4 RIB Cloud Support

In order to support cloud deployment (including hybrid cloud), RIB is enhanced with the addition of two web services. These are injector and publisher web services that allows retail applications to communicate with other applications.

Applications can invoke the new web services to send and receive messages to/from other applications via RIB using SOAP or REST style of webservices. Client applications must use credentials of a user in group ribAdminGroup to call the publisher web service. For consuming messages (using the injector service) applications must create a user in group IntegrationGroup on the server where the retail application is deployed. The rib-<app> must be configured with the same user credentials at install time, so that RIB can call the injector service with the correct credentials.

Following example shows how to configure a hybrid scenario in which SIM is on-premise and RIB is on-cloud.

Configuration for SOAP webservices call:

• In the rib-deployment-env-info.xml file, configure SIM app to be of type "soap-app". Under <app-in-scope-for-integration> change SIM from javaee-app to soap-app:

  <app id="sim" type="soap-app" />
  

• Replace the existing rib-app section for rib-sim with a copy of the rib-app section for rib-sim (as soap-app). Edit the properties as per rib-sim. Here's an example:

  <rib-app id="rib-sim" type="soap-app">
           <deploy-in refid="rib-sim-wls1" />
           <rib-admin-gui>
              <web-app-url>http://ribhost.example.com:19206/rib-sim-appserver-gui/index.jsp</web-app-url>
              <web-app-user-alias>rib-sim_rib-admin-gui_admin-user-name-alias</web-app-user-alias>
              <web-app-user-alias>rib-sim_rib-admin-gui_operator-user-name-alias</web-app-user-alias>
              <web-app-user-alias>rib-sim_rib-admin-gui_monitor-user-name-alias</web-app-user-alias>
           </rib-admin-gui>
           <error-hospital-database>
              <hosp-url>jdbc:oracle:thin:@simhost.example.com:1521/pdborcl</hosp-url>
              <hosp-user-alias>rib-sim_error-hospital-database_user-name-alias</hosp-user-alias>
           </error-hospital-database>
           <app-database-not-applicable />
           <notifications>
              <email>
                 <email-server-host>mail.example.com</email-server-host>
                 <email-server-port>25</email-server-port>
                 <from-address>admin@example.com</from-address>
                 <to-address-list>admin@example.com</to-address-list>
              </email>
              <jmx />
           </notifications>
           <app id="sim" type="soap-app">
              <end-point>
                 <url>http://simhost.example.com:9001/ApplicationMessageInjectorBean/InjectorService</url>
                <!-- Supported security policy names =policyC (default) OR policyA'
                 <ws-policy-name>policyC</ws-policy-name>
                 <user-alias>rib-sim_ws_security_user-name-alias</user-alias>
              </end-point>
           </app>
        </rib-app>
  

• Make sure the rib-sim_ws_security_user-name-alias user is a member of the IntegrationGroup in the SIM WebLogic domain. Make sure the SIM services are up and running and can be called via SOAP UI using the credentials that will be entered during RIB compilation.

• Compile and deploy RIB.

The following example shows how to configure a hybrid scenario in which ROB (rest application) is on-premise and RIB is on-cloud.

Configuration for REST webservices call:

• In the rib-deployment-env-info.xml file, ROB is configured to be of type "rest-app". Under <app-in-scope-for-integration> ROB is set as rest-app:

  <app id="rob" type="rest-app" />

• Edit the existing rib-app section for rib-rob (as rest-app). Edit the properties as per rib-rob configuration. Here's an example:

  <rib-app id="rib-rob" type="rest-app">
           <deploy-in refid="rib-rob-wls1" />
           <rib-admin-gui>
              <web-app-url>http://ribhost.example.com:19109/rib-rob-appserver-gui/index.jsp</web-app-url>
              <web-app-user-alias>rib-rob_rib-admin-gui_admin-user-name-alias</web-app-user-alias>
              <web-app-user-alias>rib-rob_rib-admin-gui_operator-user-name-alias</web-app-user-alias>
              <web-app-user-alias>rib-rob_rib-admin-gui_monitor-user-name-alias</web-app-user-alias>
           </rib-admin-gui>
           <error-hospital-database>
              <hosp-url>jdbc:oracle:thin:@robhost.example.com:1521/pdborcl</hosp-url>
              <hosp-user-alias>rib-rob_error-hospital-database_user-name-alias</hosp-user-alias>
           </error-hospital-database>
           <app-database-not-applicable />
           <notifications>
              <email>
                 <email-server-host>mail.example.com</email-server-host>
                 <email-server-port>25</email-server-port>
                 <from-address>admin@example.com</from-address>
                 <to-address-list>admin@example.com</to-address-list>
              </email>
              <jmx />
           </notifications>
           <app id="rob" type="rest-app">
              <end-point>
                 <url>http://robhost.example.com:9001/rib-injector-services-web/resources/injector/inject</url>
                 <!-- Supported security policy names =policyC (default) OR policyA OR policyB -->
                 <ws-policy-name>policyC</ws-policy-name>
                 <user-alias>rib-rob_ws_security_user-name-alias</user-alias>
              </end-point>
           </app>
                </rib-app>
  

• Make rib-rob_ws_security_user-name-alias user is a member of the IntegrationGroup in the ROB WebLogic domain. Make sure the ROB rest services are up and running and can be called via SOAP UI using the credentials that will be entered during RIB compilation

• Compile and deploy RIB.

IDCS OAuth2 in RIB

RIB uses IDCS OAuth2 for authentication of ReST calls both inbound and out-bound(publisher/injector restful services). Although, the basicAuth will also be supported to maintain backward compatibility and to support on-prem requirements, primary authentication mechanism in the cloud would be OAuth2 using IDCS authenticator. Out of the box configuration would expect OAuth2 to be used.

Installer/ rib-home changes to support IDCS OAuth2

1. rib-deployment-env-info.xml has OPTIONAL elements to capture the oauth2 configuration.

   Below is the snapshot of new rib-deployment-env-info.xml for app type "rest-app" such as rib-rms, rib-rob.

   
   

2. If "oauth2-authorization-server-url" exists , this will be treated as OAuth2 setup and only then rib-app-builder prompt user to key in the ClientId/ClientSecret mapped to the ali-as <app-name>_oauth2_application_client_user-name-alias.

3. IDCS token URL will be written to the rib-system.properties at compile time with this format

   oauth2.authorization.server.token.url=https://idcs-c3bb6417e4904132beebfa6c440fcce4.identity.c9dev1.oc9qadev.com/oauth2/v1/token

   This URL will be available for post install update using admin GUI. Steps - RIB Admin GUI > Manage Configurations > System Options

   At run time, both plsql/java rest injector services (rib-rms master-plsql-app and rib-rob) will use the above property to make the call to IDCS to get the token and use in subsequent inject calls.