| Oracle® Retail Integration Bus Cloud Service Service-Oriented Architecture Enabler Tool Guide Release 19.1.000 F31993-01 |
|
 Previous |
 Next |
| Oracle® Retail Integration Bus Cloud Service Service-Oriented Architecture Enabler Tool Guide Release 19.1.000 F31993-01 |
|
Previous |
Next |
There are numerous ways to build or implement secured service to protect the SOA infrastructure against attack. Standards allow policies to be applied to SOA, thus allowing controlled usage and monitoring and provide security ramifications in enterprise integration. Standards such as WS-Security, SAML, WS-Trust, WS-Secure Conversation and WS-SecurityPolicy focus on the security and identity management aspects of SOA implementations that use web services.
The WS-* architecture is a set of standards-based protocols designed to secure Web service communication. WebLogic Web services use WS-Policy files to enable a destination endpoint to describe and advertise its Web service reliable messaging capabilities and requirements. The WS-Policy specification provides a general purpose model and syntax to describe and communicate the policies of a Web service.
These WS-Policy files are XML files that describe features such as the version of the supported WS-ReliableMessaging specification, the source endpoint's retransmission interval, the destination endpoint's acknowledgment interval, and so on.
The web services exposed by Oracle retail applications are used as service providers in Retail Service Backbone (RSB) architecture. Please refer to RSB documentation for more details about RSB architecture. The Oracle Retail application services are used as edge application services in RSB and they are consumed by Web services through the OSB 12.2.1.4.0 layer. When used with RSB, the Oracle Retail application services are not consumed directly, instead the consumers invoke OSB 12.2.1.4.0 services which in turn invoke the Oracle retail application services. Due to these requirements, Oracle Retail application services need to be secured with WebLogic Web service polices, which are interoperable with OWSM policies. Following is the list of WebLogic Web service policies that are currently supported for securing application services.
Username token over SSL: The following WebLogic policy is used for username token over SSL, it is also referred to as PolicyA in RSB documentation:
Wssp1.2-2007-Https-UsernameToken-Plain.xml:
Username token with Message Protection: Following is the set of policies which are used to secure services with username token and message protection. This is also referred to as PolicyB in RSB documentation:
Wssp1.2-2007-Wss1.1-UsernameToken-Plain-EncryptedKey-Basic128.xml
Wssp1.2-2007-SignBody.xml
Wssp1.2-2007-EncryptBody.xml
This document doesn't go into the detailed steps for securing Web services. The detailed step-by-step instructions are provided in RSB Security Guide. Refer to that document for more details.
Web services can be invoked from Java clients as well as PL/SQL clients. This section describes the configuration for invoking a secured Web service from both clients.
Client code for calling Web services can be generated using the Java consumer option of the retail-soa-enabler-gui-<version> tool. The generated zip file contains all the jar files required for the classpath of the application that calls the Web service. To run the client, follow the steps required to run Java consumer.
The following is sample code for calling a secured Web service.
|
Note: The code below is sample code for invoking the PayTerm service. When you generate Java consumer for a Web service, the generated jar file will contain classes specific to that Web service. Use the appropriate classes in the client code. Service namespace and WSDL location also should be changed appropriately. |
package com.oracle.retail.rms.client;
import java.net.URL;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import javax.xml.ws.BindingProvider;
import com.oracle.retail.integration.base.bo.paytermdesc.v1.PayTermDesc;
import com.oracle.retail.integration.base.bo.paytermref.v1.PayTermRef;
import com.oracle.retail.rms.integration.services.paytermservice.v1.PayTermPortType;
import com.oracle.retail.rms.integration.services.paytermservice.v1.PayTermService;
import weblogic.wsee.security.unt.ClientUNTCredentialProvider;
import weblogic.xml.crypto.wss.WSSecurityContext;
import weblogic.xml.crypto.wss.provider.CredentialProvider;
import junit.framework.TestCase;
public class PayTermClient extends TestCase{
public void testFindPayTerm(){
try{
//qName is namespace of the service
QName qName = new QName("http://www.oracle.com/retail/rms/integration/services/PayTermService/v1","PayTermService");
// url is the URL of the WSDL of the web service
URL url = new URL("http://example.com:7001/PayTermBean/PayTermService?WSDL");
//create an instance of the web service
PayTermService service = new PayTermService(url,qName);
PayTermPortType port = service.getPayTermPort();
//set the security credentials in the service context
List credProviders = new ArrayList();
CredentialProvider cp = new ClientUNTCredentialProvider("<username>","<password>");
credProviders.add(cp);
Map<String, Object> rc = ((BindingProvider)port).getRequestContext();
rc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
//populate the service method input object
PayTermRef ref = new PayTermRef();
ref.setTerms("terms");
ref.setTermsXrefKey("key");
//call the web service.here desc is the response object
PayTermDesc desc = port.findPayTermDesc(ref);
System.out.println("desc="+desc);
}catch(Exception e){
e.printStackTrace();
}
}
}
Client code for calling Web services can be generated using the PL/SQL consumer option of the retail-soa-enabler-gui-<version> tool. The generated zip file contains all the jar files and PL/SQL code required to invoke the web service from PL/SQL. To run the client, follow the steps required to run PL/SQL consumer.
