WS-Security with Oracle BPEL

Is it possible to apply WS-Policy or encryption with Oracle BPEL without uing web services manager.
So if a BPEL process is exposed as a web service then how do I apply WS-Policy etc on that web services ?

Hi.
I don't know anything about WS-Policy support in BPEL or WSM, but regarding WS-Security aspects like encryption/decryption, certificates, etc, I can tell you the following:
1 - If your BPEL Process needs to call a web service and pass WS-Security credentials through a partner link, I only know about (and it seems the only option) sending WS-Security username/password authentication
http://download-east.oracle.com/docs/cd/B31017_01/core.1013/b28764/owsm003.htm#sthref1082
Additional information found here:
http://download-east.oracle.com/docs/cd/B31017_01/integrate.1013/b28982/security.htm#sthref10
For the other features like encryption and certificates, I have only used web services manager gateway so far.
2 - All Web Services exposed by your Oracle Application Server (be it a BPEL Process or any other web service) can have an interceptor configuration to validate certificates, apply decryption, etc, when a message arrives. You can verify this by going to your Application Server Control Console->Your OC4J->Web Services->Your Web Service->Administration->Security
3 - If you need to pass WS-Security information when calling your BPEL Processes from an application, you can protect your BPEL process as described in step 2, and then use JDeveloper to configure a web service proxy that encrypts or put certificates in your messages, also using an interceptor mechanism. After creating your web service proxy, right click it and Select the option "Secure Proxy" option.
Hope someone can give more information about WS-Security and WS-Policy.
Denis

Similar Messages

Type of person and skills needed to work with Oracle BPEL?

Hello,
Were trying to recruit for a BPEL position in an defense intelligence enviornment. Were not sure of all the skills needed to make this position successful. What type of consultant and what skills sets should we be looking for to complement someone's knowledge of Oracle BPEL?
Thanks

I would expect a BPEL resource to have
Solid understanding in developing Service Oriented Applications.
Good understanding of web services and SOAP protocol.
Commanding knowledge in XML technologies like XSD, XPath, XSL
Experience with Oracle BPEL Process Manager and developing applications using BPEL
Basic Knowledge/Working experience in Java would be nice.
Apart from these, it's good to have experience in the external systems that you are trying to orchestrate with BPEL. For e.g If your application integrates with Oracle EBS. It's good to have integration experience with EBS.
Hope that helps.

Create Lead with Oracle BPEL process using Siebel CRMOD web service

I'm trying to create a lead in the siebel OD (hosted) with a oracle BPEL process and using the siebel web service (2.0). In my bpel process I've been able to
1. Login to OD and get a session id
2. create the partner link using Siebel OD (version 2.0) wsdl for Lead
3. Assign the session id to the partner link
4. Assign the inputs (lastname, firstname, leadowner, viewMode=Personal, lovLanguageMode=LDC) to lead
5. Call the leadInsert operation on the partner link
However, when I deploy and execute the bpel process it breaks after calling the leadInsert with the following error message:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
<remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="code"><code>Server</code>
</part><part name="summary"><summary>The record with search specification '' in business component 'Lead' (integration component 'Lead') has been deleted by another user since it was retrieved.(SBL-EAI-04289)</summary>
</part><part name="detail"><detail><detail>
<siebelf:siebdetail xmlns:siebelf="http://www.siebel.com/ws/fault" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<siebelf:logfilename xmlns:siebelf="http://www.siebel.com/ws/fault" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">OnDemandServicesObjMgr_enu_138636.log</siebelf:logfilename>
<siebelf:errorstack xmlns:siebelf="http://www.siebel.com/ws/fault" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<siebelf:error xmlns:siebelf="http://www.siebel.com/ws/fault" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<siebelf:errorcode xmlns:siebelf="http://www.siebel.com/ws/fault" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">(SBL-DAT-00494)</siebelf:errorcode>
<siebelf:errorsymbol xmlns:siebelf="http://www.siebel.com/ws/fault" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"/>
<siebelf:errormsg xmlns:siebelf="http://www.siebel.com/ws/fault" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">The record with search specification '' in business component 'Lead' (integration component 'Lead') has been deleted by another user since it was retrieved.(SBL-EAI-04289)</siebelf:errormsg>
</siebelf:error>
</siebelf:errorstack>
</siebelf:siebdetail>
</detail>
</detail>
</part></remoteFault>
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Any feedback as to what I'm doing worng woull be greatly appreciated.
Thanks,
--manoj

Hi,
We are also using BPEL to send data out to SIEBEL CRMOD.
I've created a proxy that deals with authentication and session management.
All you have to do is to deploy the proxy as a war file and refrence it as the end-point of your partner link.
Code is here:
http://another-soa-blog.blogspot.com/2010/02/oracle-siebel-on-demand-session-and.html
Regards,
Fred.

