4 Secure Gateway Services

This topic explains to secure gateway services.

Different applications deployed on disparate platforms and using different infrastructure need to be able to communicate and integrate seamlessly with Oracle FLEXCUBE Universal Banking to exchange data. The Oracle FLEXCUBE Integration Gateway will cater to these integration needs.

The integration needs to be supported by the Gateway can be broadly categorized from the perspective of the Gateway as follows:

• Inbound application integration: Used when any external system needs to add, modify or query information within Oracle FLEXCUBE Universal Banking.
• Outbound application integration: Used when any external system needs to be notified of the various events that occur within Oracle FLEXCUBE Universal Banking.

Inbound Application Integration

Oracle FLEXCUBE Inbound Application Gateway provides XML-based interfaces enhancing the need to communicate and integrate with the external systems. The data exchanged between Oracle FLEXCUBE Universal Banking and the external systems will be in the form of XML messages. These XML messages are defined in Oracle FLEXCUBE Universal Banking in the form of XML Schema Documents (XSD) and are referred to as FCUBS formats.

FCUBS Inbound Application Integration Gateway uses the Synchronous and Asynchronous Deployment Pattern for addressing the integration needs.

The Synchronous Deployment Pattern is classified into the following:

• Oracle FLEXCUBE Universal Banking EJB Based Synchronous Inbound Application Integration Deployment Pattern.
• Oracle FLEXCUBE Web Services Based Synchronous Inbound Application Integration Deployment Pattern.
• Oracle FLEXCUBE Universal Banking MDB Based Asynchronous Inbound Application Integration Deployment Pattern.

EJB Based Synchronous Deployment Pattern

The Enterprise Java Beans (EJB) deployment pattern will be used in integration scenarios where the external system connecting to Oracle FLEXCUBE Universal Banking is EJB literate, i.e., the external system is capable of interacting with Oracle FLEXCUBE Universal Banking based upon the EJB interface. In this deployment pattern, the external system will use the RMI/IIOP protocol to communicate with the Oracle FLEXCUBE EJB.

In this deployment pattern, the EJB displayed by Oracle FLEXCUBE will be a stateless session bean. The actual request will be in the form of an XML message. After the necessary processing is done in Oracle FLEXCUBE based on the request, the response is returned to the external system as an XML message. The transaction control for the processing will stay with the Oracle FLEXCUBE EJB.

Web Services Based Synchronous Deployment Pattern

The web services deployment pattern will be used in integration scenarios where the external system connecting to Oracle FLEXCUBE Universal Banking wants to connect using standards-based, inter-operable web services.

This deployment pattern is especially applicable to systems that meet the following broad guidelines:

• Systems that are not EJB literate, i.e., such systems are not capable of establishing connections with Oracle FLEXCUBE based upon the EJB interface; and/or
• Systems that prefer to use a standards-based approach.

In this deployment pattern, the external system will use the SOAP (Simple Object Access Protocol) messages to communicate to the Oracle FLEXCUBE Universal Banking web services.

The services displayed by Oracle FLEXCUBE Universal Banking are of a message-based style, i.e., the actual request will be in the form of an XML message, but the request will be a payload within the SOAP message. After the necessary processing is done in Oracle FLEXCUBE based on the request, the response is returned to the external system as an XML message which will be a payload within the response SOAP message. The transaction control for the processing will stay with the Oracle FLEXCUBE Universal Banking.

HTTP Servlet Based Synchronous Deployment Pattern

The HTTP servlet deployment pattern will be used in integration scenarios where the external system connecting to Oracle FLEXCUBE Universal Banking wants to connect to Oracle FLEXCUBE Universal Banking using simple HTTP messages.

This is especially applicable to systems such as the following:

• Systems that are not ‘EJB literate’, i.e., are not capable of establishing a connections with Oracle FLEXCUBE Universal Banking based upon the EJB interface; and/or
• Systems that prefer to use a simple HTTP message-based approach without wanting to use SOAP as the standard.

In this deployment pattern, the external system will make an HTTP request to the Oracle FLEXCUBE servlet.

For this deployment pattern, Oracle FLEXCUBE Universal Banking will display a single servlet. The actual request will be in the form of an XML message. This XML message is embedded into the body of the HTTP request sent to the Oracle FLEXCUBE servlet. After the necessary processing is done in Oracle FLEXCUBE Universal Banking based on the request, the response is returned to the external system as an XML message which is once again embedded within the body of the response HTTP message. The transaction control for the processing will stay with the Oracle FLEXCUBE Universal Banking.

MDB Based Asynchronous Deployment Pattern

The MDB deployment pattern is used in integration scenarios where the external system connecting to Oracle FLEXCUBE wants to connect to Oracle FLEXCUBE using JMS queues. This is especially applicable to systems such as the following:

• Systems that prefer to use JMS queues based approach without wanting to wait for the reply.

Here external system sends messages in XML format to request a queue on which an MDB is listening. When a message arrives in the queue, it is picked up for processing. After the necessary processing is done in Oracle FLEXCUBE Universal Banking, based on the request, the response is sent to the response queue as an XML message.

Outbound Application Integration

The Outbound Application Integration is also called the Oracle FLEXCUBE Universal Banking Notify Application Integration layer. This application layer sends out notification messages to the external system whenever events occur in Oracle FLEXCUBE Universal Banking.

The notification messages generated by FCUBS on the occurrence of these events will be XML messages. These XML messages are defined in FCUBS in the form of XML Schema Documents (XSD) and are referred to as FCUBS formats.

