SOAP

Testing Oracle Service Bus components


Testing Approach with OSB

I have been having a thought about what’s the best way forward with automating unit tests with OSB

First of all there are 2 things here…

One is Unit testing and the Second bit is automating them…

UNIT TESTING with OSB

A customer of mine was very keen on unit testing and automation and this is what I explained to them. There isn’t that much of an issue in adding unit tests to all services just that it means we do some additional work mocking services.
For SOAP Services it’s simply a case of writing SOAPUI web services test cases.
However since most of the integrations at the customer weren’t synchronous SOAP Services we will have to write test cases for JMS messages. Again this can be done via SOAPUI or we can also use something like citrus.
Citrus is an integration testing framework written in Java that tests your software application to fit into your customer’s environment. The tool simulates surrounding systems across various transports (e.g. Http, JMS, TCP/IP, SOAP …) in order to perform automatic end-to-end use case testing.

For JMS based Messaging services again we can have SOAPUI test cases as we did for the earlier phases of the project.

Also see http://www.soapui.org/JMS/working-with-jms-messages.html

However the bit where we might struggle or may be have to tweak things a bit is when it comes to proxy chaining which isn’t SOAP or JMS… eg. Local protocol provided by OSB  i.e. proxies that can’t be executed from the outside world…

SO for these we have the following options
1.       Do nothing i.e. don’t unit test them just test with other services… which may not be that bad as they are like internal services.
2.       Change the protocol in Dev environments allowing them to be tested individually however that might also come with other complications like there is a difference in how transactions work in local proxies etc… also the headers are different in SOAP over HTTP from JMS and the same for local.. so further analysis really needs to go into this but most likely we will have to break these down on a case by case basis and would end up with 3-4 different scenarios based on the blueprints.

3.       Also looking at some blogs people are talking about adding SOAP based wrappers for such services. Which we can consider, just that I am not a big fan of adding code that isn’t really part of your project but with careful governance we can take this approach…

 Another aspect you want to consider is how we test transformations

Xquery Transformations:

Eclipse lets you unit test them from the IDE and can also be tested from the OSB console.

Eclipse Xquery

 

xquery test

 

I haven’t tested it using any tool before but can see people have written java code to automate this. http://osbutils.googlecode.com/svn/tags/XQTestFramework-v0.2/src/com/oracle/uk/ocs/osb/xqtest/XQAbstractTest.java might be worth testing it.

In addition another approach commonly used and documented by some fellow bloggers is that we can wrap Transformations and simple services without much overhead which allows them to be easily tested along with other services using SOAPUI for example.

So all in all we can have unit tests for OSB just that we need to identify all the scenarios i.e. soap calls, jms services, adapters, sync, XQuery transforms one way services etc… Also Queues and we should be able to unit test them…
There is a very useful post on Eric’s site regarding how to use Citrus framework which can plug with maven to provide automation of unit tests.
http://www.xenta.nl/blog/2010/04/12/eaioracle-service-bus-testing-with-citrus-framework-part2/
http://www.citrusframework.org/index.html

Part 2 AUTOMATING Unit Tests

If we want to initiate the entire unit tests and plug them with the Continuous integration

I think the biggest challenge is that normally unless you have a dedicated environment which only contains the mocks you would struggle to do that. In a normal integration environment we will need to first either automate creation of a session executing a Customization file which switches the endpoints to mocks and then executes the requests (all this is doable using maven and automation scripts – just not desirable)….. The good thing is with OSB you can undo a session so may be post execution the changes to endpoints in rolled back.
Preferred solution: would be to have a dedicated Unit test environment with all the mocks running on this environment, which can be used with CI. As soon a developer checks the code in the CI kicks in and checks the code out, performs the build, executes all the test cases and provide you the report about the test coverage. This can work with Bamboo as it has worked with Continuum and some other tools which I have tried in the past, I might be looking to hook this will Bamboo in the coming few days for one of our customers.
Test coverage Reports using SOAP UI

run-sample-testsuite

create-sample-report

a web service testing result report created with soapUI Pro

testsuite-coverage

Test Coverage using Citrus

Oracle Service Bus testing with Citrus

Other thing that just came to mind was maybe we can be using dynamic routing to switch between mock or real endpoints based on the input message but in that case the mock business services will have to live on the server as well…again you wont want these to progress through the environments so you will have to have a strong governance model around how to ignore certain files from deployments…. Or may be how to ignore all files sitting in the Unit test folder of the project….  Again more thought needs to go into each of these options…

