Create with WLST a SOA Suite, Service Bus 12.1.3 Domain

When you want to create a 12.1.3 SOA Suite, Service Bus Domain, you have to use the WebLogic config.sh utility.  The 12.1.3 config utility is a big improvement when you compare this to WebLogic 11g. With this I can create some complex cluster configuration without any after configuration.
But if you want to automate the domain creation and use it in your own (provisioning) tool/script then you can use the following scripts to create a normal SOA Suite, Service Bus domain together with BPM, BAM & the Enterprise scheduler options.

Off course!!! use this script only for development, do some intensive testing on this domain and don't use this script in production or acceptance ( use the supported config.sh utility).

The second part of this blog we will create a cluster configuration with a WLST offline script.

Before we can start we need to have a FMW database repository.  You can use the RCU utility ( MDW_HOME/oracle_common/bin/rcu) to create one.

Enable the following options

Here you can also see the improvements in the 12c FMW domain creation like

• ServerGroups, an easy way of assigning libraries,  applications and datasources to managed servers and clusters. It will auto-detect if a managed server is part of a cluster :-)
• Service Table Datasource together with the getDatabaseDefaults() function, no need to change all the datasources. It will re-use the RCU configuration data.

Use this to start the creation of our domain.
MDW_HOME/oracle_common/common/bin/wlst.sh soa_domain_1213.py

Here we need to do some extra configuration like

• Change a few datasources so they will use the Oracle XA driver

With this as output.

When you want to create a cluster configuration you can use the following script.

Maven support for 12.1.3 Service Bus & SOA Suite artifacts

With the 12.1.3 release of Oracle Service Bus and Oracle SOA Suite we finally can build all our soa projects with Maven. And this time we can do it natively without calling a utility like configjar or ANT from Maven .

We start by setting all the required variables like JAVA_HOME,M2_HOME and PATH

export JAVA_HOME=/Library/Java/JavaVirtualMachines/jdk1.7.0_45.jdk/Contents/Home/jre
export M2_HOME=/Users/edwin/apache-maven-3.0.5
export PATH=${M2_HOME}/bin:${JAVA_HOME}:$PATH

Check if maven works

mvn -v 

You can also use the maven 3.0.5 version of JDeveloper 12.1.3 located at .../oracle_common/modules/org.apache.maven_3.0.5

Next step is to populate all the maven repositories

cd  .../oracle_common/plugins/maven/com/oracle/maven/oracle-maven-sync/12.1.3

install the maven sync plugin to the local repository

mvn install:install-file -DpomFile=oracle-maven-sync-12.1.3.pom -Dfile=oracle-maven-sync-12.1.3.jar -DoracleHome=/Users/edwin/Oracle/JDevMiddleware12.1.3

Deploy all the libraries to the local mvn repository

mvn com.oracle.maven:oracle-maven-sync:push -DoracleHome=/Users/edwin/Oracle/JDevMiddleware12.1.3

update your local archetype catalog

mvn archetype:crawl -Dcatalog=$HOME/.m2/archetype-catalog.xml

Next steps are, to do the same but then we will fill the Nexus repository

Deploy the maven sync plugin to the nexus maven repository and we need to configure the maven settings.xml

mvn deploy:deploy-file -DpomFile=oracle-maven-sync-12.1.3.pom -Dfile=oracle-maven-sync-12.1.3.jar -Durl=http://localhost:8081/nexus/content/repositories/thirdparty -DrepositoryId=internal

and do a another sync

mvn com.oracle.maven:oracle-maven-sync:push

Here is the matching maven settings.xml

  <servers>
    <server>
      <id>internal</id>
      <username>admin</username>
      <password>admin123</password>
    </server>
  </servers>

  <mirrors>
    <mirror>
      <id>nexus</id>
      <name>Internal nexus Mirror of Central</name>
      <url>http://localhost:8081/nexus/content/groups/public/</url>
      <mirrorOf>*</mirrorOf>
    </mirror>
  </mirrors>

  <profiles>

    <profile>
      <id>nexus</id>
      <repositories>
        <repository>
          <snapshots>
            <enabled>true</enabled>
          </snapshots>
          <id>internal</id>
          <name>internal</name>
          <url>http://localhost:8081/nexus/content/repositories/thirdparty</url>
        </repository>
      </repositories>
    </profile> 

