This chapter includes the following topics:
The following topics provide information and instructions for additional local resource types:
"Configuring Throttling for a Group of Business Services" in Administering Oracle Service Bus
Service Bus project resources refer to those resources that can be referenced by several components within an application or session. They are also known as local resources, and can include things like service accounts, which define authentication information for remote servers; XML documents and schemas; JAR files; XSLT and XQuery mappings; WSDL and WADL files; and so on. Certain Service Bus components require access to specific project resources, and those project resources must be created before you can create the components that rely on them. For example, if you create a proxy service with an email transport, you must first create the service account that defines the login information for the email server. In order to create an MQ proxy or business service, you must first create the MQ connection resource.
When you create, modify, or delete project resources in the Oracle Service Bus Console, you must be in an active session. If you discard the session, any project resources your created and the associated data are also discarded. When you activate a session after creating or modifying resources, Service Bus makes that information available to the runtime.
A service account provides a user name and password that proxy services and business services use for outbound authentication or authentication to a local or remote resource, such as an FTP server or a JMS server. The user names and passwords that you define for Service Bus access are used for inbound authentication and for authenticating administrative requests. For example, if a business service is required to supply a user name and password for transport-level authentication with a web service, you create a service account that specifies the user name and password, then you configure the business service to include the service account credentials in its outbound requests.
You can use the same service account for multiple business services and proxy services. To specify the user name and password that a service account provides, you can define any of the following types:
With a static type of authentication, you save a user name and password with the service account configuration. The service account encodes this user name and password in the outbound request. Use this type of authentication when the login information does not need to change for different messages.
A pass-through service account provides the user names and passwords that it receives from incoming client requests. For example, if an inbound HTTP basic request contains "pat" and "patspassword" as the user name and password, the service account encodes "pat" and "patspassword" in the outbound request.
Because this type requires that client requests include clear-text user names and passwords, it is applicable only for client requests that use either the HTTP basic protocol, a Web Services Security Username Token authentication with a clear-text password, or a custom user name and password token.
Oracle recommends that you use this technique only when Service Bus and the endpoint belong to the same authentication domain. For example, use this technique when you are routing messages within a single organization and both Service Bus and the message consumer authenticate against a common LDAP server.
The following restrictions apply to this technique:
It cannot be used in outbound requests that authenticate Service Bus to a local or remote server or system resource, such as an FTP server or a JMS server.
It cannot be used with the fn-bea:lookupBasicCredentials XQuery function. For more information, see Service Bus XQuery Functions..
Note:
If your proxy is an active WSS intermediary, you can use WS-Security to encrypt a WS-Security Username Token or custom user name and password. In this instance, user name and password pass-through works because the proxy first decrypts the request and then has access to the clear-text user name and password.
A service account that uses mapping authentication maps the user name from one or more authenticated clients to user names and passwords that you specify. The mapping authentication type requires you to correlate (map) the user name obtained by authenticating an inbound request from a client (the local user name) to a user name and password that you specify (the remote user name and password). When the service account receives a request from an authenticated client that has been mapped, it provides the appropriate remote user name and password for the business service or proxy service outbound request.
If the client authenticates at both the transport level and message level, the service account maps the message level user name to the remote user name and password. You can also map an anonymous user name to a remote user name and password.
The following restrictions apply to mapping authentication:
It cannot be used in outbound requests that authenticate Service Bus to a local or remote server or system resource, such as an FTP server or a JMS server.
It cannot be used with the fn-bea:lookupBasicCredentials XQuery function. For more information, see Service Bus XQuery Functions.
Use service accounts to provide authentication information to proxy and business services for outbound authentication or for resource authentication, such as FTP and JMS servers. Service accounts can define authentication information in the following ways:
Providing a static user name and password.
Passing the incoming user name and password through to the server.
Mapping the incoming user name and password to a user name and password you specify.
For more information about these authentication types, see Service Account Authentication Types. For more information about service account properties, see the online help provided with Service Bus.
To create a service account that passes through authentication information:
To create a service account with a static password:
To create a service account that maps incoming passwords:
Create a service account, as described above.
