Service Account in Proxy Service
I have two Proxy Services A and B.
B is password protected and I have created a Service account in OSB.
Now, A accesses B.
So, where to configure the Service Account so that A can access B successfully.
Thank You!
You must configure it in the business service that would point to service B.
For proxy service to proxy service calls you might not be able to use service accounts.
See here - http://svgonugu.wordpress.com/2011/03/28/using-the-service-accounts-in-osb/
Similar Messages
-
Service Accounts for Reporting Service in SQL Server Failover Cluster setup
I am setting up 2 Report Services (SSRS) in SQL Failover Clustering (Version: 2012SP1) on Windows 2012, as part of scale out architecture.
There are 2 options to configure the service account for SSRS:
Option 1) Using domain accounts, as what I have done for DB Engine and SQL Agent.
Option 2) accept the default, which is virtual account for SSRS. Per documentation URL:
http://msdn.microsoft.com/en-us/library/ms143504.aspx
which is the recommended one? is it option 2?
There is security note on above URL as well, but does not clearly mention that option 1 is not recommended.
Security Note: Always run SQL Server services by using the lowest possible user rights. Use a MSA or virtual account when possible. When MSA and virtual accounts are not possible, use a specific low-privilege user account or domain account instead
of a shared account for SQL Server services. Use separate accounts for different SQL Server services. Do not grant additional permissions to the SQL Server service account or the service groups. Permissions will be granted through group membership or granted
directly to a service SID, where a service SID is supported.
Thanks very much for your help!Hi Luo Donghua,
In SQL Server Failover Cluster Instance, personally two options can run well. If you use the virtual account for SQL Server Reporting Service. Virtual accounts in Windows Server 2008 R2 and Windows 7 are managed local accounts that provide the features to
simplify service administration. The virtual account is auto-managed, and the virtual account can access the network in a domain environment.
Of cause, you can also use domain accounts in your clustering.
Just make sure your service account is set up here, or that it is using a proper built-in account.For more information, see:http://ermahblerg.com/2012/11/08/cluster-ssrs-in-2008/
Thanks,
Sofiya Li
Sofiya Li
TechNet Community Support -
Service Accounts for Browser Services and FD Launcher (Full-text Search)
I am setting up SQL Failover Clustering (Version: 2012SP1) on Windows 2012. There are 2 options to configure the service account for Browser Services and FD Launcher :
Option 1) Using separate domain accounts, as what I have done for DB Engine and SQL Agent.
Option 2) accept the default, which is local service for
browser, and virtual account for
FD Launcher. Per documentation URL: http://msdn.microsoft.com/en-us/library/ms143504.aspx
which is the recommended one? is it option 2?
There is security note on above URL as well, but does not clearly mention that option 1 is not recommended.
Security Note: Always run SQL Server services by using the lowest possible user rights. Use a
MSA or
virtual account when possible. When MSA and virtual accounts are not possible, use a specific low-privilege user account or domain account instead of a shared account for SQL Server services. Use separate accounts for different SQL Server services. Do not
grant additional permissions to the SQL Server service account or the service groups. Permissions will be granted through group membership or granted directly to a service SID, where a service SID is supported.Hi Luo Donghua,
In SQL Server Brower, the default logon account is NT Authority\Local service and cannot be changed during SQL Server setup.SQL Server Browser is not a clustered resource and does
not support failover from one cluster node to the other. SQL Server Browser should be installed and
turned on for each node of the cluster. SQL Server Browser should be run in the security context of a low privileged user to minimize exposure to a malicious attack.
You can change the account after the setup has been completed; For more information, see:http://msdn.microsoft.com/en-us/library/hh510203.aspx.
In SQL Server full text filter daemon launcher, on Windows Vista and Windows Server 2008, the FDHOST Launcher service account also defaults to LOCAL SERVICE. If you provide a domain account in which to run the FDHOST Launcher service, we highly recommend
that you use a low privilege account. On Windows 7 and Windows Server 2008R2 , we use Virtual Account or Managed Service account(MSA) in FD Launcher . We also need to note the account you used for
FD Launcher should be different from the account that you use for the SQL Server service. For more information, see:
http://msdn.microsoft.com/en-us/library/cc281953(v=sql.100).aspx
So I recommend you use the option 2 to configure the service account for Browser Services and FD Launcher.