    <profile>
      <id>oracle-maven</id>
      <properties>
        <oracleHome>/Users/edwin/Oracle/JDevMiddleware12.1.3</oracleHome>
        <serverId>internal</serverId>
        <testOnly>false</testOnly>
        <failOnError>false</failOnError>
        <overwriteParent>true</overwriteParent>
      </properties>      
    </profile> 
  </profiles>

  <activeProfiles>
     <activeProfile>nexus</activeProfile>
     <activeProfile>oracle-maven</activeProfile>
  </activeProfiles>                     

Next step is to do a describe of the soa and osb plugin

mvn help:describe -DgroupId=com.oracle.soa.plugin -DartifactId=oracle-soa-plugin -Dversion=12.1.3-0-0

with this as output

Name: Oracle SOA Maven Plugin
Description: This plugin allows users to compile, package, deploy, test and
  undeploy SOA composites.
Group Id: com.oracle.soa.plugin
Artifact Id: oracle-soa-plugin
Version: 12.1.3-0-0
Goal Prefix: oracle-soa

This plugin has 6 goals:

oracle-soa:compile
  Description: Compiles the composite. Note that 'compiling' a composite does
    not actually produce any new files, it is really a 'validation' and
    produces only output messages.

oracle-soa:deploy
  Description: To deploy a SOA composite (supports all formats SAR, MAR,
    etc.)

oracle-soa:help
  Description: Display help information on oracle-soa-plugin.
    Call mvn oracle-soa:help -Ddetail=true -Dgoal=<goal-name> to display
    parameter details.

oracle-soa:sar
  Description: Packages the composite into a SAR.

oracle-soa:test
  Description: To execute SCA Test Suites.

oracle-soa:undeploy
  Description: Undeploy a SOA composite from a SOA managed server or cluster

mvn help:describe -DgroupId=com.oracle.servicebus.plugin -DartifactId=oracle-servicebus-plugin -Dversion=12.1.3-0-0

with this as output

Name: Oracle Service Bus - Plugin
Description: (no description available)
Group Id: com.oracle.servicebus.plugin
Artifact Id: oracle-servicebus-plugin
Version: 12.1.3-0-0
Goal Prefix: servicebus

This plugin has 2 goals:

servicebus:deploy
  Description: (no description available)

servicebus:package
  Description: (no description available)



Now we are able to create a new Service Bus project from a Maven Archetype.

Provide the all the maven details

Search for the servicebus application ArcheType and select this one

Provide the required projectName of this archetype

Create the application

Now we got a Service Bus application with 3 poms, One project with sbar as package type , System project pom and a parent pom with these 2 projects

Now we can build the Service Bus project from JDeveloper by selecting the pom and right click to start for example run the package phase.

or from a terminal by using mvn package

We can do the same for a SOA Suite application and a SOA Composite.

Search for oracle-soa-application

Now we got 2 poms ( 1 is at the workspace level )  and project packaging is now a sar.

And we can also build the soa composite.

Custom OSB Reporting Provider

With the OSB Report Action we can add some tracing and logging to an OSB Proxy, this works OK especially when you add some Report keys for single Proxy projects but when you have projects with many Proxies who are invoking other JMS or Local Proxies than the default reporting tables (WLI_QS_REPORT_DATA, WLI_QS_REPORT_ATTRIBUTE ) in the SOA Suite soainfra schema is not so handy.
I want to introduce a conversation id which will be used in all the Proxies and a unique message id for a proxy which will be used in the request and response. Plus it has a status field for the whole conversation ( default = OK, when there is an error somewhere in the conversation then the status will be ERROR)

With this as result. 2 conversations 1 is OK and all matching detail messages ( every proxy has its own messageId so you know which request, response or error belong to each other )
This way I can build my own application which can display all this data, combine this for example with my ErrorHospital data.

The default JMS Reporting part works great for me, so in my Custom Reporting provider I want to re-use the publishing way of the OSB ReportMessage ObjectMessages in the JMS Queue ( wli.reporting.jmsprovider.queue )

So in the next steps I will create a new EJB Application with a Message Driven Bean who reads this ObjectMessage and pass it on to an EJB Session Bean which will use JPA to persist the data in these two tables.

So the first step is to create a new application in JDeveloper and this listener class to the weblogic-application.xml ( located in the src/meta-inf folder of your workspace )
<listener-class>
com.bea.wli.reporting.jmsprovider.init.JmsReportingStartupAndShutdown
</listener-class>

This will enable the OSB Reporting.

You also need plus you need to untarget the default JMS reporing Provider else both applications tries to read the JMS messages.