On the Service Account Definition Editor, select Mapping for the type.
Tip:
If you are working in the Oracle Service Bus Console, you can also select Mapping for the type on the Create Service Account dialog when you first create the resource.
Mapping tables appear in the editor.
In the Remote Users table, do the following:
Click the Add icon above the table.
In the new row that appears, enter the user name and password that you want to send in outbound requests.
Repeat the above steps for each remote user to add.
To remove a remote user, select the row in the table and click the Delete icon.
To map remote users to local users, do the following in the Local Users table:
Click the Add icon above the table.
In the Local User Name column, enter the name that identifies a client that has been authenticated on its inbound request.
From the Remote User Name list of options, select the user name to send in outbound requests for the authenticated user you specified in the Local User Name field.
The list of options is populated from the values you created in the Remote Users table.
Repeat the above steps for each local user to add.
Note:
If you have not already added these users in Fusion Middleware Control, do so before you use this mapping in a runtime environment. Otherwise, the mapping will never match an authenticated user and will never be used. For more information about adding users, see "Creating Oracle Service Bus Users" in Administering Oracle Service Bus.
To remove a local user, select the row in the table and click the Delete icon.
To map anonymous requests to a specific remote user account, select Map Anonymous Requests to Remote User, and then select the user name from the list of options.
This list of options is also populated from the values you created in the Remote Users table.
In the toolbar, click Save.
Once you create a service account you can modify its description and authentication type, including updating static login credentials, and adding and removing remote and local users for mapped authentication.
To edit a service account:
When you delete a service account, the user name, password, or local-user to remote-user mapping data that the service account defines are also deleted. You can delete the service account even if it is referenced by other resources, though this might result in conflicts due to unresolved references to the deleted resource.
Before you Begin:
If any business service or proxy service is configured to use the service account, remove the service account from the business service or proxy service. In the Oracle Service Bus Console, open the service account in the Service Account Definition Editor and click the References icon in the upper right to find out whether any services are using it. In JDeveloper, right-click the service account and select Explore Dependencies.
To delete a service account:
A service key provider contains Public Key Infrastructure (PKI) credentials that proxy services use for decrypting inbound SOAP messages and for outbound authentication and digital signatures. A PKI credential is a private key paired with a certificate that can be used for digital signatures and encryption (for Web Services Security) and for outbound SSL authentication. The certificate contains the public key that corresponds to the private key.
Note:
To use a service key provider, you must configure a PKI credential mapping provider. For information on doing this, see Configuring the Oracle WebLogic Security Framework: Main Steps.
In earlier versions of Service Bus, service key providers were called proxy service providers.
A single service key provider can contain all of the following PKI credentials:
A key-pair for digital encryption
Proxy services use this key-pair to decrypt inbound SOAP messages that have been encrypted to conform with a Web Services Policy statement. If you want the service key provider to support digital encryption, the key store that is associated with the PKI credential mapper must contain at least one X.509 certificate that supports encryption.
A key-pair for digital signatures
Proxy services use this key-pair when its endpoint is a web service and the web service requires clients to sign one or more parts of a SOAP envelope.
A key-pair for SSL client authentication (two-way SSL)
Proxy services use this key-pair to authenticate when acting as a client during an outbound TLS/SSL (Secure Sockets Layer) connection; that is, when routing a message to an HTTPS business service or proxy service that requires client certificate authentication.
You can use the same service key provider for multiple proxy services.
When you associate an encryption key service key provider with a proxy service, Service Bus embeds the X.509 certificate into the proxy service's WSDL file. The proxy service then uses this certificate to encrypt the messages that it sends to its endpoint. The proxy service uses the private key in the PKI credential to decrypt the messages that the endpoint returns.
To create a service key provider:
Do one of the following:
For JDeveloper: In the Application Navigator, right-click the project or folder to contain the new service key provider, point to New, and select Service Key Provider.
For Oracle Service Bus Console: In the Project Navigator, right-click the project or folder to contain the new service key provider, point to Create, and select Service Key Provider.
Enter a unique name for this service key provider, and an optional description.
Click Create or Finish.
The Service Key Provider Definition Editor appears.
