Wednesday, February 19, 2020

12c SOA - Weblogic - how to modify datasource connection and resume the suspended datasource services

Implementation steps:
Go the Admin console⇾Domain⇾Services⇾Data Sources
 Click on the data-source to be modified.
 Go to the Connection pool tab

Take the lock and update the connection

Update done. Restart the impacted manage servers.(Domain⇾Environment⇾Servers⇾Control tab)
Go to Monitoring tab⇾Testing and test the data source on servers.
If any server is suspended then go to the control tab and resume the suspended servers.
Yes
The data source instances are resumed.
Go back to monitoring tab⇾testing and test all the data-source instances.

Friday, February 14, 2020

12c SOA - Adding Weblogic Server in IDE or Application server in Jdeveloper

Go to File⇾New⇾From Gallery and navigate to General⇾Connections. Select Application Server Connection and click OK.

 Enter Connection Name and select appropriate Connection Type as shown below.
 Click Next and give valid credentials.
 Click Next and give the server details and Weblogic Domain as shown below.
 Click Next and do Test Connection.

Click Finish and verify navigating to Window⇾Application Servers.

Thursday, February 13, 2020

12c SOA - WS Security - expose service with header and WSSE user token authentication

  • WS-Security is a specification published by OASIS, it is mainly aimed for SOAP Web Services. It encompasses a number of mechanisms to strengthen the integrity and confidentiality of the messages exchanged between these type of services such as data encryption, security tokens, username and password validation, signed messages, etc.
  • On the other hand, Oracle Web Service Manager (OWSM) is a component of Oracle SOA Suite that provides a framework for centralizing policy management and security of Web Services. OWSM is based on the WS-Policy standard and can be used in development time, or from the management console.
  • For the SOAP Service the username and password will travel in the UsernameToken element embedded within the SOAP Envelope message Header, and for the REST service, it will travel in the HTTP transport Header.
Here you will find how to configure from a development perspective using JDeveloper, a policy-based user and password authentication for a SOAP.

Implementation:

Step1: Create a Schema:
XSD:
<?xml version="1.0" encoding="windows-1252" ?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.emp.test"
            targetNamespace="http://www.emp.test" elementFormDefault="qualified">
    <xsd:element name="EmployeeRequest">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="EmpId" type="xsd:string"/>
                <xsd:element name="EmpName" type="xsd:string"/>
                <xsd:element name="Address" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
        <xsd:element name="EmployeeResponse">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="result" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
    <xsd:element name="requestHeader">
    <xsd:complexType>
        <xsd:sequence>
            <xsd:element name="User" type="xsd:string" minOccurs="0"/>
            <xsd:element name="Id" type="xsd:string" minOccurs="0"/>
        </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
</xsd:schema>

Step2: Create a WSDL:
Right click on project folder WSDLs⇾New⇾From Galary⇾All Items⇾WSDL(builder)(Interfaces)⇾OK⇾Provide Service Name,Port type, operation and choose Interface Type as Synchronous and Add the message part(Request and Header) in the Input and Response in the Output sections.

<?xml version= '1.0' encoding= 'UTF-8' ?>
<wsdl:definitions name="service1"
                  targetNamespace="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"
                  xmlns:tns="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"
                  xmlns:inp1="http://www.emp.test" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
                  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
    <wsdl:types>
        <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <xsd:import namespace="http://www.emp.test" schemaLocation="../Schemas/EMP.xsd"/>
        </xsd:schema>
    </wsdl:types>
    <wsdl:message name="requestMessage">
        <wsdl:part name="requestHeader" element="inp1:requestHeader"/>
        <wsdl:part name="paylod" element="inp1:EmployeeRequest"/>
    </wsdl:message>
    <wsdl:message name="replyMessage">
        <wsdl:part name="payload" element="inp1:EmployeeResponse"/>
    </wsdl:message>
    <wsdl:portType name="execute_ptt">
        <wsdl:operation name="execute">
            <wsdl:input message="tns:requestMessage"/>
            <wsdl:output message="tns:replyMessage"/>
        </wsdl:operation>
    </wsdl:portType>
    <wsdl:binding name="execute_pttSOAP11Binding" type="tns:execute_ptt">
        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
        <wsdl:operation name="execute">
            <soap:operation style="document"
                            soapAction="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1/execute"/>
            <wsdl:input>
                <soap:body use="literal" parts="paylod"/>
                <soap:header message="tns:requestMessage" use="literal" part="requestHeader"/>
            </wsdl:input>
            <wsdl:output>
                <soap:body use="literal" parts="payload"/>
            </wsdl:output>
        </wsdl:operation>
    </wsdl:binding>
</wsdl:definitions>

Step3: Create a BPEL service based on the above WSDL:






Step4: Configure SOA WS Policies...




