Edwin Biemond
About Java, Adobe Flex, Oracle JDeveloper, JHeadstart and Oracle SOA suite
Updated: 1 day 3 hours ago
Soa Suite 11g PS1, PS2 & R2 Roadmap
First the release calendar, Patch Set1 and Soa Suite 10.1.3.5 for OC4J and WLS are already out, So we can expect the coming 4, 5 months BPM 11g , OSB 11g and off course at last Patch Set 2
The new features of PS1, like Soa composer, Spring preview support, invocation api
PS2 will probably bring us composite folders ( domains ) , BPEL 2.0, Spring support in production, Direct binding between OSB and Soa Suite
And maybe Soa Suite 11G release 2 will have a light soa console, Rest / JSON & Debugger support
For more info see the original document on OTN.Download and See David Shaffer Soa Suite roadmap yourself
Categories: Development, Fusion Middleware
Find and Expand all nodes of an ADF Tree
First some usefull methods.
private void expandTreeChildrenNode( RichTree rt
, FacesCtrlHierNodeBinding node
, List<Key> parentRowKey) {
ArrayList children = node.getChildren();
List<Key> rowKey;
if ( children != null ) {
for (int i = 0; i < children.size(); i++) {
rowKey = new ArrayList<Key>();
rowKey.addAll(parentRowKey);
rowKey.add(((FacesCtrlHierNodeBinding)children.get(i)).getRowKey());
rt.getDisclosedRowKeys().add(rowKey);
if (((FacesCtrlHierNodeBinding)(children.get(i))).getChildren() == null)
continue;
expandTreeChildrenNode(rt
,(FacesCtrlHierNodeBinding)(node.getChildren().get(i))
, rowKey);
}
}
}
// find a jsf component
private UIComponent getUIComponent(String name) {
FacesContext facesCtx = FacesContext.getCurrentInstance();
return facesCtx.getViewRoot().findComponent(name) ;
}
private UIComponent getUIComponent(UIComponent component,String name ){
List<UIComponent> items = component.getChildren();
for ( UIComponent item : items ) {
UIComponent found = getUIComponent(item,name);
if ( found != null ) {
return found;
}
if ( item.getId().equalsIgnoreCase(name) ) {
return item;
};
}
return null;
}
Now find the ADF tree in a region and expand the main and child nodes of this tree
// get the dymamic region of the main page
RichRegion region = (RichRegion)getUIComponent("dynam1");
if ( region != null) {
// find tree 2 and expand this tree
RichTree rt = (RichTree)getUIComponent(region,"t2");
if ( rt != null ) {
int rowCount = rt.getRowCount();
List<Key> rowKey;
for (int j = 0; j < rowCount; j++) {
// expand the main nodes
FacesCtrlHierNodeBinding node = (FacesCtrlHierNodeBinding)rt.getRowData(j);
rowKey = new ArrayList<Key>();
rowKey.add(node.getRowKey());
rt.getDisclosedRowKeys().add(rowKey);
rt.setRowKey(rowKey);
// expand the child nodes of the main nodes
expandTreeChildrenNode(rt , node, rowKey);
}
}
}
Categories: Development, Fusion Middleware
Find an UIComponent in an ADF Task Flow Region
First I need to have some common methods.
// find a jsf component inside the JSF page
private UIComponent getUIComponent(String name) {
FacesContext facesCtx = FacesContext.getCurrentInstance();
return facesCtx.getViewRoot().findComponent(name) ;
}
// find a UIComponent inside a UIComponent
private UIComponent getUIComponent(UIComponent component,String name ){
List items = component.getChildren();
for ( UIComponent item : items ) {
UIComponent found = getUIComponent(item,name);
if ( found != null ) {
return found;
}
if ( item.getId().equalsIgnoreCase(name) ) {
return item;
}
}
return null;
}
Now we can find the right Region and then search inside the Region for the ADF Tree
// get the dymamic region of the main page
RichRegion region = (RichRegion)getUIComponent("dynam1");
if ( region != null) {
// find tree 2
RichTree rt = (RichTree)getUIComponent(region,"t2");
if ( rt != null ) {
// do your thing
}
}
Categories: Development, Fusion Middleware
Using Shared Object in Soa Suite 11g with MDS
First I make a local MDS repository. If you install the Soa plugin you already have a seed folder in the integration folder. Under this folder create an new folder called apps. ( this have has to be apps else you will get a permission denied error ) . Under this apps folder we can create our own definitions.
To use my local SOA-MDS repository I create a new MDS File Connection
I want to re-use these common objects in every Soa project so I choose for the resource palette option
select the seed folder in the integration folder
Here we can see our common application objects.
Open the application resources window and open the adf-config.xml
Here we define a new metadata namespace with apps as path. And use the integration folder as metadata-path value.
We are ready to use these common objects in a mediator.. Here I will use a schema from the local MDS as input parameter for the mediator.
Import a new schema
Select the resource browser and here we can select our schema from the local MDS
I uncheck the Copy to project option, because this XSD already exists in the MDS
Our Project is ready but If we want to deploy this Soa project, we will receive a error, it can't find the schema. So we need to export the local MDS files to the SOA Suite database MDS.To do this we have 2 options , the first option is to create a MAR deployment ( Application properties ) or do this with Ant.
I stripped the Clemens ant project so this ant build file has only two tasks , add and delete. It uses the adf-config.xml ( config folder) for the location of the target MDS and I use the local MDS as source.
Here is the target adf-config.xml which is located in the config folder
Change the build.properties so it matches your environment
This will import your local MDS object to the remote MDS. After this you can deploy your Soa Suite project.Here you can download my ant project. Thanks to Clemens.
Categories: Development, Fusion Middleware
Soa Suite 11g MDS deploy and removal ANT scripts
Basically this is how my ANT scripts works. First add your own metadata folders under the apps folder ( do this in jdeveloper\integration\seed\apps ).
My ANT script will do the following steps for every metadata folder under apps
- optionally remove the metadata folder from the remote Soa Suite Database MDS repository
- Make a zip file of the metadata files ( Local MDS file repository) .
- Make a new Soa Bundle zip with this metadata zip
- Deploy this soa bundle to the Soa Suite Server, The server will add this to the Database MDS
To make this work copy the antcontrib jar to the jdeveloper\ant\lib folder ( because of the foreach and the propertycopy fucntion )
Here is my build.properties
# global
wn.bea.home=C:/oracle/MiddlewareJdev11gR1PS1
oracle.home=${wn.bea.home}/jdeveloper
java.passed.home=${wn.bea.home}/jdk160_14_R27.6.5-32
wl_home=${wn.bea.home}/wlserver_10.3
# temp
tmp.output.dir=c:/temp
mds.reposistory=C:/oracle/MiddlewareJdev11gR1PS1/jdeveloper/integration/seed/apps/
mds.applications=usarmy
mds.undeploy=true
deployment.plan.environment=dev
# dev deployment server weblogic
dev.serverURL=http://laptopedwin:8001
dev.overwrite=true
dev.user=weblogic
dev.password=weblogic1
dev.forceDefault=true
# acceptance deployment server weblogic
acc.serverURL=http://laptopedwin:8001
acc.overwrite=true
acc.user=weblogic
acc.password=weblogic1
acc.forceDefault=true
The build.xml
<?xml version="1.0" encoding="iso-8859-1"?>
<project name="soaDeployAll" default="deployMDS">
<echo>basedir ${basedir}</echo>
<property environment="env"/>
<echo>current folder ${env.CURRENT_FOLDER}</echo>
<property file="${env.CURRENT_FOLDER}/build.properties"/>
<taskdef resource="net/sf/antcontrib/antcontrib.properties"/>
<import file="${basedir}/ant-sca-deploy.xml"/>
<target name="unDeployMDS">
<echo>undeploy MDS</echo>
<foreach list="${mds.applications}" param="mds.application" target="undeployMDSApplication" inheritall="true" inheritrefs="false"/>
</target>
<target name="deployMDS">
<echo>undeploy and deploy MDS</echo>
<if>
<equals arg1="${mds.undeploy}" arg2="true"/>
<then>
<foreach list="${mds.applications}" param="mds.application" target="undeployMDSApplication" inheritall="true" inheritrefs="false"/>
</then>
</if>
<foreach list="${mds.applications}" param="mds.application" target="deployMDSApplication" inheritall="true" inheritrefs="false"/>
</target>
<target name="deployMDSApplication">
<echo>deploy MDS application ${mds.application}</echo>
<echo>remove and create local MDS temp</echo>
<property name="mds.deploy.dir" value="${tmp.output.dir}/${mds.application}"/>
<delete dir="${mds.deploy.dir}"/>
<mkdir dir="${mds.deploy.dir}"/>
<echo>create zip from file MDS store</echo>
<zip destfile="${mds.deploy.dir}/${mds.application}_mds.jar" compress="false">
<fileset dir="${mds.reposistory}" includes="${mds.application}/**"/>
</zip>
<echo>create zip with MDS jar</echo>
<zip destfile="${mds.deploy.dir}/${mds.application}_mds.zip" compress="false">
<fileset dir="${mds.deploy.dir}" includes="*.jar"/>
</zip>
<propertycopy name="deploy.serverURL" from="${deployment.plan.environment}.serverURL"/>
<propertycopy name="deploy.overwrite" from="${deployment.plan.environment}.overwrite"/>
<propertycopy name="deploy.user" from="${deployment.plan.environment}.user"/>
<propertycopy name="deploy.password" from="${deployment.plan.environment}.password"/>
<propertycopy name="deploy.forceDefault" from="${deployment.plan.environment}.forceDefault"/>
<echo>deploy MDS app</echo>
<echo>deploy on ${deploy.serverURL} with user ${deploy.user}</echo>
<echo>deploy sarFile ${mds.deploy.dir}/${mds.application}_mds.zip</echo>
<antcall target="deploy" inheritall="false">
<param name="wl_home" value="${wl_home}"/>
<param name="oracle.home" value="${oracle.home}"/>
<param name="serverURL" value="${deploy.serverURL}"/>
<param name="user" value="${deploy.user}"/>
<param name="password" value="${deploy.password}"/>
<param name="overwrite" value="${deploy.overwrite}"/>
<param name="forceDefault" value="${deploy.forceDefault}"/>
<param name="sarLocation" value="${mds.deploy.dir}/${mds.application}_mds.zip"/>
</antcall>
</target>
<target name="undeployMDSApplication">
<echo>undeploy MDS application ${mds.application}</echo>
<propertycopy name="deploy.serverURL" from="${deployment.plan.environment}.serverURL"/>
<propertycopy name="deploy.overwrite" from="${deployment.plan.environment}.overwrite"/>
<propertycopy name="deploy.user" from="${deployment.plan.environment}.user"/>
<propertycopy name="deploy.password" from="${deployment.plan.environment}.password"/>
<propertycopy name="deploy.forceDefault" from="${deployment.plan.environment}.forceDefault"/>
<echo>undeploy MDS app folder apps/${mds.application} </echo>
<antcall target="removeSharedData" inheritall="false">
<param name="wl_home" value="${wl_home}"/>
<param name="oracle.home" value="${oracle.home}"/>
<param name="serverURL" value="${deploy.serverURL}"/>
<param name="user" value="${deploy.user}"/>
<param name="password" value="${deploy.password}"/>
<param name="folderName" value="${mds.application}"/>
</antcall>
</target>
</project>
and at last the deployMDS.bat file
set ORACLE_HOME=C:\oracle\MiddlewareJdev11gR1PS1
set ANT_HOME=%ORACLE_HOME%\jdeveloper\ant
set PATH=%ANT_HOME%\bin;%PATH%
set JAVA_HOME=%ORACLE_HOME%\jdk160_14_R27.6.5-32
set CURRENT_FOLDER=%CD%
ant -f build.xml deployMDS -Dbasedir=%ORACLE_HOME%\jdeveloper\bin
Categories: Development, Fusion Middleware
Calling a Soa Suite Direct Binding Service from Java & OSB
First we add the Direct Binding Service to exposed Services side of the composite and use the WSDL of one of the other exposed services and add a Wire to the Component.