To configure an encryption key, do the following:
Next to Encryption Key, click the Browse icon.
The Select an alias for Encryption Key window displays the key aliases from the key store that your realm's PKI credential mapper uses.
Enter the password you use to secure access to the key store. (You set this password when you create the keystore.)
Select a key alias that maps to an X.509 certificate and that supports encryption.
Click Submit.
To configure a digital signature key, do the following:
Next to Digital Signature Key, click the Browse icon.
The Select an alias for Digital Signature Key window displays the key aliases from the key store that your realm's PKI credential mapper uses.
Enter the password you use to secure access to the key store. (You set this password when you create the keystore.)
Select a key alias.
Click Submit.
To configure an SSL client authentication key for two-way SSL, do the following:
Next to SSL Client Authentication Key, click the Browse icon.
The Select an alias for SSL Client Authentication Key window displays the key aliases from the key store that your realm's PKI credential mapper uses.
Enter the password you use to secure access to the key store. (You set the password when you create the keystore.)
Select a key alias.
Click Submit.
In the toolbar, click Save.
If you are using the Oracle Service Bus Console, click Activate to end the session and deploy the configuration to the runtime.
Once you create a service key provider, you can reconfigure the key information.
To edit a service key provider:
When you delete a service key provider, Service Bus also deletes the associated alias to key-pair bindings from the PKI credential mapping provider. Service Bus does not delete the associated key-certificate pair from the key store. You can delete the service key provider even if it is referenced by other resources, though this might result in conflicts due to unresolved references to the deleted resource.
Before you Begin:
If any proxy service is configured to use the service key provider, remove the service key provider from the proxy service. In the Oracle Service Bus Console, open the service key provider in the Service Key Provider Definition Editor and click the References icon in the upper right to find out if it has any references. In JDeveloper, right-click the service key provider and select Explore Dependencies.
To delete a service key provider:
An alert destination resource defines a list of recipients that can receive alert notifications from Service Bus. You can configure each alert destination resource to include a set of recipients according to a given context and then associate the resource with the alerts you define. Alert destinations give you the flexibility to specify whether alerts are sent to SNMP traps, are collected for reporting, are logged to the local server's alert log, or sent to e-mail recipients or JMS destinations.
When you configure an Alert action in a pipeline, or an SLA alert rule for a service, the configuration includes specifying an alert destination, which defines who gets notified when alerts are generated. In the case of email and JMS destinations, a destination resource can include a list of email addresses or JMS URIs, respectively. You can re-use alert destinations across alert configurations.
For each alert destination, you can specify that the alerts be sent to multiple types of destinations, as described in the following sections.
Alert notifications can be sent to multiple emails addresses. To configure an email alert destination, you need an SMTP server global resource or a JavaMail session in Oracle WebLogic Server. When an alert is delivered, email metadata consisting of the details about the alert is prefixed to the details of the payload. For information about SMTP server resources, see Working with SMTP Server Resources. For information about configuring JavaMail sessions, see "Configure Access to JavaMail" in the Oracle WebLogic Server Administration Console Online Help.
Simple Network Management Protocol (SNMP) traps allow any third-party software to monitor service level agreements within Service Bus. With SNMP notifications enabled, Web Services Management (WSM) and Enterprise Service Management (ESM) tools can monitor SLA violations and pipeline alerts.
SNMP is an application-layer protocol which allows the exchange of information on the management of a resource across a network. It enables you to monitor a resource and, if required, take some action based on the data obtained from the resource. Service Bus supports SNMP version 1 and 2. SNMP includes the following components:
Managed Resource
Management Information Base (MIB)
SNMP Agent
SNMP Manager
Network Management System (NMS)
The Reporting destination lets you send notifications of pipeline alerts and SLA alerts to a custom reporting provider that can be developed using the reporting APIs provided with Service Bus. This allows third parties to receive and process alerts in custom Java code.
Each alert destination lets you configure whether or not the alerts sent to that destination are logged. Logged alerts are sent to the local alert log. Each Service Bus server has its own alert log. In a cluster, the Admin Server collects the alert logs from all Managed Servers and aggregates the alerts for logging.