Thanks,
Sofiya Li
Sofiya Li
TechNet Community Support -
Can a business service call a proxy service in OSB
In Oracle service bus, can a business service call a proxy service and if yes , what is the scenario?
Thanks in advance
PriyaYes a business service can call a proxy service......for example set your PS as http proxy service and set the endpoint url of PS in the business service..... Lets say when you have three service callouts to be done...the third service callout needs to retried in case of any failures, then you may move the third service callout to a new proxy service and use the buisness service for calling it,,, use the BS retry settings for retyring..
-
OSB proxy service Calling OSB proxy service from BPEL
Dear team,
Wehave a requirement to call a Wsdl based OSB proxy service with sb protocol from SOA Composite from BPEL process.
We created a wsdl based OSB proxyservice with sb protocol and deployed to OSB development server.
We tried to export the wsdl and corresponding xsd files. sbconfig.jar got created.
When we extracted the sbconfig file and placed the wsdl and xsd into the SOA composite.
When we are trying to create a partnerlink, that OSB proxy service wsdl is not showing up.
Please suggest.
How to call OSB proxy service from BPEL..Hi,
Here either you need to change the protocol from 'sb' to http or use the Direct Binding in soa-composite.
please refer this links:
Can a business service call a proxy service in OSB
http://biemond.blogspot.in/2009/03/calling-osb-services-from-bpel.html
BPEL to OSB using sb transport protocol
Thanks, -
Call proxy service from other proxy service with attachment
Hi!
I have got an email sending proxy service I would like to call this from an other proxy service and I want to send attachment in email. I can send email with attachment if i call this proxy as a webservice (e.g. from soapUI)
But if i want to call this email proxy service from other proxy service, the attachment in email is empty. I put a log action (expression: $attachments) in the beginning of email proxy service, and I saw this in the log file:
+<con:attachments xmlns:con="http://www.bea.com/wli/sb/context"/>+
So the attachment is really empty...
I use service callout. I put an insert action in request action of service callout:
In Variable:
attachments
XPath:
+.+
Location:
as first child of
Expression:
+<con:attachment xmlns:con="http://www.bea.com/wli/sb/context">+
+ <con:Content-Type>application/octet-stream</con:Content-Type>+
+ <con:Content-Disposition>attachment; filename="{$v_fileName}"</con:Content-Disposition>+
+ <con:Content-Transfer-Encoding>base64</con:Content-Transfer-Encoding> +
+ <con:body>{$attachments/ctx:attachment/ctx:body/*}</con:body>+
+</con:attachment>+
Why cannot I call this email proxy service from other proxy service for sending email with attachment?
I tried to solve this other. I called an email sending business service from this proxy service. But in this case I cannot set the body of email. If I put just one Transport Header action in publish action, I could send the email (with empty body). But If I put a replace action in publish action as well then the OSB didn't send the email and I couldn't find any error message in log file... How could I set the body of email in publish action?
Thanks!
ViktorYou should be able to get the current user id from the SPListItemEventProperties object. From here you should be able to create a Claim. For example get the user by using
user = SPWeb.Users.GetByID(properties.CurrentUserId)
SPClaim claim = SPClaimProviderManager.CreateUserClaim(user.email, SPOriginalIssuerType.TrustedProvider, issuerIdentifier);
https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.administration.claims.spclaimprovidermanager.createuserclaim(v=office.14).aspx
Blog | SharePoint Field Notes Dev Tools |
SPFastDeploy | SPRemoteAPIExplorer -
After
sql server 2012 installation, I attached my production db. Because of some reasons, i
changed sql engine account from network service user to system user by means of sql server configuration manager.
Now , there isn’t
a problem at sql server running system. But
I have doubts that
this can produce problems later. Because sql server database engine account must have privileges that listed below;
Log on as a service (SeServiceLogonRight)
Replace a process-level token (SeAssignPrimaryTokenPrivilege)
Bypass traverse checking (SeChangeNotifyPrivilege)
Adjust memory quotas for a process
(SeIncreaseQuotaPrivilege)
Permission to start SQL Writer
Permission to read the Event Log service
Permission to read the Remote Procedure Call service
While sql server installation, setup gives these
privileges to network service user automatically, but changing user by means of sql confugarition manager does not give these
privileges.
Now, system user has privileges listed below. And sql server has been running for 1,5 months without any problems.
Log on as a service (SeServiceLogonRight)
Bypass traverse checking
(SeChangeNotifyPrivilege) (Everyone user has his privileges. So i think that system user has this privilege also)
What problems can occur because of this situation? Shall i give other privileges to system user and restart sql server or not? And how can i give these privileges to system user listed below;
Replace a process-level token (
this can be set from user rights assignments)
Adjust memory quotas for a process
(this can be set from user rights assignments)
Permission to start SQL Writer (
? - give advice )
Permission to read the Event Log service (
? - give advice )
Permission to read the Remote Procedure Call service (
? - give advice )Our server is windows server 2008 r2 enterprise edition. I have looked the bunch of permissions in user rights menu that is in local security policy settings gui.
And i have seen those permissions below were not granted to system user;
Bypass traverse checking (SeChangeNotifyPrivilege)
Adjust memory quotas for a process
(SeIncreaseQuotaPrivilege)
So, briefly you say, don't panic ? -
Problem in oracle service bus osb proxy service message flow
i want to create a proxy service master which take 4 paramaeters as follow
-master business service
1- username 2-password 3-phonunumber 4- vouchernumber
then i need to map to open session business service
that will take 1-username 2- password from the same previous input
then recharge business service will take 1-phonenumber 2-voucher number from master service, and session object from open session
then call to closesession business service that will take the session output from opensession and will send the output "status" to the masterproxy :)
any one can help me here? its urgent
Edited by: user13027256 on Nov 29, 2011 12:53 AMHi ,
In proxy service master , carry out steps in different stages to have better audit trail
1. Assign your input payload(request stack) to a variable($request)
2. Use a Service Callout action to call open session business service and provide the request payload[username & password] for Business Service from the stored variable($request or $body ) using xpath expressions. U need to store the Business Service resoponse in a variable ($responseBS)
3. Then i think u need to call another recharge Business Service, again use a Service callout action and do the same as for above callout using $ request and $responseBS variable to construct your payload.
4. Use a route action at the end to call closesession business service, use $responseBS to have sessionOutput. -
Proxy-Service without a proxy-service.xml
HI all,
I'm trying to use the BlazeDS proxy-service to proxy my Web Service calls through so I can avoid the security issues of directly speaking to a remote SOAP Service.
I am using Spring-Actionscript on the client now so I can externalize all of the server config into config files instead of code. I've been really frustrated at trying to do this for the SOAP Proxy-service. No matter what destination, channelset or remote url I set, the runtime insists on loading the destination channel information from the ServerConfig class.
Is there no way around this hardcoded implementation? I've thought of exposing the services-config.xml and me downloading the file as the first thing I do in my flex app, or of bypassing the proxy service altogether and use RemoteObjects for Flex - Remote communication and let the RemoteObject deal with talking to the Web Service.
Has anyone ever solved this problem? I'm wondering if Adobe will solve this in BlazeDS 4....
Thanks for your help!!
Ronak PatelAlex,
I've been able to do this for RemoteObjects based on what Spring-Actionscript allows me to do.
However from what I've seen in the stack trace from Flex...
[MessagingError message='Destination 'point.service' either does not exist or the destination has no channels defined (and the application does not define any default channels.)']
at mx.messaging.config::ServerConfig$/internalGetChannelSet()[C:\autobuild\3.5.0\frameworks\ projects\rpc\src\mx\messaging\config\ServerConfig.as:661]
at mx.messaging.config::ServerConfig$/getChannelSet()[C:\autobuild\3.5.0\frameworks\projects \rpc\src\mx\messaging\config\ServerConfig.as:265]
at mx.messaging::MessageAgent/initChannelSet()[C:\autobuild\3.5.0\frameworks\projects\rpc\sr c\mx\messaging\MessageAgent.as:1165]
at mx.messaging::MessageAgent/internalSend()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\ mx\messaging\MessageAgent.as:1106]
at mx.messaging::Producer/internalSend()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\m essaging\Producer.as:147]
at mx.messaging::AbstractProducer/send()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\m essaging\AbstractProducer.as:507]
at mx.rpc::AsyncRequest/invoke()[C:\autobuild\3.5.0\frameworks\projects\rpc\src\mx\rpc\Async Request.as:133]
at services.pointclouddelivery::BasePointCloudDeliveryService/call()[E:\eclipse\workspace\li dar\lidar.client\src\main\flex\services\clouddelivery\BaseCloudDeliveryService.as:290]
It is not even checking the channelSet that the Service class maintains...the code is generated by Flex Builder 3 to go directly to the services-config.xml.
How can I break that dependency in the generated code?
I know Flex 4 does some other stuff for Web Services with the RDS Servlet. Would this be better suited for XML configuration? -
Osb proxy service calling other proxy services
hi
I'm new to the oracle service bus and i need some help
i created 3 proxy services and i need to create one proxy service that call the other proxy services and return the output of these proxy services in one response message
please help me in that problem. it'll be helpful to show me example
thanks in advancedbear in mind that all exchanges amongst services are done by writing /reading the $body variable.
The easiest way to produce a valid $body is to start from the preexisting $body and use the action
replace <yourPayloadHere/> in variable $body
using the option "replace node content"
If you want to store a response from a service for later reuse:
assign $body/* to myvariable -
Can we call Endpoint URI as service url in proxy service
Hi folks,
Can we call the web service url as the endpoint uri while configuring proxy service ?
eg: 10.16.220.144/ABCD as the endpoint uri in proxy service ?
If yes...then plese give me the steps.
thanks,
salilThe endpoint URI is the endpoint relative to the OSB managed server, to call it from external you use http://hostname:7002/my/path/myService as endpoint...
You can see the WSDL by typing http://hostname:7002/my/path/myService?wsdl in a browser...
hostname = your hostname
7001 = port where the OSB managed server is listening
/my/path/myService is whatever is configured as endpoint URI of your proxy service
Cheers,
Vlad -
SQL Server services accounts using Managed Service Accounts
Hi guys,
Need your feedback on something, is it wiser to use Managed Service Accounts or normal domain accounts to run SQL Server services? MSA's only work in a single computer, so for every environment I would need to create a new set of sql services accounts.
If I create a single account wouldn't it be simpler? For instance domain\sqlservices and set it on every service and every environment (dev, qa and production)Hi
It is a good question but the answer is not black or white. The answer is depend like most configuration questions.
I recommend you to use
Google to find blogs about the issue.
You can start from this links, which are great starting point for you question:
Best Practices For Using SQL Server Service Accounts
Book Online
Ronen Ariely
[Personal Site] [Blog] [Facebook] -
Calling multiple businnes services with one proxy service
hi all,
I have a scenario where a XML msg from JMS queue needs to be send or publish using ALSB to 4 different businness services with different operations.
I have created a dummy proxy service and configures the message flow using two pipeline pair as i need to validate the schema also, but it would be one time effort as the same msg needs to be send to all the services.And added 4 stages to add publish feature to indiviual business services.
I am not sure that this the best way with dealing with the scenario.
some help would be highly appriatiatedThis way seems fine. There is only small overhead with having multiple stages. Like your namespaces needing to be re-declared in each stage. Or if you need to do any if-else routing which may be duplicated. But it sounds like you always want to send to the 4 services.
It does seem like overkill to have a separate pipeline pair for the schema validate, where it could just be a separate stage. Unless you are doing it for error handling reasons. -
Local transport proxy service vs http proxy service
Hi,
Can anybody tell me why it is better to use Local transport proxy service in OSB than http for modularity?Hi Atheek,
Thanks for you reply.
My doubt is where local transport proxy service is deployed?
Like if we invoke a http based proxy service which is deployed at certain Endpoint and jms based proxy service is deployed as MDB which kepps listening to a queue.
Similarly, when i invoke local transport proxy service where and how OSB runtime looks for it?
Edited by: user12883209 on Jan 10, 2012 6:58 AM -
Extracting MIME attachment from email using OSB proxy service - email transport
Hi,
I'm reading email messages(multipart/mixed) with attachments(pdf, zip, xml and csv) from MS Exchange Server 2010 using OSB proxy service email transport.I need to save the attachments to a local folder and process one of the attachments, an XML file. Below is the proxy service config.
