7. Configuring RESTful WebService

Follow the below steps to configure RESTful WebService.

• Create Data Sources for RESTful WebService
• OAuth Implementation
• Deploy RESTful WebService
• Deploy RESTful Credit Bureau WebService

7.1 Create Data Sources for RESTful WebService

1. Login to Oracle Weblogic 12c console (http://hostname:port/console).

   

2. On successful login, the following window is displayed.

   

3. Click Domain Name > Services > Data Sources. The following window is displayed.

   

4. Click ‘Lock & Edit’ button on the left panel. Click ‘New’ on right panel and select ‘Generic Data Source’.

   

5. The following window is displayed.

   

6. Specify the following details:

• Enter Data source Name
• Enter the JNDI Name as ‘jdbc/OfsllWSDS’.
• Select ‘Oracle’ as Database Type.

7. Click ‘Next’. The following window is displayed.

   

8. Select the Database Driver ‘Oracle's Driver(Thin) for Services connections;Versions:Any’.
9. Click ‘Next’. The following window is displayed.

   

10. Click ‘Next’. The following window is displayed.

    

11. Enter the Database details.
12. Click ‘Next’. The following window is displayed.

    

13. Click ‘Test Configuration’. On completion, displays a confirmation message as ‘Connection test succeeded’.
14. Click ‘Next’. The following window is displayed.

    

15. Select target Server as ‘WS_ManagedServer’.
16. Click Advanced button and update the ‘Inactive Connection Timeout’ to 300 seconds.
17. Click ‘Finish’ to activate the changes.

7.2 Statement Timeout Configuration

When APIs are integrated with Client systems, you may need to specify how long your client system waits for an API call to complete before a timeout occurs. If the Client system times out earlier than the API call, you may see inappropriate responses.

Hence, a client timeout value higher than the API response time is required to avoid such a situation.

Ensure that the time out settings is always defined in decreasing order. Which means, the time out value of managed components configured between the 'Client Server' and 'OFSLL Managed Servers' should have decreasing value so that last managed server before OFSLL has least timeout value.

Follow the below steps to set the statement timeout value.

1. Login to WebLogic Server 12c console (http://hostname:port/console) using the valid credentials.
2. Click Domain Name > Services. The following screen is displayed:

   

3. Click the ‘Data Source’ from the LHS menu and click on the configured Restful data source (for example ‘OfsllREST’).
4. Click ‘Connection Pool’ tab. The following screen is displayed.

   

5. Click ‘Lock & Edit’ option from the Change Center menu.
6. Scroll down and click the ‘Advance’ option. The following screen is displayed.

   

7. Set the ‘Statement Timeout’ value as appropriate. This is the time after which a statement currently being executed will time out.
8. Once done, for changes to take effect, you need to restart the Data Source. Click on the ‘View changes and restarts’ from the Change Center menu.

7.3 OAuth Implementation

(Optional) To extend OFSLL SaaS, OAuth2 can be used for securing OFSLL web services user access Authentication.

Web services authentication using OAuth2 is one of the best approach for securing user authentication to extend OFSLL SaaS. This uses Oracle / Non-Oracle PaaS to authenticate service access request from an external partner application without sharing OFSLL environment access credentials (UID / Password) and leverages the built-in support for OAuth 2.0.

OAuth 2.0 is an open standard token-exchange technology for verifying a user’s identity across multiple systems and domains without risking the exposure of a password.

For detailed information, refer to the OAuth Implementation guide shared in OTN library:
https://docs.oracle.com/cd/F22291_01/references.htm.

7.4 Deploy RESTful WebService

1. Login to Web Logic application server enterprise manager (e.g.:http://hostname:port/em)

   

2. Enter valid login credentials. The following window is displayed.

   

3. Select ‘Lock & Edit’ option in the lock drop-down list available in the header.
4. Click ‘Deployment’ in the left panel. Select ‘Lock & Edit’ option in the lock drop-down list available in the header. The following window is displayed.

   

5. Select ‘Deploy’ from the Deployment drop-down list. The following window is displayed.

   

6. The following window is displayed.

   

7. Browse to the folder containing the WebService. Eg: C:/OfsllRestEAR.ear
8. Click ‘Next’. The following window is displayed.

