Tuesday, July 27, 2010

Oracle SOA Suite 11g R1 Developer Guide now available

This updated version covers the current 11g offering and

highlights for me are, apart from the bright cover,

the following -

- Chapter 7 - Using Business Rules to define decision points

- The discussion on EDN publishing patterns in Chapter 8.

- Chapter 15: Advanced SOA Suite Architecture - for a great discussion on engine internals.

The great thing about the book is that it spends sufficient time discussing the WHYs and opposed to just concentrating on the HOWs.

Well done Antony & Matt - take a bow!

Tuesday, July 20, 2010

OSB leveraging WSM for partial message encryption

This sample leads on from the scenario in the previous post.

now I just want to encrypt the cardNr

I create a new service policy in em based on
using the "Create Like..." facility.

Uncheck - Include Entire Body

Then click - Add

I set the following -

Namespace: http://aaavalidatecred/
Element: cardNr

I create a new client policy in em based on
using the "Create Like..." facility.

I set the encryption policy as above

I configure my OSB proxy service to use the service policy.
I then test the proxy service -

Delete oracle/wss10_message_protection_client_policy

Only our client policy should be leveraged

Execute the test

View the result -

Incoming message

Card nr is encrypted.

and is valid!

Monday, July 19, 2010

OSB 11g and WSM

Scenario - I need to secure a proxy service (username/pwd), and sign/encrypt the payload.

For this sample we will expose the following Java class as a web service and
secure the request payload.

package simplecccws;

import javax.jws.WebService;

public class validateCC {
public validateCC() {
public String validateCard(String cardNr, String firstName, String lastName, String validUntilDate){
String rtc = "INVALID";
if (cardNr.startsWith("1")){
rtc = "VALID";
return rtc;

Create the Java class and deploy as a Web Service to WLS.


Note the wsdl –

e.g. http://localhost:7001/AAA-validateCC-root/validateCCPort?WSDL

and save to the local file system

Create the OSB Business/Proxy services

Import WSDL to OSB and create a Business Service based on it.

Create a Proxy Service based on the Business Service.

Test Proxy

Secure the Proxy Service

Add username token with message protection policy

The result...

Set up OWSM for OSB and create a test user

Register Keystore using Enterprise Manager. This step is required so OSB test console or SOA reference can use the OWSM csf-key to look up the
username/password to send the ValidateCard Proxy Service secured with the
UserNameToken with Message OWSM policy.

Setup default keystore - Copy your sample keystore file, default-keystore.jks to the domain home’s fmwconfig directory, e.g.

You can create a default-keystore as follows, if you don't have one -

Open em

In the Security Provider Configuration, find Keystore under Web Services
Manager Authentication Providers. Expand Keystore and Click Configure

Create user in WLS using OSB console. OSB Proxy Service will use WLS Default Authenticator to authenticate the username/password in the WS-Security SOAP Headers received from the client. The user created using OSB console is available to the WLS Default Authenticator.

OSB Console - Click on Security Configuration

Add csf-key for user joe created in step 2. This step is required so the OSB test console/SOA reference can lookup the username/password using the csf-key.

In Enterprise Manager, select soa_osb_domain Weblogic Domain. Expand
Security and select Credentials as shown below.

Create Map with name oracle.wsm.security if it does not already exist.

Create a new key –

o User Name: joe
o Password: welcome1

Test the Proxy Service

Set the following values in the OSB test console –

and Execute the test

View the result -

Thursday, July 15, 2010

SOA Suite 11g Custom Worklist/Workspace

Many people use the Worklist/Workspace app OOTB. However there may be reasons for implementing your own custom worklist app to interface with the Workflow Service.

So how to do it?

First check out the official doc at

Chapter 31 - Building a Custom Worklist Client.

Essentially the steps are -
1. Get a handle to IWorklistServiceClient from WorkflowServiceClientFactory.

2. Get a handle to ITaskQueryService from IWorklistServiceClient.

3. Authenticate a user by passing a username and password to the authenticate
method on ITaskQueryService. Get a handle to IWorkflowContext.

4. Query the list of tasks using ITaskQueryService.

5. Get a handle to ITaskService from IWorklistServiceClient.

6. Iterate over the list of tasks returned, performing actions on the tasks using

The javadoc is available at -


I'll create a simple example in a future post.