Friday, March 26, 2010

Oracle BPEL 11g Best Practices

  1. BPEL has to be primarily used for orchestrating the services. 
    • Do not add complex business logic here. It should belong to the service layer.
  2. Create scopes for each step of the flow in the process so as to make it modular.  This will help in creating local variables within that scope. Use Global variables when required(just like your java or C++ programming style). This will help in maintainability. Note : Adding too many scopes may affect the performance. In that case you may want top consider creating sequences.
  3. Adopt naming standards and comply to it. This should be part of the governance strategy. This looks trivial but is important if you want someone else to understand the code and make changes.
  4. It is good practice to have a Mediator in the Composite. Try to get most of the transformations done by the Mediator.
  5. Have all the business rules implemented by the Oracle Business Rules
  6. Handle all the exceptions
  7. Adopt test driven development. Create test cases with a tool like SoapUI for each process and make this part of your governance strategy.
  8. Instead of BPEL, you should consider implementing the process in BPM. This has the advantage of modeling it in BPMN so that it can be easily understood by the Business and also helps the model and implementation to be synchronized at all times. If you haven't considered it so far then it is time you take a look at 
  9. The flow of the BPEL process should be very intuitive.
    • The reason enterprises are investing heavily in this to be agile to change. So, to make this happen , make the steps in the flow linear as much as possible so that a new step can be added/reordered easily by just drag and drop. I have seen very complex nested creation of the following flow which after refactoring looks as below.
Posted by at 3 comments:
Labels: ,

Oracle Service Registry OSR 11g Installation

Oracle Service Registry(OSR) is part of the Oracle SOA Governance strategy but comes as a separate download. The installation is 2 steps

  1. Installation of OSR files into registry111 folder under oracle middleware home
  2. Creation/Extension of a Weblogic 11g domain with the OSR server

Installation Steps

  • Execute java -jar oracle-service-registry-11.1.1.jar. This will launch the installation wizard.
  • I found it easier to create the tablespace and the schema user before hand. I had to do this as for some reason the installation failed to create the tablespace for me.
  • Once the registry111 folder is create then create or extend the existing weblogic11g domain
  • If you face any problem during the domain process then cleanup and create the tablespace again.
Posted by at No comments:
Labels:

OER 11g Thoughts

IMHO, the Oracle Enterprise Repository looks like a piece of work from interns(no disrespect to interns). It lacks the enterprise and professional quality that is expected from Oracle, BEA or any other enterprise vendor. This probably is a result of the acquisition and the need to have an extra check in the checklist.

The OER is deployed in the BEA domain. It has 2 parts. One is the the ability to search and view the assets and the second is the ability to manage the assets. The search can be done through the web while the asset management is through a Java Webstart application. Both the applications fall way short of usability.

I am not convinced that both OER and OSR(Oracle Service Registry) are required as they add to the clutter. The OER functionality could be built into the OSR so that the intra enterprise view could be the OER functionality while the extra enterprise view could be the OSR. This will reduce the amount of applications to be purchased, managed and maintained by the enterprises. This will also help in easier adoption of the Governance and in better governance by managing the assets well.
Posted by at 1 comment:
Labels:

Tuesday, March 23, 2010

Oracle Enterprise Repository 11g Installation

Installation
  • OER11g comes as a separate installation. It can be installed on an existing SOA/WL 11g.
  • Download OER 11g as OER111120_generic.jar
  • Execute the following DB scripts


CREATE TABLESPACE OER_SOA1_DATA
DATAFILE '/opt/oracle/oradata/oer/oer_soa1_data.dbf' SIZE 300M
AUTOEXTEND ON NEXT 10240K MAXSIZE UNLIMITED
EXTENT MANAGEMENT LOCAL AUTOALLOCATE
LOGGING
ONLINE
SEGMENT SPACE MANAGEMENT AUTO;


CREATE TABLESPACE OER_SOA1_INDEX
DATAFILE '/opt/oracle/oradata/oer/oer_soa1_index.dbf' SIZE 300M
AUTOEXTEND ON NEXT 5120K MAXSIZE UNLIMITED
EXTENT MANAGEMENT LOCAL AUTOALLOCATE
LOGGING
ONLINE
SEGMENT SPACE MANAGEMENT AUTO;


