Friday, February 14, 2020

12c SOA - Adding Weblogic Server in IDE or Application server in Jdeveloper

Go to File⇾New⇾From Gallery and navigate to General⇾Connections. Select Application Server Connection and click OK.

 Enter Connection Name and select appropriate Connection Type as shown below.
 Click Next and give valid credentials.
 Click Next and give the server details and Weblogic Domain as shown below.
 Click Next and do Test Connection.

Click Finish and verify navigating to Window⇾Application Servers.
at No comments:

Thursday, February 13, 2020

12c SOA - WS Security - expose service with header and WSSE user token authentication

  • WS-Security is a specification published by OASIS, it is mainly aimed for SOAP Web Services. It encompasses a number of mechanisms to strengthen the integrity and confidentiality of the messages exchanged between these type of services such as data encryption, security tokens, username and password validation, signed messages, etc.
  • On the other hand, Oracle Web Service Manager (OWSM) is a component of Oracle SOA Suite that provides a framework for centralizing policy management and security of Web Services. OWSM is based on the WS-Policy standard and can be used in development time, or from the management console.
  • For the SOAP Service the username and password will travel in the UsernameToken element embedded within the SOAP Envelope message Header, and for the REST service, it will travel in the HTTP transport Header.
Here you will find how to configure from a development perspective using JDeveloper, a policy-based user and password authentication for a SOAP.

Implementation:

 Step1: Create a Schema:
XSD:
<?xml version="1.0" encoding="windows-1252" ?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.emp.test"
            targetNamespace="http://www.emp.test" elementFormDefault="qualified">
    <xsd:element name="EmployeeRequest">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="EmpId" type="xsd:string"/>
                <xsd:element name="EmpName" type="xsd:string"/>
                <xsd:element name="Address" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
        <xsd:element name="EmployeeResponse">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="result" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
    <xsd:element name="requestHeader">
    <xsd:complexType>
        <xsd:sequence>
            <xsd:element name="User" type="xsd:string" minOccurs="0"/>
            <xsd:element name="Id" type="xsd:string" minOccurs="0"/>
        </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
</xsd:schema>

Step2: Create a WSDL:
Right click on project folder WSDLs⇾New⇾From Galary⇾All Items⇾WSDL(builder)(Interfaces)⇾OK⇾Provide Service Name,Port type, operation and choose Interface Type as Synchronous and Add the message part(Request and Header) in the Input and Response in the Output sections.

<?xml version= '1.0' encoding= 'UTF-8' ?>
<wsdl:definitions name="service1"
                  targetNamespace="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"
                  xmlns:tns="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"
                  xmlns:inp1="http://www.emp.test" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
                  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">
    <wsdl:types>
        <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">
            <xsd:import namespace="http://www.emp.test" schemaLocation="../Schemas/EMP.xsd"/>
        </xsd:schema>
    </wsdl:types>
    <wsdl:message name="requestMessage">
        <wsdl:part name="requestHeader" element="inp1:requestHeader"/>
        <wsdl:part name="paylod" element="inp1:EmployeeRequest"/>
    </wsdl:message>
    <wsdl:message name="replyMessage">
        <wsdl:part name="payload" element="inp1:EmployeeResponse"/>
    </wsdl:message>
    <wsdl:portType name="execute_ptt">
        <wsdl:operation name="execute">
            <wsdl:input message="tns:requestMessage"/>
            <wsdl:output message="tns:replyMessage"/>
        </wsdl:operation>
    </wsdl:portType>
    <wsdl:binding name="execute_pttSOAP11Binding" type="tns:execute_ptt">
        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
        <wsdl:operation name="execute">
            <soap:operation style="document"
                            soapAction="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1/execute"/>
            <wsdl:input>
                <soap:body use="literal" parts="paylod"/>
                <soap:header message="tns:requestMessage" use="literal" part="requestHeader"/>
            </wsdl:input>
            <wsdl:output>
                <soap:body use="literal" parts="payload"/>
            </wsdl:output>
        </wsdl:operation>
    </wsdl:binding>
</wsdl:definitions>

Step3: Create a BPEL service based on the above WSDL:






Step4: Configure SOA WS Policies...




