Posts

Showing posts from October, 2016

WS Security - enabling passwordDigest authentication in an Oracle FMW environment

Image
Objective: To have a basic level of authentication on web services (especially where there's no transport layer security) without having to pass clear text passwords in the WS Security headers. 
Background: The concepts are fairly generic but this post is highly Oracle Fusion middleware/SOA Suite specific. There can be complex decision tree (see [1]) involved when selecting the 'appropriate' level of security for any system. As security involves trade-offs between cost, performance, usability and other variables, the 'appropriate' level of security could be highly specific to the environment, usecase, system and people. But as developers, we can still perform some due diligence based on the tools and knowledge available to us.  
My rule of thumb when developing a traditional web service or microservice is: If it's reading from a secure database or some system that is accessible only via authentication, it must only expose a secure endpoint. 
Now sites can differ con…

Managing shared metadata (MDS) in a continuous integration environment

Image
Goals and Summary: * Package shared metadata in a SOA environment and make it widely distributable (SOA MDS [2], Servicebus, maven artifact repository)  * Associated sample: https://github.com/jvsingh/SOATestingWithCitrus/tree/develop/shared-metadata   * Key command (if you use the associated pom file)  mvn deploy com.oracle.soa.plugin:oracle-soa-plugin:12.2.1-0-0:deploy -Dpassword=*****
Background: Having worked on a wide range of projects, I came to the realisation that SOA can mean vastly different things in different places. It can be about implementing the foundational service oriented architectural principles or it can be simply about using a tool or technology with SOA in its name- just like any other programming language. In a mature SOA environment, the shared metadata contains valuable artefacts that provide the foundation – subject to design, it contains the canonical information model of the enterprise (in the form of business/entity objects) and the various organisational API in…