Alert notifications can be sent to one or more Java Messaging Service (JMS) queues or topics. You must configure a JNDI URL for the JMS destination for alerts, create a JMS connection factory and a queue or topic, and target them to the appropriate JMS server in the Oracle WebLogic Server Administration Console. For information, see "Methods for Configuring JMS System Resources" in Administering JMS Resources for Oracle WebLogic Server. When you define the JMS alert destination you can either use a destination queue or a destination topic. The message type can be bytes or text. For more information about how to configure JMS alert destination see "Adding JMS Destinations."
Alerts are aggregated at runtime, and you can view them on the Service Bus Dashboard in Fusion Middleware Control.
To create an alert destination:
Before you add an email destination, you must configure an SMTP server (see How to Create SMTP Server Resources), or a JavaMail session in WebLogic Server. If there are no SMTP server resources or JavaMail sessions available, configured, you cannot configure an email recipient.
To add or update email recipients in an alert destination:
While WebLogic Server allows forward slashes in JNDI names, such as "myqueues/myqueue", JNDI names with forward slashes interfere with the URI format required by Service Bus, and you cannot use those names. To work around this issue, define a JMS foreign server and reference that foreign server in the URI. For more information, see Configure Foreign Servers in the Oracle WebLogic Server Administration Console Online Help.
To add or update JMS destinations in an alert destination:
Once you create an alert destination you can modify its description, and add, update, or remove email recipients and JMS destinations.
To edit an alert destination:
When you delete alert destinations, you need to update any alert actions or rules that reference the resource. To delete specific email recipients or JMS destinations from an alert destination, see How to Define Email Recipients for an Alert Destination or How to Define JMS Recipients for an Alert Destination.
Before you Begin:
If the alert destination has any references, remove them before deleting it. In the Oracle Service Bus Console, open the alert destination in the Alert Destination Definition Editor and click the References icon in the upper right to find out whether there are any references. In JDeveloper, right-click the alert destination and select Explore Dependencies.
To delete an alert destination:
SNMP is an application-layer protocol that allows the exchange of information on the management of a resource across a network. SNMP lets you to monitor a resource and, if required, take an action based on the data obtained from the resource. For more information about SNMP, see Monitoring Oracle WebLogic Server with SNMP.
You can create and target SNMP agents in an existing Oracle WebLogic domain to trap SNMP messages generated by Service Bus. For instructions on creating and targeting SNMP agents, see the following topics in the Oracle WebLogic Server Administration Console Online Help:
Create SNMP agents
Target SNMP agents
Create trap destinations
You can create SNMP agents that are either domain-scoped or server-scoped. Domain-scoped agents, which are targeted to the domain rather than to an individual server, are for backward compatibility and are being deprecated. Oracle recommends that you create server-scoped agents.
When creating and targeting an SNMP server-scoped agent for Service Bus, use the following guidelines:
Targeting the Agent: When targeting an SNMP agent to Service Bus, target only the Service Bus Admin Server. Only agents targeted to the Admin Server receive alerts from Service Bus. Agents targeted to Managed Servers do not receive SNMP messages.
Creating a Trap Destination: Enter the following settings for the destination:
Name: alsbDestination-0
Community: weblogic
Host and Port: Set the values to point to the host and port where the SNMP manager is listening for these alerts, such as localhost and 163.
Schemas describe types for primitive or structured data. XML schemas are an XML vocabulary that describe the rules XML business data must follow. XML schemas specify the structure of documents, and the data type of each element and attribute contained in the document.
You use XML schemas as references for WSDL resources and to validate an element specified with an XPath expression in a pipeline. For more information, see Adding Validate Actions in the Console.
XML schemas are a standard feature in JDeveloper. For information about the editors and tools you use to create XML schemas, see Developing Applications Using XML in Developing Applications with Oracle JDeveloper.
If you are using the Oracle Service Bus Console, you can create XML schemas by importing them or by creating an XML schema resource. For more information on importing, see Importing and Exporting Resources and Configurations . Use the following procedure to manually create XML schema resources.