Add the following jars to your application and uncheck the Export selection ( they are already there on the osb server ). You can find the com.bea.alsb.reporting.api.jar and com.bea.alsb.reporting.impl.jar in your Oracle_OSB1/lib/modules folder of your middleware home

Create a Message Driven Bean


Next step is to tune this MDB so it runs under the ALSBSystem role (ejb-jar.xml ) and in the weblogic-ejb-jar deployment descriptor I set the max and initial pool to 1, this way I can make sure that I have only 1 message record per conversation Id plus this MDB runs as alsb-system-user user.

Add our two JPA entities ( message and message detail ) to the model project and create an EJB session bean with a local interface. This EJB will be invoked by the MDB and pass on the ReportMessage entity.
In the persistence.xml I will reuse the already created wlsbjmsrpDataSource Datasource  ( the message table are also in the soainfra schema )

The EJB session bean does all the heavy work, it needs to determine if the conversation record already exists and retrieve all the Report Action Keys ( message labels).  

Click here to see the EJB Session bean https://github.com/biemond/osb11g_examples/blob/master/CustomOSBReporting/JmsReporting/Model/src/nl/amis/mw/reporting/services/OSBReportingSessionEJBBean.java

Last steps is to make on the project level an EJB deployment ( ejb jar ) and add this to Application deployment profile ( ear ), uncheck the export of all the reporting jars and deploy this to the OSB Server ( must deploy from application menu else the listener class is not loaded )

The last step is to add the report action to all our OSB Proxies

We also need a header element in our message body or header where we can store the conversationId and pass on the other Proxies so every report action can use these values as keys.

In every proxy I first need to add the internal OSB proxy messageID to a variable ( and do not pass it on )  I will do this in the first assign.

This way I can use it in the Request and Response Report Action ( So I know which request ,response or error belong to each other).

In the first Report action I also provided some extra data ( like messagetype, sender, receiver)  this will also be stored in the message table.

In the other proxies I only need to use the Conversation Id and the messageId of that proxy.

In the Error handler I also added a report action so I know what the error is and set the status of the message to ERROR

That's all for the custom reporting part. Off course you can add extra field to these tables by adding your own report keys. You only need to change the EJB and the JPA Entities.

Here you can find all the code together with an OSB demo workspace.
https://github.com/biemond/osb11g_examples/tree/master/CustomOSBReporting


   

Offline Oracle Service Bus Configuration export

With Oracle Service Bus PS6 or 11.1.1.7 we finally have an new offline build tool with does not require Eclipse (OEPE).  With this OSB configjar tool ( located in the OSB home /tools/configjar/ folder ) you can make OSB export sbconfig jar based on 1 or more OSB projects or even with more then one OSB Configuration projects. Plus have total control what to include or exclude.

In this blogpost I will show you first, how to do this in a shell script with I run on a linux server and the second part how to do the same with maven.

all demo code is available at github and contains a demo OSB workspace.

First step is to create an configuration setting xml with will be used by the configjar utility

here is an example of a OSB workspace configuration file with all its project and resources

<configjarSettings xmlns="http://www.bea.com/alsb/tools/configjar/config">
    <source>
        <project dir="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/source/ReliableMessageWS"/>
        <project dir="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/source/XSDvalidation"/>
        <system  dir="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/source/OSB Configuration"/>
    </source>

    <configjar jar="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/export/sbconfig-resources.jar">
         <projectLevel includeSystem="true"/>
    </configjar>
    
</configjarSettings>

and in this case only one project and an separate export for particular system resource

<configjarSettings xmlns="http://www.bea.com/alsb/tools/configjar/config">
    <source>
        <project dir="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/source/ReliableMessageWS"/>
        <system  dir="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/source/OSB Configuration"/>
    </source>
    <configjar jar="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/export/sbconfig-rel.jar">
        <projectLevel includeSystem="false"/>
    </configjar>
    <configjar jar="/home/oracle/projects/soa_tools/maven_osb_ps6_tool/export/sbconfig-rel-system.jar">
         <resourceLevel>
            <resources>
                <include name="**/*.jndi"/>
            </resources>
        </resourceLevel>
    </configjar>
</configjarSettings>

To see all the possible options see this Oracle document page

Next step is to use this setting xml in our shell script.


That's all, this will generate the sbconfig jars but we can also do the same with maven.

The rest of the blog will describe the maven build and deploy.