Secure Web Services

Web services can be secured by applying security policies available in the weblogic server. We can attach two types of policies to Web Logic Web services and clients at design and deployment time.

• Oracle WSM policy: We can attach Oracle Web Services Manager(WSM) policies to Web Logic JAX-WS Web services and clients.
• WebLogic Web service policy: These policies are provided by Oracle Web Logic Server and can be attached to any web service deployed in Web Logic.

We can use Oracle Enterprise Manager Fusion Middleware Control to attach Oracle WSM security policies to Web Logic Java EE Web services and clients.

We can attach policies to WebLogic Web services at both design time and after the Web service has been deployed.

At design time, use the weblogic.jws.Policy and weblogic.jws.Policies JWS annotations in JWS file to associate policy files with Web service. We can associate any number of policy files with a Web service, although it is up to us to ensure that the assertions do not contradict each other. We can specify a policy file at the class level of our JWS file.

After the Web service has been deployed, use the Oracle Web Logic Server Administration Console to attach Web Logic Web service policies to Web Logic Web services.

Access Service and Operation

In a message, it is mandatory to maintain a list of Service Names and Operation Codes. This information is called Gateway Operations.

A combination of every such Service Name and Operation Code is mapped to a combination of Function ID and Action. Every screen in Oracle FLEXCUBE Universal Banking is linked with a function ID. This information is called Gateway Functions.

Users can gain access to an external system using the Gateway Functions. The Function IDs mapped in Gateway Functions should be valid Function IDs maintained in Oracle FLEXCUBE Universal Banking. Hence, for every new Service or Operation being introduced, it is important that you provide data in Gateway Operations and Gateway Functions.

Gateway Password Generation Logic for External System Authentication

As a secure configuration password authentication should be enabled for the external system maintained. The same can be verified in the External system detail screen level.

Once these features are enabled, the system will validate for Encrypted password as part of every request sent by the External System.

The Message ID which is present as part of the header in Request XML is considered as the hash. External System generates a unique Message ID, which is a functional mandatory field in the header. Create a Message Digest with the SHA-512 algorithm.

The hash created from the previous step and the password in the clear text together is encrypted in the AES encryption method. Apply Base64 encoding to encrypted value and send to the Oracle FLEXCUBE Universal Banking gateway.

XSD Validation and Input Validation

Oracle FLEXCUBE Universal Banking supports the XSD validation for all types of Gateway. Each node in request XML is getting validated with the corresponding webservice XSD’s.

Restriction on Script/HTML tags

Oracle FLEXCUBE Universal Banking Gateway has blacklist validation for the unwanted tag in XML like scripting tag or HTML tag inside XML content, particularly in the header.

List of Services

• FCUBSACService
• FCUBSAMService
• FCUBSAccFinService
• FCUBSAccService
• FCUBSBstService
• FCUBSCAService
• FCUBSCFService
• FCUBSCIService
• FCUBSCLService
• FCUBSCNService
• FCUBSCPGServices
• FCUBSCcyService
• FCUBSCoreService
• FCUBSCoreentitiesService
• FCUBSCustomerService
• FCUBSDEService
• FCUBSDLService
• FCUBSDQService
• FCUBSEPSService
• FCUBSFAService
• FCUBSFIService
• FCUBSGIService
• FCUBSGLService
• FCUBSIAService
• FCUBSICService
• FCUBSIFService
• FCUBSINService
• FCUBSISService
• FCUBSIVService
• FCUBSInteractionService
• FCUBSLDService
• FCUBSLEService
• FCUBSLMService
• FCUBSLeadService
• FCUBSMFService
• FCUBSMOService
• FCUBSMSService
• FCUBSMessagingService
• FCUBSORService
• FCUBSRBService
• FCUBSRMService
• FCUBSSCVService
• FCUBSSFService
• FCUBSSIService
• FCUBSSMService
• FCUBSSTService
• FCUBSSigService
• FCUBSSwitchService
• FCUBSTDFinService
• FCUBSTDService
• FCUBSUPService
• FCUBSVPService
• FCUBSXPService
• SMSUserService

List of Interfaces

Integration/Interface with Oracle Products

1. Oracle FLEXCUBE UBS - ODA Integration User Guide

Integration/Interface with Product Processors

1. Oracle FLEXCUBE UBS - Common Core Integration User Guide
2. Oracle FLEXCUBE UBS - OBVAM Integration User Guide
3. Oracle FLEXCUBE UBS - Payments Integration User Guide
4. Oracle FLEXCUBE UBS - ELCM Integration
5. Oracle FLEXCUBE UBS - OBTR Integration User Guide
6. Oracle FLEXCUBE UBS - OBTF Integration User Guide
7. Oracle FLEXCUBE UBS - Oracle Banking Liquidity Management Integration
8. Oracle FLEXCUBE UBS - Oracle Banking Origination Integration User Guide
9. Oracle FLEXCUBE UBS - OFSAA Integration User Guide
10. Oracle FLEXCUBE Investor Servicing Integration User Guide
11. Oracle FLEXCUBE UBS - Corporate Lending Integration User Guide
12. Oracle FLEXCUBE UBS - Common Core - OBMA Core Integration

Generic Interfaces

1. Relationship Pricing Interface User Guide
2. Oracle FLEXCUBE UBS - External Accounting Interface
3. Oracle FLEXCUBE UBS - Biometric Integration User Guide
4. Debit Card Interface User Guide
5. Document Management System Interface User Guide
6. Hajj Registration Interface User Guide
7. Single Customer View Hand-off User Guide