Saturday, March 26, 2011

Setup Two Way SSL on Weblogic Server

Setup Two Way SSL on Weblogic Server

  • The first step is to have identity and certificates in place.
  • Run the command to setup environment to use Weblogic Server utilities.
        C:\Oracle\Middleware\user_projects\domains\base_domain>setDomainEnv.cmd

Use the command to create Identity Key (IdentityName.jks) store for Weblogic. 
If a self generated private key need to the created, please read 
the information for the following link here. If a key needs to be 
 
java utils.ImportPrivateKey 

-certfile <cert_file> -keyfile <private_key_file>
[-keyfilepass <private_key_password>]
-keystore <keystore> -storepass <storepass> [-storetype <storetype>]
-alias <alias> [-keypass <keypass>]
 
  • Copy the Identity Keystore in the $WLS_HOME/server/lib folder
  • Using the Weblogic Console, navigate to servers->keystore->Choose the option Cusom Identity Java Certificates options.
  • Enter the location of the identity key store, with the complete path.
  • Enter the pass phrase with which the the identity store was created.
  • Enter the pass phrase of the of Java Key store. If not changed, the pass phrase will be "change it"
  • Press save. Server restart may not be required.
  • For questions, comments and feedback,  please contact:
 

Friday, March 25, 2011

SOA Performace Tuning Series (Part 1)

Deleting Large Numbers of Instances

The purge scripts for the SOA  suite can be found in $RCU_HOME 

/rcuHome/rcu/integration/soainfra/sql/purge

One All the scripts have been run and packages have been created. 

Create the instance filter to selectively delete instances. (RCU does create the instance_fileter type)

create or replace type instance_filter as object
(
composite_name varchar2(200),
composite_revision varchar2(20),
state integer,
min_created_date timestamp,
max_created_date timestamp,
);


composite_name: The name of the SOA composite application, such as OrderBooking.
composite_revision: The revision of the composite, such as 1.0.
state: The state of the instance. The following state values are possible:

STATE_RUNNING constant integer := 0;
STATE_RECOVERY_REQUIRED constant integer := 1;
STATE_COMPLETED_SUCCESSFULLY constant integer := 2;
STATE_FAULTED constant integer := 3;
STATE_TERMINATED_BY_USER constant integer := 4;
STATE_SUSPENDED constant integer := 5;
STATE_STALE constant integer := 6;
STATE_UNKNOWN constant integer := 32;
min_created_date: The minimum date range.
max_created_date: The maximum date range.

Create a stored procedure that will purge the instances

DECLARE
  FILTER QA_SOAINFRA.INSTANCE_FILTER := INSTANCE_FILTER();
  MAX_INSTANCES NUMBER;
  PURGE_PARTITIONED_DATA BOOLEAN;
  v_Return NUMBER;
BEGIN
 FILTER.COMPOSITE_PARTITION_NAME:='myPartition';
 FILTER.COMPOSITE_NAME := 'myComposite';
 FILTER.COMPOSITE_REVISION := '1.0';
 FILTER.STATE := fabric.STATE_FAULTED;

  MAX_INSTANCES := 10000000;
  PURGE_PARTITIONED_DATA := true;

  v_Return := FABRIC.DELETE_ALL(
    FILTER => FILTER,
    MAX_INSTANCES => MAX_INSTANCES,
    PURGE_PARTITIONED_DATA => PURGE_PARTITIONED_DATA
  );
  DBMS_OUTPUT.PUT_LINE('v_Return = ' || v_Return);
END;

For questions, comments and feedback,  please contact:
 Harvinder Singh Saluja

Thursday, March 24, 2011

Weblogic 10.3.5 Configuring 2 Way SSL for SOA and OSB Serversin Weblogic

Weblogic 10.3.5 Configuring 2 Way SSL for SOA and OSB Servers in Weblogic
By default, WebLogic Server is configured to use one-way SSL (the server passes its identity to the client). For a more secure SSL connection, use two-way SSL. In a two-way SSL connection, the client verifies the identity and trust of the server and then passes its identity to the server. The server then validates the identity and trust of the client before completing the SSL connection. The server determines whether or not two-way SSL is used.
Before configuring two-way SSL, ensure the Trust key store for the server includes the certificate for the trusted certificate authority that signed the certificate for the client.
To enable two-way SSL:
  1. Configure one-way SSL as described in Configuring SSL.
  2. Expand the Servers node.
  3. Select the name of the server for which you want to configure two-way SSL (for example, exampleserver).
  4. Select the Configuration-->Keystores and SSL tab.
  5. Click the Show link under Advanced Options.
  6. Go to the Server attributes section of the window.
  7. Set the Two Way Client Cert Behavior attribute. The following options are available:
    • Client Certs Not Requested—The default (meaning one-way SSL).
    • Client Certs Requested But Not Enforced—Requires a client to present a certificate. If a certificate is not presented, the SSL connection continues.
    • Client Certs Requested And Enforced—Requires a client to present a certificate. If a certificate is not presented or if the certificate is not trusted, the SSL connection is terminated.

  1. Click Apply.
  2. Reboot WebLogic Server.

Weblogic 10.3.5 Configuring SSL for SOA and OSB Serversin Weblogic

Weblogic 10.3.5 Configuring SSL for SOA and OSB Servers in Weblogic

By default, SSL is enabled and configured to use the demonstration Identity and Trust keystores. For testing and development purposes, the SSL configuration is complete. Use the steps in this section to configure SSL for production use.
To configure SSL:
  1. Expand the Servers node.
  2. Select the name of the server for which you want to configure keystores (for example, exampleserver).

