SOA Suite 11g OWSM (no Gateway)

Hi
I am currently looking at a new high level design for a SOA implementation using the Oracle SOA Suite 11g.
We have a small issue around how to secure our externally facing web services that are exposed out to the WWW.
Previously I would have placed an instance of the OWSM gateway in the DMZ secure tier of our infrastructure seperating this from our Application/ SOA tier with firewalls.
However in the 11g version of the SOA suite there is no Gateway component which means that although we can still use policy enforcement points to secure the services in the SOA tier we have to let messages into the SOA / Business Tier before we can perform this validation.
We are looking at 3 stage validation of incoming XMl validation
- Encryption / Signing SOAP Messages using digital certificates
- Integrity check of the XML structure
- Username and password authentication
Ideally we would like to perform this validation within the DMZ before passing the messages to the SOA / Business Tier but cannot see how to perform these actions within the OWSM. Does anyone have any ideas of how we can perform these actions using the 11g Suite.

Eric
As I put in my previous post we know there is no gateway which is why I am posting a thred on this forum.
Securing the services at the level you have provided should only be done for internal security vilations and this is not recommended for services exposed out to the WWW.
Securing services in the AS business tier does not prevent denial of service attacks because the services them selves will be taken down. The OWSM provided the ability to secure the services in the DMZ.
What I need to know is how Oracle or other people are securing their services INSTEAD of using the Gateway.

Similar Messages

Configure .p7b(PKCS #7 Certificates) in SOA Suite 11g - Enterprise Manager

Hi,
currently configured .jks file in em - weblogic domain - security - security provider configuration which is used by owsm policy to validate my incoming signed soap message.
(incoming message is signed with the same jks file). so it is working fine.
Now I got .p7b(PKCS #7 Certificates) file from customer, so I need to replace this with my existing .jks file. How can I do this?
Appreciate your quick inputs.
Thanks

customer site is invoking my soa suite application,public portion of the certificate which I got from them I configured at my end(.p7b converted in to jks). with the private key (which I do not have with me) the customer site is signing the soap request and hitting my soa suite.
Getting following error in my soa suite side(soa_server1-diagnosis):
X509 Certificate will not be advertised due to underlying exception "oracle.wsm.security.SecurityException: WSM-00057 : The certificate, abc.org, is not retrieved. The following aliases are found in the keystore:- [defnet.org, klmca.org, abc.org, ]".
while converting in to jks I gave alias, I do not know what value should I give. I found
subject: CN=abc.org... in .p7b file, used the same name as alias.
converted .p7b file in to .cer as suggested by anuj, .p7b file contains 3 certificates,so imported 3 times in to same key store file like this
keytool -import -alias abc.org -file xyz.public.cer -keystore xyz-keystore.jks
keytool -import -alias klmca.org -file klmca.public.cer -keystore xyz-keystore.jks
keytool -import -alias defnet.org -file defnet.public.cer -keystore xyz-keystore.jks
Where I am doing wrong here?
Can I configure directly .p7b(PKCS #7 Certificates) file in enterprise manager (soa suite 11g ps3.). I converted in to jks file and configured but it is not working.
Please suggest. This is urgent. Appreciate your quick help.
Edited by: 798585 on May 20, 2011 12:00 AM

PGP Encryption support in SOA Suite 11g

Hi,
Looking for PGP encryption support in SOA Suite 11g as we have a requirement to encrypt the file using PGP encryption and send over SFTP.
I already went through some of the forums posts but they are date back to 2007, so just wanted to confirm if there is anything in recent releases of SOA Suite.
- FTP adapter support or
- OWSM suppport.
As far as i know, we have to install some PGP tool and write a script to encrypt/decrypt and call the script from BPEL. this conclusion is based on a stmt given in the OWSM 10g book by sitaraman.
Please provide your insights on this.
Thanks
Siva

Hi Siva,
I don't think still there is any support for PGP in Oracle SOA. You may use java for PGP encryption/decryption and transfer externally encoded messages over SFTP.
Please refer -
Re: PGP Encryption/Decryption
PGP Encryption in B2B
Regards,
Anuj