First we also need to have a setting xml which will be used by maven. The OSB setting file does not support environment variables so I need to use the com.google.code.maven-replacer-plugin maven plugin to replace the tokens.

This is the workspace setting xml ( located in the OSB workspace folder)

<configjarSettings xmlns="http://www.bea.com/alsb/tools/configjar/config">
    <source>
        <project dir="$WORKSPACE_HOME$/ReliableMessageWS"/>
        <project dir="$WORKSPACE_HOME$/XSDvalidation"/>
        <system  dir="$WORKSPACE_HOME$/OSB Configuration"/>
    </source>

    <configjar jar="$BUILDDIR$/$ARTIFACTID$-$VERSION$.jar">
         <projectLevel includeSystem="$OSBINCLUDESYSTEM$"/>
    </configjar>
    
</configjarSettings>

This is de project setting xml ( located in the OSB project folder)

<configjarSettings xmlns="http://www.bea.com/alsb/tools/configjar/config">
    <source>
        <project dir="$WORKSPACE_HOME$/ReliableMessageWS"/>
        <system  dir="$WORKSPACE_HOME$/OSB Configuration"/>
    </source>
    <configjar jar="$BUILDDIR$/$ARTIFACTID$-$VERSION$.jar">
         <projectLevel includeSystem="$OSBINCLUDESYSTEM$"/>
    </configjar>
</configjarSettings>

The workspace pom  ( located in the OSB workspace folder) , where the path to parent pom is different and the target folder

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>
    <groupId>biemond.core.osb</groupId>
    <artifactId>tool</artifactId>
    <version>1.0</version>
    <relativePath>../parent/pom.xml</relativePath>
  </parent>
  <groupId>biemond</groupId>
  <artifactId>osb.source</artifactId>
  <version>1.5.1-SNAPSHOT</version>
  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>    
    <buildDirectory>${project.basedir}/../target</buildDirectory>
    <buildOsbBase>${project.basedir}/../</buildOsbBase>
    <osbProjectBase>${project.basedir}</osbProjectBase>
    <osbIncludeSystem>true</osbIncludeSystem>
  </properties>
  <scm>
    <connection>scm:git:git@github.com:biemond/soa_tools.git</connection>
    <developerConnection>scm:git:git@github.com:biemond/soa_tools.git</developerConnection>
    <url>https://github.com/biemond/soa_tools/tree/master/maven_osb_ps6_tool</url>
    <tag>osb.source-1.3.3</tag>
  </scm>  
</project>

The OSB project pom ( located in the OSB project folder) , this one is level deeper then the workspace pom.

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
  <modelVersion>4.0.0</modelVersion>
  <parent>
    <groupId>biemond.core.osb</groupId>
    <artifactId>tool</artifactId>
    <version>1.0</version>
    <relativePath>../../parent/pom.xml</relativePath>
  </parent>
  <groupId>biemond</groupId>
  <artifactId>osb.source.reliablemessagews</artifactId>
  <version>1.4.0-SNAPSHOT</version>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>    
    <buildDirectory>${project.basedir}/../../target</buildDirectory>
    <buildOsbBase>${project.basedir}/../../</buildOsbBase>
    <osbProjectBase>${project.basedir}/../</osbProjectBase>
    <osbIncludeSystem>true</osbIncludeSystem>
  </properties>

  <scm>
    <connection>scm:git:git@github.com:biemond/soa_tools.git</connection>
    <developerConnection>scm:git:git@github.com:biemond/soa_tools.git</developerConnection>
    <url>https://github.com/biemond/soa_tools/tree/master/maven_osb_ps6_tool</url>
    <tag>HEAD</tag>
  </scm>  

</project>

Here is the parent pom with the prepare package phase to replace the tokens in the osb setting file, package for making a sbconfig jar and the deploy phase which use the WLST import.py script to deploy it to the server.


Last step is to add some variables to the maven settings.xml, which contains all the WebLogic and OSB variables




At last we can generate some artifacts.

. osb.sh ( sets maven, java environment variables )

mvn package, builds all or 1 project depends on the location in the source folder ( OEPE Workspace )

mvn deploy -Dtarget-env=dev-osb, deploy to the dev OSB server

mvn release:prepare, prepare a release

mvn release:perform -Dtarget-env=dev-osb -DconnectionUrl=scm:git:git@github.com:biemond/soa_tools.git

Here is the url of the demo workspace on github

Build and Deploy OSB projects with Maven

2 years ago I already did the same with ANT and now I migrated these scripts to Maven. These Maven poms can still do the same like my ANT scripts.