In the source view of the composite xml you can see that this service uses the direct binding.
<service name="RMIService" ui:wsdlLocation="BPELProcess1.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1#wsdl.interface(BPELProcess1)"/>
<binding.direct/>
</service>
To see the WSDL of this service go to http://localhost:8001/soa-infra/ and select your RMI service.
package nl.whitehorses.soa.client;
import java.io.StringWriter;
import java.io.StringReader;
import java.util.Hashtable;
import java.util.Map;
import java.util.HashMap;
import javax.naming.Context;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import oracle.soa.api.PayloadFactory;
import oracle.soa.api.XMLMessageFactory;
import oracle.soa.api.invocation.DirectConnection;
import oracle.soa.api.message.Message;
import oracle.soa.api.message.Payload;
import oracle.soa.management.CompositeDN;
import oracle.soa.management.facade.Locator;
import oracle.soa.management.facade.LocatorFactory;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Document;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.xml.sax.InputSource;
public class StartRMIProcess {
public StartRMIProcess() {
super();
Hashtable jndiProps = new Hashtable();
jndiProps.put(Context.PROVIDER_URL, "t3://localhost:8001/soa-infra");
jndiProps.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
jndiProps.put(Context.SECURITY_PRINCIPAL, "weblogic");
jndiProps.put(Context.SECURITY_CREDENTIALS, "weblogic1");
jndiProps.put("dedicated.connection", "true");
Locator locator = null;
try {
// connect to the soa server
locator = LocatorFactory.createLocator(jndiProps);
// find composite default domain, Helloworld Composite, version 1.0
CompositeDN compositedn = new CompositeDN("default", "Helloworld", "1.0");
// call the direct binding of the Helloworld composite
DirectConnection conn = locator.createDirectConnection(compositedn,"RMIService");
String inputPayload =
"<client:process xmlns:client=\"http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1\">\n" +
" <client:input>hello</client:input>\n" +
"</client:process>\n" ;
DocumentBuilderFactory docBuilderFactory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = docBuilderFactory.newDocumentBuilder();
Document doc = builder.parse(new InputSource(new StringReader(inputPayload)));
Element root = doc.getDocumentElement();
//<wsdl:message name="BPELProcess1RequestMessage">
// <wsdl:part name="payload" element="client:process"/>
//</wsdl:message>
Map<String, Element> partData = new HashMap<String,Element>();
// have to use payload see BPELProcess1RequestMessage
partData.put("payload", root);
Payload<Element> payload = PayloadFactory.createXMLPayload(partData);
//Messages are created using the MessageFactory
Message<Element> request = XMLMessageFactory.getInstance().createMessage();
request.setPayload(payload);
//<wsdl:portType name="BPELProcess1">
// <wsdl:operation name="process">
// <wsdl:input message="client:BPELProcess1RequestMessage" />
// <wsdl:output message="client:BPELProcess1ResponseMessage"/>
// </wsdl:operation>
//</wsdl:portType>
// this is a request-reply service so we need to use conn.request else use conn.post
// need to provide operation name so we need to use process
Message<Element> response = conn.request("process", request);
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
transformer.setOutputProperty("indent", "yes");
StringWriter sw = new StringWriter();
StreamResult result = new StreamResult(sw);
//<wsdl:message name="BPELProcess1ResponseMessage">
// <wsdl:part name="payload" element="client:processResponse"/>
//</wsdl:message>
// need to use payload again
DOMSource source = new DOMSource((Node)response.getPayload().getData().get("payload"));
transformer.transform(source, result);
System.out.println("Result\n"+sw.toString());
} catch (Exception e) {
e.printStackTrace();
}
}
public static void main(String[] args) {
StartRMIProcess startRMIProcess = new StartRMIProcess();
}
}
Categories: Development, Fusion Middleware
New features of the EJB Datatcontrol, Query panel and Range size
With JDeveloper you can generate an EJB datacontol on an EJB session bean and this Datacontol can be used in ADF. In this blog entry I will show you what the new features are and how you can do it yourself.
First we start with an entity, this is a normal entity on the country table in the HR schema ( I use the eclipselink persistence implementation, which supported very well in JDeveloper )
Next step is to create a Session Bean where we add some Facade Methods.
Here you can see that JDeveloper adds a queryByRange Facade method which we be used by ADF for the range size option.
Here you can see the Session Bean code with the queryByRange method
Generate a Datacontrol on this Session Bean,
If we now go the viewcontroller project we can use this Country EJB datacontrol ( add the EJB model project to the viewcontroller project dependency or add the EJB ADF library to the project) . In the Data Controls window you can see the Named Criteria folder in the countriesFindAll method. Drag the All Queriable Attributes on the JSF page and select the Query Panel option.
With this as result, a customizable search panel and when you configure MDS you can even save the user queries in the MDS repository.
The last feature of the EJB Datacontrol is the Range Set option. Default the ADF iterator get the data in set of 25 records ( this is a pagedef option on the iterator ). When the ADF table on the JSF view is full with rows then it won't get the rest of the rows unles you use the scrollbar or use the Next Set Operation. The Next and Previous Set are new options for the EJB Datacontrol.
Use the scrollbar or the next / previous Set button to get all the rows.
Here some eclipselink logging to let you see that is really works.
[EL Fine]: 2009-11-12 14:03:47.375--ServerSession(22965561)--SELECT COUNT(COUNTRY_ID) FROM COUNTRIES
[EL Fine]: 2009-11-12 14:03:47.39 --SELECT * FROM (SELECT /*+ FIRST_ROWS */ a.*, ROWNUM rnum FROM (SELECT COUNTRY_ID AS COUNTRY_ID1
, COUNTRY_NAME AS COUNTRY_NAME2, REGION_ID AS REGION_ID3 FROM COUNTRIES) a WHERE ROWNUM <= ?) WHERE rnum > ?
bind => [5, 0]
[EL Fine]: 2009-11-12 14:03:49.953 --SELECT * FROM (SELECT /*+ FIRST_ROWS */ a.*, ROWNUM rnum FROM (SELECT COUNTRY_ID AS COUNTRY_ID1
, COUNTRY_NAME AS COUNTRY_NAME2, REGION_ID AS REGION_ID3 FROM COUNTRIES) a WHERE ROWNUM <= ?) WHERE rnum > ?
bind => [10, 5]
[EL Fine]: 2009-11-12 14:04:39.281 --SELECT * FROM (SELECT /*+ FIRST_ROWS */ a.*, ROWNUM rnum FROM (SELECT COUNTRY_ID AS COUNTRY_ID1
, COUNTRY_NAME AS COUNTRY_NAME2, REGION_ID AS REGION_ID3 FROM COUNTRIES) a WHERE ROWNUM <= ?) WHERE rnum > ?
bind => [15, 10]
Categories: Development, Fusion Middleware
ADF Contextual Events in 11G R1 PS1
In this blog entry I will show you the new features and give you examples of a tree and table selection Event and inputtext change Event.
First we start by adding events to the ADF application. The first way we can do it, is by selecting an af:inputtext, af:tree or af:table component . Here an example of how you can add an event to an inputtext. Contextual Events is now part of the component property window.
The second big difference is that you can change the payload of the event. You can return now what you want, for example an binding or a backing bean method. In the previous release the payload was fixed ( return of the MethodAction or the new value of an attribute). If you don't specify a payload then this is the default.And you can restrict the events by adding a condition to the event. In this case it only fires when the value is hello
The events are registered in the pagedef of the page or fragment. This is how it can looks like.In this case the attributeValue got a restricted event and in the bottom the default payload is changed for this event.
The pagedef editor got a Contextual Events tab, where we can add producers or subscription to an event.
Lets subscribe to this attribute event. First we need to add an MethodAction to a page or fragment. We can call this method and pass on the attribute payload. I made a java class with this method and generate a DataControl on this class.
Open the page definition and go the Subscribers tab where we add a new one subscription. We need to select the event and the publisher ( or use any ) and the handler, this is the ADF MethodAction which has 3 parameters. And we need to provide the required values for these parameters.
That's all for the Inputtext. The value is now passed on to a other page fragment.
ADF Table selection Event
We can do the same with the ADF Table component, just select the table and go to the Contextual Events part of the property window. You can now select a class and in my case is that the Department class.
To do something usefull with this Table selection event I add a method to the Java datacontrol and add this as a MethodAction to a pagedef of a page or fragment
public String tableEvent( Object payload) {
if ( payload != null) {
System.out.println("handle tableEvent");
DCBindingContainerCurrencyChangeEvent event = (DCBindingContainerCurrencyChangeEvent)payload;
DCDataRow row = (DCDataRow)event.getRow();
if ( row.getDataProvider() instanceof Department ) {
// do department stuff like displaying the department task flow
Department dept = (Context.Department)row.getDataProvider();
return "handle tableEvent for Department "+dept.getName();
}
} else {
return "empty payload tableEvent";
}
return null;
}
Now we can add a subscription to this event and we call the above method as handler of this event.
ADF Tree Selection Event
This is almost the same as an ADF Table but now we can define more events because a tree can have different levels , In my case I made a department / employee example so I can have a department and employee event and do different things with this. For example show a department or employee Task Flow.
Here you see two events in the property window of the ADF tree. One for the department selection and one for the employees
This is how it looks like in the page defintion with an event on every level of the tree.
Here is my example workspace with Task Flows who produces these different event and the index page who pass the events on to the output Task Flow.
Categories: Development, Fusion Middleware
Installing Soa Suite 10.1.3.5.1 on Weblogic
We need to download Weblogic 10.3.1 and Soa Suite 10.1.3.5.1
first step is to install Weblogic 10.3.1, I use C:\oracle\Soa10gWls as my wls middleware home folder
Now we can go to the Soa suite part, first we need to create a bpel, esb and wsm repository.
