Oracle Business Intelligence 11g Overview of Action Framework ...

beehuntervivaciousΛογισμικό & κατασκευή λογ/κού

14 Ιουλ 2012 (πριν από 5 χρόνια και 2 μήνες)

1.144 εμφανίσεις

© Peak
Indicators Limited

Oracle Business Intelligence 11g

Overview of
Action Framework

Antony Heljula

Technical Architect

© Peak
Indicators Limited

2

Agenda


Action Framework Overview


Types of Action


Navigate to BI Dashboard


Conditions


Action Links


Further AF Examples


Invoke a Web Page (Run a Google Search)


Invoke a Browser Script (Get Google Directions)


OBIEE Web Services


Securing Web Services


© Peak
Indicators Limited

3

Action Framework


Action Framework is an exciting new feature of OBIEE 11g that provides the facility
to invoke a wide variety of actions or processes directly within the UI



This is a major enhancement, since OBIEE 10g is great for analysis but has limited
capability for performing actions once your analysis is complete



OBIEE 11g Action Framework enables you to:


Navigate to related
Oracle BI content


Invoke operations, functions, or processes in external systems



Actions can be initiated from:


Analyses


Dashboard pages


Agents (
iBots

in 10g)


Balanced Scorecard “objectives” and “initiatives”


KPIs







© Peak
Indicators Limited

4

Creating Actions


Actions can be created as re
-
usable objects:














Or you can create “inline” actions:


If you only want to use an Action once, you can define it directly within an
analysis,
dashboard page, agent, scorecard objective, scorecard initiative, or KPI
. These
inline actions are not re
-
usable

© Peak
Indicators Limited

5

Actions


There are various things an Action can do!

Types of Action

Note:

When integrated with Siebel CRM
it is also possible to

“Navigate to Siebel CRM”

(Appears by default with 11.1.1.5)


© Peak
Indicators Limited

6

Examples


This supersedes “navigation” in OBIEE 10g:

Navigate to BI Content

© Peak
Indicators Limited

7

Examples


It is possible to configure Action Links to appear conditionally


e.g. “View Sales Order Details” only appears if there are <500 Orders

Conditions

Vision Nordics has >500 orders so
it is only possible to navigate to a
“summary” analysis

Vision UK and Ireland has <500
orders so it is possible to navigate
to a “detail” analysis

© Peak
Indicators Limited

8

Examples


You can also configure Action Links to request confirmation before
invoking the action:

Confirmation

© Peak
Indicators Limited

9

Examples


Dashboard Pages can consist of “Action Links” and “Action Link Menus”

On Dashboards

© Peak
Indicators Limited

10

Examples


An “Action Link” dashboard object will show an individual Action

On Dashboards: Action Links

NOTE: The Action Link can be
displayed conditionally

© Peak
Indicators Limited

11

Examples


An “Action Link Menu” dashboard object allows you to display a menu of
multiple Action Links:

On Dashboards:
Action
Link Menus

© Peak
Indicators Limited

12

Examples


KPIs can be configured with multiple Action Links


The KPI “Status” can be used to determine which Action Links appear

On KPIs

© Peak
Indicators Limited

13


Balanced Scorecards can also be configured with multiple Action Links


The Objective or KPI “Status” can be used to determine which Action Links
appear

Examples

On Balanced Scorecards

© Peak
Indicators Limited

14

Examples


You can initiate multiple Actions once a Delivers Agent has completed:


The Actions can be initiated for every row returned by the Agent!

Delivers Agents

You can map the
columns returned by
the Agent to each of
the Action’s
parameters

© Peak
Indicators Limited

15


Further Examples

© Peak
Indicators Limited

16

Example 1 : Navigate to a Web Page


In this example, we will demonstrate how to initiate an Action to navigate
to a web page and run a Google search for a customer!