• Build and deploy an OSB OEPE workplace
• Build one OSB project.
• Export OSB projects from an OSB server and generate a customization plan.

Here you can find my code https://github.com/biemond/soa_tools/tree/master/maven_osb_ps5 or the PS6 version https://github.com/biemond/soa_tools/tree/master/maven_osb_ps6
or with the new PS6 configjar tool which can create offline OSB exports without OEPE http://biemond.blogspot.nl/2013/04/offline-oracle-service-bus.html 

Also the readme contains some examples how to this from Java without the help of Maven or Ant.

I based my scripts on the following software and folders

My Environment Oracle OSB PS5 or 11.1.1.6 with Maven 3.0.4

JVM                         = JDK 1.7_07 x64
Middleware home      = /opt/oracle/wls/wls11g
OSB & Oracle home = /opt/oracle/wls/wls11g/Oracle_OSB1
WebLogic home       = /opt/oracle/wls/wls11g/wlserver_10.3
Oepe home               = /opt/oracle/wls/wls11g/oepe11.1.1.8

My Maven settings.xml


run . osb.sh to set all the Maven, Java variables.

To build a project or the whole OEPE workspace use this
mvn package

To deploy or export an existing OSB server use this target-env=dev so it uses the right Maven profile for the WebLogic Settings
mvn deploy -Dtarget-env=dev

Prepare a release
mvn release:prepare

Perform a release
mvn release:perform -Dtarget-env=dev 
-DconnectionUrl=scm:git:git@github.com:biemond/soa_tools.git



the pom.xml in the Maven_osb_ps5 folder build the whole source folder workspace, this generates a jar in the export folder with the same name as your pom definition.

the pom.xml in the Maven_osb_ps5/source/ReliableMessageWS and Maven_osb_ps5/source/XSDvalidation folder build only this project and generate a jar in the export folder with the same name as your pom definition.

the pom.xml in the Maven_osb_ps5/export folder export everything from the OSB server and puts the jar in the import folder.

Here is an example of a pom which build and deploys the whole OSB OEPE workspace.
This pom has the following plugins

• exec-maven-plugin for building the OSB jar and deploy the jar to the OSB server, 
• maven-assembly-plugin for adding the OSB jar as maven artifact 
• maven-release-plugin for OSB releases. 

And here the assembly to add the generated OSB jar to Maven artifact

Configure WebLogic Resource Adapters with ANT

When you use a JCA adapter in Oracle SOA Suite or OSB then you know that you need to configure a plan of some WebLogic Resource Adapter.  With this ANT script I tried to make this an easy task for you and which you can repeat on different WebLogic Domains. This ANT script can easily add multiple EIS entries to the following adapters: DbAdapter, AqAdapter and JmsAdapter in just one run. After these changes to the resource plans this script will redeploy only the changed Resource Adapter.

Special thanks for my colleague Michel Schildmeijer for inspiring me to make this flexible script and off course for the necessary WLST code.

Important to know.

• Run this script on the AdminServer, else it won't find the Resource Adapter Plans
• First you need to create a Plan for the 3 Resource Adapters (Db,Aq,Jms) and add a dummy entry, think how you name it and where you put it.
• When a plan is changed and you have a soa cluster or the soa weblogic instance is running on a different server then you need to copy the plan to all servers or put it on a shared storage.    

If you don't like this then you can always create new Resource Adapters by following this blogpost.

Let's explain how it works

first you need to change some variables in this build.properties

default this scripts runs against the weblogic dev settings.  You can change this to your own and configure the dev entries ( dev entries at the bottom of the build.properties )

wls.environment=dev

Where are the adapter rars located in your FMW domain, this can be in your SOA or OSB Home of the FMW domain.
connectorLocation=C:/oracle/MiddlewarePS3/Oracle_SOA1/soa/connectors/

Then add your own EIS entries, these ones in this var will be added to weblogic.
resourceAdapterEntries=hrDB,hrAQ,cf1JMS,cf2JMS

Think if you need to set the XA or Not XA datasource property or in Jms the connectionFactoryLocation.