Extract the soa suite install zip and go to the rca folder located in ias_windows_x86_101351\Disk1\install\soa_schemas\irca
We need to set a database home for the jdbc driver.
set ORACLE_HOME=C:\oracle\product\11.1.0\db_1
We can use the jdk of the new weblogic install
set JAVA_HOME=C:\oracle\Soa10gWls\jdk160_11
Now we can start irca.bat
After a succesfull install of the repository we can start the soa suite installer in this folder ias_windows_x86_101351\Disk1
Very important the destination path must be in a folder of the just created wls middleware home so I use C:\oracle\Soa10gWls\soa10g
As weblogic home location use C:\oracle\Soa10gWls\wlserver_10.3
We are ready with the install
Now we to start script for wsm go to the C:\oracle\Soa10gWls\soa10g\config\ folder and startconfigureSOA.bat
Last step is to create a Soa domain just like Soa Suite 11g and select the Soa Suite 10.1.3.5.1 option
Provide the orabpel and oraesb schema passwords.
Start the admin server and go to http://localhost:7001/console where we can take a look at the server. The soa suite server is called soa10g_server1
When we want to start the soa server we need to go the soa domain bin folder
C:\oracle\Soa10gWls\user_projects\domains\soa1013_domain\bin
and use "startManagedWebLogic.cmd soa10g_server1" to start the server.
This are the default installation url's of the Soa Suite applications
http://localhost:9700/esb
http://localhost:9700/BPELConsole
http://localhost:9700/ccore
And we need to use soaadmin as username to log in and use weblogic1 as password.
The issues that I had and luckily also solved.
Asynchronous routing fails with this error oracle.tip.esb.server.common.exceptions.BusinessEventRetriableException: Failed to enqueue deferred event "oracle.tip.esb.server.dispatch.QueueHandlerException: Publisher not exist for system "{0}"
Thanks to Juan Pablo
change the ESB_PARAMETER table on ORAESB schema the following parameters:
PROP_NAME_CONTROL_TCF_JNDI OracleASjms/ControlTCF
PROP_NAME_MONITOR_TCF_JNDI OracleASjms/MonitorTCF
PROP_NAME_ERROR_TCF_JNDI OracleASjms/ErrorTCF
PROP_NAME_ERROR_RETRY_TCF_JNDI OracleASjms/ErrorRetryTCF
PROP_NAME_DEFERRED_TCF_JNDI OracleASjms/DeferredTCF
PROP_NAME_ERROR_XATCF_JNDI OracleASjms/ErrorTCF
PROP_NAME_DEFERRED_XATCF_JNDI OracleASjms/DeferredTCF
to
PROP_NAME_CONTROL_TCF_JNDI ESB_CONTROL
PROP_NAME_MONITOR_TCF_JNDI ESB_MONITOR
PROP_NAME_ERROR_TCF_JNDI ESB_ERROR
PROP_NAME_ERROR_RETRY_TCF_JNDI ESB_ERROR_RETRY
PROP_NAME_DEFERRED_TCF_JNDI ESB_JAVA_DEFERRED
PROP_NAME_ERROR_XATCF_JNDI ESB_ERROR
PROP_NAME_DEFERRED_XATCF_JNDI ESB_JAVA_DEFERRED
and in the ESB console change the Property of Topic Location of every system to ESB_JAVA_DEFERRED
and see the comments for more fixes
Categories: Development, Fusion Middleware
Invoking Soa Suite 11g Service from java
The first step is to open the composite xml and find your service.
<?xml version="1.0" encoding="UTF-8" ?>
<!-- Generated by Oracle SOA Modeler version 1.0 at [8/25/09 3:01 PM]. -->
<composite name="Helloworld"
revision="1.0"
label="2009-08-25_15-01-51_078"
mode="active"
state="on"
xmlns="http://xmlns.oracle.com/sca/1.0"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:orawsp="http://schemas.oracle.com/ws/2006/01/policy"
xmlns:ui="http://xmlns.oracle.com/soa/designer/">
<import namespace="http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1"
location="BPELProcess1.wsdl" importType="wsdl"/>
<service name="bpelprocess1_client_ep" ui:wsdlLocation="BPELProcess1.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1#wsdl.interface(BPELProcess1)"/>
<binding.ws port="http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1#wsdl.endpoint(bpelprocess1_client_ep/BPELProcess1_pt)">
</binding.ws>
</service>
Copy this service and give it a unique name and now we need to add the binding.adf binding to this service instead of the binding.ws
<service name="bpelprocess1_client_ep" ui:wsdlLocation="BPELProcess1.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1#wsdl.interface(BPELProcess1)"/>
<binding.ws port="http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1#wsdl.endpoint(bpelprocess1_client_ep/BPELProcess1_pt)">
</binding.ws>
</service>
<service name="bpelprocess1_client_ep2" ui:wsdlLocation="BPELProcess1.wsdl">
<interface.wsdl interface="http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1#wsdl.interface(BPELProcess1)"/>
<binding.adf serviceName="{http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1}bpelprocess1_client_ep2"
registryName=""/>
</service>
Go back to the design mode and open the new adf binding service and select the same wsdl as your other service ( this will correct the serviceName ) and at last we need to wire the new service to the component
Now we only need to call this service from java
package nl.whitehorses.bpel.unit;
import java.util.Hashtable;
import java.util.UUID;
import java.util.List;
import javax.naming.Context;
import oracle.soa.management.facade.Locator;
import oracle.soa.management.facade.LocatorFactory;
import oracle.soa.management.facade.Composite;
import oracle.soa.management.facade.Service;
import oracle.soa.management.facade.CompositeInstance;
import oracle.soa.management.facade.ComponentInstance;
import oracle.fabric.common.NormalizedMessage;
import oracle.fabric.common.NormalizedMessageImpl;
import oracle.soa.management.util.CompositeInstanceFilter;
import oracle.soa.management.util.ComponentInstanceFilter;
import java.util.Map;
import javax.xml.transform.*;
import javax.xml.transform.dom.*;
import javax.xml.transform.stream.*;
import org.w3c.dom.Element;
import java.io.*;
public class StartProcess {
public StartProcess() {
super();
Hashtable jndiProps = new Hashtable();
jndiProps.put(Context.PROVIDER_URL, "t3://localhost:8001/soa-infra");
jndiProps.put(Context.INITIAL_CONTEXT_FACTORY,"weblogic.jndi.WLInitialContextFactory");
jndiProps.put(Context.SECURITY_PRINCIPAL, "weblogic");
jndiProps.put(Context.SECURITY_CREDENTIALS, "weblogic1");
jndiProps.put("dedicated.connection", "true");
String inputPayload =
"<process xmlns=\"http://xmlns.oracle.com/HelloWorld/Helloworld/BPELProcess1\">\n" +
" <input>hello</input>\n" +
"</process>\n" ;
Locator locator = null;
try {
// connect to the soa server
locator = LocatorFactory.createLocator(jndiProps);
String compositeDN = "default/Helloworld!1.0";
// find composite
Composite composite = locator.lookupComposite("default/Helloworld!1.0");
System.out.println("Got Composite : "+ composite.toString());
// find exposed service of the composite
Service service = composite.getService("bpelprocess1_client_ep2");
System.out.println("Got serviceName : "+ service.toString());
// make the input request and add this to a operation of the service
NormalizedMessage input = new NormalizedMessageImpl();
String uuid = "uuid:" + UUID.randomUUID();
input.addProperty(NormalizedMessage.PROPERTY_CONVERSATION_ID,uuid);
// payload is the partname of the process operation
input.getPayload().put("payload",inputPayload);
// process is the operation of the employee service
NormalizedMessage res = null;
try {
res = service.request("process", input);
} catch(Exception e) {
e.printStackTrace();
}
Map payload = res.getPayload();
Element element = (Element)payload.get("payload");
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
transformer.setOutputProperty("indent", "yes");
StringWriter sw = new StringWriter();
StreamResult result = new StreamResult(sw);
DOMSource source = new DOMSource(element);
transformer.transform(source, result);
System.out.println("Result\n"+sw.toString());
System.out.println("instances");
CompositeInstanceFilter filter = new CompositeInstanceFilter();
filter.setMinCreationDate(new java.util.Date((System.currentTimeMillis() - 2000000)));
// get composite instances by filter ..
List<CompositeInstance> obInstances = composite.getInstances(filter);
// for each of the returned composite instances..
for (CompositeInstance instance : obInstances) {
System.out.println(" DN: " + instance.getCompositeDN() +
" Instance: " + instance.getId() +
" creation-date: " + instance.getCreationDate() +
" state (" + instance.getState() + "): " + getStateAsString(instance.getState())
);
// setup a component filter
ComponentInstanceFilter cInstanceFilter = new ComponentInstanceFilter();
// get child component instances ..
List<ComponentInstance> childComponentInstances = instance.getChildComponentInstances(cInstanceFilter);
// for each child component instance (e.g. a bpel process)
for (ComponentInstance cInstance : childComponentInstances) {
System.out.println(" -> componentinstance: " + cInstance.getComponentName() +
" type: " + cInstance.getServiceEngine().getEngineType() +
" state: " +getStateAsString(cInstance.getState())
);
System.out.println("State: "+cInstance.getNormalizedStateAsString() );
}
}
} catch (Exception e) {
e.printStackTrace();
}
}
private String getStateAsString(int state)
{
// note that this is dependent on wheter the composite state is captured or not
if (state == CompositeInstance.STATE_COMPLETED_SUCCESSFULLY)
return ("success");
else if (state == CompositeInstance.STATE_FAULTED)
return ("faulted");
else if (state == CompositeInstance.STATE_RECOVERY_REQUIRED)
return ("recovery required");
else if (state == CompositeInstance.STATE_RUNNING)
return ("running");
else if (state == CompositeInstance.STATE_STALE)
return ("stale");
else
return ("unknown");
}
public static void main(String[] args) {
StartProcess startUnitProcess = new StartProcess();
}
}
Categories: Development, Fusion Middleware
Working with Apache Tuscany, The Java SCA based platform part 1
I will explain how you can make some composite applications. In this blogpost we start easy with building a composite application with
- Simple java Component
- Jax-ws component
- Component with references to other components ( wires )
- Service on a component
- Using a second composite
Here a overview of my test project.
First we need to download Apache Tuscany Java SCA
We start with a simple java component with its interface.
package nl.whitehorses.tuscany.step1;
public interface JavaService {
public String getData();
}
package nl.whitehorses.tuscany.step1;
public class JavaServiceImpl implements JavaService {
public String getData() {
return "Hello from java component";
}
}
We can add this component in the step1 composite file and provide the java implementation class.