© Peak
Indicators Limited

17

Example 1 : Navigate to a Web Page


The first thing to do is build a sample URL that achieves what you need



For example, the following URL will run a Google search on “Oracle
Corporation”:


http://
www.google.co.uk/search?q=
Oracle Corporation

Notes

© Peak
Indicators Limited

18

Example 2 : Invoke a Web Service


In this example, we will demonstrate to how to create an Action that will
invoke a web service directly from a Dashboard


The Action will be called “Adjust Sales Forecast” will invoke a web service to
modify a Sales Rep’s forecast target:

© Peak
Indicators Limited

19

Example 2 : Invoke a Web Service


In order to invoke a web service, you typically need the URL for its Web Service
Description Language (WSDL)


The owner of the site hosting the web service should be able to provide you with his



The WSDL returns an XML file providing details on all the web services that are
available, such as the operations available and the parameters that need to be passed



For example, our web service has the following WSDL:


http://obiee11g:7001/Adjust_Sales_Forecast
-
Adjust_Sales_Forecast
-
context
-
root/Adjust_Sales_ForecastPort?WSDL



NOTE
:


It is possible for the OBIEE administrator to set up a “Registry” containing a list of
available web services, this means you don’t need to provide the WSDL URL


Setting up of this Registry will be discussed during a later topic



Notes

© Peak
Indicators Limited

20


In this example, a “Get Directions” Action will be used to invoke a piece of
browser script (
Javascript
) that will open Google Maps and show you the
directions between your chosen location and the customer!

Example 3 : Invoke a Browser Script

© Peak
Indicators Limited

21

Example 3 : Invoke a Browser Script


The following URL can be generated to get directions using Google Maps:


http://maps.google.co.uk/maps?&saddr
=
{p1}
&daddr=
{p2}



Parameters p1 and p2 can be anything such as a postcode or a set of
Lang/Long co
-
ordinates (in the format “
Lat,Long
”)



In our example, we will pass 3 parameters to our
javascript

function:


Your location


Latitude of customer


Longitude of customer



The
javascript

function will concatenate the
Lat
/Long coordinates together
and pass them to Google Maps as a single parameter

Notes

© Peak
Indicators Limited

22

Example 3 : Invoke a Browser Script


There is a “
UserScript.js
” file provided on the OBIEE server in which you
must place your custom
Javascript

functions



UserScript.js is located in the following location on the OBIEE server:



[bi_server1]
\
bi_server1
\
tmp
\
_
WL_user
\
analytics_11.1.1
\
xxxxx
\
war
\
res
\
b_mozilla
\
actions





NOTE: the
[bi_server1]
path is the following location:




[Middleware Home]
\
user_projects
\
domains
\
bifoundation_domain
\
servers
\
bi_server1

Notes

© Peak
Indicators Limited

23

Example 3 : Invoke a Browser Script


There is a special syntax for the UserScript.js file


For each Action you actually provide two separate
Javascript

functions!



The 1
st

function contains the actual code:


Notes

USERSCRIPT.getdirections

= function(
params
)

{


var

googleURL

= "http://maps.google.co.uk/maps?&
saddr
="


+
params.your_loc


+ "&
daddr
="


+
params.dest_lat



+ ","


+
params.dest_long
;



window.open
(
googleURL
,"
GetDirections
");

};

Function name must
be prefixed with

“USERSCRIPT.”

The function accepts a single
array of input parameters

Your refer to input

parameters in the format:

array.parameter

© Peak
Indicators Limited

24

Example 3 : Invoke a Browser Script


The 2
nd

function is used to define your input parameters


OBIEE uses this to automatically know which parameters are required



It has the following format (in this case we are defining 3 input parameters):


Notes



USERSCRIPT.getdirections.publish

=

{


parameters:[


new
USERSCRIPT.parameter
("
your_loc
" , "Your Location" ,""),


new
USERSCRIPT.parameter
("
dest_lat
" , "Latitude Destination" ,""),


new
USERSCRIPT.parameter
("
dest_long
", "Longitude Destination",""),


]

};

The function has the same
name as before, but has
the postfix “.publish”

Each parameter has 3 elements:

1)
Variable name

2)
Description

3)
Default Value

© Peak
Indicators Limited

25


OBI EE Web Services

© Peak
Indicators Limited

26

OBIEE Web Services


OBIEE 11g comes equipped with a wide range of web services



There are two different types:


“Session based” web services


Web services for SOA



(new with OBIEE 11g)



Refer to the OBIEE 11g Integrator’s Guide for detailed information:


http://
download.oracle.com/docs/cd/E14571_01/bi.1111/e16364/toc.htm






© Peak
Indicators Limited

27

Session Based OBIEE Web
Services


There are a variety of OBIEE “session based” web services are available:


