3. Deploying Application Interface WebServices

3.1 Creating Data Sources for WebServices

Create a new server on the console which will be specifically for WebServices.

1. Login to WebLogic Server 12c console (http://hostname:port/console).

   

2. The following window is displayed.

   

3. Click Domain Name > Services > Data Sources. The following window is displayed.

   

4. Click ‘Lock & Edit’ button on the left panel. Click ‘New’ on right panel and select ‘Generic Data Source’.

   

5. Specify the following details:

   

• Enter Data source Name.
• Enter JNDI Name as ‘jdbc/dbk105nlEJBDS’.
• Select ‘Oracle’ as Database Type.

6. Click ‘Next’. The following window is displayed.
7. Select the Database Driver ‘Oracle's Driver(Thin) for Instance connections;Versions:Any’ as shown.

   

8. Click ‘Next’. The following window is displayed.

   

9. Click ‘Next’. The following window is displayed.

   

10. Enter the Database details.
11. Click ‘Next’. The following window is displayed.

    

12. Click ‘Test Configuration’. The following window is displayed indicating a confirmation message as ‘Connection test succeeded’.

    

13. Click ‘Next’. The following window is displayed.

    

14. Select target WebServices Server and click ‘Finish’. The following window is displayed.

    

15. Click ‘Activate Changes’.

Similarly follow the above steps to create the following data sources:

• jdbc/dbkwsDS
• jdbc/IN1HukWznG0b4esj

  

3.2 Working with SSL

It is not recommended to run OFSLL WebServices with the test certificates in production. You have to get:

1. Vendor public production key/certificates for SSL handshake. These have to be imported into weblogic truststore.
2. RO public production key/certificates to validate digital signature in the RO inputs. This has to be imported into dls_cacerts keystore mentioned in the configuration file.
3. Generate production grade public/private key signed by appropriate CA. The public key has to be shared with RO so that they can validate digital signature in OFSLL requests. The corresponding private key should not be shared, should be imported into dls_cacerts keystore mentioned in the configuration file and used to add the digital signature in RO requests.

Additional Notes

• While testing with the test certificates, you may get error: ‘Signature verification failed because RSA key public exponent [3] is too small’.
  • As a fix, you need to add the following in the start-up script: ‘Dweblogic.security.SSL.allowSmallRSAExponent=true’

• You may encounter error: ‘java.security.InvalidKeyException: Illegal key size or Cipher not initialize’.
  • As a fix add the following in the start-up script: ‘Dweblogic.security.SSL.nojce=true’

• You may encounter error: ‘java.security.InvalidAlgorithmParameterException: the trustAnchors parameter must be non-empty’.
  • As a fix remove the ‘-DUseSunHttpHandler=true’ SSL option if any from the startup script.

3.2.1 Steps to Import Certificates to keystore

1. The JKS(dls_cacerts) should be available under /WEB-INF/classes/config.
2. Save all the certificates from the vendor website. Note to save the certificates in "Base-64 encoded X.509(.CER)" and with extn .cer. Steps for saving certificates from the vendor website:

• Click on the padlock and choose ‘View Certificates’.

  

• Click on the Certification Path tab and select the certificate with the ‘Name’ and ‘Issued To’ the same as the user-defined ID.

  

• Go to the Details tab.

  

• Click on the ‘Copy to File’ button, and click ‘Next’. Select ‘Base-64 encoding’ and save the file somewhere on your local computer.

  

3. Run following command to import certificate into JKS(dls_cacerts)

• "keytool -keystore <Key store Path> /dls_cacerts -import -trustcacerts -file <Certificate location in file system>\xxx.cer -alias <alias as mentioned in config file>

4. Run following command to view details of certificate like expiration date of certificate etc.

• "keytool -list -rfc -alias alias <alias as mentioned in config file> -keystore <Key store Path> /dls_cacerts
• "keytool -list -v -alias alias <alias as mentioned in config file> -keystore <Key store Path> /dls_cacerts

For more details on keytool refer the link: http://docs.oracle.com/javase/7/docs/technotes/tools/windows/keytool.html

3.2.2 Enable SSL Debugging

SSL debugging can be enabled by adding the following to managed server start-up script: ‘Dssl.debug=true’

3.2.3 Connecting to service supporting only TLS protocol

For WLS 12c by default (acting as a client) will send sslv2 hello for the SSL handshake to TLS service. The TLS service will not respond to SSLv2 hello and the connection will be dropped.