<?xml version="1.0" encoding="UTF-8"?>
<composite xmlns="http://www.osoa.org/xmlns/sca/1.0"
targetNamespace="http://whitehorses"
name="step1">
<component name="JavaCp">
<implementation.java class="nl.whitehorses.tuscany.step1.JavaServiceImpl" />
</component>
</composite>
Last part of step 1 is to run this composite application, now we have to load and test the composite application.
package nl.whitehorses.tuscany.step1;
import org.apache.tuscany.sca.host.embedded.SCADomain;
public class ClientStep1 {
public final static void main(String[] args) throws Exception {
SCADomain scaDomain = SCADomain.newInstance("step1.composite");
JavaService javaService = scaDomain.getService(JavaService.class, "JavaCp");
System.out.println("java: " + javaService.getData());
scaDomain.close();
}
}
In step 2 we will call a jax-ws webservice. In this step we also need to add a reference to the component.
To make this work I created first a jax-ws service and deploy this to an application server.
package nl.whitehorses.soa.ws;
import javax.jws.WebService;
@WebService
public class Helloworld {
public String getResponse( String message){
return message;
}
}
In the tuscany client project we need to generate a webservice proxy client for this webservice.
Create an implemention class for this ws proxy client. In this class we need to add a reference with the name jaxws and a setter. We will use this in the composite xml
package nl.whitehorses.tuscany.step2;
import nl.whitehorses.soa.ws.proxy.Helloworld;
import org.osoa.sca.annotations.Reference;
public class HelloworldServiceImpl implements Helloworld{
private Helloworld jaxws;
@Reference
public void setJaxws(Helloworld jaxws) {
this.jaxws = jaxws;
}
public String getResponse( String message){
return jaxws.getResponse(message);
}
}
create a new composite file where we will add this component and its reference. In the reference we need to provide the web service binding
<?xml version="1.0" encoding="UTF-8"?>
<composite xmlns="http://www.osoa.org/xmlns/sca/1.0"
targetNamespace="http://whitehorses"
name="step2">
<component name="HelloworldCp">
<implementation.java class="nl.whitehorses.tuscany.step2.HelloworldServiceImpl" />
<reference name="jaxws">
<binding.ws wsdlElement="http://ws.soa.whitehorses.nl/#wsdl.port(HelloworldService/HelloworldPort)"
uri="http://localhost:7101/jaxws/HelloworldPort?wsdl#wsdl.interface(HelloworldService)"/>
</reference>
</component>
</composite>
And at last the test client
package nl.whitehorses.tuscany.step2;
import org.apache.tuscany.sca.host.embedded.SCADomain;
import nl.whitehorses.soa.ws.proxy.Helloworld;
public class ClientStep2 {
public final static void main(String[] args) throws Exception {
SCADomain scaDomain = SCADomain.newInstance("step2.composite");
Helloworld helloworld = scaDomain.getService(Helloworld.class, "HelloworldCp");
System.out.println("ws: " + helloworld.getResponse("hello"));
scaDomain.close();
}
}
In step 3 we will expose an component as a service. First step is to make an interface with the methods which we want to expose in this web service. We have to add Remotable annotation.
package nl.whitehorses.tuscany.step3;
import org.osoa.sca.annotations.Remotable;
@Remotable
public interface TuscanyService {
public String getJaxwsResponse( String message);
public String getJavaData();
public String getJavaData2();
}
The implementatation of this component with the Service annotation and off course the references to the other components.
package nl.whitehorses.tuscany.step3;
import nl.whitehorses.soa.ws.proxy.Helloworld;
import org.osoa.sca.annotations.Reference;
import org.osoa.sca.annotations.Service;
import nl.whitehorses.tuscany.step1.JavaService;
@Service(TuscanyService.class)
public class TuscanyServiceImpl implements TuscanyService {
private Helloworld helloworldComponent;
private JavaService javaComponent;
private JavaService javaComponent2;
@Reference
public void setHelloworldComponent(Helloworld helloworldComponent) {
this.helloworldComponent = helloworldComponent;
}
@Reference
public void setJavaComponent(JavaService javaComponent) {
this.javaComponent = javaComponent;
}
@Reference
public void setJavaComponent2(JavaService javaComponent2) {
this.javaComponent2 = javaComponent2;
}
public String getJaxwsResponse(String message) {
return helloworldComponent.getResponse(message) ;
}
public String getJavaData() {
return javaComponent.getData();
}
public String getJavaData2() {
return javaComponent2.getData();
}
}
The step3 composite file has a TuscanyServiceComponent with 3 references to the step 1 and 2 components and this component has also a service. In this service we have to provide the ws url.
<?xml version="1.0" encoding="UTF-8"?>
<composite xmlns="http://www.osoa.org/xmlns/sca/1.0"
targetNamespace="http://whitehorses"
name="step3">
<component name="TuscanyServiceComponent">
<implementation.java class="nl.whitehorses.tuscany.step3.TuscanyServiceImpl" />
<reference name="helloworldComponent" target="HelloworldCp" />
<reference name="javaComponent" target="JavaCp" />
<reference name="javaComponent2" target="JavaCp2" />
<service name="TuscanyService">
<binding.ws uri="http://localhost:8085/TuscanyService"/>
</service>
</component>
<component name="JavaCp">
<implementation.java class="nl.whitehorses.tuscany.step1.JavaServiceImpl" />
</component>
<component name="JavaCp2">
<implementation.java class="nl.whitehorses.tuscany.step1.JavaServiceImpl" />
</component>
<component name="HelloworldCp">
<implementation.java class="nl.whitehorses.tuscany.step2.HelloworldServiceImpl" />
<reference name="jaxws">
<binding.ws wsdlElement="http://ws.soa.whitehorses.nl/#wsdl.port(HelloworldService/HelloworldPort)"
uri="http://localhost:7101/jaxws/HelloworldPort?wsdl#wsdl.interface(HelloworldService)"/>
</reference>
</component>
</composite>
The client code which tests the main component and start the service on this component
package nl.whitehorses.tuscany.step3;
import java.io.IOException;
import org.apache.tuscany.sca.host.embedded.SCADomain;
public class ClientStep3 {
public final static void main(String[] args) throws Exception {
SCADomain scaDomain = SCADomain.newInstance("step3.composite");
TuscanyService tuscanyService = scaDomain.getService(TuscanyService.class, "TuscanyServiceComponent");
System.out.println("ws: "+tuscanyService.getJaxwsResponse("hello"));
System.out.println("java: "+tuscanyService.getJavaData());
System.out.println("java2: "+tuscanyService.getJavaData2());
try {
System.out.println("ws service started (press enter to shutdown)");
System.in.read();
} catch (IOException e) {
e.printStackTrace();
}
scaDomain.close();
}
}
Now we can use soapui to test this web service.
In the last step in this blog I will use a second composite which will be called by the first composite.
First we create a new composite xml. We will copy a java component from the step3 composite to this composite. Give this composite a new name and target namespace. We will use these values to import this composite. This component needs a service else we can not call it from the main composite.
<?xml version="1.0" encoding="UTF-8"?>
<composite xmlns="http://www.osoa.org/xmlns/sca/1.0"
targetNamespace="http://whitehorses2"
name="step4_2">
<service name="JavaCpService" promote="JavaCp">
<interface.java interface="nl.whitehorses.tuscany.step1.JavaService"/>
</service>
<component name="JavaCp">
<implementation.java class="nl.whitehorses.tuscany.step1.JavaServiceImpl" />
</component>
</composite>
The main composite called step4_1 need the namespace of the second composite. The JavaCp2 component import the second composite by using the target namespace of the second composite and with its name. In the javaComponent2 reference of the TuscanyServiceComponent will call JavaCp2 component followed by the service name of the second composite.
<?xml version="1.0" encoding="UTF-8"?>
<composite xmlns="http://www.osoa.org/xmlns/sca/1.0"
targetNamespace="http://whitehorses"
xmlns:whitehorses2="http://whitehorses2"
name="step4_1">
<component name="TuscanyServiceComponent">
<implementation.java class="nl.whitehorses.tuscany.step3.TuscanyServiceImpl" />
<reference name="helloworldComponent" target="HelloworldCp" />
<reference name="javaComponent" target="JavaCp" />
<reference name="javaComponent2" target="JavaCp2/JavaCpService" />
<service name="TuscanyService">
<binding.ws uri="http://localhost:8085/TuscanyService"/>
</service>
</component>
<component name="JavaCp">
<implementation.java class="nl.whitehorses.tuscany.step1.JavaServiceImpl" />
</component>
<component name="HelloworldCp">
<implementation.java class="nl.whitehorses.tuscany.step2.HelloworldServiceImpl" />
<reference name="jaxws">
<binding.ws wsdlElement="http://ws.soa.whitehorses.nl/#wsdl.port(HelloworldService/HelloworldPort)"
uri="http://localhost:7101/jaxws/HelloworldPort?wsdl#wsdl.interface(HelloworldService)"/>
</reference>
</component>
<component name="JavaCp2">
<implementation.composite name="whitehorses2:step4_2"/>
</component>
</composite>
and at last the step 4 test client.
package nl.whitehorses.tuscany.step4;
import nl.whitehorses.tuscany.step3.TuscanyService;
import java.io.IOException;
import org.apache.tuscany.sca.host.embedded.SCADomain;
public class ClientStep4 {
public final static void main(String[] args) throws Exception {
SCADomain scaDomain = SCADomain.newInstance("step4_1.composite");
TuscanyService tuscanyService = scaDomain.getService(TuscanyService.class, "TuscanyServiceComponent");
System.out.println("ws: "+tuscanyService.getJaxwsResponse("hello"));
System.out.println("java: "+tuscanyService.getJavaData());
System.out.println("java2: "+tuscanyService.getJavaData2());
try {
System.out.println("ws service started (press enter to shutdown)");
System.in.read();
} catch (IOException e) {
e.printStackTrace();
}
scaDomain.close();
}
}
Here you can download my jdeveloper 11G test project.
Categories: Development, Fusion Middleware
Securing Web Services with SAML Sender Vouches
This is how SAML Sender Vouches works and what we need to do in weblogic / java.
The short version is, the web service proxy client call the STS server to get an SAML assertion on behalf of the User to call the Web Service.The long version, the user provides its credentials to the ws proxy client and the ws proxy client calls the STS server and provides the username / password of the user and the client key.
The STS validates the user and the ws proxy client certificate and the STS returns the STS identity assertion to the ws proxy client. The ws proxy client uses this STS assertion together with the ws client and ws server certificate to call the web service.
First we need to have 3 certificates, the first is alice, this will be used in the ws proxy client and the second certificate is bob, this will be used in the Weblogic web service server and the last we use wssipsts certificate for the Weblogic STS server. Add these keys into a java keystore.
Setting up the Secure Token Service (STS)
Create a new Weblogic 10.3.1 domain and start the admin server. First we need to enable SSL in the general tab of the server and then add our keystores in the keystore tab.
