Wednesday, July 29, 2020

12c OSB - Dynamic routing part1 with Proxy services

Here, we are going to showcase a simple way of how can we do dynamic routing from your OSB pipeline flow to other proxy services.

We will mock the response from those proxy services just to showcase that how the control comes into a particular proxy based on dynamic routing.

Implementation steps:
Step1: Create a New OSB project (New ⇾ Project ⇾ Service Bus Project ⇾ Give project Name DynamicRoutingSBProject)

Step2: On project ⇾ New ⇾ From galary ⇾ XML Schema ⇾ File name Employee.xsd. and target namespace if you can change.

<?xml version="1.0" encoding="windows-1252" ?>
<xsd:schema xmlns:xsd="" xmlns=""
            targetNamespace="" elementFormDefault="qualified">
  <xsd:element name="Employee">
        <xsd:element name="name" type="xsd:string"/>
        <xsd:element name="department" type="xsd:string"/>
        <xsd:element name="URL" type="xsd:string"/>
    <xsd:element name="EmployeeResp">
        <xsd:element name="output" type="xsd:string"/>

Step 3 : Create Main proxy service. Go to the servicebus.sboverview and In proxy services lane, Insert Transports ⇾ HTTP ⇾ Provide Proxy service name as ProxyServiceMain and pipeline as ProxyServiceMainPipeline ⇾ Next ⇾ Select ⇾ Messaging and Request as XML and choose the created XSD for request and Response ⇾ Next ⇾ Finish. Main Proxy and pipeline done.

Step4 : Now create 2 proxy services ProxyService1 and ProxyService2. In proxy services lane, Insert Transports ⇾ HTTP ⇾ Provide Proxy service name as ProxyService1 and ProxyService1 and pipeline as ProxyService1Pipeline and ProxyService2Pipeline⇾ Next ⇾ Select ⇾Any XML⇾ Next ⇾ Finish. 

Step5: Go to the ProxyService1pipeline  and ProxyService2pipeline and drag and drop pipeline pair node and in the response stage, insert a replace activity and sending a response as below snaps.

step6 : Go to the main proxy pipeline and take a pipeline pair node and take 1st assign and add the routing rules xml into varURLMap variable.

step7: Take another variable varDept and store the department from the proxy requst.

Step8 : Take another variable varRoute and store the following:
<ctx:service isProxy="true">{$varURLMap/*:row[department=$varDept]/*:endpoint}</ctx:service>

Note: 'isProxy' will be true only and only if we are routing to some or the other proxy service only.
In case you want to route to business service(s), 'isProxy' will be false.

Step9: Drag and drop Dynamic routing activity and provide Service =$varRoute.

Now test it. If you give department as IT. then it will route to ProxyService1 an provide the response what we configured in proxyservice1pipeline.

Tuesday, July 21, 2020

12c SOA - BPEL dynamic XSLT

Here we will see how to do dynamic XSLT that means to dynamically choose an xslt to execute on runtime.

Logical steps:
  • Create a DVM for instance that contains a column on which you want to select, and a second column that lists the particular xslt to be executed.
  • Then create string variable 'varXSLT' and an assign before the transformation, in which you do an assign using the LookupDVM() to translate the selection code to the actual xslt file with the varXSLT variable as target.
  • From the source view move the copy rule of the transformation to the assign with the LookupDVM() function or in a different assign, remove the transformation activity. In the expression builder replace the reference to the xslt with the varXSLT variable. 
  • Use ora:processXSLT() function instead of using ora:doXSLTransformForDoc(). If you use ora:doXSLTransformForDoc() function, it will not allow you to map/use this varXSLT variable as it needs a string literal as input value.
  • Later, you can move the xsl files to MDS and use the oramds xpath to use the MDS reference xsl files dynamically. This way if you need to change anything in the xsl file , just change in MDS and no need to change in composite itself.

Note: If you create a transformation activity in BPEL, choose the sources and targets, create the xslt etc. then if you go to the source view, you will discover that it is actually an assign activity. The execution of the xslt is done through an xpath expression that references the particular xslt file.

 Implementation steps:

Create a SOA project.