CREATE USER OER_SOA1 IDENTIFIED BY password
DEFAULT TABLESPACE OER_SOA1_DATA
TEMPORARY TABLESPACE TEMP
PROFILE DEFAULT
ACCOUNT UNLOCK;
GRANT "CONNECT" TO OER_SOA1;
ALTER USER OER_SOA1 DEFAULT ROLE "CONNECT", "RESOURCE";
GRANT CREATE MATERIALIZED VIEW TO OER_SOA1;
GRANT CREATE SEQUENCE TO OER_SOA1;
GRANT CREATE SESSION TO OER_SOA1;
GRANT CREATE SYNONYM TO OER_SOA1;
GRANT CREATE SNAPSHOT TO OER_SOA1;
GRANT CREATE TABLE TO OER_SOA1;
GRANT CREATE TRIGGER TO OER_SOA1;
GRANT CREATE VIEW TO OER_SOA1;
GRANT UNLIMITED TABLESPACE TO OER_SOA1;
  • There are 2 steps involved. First is to install the OER in the middleware/repository111 folder. The second is to create a new domain or extend an existing one with the OER. See below for the steps.
  • Run java -jar OER111120_generic.jar This will launch the installation screen. Enter the DB information.
  • After installation, create a weblogic domain with OER
  • The default port is 7101.
  • Note : I could not install this on a SOA Suite. I tried to create a new domain and the installation wizard displays the status of 90% and hangs over there. So I installed a vanilla Weblogic11g and then installed OER on that. This works fine.
  • The URL is http://localhost:7101/oer 
  • The login is "admin" and "admin"
Note: If you have face an error during the installation you have to clean the tablespace and redo the domain creation/extension process.
Posted by at 2 comments:
Labels: ,

Monday, March 22, 2010

Testing strategy for Oracle SOA applications

Following is what I felt to be working well as a testing strategy for Oracle SOA

Automated Unit Testing
  • The built in Oracle SOA Test Suite works well for testing BPEL processes. The test cases can be generated from JDeveloper. External Services can be emulated and the response can be asserted. This will help in testing the flow of the process.
  • The tests can be deployed and tested on the Enterprise Manager
Integration Testing
  • SoapUI, an open source test tool is very robust for doing integration testing
  • Provide a WSDL URL and it generates the test stubs for all the operations
  • The response can be asserted.
  • The test data can be generated through static "Parameters" or can be randomized.
  • WS-Security, WS-Addressing and WS-Reliability is supported 
Performance Testing
  • Soap UI can be used for performance testing as well. 
  • This will help the team to get used to one testing tool. 
  • Supports spawning multiple threads, delay between requests.
  • JMeter is the other tool that you may want to use.
Posted by at 2 comments:
Labels:

Friday, March 19, 2010

Oracle Business Rules 11g Best Practices

Oracle Business Rules underwent a lot of changes since 10g and looks more sophisticated now. The Rules designer is very elegant(bug free, nice user experience, fast) and so is the Composer.(though I would like to see the Composer and Designer have a single user experience)

Oracle has made available a very exhaustive guide on Oracle rules which is available at http://download.oracle.com/docs/cd/E15523_01/integration.1111/e10228.pdf

Best Practices 
  • Try to model the rules as a "Decision Component". 
    • Each decision function in the component can be exposed as a Web Service with both stateless and stateful operations(I think that there should be an option to make it a separate webservice or to expose it as an operation). 
    • You may want to cleanup the stateful operations if you think that they should not be used. This will force the developers not to invoke the stateful operation accidentally as the unintended usage can create havoc.
    • This Decision Component then has multiple interfaces which can be used by the BPEL process. This will encapsulate all the rules in a single component and still be modular through Decision functions. 
    • This will greatly help in resuse of this component.
    • The Decision Component is also easily testable.
  • Try to use "Decision Table" as much as possible 
    • As it is very intuitive for the business analysts 
    • All the rules can be viewed in a single readable view. 
    • It also has the built in Gap analysis that will uncover any gaps or conflicts.
Tips
  • When you want to invoke the Rules Service, you should set the name of the Rules Service explicitly If not the rules service is not invoked. This seems to be a strange requirement.
  • The Oracle Rules Composer is available at http://host:[soa port]/soa/composer. I could not open this is IE7 and Chrome but could open in Mozilla Firefox.
  • The rules dictionary is stored in .rules file. This should be checked in the repository(CVS, etc) as a binary file. Please see the FAQ for the explanation.
Posted by at 2 comments:
Labels: ,

Oracle SOA 11gR1 PS2 also called 11.1.1.3

If you are one of those eagerly waiting for the next release/patch on Oracle SOA 11gR1 then the good news is here, though the release date is not yet known
http://blogs.oracle.com/soabpm/2010/03/11gr1_patchset_2_111130_soa_fe.html
http://blogs.oracle.com/soabpm/2010/03/soa_for_the_java_developer_a_f.html

The important features are below.(as collected from the above site)

  1. Oracle OSB is to be part of the suite (currently it is a separate installation)
  2. Support for WSIF (this was supported in 10 g and seems to be restored now). Support for EJB 2 and 3
  3. Support for BPEL2.0(I believe the current supported version is 1.1. Not sure what are the new features in 2.0)
  4. BPMN 2.0 design time and runtime support
  5. Seamless Upgrade from 11gR1PS1!!!!
  6. Domains for BPEL. Not sure how this compares to the regular WL domains.
Posted by at 1 comment:
Labels:

