12c SOA - Rest vs SOAP WebServices

SOAP(Simple Object Access Protocol):

• SOAP is a protocol. SOAP was designed with a specification. It includes a WSDL file which has the required information on what the web service does in addition to the location of the web service.
• SOAP relies exclusively on XML to provide messaging services. Microsoft originally developed SOAP to take the place of older technologies that don’t work well on the Internet such as the Distributed Component Object Model (DCOM) and Common Object Request Broker Architecture (CORBA).
• SOAP cannot make use of REST since SOAP is a protocol and REST is an architectural pattern.
• SOAP uses service interfaces to expose its functionality to client applications. In SOAP, the WSDL file provides the client with the necessary information which can be used to understand what services the web service can offer.
• SOAP requires more bandwidth for its usage. Since SOAP Messages contain a lot of information inside of it, the amount of data transfer using SOAP is generally a lot.

          <?xml version="1.0"?>

         <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2001/12/soap-envelope" 

SOAP-ENV:encodingStyle=" http://www.w3.org/2001/12/soap-encoding">

          <soap:Body>

         <EmployeeID>int</EmployeeID>
         ......

       </soap:Body>

      </SOAP-ENV:Envelope>

REST(Representational State Transfer):

• REST is an Architectural style in which a web service can only be treated as a RESTful service if it follows the constraints of being

          Client Server
          Stateless
          Cacheable
          Layered System
          Uniform Interface

• REST can make use of SOAP as the underlying protocol for web services, because in the end it is just an architectural pattern.
• REST use Uniform Service locators to access to the components on the hardware device. For example, if there is an object which represents the data of an employee hosted on a URL as http://demo.guru99 , the below are some of URI that can exist to access them

         http://demo.guru99.com/Employee
         http://demo.guru99.com/Employee/1

• REST does not need much bandwidth when requests are sent to the server. REST messages mostly just consist of JSON messages. Below is an example of a JSON message passed to a web server. You can see that the size of the message is comparatively smaller to SOAP.

          {"city":"Mumbai","state":"Maharastra"}

• REST permits different data format such as Plain text, HTML, XML, JSON, etc. But the most preferred format for transferring data is JSON.

When to use REST and when to use SOAP

REST services should be used in the following instances

Limited resources and bandwidth – Since SOAP messages are heavier in content and consume a far greater bandwidth, REST should be used in instances where network bandwidth is a constraint.

Statelessness – If there is no need to maintain a state of information from one request to another then REST should be used. If you need a proper information flow wherein some information from one request needs to flow into another then SOAP is more suited for that purpose. We can take the example of any online purchasing site. These sites normally need the user first to add items which need to be purchased to a cart. All of the cart items are then transferred to the payment page in order to complete the purchase. This is an example of an application which needs the state feature. The state of the cart items needs to be transferred to the payment page for further processing.

Caching – If there is a need to cache a lot of requests then REST is the perfect solution. At times, clients could request for the same resource multiple times. This can increase the number of requests which are sent to the server. By implementing a cache, the most frequent queries results can be stored in an intermediate location. So whenever the client requests for a resource, it will first check the cache. If the resources exist then, it will not proceed to the server. So caching can help in minimizing the amount of trips which are made to the web server.

Ease of coding – Coding REST Services and subsequent implementation is far easier than SOAP. So if a quick win solution is required for web services, then REST is the way to go.

SOAP should be used in the following instances

Asynchronous processing and subsequent invocation – if there is a requirement that the client needs a guaranteed level of reliability and security then the new SOAP standard of SOAP 1.2 provides a lot of additional features, especially when it comes to security.

A Formal means of communication – if both the client and server have an agreement on the exchange format then SOAP 1.2 gives the rigid specifications for this type of interaction. An example is an online purchasing site in which users add items to a cart before the payment is made. Let's assume we have a web service that does the final payment. There can be a firm agreement that the web service will only accept the cart item name, unit price, and quantity. If such a scenario exists then, it's always better to use the SOAP protocol.

Stateful operations – if the application has a requirement that state needs to be maintained from one request to another, then the SOAP 1.2 standard provides the WS* structure to support such requirements.

SOAP vs. REST API challenges

Challenges with the SOAP API

WSDL file - One of the key challenges of the SOAP API is the WSDL document itself. The WSDL document is what tells the client of all the operations that can be performed by the web service. The WSDL document will contain all information such as the data types being used in the SOAP messages and what all operations are available via the web service. The biggest challenge of the WSDL file which is the tight contract between the client and the server and that one change could cause a large impact, on the whole, client applications.

