12c SOA - Weblogic - how to modify datasource connection and resume the suspended datasource services

Implementation steps:

Go the Admin console⇾Domain⇾Services⇾Data Sources

 Click on the data-source to be modified.

 Go to the Connection pool tab

Take the lock and update the connection

Update done. Restart the impacted manage servers.(Domain⇾Environment⇾Servers⇾Control tab)

Go to Monitoring tab⇾Testing and test the data source on servers.

If any server is suspended then go to the control tab and resume the suspended servers.

Yes

The data source instances are resumed.

Go back to monitoring tab⇾testing and test all the data-source instances.

12c SOA - Adding Weblogic Server in IDE or Application server in Jdeveloper

Go to File⇾New⇾From Gallery and navigate to General⇾Connections. Select Application Server Connection and click OK.

 Enter Connection Name and select appropriate Connection Type as shown below.

 Click Next and give valid credentials.

 Click Next and give the server details and Weblogic Domain as shown below.

 Click Next and do Test Connection.

Click Finish and verify navigating to Window⇾Application Servers.

12c SOA - WS Security - expose service with header and WSSE user token authentication

• WS-Security is a specification published by OASIS, it is mainly aimed for SOAP Web Services. It encompasses a number of mechanisms to strengthen the integrity and confidentiality of the messages exchanged between these type of services such as data encryption, security tokens, username and password validation, signed messages, etc.

• On the other hand, Oracle Web Service Manager (OWSM) is a component of Oracle SOA Suite that provides a framework for centralizing policy management and security of Web Services. OWSM is based on the WS-Policy standard and can be used in development time, or from the management console.

• For the SOAP Service the username and password will travel in the UsernameToken element embedded within the SOAP Envelope message Header, and for the REST service, it will travel in the HTTP transport Header.

Here you will find how to configure from a development perspective using JDeveloper, a policy-based user and password authentication for a SOAP.

Implementation:

Step1: Create a Schema:

XSD:
<?xml version="1.0" encoding="windows-1252" ?>
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="http://www.emp.test"
            targetNamespace="http://www.emp.test" elementFormDefault="qualified">
    <xsd:element name="EmployeeRequest">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="EmpId" type="xsd:string"/>
                <xsd:element name="EmpName" type="xsd:string"/>
                <xsd:element name="Address" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
        <xsd:element name="EmployeeResponse">
        <xsd:complexType>
            <xsd:sequence>
                <xsd:element name="result" type="xsd:string"/>
            </xsd:sequence>
        </xsd:complexType>
    </xsd:element>
    <xsd:element name="requestHeader">
    <xsd:complexType>
        <xsd:sequence>
            <xsd:element name="User" type="xsd:string" minOccurs="0"/>
            <xsd:element name="Id" type="xsd:string" minOccurs="0"/>
        </xsd:sequence>
    </xsd:complexType>
    </xsd:element>
</xsd:schema>

Step2: Create a WSDL:

Right click on project folder WSDLs⇾New⇾From Galary⇾All Items⇾WSDL(builder)(Interfaces)⇾OK⇾Provide Service Name,Port type, operation and choose Interface Type as Synchronous and Add the message part(Request and Header) in the Input and Response in the Output sections.

<?xml version= '1.0' encoding= 'UTF-8' ?>

<wsdl:definitions name="service1"

                  targetNamespace="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"

                  xmlns:tns="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1"

                  xmlns:inp1="http://www.emp.test" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"

                  xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/">

    <wsdl:types>

        <xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">

            <xsd:import namespace="http://www.emp.test" schemaLocation="../Schemas/EMP.xsd"/>

        </xsd:schema>

    </wsdl:types>

    <wsdl:message name="requestMessage">

        <wsdl:part name="requestHeader" element="inp1:requestHeader"/>

        <wsdl:part name="paylod" element="inp1:EmployeeRequest"/>

    </wsdl:message>

    <wsdl:message name="replyMessage">

        <wsdl:part name="payload" element="inp1:EmployeeResponse"/>

    </wsdl:message>

    <wsdl:portType name="execute_ptt">

        <wsdl:operation name="execute">

            <wsdl:input message="tns:requestMessage"/>

            <wsdl:output message="tns:replyMessage"/>

        </wsdl:operation>

    </wsdl:portType>

    <wsdl:binding name="execute_pttSOAP11Binding" type="tns:execute_ptt">

        <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>

        <wsdl:operation name="execute">

            <soap:operation style="document"

                            soapAction="http://xmlns.oracle.com/SOAApplication/ExposeHeaderWithWSSProject/service1/execute"/>

            <wsdl:input>

                <soap:body use="literal" parts="paylod"/>

                <soap:header message="tns:requestMessage" use="literal" part="requestHeader"/>

            </wsdl:input>

            <wsdl:output>

                <soap:body use="literal" parts="payload"/>

            </wsdl:output>

        </wsdl:operation>

    </wsdl:binding>

</wsdl:definitions>

Step3: Create a BPEL service based on the above WSDL:

Step4: Configure SOA WS Policies...

