Up to my eyeballs in Oracle 9iAS, Reports 9i and Oracle Express.

9iAS has got a steep learning curve and it takes a good while before any of it makes sense. To get anything done, you've got to have a good understanding of how J2EE application servers work, and it's a pretty unforgiving environment if you screw something up. Nonetheless, with a considerable amount of help from some colleagues, i've got Reports displaying data and graphs from Express and Oracle 9i, all delivered via JSPs through Oracle Portal.

The clever bit now is linking the Reports portlets through to a fully slice-n-dice environment using Web Agent and Express. As Express isn't part of the 9iAS Single Sign-on environment, you need to find some way of picking up who the Portal user is, passing it on (securely) to Express and Web Agent, to give the impression of an SSO environment.

The answer? Thanks to another colleague, using the Portal Wizard plug-in to JDeveloper 9.0.3 to create a custom java portlet that uses a Portal API to retrieve the logged in user. These user details are then used as part of a custom URL, that calls a redirector JSP sitting in the Web Agent application that then formats the parameters in a way that Web Agent can pick up.

This works fine but has the drawback that in this simple form, the username picked up through the Portal API is in plain text, and can therefore be spoofed. The next step therefore is to find a way of encrypting it at the Portlet end, and decrypting it at the Express end, or find some other way to pass across the username, maybe using cookies?

It's an interesting area and i'm working with a great team who can bring all of these bits of Oracle technology together. I'll upload any generic code incase anyone else needs to tackle this sort of problem.