  1. Select the Configuration-->Keystores and SSL tab.
  2. Information about the demonstration Identity and Trust keystores is displayed in the Keystore Configuration.

  3. Configure new Identity and Trust keystores for WebLogic Server.  

 
  1. Click the Change... link in the SSL Configuration to configure attributes for SSL.
  2. The Configure SSL page appears.

  3. Specify how the identity and trust for WebLogic Server is stored. The following options are available:

    • Key Stores—Use this option if you created Identity and Trust keystores for WebLogic Server. If you choose this option, go to step 8.
    • Files or Key Store Providers—Use this option if you stored private keys and trusted CA certificates in a file or in a JKS keystore accessed via the WebLogic Keystore provider (as supported in previous releases of WebLogic Server). If you choose this option, go to step 9. This option is available for the purpose of backward compatibility only and it automatcally set with security information from a previous release of WebLogic Server.

  4. Click Continue.


  5. Specify the alias used to load the private key into the keystore in the Private Key Alias and the password used to retrieve the private key from the keystore in the Passphrase attibute. You may have specified this information when creating the Identity keystore; however, for the purpose of SSL configuration specify the information again. Skip to step 10.

 

  1. Specify information about the location of identity and trust for WebLogic Server.
  2. Note: This step only applies if the Files or Key Store Providers option is specified.
    • Private Key File Name—The directory location of the private key for WebLogic Server. Specify a value for this attribute only if you stored the private key for WebLogic Server in a file (versus a WebLogic Keystore provider).
    • Private Key Alias—The alias specified when loading the private key for WebLogic Server from the keystore. Specify a value for this field only if you stored the private key for WebLogic Server in a keystore accessed by the WebLogic Keystore provider.
    • Passphrase—The password specified when loading the private key for WebLogic Server into the keystore. Specify a value for this field only if you stored the private key for WebLogic Server in a keystore accesssed by the WebLogic Keystore provider. Confirm the password. If you protected the private key file with a password, specify the weblogic.management.pkpassword command-line argument when starting the server.
    • Server Certificate File Name— The directory location of the digital certificate for WebLogic Server. If you are using a certificate chain that is deeper than two certificates, you to need to include the entire chain in PEM format in the certificate file.
    • Trusted CA File Name—The name of the file containing the PEM-encoded trusted certificate authorities.
  3. Click Continue.
  4. Click Finish.
  5. Reboot WebLogic Server.

Wednesday, March 16, 2011

Setup Oracle SOA B2B for ebXML documents using ebMS 2.0 protocol

For a large EDI initiative MindTelligent Team was involved in, the assignment was to setup a Oracle B2B exchange for ebXML using ebMS 2.0 protocol  This blog discusses the steps to configure Oracle SOA suite 11.1.1.4 B2B server to exchange ebXML using ebMS 2.0 protocol. The post assumes that the user has some prior knowledge of Oracle SOA B2B servers

  • Set up the document definition.
    • Document Protocol Version: ebXML_Version_1.0
    • Document Type: ebXMLOrderType
      • Action Name ebXMLOrderAction
      • Service Name ebXMLOrderService
      • Service Type ebXMLOrderServiceType
      • From Role AskMind
      • To Role DST




















  • Document Definition: ebXMLOrder_def 
    • In this example, we are processing a flat file using ebMS 2.0. The option we choose is
      "Flat"
    • Identification Start Position: 1 (Depending on identification of your flat file)
    • Identification End Position: 1 (Depending on identification of your flat file)
    • Identification Value: C  (Depending on identification of your flat file)















Setting up "Delivery Channel" for you outbound payloads.

  • Click on Partners-->Channels
  • Select Protocol as ebMS-2.0
  • Enter Transport Protocol Parameters
    • URL: http://hostname:port/b2b/httpReceiver
    • User Name: Weblogic user name of remote server
    • Password: Password of the remote server
  • Channel Attributes
    • Ack Mode Async















Develop a composite to initiate the process. Ensure that the following assignments are made in the composite

<assign>
            <copy target="$out.property.b2b.ebms.Service"
                  expression="'ebXMLOrderService'"/>
            <copy target="$out.property.b2b.ebms.ServiceType"
                  expression="'ebXMLOrderServiceType'"/>
            <copy target="$out.property.b2b.ebms.action"
                  expression="'ebXMLOrderAction'"/>
            <copy target="$out.property.b2b.fromTradingPartnerId"
                  expression="'AskMind'"/>
            <copy target="$out.property.b2b.toTradingPartnerId"
                  expression="'DST'"/>
            <copy target="$out.property.b2b.documentTypeName"
                  expression="'ebXMLOrderType'"/>
            <copy target="$out.property.b2b.documentProtocolRevision"
                  expression="'ebXML_Version_1.0'"/>
              <copy target="$out.property.b2b.action"
                  expression="'ebXMLOrderAction'"/>
          </assign>

For questions, comments and feedback,  please contact:
 Harvinder Singh Saluja

    OCI Knowledge Series: OCI Infrastructure components

      Oracle Cloud Infrastructure (OCI) provides a comprehensive set of infrastructure services that enable you to build and run a wide range of...