The following is a sample PL/SQL procedure for calling a secured Web service.
|
Note: The code below is sample code for invoking theGlAccountValidation service. When you generate PL/SQL consumer for a Web service, the generated jar file will contain classes specific to that Web service. Use the appropriate classes in the client code. Service namespace and WSDL location should also be changed appropriately. |
Write a PL/SQL procedure which will work as the client to call the web service. An example is given below for reference:
|
Example: The following is an example procedure to call GlAccountValidationService web service. |
create or replace PROCEDURE GlAccountValidationClient AS
BEGIN
DECLARE
ARG0 VARCHAR2(200);
v_ReturnValue VARCHAR2(5000);
ribObject RIB_OBJECT;
GLAcctDesc_REC "RIB_GLAcctDesc_REC";
GLAcctDesc_TBL "RIB_GLAcctDesc_TBL";
GLAcctColDesc_REC "RIB_GLAcctColDesc_REC";
GLAcctColRef_REC "RIB_GLAcctColRef_REC";
BEGIN
GLAcctDesc_REC := "RIB_GLAcctDesc_REC"(1, 'RMS', 1);
GLAcctDesc_TBL := "RIB_GLAcctDesc_TBL"();
GLAcctDesc_TBL.EXTEND(1);
GLAcctDesc_TBL(1) := GLAcctDesc_REC;
GLAcctColDesc_REC := "RIB_GLAcctColDesc_REC"(17, 1, GLAcctDesc_TBL);
v_ReturnValue := GlAccountValida-tion_SC.ping('https://msp8925.us.oracle.com:47032/GlAccountValidationBean/GlAccountValidationService?WSDL', 'PolicyA', 'rsbadmin', 'rsbadmin1', 'Hi from prantor PolicyA');
DBMS_OUTPUT.PUT_LINE('v_ReturnValue = ' || v_ReturnValue);
v_ReturnValue := GlAccountValida-tion_SC.ping('http://blr00abi.idc.oracle.com:47035/GlAccountValidationBean/GlAccountValidationService?WSDL', 'PolicyU', '', '', 'Hi from prantor PolicyU');
DBMS_OUTPUT.PUT_LINE('v_ReturnValue = ' || v_ReturnValue);
v_ReturnValue := GlAccountValida-tion_SC.ping('http://blr00abi.idc.oracle.com:39001/GlAccountValidationBean/GlAccountValidationService?WSDL', 'PolicyC', 'rsbuser', 'rsbuser1', 'Hi from prantor PolicyC');
DBMS_OUTPUT.PUT_LINE('v_ReturnValue = ' || v_ReturnValue);
GLAcctColRef_REC := GlAccountValida-tion_SC.validateGlAccount('https://msp8925.us.oracle.com:47032/GlAccountValidationBean/GlAccountValidationService?WSDL', 'PolicyA', 'rsbadmin', 'rsbadmin1', GLAcctColDesc_REC);
DBMS_OUTPUT.PUT_LINE('validateGlAccount done.');
END;
END GlAccountValidationClient;
After the procedure is created without any errors, you can run the procedure as follows:
SET SERVEROUTPUT ON SIZE 500000 CALL dbms_java.set_output(500000); exec GlAccountValidationClient;
Client code for calling Web services can be generated using the PL/SQL consumer option of the retail-soa-enabler-gui-<version> tool. The generated zip file contains all the jar files and PL/SQL code required to invoke the web service from PL/SQL. To run the client, follow the steps required to run PL/SQL consumer.
The following is a sample PL/SQL procedure for calling a secured Web service.
|
Note: The code below is sample code for invoking the PayTerm service. When you generate PL/SQL consumer for a Web service, the generated jar file will contain classes specific to that Web service. Use the appropriate classes in the client code. Service namespace and WSDL location should also be changed appropriately. |
create or replace
PROCEDURE wstestClient IS
ref "OBJ_PAYTERMREF" := null ;
objdesc "OBJ_PAYTERMDESC" := null;
wsm varchar2(100);config varchar2(32000);
BEGIN
wsm := 'oracle.webservices.dii.interceptor.pipeline.port.config';
config :='<port-info>
<runtime enabled="security">
<security>
<outbound>
<username-token name="" password=""/>
</outbound>
</security>
</runtime>
</port-info>' ;
PayTermServiceConsumer.setProperty(wsm, config);
PayTermServiceConsumer.setEndpoint('http://example.com:7001/PayTermBean/PayTermService');
PayTermServiceConsumer.setUsername('<RMS username>');
PayTermServiceConsumer.setPassword('<RMS password>');
ref := "OBJ_PAYTERMREF"('x','t',null,null,null);
dbms_output.PUT_LINE(PayTermServiceConsumer.getEndPoint());
dbms_output.PUT_LINE(PayTermServiceConsumer.ping('TestMessage'));
objdesc := PayTermServiceConsumer.findPayTermDesc(ref) ;
dbms_output.PUT_LINE('Done.');
EXCEPTION
WHEN OTHERS THEN
dbms_output.PUT_LINE(SQLCODE);
dbms_output.PUT_LINE(SQLERRM);
END;