To create an XML schema in the Oracle Service Bus Console:
In the Project Navigator, right-click the project or folder to contain the new XML schema, point to Create, and select Schema.
The Create Schema dialog appears.
Do one of the following:
To create the resource from an existing schema file, click Browse next to the File Upload field and then navigate to and select the file to use.
The Resource Name field is automatically populated with the file name minus the file extension. You can change this name.
To create a new XML schema, enter a unique name for the XML schema resource.
Optionally, enter a brief description of the resource.
Click Create.
The XML schema elements, if defined, appear in the Schema Definition Editor.
To modify the schema, do the following:
Click Edit Source in the toolbar.
The Edit Source dialog appears.
To browse to and select a new schema file to upload, click Browse.
To modify the contents of the file, update the code directly in the Contents section of the dialog.
Click Save.
In the Schema Definition Editor toolbar, click Save.
To end the session and deploy the configuration to the runtime, click Activate.
XML schemas are a standard feature in JDeveloper. For information about editing XML schemas, see Developing Applications Using XML in Developing Applications with Oracle JDeveloper.
If you are using the Oracle Service Bus Console, use the following procedure to edit XML schemas.
To edit an XML schema in the Oracle Service Bus Console:
If any resources reference the XML schema you want to delete, remove those references before deleting the XML schema. In the Oracle Service Bus Console, open the XML schema in the Schema Definition Editor and click the References icon in the upper right to find out if it has any references. In JDeveloper, right-click the XML schema and select Explore Dependencies.
You can delete the XML schema even if it is referenced by other resources, though this might result in conflicts due to unresolved references to the deleted resource.
To delete an XML schema:
XML document resources store XML files for use in proxy or business service configurations. For example, you can create XML document resources for TopLink mapping files needed in JCA proxy or business services that communicate with JCA-compliant systems.
For more information about JCA services, see Using the JCA Transport and JCA Adapters.
XML documents are a standard feature in JDeveloper. For information about the editors and tools you use to create XML files, see "Developing Applications Using XML" in Developing Applications with Oracle JDeveloper.
If you are using the Oracle Service Bus Console, the easiest way to create XML documents is to use the import feature. For example, if you import JCA resources (JCA file, associated WSDL file, and TopLink mapping file), Service Bus automatically generates XML document resources out of mapping files and maintains the dependencies among resource files. For more information on importing, see Importing and Exporting Resources and Configurations .
If you do not bulk import, use the following procedure to manually create XML documents.
To create XML documents in the Oracle Service Bus Console:
In the Project Navigator, right-click the project or folder to contain the new XML document, point to Create, and select XML Document.
The Create XML Document dialog appears.
Do one of the following:
To create the resource from an existing XML file, click Browse next to the File Upload field and then navigate to and select the XML file to use.
The Resource Name field is automatically populated with the file name minus the file extension. You can change this name.
To create a new XML document for the resource, enter a unique name for the XML document resource.
Optionally, enter a brief description of the resource.
Click Create.
The XML document appears in the XML Document Definition Editor.
To modify the XML code, do the following:
Click Edit Source in the toolbar.
The Edit Source dialog appears.
To browse to and select a new XML file to upload, click Browse.
To modify the contents of the file, update the code directly in the Contents section of the dialog.
Click Save.
In the XML Document Definition Editor toolbar, click Save.
To end the session and deploy the configuration to the runtime, click Activate.
XML documents are a standard feature in JDeveloper. For information about editing XML files, see Developing Applications Using XML in Developing Applications with Oracle JDeveloper.
If you are using the Oracle Service Bus Console, use the following procedure to edit XML files.
To edit an XML document in the Oracle Service Bus Console:
If any resources, such as JCA bindings, reference the XML document you want to delete, remove those references before deleting the XML document. In the Oracle Service Bus Console, open the XML document in the XML Document Definition Editor and click the References icon in the upper right to find out if it has any references. In JDeveloper, right-click the XML document and select Explore Dependencies.
To delete an XML document:
A JAR (Java Archive) is a zipped file that contains a set of Java classes. JAR files stored the compiled Java classes and associated metadata that can constitute a program. A JAR file acts like a callable program library for Java code elements so a single compilation link provides access to multiple elements, rather than requiring bindings for each element individually.