The fix for the problem is to set Dweblogic.security.SSL.protocolVersion=TLS1 at the Managed server level in which the WebServices have been deployed.

3.3 Create RouteOne Credentials and System Policies

In order Configure RouteOne, you need to create credentials and system policies.

1. Login to Oracle Enterprise Manager 12c (http://hostname:port/em).
2. On the left panel, right click on OFSLL_domain and select Security > System Policies > Credentials. The following window is displayed.

   

3. Click ‘Create Map’. The following window is displayed.

   

4. Enter Map Name as ‘ofsll.int.routeone’ and click ‘OK’.
5. Click ‘Create Key’. The following window is displayed.

   

6. Click ‘OK’.

Similarly you need to create the following Maps and corresponding keys as indicated in following table.

Maps	Key Name	Username	Password	Description
ofsll.int.rou­teone	routeone_key_­store_password	keystore­Password	changeit	The keystore password
	routeone_key_alias	roKeyAlias	routeone_­pub_tst	RouteOne's public key alias name.The public key is needed to verify the xml signature of the request.
	routeone_ss­cro_key_alias	sscroKeyAlias	ssc_route­one	OFSLL's private key alias name. The private key is used to sign xml response to RouteOne
	routeone_ss­cro_key_passsword	sscroKey­Password	demot­estSSCR1	OFSLL's private key password

You need to provide access permission for the below mapping. For details on how to set the access permission, refer to point 9 in ‘Create Credentials and System Policies’ section.

Permission Class	Resource Name	Permission Actions
oracle.security.jps.service.cred­store.CredentialAccessPermission	context=SYSTEM,mapName= ofsll.int.rou­teone,keyName=*	read

3.4 Deploying Webservices

3.4.1 Deployment of WebServices in Enterprise Manager

1. Download and unzip the WebServices - ofsllxws.zip.
2. Following is a mapping of which EAR is needed for which service:

   dbkls-xxws.ws.app.ear	dbkls-xxws.ws.app-dt.ear	dbkls-xxws.ws.app-ds.ear	dbkls-xxws.ws.app-ro.ear
   DialerIntegrator: Service to integrate with third party dialer systems	DT Interface: To receive loan application from dealer track	DS Interface: To receive edocs application update	RO Interface: To receive loan appli­cation from route one
   CSSAccountDe­tailsRequestSer­vice: Service to fetch Account Details by account number	DT Interface: To receive loan applica­tion/deal update from dealer track	DS Interface: To receive edocs comment update	RO Interface: To receive loan appli­cation/deal refresh from route one
   CSSAccount­SearchRequest­Service: Service to fetch Account Details by attrib­utes such as AccountNumber, CustomerFirst­Name, Customer­LastName, SSN	DT Interface: To receive comments from dealer track	DS Interface: To receive edocs location update	RO Interface: To receive com­ments from route one
   CSSPostTransac­tionsRequestSer­vice: To post different transac­tions such as update address, update phone num­ber, update ACH details, etc	LOSPostStatusRe­questService: To post comments to dealer track		LOSPostStatus­RequestService: To post com­ments to route one
   CSSAccountPay­OffQuoteRequest­Service: To get the account payoff quote	LOSPostStatusRe­questService: To post application status to dealer track		LOSPostStatus­RequestService: To post applica­tion status to route one
   LOSeApplication­RequestSer­vice:Edocs application update service	ILOSPostDealerDe­tailsService: To post dealer details to dealer track		ILOSPostDealer­DetailsService: To post dealer details to dealer track
   LOSApplication­RequestService: Loan application entry service
   LOSApplication­SearchRequest­Service: Application Search service
   LOSApplication­SearchRequest­Service: Application Search service
   LOSApplication­CommentUpdate­Service: Edocs application com­ment update ser­vice
   LOSPostStatusRe­questService: Ser­vice to post loan application status
   LOSApplica­tionUpdateSer­vice: Service to update an existing application
   LOSCheckStatus­RequestService: Service to check application status
   LOSApplication­AccountWebSer­vice: Service to create Account number in OFSLL
   			LOSEContract­Service: To recieve contract information from RouteOne