Provide the STS certificate alias, in my case wssipprv
Go the myrealm security where we add the Alice user and provide a password, Very important the username must match with the CN of the Alice certificate. The user provides the credentials and must match with user in WLS and the ws proxy client provides the Alice certificate and this must match with the PKI Credential mapping.
Go to the Credential mapping tab of the Provider tab and add a PKI Credential Mapping where we import the keystore and Add a SAML Credential Mapping version 2 where we add the Web Service URL.
Open the just created PKI credential mapping and add the keystore.
Next we open the SAML Credential Mapping version 2 and provide the Issuer URL and Name Qualifier.
Add the public key of the wssipsts
Add a WSS/Sender-Vouches Relying Party
Enable this and provide the target url of the Web Service Url and assign assertions and include key info
That is all for the STS server and now we can deploy the STS web service.
package nl.whitehorses.sts;
import weblogic.jws.Policy;
import weblogic.wsee.security.saml.SAMLTrustTokenProvider;
import weblogic.wsee.security.wst.framework.TrustTokenProviderRegistry;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService
@Policy(uri="policy:Wssp1.2-2007-Wssc1.3-Bootstrap-Https-UNT.xml")
public class StsUnt {
static {
init();
}
@WebMethod
@Policy(uri="policy:Wssp1.2-2007-SignBody.xml")
public String dummyMethod(String s) {
return s;
}
static void init() {
TrustTokenProviderRegistry reg = TrustTokenProviderRegistry.getInstance();
SAMLTrustTokenProvider provider = new MySAMLTrustTokenProvider();
reg.registerProvider("http://docs.oasis-open.org/wss/2004/01/oasis-2004-01-saml-token-profile-1.0#SAMLAssertionID", provider);
reg.registerProvider("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID", provider);
reg.registerProvider("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", provider);
reg.registerProvider("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.0", provider);
reg.registerProvider("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1", provider);
}
static class MySAMLTrustTokenProvider extends SAMLTrustTokenProvider {
}
}
Configure the Weblogic server for the Web Services
Create a new Weblogic domain and use the same keystore, we don't need to setup SSL on this server.
Go the myrealm security and go to providers tab where we add a new PKI Credential Mapping in the credentials tab. ( Use the same setting as the STS server )
We need to add 2 authentication providers and change the 2 default providers.Create a SAML Authentication and SAML Identity Assertion provider.
Every authentication provider need to have the SUFFICIENT control flag.
Change the SAML Identity Assertion by adding an asserting party and the STS public certificate
Import the STS certificate
Change the just create Sender-Vouches asserting party. Enable this and provide the target url of the web service and add the issuer url, signature required and expect the STS certificate and allow virtual user.
Change the defaultIdentityAsserter and add wsse:PasswordDigest and X.509 as active types.
In the provider specific tab we need to set CN in the Default User Name Mapper Attribute Type and enable Use Default User Name Mapper.
In the DefaultAuthenticator we need to set control flag to SUFFICIENT
And in the provider specific tab. Enable Password Digests and Minimum Password Length to 1.
That's all for the Web Service server. Now we can deploy the webservice.
package nl.whitehorses.sts.ws;
import weblogic.jws.Policies;
import weblogic.jws.Policy;
import javax.jws.WebService;
@Policies(
{
@Policy(uri = "policy:Wssp1.2-2007-Saml1.1-SenderVouches-Wss1.0.xml"),
@Policy(uri = "policy:Wssp1.2-2007-SignBody.xml"),
@Policy(uri = "policy:Wssp1.2-2007-EncryptBody.xml")
}
)
@WebService
public class EchoService {
public String echo( String hello){
return hello;
}
}
Generating the Web Service Proxy Client
The last step we need to generate a web service proxy client and add the username and the client credentials mappings.
package nl.whitehorses.sts.ws.client;
import java.io.InputStream;
import java.io.ByteArrayInputStream;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.net.URL;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceRef;
import weblogic.security.SSL.TrustManager;
import weblogic.wsee.message.WlMessageContext;
import weblogic.wsee.security.bst.ClientBSTCredentialProvider;
import weblogic.wsee.security.saml.SAMLTrustCredentialProvider;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
public class EchoServicePortClient
{
@WebServiceRef
private static EchoServiceService echoServiceService;
private static String stsUntPolicy =
"<?xml version=\"1.0\"?>\n" +
"<wsp:Policy\n" +
" xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\"\n" +
" xmlns:sp=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702\"\n" +
" >\n" +
" <sp:TransportBinding>\n" +
" <wsp:Policy>\n" +
" <sp:TransportToken>\n" +
" <wsp:Policy>\n" +
" <sp:HttpsToken/>\n" +
" </wsp:Policy>\n" +
" </sp:TransportToken>\n" +
" <sp:AlgorithmSuite>\n" +
" <wsp:Policy>\n" +
" <sp:Basic256/>\n" +
" </wsp:Policy>\n" +
" </sp:AlgorithmSuite>\n" +
" <sp:Layout>\n" +
" <wsp:Policy>\n" +
" <sp:Lax/>\n" +
" </wsp:Policy>\n" +
" </sp:Layout>\n" +
" <sp:IncludeTimestamp/>\n" +
" </wsp:Policy>\n" +
" </sp:TransportBinding>\n" +
" <sp:SupportingTokens>\n" +
" <wsp:Policy>\n" +
" <sp:UsernameToken\n" +
" sp:IncludeToken=\"http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient\">\n" +
" <wsp:Policy>\n" +
" <sp:WssUsernameToken10/>\n" +
" </wsp:Policy>\n" +
" </sp:UsernameToken>\n" +
" </wsp:Policy>\n" +
" </sp:SupportingTokens>\n" +
"</wsp:Policy>";
public static void main(String[] args) {
System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump", "true");
try {
String wsURL = "http://10.10.10.10:7011/saml-ws-context-root/EchoServicePort?WSDL";
echoServiceService = new EchoServiceService( new URL(wsURL)
, new QName("http://ws.sts.whitehorses.nl/", "EchoServiceService"));
EchoService echoService = echoServiceService.getEchoServicePort();
System.setProperty("javax.net.ssl.trustStore", "C:/projecten/workspace/11g_prod/saml1.1_ws/wsttest1/certs/cacerts");
Map<String, Object> requestContext = ((BindingProvider)echoService).getRequestContext();
List<CredentialProvider> credList = new ArrayList<CredentialProvider>();
// Add the necessary credential providers to the list
InputStream policy = new ByteArrayInputStream(stsUntPolicy.getBytes("UTF-8"));
requestContext.put(WlMessageContext.WST_BOOT_STRAP_POLICY, policy );
String stsURL = "https://localhost:7022/sts/StsUntPort";
requestContext.put(WlMessageContext.STS_ENDPOINT_ADDRESS_PROPERTY, stsURL);
requestContext.put(WSSecurityContext.TRUST_MANAGER,
new TrustManager() {
public boolean certificateCallback(X509Certificate[] chain, int validateErr) {
// need to validate if the server cert can be trusted
return true;
}
});
credList.add(new SAMLTrustCredentialProvider());
String username = "Alice";
String password = "weblogic1";
credList.add(new ClientUNTCredentialProvider(username.getBytes(), password.getBytes()));
// ClientBSTCredentialProvider
String defaultClientcert = "C:/projecten/workspace/11g_prod/saml1.1_ws/wsttest1/certs/Alice.cer";
String clientcert = System.getProperty("target.clientcert", defaultClientcert);
String defaultClientkey = "C:/projecten/workspace/11g_prod/saml1.1_ws/wsttest1/certs/Alice.prv";
String clientkey = System.getProperty("target.clientkey", defaultClientkey);
String defaultServerCert = "C:/projecten/workspace/11g_prod/saml1.1_ws/wsttest1/certs/Bob.cer";
String serverCert = System.getProperty("target.serverCert", defaultServerCert);
credList.add(new ClientBSTCredentialProvider(clientcert, clientkey, serverCert));
requestContext.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credList);
// Add your code to call the desired methods.
System.out.println(echoService.echo("Hello"));
} catch (Exception ex) {
ex.printStackTrace();
}
}
}
Categories: Development, Fusion Middleware
WS security in OSB
First we start by adding a standard OSB WS-Policy. Open the WSDL of a proxy service where we add for example the signing policy. We always need to add wsp:UsingPolicy element else OSB won't detect the wanted security policy
<?xml version="1.0" encoding="UTF-8"?>
<definitions targetNamespace="http://saml.ws.whitehorses.nl/"
name="HelloWorldService" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns:tns="http://saml.ws.whitehorses.nl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:UsingPolicy wsdl:Required="true" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"/>
<types>
<xsd:schema>
<xsd:import namespace="http://saml.ws.whitehorses.nl/" schemaLocation="Helloworld.xsd"/>
</xsd:schema>
</types>
Add the Signing policy to a operation or put this in a other part of the WSDL see this url for more information. In this case I can use wsp:Policy with a PolicyReference and the URI is policy:Sign.xml . If you want encryption then you can use policy:Encrypt.xml as URI or use policy:Auth.xml for ws authentication. Off course you can combine policies.
<binding name="HelloWorldServiceSoapHttpPortBinding" type="tns:HelloWorldService">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<operation name="sayHello">
<wsp:Policy>
<wsp:PolicyReference URI="policy:Sign.xml"/>
</wsp:Policy>
You don't have to use the OSB standard policies, you can also add your own ws-policy ( in OSB 10.3 you can only use the policy definition of WLS 9, so don't expect you can make policies which uses the 2005 or 2007 WS-Security standard). Here is a example of a custom policy.
<?xml version="1.0"?>
<wsp:Policy wsu:Id="X509v3"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy"
xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<sp:InitiatorToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:InitiatorToken>
<sp:RecipientToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 />
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:RecipientToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:TripleDesRsa15 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:IncludeTimestamp />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
The value of the wsu:Id attribute if important for the WS policy reference in the WSDL of the proxy service
<binding name="HelloWorldServiceSoapHttpPortBinding" type="tns:HelloWorldService">
<soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document"/>
<operation name="sayHello">
<wsp:Policy>
<wsp:PolicyReference URI="policy:X509v3"/>
</wsp:Policy>
In this case the URI has policy:X509v3 as value
The next step is to make some keystores for WebLogic and OSB. We need to create 509 v3 certificates and import these certificates in a java 1.6 keystore for signing and encryption.
We need to have 509 version 3 certificates because we need the SubjectKeyIdentifier extension. This is only supported in version 3 of 509 and only OpenSSL can generate these certificates.
You can use self signed v3 certificates, for more info see this Glen Mazza's weblog. I'll use a CA.
