Custom xpath functions in service bus by Milco Numan

clip_image002

How can you create  custom XPath functions in Oracle Service Bus 12c? And how can you use these in both  XSLT and XQuery? Let’s find it out. I like to show you how they’re different in behaviour.

The context of my post comes from one of my projects, where we were migrating quite some (stateless) services from the SOA (BPEL) platform to Service Bus. Since our clients were already ‘virtualized’ to our clients (i.e. clients invoked them through the Service Bus), we could easily change the implementation platform without changing the service contracts.

For the transformation, we were reusing the existing XSL transformations, so a couple of the custom XPath functions had to be made available in Service Bus. Additionally, we were also introducing the DVM (Domain Value Maps) as a replacement for a custom coded lookup-implementation, created when DVMs did not yet exist. For this purpose, we had to create a custom XPath wrapper function, in order to implement some custom logging that the customer did not want to lose.

Test XPath function

As a simple scenario, I am using base-64 encoding and decoding to be implemented as custom XPath functions (code is shared through GitHub). In order to test the custom XPath function, I have created some very simple proxies and pipelines that do not route to any other service but instead just call upon a transformation in order to test my custom functions:

Child elements

In the reply element I have three different child elements, the first contains the untransformed contents of the input string and the second contains the base64 encoded contents. The last element contains the value after invoking the decode operation on the encoded string, to verify that the inverse operation restores the original value. Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Who needs a service bus anyway? By Milco Numan

clip_image002

 

Some time ago I was having a discussion about the setup of a SOA project on which a former colleague was about to work on. The purpose of this project was to implement a synchronous service API for a third party systems to integrate with. This API needed to conform to a B2B standard (written some ten years ago) and in their particular case, it would need to provide data from their legacy ERP system.

The API description consists of several different ‘business operations’ where their request messages come in over HTTP in a variety of predefined formats, e.g. as an HTTP GET operation where the parameters are encoded in the URL string or sending an HTTP POST operation where the request message is contained in the body: in both cases, the response is handed back as an XML message. In order not to exclude third party systems, both flavours of operations would need to be implemented.

One of the other requirements for the API was that it needed to implement an operation to list all operations that it currently supports, together with the endpoints on which these operations need to be invoked.

Restrictions

One of the current implementation of the third party systems they were looking to integrate with was quite quirky in that it required all operations to have the exact same endpoint. So, it was a tough choice to either exclude this system from the possible clients and create a ‘proper’ implementation where all operations have their own endpoints, or to provide an implementation where there’s only one endpoint that basically functions as a dispatcher for the different operations.

Summarizing:

  • XML POST interface, request = XML, response = XML for all operations
  • HTTP GET interface, request = None, response = XML for all operations
  • Provide a single endpoint accepting all these requests at the same address

Service Bus to the rescue

As we were discussing the project and its requirements, it turned out that their internal IT department had already started development using Oracle SOA Suite, as their skills in BPEL were ‘the hammer that made this problem look like a nail’. However, my feeling was that this project would actually be much better off by the introduction of Oracle Service Bus to transform different message formats into a generic XML representation (and depending on the complexity: implement the message flows entirely in Service Bus or offload the more complicated ones to SOA Suite).

Scenario

As I am somewhat branded by my background in chemistry, I will show my proposed implementation using some ‘chemical’ webservices from WebServiceX as an example. For the backend implementation, invariably the SOAP implementation of the service will be used. For my convenience, I am reusing the XML structures that are provided by the WebserviceX implementations, saving myself the hassle of transforming the messages structurally or with respect to their namespaces.

In the following scenario, I am exposing two operations (GetAtomicNumber and GetAtomicWeight) in two different message formats:

HTTP GET: http://server:host/HttpGetAtomicNumber?RequestName=GetAtomicNumber&elementName=boron

XML POST: http://server:host/GetAtomicNumber

Furthermore, all operations will also be available at a consolidated endpoint for both request message formats, at http://server:host/OneProxyForAll

Schematic implementation

The following diagram shows a schematic representation of the desired setup; on the left hand side, you can see the exposed proxies (HTTP GET, XML POST and Generic Gateway), connected through some Service Bus flow logic with a Service Bus Business Service, exposing the actual implementation logic:

Environment

The sample project was built using Oracle’s 12.1.3 Virtual Image, downloadable from Oracle Technology Network. Read the complete article here.

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki

Consuming OAuth protected resources using Oracle Service Bus article series by Milco Numan

 

clip_image002In this blog post, I will provide a general introduction of REST, explain some of the choices made and lay some of the ground work. The second part of this blog series will discuss the token management part while the third and final part describes the actual creation of the SOAP services providing the proxy to the external REST APIs.

With the introduction of SOA Suite 12c, the Oracle JCA REST adapter was introduced for use in both SOA and Service Bus 12c. This enables SOA developers to expose REST interfaces to their service consumers. A study by the Oracle A-team shows that in certain scenarios response times on mobile platforms may be reduced by an order of magnitude by consuming REST services instead of their SOAP equivalents.

However, using the REST adapter you cannot only expose REST interfaces to your own service implementations (inbound REST), but you can also consume REST services (outbound REST). In this series of blogs, I will demonstrate how I implemented a use case of “outbound” API management for a proof of concept, where the REST services were exposed as SOAP web services to our internal clients (which are largely “REST unaware”). An additional dimension is provided by the fact that the REST APIs invoked are secured by OAuth 2.0, so also some token management is needed in order to successfully invoke the service.

What about Security?

I am glad you asked. As SOAP has quite a number of standardized extensions in the realms of orchestration and security, this is very much “terra incognita” in the REST world. Well, not really. As REST is leveraging the HTTP protocol as the transport mechanism, a first step in security would be to use HTTPS (HTTP over SSL) to prevent an intermediary from eavesdropping on the communication between the service and the client. However, this will only prevent the interception of messages, it does not provide the server with any method of determining the origin of the request. Using HTTP Basic Authentication may be an option to force the client to sent some identification to the server, but the problem is that this scenario is not very useful for application to application message exchange as it does not provide options to provide temporary access or to revoke the access.

Enter OAuth, “an open protocol to allow secure authorization in a simple and standard method from web, mobile and desktop applications.” Version 2.0 of this protocol has been published in 2012 and is widely in use for securing access and authorization to services, e.g. Google, LinkedIn, Facebook, Dropbox and Paypal to name a few.

What is REST?

What is REST? And how does if differ from SOAP? Well, first of all REST and SOAP are intended to access (remote) Web Services. Where SOAP is a heavy-weight protocol, involving predefined message structures and formats, REST is defined very loosely as an “architectural style”. Messages transmitted to SOAP web services are always encoded as XML data structures, whereas the payload in REST can be either XML or JSON. The latter seems to be the preferred format nowadays, I came across a site describing JSON as “The Fat-Free Alternative To XML“.

In REST, you are manipulating “resources” (types of objects, e.g. customers, orders, items and the like) using standard HTTP methods. You’d use the GET method on a resource to retrieve a single instance or collection, use the HTTP POST method to create a new one, update a resource instance using HTTP PUT and the HTTP DELETE takes care of removing an object. Read part 1 here and read part 2 here and read part 3 here

SOA & BPM Partner Community

For regular information on Oracle SOA Suite become a member in the SOA & BPM Partner Community for registration please visit www.oracle.com/goto/emea/soa (OPN account required) If you need support with your account please contact the Oracle Partner Business Center.

Blog Twitter LinkedIn image[7][2][2][2] Facebook clip_image002[8][4][2][2][2] Wiki