To use JAR files in a Service Bus project, you upload them to JAR resources. JAR files in Service Bus are used in:
Java callout actions
EJB-based business services
JEJB services
Tuxedo-based proxy and business services
JAR file integration is a standard feature in JDeveloper. For information about adding JAR files and libraries to your Service Bus projects, see How to Manage Libraries in Developing Applications with Oracle JDeveloper.
If you are using the Oracle Service Bus Console, you can add JAR files by either importing them into a Service Bus project or uploading them into archive resources. For more information on importing, see Importing and Exporting Resources and Configurations . Use the procedure below to upload a JAR file into an archive resource.
To add a JAR file using the Oracle Service Bus Console:
In the Project Navigator, right-click the project or folder to contain the new JAR file, point to Create, and select Archive.
The Create Archive dialog appears.
Click Browse next to the File Upload field and then navigate to and select the JAR file to upload.
The Resource Name field is automatically populated with the file name minus the file extension. You can change this name.
Optionally, enter a brief description of the resource.
Click Create.
The configuration details and dependencies for the JAR file appear in the Archive Definition Editor.
To add dependencies, do the following:
Click Add above the dependencies table.
A new row appears in the table.
Click in the new row in the name column, and then click Browse.
The Search and Select dialog appears.
Enter a file name or the path to the file, and click Search.
In the results list, select the name of the file containing the dependency, and then click OK.
Repeat the above steps for each dependency to add. Use the up and down arrows above the Dependencies table to re-order the list of dependencies.
In the Archive Definition Editor toolbar, click Save.
To end the session and deploy the configuration to the runtime, click Activate.
Updating an archive resource essentially involves pointing the resource to a new version of the JAR file or to a different JAR file, as you cannot edit a JAR using Service Bus. JAR file integration is a standard feature in JDeveloper. For information about updating JAR files, see How to Manage Libraries in Developing Applications with Oracle JDeveloper.
If you are using the Oracle Service Bus Console, use the following procedure to update a JAR file in an archive resource.
Caution:
If you update the JAR file used by an EJB business service by updating to a newer version of the file, you must redeploy the EJB, edit any EJB service that uses the JAR file, and reselect the JAR resource, save, and activate. This repackages the EJB business service to use the new JAR.
Java callout actions and Tuxedo-based services automatically pick up the new JAR file.
To update a JAR file in the Oracle Service Bus Console:
In the Project Navigator, expand the project and folders containing the archive resource to edit.
Right-click the archive resource name, and select Open.
To update the JAR file, do the following:
Click Upload New JAR File in the toolbar.
The Upload New JAR File dialog appears.
Click Browse, and then navigate to and select the new JAR file to use.
Click Save.
The information on the Archive Definition Editor is updated with the new JAR file configuration.
To add a dependency, do the following:
Click Add above the dependencies table.
A new row appears in the table.
Click in the new row in the name column, and then click Browse.
The Search and Select dialog appears.
Enter a file name or the path to the file, and click Search.
In the results list, select the name of the file containing the dependency, and then click OK.
To delete a dependency, select the row in the Dependencies table that contains the dependency, and then click Delete.
The row is removed.
To re-order the dependencies, use the up and down arrows above the table.
When you are done updating the archive resource, click Save in the Archive Definition Editor toolbar.
To end the session and deploy the configuration to the runtime, click Activate.
Service Bus provides additional JAR file features in JDeveloper to let you modify JAR file dependencies. If you are using Oracle Service Bus Console, modify dependencies as described in How to Update a JAR File.
To modify JAR file dependencies in JDeveloper:
If any resources reference the JAR file you want to delete, remove those references before deleting the archive resource. In the Oracle Service Bus Console, open the archive resource in the Archive Definition Editor and click the References icon in the upper right to find out whether it has any references. In JDeveloper, right-click the JAR file and select Explore Dependencies.
You can delete the JAR file even if it is referenced by other resources, though this might result in conflicts due to unresolved references to the deleted resource.
To delete a JAR file: