Invoke secured service in splitjoin in an osb proxy message flow

Similar Messages

• OSB:Publish to business service with for each in osb proxy message flow

  Hi,
  I have an external application that will make a call to my web-service and post a message to my queue "A" and i need to model my osb component such that it picks the message from that queue " A"and posts it to another queue "B". All this is done without any BPEL involved.
  for publishing the message i have created a business service that publishes a msg to the queue A and my proxy service is modelled such that it subscribes to this same queue A and publishes the msg to another business service (that posts it to a queue B).
  Everything is working fine but i have an issue in modelling my proxy message flow. If an external application sends a bulk msg i need to post the message one by one to my queue B. I have used for-each and Publish to BS but the msg doesn't get posted one by one. i know i am missing something please help me out.
  SOA Suite Version - 11.1.1.3

  Are you sure that your for-each definition is correct? Does the flow within the for-each get executed multiple times?
  You can check this by logging the variable to which you assign the message in the for-each. Don't forget to put the log level to Error, so you're sure that it's logged.
  Let's say you get a list of persons like the following xml in a variable personList
  <Persons>
  <Person>Glenn</Person>
  <Person>Prasanth</Person>
  </Persons>
  Your for-each definition should be the following.
  For each variable: person
  XPath: +./Person+
  In Variable: personList
  You don't mention the Persons element in the XPath expression since it is the root element of the XML. The root element is represented by . (dot).
  In the for-each, the variable person can be used like any other variable.

• Osb: Proxy Messaging Service retrieve only xml message that have the proper

  Hi All.
  I have a Proxy Service with Messaging Service type which read xml messages from a queue.
  The Request Message Type in the proxy is xml and I have provided the type information by declaring (in the element and type field) the XML schema type of the XML document exchanged.
  I need the proxy service to retrieve from the queue only the xml messages that have the proper schema.
  But when the proxy retrieves any xml msg in the queue regardless of their schema definition .
  Appreciate your input.
  Thx,
  Ross
  Edited by: user6677631 on Feb 25, 2013 9:52 AM
  Edited by: user6677631 on Feb 25, 2013 10:02 AM

  Selecting the XML schema for request type in a messaging proxy does not ensure the validation of incoming XML message against schema. Similarly if you create a WSDL based proxy the validation against WSDL definition will not happen automatically. Choosing XML as the type of message will only ensure that any malformed XMLs will be rejected before entering the message flow. For validating against schema you will need to explicitly add a validate action within the proxy message flow, if validation fails raise an error and roll back the message to the Queue or log the errored message and commit the message/publish to an error queue.

• How to return "HTTP/1.0 401 Authorization Required" from OSB's Message Flow

  How can I return "HTTP/1.0 401 Authorization Required" header from OSB's Message Flow?
  Using of "HTTP Transport -> Authentification" is not possible, because I need flow condition. Transports Headers activity from design palette doesn't allow to send such headers.
  Practical usage: request for kerberos ticket by sending two headers: 401 and WWW-Authenticate: Negotiate...

  Can you briefly expand the use case for better understanding?
  HTTP Client---> Hand Shakes or what ever ----> HTTP Proxy (OSB )---> Pipeline----
  Philosophy behind pipeline is that it is designed to work on the request. Correct me if I'm wrong.
  What you are asking is ability to control the hand shake either in Pipeline or some way during proxy configuration. Unfortunately there is no configuration that is exposed for HTTP proxies in OSB to control that behavior.
  Manoj

• Invoking Secured Services from BPEL - Build scripts

  We are using SOA Suite 10.1.3.4 and JDeveloper 10.1.3.4 for BPEL process development. We are invoking secure web services from BPEL. In order to do this, we have imported the server certificates in the keystore of Oracle SOA Suite. These certificates are also imported into JDev keystore. In DEV environment, I have deployed the BPEL process from JDeveloper and the tested the https web service invocation. It works fine.
  When taking this to PROD environment, we need to provide deployment scripts to the release team. Should the scripts contain any properties specific to SSL configuration? I want the deployment to happen the same way JDeveloper deploys BPEL process by makign use of SSL Certs in its keystore. What is the way to achieve this?
  Thanks

  Hi
  You can deploy BPEL to BPEL process manager using ANT or Jdeveloper . I prefer ANT to deploy to prod.
  Coming to security impmentation, you can use OWSM (Oracle Websevices manager) to assign security key before invoking secured webservice.
  In OWSM follow the brief steps below.
  1. create gateway
  2. create service which points to secured webservice
  3. create pipeline templates with assigning security key , before that import key store to your server
  4. assign above pipeline template to service
  5. now get the URL of service created.
  In Jdev:
  6.In BPEL process create partner link with above Service URL in step5 ( instead of directly pointing to secured webservice from BPEL, go thru OWSM)
  7. use ANT or JDeveloper to deploy BPEL process to Prod.
  Before deploying to PROD you need to above steps 1 to 5 on PROD OWSM
  for more details on OWSM please see following link:
  http://download.oracle.com/docs/cd/B31017_01/integrate.1013/b31008/toc.htm
  Thanks
  Seshagiri.Rayala
  http://soabpel.wordpress.com/

• Invoking secure services inside bpel with x509 certificate and weblogic

  Hi, everyone. Here we have a problem with invoking secure webservices (*client authentication*) from a bpel deployed in weblogic that is consuming so much time (more than a week) and don't know what else to try.
  The scenario: we have a bpel process which invokes a series of web services without any security mechanisms. Now, we have to change it to invoke a series of webservices that do exactly the same, but using ssl and client authentication with x509 certificates. The first part of it, the ssl one, is done without any problems. But the second part is not working at all, and we (I) are running out of ideas how to configure it in weblogic.
  The situation: I want to invoke a webservice, say, Service1. It requires client authentication, so I should pass a certificate (*which I already have*). I put that certificate inside a keystore (with keytool -importkeystore, from p12 to jks). With SoapUI I have no problem now to invoke the service now. But, I'm not sure what should I do to make it work in weblogic; after all, the provider keeps answering with a HTTP 403 Forbidden error.
  The actions: inside the weblogic's enterprise manager, in SOA deployments (SOA / soa-infra / default ) I selected my composite, and in the Dashboard (down at Services and references), clicked the particular service (Service1). Then, it took me to another page where I can see statistics about that service, and a tab named Policies. There (in Policies) I have the chance to attach a policy, but I don't know which one is the approppriate; I guest it should be WSS11_x509_token_with_message_protection_service_policy, which in turn asks me to provide a value for keystore.recipient.alias, keystore.sig.csf.key and keystore.enc.csf.key. For this keys, I provide values that I configured in Credentials (Weblogic Domain / Security / Credentials, subtree oracle.wsm.security). My own logic tells me that what I have done is what I should have done, but still no luck :(
  I am sure the keystore is ok (if I rename the keystore file it tells me that the keystore file cannot be found, and if I specify an alias which is not inside the keystore it tells me that the alias is not found and list me valid aliases). I guess I am missing something, somewhere, but after many hours (days, almost 2 weeks) googling, still cannot make it work.
  Any ideas would be apreciated. If anyone knows about a post or article about this, it would be apreciated too, but I can tell is not that I just googled for 25 minutes, but I have spent more than a week googling, trying, analyzing and reading formal documentation, with no results.
  Thanks in advance!

  Try to enable SSL and WS debugging on your WLS. Add the following to your startup script:
  -Dweblogic.webservice.verbose=true
  -Dssl.debug=true
  ..then you might be able to spot if the rejection is based on some handshake problem.

• Invoking secured service using BPEL partner link -  basic authentication

  HI,
  We are invoking a secured service using partner link. The below property is defined in bpel.xml (basicHeaders property is created on partnerlink)
  <property name="basicHeaders">credentials</property>
  My concern is how the basicusername and basicpassword is sent to the secured webservice?
  is it sent in the calling uri ?
  I don't think it will be sent under soap header..
  Please anyone confirm.
  Thanks
  Phani

  Hi
  I am having trouble making the BPEL and Systinet to work together. I have Systinet and BPEL installed separately on 2 different servers. I deployed my web services and registered them in UDDI. I created a new BPEL process and added a partner link to refer to one of the web service I have registered in UDDI. When I create the partner link, it is forcing me to give the wsdl and it also gives an error message " There are no partner link types defined in current wsdl. Do you want create that will by default create partner link type for you?". If I say "NO' then deployment fails. If I say "Yes", then it creates a new wsdl file on the local server etc and gives "<Faulthttp://schemas.xmlsoap.org/soap/envelope/>
  <faultcode>soapenv:Server.userException</faultcode>
  <faultstring>com.oracle.bpel.client.delivery.ReceiveTimeOutException: Waiting for response has timed out. The conversation id is 75164a0815ea471a:-3be8c246:117cc377894:-537b. Please check the process instance for detail.</faultstring>". Any help is appreciated.

• Invoke secured service through Split-Join

  Hello,
  I create a new Split-Join (in the OSB workshop application). Then
  I use an action "Invoke Service" to call a not secured business service. So far no problem. When I assign a security policy to my business service, the OSB does not accept. Here is the error message in the OSB workshop:
  [Parallel, Scope, Invoke Service]
  The WSDL Binding for BusinessService "OSB/1_0/BusinessServices/TestBS" is not supported: The service feature "WS-Security" is not supported.
  How can I call a secured business service in a splitJoin?
  Thanks

  Well, another way is a custom WSDL.
  The problem, I believe, is not the PS or BS by themselves, but the WSDL Split-Join "sees" from them. So, if you make a version of the same WSDL with no offending policies and supply it to Split-Join, it should work. I suspect you'd still have to build the intermediate PS with that stripped WSDL though.
  In fact, forget about PS. Strip the policy from WSDL and add them to the BS from a policy resource. I would believe Split-Join in this case will not see the policies, while BS would use the ones configured for it.
  Vlad
  http://vladimirdyuzhev.com

• How to invoking secured service(HTTPS/SSL)from bpel Process

  Hi all,
  i am very new to fusion middle ware. i used jdeveloper 10.1.3.3 and soa-server 10.1.3.1.i need to pass secured wsdl(HTTPS/SSL) from one bpel Process to other. Let me know any certificates are required to do this?
  I am looking forward to getting any advice from our forum.
  thanks & Reagards,
  Hari.

  First of all make sure your jdeveloper and soa suite versions match otherwise you will get unpredictable results. I suggest that you upgrade SOA Suite to 10.1.3.4 as this is the latest version.
  That aside I'm assuming that the bpel process are on the same instance. If this is the case Yes you do need certificates as you need to implement SSL on your SOA Installation. If you use a common certificate such as verisign then the process is simpler as you don't need to worry about the public key as they are standard with Oracle as they are with your browser. If you want to sign your own certificate then you will need to add your public key.
  If your server is already SSL and it is verisign then you should have no issues you will be able to connect.
  cheers
  James

• Invoking secure proxy from service callout or route actions in OSB

  Secure proxy is the one which uses WS-Security Username token for authentication before request is processed. Is there any way we can call secure proxy from non-secure proxy. While calling secure-proxy (during service callout or route), I assume header and body will be passed to the secure proxy before secure proxy verifies the user from wsse:security element. While calling secure proxy, I am receiving an error that "General outbound security error. BEA-386400". Is any example that you can show of calling secure-proxy from service callout or route actions
  I am preparing the following header in non-secure proxy message flow diagram before invoking secure proxy.
  <soap-env:Header>
  <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <wsu:Timestamp>
  <wsu:Created>2012-03-31T18:34:53.081-05:00</wsu:Created>
  <wsu:Expires>2012-04-25T23:34:53.081-05:00</wsu:Expires>
  </wsu:Timestamp>
  <wsse:UsernameToken xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <wsse:Username>Testuser</wsse:Username>
  <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">testpassword</wsse:Password>
  <wsse:Nonce>7hoJIy00p+hwk/QiWpxT+Ndpr+4=</wsse:Nonce>
  <wsu:Created xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"/></wsse:UsernameToken>
  </wsse:Security>
  </soap-env:Header>

  Go back to
  compare Routing action versus Service Callout action versus Publish action?

• OSB: Proxy to proxy publish async

  Hi
  PS_1 publishes data to PS_2 (PS_2 wsdl has no outbound so it is asynch)
  I googled and I found following at http://victor-jan.blogspot.in/2012/06/osb-publish-routing-and-service-callout.html:
  Publish: Used for Request only scenarios where you don't expect a response back. The nature of Publish action (sync or async) will depend upon the target service you are invoking.
  Invoking an external service through a business service, then Publish action with Quality of Service(QoS) as "Best Effort" (default) will work like fire and forget and thread won't get blocked (async call).
  Invoking a local proxy service (proxy with transport protocol as "local") from another proxy using publish action then it would be a blocking call (synchronus call) and thread will get blocked untill the processing of local proxy finishes.
  The same information on multiple threads on forum.
  I changed proxy service PS_2 protocol to http and tested by publishing from PS_1.
  Then Created a business service over PS_2 and published from PS_1 to BS_2.
  All in vain. So is it that Proxy service to Proxy service Publish is IMPOSSIBLE in OSB?
  Can anyone confirm?
  Thanks and Regards
  Swapnil Kharwadkar

  Swapnil,
  Publish call will be blocking if QoS is set as Exactly-Once.
  If QoS is Best-Effort and target endpoint is a one-way proxy service then it is a blocking call (source proxy waits for target proxy message flow completion) and if QoS is Best-Effort and target endpoint is a request-response proxy service then control returns back to source proxy as soon as Request pipeline of target proxy message flow completes.
  Regards,
  Anuj

• Including library dependency for Java Callout in OSB Proxy

  Hi,
  I have a simple question for which a simple answer is eluding me:
  I have developed a simple Java Callout for us in a proxy message flow and that Java class has a dependency on the Commons IO library but for the life of me I can see how I can ensure the proxy is deployed with the library in the classpath because when I perform a simple publish and test the service I get the exception:
  <8/06/2009 10:22:27 AM NZST> <Error> <OSB Transform> <BEA-382515> <Callout to java method "public static void com.oracle.mtm.tools.Archiver.archive(byte[],java.lang.String)" resulted in exception: null
  java.lang.reflect.InvocationTargetException
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at etc...
  java.lang.NoClassDefFoundError: org/apache/commons/io/FileUtils
       at etc...
  i.e. the Commons IO (e.g. org/apache/commons/io/FileUtils) is not in the classpath.
  There must be a simple way of declaring this dependency or something and have the library loaded but I can't find it.
  Any help much appreciated!

  Well I managed to answer my own question in the end. It's simply a matter of selecting jar dependencies from other jars which can be done by double clicking ("opening") the jar within the OSB Conf project which opens a jar dependencies dialogue box. As expected it's easy when you know how...

• OSB Proxy Layer

  Hi All,
  I have a business service which is one-way messaging pattern. i.e does not send any response back. With the OSB, I want to introduce a proxy abstraction to the business service such that whenever a request is received the proxy automatically sends a response back.
  Is it possible with OSB, if yes a working example would be helpful.
  Thanks

  Hi,
  It is perfectly possible... One solution would be:
  1. Create a proxy service
  2. In the proxy message flow create a route node
  3. Create a routing action in the route node
  4. Add a replace action into the response action of your routing
  5. In the replace action you will configure your answer, just replace the contents of $body variable
  Let me know how you go...
  Cheers,
  Vlad

• Adding alert activity in OSB message flow urgent

  hi,
  i added an alert activity in my OSB proj message flow to monitor the process . after deploying the proj in console, i gave inputs. but i am not able to see the alert in operations>dashboard>pipeline alerts . no alert has been written in dashboard.
  i have mentioned the alert destination, for alert logging option i have selected yes. can anyone pls hlep he in this issue.
  thanks

  Did you enable Pipeline Alerts in the Operational Settings tab of the Proxy? If yes, also select the appropriate level based on the Alert level you had set within the message flow.
  Also check the in the SB Console > Operations > Global Settings , that the Enable Pipeline Alerting is selected.
  Thanks,
  Patrick

• Compliation Error while invoking Secure web service.

  Hi,
  I am trying to invoke secure JDE Business Service in SOA 11g from a simple Composite process as a partnerlink.
  The JDE Business Service is deployed on a weblogic server. The service is getting invoked through SOAP UI but is giving compilation errors when used in a Composite process.
  Error(17,30): Load of wsdl "https://hostname:port/DV900/AddressBookManager?wsdl" failed
  Error(20,30): Load of wsdl "AddressBookManagerDefinitionsWrapper.wsdl" failed
  Error(33,88): Cannot find Port Type "{http://oracle.e1.bssv.JP010000/}Oracle_E1_SBF_JWS_PkgBldFile_AddressBookManager" for "AddressBookManager" in WSDL Manager
  Could someone please let me know how to resolve this issue.
  Also, is this related to some kind of keystores that need to be imported into JDeveloper or Weblogic Server
  OR
  Certificates that need to be imported into my application.
  Any help will be appreciated.
  Regards,
  Varun Maheshwari
  Edited by: Varun Maheshwari on 01.des.2011 08:30

  In Document 663626.1 there are a few tests/samples that could help with testing and verification.
  If this isn't what you're looking for, you may want to check out the Information Center for Using Business Services (BSSV) in the JD Edwards EnterpriseOne Tools and Technology Product (Doc ID 1365168.2)
  Hope that helps!