HtmlViewService

-

obtain HTML to render BI dashboards/reports


iBotService


-

initiate
iBots


MetadataService


-

Retrieve info on Subject Areas, Tables, Columns


ReplicationService


-

Replication between Presentation
Catalogues


ReportEditingService


-

Add filter and other conditions to BI requests


SAWSessionService


-

Login, Logoff, Impersonate authentication functions


SecurityService

-

Identify
BI EE accounts and privileges


WebCatalogService

-

Browsing and Managing the Presentation
Catalogue


XMLViewService

-

Retrieve Oracle BI query results in XML format



Each of these web services contain one or more
methods



They are referred to as “session based” because you have to establish a session
with OBIEE first before you can use them (you need to pass in a valid Session Id)



The Web Service Definition Language (WSDL) format for Oracle BI web services can
be obtained using the following example URL
:


http
://localhost:9704/analytics/saw.dll?WSDL


© Peak
Indicators Limited

28

Session Based OBIEE Web Services


When returning results in XML format, the structure is as follows:













It is also possible to specify a parameter to return the meta
-
data for each
column of data returned e.g. name, data format, length etc

XML Results

© Peak
Indicators Limited

29

Session Based OBIEE Web Services


To satisfy a particular requirement, normally a number of BI EE web
services will have to be called in sequence e.g.


Log in / Authenticate


(
SAWSessionService
)


Obtain results in XML format

(
XMLViewService
)


Log off



(
SAWSessionService
)



This means you have to programmatically call the web services one after
the other


You log in to obtain the Session Id


You call the next web service and pass the Session Id in as a parameter


You call the next web service ……



These session based web services are therefore not too compatible with
Action Framework on their own


Action Framework initiates individual Actions with no connection between
them



Encapsulating into Workflows

© Peak
Indicators Limited

30

Session Based OBIEE Web Services


It
could
be
advisable
therefore to
“encapsulate” the sequence into a
BPEL workflow:


BPEL workflow will orchestrate the initiation of the BI EE web services



The
BPEL workflow will itself
then be
presented as a web
service


Action Framework can then initiate this single “Action”



This is where Oracle BPEL and SOA Suite come into play....we will
discuss more about this later….

Encapsulating into Workflows

© Peak
Indicators Limited

31

OBIEE Web Services for SOA


“OBIEE Web Services for SOA” are quite different to the “Session Based”
web services. There are three actions available:


Execute Agent


Execute Condition


Execute Analysis



You don’t need to pass in a valid Session Id to use them


They are still secured using a username/password in the credential store



Prompted filters and presentation variables included in the business
intelligence objects are
supported


For example: if your Analysis has 3 “Is Prompted” filters then you can pass
values in for these at run
-
time



Only XML results are returned

© Peak
Indicators Limited

32

OBIEE Web Services for SOA


Instead of being provided with a WSDL URL, you are in fact provided with a WSIL
(Web Service Inspection Language) URL:


http://localhost:9704/biservices/inspection?wsil



This allows OBIEE to dynamically build up the set of web services available based
upon the objects in the BI Presentation Catalogue. If you open up the WSIL URL in
a browser, you can see that you are able to browse through the catalogue
structure and you’ll find a web service for each Analysis, Condition and Agent!

WSIL…..not WSDL

© Peak
Indicators Limited

33

OBIEE Web Services for SOA


Consider this example where we have an Agent called “Sales History Agent”



We want to use Action Framework to invoke it…

Example

© Peak
Indicators Limited

34

OBIEE Web Services for SOA


Create a new Action of type “Invoke a Web Service”


You can then browse through the
catalog

and invoke the web service
associated with
your Agent!

Create Action : Invoke a Web Service

The path to our Agent is:

/shared/Agents/Sales History Agent

Here is the web service
associated with the Agent

© Peak
Indicators Limited

35

OBIEE Web Services for SOA


There are two parameters to configure, you can leave them “Optional”:


Session Country


Session Language

Configure Parameters

© Peak
Indicators Limited

36

OBIEE Web Services for SOA


Execute the Action and see the “Alerts!” link appear:

Execute the Action!