References: http://eelzinga.wordpress.com/2010/04/12/eaioracle-service-bus-testing-with-citrus-framework-part2/
http://www.citrusframework.org/index.html
http://www.slideshare.net/gschmutz/best-practices-for-testing-soa-suite-11g-based-systems

Continuous Integration with OSB – http://redstack.wordpress.com/2013/05/02/building-osb-projects-with-maven-and-removing-the-eclipse-dependency/

http://soa-java.blogspot.co.uk/2011/12/continuous-integration-for-oracle-osb.html

These are the just the various options I have considered so far for the Testing Approach with OSB and how it plugs into CI… Further analysis may be needed for some of these to ensure they are the best possible solution for your organisation.

I would be interested to know what your views are on some of these?

Securing an OSB Service with OWSM


In this post I will show how to secure a web service used by OSB ( Oracle Service Bus ) by authenticating it against an OWSM (Oracle Web Services manager) policy.

We will add a User Name Token service OWSM policy to secure the Proxy Service in OSB.

Below are steps in using a simple web service in OSB and applying it with OWSM policy.

oracle/wss_username_token_service_policy

 

 

OSB Business/Proxy services

The OSB project is firstly created, then the web service is imported into OSB. Following this is creating the OSB Business and Proxy Services.

Create Project

  • Select Project Explorer.
  • Project Explorer: press Projects link.
  • Change Center section: press [Create] or [Edit].
  • Projects screen. Enter new project name i.e. “OWSM-Demo” and press [Add Project].

  • Change Center section: press [Activate] and submit details.

Import Web Service

  • Change Center section: press [Create].
  • Project Explorer: select “OWSM-Demo”
  • Resources section: Create Resource field select: Bulk->Resources from URL.
  • Load Resources wizard | Load Resources From URL screen: enter the following.
  • Review Loaded Resources screen: accept defaults and press [Import].
  • Change Center section: press [Activate] and submit details.

Create Business Service

  • Change Center section: press [Create].
  • Project Explorer: select “OWSM-Demo”
  • From the Create Resources drop-down, select Business Service.
  • Create a Business Service (OWSM-Demo/) wizard:General Configuration screen:
    • Service Name field: enter “validateCardService”
    • Description field: enter anything i.e. “Business Service to validate CC”
    • Service Type section select ‘WSDL Web Service’ and press [Browse].
    • Select a WSDL window: select wsdl validateCC and press [Submit]
    • Select a WSDL definition: select entry in Port i.e. validateCCPort and press [Submit].
    • WSDL Web Service field populates entries
    • Press [Last] then [Save] in the Summary screen, and then activate changes.

Test Business Service

  • Project Explorer: select “OWSM-Demo”
  • Resources section: for the new Business service just created press the ‘Launch Test Console’ icon.

  • Business Service Testing – validateCardService window: Request Document section: Modify the XML so it returns a valid value and press [Execute].
  • The response will depend on the web service you are using. Since we are not testing OWSM policies at this stage there is no need to add any security in the header.

Create Proxy Service

  • Change Center section: press [Create].
  • Project Explorer: select “OWSM-Demo”
  • From the Create Resources drop-down, select Proxy Service.
  • Create a Proxy Service (OWSM-Demo/) wizard: General Configuration screen:
    • Service Name field: enter “validateCardProxy”
    • Description field: enter anything i.e. “Proxy Service to validate CC”
    • Service Type section select ‘Business Service’ Press [Browse].
    • Select Business Service window: select a business service i.e. “validateCardService” and press [Submit].
    • Business Service field is populated with the selected business service.
    • WSDL Web Service field populates entries.
  • Press [Last] then [Save] in the Summary screen, and then activate changes.

