by default, it will be its own embedded LDAP store)
In the case of OBIEE 11g, the credentials passed are stored in the “Credential Store” administered within Enterprise Manager (WebLogic Domain > Security > Credentials):
Username / Password (Token)
© Peak Indicators Limited 51
Securing Web Services
Although the policy “wss_username_token_service_policy” secures authentication, it does not cover all security aspects:
Confidentiality:
There is no use of public/private keys so the messages are not encrypted (usernames/passwords are not even encrypted)
Integrity:
The messages are not digitally signed, so you cannot guarantee the authenticity of the messages
NOTE: a private key is actually used to digitally sign messages
Username / Password (Token)
© Peak Indicators Limited 52
Securing Web Services
OWSM provides another policy “wss_username_token_with message_protection_service_policy”:
This security policy is much more secure:
Username/password credentials must be supplied
XML Messages are encrypted using public/private key
XML Messages are digitally signed using the private key
The downside is that you always have to supply a password!
You can use the “Credential Store” for this purpose, but it means you are always passing over the same credentials no matter which user is invoking the service
Username / Password (Token) with Message Protection
© Peak Indicators Limited 53
Securing Web Services
OWSM provides alternative policy “wss11_saml_token_with message_protection_service_policy”:
Instead of requiring a password, the client passes over a certificate which is then verified by the server (the server has a key store containing all the valid certificates)
This security policy is also very secure: Only clients with a “trusted” certificate are allowed XML Messages are encrypted using public/private key XML Messages are digitally signed using the private key
The benefit is that the username of the invoking user is propagated, so this policy supports the need for a service to run as different users. The downside is that the server has to trust that the user is valid. This method is commonly used by “partners” who need to integrate across the web and can trust each other
NOTE: The propagated user must have an entry in the recipient’s LDAP store
SAML Token with Message Protection
© Peak Indicators Limited 54
Securing Web Services
OWSM provides alternative policy “wss11_saml_token_with message_protection_service_policy”:
Instead of requiring a password, an X.509 certificate is passed over to the server to verify that the user has been authenticated and can be trusted (X.509 is commonly used in SSO applications)
This security policy is also very secure: Only clients with a valid X.509 certificate allowed
XML Messages are encrypted using public/private key
XML Messages are digitally signed using the private key
The username of the invoking user is propagated, so this policy supports the need for a service to run as different users. X.509 is a stronger and more secure form of SSO compared to SAML. Each user has a certificate which is tied to an individual entry in the company’s LDAP store
X509 Token with Message Protection
© Peak Indicators Limited
Helping Your Business Intelligence Journey