© Peak
Indicators Limited

37

OBIEE Web Services for SOA


There is some configuration required in order to use OBIEE Web Services
for SOA



Firstly, you have to configure the FMW “credential store” with the
username/password that will be used to browse the web services
available


This account will
always

be used for browsing the web services, so users can
only execute Actions on objects stored in “Shared” folders



Secondly we will configure the “ActionFrameworkConfig.xml” file with
details such as:


The WSIL URL to use for browsing the web services


The authentication policy to determine what credentials
etc

are required to
invoke the web services


Configuration

© Peak
Indicators Limited

38

OBIEE Web Services for SOA


Open up Enterprise Manager and navigate to:


WebLogic

Domain >
bifoundation_domain



Then choose the menu option “Security >
Credentails


Configuration : Step 1

© Peak
Indicators Limited

39

OBIEE Web Services for SOA


Within the “
oracle.bi.enterprise
” map, create a new credential key:


Key:


wsil.browsing


Username:


weblogic


}
for example


Password:


welcome1

}

Configuration : Step 2

© Peak
Indicators Limited

40

OBIEE Web Services for SOA


Create a new
file called “
wss_username_token_policy.xml” and paste in
the following contents:










Save the file in the following location:


[Middleware Home]
\
user_projects
\
domains
\
bifoundation_domain
\
config
\
fmwconfig
\
biinstances
\
coreapplication

Configuration : Step 3

<?xml version="1.0" encoding="UTF
-
8"?>

<oracle
-
webservice
-
clients>

<
webservice
-
client>

<port
-
info>

<policy
-
references>

<policy
-
reference
uri
="oracle/
log_policy
" category="management"/>

<policy
-
reference
uri
="oracle/
wss_username_token_client_policy
" category="security"/>

</policy
-
references>

</port
-
info>

</
webservice
-
client>

</oracle
-
webservice
-
clients>

© Peak
Indicators Limited

41

OBIEE Web Services for SOA


Within the same folder, open up the “ActionFrameworkConfig.xml” file for
editing



Configure the “<Registries>” tags to contain the following registry:


You should ensure the ?WSIL path is correct

Configuration : Step 4

<registries>


<registry>


<id>WS4SOA</id>


<name>OBIEE Web Services for SOA</name>


<content
-
type>
webservices
</content
-
type>


<provider
-
class>
oracle.bi.action.registry.wsil.WSILRegistry
</provider
-
class>


<description></description>


<location>


<path>
http://localhost:9704/biservices/inspection?wsil
</path>


</location>


<service
-
access>


<account>
wsil.browsing
</account>



<policy>
wss_username_token_policy
</policy>



<
propagateIdentity
>false</
propagateIdentity
>


</service
-
access>


</registry>

</registries>

© Peak
Indicators Limited

42

OBIEE Web Services for SOA


Then configure the “<Accounts>” and “<Policies>” tags to contain the
following configuration


You should not need to edit anything

Configuration : Step 5

<accounts>


<account>


<name>
wsil.browsing
</name>


<description>Account for BI WS for SOA</description>


<
adminonly
>false</
adminonly
>


<
credentialkey
>
wsil.browsing
</
credentialkey
>


<
credentialmap
>
oracle.bi.enterprise
</
credentialmap
>


</account>

</accounts>


<policies>


<policy>


<name>
wss_username_token_policy
</name>


<
policyfile
>wss_username_token_policy.xml</
policyfile
>


</policy>

</policies>

© Peak
Indicators Limited

43

OBIEE Web Services for SOA


Save the “ActionFrameworkConfig.xml” file



Restart the following processes:


BI Presentation Services


Weblogic

managed server “bi_server1”

Configuration : Step 6

© Peak
Indicators Limited

44

OBIEE Web Services for SOA


Test! You should now be able to create an Action and see that the web
services are automatically available for you to choose and execute:

Configuration : Step 7

© Peak
Indicators Limited

45

OBIEE Web Services for SOA


Without further configuration, all the Web Services for SOA will be
invoked as the same “
wsil.browsing
” account


Everyone has the same visibility of the common “Shared Folders” area


Everyone has the same visibility of the user’s own “My Folders” area


Common data visibility for all users



However, with further configuration it is possible to “secure” the web
services to run as the user who is invoking the web service rather than the
common “
wsil.browsing
” account



We will be dealing with securing web services in a later topic….

Important Note!

© Peak
Indicators Limited

46


Securing Web Services

© Peak
Indicators Limited

47

Securing Web Services


The securing of web services is obviously a very important topic


If you’re not careful, by default your custom web services will have no security so anyone
can invoke them from anywhere!