Document size – The other key challenge is the size of the SOAP messages which get transferred from the client to the server. Because of the large messages, using SOAP in places where bandwidth is a constraint can be a big issue.

Challenges with the REST API

Lack of Security – REST does not impose any sort of security like SOAP. This is why REST is very appropriate for public available URL's, but when it comes down to confidential data being passed between the client and the server, REST is the worst mechanism to be used for web services.

Lack of state – Most web applications require a stateful mechanism. For example, if you had a purchasing site which had the mechanism of having a shopping cart, it is required to know the number of items in the shopping cart before the actual purchase is made. Unfortunately, the burden of maintaining this state lies with the client, which just makes the client application heavier and difficult to maintain.

12c SOA - File based MDS or MDS reference locally using designTimeRepository and adf_config_xml

Create a local MDS or file based MDS using design time Repository and use in services. It helps us to achieve faster development without moving the artifacts in the db based MDS.

Step1: Create local soamds and view artifacts structure from file mds.
Go to Resources⇾SOA-MDS⇾ right click and click properties.

Now you can see the default soamds path.

Copy the path: C:\JDeveloper\mywork\soamds\ and go to that folder and Paste that apps folder containing all artifacts with a proper structure.s 

Now go to Jdeveloper and refresh the DesignTimeRepository

 Now if you expand the DesignTimeRepository, you can see the artifacts structure as below.

Step2: create adf-config.xml connection with local mds

Go to Application resourcesàDescriptorsàadf-config.xml

 By default this file looks like below

 Add the below line under metadata-namespaces

<namespace metadata-store-usage="mstore-usage_2" path="/apps"/>

Add the below code of lines under metadata-store-usages

 <metadata-store-usage id="mstore-usage_2">

      <metadata-store class-name="oracle.mds.persistence.stores.file.FileMetadataStore">

          <property name="partition-name" value="mds"/>

           <property name="metadata-path" value="C:\JDeveloper\mywork\soamds\"/>

       </metadata-store>

   </metadata-store-usage>

 Step3: Now open a project/composite and remove the shareable artifacts from that project one by one and kept in local mds with proper naming convention (if not exists) and give mds reference in that project for that artifacts.

Example for – WSDL:

Generally we should give mds reference in wrapper wsdl and in composite.xml.

Step i: Remove TicketingService.wsdl

Step ii: Go to TicketingServiceWrapper.wsdl and change the location with mds path

Replace TicketingService.wsdl with oramds:/apps/soa/wsdl/AskNow/V1/TicketingService.wsdl

Step iii: Go to Composite.xml and search with the wsdl name like “TicketingService.wsdl” and replace each one with mds path oramds:/apps/soa/wsdl/AskNow/V1/TicketingService.wsdl

For referenceàBinding.wsà location   Keep it as same like endpoint URL

Note: If any WSDL needs to import in MDS then first remove the Service part to make it abstract.

12c SOA - how to create csf-key

Credential Store Framework (CSF) is used in OWSM to manage the secure credentials.

• CSF provides a way to store, retrieve, and delete credentials for a Web service and other applications. For example, the oracle/wss_username_token_client_policy policy includes the csf-key property, with a default value of basic.credentials. This credential is stored in the CSF.

• A password credential can store a username and password. A generic credential can store any credential object.Each credential is stored in the store using the alias and the key pair. The alias, called the map name, is a logical name that defines a group of various keys and one credential associated with that key. That is, the map name and the key name are combined to make a primary key in the store.

Typically the map name is the name of the application or component to make it easy to identify. By convention, Web services should use oracle.wsm.security.

EM console⇾SOA OSB domain⇾Security⇾Credentials

Create map⇾map name : oracle.wsm.security

If map is already created or map creation done then Create Key ⇾

Provide the user and password for the key pii-csf-key.

csk key is ready to be used.

12c SOA - encryption and decryption of sensitive data

Oracle SOA Suite is used for reliable transfer of information; it stores whole the message in SOA_INFRA schema. We can see incoming and outgoing messages in audit trail from EM console. That means user which has access to EM console can see all the messages coming and going through middleware, sometimes some of the information which is flowing through Oracle SOA Suite is very critical and SOA Suite user should not have access to see that critical piece of information. In this post we will discuss how to fulfill this requirement using Oracle SOA Suite.

In previous version of Oracle SOA Suite (11g) there were no out of box provision to encrypt and decrypt sensitive data so user can see the data which is flowing through fusion but in current version of Oracle SOA Suite which is 12c, Oracle provided out of box functionality to encrypt specific fields in the message which is flowing through middleware. Below is sample encrypted message field.