Proxy Service Configuration (Test1/Proxy Services/GetEmail)
Actions:
General Configuration
Service Type Messaging Service
Message Type Configuration
Request Message Type
Text
Response Message Type
None
Transport Configuration
Protocol email
Endpoint URI mailfrom:mailserver.net:143
Get All Headers No
Headers
EMAIL Transport Configuration
Email Protocol imap
Service Account Test1/Proxy Services/email_acc
Managed Server WLS_OSB1
Polling Interval 30
Read Limit 2
Pass By Reference false
Pass Attachments By Reference false
Post Read Action move
IMAP Move Folder processed
Attachments archive
Download Directory \\soasup-stor01\Vacancy\test\download
Archive Directory \\soasup-stor01\Vacancy\test\archive
Error Directory \\soasup-stor01\Vacancy\test\error
Request Encoding iso-8859-1
Message Handling Configuration
Transaction Required Disabled
Same Transaction For Response Disabled
Content Streaming Disabled
The polling is working fine. I've encoded the attachment variable to Base64 using a java callout.$attachments/ctx:attachment/ctx:body/ctx:binary-content has been passed as the byte[] input to the java method and the response is captured in $encodedAttachment. I've created a SaveFile BS(file type) with Request Message Type = Binary and Response Message Type = None. I've tried replacing the node ./ctx:binary-content in body variable with encodedAttachment in the request action of the Publish action to call the BS. One file is getting created with contents of the entire email, MIME headers and boundary parts along with the base64 encoded attachments.
<Contents from the created file>
MIME-Version: 1.0
Content-Type: multipart/related; boundary=MIME_Boundary;
type="binary/octet-stream"
--MIME_Boundary
Content-Type: binary/octet-stream
Content-Transfer-Encoding: 8bit
Thanks & Regards,
Samyajit Talukdar
: [email protected]
-----Original Message-----
From: Samyajit Talukdar
Sent: 10 April 2015 14:11
To: MS MLRP Returns
Subject: FW: 22222
Thanks & Regards,
Samyajit Talukdar
: [email protected]
--MIME_Boundary
Content-Type: application/vnd.ms-excel; name="soainfra_v$session.xls"
Content-Transfer-Encoding: base64
Content-Description: soainfra_v$session.xls
Content-Disposition: attachment; filename="soainfra_v$session.xls";
size=25618; creation-date="Thu, 27 Nov 2014 09:56:35 GMT";
modification-date="Fri, 10 Apr 2015 09:28:23 GMT"
0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7/CQAGAAAAAAAAAAAAAAABAAAAAQAAAAAAAAAA
EAAAJgAAAAEAAAD+////AAAAAAAAAAD/////////////////////////////////////////////
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAA=
--MIME_Boundary--
If I put a delete action in the request to Publish action for SaveFile BS to delete the $attachments, the created file contains only the email body part and the attachment boundary part is missing.
I've uploaded the OSB log with full trace enabled.
How can I pass the encodedAttachment to the BS for saving the files?
Would iterating through the $aatachment/ctx:attachment give me the individual attachments for saving and processing, as there are separate binary-content refs in them?
Any help to achieve my requirement is highly appreciated.
Thanks in advance.Hi Manoj,
Thanks for the quick reply to my query.
The thing is, the link you have provided talks more from changing the business Service configurations i.e. the type of the service etc, but the concern is, that the Business Service is already Implemented and hence the change would not be an appropriate option for me.
Please let me know, if any more information is required.
Thanks & Regards,
Anu
Maybe you are looking for
-
Enterprise Manager is not able to connect to the db instance?
Hi there, Everything is up and running but Enterprise Manager is not able to connect to the database instance. Could you please help?
-
How to delete keywords from more than one image at once?
Is there any way to delete all the keywords from a selected group of images all at once? I've selected a group of images, but when I delete the keywords, it only deletes them from the highlighted (targeted?) image and not from the other selected imag
-
Hi everybody, I have buyed a Sun Ultra 5 used with Solaris 8 pre-installed. When I turn-on power the system starts but I havent openboot prompt. I want install Solaris 10. How I can start openboot's prompt and run the command "boot cdrom"?
-
Since upgrading to Lion I cannot backup iphoto library to external drive. Using iPhoto 8.1.2. Error message "The operation can't be completed because the item "iPhoto Library" is in use." Prior to upgrade to Lion I made a backup of data on an exte
-
Function to get reversal of any string ..!
hi , Is there any function in oracle to get reversal of any string. 'london' --> 'nodnol' select func_name('london') from dual; --> is there any built-in function to do this operation? result- 'nodnol' rgds, pc