Test Proxy

  • Test the Proxy Service the same well the Business Service was tested by pressing the ‘Launch Test Console’ icon for the Proxy Service.

Secure the Proxy Service

Will provide authentication for the Proxy Service by adding OWSM policy i.e. oracle/wss_username_token_service_policy.

Add OWSM Policy

  • Change Center section: press [Create].
  • In the OWSM-DEMO project select the Proxy Service.
  • View a Proxy Service screen: select Policies tab.
  • Service Policy Configuration section: select OWSM Policy Bindings and expand proxy name i.e. validateCardProxy.
  • Press [Add].
  • Select OWSM Policy screen: select oracle/wss_username_token_service_policy and press [Submit].
  • The OWSM policy is registered with the Proxy Service.
  • Press [Update].
  • Select Security tab
  • Web Services Security Configuration section: Process WS-Security Header field: press [Yes].
  • Press [Update] and activate changes.

Create a Keystore File

  • Proceed to folder.
    $WLS_HOME/user_projects/domains/<domain>/config/fmwconfig
  • Run the following command to create the default keystore.
    keytool -genkeypair -keyalg RSA -alias orakey -keypass welcome1 -keystore default-keystore.jks -storepass welcome1 -validity 3600

    What is your first and last name?
    [Unknown]: weblogic
    What is the name of your organizational unit?
    [Unknown]: Support
    What is the name of your organization?
    [Unknown]: Oracle
    What is the name of your City or Locality?
    [Unknown]: US
    What is the name of your State or Province?
    [Unknown]: US
    What is the two-letter country code for this unit?
    [Unknown]: US
    Is CN=weblogic, OU=Support, O=Oracle, L=US, ST=US, C=US correct?
    [no]: yes

 

Configure Keystore Configuration in EM

  • Log into EM and expand node Weblogic Domain.
  • Right-click domain name and select Security | Security Provide Configuration.
  • Security Provider Configuration screen: Expand Keystore.
  • Press [Configure].
  • Keystore Configuration screen: Add the following keystore information.
    • Keystore Path: Do not need to change this since the default-keystore.jks file is in the fmwconfig directory.
    • Password: welcome1
    • Key Alias: orakey
    • Signature Password: welcome1
    • Crypt Alias: orakey
    • Crypt Password: welcome1
  • Save changes.

 

Configure Security Credentials in EM

  • Still in EM, right-click domain name and select Security | Credentials.
  • Credentials screen: expand/select oracle.wsm.security
  • Press [Create Key].
  • Create Key dialog: add the following.
    • Map: oracle.wsm.security (default)
    • Key: joe-key
    • Type: Password
    • User Name: joe (this will be the same username that will be used OSB console).
    • Password: welcome1 (this will be the same password that will be used OSB console)
    • Press [OK].

Add a User in OSB

  • In OSB Console select Security Configuration | Users.
  • Summary of Users screen: press [Add New].
  • Create New User screen:
    • User Name field: enter “joe”
    • New Password/Confirm Password fields: “welcome1”.
    • Press [Save]. The user “joe” will appear in list of users.

 

Test OWSM Policy in OSB

 

Reference: Oracle Knowledge Base (Doc ID 1265548.1)

Implementing Security with OSB


I am looking to implement WS Security with OSB for one of our customers, so on doing a quick search the following articles caught my eye.

Will be looking at some of these before I decide what would work best for my situation, or whether I need to come up with a new approach all together.

Well on further investigation it seems OWSM is the only way forward as the WS-Policy will be deprecated from 12c.

Various Articles on the web

OSB WS-Policy

Adding Security to Oracle Service Bus with Oracle Web Services Manager