Friday, March 12, 2010

X509 Certificate Testing

Strategy

  1. Generate a keystore for the "Service Provider"
  2. Extract the "service provider's" certificate 
  3. Generate a separate keystore for the "Service Consumer"
  4. Import the "service provider's" certificate into the service consumer's keystore
  5. Configure the SOAP UI to perform Encryption, Signature, Password, DateTime as shown below.
  6. Create a policy at the OWSM(copy from the system provided ones)
  7. Add Assertions. Enforce logging as one of the assertions
  8. Register the webservice and attach this policy with the web service.
  9. Test the request with the SOAP UI.
Concepts
  • It is important to understand what happens during an outbound request
  • For Authentication - the consumer provides the "userid" and "password" which is used by the Provider to authenticate through the Security provider(by connecting to the LDAP or custom repository)
  • For Authorization - the consumer provides the "userid" and "password" which is used by the Provider to authenticate through the Security provider(by connecting to the LDAP or custom repository)
  • For Confidentiality - the message is encrypted by the public key of the Provider. Due to this reason you need to select the provider's certificate that has been imported by providing the alias
  • Based on the policy that is being enforced at the provider's OWSM, provide the corresponding "Key Identifier Type", "Encoding Algorithm", "Key Encryption Algorithm"
  • For Integrity - the message should be signed with the private key of the consumer. So provide the corresponding alias.
Generate a Keystore


Execute the following command in a single line

keytool -genkey -dname "cn=Chandu Sankuratri, ou=soa, o=CrystalTrain, c=US" -alias dssoa -keypass iag12345 -keystore C:\chandu\Keystore -storepass iag12345 -validity 365 -keyalg "RSA"

Note : Enusre that the Key Algorithm is "RSA" as SOAP UI expects this. If you do not provide this, the default is DSA and you will see an exception java.lang.IllegalArgumentException: not an RSA key

You should verify the certificate by executing the following commands

keytool -export -alias dssoa -file dssoa.cer -keystore C:\chandu\Keys\keystore -storepass iag12345

keytool -printcert -file C:\chandu\Keys\dssoa.cer

This should print out

Serial number: 4b9abe40

Valid from: Fri Mar 12 17:20:48 EST 2010 until: Sat Mar 12 17:20:48 EST 2011
Certificate fingerprints:
MD5: 53:DB:0B:86:71:2E:5D:95:E8:EA:8C:D6:89:B2:D2:06
SHA1: EA:B0:90:F5:A9:12:FF:E9:A0:7A:96:F9:77:79:71:6B:18:62:86:3F
Signature algorithm name: SHA1withRSA
Version: 3

Add the generated keystore to SoapUI



Configure the outgoing SOAP request for encryption with X509 certificate. Similarly, you can also add "user Name" ,"Password" and the Signature.



Associate the configured security to the request

Posted by at 3 comments:
Labels:

SOAP Request with WS-Security

Add the following to your SOAP request. Note the userid and Password. The Security Provider is the default Weblogic authentication Provider. This requires the weblogic userid and password that you login to Console. Use this to start your testing and build upon this by changing the security providers, encryption and signature.

<soap:Header>

<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:UsernameToken>
<wsse:Username>weblogic</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">iag123456</wsse:Password>
<wsse:Nonce>71srki+B97R3XIoA7amwbA==</wsse:Nonce>
</wsse:UsernameToken>
</wsse:Security>
</soap:Header>
Posted by at No comments:
Labels:

Generating a WSIL file from WSDL

The OWSM11gR1 requires a WSIL file to register a service.

Following are the steps to generate a WSIL from WSDL

  • WSIL can be easily generated from a WSDL through Eclipse Galileo. At the time of writing this is not supported by JDeveloper.
  • Copy the WSDL file to your Eclispe project. Right click on it and follow the below instructions
  • The following is taken from Eclipse Help

To generate a WSIL file through the import utility:

From the File menu, select Import > WSIL > Next. The WSIL Import window opens.



If you have selected to perform step 1, the WSIL URI field should be prefilled with the name of your WSDL file, where the extension has been changed from .wsdl to .wsil. The WSDL section should contain the URLs to the selected WSDL files. You can also enter additional WSDL URLs. Alternately, you can browse to the location of a WSIL file, or manually enter the location of the WSIL and WSDL files in the appropriate locations.



Click Finish. A WSIL file will be generated in the specified location.
Posted by at No comments:
Labels:

Oracle Web Services Manager (OWSM) 11g

The official Developers Guide for OWSM 11gR1 from Oracle is available here
The FAQ on OWSM 11gR1 is available here

OWSM11gR1 is part of the Oracle SOA Suite11gR1. It does not need any separate installation if you are working with Oracle SOA. Enforcing the policy is straight forward as can be seen below.

Following are the steps to enforce a policy. Steps that need elaboration are entered as a separate blog
  1. Create a Policy
  2. Generate a WSIL for the Web Service
  3. Register the Service
  4. Associate the Service with the Policy
  5. Generate SOAP requests through the SOAP UI to test the security 
Posted by at 1 comment:
Labels:
Subscribe to: Posts (Atom)