Thursday, April 26, 2012

OEG - deactivating a policy / relative path

Disable the path resolver by un-checking the Enable... box


Test via Service explorer
Access Denied

Oracle Enterprise Gateway(OEG) Policy Center

To quote from the whitepaper  

"OEG Policy Center is intended for managing policy deployments across multiple Oracle Enterprise Gateways (multiple-gateway policy management). OEG Policy Center manages policy migration between development, staging, and production." 



It is essentially a process you start ala the gateway itself and you then connect to it via Policy Studio. Here I have 2 OEG instances and policy center started.


I can then start Policy Studio and connect to Policy Center -


Note the default policy center port is 8060
 

As you can see, I have added the 2 OEG instances to the "process" list

For this scenario - OEG running on management port 8090 is my Test instance OEG running on management port 8093 is my Production instance

I added a new user and a couple of Alerts to the Test instance. Now I export the configuration, saving to file exportUsers.xml


Return to the main Policy Center screen


I select the "production" instance


and import...

Tuesday, April 24, 2012

OEG Service Manager part 2

I can of course apply policies to my registered service using service manager.
In this case, I just dragged and dropped the XML Threat policy to the Request icon.
Ergo, in Service Manager - I can register service and apply existing policies to them. I can also create new policies within this tool.
The new Policy - testPolicy - has been created. Now we can add sub policies to this. Here I dragged and dropped in the HealthCheck policy.
In other words, we can create new policies from existing ones. We cannot create policies from scratch in this tool.

Monday, April 23, 2012

OEG Service Manager

Service Manager is an interesting part of the OEG component stack.
Use it to register and manage the web services OEG is protecting.
Simple example - the FraudChecker web service has been deployed to WLS
I create a new Web Services Group in Service Manager
Now I register the service The url is http://localhost:7001/FraudCheckService/FraudCheckerPort?WSDL
Deploy
Start Policy Studio

Thursday, April 19, 2012

OEG OSB/OWSM Username token/Message Protection example

Create a new OSB project/process that consumes the FraudChecker web service –

This is based on the following Java Class

-------------------------------------------------

package fraudcheckservice;


public class FraudChecker {
public FraudChecker() {
super();
}
public String checkCard4Fraud(String cctype, String ccnr){
String status = "VALID:";

if (ccnr.equalsIgnoreCase("12345678")){
status = "FRAUDULENT:";
}
status = status.concat("Card Type " + cctype + " Card Nr " + ccnr);
return status;
}
}



-------------------------------------------------




The WSDL is similar to the following -
http://localhost:7001/FraudCheckService/FraudCheckerPort?WSDL

In OSB -
Create a business service based on this web service




Create a proxy based on the business service



Test the proxy



Now apply OWSM policies to the OSB proxy





re-test specifying the key we created (joe-key) in the previous-1 blog post.







Now, in the OSB console, export the proxy service wsdl to a file.
Minre is simply called FraudChecker.wsdl



Back in OEG Policy Studio, we need to import the orakey certificate and register the web service –
Back in Policy Studio, we need to import the orakey certificate and register the web service –

This is the key we created in the previous-1 lab. We then stored it at /OSBHome/myDomain/config/fmwconfig

Click keystore





Click Import to Trusted...





Now register the OSB proxy process web service



select the operation -








The security configuration begins

Set Expires in to –



Click Next

Set Signing Key to orakey



Click Next

Configure Encryption Settings

Set Certificate Store to orakey



Click Next

Click Next
Configure Username Token settings
User name = joe
Password = welcome1



Create a relative path /SecureFraudChecker



Deploy & test