   

9. Select the server on which the WebService needs to be deployed.
10. Click ‘Next’. The following window is displayed.

    

11. Select the option ‘Install and start application (servicing all requests)’.
12. Check the context root and click ‘Next’.The following window is displayed.

    

13. Click ‘Deploy’. On successful deployment, the following window is displayed.

    

14. Click ‘Close’. Post deployment, you need to activate the changes by selecting ‘Active Changes’ option from ‘Edit Session’ drop-down list as indicated in step 4 above.

To Identify the RESTful Webservice URL

1. Login to WebLogic Server 12c console (http://hostname:port/console).
2. Click ‘Deployments’ Under Configuration tab and select ‘OfsllRestEAR’ services. The following window is displayed.

   

3. Click ‘Testing’ tab and expand ‘OfsllRestWS’. The following window is displayed.

   

4. You can view the 'OfsllRestful' Services URL as shown.
5. Swagger documentation for RESTful web services can be accessed using the following URL type - http://<server_name>;<port>/<Application_context>/swagger.json

7.5 Deploy RESTful Credit Bureau WebService

1. Login to Web Logic application server enterprise manager (e.g.:http://hostname:port/em)

   

2. Enter valid login credentials. The following window is displayed.

   

3. Select ‘Lock & Edit’ option in the lock drop-down list available in the header.
4. Click ‘Deployment’ in the left panel. The following window is displayed.

   

5. Select ‘Deploy’ from the Deployment drop-down list. The following window is displayed.

   

6. The following window is displayed.

   

7. Browse to the folder containing the Credit Bureau WebService. For example: C:/OracleFSLLBureauAPI.war
8. Click ‘Next’. The following window is displayed.

   

9. Select the server on which the WebService needs to be deployed.
10. Click ‘Next’. The following window is displayed.

    

11. Select the option ‘Install and start application (servicing all requests)’.
12. Check the context root and click ‘Next’.The following window is displayed.

    

13. Click ‘Deploy’. On successful deployment, the following window is displayed.

    

14. Click ‘Close’. Post deployment, you need to activate the changes by selecting ‘Active Changes’ option from ‘Edit Session’ drop-down list as indicated in step 4 above.

7.5.1 Create Credentials and System Policies for Credit Bureau Interface

In order Configure Credit Bureau interface, you need to create credentials and system policies. The credentials are accessed through CSF framework which is managed by Oracle Weblogic Server. The keys are managed by Maps and Maps need to be given with Permissions.

Create the following Maps and corresponding keys as indicated in following table.

Maps	Keys	Description
ofsll.int.bureau	creditbureau_auth_­mode_adapter	There are two modes: BASIC - On selecting this option, you need to define User Name and Password to authenticate. OAUTH2.0 - On selecting this option, you need to define additional enabled fields such as Grant Type, Client Id, Client Secret, Identity Domain, Token and Header Key.
	creditbureau_adapter	If Authentication mode is selected as BASIC, specify the Basic Authentication User Name and Password.
	creditbureau_servi­ceurl_adapter	BureauApi or Third party RestAPI end point url.
	ProxyAuthentica­tionEnabled	Indicator used to validate proxy.
	ProxyEnabled	Indicator is for whether Proxy server info need to be set or not.
	ProxyPort	Port to which ProxyServer is running.
	ProxyServer	Name of the proxyServer to be configured
	<Bureau_name>_cert_path	The location of certificate file which contains the valid certificate for Credit Bureau.
	<Bureau_name>_cert_password	The password that requires to read the valid certifi­cate for the Credit Bureau.
	<Bureau Name>_con­sumer_code	Consumer credentials to be configured for request creation of third party.
	<Bureau Name>_to­ken_indicator	Indicator used for whether third party token request needs to be create or not.
	<Bureau Name>_cert_­check_indicator	Indicator used for whether certificate validation is required or not.

Note

For certificate creation, please refer to ‘Interface_Certificate_Configuration.pdf’ document available in the release bundle.