In Oracle SOA 12c, encryption policy is used to encrypt and decrypt the message, message encryption happens at component binding that means message get encrypted before it come to component (BPEL or Mediator) and we see only encrypted message in audit trail. Message decryption happens at reference binding level that means message fields get decrypted before it is sent to target service/system.

 Schema created for encrypt composite:

<?xml version="1.0" encoding="windows-1252" ?>

<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.orderm.org"

            targetNamespace="http://www.orderm.org" elementFormDefault="qualified">

  <xsd:element name="Orderm">

    <xsd:complexType>

      <xsd:sequence>

        <xsd:element name="Name" type="xsd:string"/>

        <xsd:element name="Quantity" type="xsd:string"/>

      </xsd:sequence>

    </xsd:complexType>

  </xsd:element>

</xsd:schema>

Create a BPEL and encrypt as following:

 Decrypt in target side as following:

Deploy and test:

Encrypted

 Decrypted in target service:

Note: 

1. The source and target schema naming convention should be different to have a unique xpath while encrypting and decrypting the source or target.
2. Make sure pii-csf-key should exist, if it does not exist then you will not be able to encrypt the message and see error message. Click here to see how to create csf-key.

Cron Job and Shell script - remove and move old files from UNIX or AIX box automatically

Sometimes Integrations need to store files in UNIX/AIX box. These archive files is storing each day and consuming the UNIX space and we need to manually delete the files to recover the space. Following the steps we can automatically delete the files after certain specified interval.

What is CRON:
The software utility cron is a time-based job scheduler in Unix-like computer operating systems. Users that set up and maintain software environments use cron to schedule jobs to run periodically at fixed times, dates, or intervals.

Implementation steps:

Step1: Create .sh files which will store all the remove and move commands
Move files older than 1 day:
find /soashare/archieve -mtime +1 -type f -exec mv "{}" /soashare/old_archive/ \;
echo "Moved Old Files From hrms archieve to Old_archive: $(date)" >> /soashare/script/logs/Schudule_logs.txt
Remove files older that 2 days:
find /soashare/old_archive -mtime +2 -exec rm {} \;
echo "Removed Old Files From Old_archive: $(date)" >> /soashare/script/logs/Schudule_logs.txt
Note: don't delete .sh files from /soashare/script folder.

Step2: Jobs stored in cron.txt file
 5 0 * * * /soashare/script/MoveOldFileshrms.sh >> /soashare/script/logs/Schudule_logs.txt
 5 0 * * * /soashare/script/RemoveOldFilesOld_archive.sh >> /soashare/script/logs/Schudule_logs.txt

Field Allowed values
—– ————–
minute 0-59
hour 0-23
day of month 0-31
month 0-12 (or names, see below)
day of week 0-7 (0 or 7 is Sun, or use names)

# run five minutes after midnight, every day
5 0 * * *       $HOME/bin/daily.job >> $HOME/tmp/out 2>&1
# run at 2:15pm on the first of every month
15 14 1 * *     $HOME/bin/monthly
# run at 10 pm on weekdays, annoy Joe
0 22 * * 1-5 mail -s "It's 10pm" joe%Joe,%%Where are your kids?%
23 0-23/2 * * * echo "run 23 minutes after midn, 2am, 4am ..., everyday"
5 4 * * sun     echo "run at 5 after 4 every sunday"

Step3: Command to add to crontab.
crontab cron.txt
or
crontab -e

You can now see the logs that the files are being moved and removed /soashare/script/logs/Schudule_logs.txt

12c OSB - poll file using JCA file adapter

Here i will show how to poll files using JCA file adapter.

Create file OSB project.

Click OK and give file name.

Right click on proxy services swim lane and select file adapter.

Click next.

Select read operation.

Create incoming file path and archive path in your local desktop and provide incoming path and archive path.

Give file name pattern.

Give pooling frequency.

click native schema.

Click next.

Click next.

Browse file and click next.

Click next.

Click next.

Click next.

Click test button and test the code.

Now code xml format output.

Click next.

Now file adapter created.

Right click pipeline and select pipeline.

Click next.

Select wsdl.

Import wsdl.

After importing wsdl like below screen shot and uncheck expose as a proxy service.

After clicking finish and wiring both components.

Double click pipeline and drag and drop pipeline pair.

Add one log activity under stage activity.

Inside log give info like body and deploy the service.

Copy the file in incoming file location and check the console logs.

File data printed in log.