Weblog for the AMIS Technology corner
Posts tagged soa suite 11g
First steps with Java Embedding in Oracle SOA Suite 11g BPEL 2.0 – useful API calls
Jan 11th
While preparing for the next session in our internal SOA for Java Professionals training program on BPEL, 
I revisited the BPEL activity Java Embedding that allows us to enrich a BPEL process with custom, Java based functionality. I tried to determine how best to explain, present and demonstrate this activity to my colleagues. This article is a brief summary of what I will tell them. It may help you to quickly get up to speed with this activity in BPEL using Oracle SOA Suite 11g.
The Java Embedding activity allows us to add activities in a BPEL process in which we can write a Java snippet using standard JDK libraries, the BPEL APIs, custom and 3rd party Java Classes included in JAR files in deployed SCA composites (in SCA-INF/lib directory) and Java Classes and libraries available on the Classpath for the SOA Suite run time (note: through the oracle.soa.ext.jar file in the directory
<FMW_HOME>/soa/modules/oracle.soa.ext_11.1.1 we make the resources available at run time; use the ANT script in this directory to add custom classes and JAR-files to the oracle.soa.ext.jar file).
Timeouts in Oracle SOA Suite 11g
Nov 18th
Some time ago… at a Oracle SOA 11g project, we had to call an external webservice which took 1 to 5 minutes to respond. The composite calling this webservice was called by another composite from a BPEL process. As you might guess, we got an timeout resulting in faulted instances.
Increasing the timeout time wasn’t as easy as I expected, because it’s not one timeout setting that had to be increased, but a total of five timeout settings! To document this for myself in case I run into it again and to help others with the same problem I’ve written it down in this blogpost.
Read the rest of this entry »
Increase the session timeout of Oracle BPM Worklist app
Oct 18th
The Oracle BPM Worklist app is a part of the Oracle SOA Suite. Working with the Worklist app is very annoying, because the default timeout is very short (seconds!). So after getting a cup of coffee or reading a mail you have to login again.
Solving this problem seems quite easy by increasing the session timeout in your (generated) ADF human task or in the worklist app in the weblogic console, but it all doesn’t work.
The solution for this annoying issue is quite easy, once you know where and how. Here is the trick. Read the rest of this entry »
Keeping your process clean: Hiding technology complexity behind a service
Jun 21st
This blog will explain how you could abstract technology behind a service so your main process will be kept clean of all kind of technology pollution like exception handling, technology adapters and correlation. Read the rest of this entry »
OWSM Custom x509 Assertion – Part 2 – Creating outgoing client assertion
May 18th
In the previous post I explained how you can access the credential store and keystore using the configurations stored in the jsp-config.xml file. I also explained how you can read assertion properties. I put this code inside my base class CustomAssertion.java. This class has been repeated here below
package nl.amis.custompolicy.simplex509;
import java.security.cert.X509Certificate;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import javax.xml.namespace.NamespaceContext;
import javax.xml.xpath.XPath;
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathExpressionException;
import javax.xml.xpath.XPathFactory;
import oracle.security.jps.service.credstore.CredentialStore;
import oracle.wsm.common.sdk.IContext;
import oracle.wsm.common.sdk.IMessageContext;
import oracle.wsm.common.sdk.WSMException;
import oracle.wsm.policy.model.IAssertion;
import oracle.wsm.policy.model.IAssertionBindings;
import oracle.wsm.policy.model.IProperty;
import oracle.wsm.policy.model.impl.Config;
import oracle.wsm.policy.model.impl.SimpleAssertion;
import oracle.wsm.policyengine.IExecutionContext;
import oracle.wsm.policyengine.impl.AssertionExecutor;
import oracle.wsm.security.SecurityException;
import oracle.wsm.security.jps.JpsManager;
import oracle.wsm.security.jps.WsmKeyStore;
import oracle.wsm.security.jps.WsmKeyStoreFactory;
import oracle.wsm.security.policy.scenario.util.ScenarioUtils;
import oracle.wsm.security.policy.scenario.util.ScenarioUtils.Credentials;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
public abstract class CustomAssertion extends AssertionExecutor {
protected IAssertion mAssertion = null;
protected IExecutionContext mEcontext = null;
protected IContext mIcontext = null;
private JpsManager jpsManager;
private WsmKeyStore wsmKeyStore;
private Properties configProps;
public CustomAssertion(String tag) {
jpsManager = null;
wsmKeyStore = null;
configProps = new Properties();
}
public void destroy() {
}
public JpsManager getJpsManager() {
return jpsManager;
}
public WsmKeyStore getWsmKeyStore() {
return wsmKeyStore;
}
public Properties getConfigProperties() {
return configProps;
}
public void init(IAssertion iAssertion,
IExecutionContext iExecutionContext,
IContext iContext) throws WSMException {
mAssertion = iAssertion;
mEcontext = iExecutionContext;
mIcontext = iContext;
try {
if (ScenarioUtils.isJpsEnv()) {
jpsManager = new JpsManager();
jpsManager.setAuthenticationMode("anonymous");
}
} catch (SecurityException e) {
throw new WSMException(e);
}
IAssertionBindings bindings =
((SimpleAssertion)(this.mAssertion)).getBindings();
if (bindings != null) {
List cfgl = bindings.getConfigs();
if (!cfgl.isEmpty()) {
Config cfg = (Config)cfgl.get(0);
List<IProperty> configProperties = cfg.getProperties();
if (configProperties != null) {
for (IProperty configProperty : configProperties) {
String propName = configProperty.getName();
String propValue = configProperty.getValue();
if (propValue == null || propValue.trim().isEmpty())
propValue = configProperty.getDefaultValue();
if (propValue != null)
configProps.setProperty(propName, propValue);
}
}
}
}
}
protected boolean setWsmKeyStore(IMessageContext msgContext) throws SecurityException {
// Controleren of keystore service er is.
