Oracle Web Service Manager

Another environment we should get familiar with…

The Oracle Web Service Manger will enable you to implement security without modifications to the existing Web Services, it will as a matter of fact create a gateway through which you access existing services.

Every service you register to the gateway will be made available through a new service URL and you can modify the security, logging or content validation of the service by using the Oracle Web Service Manger. You can, for instance, change the way a request is handled by adding additional steps to the request processing.

By default a request “pipeline” (that’s how the different steps in the processing are called) will write log information to the database. This pipeline can be extended without coding by adding different pipeline steps. During the workshop we added steps to extract credentials from the HTTP Request (or SOAP envelope), authenticate to a LDAP Directory and authorize using service roles which are defined in the LDAP Directory.

All of this was configured and tested within 5 minutes!!

I’m looking forward to the production release of Oracle Web Service Manager because sometimes we had to “stop and start all services” to work around some strange behaviour…

SOA Suite

Today, I attended a workshop at Oracle to get a first glimp of the SOA Suite 10.1.3.1. We used the “Developer Preview” of JDeveloper 10.1.3.1 to develop a few simple Web Services. The software is not yet available on Oracle Technet, but it will be…soon….

The installation of Oracle SOA Suite is very simple, run the installer and click “next”, “next”, “next”, … “finish”. By default, it installs an Oracle Lite database to store the metadata together with an Oracle Application Server 10.1.3.1. which provides a number of applications:

• Oracle Web Services Manager
• Oracle Business Rules Author
• Oracle Enterprise Service Bus
• Oracle BPEL Process Manager Controll
• Oracle Application Server Controll

One nice thing is that the Oracle Application Server is configured for Single Sign-On and it uses jazn-data.xml. This limits the amount of memory needed for the installation because you don’t need to install Oracle Internet Directory! For those of you who want to simulate the production environment, Oracle Application Server Controll enables you to change the security provider to Oracle Identity Manager, a 3rd Party LDAP Server (with standard support for Active Directory and Sun Directory Server) or use a custom JAAS security class to integrate with other LDAP Servers.

Now lets focus on what we tested tested today.

We used the JDeveloper wizards to generate and deploy a Web Service based on a Java class, and a Web Service based on a PL/SQL Stored Procedure. Nothing exciting because we already saw that working in previous JDeveloper releases.

We used Oracle Application Server Controll (formerly known as Enterprise Manager) to test the generated Web Services. No need to learn the URL’s to the deployed Web Service by heart, just navigate to the “Test Service” link and fill in the HTML form that’s generated by OracleAS. There’s even a possibility to stress test the service by entering the number of simultaneous threads, number of loops and the delay in ms.

The more demanding developers can:

• configure Web Service Auditing
• configure port level reliability features to guaranty response delivery and eliminate duplicate requests
• enable authentication mechanisms like username/password, certificate or SAML authentication
• sign SOAP messages to ensure integrity
• encrypt the SOAP message to ensure confidentiality

really nice stuff, and we didn’t use the Oracle Web Services Manager yet!!

Off course, in real life, not all Web Services are deployed to an Oracle Application Server. That’s where Oracle Web Services Manager comes into the picture.

But I’ll come back on that tomorrow….

Oracle Identity Management Suite

Within the near future Oracle will release it’s new Identity Management Suite 10g, version 10.1.4, incorporating the entire stack of new security products. Xellerate, CoreID, OctetString, etc. Spooky !!

For a detailed explanation of all the new and exciting products and features I gladly refer to this website.

Now … being a good consultant, I can not wait until the fully integrated suite finally arrives.

Oracle recently released a new version of Xellerate - i.e. Oracle Identity Manager (OIM) -, it’s newly bought provisioning platform which will probably replace the ODIP functionality – Oracle Directory Integration Platform – currently available within the Oracle Application Server stack as part of the Oracle Internet Directory (OID).

To get familiar with this new product, within the next weeks, I would like to do a setup with the following requirements:

• use our Microsoft Active Directory as the source user repository
• provision, through OIM, the OID of our Oracle Portal website
• provision, through OIM, the userbase of our knowledge base, writtin within HTMLDB/Apex and hosted on an Oracle 10g Database
  

(to be continued)

Oracle Audit Vault

A while ago we took the opportunity to participate in the beta testing of a new product named Oracle Audit Vault.

The official product description sounds like this:
“Oracle Audit Vault provides a solution to help customers address the most difficult security problems remaining today, protecting against the insider threat and meeting regulatory compliance requirements. Oracle Audit Vault will help businesses secure sensitive audit data, protect corporate reputation and meet regulatory compliance guidelines. Oracle Audit Vault is a product that enables collection, monitoring, storage, verification and reporting of audit data from various systems such as databases, application servers, applications, and operating systems.”

We are going to focus on the integration with the oracle application server. Now, we are waiting for the download, which will be available mid-august.

(to be continued)

Een Oracle Consultant op een Microsoft project

Meer dan twee jaar geleden (mei 2004) werd ik gevraagd om mee van start te gaan in een (groot) Microsoft (.NET ) project. Nochtans was ik voordien vooral actief geweest in de Oracle wereld. Toch leek het voorstel mij wel aanlokkelijk omdat ik de gelegenheid kreeg met een andere RDBMS te werken; toen moest nog gekozen worden tussen IBM’s DB2-Informix of Yukon (code naam voor SQL Server 2005 bèta). Maar ik heb vooral toegehapt omdat men expliciet op zoek was naar een “Data Architect”, en vermits die titel toen nog op mijn business kaartje stond, was de keuze snel gemaakt.
Nu heb ik geen business kaartje meer …

“Data Architect” … wat is dat ? Persoonlijk vind ik dat elk data-centric project zo iemand kan gebruiken.

Echte, éénduidige definities hiervoor vind je wel niet direct terug. En iedereen zal daar wel zijn eigen interpretatie aan geven. Het is dan ook mijn bedoeling om de komende weken een poging te doen uit te leggen wat ik onder DA versta, welke rol voor hem weggelegd is en hoe dit ingevuld werd op dat grote Microsoft project.
Daarnaast hoop ik ook ergens iets te vertellen over de opvallende verschillen die bestaan tussen het ontwikkelen van een applicatie die moet draaien tegen een Oracle database en het werken in SQL Server.

Als afsluiter wil ik alvast meegeven dat je een Data Architect nooit als DBA mag aanspreken, want dat vindt hij kwetsend

(wordt vervolgd)

Oracle Drive

A few months ago, I bumped into an interesting beta product named Oracle Drive. Meanwhile the production release is available and I started experimenting with it.

This piece of software enables you to map a WebDav folder as a “normal” network drive on your desktop.

Why is this so interesting?
Well, these WebDav Folders are implemented using an Oracle Portal Page Group. Windows Explorer can be used for manipulating documents and folders, while the right-mouse-button-menu redirects the user to Oracle Portal for administration tasks like:

1. Configuring version support
2. Granting/Revoking access rights
3. Locking documents/Folders
4. Setting additional document properties

Every document you access, will be cached for offline use on your desktop machine. No more hassle with memory sticks or other storage devices, just take your laptop with you and continue to work on the “network share”. The changes you made will be synchronized to the WebDav folder when you go online again. Off course, you can select documents to be Always Available Offline, independent of the state of your local cache.

Next to all these “Content Management Features”, Oracle Drive can be configured to backup the files on your local harddisk. This backup can be scheduled and copies your files to a WebDav folder.

All documents are stored in the database and can be backed-up up using the standard Oracle procedures.

The software can be downloaded from Oracle Technet and configuration of Oracle Drive is explained in this white paper.