Error message deploying a composite in SOA Suite 11g

Hello,
We are attempting to deploy a composite to SOA Suite 11g (11.1.1.3). We're getting an 'Unable to register service' error message. When I inspect the log files I see the following entry as the first error:
Failed to retrieve policy[[
oracle.wsm.policyaccess.PolicyAccessException: WSM-06146 : Error deleting the attachment entries.
Anybody have any experience with this error? The error message reference has the following listed:
WSM-06146: Error deleting the attachment entries.
Cause: Failure occurred while deleting the attachment entries.
Action: Ensure that a valid list of policy subjects for deactivated lifecycle type is passed
Level: 32
Type: INCIDENT_ERROR
Impact: Configuration
I don't know how to "ensure that a valid list of policy subjects for deactivated lifecycle type is passed". Please help!!!!
Thanks,
jh

This is what we have done :
1.Created the JDBC data source & connection pool as below :
data source name : B2BAQ , JNDI name : jdbc/B2BAQ
Connection Pool :
URL : taken from the tns entries of the instance
Driver Class Name : oracle.jdbc.OracleDriver
Tested this connection ..it works fine from the Admin Console
2.Then go to Deployments --> AqAdapter -> Configuration tab --> Outbound Connection Pool Group -->
Create a new connection pool instance -- General tab
connection interface factory : javax.resource.cci.ConnectionFactory
JNDI Name : eis/AQ/B2BAQ
Then in Properties tab : Enter the Data Source Name : jdbc/B2BAQ
Then we try to Start the AqAdapter from the Admin Console..it goes into Prepared status.
The error message which comes is mentioned above.
Is there any way we could resolve this ..that would be very helpful
Regards
Edited by: user5149250 on Mar 13, 2012 6:33 AM

How to configure something similar to optSoapShortcut in SOA Suite 11g

Hi,
We are migrating processes in BPEL 10g to composites in SOA Suite 11g (11.1.1.5). In one of these processes we are extracting the ws-addressing elements replyTo and MessageID from the SOAP header from the calling process and saving these values into a database. They are later used to be able to reply back to the calling process. In 10g this was no problem but in 11g calls between processes are automatically optimized, meaning that they are not communicating using SOAP. Hence, it seems like we can't get the soap headers the normal way.
According to the Administration Guide for SOA Suite 11.1.1.5 the optSoapShortcut property has been removed which could be used in 10g to specify if the calls should be optimized or not. Is there any other way to configure this in SOA Suite 11g?
If not, is there any way to instead extract these elements from some BPEL API or similar?
Thanks!
Best wishes
Kerstin

For release 11g, SOAP optimization is automatically configured. Therefore, if you upgrade your projects from 10g to 11g and are using the optimized shortcut approach in existing applications, note that optimized calls are activated only when the hostname value (as referred to in the WSDL URL in the composite.xml file) matches the Server URL value. Either set both values to the hostname (for example, myhost) or to the full domain name (for example, myhost.domain.com). If these values do not match, a regular SOAP call is performed instead of an optimized local call.
You can still control this using oracle.webservices.local.optimization property.
http://docs.oracle.com/cd/E15586_01/web.1111/b32511/configuring.htm#WSSEC3522
Refer to "Controlling When Local Optimization is Used"

How to deal with any UDDI in SOA Suite 11g?

Hi folks,
I have spent quite some time trying to understand how Oracle is dealing with the UDDI aspects in the Soa Suite 11g.
Back to Oracle AS 10g, I remember, even though i had never used it, that the UDDI repository was a out of the box capability with a very nice Web UI to browse the services The Aqualogic Service Bus seems to have features to consume/publish web services in any UDDI, but no real embedded UDDI in its core.
Since 11g, obviously the way to go is to adopt Oracle Service Registry. There is a seamless integration with JDeveloper 11g (i.e create a UDDI connection to publish/consume/search web services).
My company is keen to go on a open source UDDI and I came to the conclusion that any of those (i.e jUDDIv3.02, OpenUDDI) are actually able to work properly with JDeveloper 11.1.1.2. I got XSD exception or other cabalistic errors that definitely show that JDeveloper 11g can only deal with Oracle Service Registry. I heard that the Soa Suite 11g could only deal with UDDI v2 and v3. CentraSite does fit those requirements but does not work too.
Why is that ? How can I set up my SOA initiative without having the choice on the UDDI ? Does this have changed since PS2 ? I have tried to look up on Metalink and I got a hit on jUDDI but it does clearly state that jUDDI works well now with JDeveloper.
Any answer on that would be highly appreciated.
Kind regards,

Hi,
DVM cache policy is lazy load. there is no option to preload the cache with server startup currently. However this would be affecting only the first request the susequent requests are serviced from cache.
HTH..
appologies for reaching on this late.
regards,
Jitendra

Weblogic Domain not getting created in SOA Suite 11g R2

I have installed the components of SOA Suite 11g R2 (11.1.1.3) on a single Windows XP SP3 machine (32 bit) following recommended procedures. I tried to configure Weblogic server using Domain Configuration utility. After navigating hrough the wizard, no Weblogic server profile is getting created in the doamin folder. Even the WL Admin server is not getting created. The Domain Configuration utility did not throw any errors.
1) Is this problem related to Oracle repository for SOA suite 11g?
2) Can the repository schemas (Oracle) hold multiple weblogic SOA domain information?

Hi,
Weblogic servers directory do not gets created after domain creation or even managed server configuration. It will present itself only when you start the managed server for the first time, that is when it initializes all security attributes, diagnostic attributes (if configured) , etc..
Perform server start and then check if it gets created or not.
## rank answer if it is helpful ##
Thanks,
Ranjan

Is B2B document editor necessary in SOA suite 11g environment?

Hi All,
In my server, SOA suite 11g is installed, which include B2B engine also.For devoloping a POC in B2B environment, document editor is necessary or not?. Without document editor, is it posible to devolop a simple POC? I am completely new to this B2B environment.
Regards
Dd

Integration B2B forum is -
Integration - B2B
Document Editor is optional and will be used in case of B2B. For further clarification, raise a thread in B2B forum.
Regards,
Anuj

Custom Identity Service configuration in SOA Suite 11g

Has anyone been successfull in using custom identity service (available in 10.1.3.X) as a identity store in soa suite 11g human workflow component? If yes, please guide me.

Can you make sure your helloworld is using adf bindings as mentioned in thread Re: Urgent :: 11g Invoking Composite from Java/From Webservice Proxy

Truncate all Instances in SOA SUITE 11g BPEL SOAINFRA SCHEMA

Hi Guys!
We are running Oracle SOA SUITE 11g + BPEL, Version 11.1.1.3.0 (PS2)
We running out of disk space issues in a database due to large number of test instances in dehydration storage.
Is there any way to TRUNCATE all tables in order to clean up instances from BPEL engine (SOAINFRA schema)
Oracle provides this functionality (purge scripts and implemented procedures in a database) but this is a deleting approach and it doesn't work with millions of instances in a storage. Deleting instances from GUI doesn't work at all.
1. We are looking the way to truncate all instances in a database rather then delete them which takes ages and doesn't work properly in case of huge amount of instances.
2. We would like wipe out all instances without any time restrictions.
Any feedback, script from you guys would be much appreciated.
Cheers!!

Hi,
There still no solution for truncating tables. Looks like we have to look into Oracle's procedures in delivered with SOA SUITE installation.
I posted an article about deleting large number of instances in SOA Suite 11g. It does the job in a pretty fast way.
[Delete large numbers of instances in Oracle SOA Suite 11g|http://emarcel.com/soa-suit/152-deleteinstancessoasuite11gwls]
Cheers!!
emarcel.com

OracleBAMAdapter Configuration problem in SOA suite 11g

Hi,
In Oracle SOA suite 11g(11.1.1.2.0), OracleBAMAdapter configuration using WebLogic server console is resulting in the following error
* An error occurred during activation of changes, please see the log for details.
* [J2EE:160149]Error while processing library references. Unresolved application library references, defined in weblogic-application.xml: [Extension-Name: oracle.soa.workflow.wc, exact-match: false].
Steps used for configuration:
1) Modify adapter configuration using navigation:: Deployments -> OracleBAMAdapter -> Configuration -> Outbound Connection Pools -> oracle.bam.adapter.adc.RMIConnectionFactory -> eis/bam/rmi
2) Specified connection properties with BAM server port details
HostName localhost
InstanceName ADCServer1
Password welcome1
PortNumber *9001*
UserName weblogic
In config.xml (%Domains%/soa_domain/config/) , I could see the following library entry
<library>
<name>[email protected]</name>
<target>AdminServer,soa_server1</target>
<source-path>K:\OracleFMW\Oracle_SOA/soa/modules/oracle.soa.workflow_11.1.1/oracle.soa.workflow.wc.jar</source-path>
<security-dd-model>DDOnly</security-dd-model>
<staging-mode>nostage</staging-mode>
</library>
Could you please help resolving this issue?
Regards
Naveen

I do not think that would qualify as a solution :-). I was negligient in deploying Work Flow Application, and was not deselecting the checkbox in 11.1.1.2.0 JDeveloper, which reads out like "Deploy to all the servers". Thus it was trying to deploy it to BAM server as well as the Admin Server. I had to deselect it. It's pretty mundane thing that I was missing.
Warm regards.

B2B Console "missing" in SOA SUite 11g R1 PS3?

I have a brand new SOA SUite 11g R1 PS3 installation, using the following installation steps:
OracelXEUniv
WebLogic Server 10.3.4.0
SOA Suite 11.1.1.2
SOA Suite 11.1.1.3
SOA Suite 11.1.1.4
Created a new single server domain using teh new 11.1.1.4 developer template
I can start the weblogic console, no problem
I can start the enterprise manager console, no problem
when I try to start the B2B Web Console http://localhost:7001/b2bconsole, or http://localhost:7001/b2b I get the 404 HTTP error - the console applicaitn is not found
Can someone, please, suggest what I am missing?
Thanks in advance

Hello Michael,
I analyzed this issue and found that it is working as designed. Developers templates are designed for low memory hosts and hence certain applications like b2bui, composer, OracleAppsAdapter etc. does not get deployed by default. If a user wants to use these applications then he may target and deploy them manually from Weblogic Admin console.
As these applications may not be required for all users who installed SOA (because SOA installable contains many components of SOA like BPEL, Mediator, Rules, Workflow, B2B and BPM Suite as well and a developer may not be interested in using all these applications), so these apps does not get deployed by default.
For the benefit of other users of this community, I have blogged about the same here where you may also find steps that how to enable these applications -
http://anuj-dwivedi.blogspot.com/2011/02/b2b-consolesoa-composer-not-opening-up.html
Thanks for bringing this issue up here in this forum.
Regards,
Anuj

Java Embedding bug in SOA Suite 11g BPEL??