# AQ entry

hrAQ.type=aq

hrAQ.eisName=eis/AQ/hr2

hrAQ.property=xADataSourceName

hrAQ.value=jdbc/hrDS

# DB entry

hrDB.type=db

hrDB.eisName=eis/DB/hr2

hrDB.property=dataSourceName

hrDB.value=jdbc/hrDS

# JMS entries

cf1JMS.type=jms

cf1JMS.eisName=eis/JMS/hr3

cf1JMS.property=ConnectionFactoryLocation

cf1JMS.value=jms/MyCF

After you can run the ANT script 

ant -f build.xml createResourceAdapterEntries 

Here you can download the code on github

https://github.com/biemond/soa_tools/tree/master/ant_resourceAdapter

Here is the whole build.properties file 

The wlst part with the wlRedeployResourceAdapter and wlCreateResourceAdapter macrodefs

And at last the build.xml

Solving __OAUX_GENXSD_.TOP.XSD with BPEL

When you use an external web service in combination with a BPEL service component in an Oracle SOA Suite 11g composite and you follow this great AIA blog about Best Practices for Decoupling Services and Avoiding Invalid Composites at Server Startup then you can get this __OAUX_GENXSD_.TOP.XSD error in

• JDeveloper, when you build the composite.
• On the SOA Suite when the service is invoked for the second time, probably on your test or acceptance environment. 

Before we start with the possible fixes, first why do you get this error. 

You can only get this error when you use BPEL in your composite. With the mediator service component I don't get this error.

In my test composite I have a simple OSB proxy and use this as a reference. So I provide the WSDL url to the WS adapter and enabled the option to download the WSDL to your project.   

Because I don't want any deployment problems ( invalid composites at deployment time or at a soa server reboot when the OSB proxy is down ). I downloaded the XSDs of the WSDL, fixed the WSDL imports. Now we can put the WSDL and the XSDs in our project folder or add them to a central place like the MDS. 

When we take a look at the reference part in the composite.xml you will see the following.

The endpoint is loaded from the Customer.wsdl ( location attribute of the binding.ws element ) and uses the port attribute to find the endpoint in the Customer.wsdl.

Here is the wsdl with the endpoint.

This works great in development ( cause you don't need to change anything)  but when you have to deploy to test or acceptance you will generate a config plan where you override the location attribute of the binding.ws (reference) with the Test OSB Proxy WSDL url, so it will use that endpoint for test or acceptance.

On the SOA Suite you can invoke this service once and after that you can get this __OAUX_GENXSD_.TOP.XSD error. Somehow the second time the SOA Suite will retrieve the test OSB Proxy WSDL and it's XSDs from the cache and it compares it with the local XSDs of your project or MDS. When there is a difference in one of the XSDs you will get this error ( can be something minor like an element annotation ). 

    

This can also happen in the JDeveloper SOA Composite builder when you load the same XSDs local and remote. 

So the solution is to keep the XML schemas in sync ( remote and local ) but this is almost impossible or you need to build everything with Maven or ANT and always replace the XSDs in every project. This also requires a lot of unit testing.

Even then you probably don't have much influence on remote services. 

So the best solution is to avoid the loading of remote WSDL. You only need to update the endpoint for the Test or acceptance environment, not to load the whole WSDL. So don't try to replace the location attribute of the binding.ws element in the composite.xml but try to update the endpoint in the WSDL located in your project or in the MDS.   

And if you use contract first Java (EJB) Web Services in Oracle Suite then you should always use the WSDL and the XSDs in your Java Web Services else you will get different schema imports then the original WSDL & XSDs.

I tested this with the Patch Set 3 version of SOA Suite 11g. 

Using OWSM Kerberos policies

In this blogpost I will explain how you can use the OWSM ( Oracle Web Service Manager) Kerberos policies in Fusion Middleware 11g. Some of these kerberos policies are compatible with the Window Active Directory KDC and these kerberos tokens can be used for authentication and message protection. It basically works the same as I described in my blog about Windows Single Sign On with web applications deployed on WebLogic. If you want to use OWSM SAML policies instead then you can use this blogpost and for username tokens or certificates protection you can use this blogpost.

OWSM support the following Kerberos server policies.

• oracle/wss11_kerberos_token_service_policy, this can be used for authentication just like the username token policies. It does not encrypt the message and can be used with AD and MIT
• oracle/wss11_kerberos_token_with_message_protection_basic128_service_policy, besides the authentication it also encrypts the message. This policy works with AD.
• oracle/wss11_kerberos_token_with_message_protection_service_policy, this policy does the same but only works with MIT. 

For Windows AD we can only use the first two policies.