Step5: Deploy and take the wsdl and test from SOAP UI:

Test1: Tested without WSSE Security user token authentication:
 Test2: Tested with WSSE Security user token authentication:
Payload with WSSE:
<soapenv:Envelope xmlns:emp="http://www.emp.test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-81CB99D5C318DB117215815725859457">
            <wsse:Username>wsstest</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wsstest1</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">j05VdqxZ2sVIdPjZiGKi5Q==</wsse:Nonce>
            <wsu:Created>2020-02-13T05:43:05.944Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
      <emp:requestHeader>
         <!--Optional:-->
         <emp:User>user1</emp:User>
         <!--Optional:-->
         <emp:Id>id1</emp:Id>
      </emp:requestHeader>
   </soapenv:Header>
   <soapenv:Body>
      <emp:EmployeeRequest>
         <emp:EmpId>e1</emp:EmpId>
         <emp:EmpName>enmae</emp:EmpName>
         <emp:Address>eadd</emp:Address>
      </emp:EmployeeRequest>
   </soapenv:Body>
</soapenv:Envelope>

Wednesday, February 12, 2020

12c SOA - How to use WS Security username and Password policy for Web Services in soapUI

Why we need WS Security:
WS-Security (Web Services Security, short WSS) is a flexible and feature-rich extension to SOAP to apply security to web services.While doing Web Services/ SOA Testing, one has to make sure that the services are secured enough. Proper authorization and authorization needs to be implemented for web sercvices. Lacking of this can provide access to data and non public information of an organization to outside world.
WS Security can be implemented by creating different security policies. In this post, let us see how can we test WS Security using username and password token of a web service using soapUI.

Steps:
Double click on the test request from the test steps. Navigate to the tab "Auth" at the bottom of the request.
 Add New Authorization
 Type Basic
 Give the username, password and domain.
 Now go to the XML version of the request, right click there. Click on the tab "Add WSS Username Token. Select "Password Text" to send the password in plain text or select "Password Digest" to use an encrypted password.


You might also right click and select "Add WS-Timestamp" to add a creation/ expiration time stamp to the security header.This will create an entry like the one below under the <Security> element for the request.

Sample Request payload:
<soapenv:Envelope xmlns:emp="http://www.emp.test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsu:Timestamp wsu:Id="TS-81CB99D5C318DB117215815012695444">
            <wsu:Created>2020-02-12T09:54:29.543Z</wsu:Created>
            <wsu:Expires>2020-02-12T09:55:29.543Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken wsu:Id="UsernameToken-81CB99D5C318DB117215815007891653">
            <wsse:Username>wsstest</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wsstest12</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">WfBcHW3uJNb82JstzP17tg==</wsse:Nonce>
            <wsu:Created>2020-02-12T09:46:29.165Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
      <emp:requestHeader>
         <!--Optional:-->
         <emp:User>user1</emp:User>
         <!--Optional:-->
         <emp:Id>id1</emp:Id>
      </emp:requestHeader>
   </soapenv:Header>
   <soapenv:Body>
      <emp:EmployeeRequest>
         <emp:EmpId>1</emp:EmpId>
         <emp:EmpName>en</emp:EmpName>
         <emp:Address>ad</emp:Address>
      </emp:EmployeeRequest>
   </soapenv:Body>
</soapenv:Envelope>

12c SOA - WS Security - How to call a protected web-service

Now that we protected the service from unauthorized access, how do we call it from another webservice:

Implementation steps:
Open the composite.xml
Right Click on the external reference and click Configure SOA WS policies..

 Under Security click on the + button

 Scroll down and select oracle/wss_username_token_client_policy and then OK



For OSB, same option is available on the business-services.
Username and password to be passed to the service should be configured as KEYS in EM console⇾security credentials section. 

The configured key has to be entered in the csf-key property in the Reference tag in the composite.xml as highlighted below.

<property name="csf-key" type="xs:string" many="false">user-key</property>
 Instead of using CSF key, we can also provide direct user and password in the reference tag (configured in the key/User).
<property name="oracle.webservices.auth.username" type="xs:string" many="false" override="may">testKey</property>
      <property name="oracle.webservices.auth.password" type="xs:string" many="false" override="may">test1234</property>

    
If CSF key or Auth user and password are not given in the reference section of the composite.xml then it will throw the following error:
Unable to invoke endpoint URI "http://host:port/soa-infra/services/POC/DynamicEndpointURIProject/dynamicendpointuribpelprocess_client_ep" successfully due to: oracle.fabric.common.PolicyEnforcementException: WSM-00015 : The user name is missing.


12c SOA - How to create an user in Weblogic server

Go to Weblogic Console home⇾Security Realms⇾myrealm

 Click on Users and Groups tab
 Click on New button and enter username/password details.



12c SOA - WS Security- How to protect a web-service with username and password

  • A simple way of protecting web-services from unauthorized access is to use standard WS security. Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services.
  • Oracle SOA suite 11g/12c provides an out of the box WS-Policies to protect web-services and to securely call a protected web service. 
Implementation:

Step1: Configure CSF Key in EM console or configure User in Weblogic server.
configure keys in Weblogic server
Click here 12c-soa-how-to-create-csf-key for the steps to create CSF-Key in em console.
create an user in Weblogic server
Click here12c-soa-how-to-create-user-in-weblogic

Step2: Configure SOA WS Policies from Jdeveloper.
Open the composite.xml
Right Click on the exposed services and click Configure SOA WS policies..
 Under Security click on the + button
Scroll down and select oracle/wss_username_token_service_policy and then OK


 Deploy

Test1: without WSSE security header
Outcome:
      <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <faultcode>ns0:InvalidSecurity</faultcode>
         <faultstring>InvalidSecurity : error in processing the WS-Security security header</faultstring>
         <faultactor/>


      </env:Fault>

 Test2: with the WSSE Security header.
<soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>weblogic</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">welcome1<wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>

Note:
  • For OSB, the same option is available on the proxy services.
  • To test this webservice WSSE header has to be passed with username and password which were created during user/key creation.

Featured Post

11g to 12c OSB projects migration points

1. Export 11g OSB code and import in 12c Jdeveloper. Steps to import OSB project in Jdeveloper:   File⇾Import⇾Service Bus Resources⇾ Se...