#first make a CA request
C:\tools\OpenSSL\bin\openssl genrsa -des3 -out C:\projecten\certs2\ca.key 4096 -rand random
#self sign our CA certificate
C:\tools\OpenSSL\bin\\openssl req -new -x509 -days 3650 -config C:\projecten\certs2\ca.conf -key C:\projecten\certs2\ca.key -out C:\projecten\certs2\ca.crt
# make serial.txt file in C:\projecten\certs2\ and add 01 in this file
# make an empty index.txt file in C:\projecten\certs2\
Download the ca.conf which will be used to sign the certificates
# generate a server request and use servername with the domain name as common name CN
c:\tools\openssl\bin\openssl genrsa -des3 -out C:\projecten\certs2\server.key 4096
c:\tools\openssl\bin\openssl req -newkey rsa:1024 -nodes -keyout C:\projecten\certs2\server.key -out C:\projecten\certs2\server.csr -config C:\projecten\certs2\ca.conf
# sign the server request with your CA key
c:\tools\openssl\bin\openssl ca -in C:\projecten\certs2\server.csr -out C:\projecten\certs2\server.pem -keyfile C:\projecten\certs2\ca.key -cert c:\projecten\certs2\ca.crt -config C:\projecten\certs2\ca.conf
# export server
c:\tools\openssl\bin\openssl pkcs12 -export -inkey C:\projecten\certs2\server.key -in C:\projecten\certs2\server.pem -out C:\projecten\certs2\server.p12 -name server
C:\java\jdk160_05\bin\keytool -importkeystore -destkeystore C:\projecten\certs2\keystore.jks -deststorepass welcome -srckeystore C:\projecten\certs2\server.p12 -srcstorepass welcome -srcstoretype pkcs12
C:\java\jdk160_05\bin\keytool -list -keystore C:\projecten\certs2\keystore.jks -storepass welcome
C:\java\jdk160_05\bin\keytool -exportcert -alias server -storepass welcome -keystore C:\projecten\certs2\keystore.jks -file C:\projecten\certs2\server.cer
C:\java\jdk160_05\bin\keytool -printcert -file C:\projecten\certs2\server.cer
# generate client request
c:\tools\openssl\bin\openssl genrsa -des3 -out C:\projecten\certs2\client.key 4096
c:\tools\openssl\bin\openssl req -newkey rsa:1024 -nodes -keyout C:\projecten\certs2\client.key -out C:\projecten\certs2\client.csr -config C:\projecten\certs2\ca.conf
# sign client request
c:\tools\openssl\bin\openssl ca -in C:\projecten\certs2\client.csr -out C:\projecten\certs2\client.pem -keyfile C:\projecten\certs2\ca.key -cert c:\projecten\certs2\ca.crt -config C:\projecten\certs2\ca.conf
# export client
c:\tools\openssl\bin\openssl pkcs12 -export -inkey C:\projecten\certs2\client.key -in C:\projecten\certs2\client.pem -out C:\projecten\certs2\client.p12 -name client
C:\java\jdk160_05\bin\keytool -importkeystore -destkeystore C:\projecten\certs2\keystore.jks -deststorepass welcome -srckeystore C:\projecten\certs2\client.p12 -srcstorepass welcome -srcstoretype pkcs12
C:\java\jdk160_05\bin\keytool -list -keystore C:\projecten\certs2\keystore.jks -storepass welcome
C:\java\jdk160_05\bin\keytool -exportcert -alias client -storepass welcome -keystore C:\projecten\certs2\keystore.jks -file C:\projecten\certs2\client.cer
C:\java\jdk160_05\bin\keytool -printcert -file C:\projecten\certs2\client.cer
# make a truststore with the ca and the public keys
C:\java\jdk160_05\bin\keytool -import -file c:\projecten\certs2\ca.crt -alias ca -trustcacerts -keystore C:\projecten\certs2\trust.jks -storepass welcome -keypass welcome
C:\java\jdk160_05\bin\keytool -import -file C:\projecten\certs2\client.cer -alias client -keystore C:\projecten\certs2\trust.jks -storepass welcome -keypass welcome
C:\java\jdk160_05\bin\keytool -import -file C:\projecten\certs2\server.cer -alias server -keystore C:\projecten\certs2\trust.jks -storepass welcome -keypass welcome
C:\java\jdk160_05\bin\keytool -list -keystore C:\projecten\certs2\trust.jks -storepass welcome
The next step is to configure Weblogic. First we add the new keystores and configure SSL and add a new PKI Credential mapping provider. The PKI Credential mapping provider will be used by OSB for the XMLsignature and encryption. The trust keystore will be used to check if the signer certificate is trusted.
Go to the OSB server in the WLS console
In the keystore tab we will add our keystoresIn the SSL tab we will use the server certificate which has the server + domain name as Common name so Internet explorer won't complain that the certificate and server name does not match.
Select the myrealm Security Realm where we will add a new PKI Credential Mapping provider
In the Providers tab we will create a new PKI Credential Mapping
Select the just created PKI credential mapping and fill the values in the Provider Specific tab. Use the keystore and not the trust keystore for this
We are finished in the Weblogic Console and we can go the OSB console where we have to create a new Service Key provider and configure the Proxy service so it uses this provider.Create a new Service Key provider. This how it looks like in the Workshop but this does not work because eclipse can't retrieve the certificates of the PKI credential mapping provider.
So we have to use the OSB console to add the right certificate for signing and encryption to the Service Key Provider.
Now we see the certificates of the Weblogic PKI Credential mapping. If you don't see this then probably you don't use 509 version 3 certifcates.
The last step is to configure the proxy service. Here we have to disable XOP/MTOM support
And select the Service Key Provider
Now we can test the proxy service by invoking the WS and selecting the Service Key Provider.
With this as result
And this is how the WSDL with signing looks like
That's all.If you want to use OSB 10.3 security with Soa Suite 11g R1 then you should read this 11g documentation, This explains how to change the OSB encrypt and sign policy so it works with FMW 11g.
Categories: Development, Fusion Middleware
JMS Request Reply Interaction Pattern in Soa Suite 11g
Asynchronous Request / Reply
First we start with a simple Asychronous request and reply JMS adapter. Add a JMS adapter to the references site of the composite.
Choose Request/ Reply and off course asynchronous
Select a request queue ( need to create this in the wls console ) and provide the jndi name of jms resource adapter ( define this in the jms resource adapter ) . Very important use a xa transacted jms connection factory in the jms resource adapter and leave the rest as default.
In the Reply we provide the response queue and use the same jms resource adapter jndi name of the request
Provide the request and response element.
With this as result.
Now we can use this jms adapter in a asynchronous Mediator or in a synchronous BPEL process.First we start with the mediator. Add a Mediator with the same input and output as the jms adapter
Wire the JMS adapter to this Mediator so we can define the routing rules.
With this as result.
Because this asynchronous service is hard to test, so I will also make a synchronous BPEL process which calls this asynchronous jms adapter with a invoke and receive activity.Add a BPEL process with the same input and output as the jms adapter
Here an overview of the BPEL process with the invoke and receive activity
Picture of my test composite
For testing we need to transfer the jms message from the request queue to the reply queue. So I add a mediator with a consume and produce jms adapter.
Very important, we need to assign the message id of the jms message to the correlation id of the reply jms message. Do this in the assign of the routing rule.
Last thing is to test the BPEL process in the enterprise manager
With this as result.
Synchronous Request / ReplyThe synchronous request reply jms adapter works a bit different then asynchronous.
In step 6 we now select synchronous
In step 7 we can provide the request and reply queue. But very important we to provide the jndi name of a jms resource adapter which has transacted on true and use a jms connection factory which is not xa transacted.
With synchronous jms adapter I had to switch the request and response element. Very strange ( is it a bug ).This synchronous jms message is a bit different, this message has the JCA_JMSReplyTo field which contains the reply queue name.
Now for testing we also need to add an extra mediator with reads the request queue , set the correlation id and put the message in the reply queue.Add a synchronous mediator and wire to the synchronous jms adapter, complete the routing rule and finally test this in the enterprise manager.
Categories: Development, Fusion Middleware
Oracle OpenWorld 2009 Fusion middleware highlights
Here is my quick overview of the features and products I noticed at OOW.
ADF
- Oracle improved the ADF Event mechanism, so the Task Flow fragment regions can communicate much better, You can define the event on a JSF item and not manually in the pagedef, define your own payload. For example in an ADF tree with employees and departments you can send an event when the user select an item in the tree and this number will be passed on to the right task flow. And you even can fire events with drag and drop. For more info buy the coming book of Frank Nimphius, he wrote a whole chapter about this subject.
- ADS active data services pushing the data to the page, Frank N. and Matthias W. made a great demo
- Maybe Maven support.
- Better EJB support in ADF
ADF Mobile
Build your web application just like a normal ADF web application on deploy this on weblogic server. These mobile jsf pages which work on every phone in the native look of the phone, the so called the browser version. With mobile you can also build native applications for blackberry and windows mobile ( just make the right deployment profile ) and this will work with the black berry and windows mobile services and these services will sync with the oracle lite server. So this technology makes it possible to make an offline ADF application, when there are enough customers who wants this feature then Oracle will build this. ADF mobile is now only supported with ADF BC and the next versions will have also have web services support.
For more info see the Amis blog
Soa Suite 11G
-The soa suite is becoming more and more complete, the next version will have a spring context component, this component is in this version only available as technical preview. But this is a good start and there are talks about supporting C code in the composite.
- EDN Event Delivery Network now only works with AQ but there will be also a JMS implementation.
For more info see the blog of Torsten and Hajo
BPM 11G
In one of the hands-on sessions we could play with BPM 11g and it is really great. You can now use JDeveloper to configure it and BPM is an composite component in the Soa Suite. So you can take a look or change it at the BPM level or go to the composite level. BPM uses the human task flows components of the soa suite for the human interaction, Next we can import this human task in jdeveloper to create an task flow which can be deployed in the worklist application. And BPM introduces the BPM composer which is a web application ( don't need jdeveloper ) where you can change your process. Oracle thinks to release it early 2010.
Categories: Development, Fusion Middleware
Continuous build with Soa Suite 11g and Hudson
So the last step is to combine the test suite feature and the ant scripts of mine and Oracle so we can use it in a continuous build system. I will use Hudson for this.
We start by downloading the lastest hudson war.
Start hudson by setting the java home and path
set JAVA_HOME=c:\java\jdk160_05
set PATH=%JAVA_HOME%\bin;%PATH
java -jar hudson.war
this will start Hudson and open a browser and go to http://localhost:8080.
First we install Hudson as a windows service. Just provide the location. I will use c:\java\hudson
This will restart hudson. Now we can configure Hudson
Provide the ant and java location of the jdeveloper 11g R1 home.
Put the soa projects and ant scripts in subversion, so Hudson can check this out
This is how it looks. Very important my ant scripts need this folder paths.
Now we can create a new job.
Configure this new job. We start by adding the svn url.
Then add the ant script ( build.xml ) and fill the target ( deployAll) and for the oracle ant scripts we need to set the basedir java parameter to the jdeveloper bin folder.
And provide the location where Hudson can find the junit xml files.
