Tuesday, 26 April 2016

How to expose and secure SOAP Webservices from Oracle B2B

There are many ways to integrate with you Oracle B2B through the use of SOAP WS and B2B supports both inbound and outbound message exchange.

This post provides an insight on how to expose securely SOAP web services to your trading partners.

As any channel to be consumed by your partners, you have to set it as a B2B Listening Channel. For that, B2B offers two flavors:

  1. Generic SOAP WSLD: based on default and simple B2B WSDL with just a SOA Header and a AnyType Body;
  2. Customized WSLD: you will need to upload your own customized WSDL to B2B that may content a richer payload structure.

Create a Web Service Listening Channel

The steps to create a new SOAP Listning Channel are similar to the steps to create any new Listening Channel: 
  1. Administration > Listening Channels
  2. Add a new Listening Channel
  3. Set the Name and the Type to Generic WS-1.0

Now is time to configure the listening channel based in your options.


Generic B2B WSDL

Using the generic WLSD SOAP is probably the quickest and easiest way to provide a Web Service interface to your partners. It relies on a default WLSD that accepts an AnyType, therefore accepts anything as a payload (e.g. HL7, EDI, XML, etc). 

For that you just have to select Use Generic SOAP and pick the default Service and Port. The endpoint URL are the one specified. Be sure that the Channel is Enabled at the Channel Attributes tab and you are good to go.

Access your SOAP Web Service at: 

http://<hostname>:<port>/b2b/services/ws/MyCompany_ListeningChannel

Customized WSDL

The second option is to use a customized WSDL on your own. Depending on the complexity of your payload you may have to create new B2B messages to be able to expose your service correctly.

To create a customized SOAP WS Listening Channel you have to upload your WSDL file. You can import an WSDL having the inbound/outbound messages defined either in an schema inside the WSLD itself or upload a ZIP file containing various dependent XSDs or WSDLs files imported by the WSDL file.

These are the steps for uploading your WSDL:
  1. Administration > WSDL
  2. Click on the + button
  3. Specify a WSDL Name
  4. Browse and select the root WSDL

Once again, remember that you have to specify the body message as a new B2B document so B2B can process the document as any other document being received by B2B. 

Now its time to configure the Listening Channel, but this time using the uploaded WLSD

Select the Service and Port you want to expose (i.e. one WSDL can contain multiple services)



Securing the exposed Web Services

Finally, a very important action before you publish the services to your partner is to secure those services. Good news is that B2B integrates with the Oracle Webservice Manager product of SOA Suite. So, directly from the B2B console you can attach and detach WSM policies to your exposed services:

Select the policies to apply.


More details on how to use the Oracle Webservice Manager policies: https://docs.oracle.com/middleware/1212/owsm/

Handling your payload message

It is important to note that there is a feature on B2B that allows you to extract a raw payload (HL7, EDI, etc) from an element of a SOAP message. This comes very handy when you want to receive a raw message assigned to any element on a XML message.

The option is accessible from the Exchange Protocol Parameter tab of the created Listening Channel.




Tuesday, 19 April 2016

Configure an SSL SMTP in Oracle B2B

Oracle B2B offers email Channels “Generic eMail” to send and receive the messages through email.

This can be configured to communicate using your own Mail Server or partner's email server. 

The general configuration steps are available in the link below:
http://www.oracle.com/technetwork/middleware/b2b-integrations/learnmore/tnb2b11g003-326858.pdf

However, to be able to configure the e-mail channel using SSL, some extra steps are necessary:

Outbound :  Generic Email over SMTP using SSL

1) As part of trading partner delivery channel “Enable SSL” to be checked.
2) Provide the appropriate SSL port as part of port.



Inbound : Generic Email over IMAP/POP3 using SSL

1) As part of admin listening channel “Enable SSL” to be checked;
2) Select the email server IMAP/POP3. It will be treated as IMP/POP3;
3) Provide the appropriate email server SSL Port.


An email server’s certificate needs to be generated and imported in your ssl trust store.

The way to retrieve the certificate will depend on the email server you are using. You will find many information about how to import ssl certificates to your weblogic trust store.

If you use the default ssl trust store on Weblogic (DemoTrust) the 
-Djavax.net.ssl.trustStore=<fmwhome>/ wlserver_10.3/server/lib/DemoTrust.jks


Tuesday, 12 April 2016

What those extra Healthcare flags on Oracle SOA 12.1.3.0.5 and 12.2.1 update are for?


Whilst upgrading to 12.1.3.05 I came across the following Post Installation actions at the READ.ME doc of the 22524811 patch:

"4 Post-Installation Instructions"

...
2. Add em property : hc.jmsAndDBSameTxn with 'true' value.

3. Following Healthcare Server properties are needed:
        - hc.sequencedEndpoints
                + ALL,<EP_1>,<EP_2> - comman separate value
                + Any endpoints after ALL will not be sequenced.
                + In this example, <EP_1> will have sequcing turned off. <EP_2> will have sequencing turned off.

Note for Bug 20029769:

 hc.HCMode (true/false, default false) - need to set to true

....

At the customer, we intended to promote the upgrade to the actual production environment and, because of this, it required further validation of the impacts of such upgrade could bring.

Since the description was not clear enough and I could not find information anywhere else, I raised a service request at Oracle Support for further clarification.

First, I would like to thanks Silviu from Oracle Support for his help and support he have been providing me for the last few years :)

And here are the conclusions of the service request and clarification of the new flags usage:

hc.jmsAndDBSameTxn -  if true, committing to the JMS for customer JMS will be on the same transaction as database.  If database is rolled back, then the message will not be committed to JMS as well. (I'm waiting additional clarification for this point and will add it here once I have it)

hc.sequencedEndpoints - There are two patterns of setting this parameter:

ALL,<EP1>,<EP2> - every endpoints excepts EP1 and EP2 are set to sequencing.
<EP1>,<EP2>,... - every endpoints defined in the property will be set to sequencing.

So, when word ALL is present, any endpoint after ALL will not be set to sequencing.
When word ALL is missing, every endpoint in the list will be set to sequencing.

You can still set the sequencing at the endpoint level configuration from the HC console. This is more a way to set sequencing in multiple endpoints in one shot.

hc.HCMode: this parameter was introduced for fixing a problem (FA_RETRY_TIMEOUT exception) and it's very similar of the parameters b2b.MLLP_HA_Mode=true and b2b.HAInstance=true when these settings are needed when running in clustered environments.

If you enabled it (hc.HCMode = true), then it is not expected you to deploy B2B agreements. If you want to implement MLLP agreements in B2B, and use B2B agreements, then you will have to set hc.HCMode = false.  It's not possible at the same time to use both HC and B2B engines (to deploy B2B agreements and also to activate HC endpoints).