Create a XSD

<?xml version="1.0" encoding="windows-1252" ?>

<xsd:schema xmlns:xsd="" xmlns=""

            targetNamespace="" elementFormDefault="qualified">

  <xsd:element name="OrderRequest">



        <xsd:element name="OrderId" type="xsd:string"/>

        <xsd:element name="OrderType" type="xsd:string"/>




    <xsd:element name="OrderResponse">



        <xsd:element name="Status" type="xsd:string"/>





Use this schema and create a Syn BPEL

Create a DVM

here i added two rows containing 2 xsl files.

Create a Variable varXSLT
Take a assign and Use dvm:lookupValue() function to fetch teh xsl names based on the orderType.
Take a Transformation activity and create 2 xslt files as defined in the dvm.


Use ora:processXSLT() instead of using ora:doXSLTransformForDoc() functions.


We can push the xsl files to MDS and use them dynamically from MDS too.
First i have kept the xsl files in the SOA design time repository local files,
Publish the files to MDS

Use the oramds path to the ora:processXSLT() function like this and it works.

Monday, July 6, 2020

Web Services Security at Transport Level and Message Level

There are two ways with which we can ensure security with Web Services:

Transport level security, such as HTTP Basic/Digest and SSL/TLS, is the usual "first line of defence", as securing the transport mechanism itself makes Web services inherently secure.  The trade-off is transport dependency (Web services are more tightly coupled to the network transport layer).

The basic authentication scheme is by passing the credentials (userid & password) in the http header. This can be improved using password digest: the credentials are hashed (so that the attacker can not read the password) & using nonce (to prevent reply attack)

Certificates can be used for authentication, encryption and signature (non repudiation)

by setting in the web server (e.g. Weblogic, Apache, Tomcat): basically enabling the https listening port and register the location of keystore/certificates.

Message level security, such as WS-Security, SAML, XML Digital Signatures, and XML Encrypttion,  can be more effective and has the added flexibility that the message can be sent over any transport.
Message standard for SOAP web services security e.g. WS-Security (WSS), WS-Policy.

Java: using handler/adapter to insert WSS header in the request and remove the WSS header in the received response. The handler also encrypt/decrypt the data.
Java using Rampart/Axis2 framework: set security context (e.g. keystore) in the request, define security policy in the wsdl. Futher info: read book by Tong.
OSB: using OWSM by defining policy. 

Why message-level security (e.g. WS-Security) is better than transport-level security (e.g. TLS/SSL):
  • End-to-end security: message-level XML-Encryption protects sensitive data also in the intermediaries / external proxies. The point-to-point security TLS/SSL doesn't prevent the intermediaries to read the sensitive data.
  • With WS-Encryption it's also possible to encrypt only a part of the messages for flexibility (e.g. in case the intermediary proxy need to peek the unencrypted part) or performance (it's cheaper to encrypt/decrypt only portions of the messages).
  • The message-level security (e.g. WSS Authentication, XML-Encryption, XML-Signature) is independent to the protocols thus it offers more flexibility to send SOAP messages across different protocols (e.g. http, jms, ftp).
On the other hand, message-level security has also disadvantages:
  • Performance (encrypt/decrypt, validate): processing time & increased message size
  • Configuration & Maintenance (but can be easier using declarative policy)
  • Can not peek the message values during development & debug
  • More complex, more difficult to find developers who master
For more details, you can traverse to Web Services Security

12c SOA - Weblogic - Oracle apps adapter connection factory creation

In this blog we will see how we can create an oracle apps adapter connection factory.

Outbound Connection Pools
Click New

select Outbound Connection Groups and Next
Provide the JNDI Name.
Apps Connection factory created. Open it
Give the XADataSourceName
Go to the deployment again and select OracleAppsAdapter
Select Update option to update the changes in plan.xml file.
Activate Changes

If it is a clustered environment then using putty, we need to copy the updated new apps plan.xml file under the deployment plan path for all the nodes.

Featured Post

11g to 12c OSB projects migration points

1. Export 11g OSB code and import in 12c Jdeveloper. Steps to import OSB project in Jdeveloper:   File⇾Import⇾Service Bus Resources⇾ Se...