Now we have to add ant-contrib-1.0XXXX.jar the to the jdeveloper\ant\lib folder and add a environment variable to the ant.bat
set CURRENT_FOLDER=%CD%
I need this for the ant scripts so I can use relative paths.
Let's press build now and look at the result. My example composite application contains two tests, in my case they are both succesfull.
Look at the test.
And the performance.
That's all. This will save you a lot of testing time and off course Hudson can blame the person who checked in as last.Here is my test project and ant scripts
Categories: Development, Fusion Middleware
Deploy Soa Suite 11g composite applications with Ant scripts
For more info over ant deployment see the official deployment documentation .
The official ant scripts are located in the jdeverloper\bin folder. Here is a summary what are and can do
- ant-sca-test.xml, This script can start the test suites of the composite and generates a juinit report and not Attaches, extracts, generates, and validates configuration plans for a SOA composite application, The official documentation description is not correct.
- ant-sca-compile.xml, Compiles a SOA composite application ,this script is also called in the package scrip, so we don't need to call this directly.
- ant-sca-package.xml, Packages a SOA composite application into a composite SAR file and also validates and build the composite application.
- ant-sca-deploy.xml, Deploys a SOA composite application.
- ant-sca-mgmt.xml, Manages a SOA composite application, including starting, stopping, activating, retiring, assigning a default revision version, and listing deployed SOA composite applications.
Here is the main build.properties where you have to define the jdeveloper and your application home, which composite applications you want to deploy and to which environment dev or acc.
# global
wn.bea.home=C:/oracle/MiddlewareJdev11gR1
oracle.home=${wn.bea.home}/jdeveloper
java.passed.home=${wn.bea.home}/jdk160_11
wl_home=${wn.bea.home}/wlserver_10.3
# temp
tmp.output.dir=c:/temp
applications.home=C:/projecten/workspace/11g_prod
applications=HelloWorld,SoaEjbReference
deployment.plan.environment=dev
# dev deployment server weblogic
dev.serverURL=http://laptopedwin:8001
dev.overwrite=true
dev.user=weblogic
dev.password=weblogic1
dev.forceDefault=true
# acceptance deployment server weblogic
acc.serverURL=http://laptopedwin:8001
acc.overwrite=true
acc.user=weblogic
acc.password=weblogic1
acc.forceDefault=true
Every application can have one or more soa projects so the main ant script will load the application properties file which contains all the project with its revision number.
Here is a example of SoaEjbReference.properties file
projects=SoaEjb,SoaEjb2
SoaEjb.revision=1.0
SoaEjb2.revision=1.1
Because in my example I have two soa environments so I need to create two configuration plans. With this plan ( which look the wls plan ) can change the url of endpoints so it matches with the environment.
Select the composite application xml and generate a configuration plan.
Add the dev or acc extension to the file name.
Here you see how the plan looks like.
And here is the main ant build script which can do it all and calls the Oracle Ant scripts.
<?xml version="1.0" encoding="iso-8859-1"?>
<project name="soaDeployAll" default="deployAll">
<property file="build.properties"/>
<property environment="env"/>
<taskdef resource="net/sf/antcontrib/antcontrib.properties"/>
<import file="${basedir}/ant-sca-deploy.xml"/>
<import file="${basedir}/ant-sca-package.xml"/>
<import file="${basedir}/ant-sca-test.xml"/>
<target name="deployAll">
<foreach list="${applications}" param="application" target="deployApplication" inheritall="true" inheritrefs="false"/>
</target>
<target name="deployApplication">
<echo>deploy application ${application}</echo>
<property file="${application}.properties"/>
<foreach list="${projects}" param="project" target="deployProject" inheritall="true" inheritrefs="false"/>
</target>
<target name="deployProject">
<echo>deploy project ${project} for environment ${deployment.plan.environment}</echo>
<property name="proj.compositeName" value="${project}"/>
<property name="proj.compositeDir" value="${applications.home}/${application}"/>
<propertycopy name="proj.revision" from="${project}.revision"/>
<echo>deploy compositeName ${proj.compositeName}</echo>
<echo>deploy compositeDir ${proj.compositeDir}</echo>
<antcall target="package" inheritall="false">
<param name="compositeDir" value="${proj.compositeDir}/${project}"/>
<param name="compositeName" value="${proj.compositeName}"/>
<param name="revision" value="${proj.revision}"/>
<param name="oracle.home" value="${oracle.home}"/>
<param name="java.passed.home" value="${java.passed.home}"/>
<param name="wl_home" value="${wl_home}"/>
<param name="sca.application.home" value="${proj.compositeDir}"/>
<param name="scac.application.home" value="${proj.compositeDir}"/>
<param name="scac.input" value="${proj.compositeDir}/${proj.compositeName}/composite.xml"/>
<param name="scac.output" value="${tmp.output.dir}/${proj.compositeName}.xml"/>
<param name="scac.error" value="${tmp.output.dir}/${proj.compositeName}.err"/>
<param name="scac.displayLevel" value="3"/>
</antcall>
<property name="deploy.sarLocation" value="${proj.compositeDir}/${proj.compositeName}/deploy/sca_${proj.compositeName}_rev${proj.revision}.jar"/>
<property name="deploy.configplan" value="${proj.compositeDir}/${proj.compositeName}/${proj.compositeName}_cfgplan_${deployment.plan.environment}.xml"/>
<propertycopy name="deploy.serverURL" from="${deployment.plan.environment}.serverURL"/>
<propertycopy name="deploy.overwrite" from="${deployment.plan.environment}.overwrite"/>
<propertycopy name="deploy.user" from="${deployment.plan.environment}.user"/>
<propertycopy name="deploy.password" from="${deployment.plan.environment}.password"/>
<propertycopy name="deploy.forceDefault" from="${deployment.plan.environment}.forceDefault"/>
<echo>deploy on ${deploy.serverURL} with user ${deploy.user}</echo>
<echo>deploy sarFile ${deploy.sarLocation}</echo>
<antcall target="deploy" inheritall="false">
<param name="wl_home" value="${wl_home}"/>
<param name="oracle.home" value="${oracle.home}"/>
<param name="serverURL" value="${deploy.serverURL}"/>
<param name="user" value="${deploy.user}"/>
<param name="password" value="${deploy.password}"/>
<param name="overwrite" value="${deploy.overwrite}"/>
<param name="forceDefault" value="${deploy.forceDefault}"/>
<param name="sarLocation" value="${deploy.sarLocation}"/>
<param name="configplan" value="${deploy.configplan}"/>
</antcall>
<antcall target="test" inheritall="false">
<param name="scatest.input" value="${project}"/>
<param name="scatest.format" value="junit"/>
<param name="scatest.result" value="${tmp.output.dir}"/>
<param name="jndi.properties.input" value="${deployment.plan.environment}.jndi.properties"/>
</antcall>
</target>
</project>
And finally the cmd script to run this ant script. To make this work we need the ant-contrib libray and put this in the classpath.
set ORACLE_HOME=C:\oracle\MiddlewareJdev11gR1
set ANT_HOME=%ORACLE_HOME%\jdeveloper\ant
set PATH=%ANT_HOME%\bin;%PATH%
set JAVA_HOME=%ORACLE_HOME%\jdk160_11
set ANT_CONTRIB=ant-contrib-1.0b3.jar
set CLASSPATH=%CLASSPATH%;%ANT_CONTRIB%
ant -f build.xml deployAll
Here is the zip with all the files and extract this and put this all in the jdeveloper/bin folder.
Categories: Development, Fusion Middleware
Job scheduling in Weblogic
The scheduling is done with the help of the CommonJ API which is standard in Weblogic. This example works perfectly in a managed node but if you want to do the same in a Weblogic Cluster then you should not read this blog and go the James Bayer's blog . And for more information about Timer API see the official Weblogic documentation.
Very important, this job scheduling only works within in a web application.
First we start by adding the TimerManager to the web.xml
<resource-ref>
<res-ref-name>tm/TimerManager</res-ref-name>
<res-type>commonj.timers.TimerManager</res-type>
<res-auth>Container</res-auth>
<res-sharing-scope>Unshareable</res-sharing-scope>
</resource-ref>
</web-app>
Now we done this we can add a servlet which start this TimerManager and its jobs. Important that the servlet is automatically started when the webapp is started.
<servlet>
<display-name>timer</display-name>
<servlet-name>timer</servlet-name>
<servlet-class>nl.whitehorses.wls.schedular.TimerServlet</servlet-class>
<load-on-startup>100</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>timer</servlet-name>
<url-pattern>/timer</url-pattern>
</servlet-mapping>
Then the servlet code which start the TimeManager and the two example batches. In this example the job is started again when it is finished after 30 seconds. If you want to do this at a specific time then use scheduleAtFixedRate
package nl.whitehorses.wls.schedular;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import commonj.timers.*;
/**
* TimerServlet demonstrates a simple use of commonj timers
*/
public class TimerServlet extends HttpServlet {
public void init(ServletConfig config) throws ServletException {
super.init(config);
System.out.println("timer servlet is initialized ");
try {
InitialContext ic = new InitialContext();
TimerManager tm = (TimerManager)ic.lookup("java:comp/env/tm/TimerManager");
Timer batchRun1Timer = null;
Boolean batchRun1TimerIsRunning = false;
Timer batchRun2Timer = null;
Boolean batchRun2TimerIsRunning = false;
// Execute timer every 30 seconds starting immediately
batchRun1Timer = tm.schedule(new Batch1(), 0, 30 * 1000);
batchRun1TimerIsRunning = true;
batchRun2Timer = tm.schedule(new Batch2(), 0, 30 * 1000);
batchRun2TimerIsRunning = true;
config.getServletContext().setAttribute("batch1",batchRun1Timer);
config.getServletContext().setAttribute("batch2",batchRun2Timer);
config.getServletContext().setAttribute("batch1Running",batchRun1TimerIsRunning);
config.getServletContext().setAttribute("batch2Running",batchRun2TimerIsRunning);
} catch (NamingException ne) {
ne.printStackTrace();
}
}
public void service(HttpServletRequest req, HttpServletResponse res) throws IOException {
res.setContentType("text/html");
PrintWriter out = res.getWriter();
out.println("Timer servlet is working!");
}
}
Here is an example of a batch job. The timerExpired method is fired every time when the job time has passed. Here you can put in your own code and when the job is canceled then the TimerCancel method is fired.
package nl.whitehorses.wls.schedular;
import commonj.timers.*;
import java.io.Serializable;
public class Batch1 implements Serializable, TimerListener, CancelTimerListener {
public void timerExpired(Timer timer) {
System.out.println("Batch1 timer expired called on " + timer);
}
public void timerCancel(Timer timer) {
System.out.println("Batch1 timer cancelled called on " + timer);
}
}
And finally the JSF page with its backing bean to control the jobs.