Before we can start you need to know or do the following

Know the supported encryption types of your Windows Environment. For example Windows XP or Windows 2003 Domain Controller ( not SP1 ) does not support every encryption type.

I got this working with a Windows 7 client and a Windows 2008 R2 Domain Controller and my encryption type is RC4-HMAC-NT, which is also supported in Java 1.6

My Active Directory domain = ALFA.LOCAL  ( always use it in uppercase )
Make sure that all server can be found in the DNS ( and reverse ) and that the time is synchronized on all machines.

In my test environment I will use 3 servers, The first is my AD 2008 server, second is the OWSM server called soaps3.alfa.local on which we will deploy a kerberos protected JAX-WS service and third is the Web Service Proxy client machine called win7.alfa.local and this has the OWSM kerberos client policy.

We need to create 2 unique service account in Active Directory. In this case soaps3_kerb and win7_kerb and make sure that the passwords of these accounts never expires.

On the Windows 2008 DC server I did the following to generate a service account called HTTP/soaps3.alfa.local and map this to soaps3_kerb AD account. Soaps3 is the server hostname of the WebLogic Server.

First generate a keytab file for the HTTP/soaps3.alfa.local@ALFA.LOCAL account, HTTP is a container ( IIS also uses this convention ) and ALFA.LOCAL is my AD domain.

ktpass -princ HTTP/soaps3.alfa.local@ALFA.LOCAL -pass Welcome01 -mapuser soaps3_kerb@ALFA.LOCAL -out c:\soaps3.keytab -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT 

copy the generated soaps3.keytab file to the WebLogic machine ( soaps3 )
I put it in the c:\oracle folder.

Now we need to modify the Service Principal Names with the SPN utility ( Do this on the AD server )
setSpn -A HTTP/soaps3.alfa.local@ALFA.LOCAL soaps3_kerb 

Now we can do the same for the win7 machine, which will be used as ws client.
ktpass -princ HTTP/win7.alfa.local@ALFA.LOCAL -pass Welcome01 -mapuser win7_kerb@ALFA.LOCAL -out c:\win7.keytab -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

copy the win7.keytab to the oracle folder of the win7 machine
setSpn -A HTTP/win7.alfa.local win7_kerb

On the win7 and soapss3 machine we need to create krb5.ini textfile and put this in c:\windows

ALFA.LOCAL is my AD domain and soaps3 is my WebLogic server and it exists in the alfa.local dns domain.
ad-win2008r2.alfa.local is my domain controller.
the krb5.ini for the soaps3 machine
-------------------
[libdefaults]
default_realm = ALFA.LOCAL
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac

[domain_realm]
.soaps3.alfa.local = ALFA.LOCAL
soaps3.alfa.local = ALFA.LOCAL

[realms]
ALFA.LOCAL = {
    kdc = ad-win2008r2.alfa.local
    admin_server = ad-win2008r2.alfa.local
    default_domain = alfa.local }

[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true

---------------

and the win7 machine version.
-----------------

[libdefaults]
default_realm = ALFA.LOCAL
default_tkt_enctypes = rc4-hmac
default_tgs_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac

[domain_realm]
.win7.alfa.local = ALFA.LOCAL
win7.alfa.local = ALFA.LOCAL

[realms]
ALFA.LOCAL = {
kdc = ad-win2008r2.alfa.local
admin_server = ad-win2008r2.alfa.local
default_domain = alfa.local
}

------------------

Go to the JVM bin folder of the the WebLogic server. This is the soaps3 machine. Here we generate a token.

cd c:\oracle\jrockit-jdk1.6.0_26-R28\bin
kinit HTTP/soaps3.alfa.local@ALFA.LOCAL
Provide the password of HTTP/soaps3.alfa.local and the ticket will be stored in your user profile.

Do the same on the win7 machine but then with the use HTTP/win7.alfa.local account.
cd c:\oracle\jrockit-jdk1.6.0_26-R28\bin
kinit HTTP/win7.alfa.local@ALFA.LOCAL

That's all for the kerberos configuration on the windows machines. Now we need to do some configuration in the Enterprise Manager and the WebLogic Console.

First we need to configure the kerberos Login module.
Go the Enterprise Manager (EM) application of the WebLogic server. Open the WebLogic Domain treenode and select your WebLogic domain. In the Domain menu (right window) go to Security -> Security Provider Configuration

Select the krb5.loginmodule and click on the Edit button.

Here we need to provide the principal name HTTP/soaps3.alfa.local@ALFA.LOCAL and its keyTab file.

