Invoking a Secured WebService in BPEL - Oracle SOA

It is critical to control access to BPEL processes and to the Web services they use. Preventing unauthorized users from breaking into your system is required to protect both the integrity of your processes and the personal information of your customers.

in real-world all business applications are exposed with security is enabled.Oracle Fusion Middleware uses a policy-based model to manage and secure Web services across an organization

Policies apply security to the delivery of messages

Policies can be managed by both developers in a design-time environment and system administrators in a runtime environment

Below are the steps to invoke a secured WebService from a BPEL Process:

• On the External References where your web service is, right click on the web service and select configure ws policies.

 

• Under security click the green plus sign to add security and select oracle/wss_username_token_client_policy and click ok.

(We can select multiple policies at once, depending on the security of the WebService we are invoking) 

 

This step will adds the following code in your composite.xml

<wsp:PolicyReference URI="oracle/wss_username_token_client_policy"

                                 orawsp:category="security"

                                 orawsp:status="enabled"/>

            <property name="oracle.webservices.auth.password" type="xs:string"

                      many="false" override="may">XX_AdmIn</property>

            <property name="oracle.webservices.auth.username" type="xs:string"

                      many="false" override="may">XXADMIN_PASSWORD</property>

            <property name="wsseOASIS2004Compliant" type="xs:string"

                      many="false">true</property>

                      </binding.ws>

Generating DBC file without server access detail

For OAF development you need to get the DBC file of the environment you want to work on.

DBC file we can get from :

• $FND_TOP/secure for 11i 
• $FND_SECURE for R12.

in case if we don’t have access to the server we can get it with other convenient way.

Open a webbrowser and go to the homepage URL and append “/OA_HTML/jsp/fnd/aoljtest.jsp” to it. 

In my case:

http://ebs-vision.sais.local:8009/OA_HTML/jsp/fnd/aoljtest.jsp

Fill in the details and click “Test” Button.

 

If all the details are correct you will get an overview page with all  details, and at bottom of screen you will get a link  “Enter AOL/J Setup Test”. click on it.

It will redirect you to apge from where you can select Locate DBC file under connection test from left side Menu list. 

On the right side you will get the contents of the DBC file.

Copy/paste this to a TEST.dbc file and place it in your JDeveloper JDEV_USER_HOME/dbc_files/secure.

JDeveloper setup for OAF development

If you want to do some OAF Development in JDeveloper for the first time, you will need to do the following things.

1] Download JDeveloper Patch

Before starting an OA Framework Development in JDeveloper you have to find out the framework version of the Oracle Application installation. 

The Jdeveloper version and the OA framework version must be compatible with each other.

The current version of OA Framework installation can be found at

 http://host:port/OA_HTML/OAInfo.jsp

Download the JDeveloper Patch.

2] Extract the JDeveloper patch in a directory say D:\DevSuiteHome_1\jdev

The patch actually contains below three directories

• jdevbin – Includes an extended version of the Oracle JDeveloper 10g executable and OA Framework class libraries.

• jdevhome – Includes the OA Framework Toolbox Tutorial source and developer working area.

• jdevdoc – Contains documentation.

3] Define an environment variable

Define an environment variable JDEV_USER_HOME for your local machine. This has to be set to jdevhome\jdev directory. In above example it has to be D:\DevSuiteHome_1\jdev\jdevhome\jdev.

My Computer - Properties - Advanced tab - Environment Variables - New

Variable: JDEV_USER_HOME

Value: D:\DevSuiteHome_1\jdev\jdevhome\jdev

4] Get the DBC file

Obtain the FND database connection (.dbc) file from the system administrator who installed the OA Framework database where you want to do your development.

For the instance to use, you can get the .dbc file from $FND_SECURE and put it in <JDEV_USER_HOME>\dbc_files\secure i.e. D:\DevSuiteHome_1\jdev\jdevhome\jdev \dbc_files\secure

5] Creating a Desktop Shortcut to JDeveloper

To facilitate launching JDeveloper, create a desktop shortcut to jdevbin\jdev\bin\jdevw.exe.

6] Configuring the Environment Encoding of JDeveloper

Confirm the environment encoding of your JDeveloper if it is appropriately set.

Go to Tools – Preferences – Environment – Encoding

If Encoding is not set to “UTF-8″, set it to “UTF-8″.

Using FND_MESSAGE in OAF page

What is a message in Oracle Application?

Oracle Application uses the Message Dictionary to store translatable Error and Warning messages that can be used by any programs written in Forms, Reports, OAF,ADF, or PL/SQL.

These messages mainly provide information about business rule errors, such as missing or incorrect data, and how to resolve them, warn about the consequences of intended actions, inform about the status of an application, pages, or business objects, and indicate that processes and actions are performing or are completed.

Because the messages are stored in Application Object Library FND_MESSAGE_% tables, these types of messages are sometimes referred to as FND messages

Create custom message :

In Application Developer Responsibility, navigate to (N) Application | Messages.

 

It can be also done from OAF page

• Go to Functional Administrator responsibility – then choose Home.
•  Choose the Core Services Tab – then the  Messages Sub-Menu.

 

Using Fnd Message on OAF page

Below line can be used to show FND_MESSAGE from oaf page  which is created using Application Developer responsibility.

public class xxcusHelloWorldMainCO extends HelloWorldMainCO {

    public void processFormRequest(OAPageContext pageContext,

                                   OAWebBean webBean) {

     if (pageContext.getParameter("Go") != null) {

         String SelPeriod= pageContext.getParameter("SelPeriod");

         if ((SelPeriod.equals("2011")) {

                   

throw new OAException("XXX", "XXIERP_INVALID_PERIOD", null, OAException.ERROR, null);

        }

        }

}