<?xml version='1.0' encoding='windows-1252'?>
<jsp:root xmlns:jsp="http://java.sun.com/JSP/Page" version="2.1"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:af="http://xmlns.oracle.com/adf/faces/rich">
<jsp:directive.page contentType="text/html;charset=windows-1252"/>
<f:view>
<af:document id="d1">
<af:form id="f1">
<af:panelHeader text="Timers" id="ph1">
<af:panelFormLayout id="pfl1">
<af:panelGroupLayout id="pgl6" layout="horizontal">
<af:panelGroupLayout id="pgl8" layout="vertical">
<af:poll id="poll1">
<af:panelGroupLayout id="pgl5" layout="vertical">
<af:outputLabel value="#{TimerBean.tmStatus}" id="ol4"
partialTriggers="poll1"/>
<af:outputLabel value="#{TimerBean.batch1Status}" id="o22"
partialTriggers="poll1"/>
<af:outputLabel value="#{TimerBean.batch2Status}" id="o23"
partialTriggers="poll1"/>
</af:panelGroupLayout>
</af:poll>
</af:panelGroupLayout>
<af:panelGroupLayout id="pgl7" layout="vertical">
<af:commandButton text="Time Manager On / Off" id="cb1"
actionListener="#{TimerBean.timerManager}"/>
<af:commandButton text="Batch 1 On / Off" id="cb2"
actionListener="#{TimerBean.Batch1}"/>
<af:commandButton text="Batch 2 On / Off" id="cb3"
actionListener="#{TimerBean.Batch2}"/>
</af:panelGroupLayout>
</af:panelGroupLayout>
</af:panelFormLayout>
</af:panelHeader>
</af:form>
</af:document>
</f:view>
</jsp:root>
package nl.whitehorses.wls.backing;
import commonj.timers.Timer;
import commonj.timers.TimerManager;
import javax.faces.event.ActionEvent;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import nl.whitehorses.wls.schedular.Batch1;
import nl.whitehorses.wls.schedular.Batch2;
import javax.faces.context.FacesContext;
import javax.servlet.ServletContext;
public class TimerBean {
private InitialContext ic = null;
private TimerManager tm = null;
private Timer batchRun1Timer = null;
public Boolean batchRun1TimerIsRunning = false;
private Timer batchRun2Timer = null;
public Boolean batchRun2TimerIsRunning = false;
public TimerBean() {
try {
ic = new InitialContext();
tm = (TimerManager)ic.lookup("java:comp/env/tm/TimerManager");
FacesContext ctx = FacesContext.getCurrentInstance();
ServletContext servletContext = (ServletContext) ctx.getExternalContext().getContext();
batchRun1Timer = (Timer)servletContext.getAttribute("batch1");
batchRun2Timer = (Timer)servletContext.getAttribute("batch2");
batchRun1TimerIsRunning = (Boolean)servletContext.getAttribute("batch1Running");
batchRun2TimerIsRunning = (Boolean)servletContext.getAttribute("batch2Running");
System.out.println("init end");
} catch (NamingException e) {
e.printStackTrace();
}
}
public void timerManager(ActionEvent actionEvent) {
// Add event code here...
if ( tm.isSuspended() ) {
tm.resume();
} else {
tm.suspend();
}
}
public void Batch1(ActionEvent actionEvent) {
// Add event code here...
if ( batchRun1TimerIsRunning ) {
batchRun1Timer.cancel();
batchRun1TimerIsRunning = false;
} else {
batchRun1Timer = tm.schedule(new Batch1(), 0, 10 * 1000);
batchRun1TimerIsRunning = true;
}
}
public void Batch2(ActionEvent actionEvent) {
// Add event code here...
if ( batchRun2TimerIsRunning ) {
batchRun2Timer.cancel();
batchRun2TimerIsRunning = false;
} else {
batchRun2Timer = tm.schedule(new Batch2(), 0, 10 * 1000);
batchRun2TimerIsRunning = true;
}
}
public String getTmStatus () {
if ( tm.isSuspended() ) {
return "TimerManager is stopped";
} else {
return "TimerManager is running";
}
}
public String getBatch1Status () {
Long time = batchRun1Timer.getScheduledExecutionTime();
java.util.Date date = new java.util.Date(time);
if ( batchRun1TimerIsRunning ) {
return "Batch1 scheduled time "+date.toString();
} {
return "Batch1 stopped";
}
}
public String getBatch2Status () {
Long time = batchRun2Timer.getScheduledExecutionTime();
java.util.Date date = new java.util.Date(time);
if ( batchRun2TimerIsRunning ) {
return "Batch2 scheduled time "+date.toString();
} {
return "Batch2 stopped";
}
}
public Timer getBatchRun1Timer(){
return batchRun1Timer;
}
public void setBatchRun1Timer(Timer batchRun1Timer ){
this.batchRun1Timer = batchRun1Timer;
}
public Timer getBatchRun2Timer(){
return batchRun2Timer;
}
public void setBatchRun2timer(Timer batchRun2Timer ){
this.batchRun2Timer = batchRun2Timer;
}
}
Here is the example workspace.
Categories: Development, Fusion Middleware
WSM in Fusion Middleware 11G
In FMW 11G you can also define your own ws-security policies ( just use a wizard in the EM website) or use the standard policies, So it can always comply to your security requirements.
In this blog entry I will show you how to setup FMW on Weblogic and define security on a BPEL service, call this service with an ADF Web Service Datacontol and a java web service proxy client.
Special thanks to Vishal Jain of Oracle who helped to solve the issues and explained how WSM works with keystores.
First we need to generate a keystore with a self signed certificate. Somehow certificates with generated with OpenSSL fails in FMW.
keytool -genkey -keyalg RSA -keystore C:\test_keystore.jks -storepass password -alias client_key -keypass password -dname "CN=Client, OU=WEB AGE, C=US" -keysize 1024 -validity 1460
Now here comes the trick , copy this keystore to fmwconfig folder ( domain_name/config ) of the soa suite domain
Go the Enterprise Manager Website where we can configure the just created keystore. We have to select the weblogic domain and go to the security menu / credentials.
Here we can change maps or passwords which will be stored in the cwallet.sso file. If you see the oracle.wsm.security map then you can delete this map. This map contains the keystore password.
Go the Security Provider Configuration menu item in the security menu where we will add the keystore to FMW
Press the Configure button in the keystore part of the screen.
Here we can add the keystore details. Use ./ as keystore path. This will fill the oracle.wsm.security map in the credentials menu.
Go back to the Credentials where we will add an extra entry in the wsm map. Create a new key basic.credentials with as username weblogic and with password weblogic1
Restart the Weblogic server.
Next part is to add a wsm policy to a BPEL Service.
Select the server policy you like to use and deploy this to the soa suite server.
Now we can make a jax-ws proxy client so we can test the policy. In this client we will use the matching client policy. If this fails check your libraries.
package nl.whitehorses.wsclient;
import java.util.Map;
import javax.xml.ws.BindingProvider;
import javax.xml.ws.WebServiceRef;
import oracle.webservices.ClientConstants;
import weblogic.wsee.jws.jaxws.owsm.SecurityPolicyFeature;
public class BPELProcess1_ptClient
{
@WebServiceRef
private static Bpelprocess1_client_ep bpelprocess1_client_ep;
public static void main(String [] args)
{
bpelprocess1_client_ep = new Bpelprocess1_client_ep();
SecurityPolicyFeature[] securityFeature = new SecurityPolicyFeature[] {
new SecurityPolicyFeature("oracle/wss10_message_protection_client_policy") };
BPELProcess1 port = bpelprocess1_client_ep.getBPELProcess1_pt(securityFeature);
Map reqContext = ((BindingProvider) port).getRequestContext();
reqContext.put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS");
reqContext.put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "C:\\test_keystore.jks");
reqContext.put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "password");
reqContext.put(ClientConstants.WSSEC_SIG_KEY_ALIAS, "client_key");
reqContext.put(ClientConstants.WSSEC_SIG_KEY_PASSWORD, "password");
reqContext.put(ClientConstants.WSSEC_ENC_KEY_ALIAS, "client_key");
reqContext.put(ClientConstants.WSSEC_ENC_KEY_PASSWORD, "password");
reqContext.put(ClientConstants.WSSEC_RECIPIENT_KEY_ALIAS, "client_key");
System.out.println("output = " + port.process("aaaa"));
}
}
If all went well then we can do same with a ADF Web Service Datacontrol.
To add the client policy select the DataControls.dcx and go to the structure window.
Here we can define web service security
Select the right client policy and in this case we need to override properties, press the button and fill in the recipient with your key alias. Else you will get a orakey error.
And at last deploy this webapplication with a ear profile to the Soa Suite server and test your webapp.
Categories: Development, Fusion Middleware
SSO with WebLogic 10.3.1 and SAML2
First we start with the SAML2 Identity Provider, in SAML1.1 this is called the source site. Because we can't do anything in the federation tab of the serve, we need to create a Credential Mapping Provider ( go to myrealm security, Providers , Credential Mappings. )
and choose the SAML2 credential mapping.
Fill the provider specific details and use the demoidentity keystore ( this is default)
Now we can go the Federation Services tab of the server configuration and create a SAML2 profile for this server, We need to save this to a file and import this later in the other SAML2 Service Providers.The published site url is very important , choose url of this server , use http or https and add saml2 to this url. SAML needs this url to communicate with the other SAML services.
Second part of the SAML2 profile
Save this profile to a xml
Go the Identity provider tab and fill in these fields
Go to the second Weblogic server, this is called the Service provider or in SAML1.1 the destination. Here we need to create a new SAML2 Authentication provider ( Go to the myrealm Security realm , Providers and then Authentication ) 
Now we done this we can go the Federation Services Tab of this weblogic server and fill in this SAML2 profile. The published url is very important and it must match with the server url and have to end with saml2
Second part of this SAML profile
Save this metadata to a xml. This needs to be imported in the Credential Mapping Provider of the Identity Provider ( the first weblogic server).
Next step is to go the SAML2 Service Provider tab.
Go back to the SAML2 authentication provider where we will import the identity provider metadata xml.
Select the identity metadata xml.
You have to enable this and most important, fill in all the url's of your applications who needs SAML authentication.
Now we do the same for metadata xml of the service provider, We need to import this in the Credential Mapper provider of the Identity Provider
Select the Service Provider metadata xml
enable this Service Provider.
That's allIn this example I use http but it shoud also work with https and when it fails, please check your url's , don't mix localhost or pc name. Same for the domain name.
For more debug information in your server.log and set these java parameters in your setDomainEnv
set EXTRA_JAVA_PROPERTIES=-Dweblogic.debug.DebugSecuritySAMLAtn=true -Dweblogic.debug.DebugSecuritySAMLLib=true -Dweblogic.debug.DebugSecuritySAML2Service=true -Dweblogic.debug.DebugSecuritySAML2CredMap=true -Dweblogic.debug.DebugSecuritySAML2Atn=true %EXTRA_JAVA_PROPERTIES%
Categories: Development, Fusion Middleware