Save and restart the WebLogic server.

After that we need to create a user on the WebLogic domain or configure an AD ldap authenticator.
The user HTTP/win7.alfa.local must exists on the domain. The password does not matter because it is already authenticated against the AD.

For the server side you can enable the kerberos debugging by adding the following parameter to the EXTRA_JAVA_PROPERTIES parameter in the setDomainEnv.bat of your domain.  -Dsun.security.krb5.debug=true

Deploy the following JAX-WS service on the soaps3 server.


That's all for the server part, now we can test the web service proxy client on the win7 machine.

On the client you can also set the following project options -Dsun.security.krb5.debug=true to see all the debug information. And off course you can use the HTTP analyzer to see all the traffic.

This is my test client code.

When you run the test client you should be authenticated and see the output.

Publish to EDN from java & OSB with JMS

My previous blogpost was about how to configure the SOA Suite EDN for JMS ( EDN-JMS ) instead of AQ (EDN-DB) and in this blogpost I will show you how you can publish events from Java and OSB.

Before we start you should know that we can only make Remote Event Connections because you are running the Java or OSB process in a different JVM then the SOA Suite. And only asynchronous subscriptions will be supported for remote event connections.

First let's create a Java Client which publish the events directly to the SOA Suite Server. I will use the jars of the SOA Suite. This is not necessary. You can just publish a JMS text message and set some JMS Header properties (MessageType and SideCar )

Make a new JDeveloper  project which contains the following libraries.

Here is my test class.
And this will produce the following event on the EDN Queue.

The second part of this blogpost is how to do this in OSB.
Before we can work on the Proxy or Business Service we need to create a Foreign JNDI Provider on the WebLogic Service. ( You can also use a JNDI Provider of the OSB Configuration project )

Provide the SOA Server details.

Provide the local and remote EDN-JMS JNDI Link names. The Remote JNDI Names are fixed but you can change your  local ones.

Restart the OSB Server and open OEPE or the SBConsole.

Create a new Business Service and choose for Messaging Service as Service Type.

Event is an One Way Operation so only need to set the Request Message Type to text.

Use the Local JNDI names of the Foreign JNDI Provider in the Endpoint URI

 Select Text as Message Type.

Create a Proxy Service which call this Business Service, where we will replace the Body contents with the event data and set some JMS Headers in the Transport Header.

 Replace the body contents in a Replace Action.

My test event, the values of Id and ecid element contains unique UUID values.

And the last part is to set the Messagetype and SideCar JMS Headers

MessageType is always Remote
SideCar in my case

<business-event-sidecar xmlns:ns="http://schemas.oracle.com/events/edl/EmployeeEventEDL"
                        xmlns="http://oracle.com/fabric/sideCar">
<name xmlns="http://oracle.com/fabric/businessEvent">ns:EmployeeEvent-sidecar</name>
</business-event-sidecar>

You can test the Proxy Service in the SBConsole.

OSB Endpoint monitoring and SLA alert rules

The Oracle Service Bus got some nice features to monitor its endpoints, see if they are still online and you can enable these Proxy and Business Service endpoints in the Operations view of the SBConsole. In OSB you can also make a SLA alert rule to reports these endpoint changes to the SBConsole, send a mail , SNMP trap or publish on a JMS queue.

These options are not enabled by default, you need to do the steps, I describe in this blogpost..

When you create or deployed some new Proxy and Business Services you won't see these endpoints in the  Service Health Tab of the Operations View.

When you open the Operation Settings of the Business or Proxy Service you will see that monitoring is not activated by default.

Create a new Session and change the monitoring setting.

When you go back to the Service Health Tab of the Operations view you will now see that the Endpoint of this Business Service is still Online.

Click on the Online link and you will see that the Action link is not enabled.

If you work with the OEPE workshop you can also enable monitoring by opening the Business or Proxy Service in a text editor and change this setting manually.

When you disable the endpoint and take a look at the Service Health, you will now see that the endpoint is Offline

Click on the Offline link

When you know the endpoint is active again you can press the Action link and the OSB will check it for you and enable it again.

Next step is to make a SLA alert rule so can monitor and report the endpoints changes.
Open the SLA Alert Rules Tab of the Proxy and Business Service.

Create a new Rule and assign an alert Destination

Select Status for the endpoints monitoring. Make a rule for online and offline Endpoints.

You will now see these alerts in the SLA Alerts Tab of the Operations window of the SBConsole.