Step5: Deploy and take the wsdl and test from SOAP UI:

Test1: Tested without WSSE Security user token authentication:

 Test2: Tested with WSSE Security user token authentication:

Payload with WSSE:

<soapenv:Envelope xmlns:emp="http://www.emp.test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">

   <soapenv:Header>

      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">

         <wsse:UsernameToken wsu:Id="UsernameToken-81CB99D5C318DB117215815725859457">

            <wsse:Username>wsstest</wsse:Username>

            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wsstest1</wsse:Password>

            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">j05VdqxZ2sVIdPjZiGKi5Q==</wsse:Nonce>

            <wsu:Created>2020-02-13T05:43:05.944Z</wsu:Created>

         </wsse:UsernameToken>

      </wsse:Security>

      <emp:requestHeader>

         <!--Optional:-->

         <emp:User>user1</emp:User>

         <!--Optional:-->

         <emp:Id>id1</emp:Id>

      </emp:requestHeader>

   </soapenv:Header>

   <soapenv:Body>

      <emp:EmployeeRequest>

         <emp:EmpId>e1</emp:EmpId>

         <emp:EmpName>enmae</emp:EmpName>

         <emp:Address>eadd</emp:Address>

      </emp:EmployeeRequest>

   </soapenv:Body>

</soapenv:Envelope>

12c SOA - How to use WS Security username and Password policy for Web Services in soapUI

Why we need WS Security:
WS-Security (Web Services Security, short WSS) is a flexible and feature-rich extension to SOAP to apply security to web services.While doing Web Services/ SOA Testing, one has to make sure that the services are secured enough. Proper authorization and authorization needs to be implemented for web sercvices. Lacking of this can provide access to data and non public information of an organization to outside world.
WS Security can be implemented by creating different security policies. In this post, let us see how can we test WS Security using username and password token of a web service using soapUI.

Steps:
Double click on the test request from the test steps. Navigate to the tab "Auth" at the bottom of the request.

 Add New Authorization

 Type Basic

 Give the username, password and domain.

 Now go to the XML version of the request, right click there. Click on the tab "Add WSS Username Token. Select "Password Text" to send the password in plain text or select "Password Digest" to use an encrypted password.

You might also right click and select "Add WS-Timestamp" to add a creation/ expiration time stamp to the security header.This will create an entry like the one below under the <Security> element for the request.

Sample Request payload:
<soapenv:Envelope xmlns:emp="http://www.emp.test" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
      <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
         <wsu:Timestamp wsu:Id="TS-81CB99D5C318DB117215815012695444">
            <wsu:Created>2020-02-12T09:54:29.543Z</wsu:Created>
            <wsu:Expires>2020-02-12T09:55:29.543Z</wsu:Expires>
         </wsu:Timestamp>
         <wsse:UsernameToken wsu:Id="UsernameToken-81CB99D5C318DB117215815007891653">
            <wsse:Username>wsstest</wsse:Username>
            <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">wsstest12</wsse:Password>
            <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">WfBcHW3uJNb82JstzP17tg==</wsse:Nonce>
            <wsu:Created>2020-02-12T09:46:29.165Z</wsu:Created>
         </wsse:UsernameToken>
      </wsse:Security>
      <emp:requestHeader>
         <!--Optional:-->
         <emp:User>user1</emp:User>
         <!--Optional:-->
         <emp:Id>id1</emp:Id>
      </emp:requestHeader>
   </soapenv:Header>
   <soapenv:Body>
      <emp:EmployeeRequest>
         <emp:EmpId>1</emp:EmpId>
         <emp:EmpName>en</emp:EmpName>
         <emp:Address>ad</emp:Address>
      </emp:EmployeeRequest>
   </soapenv:Body>
</soapenv:Envelope>

12c SOA - WS Security - How to call a protected web-service

Now that we protected the service from unauthorized access, how do we call it from another webservice:

Implementation steps:

Open the composite.xml

Right Click on the external reference and click Configure SOA WS policies..

 Under Security click on the + button

 Scroll down and select oracle/wss_username_token_client_policy and then OK

For OSB, same option is available on the business-services.

Username and password to be passed to the service should be configured as KEYS in EM console⇾security credentials section. 

The configured key has to be entered in the csf-key property in the Reference tag in the composite.xml as highlighted below.

<property name="csf-key" type="xs:string" many="false">user-key</property>

 Instead of using CSF key, we can also provide direct user and password in the reference tag (configured in the key/User).

<property name="oracle.webservices.auth.username" type="xs:string" many="false" override="may">testKey</property>

      <property name="oracle.webservices.auth.password" type="xs:string" many="false" override="may">test1234</property>

    

If CSF key or Auth user and password are not given in the reference section of the composite.xml then it will throw the following error:
Unable to invoke endpoint URI "http://host:port/soa-infra/services/POC/DynamicEndpointURIProject/dynamicendpointuribpelprocess_client_ep" successfully due to: oracle.fabric.common.PolicyEnforcementException: WSM-00015 : The user name is missing.

12c SOA - How to create an user in Weblogic server

Go to Weblogic Console home⇾Security Realms⇾myrealm

 Click on Users and Groups tab

 Click on New button and enter username/password details.