if (jpsManager != null && !jpsManager.isKeyStoreServiceAvailable()) {
throw new SecurityException("keystore not available Error");
}
// OPHALEN CREDENTIALSTORE
CredentialStore credentialStore =
jpsManager.getKeyStoreLevelCredentialStore();
if (credentialStore == null) {
throw new SecurityException("credentialstore not available Error");
}
// OPHALEN KeyStoreConfig
Map<String, String> keyStoreConfig = jpsManager.getKeyStoreConfig();
if (keyStoreConfig == null) {
throw new SecurityException("keystore configuration not available Error");
}
// OPHALEN KEYSTORE TYPE
String keystoreType = keyStoreConfig.get("keystore.type");
if (keystoreType != null && keystoreType.trim().isEmpty()) {
throw new SecurityException("keystore type not set Error");
}
if (!WsmKeyStore.KEYSTORE_TYPES_ENUM.JKS.toString().equalsIgnoreCase(keystoreType)) {
throw new SecurityException("Only keystore of type JKS is supported");
}
// OPHALEN KEYSTORE PATH
String location = keyStoreConfig.get("location");
// OPHALEN KEYSTORE CSF MAP
String keystoreCSFMap = keyStoreConfig.get("keystore.csf.map");
// OPHALEN KEYSTORE PASSWORD UIT CREDENTIAL STORE
String keyStorePassword = null;
String keyStorePassCSFKey =
keyStoreConfig.get("keystore.pass.csf.key");
if (keyStorePassCSFKey != null) {
Credentials keystorePassCreds =
ScenarioUtils.getKeyStoreCredsFromCSF(keystoreCSFMap,
keyStorePassCSFKey,
credentialStore);
if (keystorePassCreds != null)
keyStorePassword = new String(keystorePassCreds.getPassword());
}
// Ophalen SIGNATURE CSF KEY
String keystoreSigCSFKey =
ScenarioUtils.getConfigPropertyValue("keystore.sig.csf.key",
msgContext,
getConfigProperties(),
keyStoreConfig);
if (keystoreSigCSFKey != null && keystoreSigCSFKey.trim().isEmpty()) {
throw new SecurityException("signature csf key is empty");
}
// Ophalen SIGNATURE ALIAS AND PASSWORD
String signAlias = null;
String signPassword = null;
Credentials signCreds =
ScenarioUtils.getKeyStoreCredsFromCSF(keystoreCSFMap,
keystoreSigCSFKey,
credentialStore);
if (signCreds != null) {
signPassword = new String(signCreds.getPassword());
signAlias = signCreds.getUsername();
}
// Ophalen ENCRYPTION CSF KEY
String keystoreEncCSFKey =
ScenarioUtils.getConfigPropertyValue("keystore.enc.csf.key",
msgContext,
getConfigProperties(),
keyStoreConfig);
if (keystoreEncCSFKey != null && keystoreEncCSFKey.trim().isEmpty()) {
throw new SecurityException("encryption csf key is empty");
}
// Ophalen ENCRYPTION ALIAS AND PASSWORD
String cryptAlias = null;
String cryptPassword = null;
Credentials cryptCreds =
ScenarioUtils.getKeyStoreCredsFromCSF(keystoreCSFMap,
keystoreEncCSFKey,
credentialStore);
if (null != cryptCreds) {
cryptPassword = new String(cryptCreds.getPassword());
cryptAlias = cryptCreds.getUsername();
}
X509Certificate recipientCert =
ScenarioUtils.getConfigPropertyRecipientCert(msgContext,
getConfigProperties(),
null);
String keystoreRecipientAlias =
ScenarioUtils.getConfigPropertyValue("keystore.recipient.alias",
msgContext,
getConfigProperties(), null);
if (keystoreRecipientAlias != null &&
keystoreRecipientAlias.trim().isEmpty()) {
throw new SecurityException("recipient alias is empty");
}
wsmKeyStore =
WsmKeyStoreFactory.getKeyStore(location, keystoreType, "keystore",
keyStorePassword, signAlias,
signPassword, cryptAlias,
cryptPassword,
keystoreRecipientAlias,
recipientCert);
return wsmKeyStore != null;
}
public static Node getDataNode(Element payload,
final HashMap<String, String> namespaces,
String xpathStr) {
Node node = null;
try {
NamespaceContext ctx = new NamespaceContext() {
public String getNamespaceURI(String prefix) {
return namespaces.get(prefix);
}
public Iterator getPrefixes(String val) {
return null;
}
public String getPrefix(String uri) {
return null;
}
};
XPathFactory xpathFact = XPathFactory.newInstance();
XPath xpath = xpathFact.newXPath();
xpath.setNamespaceContext(ctx);
node =
(Node)xpath.evaluate(xpathStr, payload, XPathConstants.NODE);
} catch (XPathExpressionException ex) {
ex.printStackTrace();
return null;
}
return node;
}
}
In this post I will explore how complicated it is to create a WS Signing policy. Read the rest of this entry »
OWSM Custom Assertion – Part 1 – Setting up the basic structure
Apr 21st