Step5: Deploy and take the wsdl and test from SOAP UI:

Test1: Tested without WSSE Security user token authentication:
 Test2: Tested with WSSE Security user token authentication:
Payload with WSSE:
<soapenv:Envelope xmlns:emp="http://www.emp.test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-81CB99D5C318DB117215815725859457">
            <wsse:Username>wsstest</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wsstest1</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">j05VdqxZ2sVIdPjZiGKi5Q==</wsse:Nonce>
            <wsu:Created>2020-02-13T05:43:05.944Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
      <emp:requestHeader>
         <!--Optional:-->
         <emp:User>user1</emp:User>
         <!--Optional:-->
         <emp:Id>id1</emp:Id>
      </emp:requestHeader>
   </soapenv:Header>
   <soapenv:Body>
      <emp:EmployeeRequest>
         <emp:EmpId>e1</emp:EmpId>
         <emp:EmpName>enmae</emp:EmpName>
         <emp:Address>eadd</emp:Address>
      </emp:EmployeeRequest>
   </soapenv:Body>
</soapenv:Envelope>

at No comments:

Wednesday, February 12, 2020

12c SOA - How to use WS Security username and Password policy for Web Services in soapUI

Why we need WS Security:
WS-Security (Web Services Security, short WSS) is a flexible and feature-rich extension to SOAP to apply security to web services.While doing Web Services/ SOA Testing, one has to make sure that the services are secured enough. Proper authorization and authorization needs to be implemented for web sercvices. Lacking of this can provide access to data and non public information of an organization to outside world.
WS Security can be implemented by creating different security policies. In this post, let us see how can we test WS Security using username and password token of a web service using soapUI.

Steps:
Double click on the test request from the test steps. Navigate to the tab "Auth" at the bottom of the request.
 Add New Authorization
 Type Basic
 Give the username, password and domain.
 Now go to the XML version of the request, right click there. Click on the tab "Add WSS Username Token. Select "Password Text" to send the password in plain text or select "Password Digest" to use an encrypted password.


You might also right click and select "Add WS-Timestamp" to add a creation/ expiration time stamp to the security header.This will create an entry like the one below under the <Security> element for the request.

Sample Request payload:
<soapenv:Envelope xmlns:emp="http://www.emp.test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsu:Timestamp wsu:Id="TS-81CB99D5C318DB117215815012695444">
            <wsu:Created>2020-02-12T09:54:29.543Z</wsu:Created>
            <wsu:Expires>2020-02-12T09:55:29.543Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken wsu:Id="UsernameToken-81CB99D5C318DB117215815007891653">
            <wsse:Username>wsstest</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wsstest12</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">WfBcHW3uJNb82JstzP17tg==</wsse:Nonce>
            <wsu:Created>2020-02-12T09:46:29.165Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
      <emp:requestHeader>
         <!--Optional:-->
         <emp:User>user1</emp:User>
         <!--Optional:-->
         <emp:Id>id1</emp:Id>
      </emp:requestHeader>
   </soapenv:Header>
   <soapenv:Body>
      <emp:EmployeeRequest>
         <emp:EmpId>1</emp:EmpId>
         <emp:EmpName>en</emp:EmpName>
         <emp:Address>ad</emp:Address>
      </emp:EmployeeRequest>
   </soapenv:Body>
</soapenv:Envelope>
at No comments:

12c SOA - WS Security - How to call a protected web-service

Now that we protected the service from unauthorized access, how do we call it from another webservice:

Implementation steps:
Open the composite.xml
Right Click on the external reference and click Configure SOA WS policies..

 Under Security click on the + button

 Scroll down and select oracle/wss_username_token_client_policy and then OK



For OSB, same option is available on the business-services.
Username and password to be passed to the service should be configured as KEYS in EM console⇾security credentials section. 

The configured key has to be entered in the csf-key property in the Reference tag in the composite.xml as highlighted below.

<property name="csf-key" type="xs:string" many="false">user-key</property>
 Instead of using CSF key, we can also provide direct user and password in the reference tag (configured in the key/User).
<property name="oracle.webservices.auth.username" type="xs:string" many="false" override="may">testKey</property>
      <property name="oracle.webservices.auth.password" type="xs:string" many="false" override="may">test1234</property>

    
If CSF key or Auth user and password are not given in the reference section of the composite.xml then it will throw the following error:
Unable to invoke endpoint URI "http://host:port/soa-infra/services/POC/DynamicEndpointURIProject/dynamicendpointuribpelprocess_client_ep" successfully due to: oracle.fabric.common.PolicyEnforcementException: WSM-00015 : The user name is missing.


at No comments:

12c SOA - How to create an user in Weblogic server

Go to Weblogic Console home⇾Security Realms⇾myrealm

 Click on Users and Groups tab
 Click on New button and enter username/password details.



at No comments:

12c SOA - WS Security- How to protect a web-service with username and password

  • A simple way of protecting web-services from unauthorized access is to use standard WS security. Web Services Security (WS-Security, WSS) is an extension to SOAP to apply security to Web services.
  • Oracle SOA suite 11g/12c provides an out of the box WS-Policies to protect web-services and to securely call a protected web service. 
Implementation:

 Step1: Configure CSF Key in EM console or configure User in Weblogic server.
configure keys in Weblogic server
Click here 12c-soa-how-to-create-csf-key for the steps to create CSF-Key in em console.
create an user in Weblogic server
Click here12c-soa-how-to-create-user-in-weblogic