You can secure web services within OWSM or within
WebLogic
. You secure a web
service by assigning one or more “WS Policies”



In the example below, the “
ExecuteAgent
” web service has a security policy which
enforces authentication using a username and password (Token):

© Peak
Indicators Limited

48

Securing Web Services


There are two types of policy that can be attached to web services:


Oracle
Web Services Manager (WSM) Policy


Policy provided by the
OWSM


You
can only attach
OWSM
security policies to
JAX
-
WS
Web
services


You manage
OWSM
policies from
with Oracle
Enterprise Manager Fusion
Middleware
Control



WebLogic

Web Service Policy


Policy provided by
WebLogic

Server


A subset of
WebLogic

Web service policies interoperate with Oracle WSM
policies


You
manage
WebLogic

Web service policies
from the
WebLogic

Admin Console



NOTE:


It is recommended that you use
OWSM
policies over
WebLogic

policies
whenever
possible. You cannot mix your use of Oracle WSM and
WebLogic

Web service policies on the same
web service


Policies

© Peak
Indicators Limited

49

Securing Web Services


OWSM and
WebLogic

come with many predefined policies! The one to use
largely depends on the customer’s needs:











As a general rule though you can simply consider the policies mentioned
on
the next
slides



Predefined Policies

© Peak
Indicators Limited

50

Securing Web Services


By default, all the “OBIEE Web Services for SOA” are configured with a policy that
requires a valid Username / Password credentials to be passed through:





The credentials are checked against whatever Identity Provider(s) is configured in
WebLogic

(by default, it will be its own embedded LDAP store)



In the case of OBIEE 11g, the credentials passed are stored in the “Credential Store”
administered within Enterprise Manager (
WebLogic

Domain > Security > Credentials):


Username / Password (Token)

© Peak
Indicators Limited

51

Securing Web Services


Although the policy “
wss_username_token_service_policy
” secures
authentication, it does not cover all security aspects:



Confidentiality:


There is no use of public/private keys so the messages are not encrypted
(usernames/passwords are not even encrypted)



Integrity:


The messages are not digitally signed, so you cannot guarantee the authenticity of the
messages




NOTE: a private key is actually used to digitally sign messages


Username / Password (Token)

© Peak
Indicators Limited

52

Securing Web Services


OWSM provides another policy “
wss_username_token_with

message_protection_service_policy
”:





This security policy is much more secure:


Username/password credentials must be supplied


XML Messages are encrypted using public/private key


XML Messages are digitally signed using the private key



The downside is that you always have to supply a password!


You can use the “Credential Store” for this purpose, but it means you are always
passing over the same credentials no matter which user is invoking the service





Username / Password (Token) with Message Protection

© Peak
Indicators Limited

53

Securing Web Services


OWSM provides alternative policy “wss11_saml_token_with
message_protection_service_policy
”:






Instead of requiring a password, the client passes over a certificate which is then verified
by the server (the server has a key store containing all the valid certificates)



This security policy is also very secure:


Only clients with a “trusted” certificate are allowed


XML Messages are encrypted using public/private key


XML Messages are digitally signed using the private key



The benefit is that the username of the invoking user is propagated, so this policy supports
the need for a service to run as different users. The downside is that the server has to
trust that the user is valid. This method is commonly used by “partners” who need to
integrate across the web and can trust each other



NOTE: The propagated user must have an entry in the recipient’s LDAP store





SAML Token with Message Protection

© Peak
Indicators Limited

54

Securing Web Services


OWSM provides alternative policy “wss11_saml_token_with
message_protection_service_policy
”:






Instead of requiring a password, an X.509 certificate is passed over to the server to verify
that the user has been authenticated and can be trusted (X.509 is commonly used in SSO
applications)



This security policy is also very secure:


Only clients with a valid X.509 certificate allowed


XML Messages are encrypted using public/private key


XML Messages are digitally signed using the private key



The username of the invoking user is propagated, so this policy supports the need for a
service to run as different users. X.509 is a stronger and more secure form of SSO
compared to SAML. Each user has a certificate which is tied to an individual entry in the
company’s LDAP store





X509 Token with Message Protection

© Peak
Indicators Limited

Helping Your Business Intelligence Journey