With custom assertions you can create your own specific policies. There are a number of out-of-the box policy implementations already available implementing most of the common WS Security profiles and other non-security related policies like logging. If you want to create your own security policy one of the things you need is access to the credential store and keystore. There is some sample code on how to access the credential store. Unfortunately I could not find any sample code on how to access the keystore. In this blog I will show you how I implemented this using some of the available but not well documented Oracle utility classes.
Read the rest of this entry »
OWSM Custom Policies – Still some sharp edges, so beware! don’t cut yourself.
Mar 20th
In my last post I talked about using an out-of-the-box policy to sign your outgoing SOAP Message. Although it is not very well documented when you figure out how to configure the keystore and credential store it is quite simple to use. The problem is that the out-of-the-box policies need some tailoring before they can be used in the real world situations. Unfortunately I was only able to sign the entire body and not a specific element. What I needed was a more basic policy that only signs a specific element. So I needed to create a custom policy to do this. According to the documentation there is an API I can use, extend some classes and you can create your own policies. Simple, well in theory…
Image is copyrighted. Used with permission from DuraLabel.com
Using OWSM x509 token client policy with OSB 11gR1 PS3
Mar 13th
Since 11GR1 Oracle Web Service Manager (OWSM) has been integrated with the SOA Suite. This means you can easily attach web service policies for security and management to your SOA Suite artifacts. In this post I will explain how to attach a x509 client policy and do the configurations to get it actually working. This policy is the implementation of the OASIS Web Services Security X.509 Certificate Token Profile 1.1.
Read the rest of this entry »
Batch Aggregation of files in BPEL process instances based on correlation
Feb 24th
Remco is an interesting guy with unexpected ideas springing from a creative brain. He can make life interesting, challenging and puzzling. This time he had another interesting challenge – not all that weird to be honest. The challenge in short was:
Our invoicing system produces files that contain one or more invoice entries. Every entry describes an invoice for a certain company we do business with. There can be multiple invoice entries for the same company. The objective is to aggregate together all invoice entries for a company – potentially from many different file. For each invoice entry – some special processing involving service calls is required. Once all entries for a company have been collected and aggregated, some additional action is required – for example recording the company invoice aggregate in a database or in a file and call a webservice to perform additional processing. The files with invoices are produced over a period of a couple of hours. It is important that the processes performing the aggregation are reliable – they should not lose any entries.
The specific question we investigated is: can we solve this puzzle using Oracle SOA Suite 11g? And an early approach towards applying the SOA Suite’s capabilities to this challenge was based on BPEL’s correlation mechanism. In short: every company for which the batches contain invoice entries wil have an instance of a composite called InvoiceAggregator. This instance is carried by a BPEL component that has correlation configured on CompanyId. In our test set up, we have the company instance expire after 5 minutes: it will cease aggregation when it has not received new messages for a period of 5 minutes.
Composite InvoiceProcessor contains a File Adapter that reads the Invoice entries from files arriving in a specified directory. Each entry is passed to a Mediator that forwards it to a BPEL component. This BPEL component instantiates the company specific instance of InvoiceAggregator (if it does not already exist). Then it passes the invoice entry to that instance.
Composite InvoiceProcessor is stateless: after processing an individual invoice entry, it terminates (typically in a couple of 100ms). Composite CompanyAggregator is around for much longer – in our set up at least for 5 minutes and typically longer when multiple invoice entries arrive for the company.
Note: this lay out is a simplification of the real challenge. The essence of the correlation based interaction is captured in this example however.