3. Unzip all the ear files present:

• dbkls-xxws.ws.app.ear
• dbkls-xxws.ws.app-dt.ear
• dbkls-xxws.ws.app-ro.ear
• dbkls-xxws.ws.app-ds.ear

4. Open each of the unzipped files and unzip the war file.

   

5. It creates a WEB-INF file

   

After unzipping the war file to directory, the directory will have the following structure

• dbkls-xxws.ws.app / dbkls-xxws.ws.app-ds / dbkls-xxws.ws.app-dt / dbklsxxws.ws.app-ro
• /dbkls-xxws.ws.app/dbkls-xws-web

WEB-INF (directory)

---->classes (directory)

- config

- class files (in package folders)

-----> lib (directory)

- jdom-2.0.6.jar

- OfsllCommonCSF.jar

- soap-2.3.1.jar

------> wsdl (directory)

- *.wsdl

-----> *-java-wsdl-mapping.xml

-----> web.xml

-----> weblogic.xml

-----> weblogic-webservices.xml

-----> weblogic-webservices-policy.xml

-----> webservices.xml

6. To edit the web interface config files, navigate to the above WEB-INF > classes > config. Edit the following configuration files with the application url and port.

For complete details on configuration parameters, refer to “Appendix - Configuration parameters” section in Appendix chapter.

• ds_servlet_init.conf-This is the configuration file only for edocs servlet interface

  

• dt_servlet_init.conf- This is the configuration file only for dealer track servlet interface

  

• ro_servlet_init.conf- This is the configuration file only for route one servlet interface

  

7. Login to Web Logic application server enterprise manager (e.g.: http://hostname:port/em)

   

8. Enter valid login credentials. The following window is displayed.

   

9. Expand the weblogic domain present in the left pane. The following window is displayed.

   

10. Right click on WebService_ManagedServer in left panel, select Application Deployment > Deploy.

    

11. The following window is displayed.

    

12. Browse to the folder containing the WebService.

Eg: /scratch/ofsllxws/dbkls-xxws.ws.app

Click ‘Next’.

13. The following window is displayed. Select the server on which the WebService needs to be deployed. Click ‘Next’.

    

14. The following window is displayed. Check the context root and click ‘Next’.

    

15. The following window is displayed. Click ‘Deploy’.

    

16. The following window is displayed. Click ‘Close’.

    

17. If required, similarly deploy rest of the WebServices.
18. In case the context root has to be changed for the WebServices, it can be changed by editing the application.xml or through the console. To change through console, login to WebLogic Server 12c console (http://hostname:port/console).
19. Go to Deployments > <select the service deployment> > Configuration General and modify the context root to the recommended name as follows:

    Service	Service EAR	Recommended Context	Remark
    Webservices	dbkls-xxws.ws.app.ear	dbkls-xws-app	If this the recommended context name is not used, then the Ser­vice URLs in the configuration files needs to be changed
    Edocs Inter­face	dbkls-xxws.ws.app-ds.ear	dbkls-xws-app-ds	If this the recommended context name is not used, then the Ser­vice URLs in the configuration files needs to be changed
    Dealer Track Interface	dbkls-xxws.ws.app-ds.ear	dbkls-xws-app-dt	If this the recommended context name is not used, then the Ser­vice URLs in the configuration files needs to be changed
    Route One Interface	dbkls-xxws.ws.app-ro.ear	dbkls-xws-app-ro	If this the recommended context name is not used, then the Ser­vice URLs in the configuration files needs to be changed

20. Ensure that the application status is ‘Active’.