Step2: Configure SOA WS Policies from Jdeveloper.
Open the composite.xml
Right Click on the exposed services and click Configure SOA WS policies..
 Under Security click on the + button
Scroll down and select oracle/wss_username_token_service_policy and then OK


 Deploy

Test1: without WSSE security header
Outcome:
      <env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <faultcode>ns0:InvalidSecurity</faultcode>
         <faultstring>InvalidSecurity : error in processing the WS-Security security header</faultstring>
         <faultactor/>


      </env:Fault>

 Test2: with the WSSE Security header.
<soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
         <wsse:UsernameToken wsu:Id="UsernameToken-4" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
            <wsse:Username>weblogic</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">welcome1<wsse:Password>
         </wsse:UsernameToken>
      </wsse:Security>
   </soapenv:Header>

Note:
  • For OSB, the same option is available on the proxy services.
  • To test this webservice WSSE header has to be passed with username and password which were created during user/key creation.

at No comments:

12c SOA -BPEL - How to set the service endPoint URI dynamically using invoke endpointURI property

In BPEL 1.1, We can achieve the dynamic partnerlink using simple ws-addressing but in BPEL 2.0,We can achieve the dynamic partnerlink using EndpointReference element of ws-addressing.xsd and service-ref element of ws-bpel_serviceref.xsd.

Instead of using ws-addressing, as of 11g onwards, we can simply override the endpointURI property on runtime. It is important that the services that we want to invoke all implement the exact same wsdl as referenced in the composite reference. It will have much less clutter in the BPEL.

Use Case :
Here I will show you how to get the URI of the backend service from a repository and how to set it dynamically to our partnerLink (dynamicPartnerLink).

 Implementation steps :
  1. Create two synchronous BPEL service VersionProject versions(1.0 and 2.0)
  2. Create a dvm file which stored the service endpoints.
  3. Create a BPEL component and invoke VersionProject(1.0)
  4. Add the endPointURI variable and assign the endpoint uri based on service name
  5. Set the endpointURI property in the invoke activity
Implementation:
Create a SOA Project

 Create a XSD.
<?xml version="1.0" encoding="windows-1252" ?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.example.org"
            targetNamespace="http://www.dynamiceURL.test" elementFormDefault="qualified">
    <xsd:element name="process">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="msg" type="xsd:string"/>
                <xsd:element name="ServiceName" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
    <xsd:element name="processResponse">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="result" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
</xsd:schema>

 Create a Sync BPEL using the above schema.

 Create a DVM.




 Invoke the SOAP service Version Project v1.0


 Open the BPEL and create the endPointURI variable and fetch the endpoint URI using the dvm lookup function.


<assign name="AssignEndpointURIFromDVM">
<copy>
<from>dvm:lookupValue('Endpoints.dvm','ServiceName',$inputVariable.payload/ns1:ServiceName,'EndPointURI','NotFound')</from>
<to expressionLanguage="urn:oasis:names:tc:wsbpel:2.0:sublang:xpath1.0">$endpointURI</to>
</copy>
</assign>

Invoke the created partnerlink
 Create the Input and output variables
 Assign the endpointURI variable to endpointURI property
    <invoke name="Invoke_SOAPReference" bpelx:invokeAsDetail="no" partnerLink="SOAPReference"
            portType="ns2:VersionProcess" operation="process"
            inputVariable="Invoke_SOAPReference_process_InputVariable"
            outputVariable="Invoke_SOAPReference_process_OutputVariable">
      <bpelx:toProperties>
        <bpelx:toProperty name="endpointURI" variable="endpointURI"/>
      </bpelx:toProperties>
    </invoke>
 Assign the input to Invoke and Output


 Deploy and test.

Input: Msg: test1 and ServiceName: VersionProject1
Output: It calls the v1.0 service


Input: Msg: test2 and ServiceName: VersionProject2
Output: It calls the v2.0 service



at No comments:
Subscribe to: Posts (Atom)

Featured Post

11g to 12c OSB projects migration points

1. Export 11g OSB code and import in 12c Jdeveloper. Steps to import OSB project in Jdeveloper:   File⇾Import⇾Service Bus Resources⇾ Se...

  • Oracle Integration Cloud Service(OICS) links
    Please find the following links for OIC hands on and relevant information: Oracle Integration Cloud Introduction | Benefits | Services offer...
  • 12c SOA - how to create csf-key
    Credential Store Framework (CSF) is used in OWSM to manage the secure credentials. CSF provides a way to store, retrieve, and delete cred...
  • 12c OSB Throttling
    What is Throttling: Throttling is termed as "regulate the flow". Oracle Service Bus has throttling feature and by using that f...