I am beginning to wonder if there is a 'bug' in the SOA Suite 11g, BPEL, Java Embedding activity? Need some help as soon as possible – does the Java Embedding activity work in SOA Suite 11g?
Have tried the following on Jdev 11.1.1.1 and Jdev 11.1.1.3 – get the same error message (see below for error message).
Thanks for any help - Casey
I created a simple composite app by:
1.     Created a Composite with BPEL Process
2.     Created a BPEL variable by the name of Variable and a Simple Type of string      ({http://www.w3.org/2001/XMLSchema}string)
3.     Added an Assign activity (Assign_1) and assigned the value of “Test Var” to the variable Variable using a Copy operation.
4.     Then, after the assign activity, added a Java Embedding activity (Java_Embedding_1) with Java Version set to 1.5 and the following code:
+try{+*
String var;*
var=(String)getVariableData(Variable);*
System.out.println(var);*
+} // end try+
+catch(Exception ex){+*
System.out.println(ex.getMessage());*
+}// end catch+
Compiled and got the following error message:
Error(23,34): Failed to compile bpel generated classes.*
failure to compile the generated BPEL classes for BPEL process "BPELProcess1" of composite "default/Project1!1.0"*
The class path setting is incorrect.*
Ensure that the class path is set correctly. If this happens on the server side, verify that the custom classes or jars which this BPEL process is depending on are deployed correctly. Also verify that the run time is using the same release/version.*
Code for the BPEL component is:
+<?xml version = "1.0" encoding = "UTF-8" ?>+
+
+<process name="BPELProcess1"+
targetNamespace="http://xmlns.oracle.com/TestgetVariable_jws/Project1/BPELProcess1"
xmlns="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:client="http://xmlns.oracle.com/TestgetVariable_jws/Project1/BPELProcess1"
xmlns:ora="http://schemas.oracle.com/xpath/extension"
xmlns:bpelx="http://schemas.oracle.com/bpel/extension"
xmlns:bpws="http://schemas.xmlsoap.org/ws/2003/03/business-process/"
xmlns:ns1="http://xmlns.oracle.com/pcbpel/adapter/file/TestgetVariable/Project1/FileW"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+
+<partnerLinks>+
+
+<partnerLink name="bpelprocess1_client" partnerLinkType="client:BPELProcess1" myRole="BPELProcess1Provider" partnerRole="BPELProcess1Requester"/>+
+</partnerLinks>+
+
+<variables>+
++
+<variable name="inputVariable" messageType="client:BPELProcess1RequestMessage"/>+
++
+<variable name="outputVariable" messageType="client:BPELProcess1ResponseMessage"/>+
+<variable name="Variable" type="xsd:string"/>+
+</variables>+
+
+<sequence name="main">+
++
+<receive name="receiveInput" partnerLink="bpelprocess1_client" portType="client:BPELProcess1" operation="process" variable="inputVariable" createInstance="yes"/>+
+
+<assign name="Assign_1">+
+<copy>+
+<from expression='"test var"'/>+
+<to variable="Variable"/>+
+</copy>+
+</assign>+
+<bpelx:exec name="Java_Embedding_1" version="1.5" language="java">+
+<![CDATA[/*Write your java code below e.g.+
+     System.out.println("Hello, World");+
+*/+
+try{+
+String var;+
+var=(String)getVariableData(Variable);+
+System.out.println(var);+
+} // end try+
+catch(Exception ex){+
System.out.println(ex.getMessage());
+}// end catch]]>+
+</bpelx:exec>+
+<invoke name="callbackClient" partnerLink="bpelprocess1_client" portType="client:BPELProcess1Callback" operation="processResponse" inputVariable="outputVariable"/>+
+</sequence>+
+</process>+

Java Embedding bug in SOA Suite 11g BPEL??

Dynamic JNDI in SOA Suite 11g

Hi,
i have a urgent requirement for my project using SOA Suite 11g,
and i have a problem in passing dynamic JNDI
to the database adapters (eis/DB/...).
say that i have 2 connections,
eis/DB/conn1, and eis/DB/conn2
how to switch this information dynamically in the bpel orchestration
and supply it to the db adapter.
since when using wizard we supplied it statically.
I notice that this problem seems to be answered in
this thread:
Thread: How to externalize JNDI name (setting JNDI name dynamically)
How to externalize JNDI name (setting JNDI name dynamically)
but when i tried it (using WS-Adressing substition) it doesnt
work in this newer version of SOA Suite (11g)
So how we can solve this in SOA Suite 11g
Thank you...

Hi,
you don't need to change the resource adapter connection just change the (xa) datasource in the eis name
I know with the mediator I can assign a new datasource by setting the jca.db.xadatasource property and still use eis/DB/conn1
hope this helps
Edwin

Dynamic xslt in soa suite 11g

Hi all,
How can we run xslt dynamically in soa suite 11g . I have a requirement to get the xslt file name from the DB based on the input request ID .
Then apply that xslt dynamically in the input request . Whenever we identified any new input request just create the xslt and just copy in a location update the DB
with that ID . No development effort new XSLT.
IS this is possible in 11g i know this is possible in 10g can anyone let me know how to achieve this in 11g.
Thanks
Phani

Hi,
I have placed my transformations in shared folder inside MDS & pass the transformation file to the Oracle SOA transformation function as oramds:/apps/<transformation file name>, i.e in my case I have put the transformation_example.xsl in /apps/testing folder, so I passed oramds:/apps/testing/transformation_example.xsl. I don't deploy shared transformation with composite but put it in shared location.
Your case should also work, look like to me the path issue, jdev ide by default creates all transformation file inside xsl folder, but in the path does not have xsl folder. Check the MDS repository & verify oramds:/deployed-composites/default/DB_Event_rev1.8/Transformation_2.xsl is right.
HTH
Ashish

SOA Suite 11g OWSM (no Gateway)

Similar Messages

Maybe you are looking for