Data level Security with Oracle Apps as Source

Hi all
I am implementing Data level Security with Apps as Source(OLTP) on Single Sign On.(Oracle has provided the Vanila rpd & we are working on that)
I need to Filter data based on Business Group, Users are created in Apps and they are registered with some Responsibilities.
(for eg, OBI User CHINA is a Responsibility; Now he will get only Business Group ID for China)
I have created Groups in rpd with same name as the responsibility in Apps.
I have created Initialization Blocks from which I m getting only 1 business group ID for every :USER.(I tried the code in TOAD & I m getting the correct BG ID)
I have created Group in WEB with the same name as the Group name in rpd.
If I say show all Users and Groups in WEB, I m getting the APPS Users.
I hv Reloaded the server metadata files and restarted the BI Server/WEB Server also...
But in the Report, I m getting all the Business Group Ids,
Plz advice if I m doing something wrong.
ThanQ
Anand

You need to be creating your "business groups" as a group in the RPD, init blocks to retrieve the user business group at login. Filters in the Logical table sources to restrict data to relevant business groups only.
Presentation 'Web Cat' groups with the same name as the RPD groups so a user inherits membership automatically.
I'd suggest sourcing a vanilla OBIA rpd to see how it is implemented out of the box.

Error message when listing activities with Oracle BPEL Control and Java API

I'm implementing some BPEL processes in an Oracle Application server 10.1.3.3 environment.
I use the Oracle BPEL Process Manager Client Java API to access some BPEL instances but when I want to list their activities with IInstanceHandle.listActivities() (I've tested the IInstanceHandle and it contains an open process instance) I receive the following error message:
"Activity error:ORABPEL-04003 Cannot find work items. An attempt to fetch the work items using the where condition "cikey = ? AND ( wi_state = 1 OR wi_state = 2 OR wi_state = 3 ) " from the datastore has failed. The exception reported is: [ODBC S1002] invalid column number Please check that the machine hosting the datasource is physically connected to the network. Otherwise, check that the datasource connection parameters (user/password) is currently valid. sql statement: SELECT * FROM admin_list_wi WHERE ci_domain_ref = 0 AND cikey = ? AND ( wi_state = 1 OR wi_state = 2 OR wi_state = 3 )"
When I try to use the BPEL control to list the activities I also receive an error, which I think is related:
"[javax.servlet.ServletException]
Cannot find work items.
An attempt to fetch the work items using the where condition "" from the datastore has failed. The exception reported is: [ODBC S1002] invalid column number
Please check that the machine hosting the datasource is physically connected to the network. Otherwise, check that the datasource connection parameters (user/password) is currently valid.
sql statement: SELECT * FROM admin_list_wi WHERE ci_domain_ref = 0 ORDER BY wi_modify_date desc"
Has anyone found a solution to this error? There are a couple of developers in our team that has the same problem and also have a similar problem when trying to purge instances from the BPEL control. The problem started when we patched to 10.1.3.3.

When you upgraded to 10.1.3.3 did you run the SQL scripts that modified the SOA suite schemas?
SOA_ORACLE_HOME/bpel/system/database/scripts/upgrade_10131_10133_oracle.sql
cheers
James

Which JBuilder version to work with Oracle BPEL?

Hi, Im very new to Oracle Bpel.I just started yesterday. Could you please tell me which version of Jbuilder has to be installed and links from which i can dowload.
Thank you.
user11269341

Welcome to Oracle BPEL!
You may use a Oracle JDeveloper 10g Release 3 (10.1.3.3) from the following link.
http://www.oracle.com/technology/software/products/ias/index.html
That should be fine for the SOA Suite 10.1.3.3 which is also available from the same link (Oracle Application Server 10g Rel3 10.1.3).
hope that helps!
AMN

Eclipse BPEL Designer with Oracle BPEL Process Manager

Gurus,
I am tryting to develop a BPEL 2 process using Eclipse Helios BPEL Designer (v0.5).
Request your help with a problem that I am facing, which is as follows:
I am trying to create a Partner Link (PL) in my BPEL process, using the Partner Link Type (PLT) provided by TaskService (for user interactions) in BPEL Process Manager 11g integration services.
However, the PLT is not recognized by Eclipse BPEL Designer. The Port Types in the WSDL show up but not the PLTs.
I noticed that the PLT namespace being used in the TaskService WSDL is BPEL v1 namespace (namely, http://schemas.xmlsoap.org/ws/2003/05/partner-link/). I am able to work with PLTs from WSDLs with BPEL v2 namespce (namely, http://docs.oasis-open.org/wsbpel/2.0/plnktype)
Is there anyway I can work with v1 PLTs using Eclipse BPEL 2 Process?
Many Thanks,
Pulkit Sharma

Hi,
I believe the Eclipse BPEL Designer is not a supported tool to create SOA composites. I suggest using Oracle JDeveloper 11g as it is a supported tool for development and is Oracle's go-forward IDE strategy.
Hope this helps!

List of all Weblogic server version compatible with Oracle BPEL 10.1.3.x

Hi all,
Kindly let me know all the web logic server versions compatible with 10.1.3.x.
I know that WLS 9.2 works fine as i have already installed SOA Suite 10.1.3.4 with WLS 9.2 MP3.
But I am not sure bout the rest of the versions of WLS.
i need en exhaustive list of all the versions of WLS compatible with SOA Suite or standalone BPEL having versions - 10.1.3.3 or 10.1.3.4.

Hi Vishal,
11g Certification Matrix on OTN
http://www.oracle.com/technology/software/products/ias/files/oracle%20fusion%20middleware%2011gr1%20(11%201%201%201%200)%20certification%20matrix.xls
10.1.3.4
http://www.oracle.com/technology/software/products/ias/files/oracle_soa_certification_r3_10.1.3_matrix.xls
10.1.3.3
http://www.oracle.com/technology/software/products/ias/files/oracle_soa_certification_r3_10.1.3_matrix.xls

EXTPROC security with Oracle 9i ?

Hi
I would like to know if ther are any look holes with using EXTPROC in oracle 9i. I have been told by the DBA in my organisation that they do not allow extproc due to security issues.
We do not allow extended procedures using EXTPROC in Oracle, this is a potential security issue in Oracle 9i where ESP, any user call made for executing Extended Procedure, is executed using instance owner and that's the reason we do not allow itI would like to if this is really a security loop hole and what can be the alternative for this. If so, is there any way we can restrict the use to specific commands that will be executed from OS ?
Reagrds
Akshay

Depending on your needsm you can always have the SQLNET Valid Node Checking option, even in standard edition. This will eliminate the need for a firewall between the DB server and the app server.
However, why you can't use this simple setup?
<pre>
| 9iAS | Other servers in your company
Outside | |
| Oracle DB |
Firewall-^ ^ ^-Firewall
|
Demilitarized Zone
</pre>
This will be protection enough for your servers.
Arup Nanda

Network security with Oracle Database Cloud Service

Does the Oracle Database Cloud service support SSL? Or, any form of network encryption/authentication between a client and the service across the Internet?

Thank you Rick. I'm intending to use Oracle Database Cloud Service as a "Database-as-a-Service", however I have read that it is actually more of a "Platform-as-a-Service" offering.
What I would like to do is to interact with the Oracle Database Cloud Service via a local JDBC client. However, from further reading, it looks like the only way to interact with the Oracle Database Cloud Service from a non-Oracle-cloud-based client is via its RESTful web services (which, as you said, support SSL).
That is to say, I cannot simply connect to the Oracle Database Cloud Service from a local client just through JDBC alone. It looks like I would have to configure my client to make the relevant RESTful web service calls instead, and likewise configure my settings on the Oracle Database Cloud Service to make the necessary translations (from REST to SQL).
Just to finally clarify, is my above understanding correct?

Oracle BPEL standard, best practice and naming convention

Hi, folks,
Is there any standard or best practice associated with Oracle BPEL, regarding development, performace, what to avoid, etc? And is there any naming convention for the process, variable partner link name, etc? Similar to naming convention in writing Java code?
Thanks
John

Hi,
Here is the best practice guide:
http://download.oracle.com/technology/tech/soa/soa_best_practices_1013x_drop3.pdf
Thanks & Regards,
Dharmendra
http://soa-howto.blogspot.com

OID-Integrated Label Security with HTMLDB?

Hi,
I've followed the how-to document to integrate Oracle Label Security with Oracle Internet Directory.(http://www.oracle.com/technology/deploy/security/database-security/howtos/ols_oid-how-to.html).
I've successfully created a label security policy for the HR.LOCATIONS table. I would like that same policy to be effective on any query regions in an HTMLDB application.
I created a test application in HTMLDB, and changed the authentication scheme to be LDAP. It uses Oracle Internet Directory to authenticate the users, and this works successfully.
However, when I login with an OID user that has been assigned to use the policy, I get no rows returned.
What is a good way to integrate my label security policy with my htmldb applicaton so that it works within HTMLDB and outside of HTMLDB?
I saw the technote to use VPD, but when I tried this, it caused my label security policy to stop working. I somehow made it conflict...(http://www.oracle.com/technology/pub/notes/technote_htmldb_vpd.html)
I guess I'm just not sure what the VPD function should look like after I've already created a Label Security Policy.
I basically want it to look at the APP_USER and then apply the policy appropriately.
Thanks,
Nora

Scott,
It still worked in SQLPLUS when I typed 'set role none' first.
The way I granted PROFILE_ACCESS was through a label security command:
SQL> exec sa_user_admin.set_user_privs('senspolicy','parse_schema','FULL,PROFILE_ACCESS');
It seems like this is the only way..
It just seems strange that it works in SQLPLUS. I'm trying to figure out what other permissions I need for HTMLDB.
Thanks again,
Nora
SQL*Plus: Release 10.2.0.1.0 - Production on Wed May 16 16:38:20 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Enter user-name: parse_schema/<password>@testls
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, Oracle Label Security, OLAP and Data Mining options
SQL> set role none;
Role set.
SQL> select count(*) from hr.locations;
COUNT(*)
23
SQL> exec sa_session.set_access_profile('senspolicy','PUB');
PL/SQL procedure successfully completed.
SQL> select count(*) from hr.locations;
COUNT(*)
17
SQL>

Using third party jars with Oracle Business Rules

Hi
I am working on Oracle AS 10g release 2.
We are using Oracle Business Rules in integration with Oracle BPEL.
While using third party jars however, Oracle Business Rules end is facing errors.
Error during unmarshallingProvider com.sun.xml.bind.ContextFactory_1_0_1 not found
oracle.classloader.util.AnnotatedClassNotFoundException:
Missing class: com.sun.xml.bind.ContextFactory_1_0_1
Dependent class: javax.xml.bind.ContextFinder
Loader: oracle.xml:10.1.0_2
Code-Source: /D:/oracleasr3/lib/xml.jar
Configuration: <code-source> (ignore manifest Class-Path) in META-INF/boot.xml in D:\oracleasr3\j2ee\home\oc4j.jar
Can anybody help in figuring out where Jaxb jars(3rd party jars) are to be kept so that OAS access it?
We tried using the applib folder to load the jars but we are getting class loading errors.
When new instances are created, class loading is not happening.
Pls help.
Thanks
Kavya

Are you using Application Server Release 3 or Release 2? There are different versions listed in your mail.
I think you probably want to add this as a shared library via EM and then import the shared library to your application with the application's xml config files.

Oracle BPEL installation

hi all, i have installed soa_windows_x86_bpel_101310 with Oracle BPEL Process Manager with Oracle SOA Suite option and jdevstudi010133..but i am not able to login in bpel console..its givinh me authentication failure and when i try to start jdeveloper bpel designer its not openong at all..it opens getting started with page..i have already started BPEL PM server..

Have you tried with logina s oc4jadmin
and passwd as the one given at the time of installation.
Lalit

Error while invoking a WS-Security secured web service from Oracle BPEL..

Hi ,
We are facing some error while invoking a WS-Security secured web service from our BPEL Process on the windows platform(SOA 10.1.3.3.0).
For the BPEL process we are following the same steps as given in an AMIS blog : - [http://technology.amis.nl/blog/1607/how-to-call-a-ws-security-secured-web-service-from-oracle-bpel]
but sttill,after deploying it and passing values in it,we are getting the following error on the console :-
“Header [http://schemas.xmlsoap.org/ws/2004/08/addressing:Action] for ultimate recipient is required but not present in the message”
Any pointers in this regard will be highly appreciated.
Thanks,
Saurabh

Hi James,
Thanks for the quick reply.
We've tried to call that web service from an HTML designed in Visual Studios with the same username and password and its working fine.
But on the BPEL console, we are getting the error as mentioned.
Also if you can tell me how to set the user name and password in the header of the parter link.I could not find how to do it.
Thanks,
Saurabh

WS-Security with Oracle BPEL

Similar Messages

Maybe you are looking for