Archive for category Oracle
Web Services Security with OpenSSO Security Token Service (STS)
Posted by Sébastien Stormacq in Java, Oracle on 14/12/2010
I recently experimented with OpenSSO Secure Token Service, one of the rare component Oracle will migrate from Sun’s Identity Management Suite to Oracle’s IAM Suite.
An Open Source implementation is also available from ForeRock’s OpenAM.
To summarize, a Secure Token Service is a third-party broker where Web Services clients can authenticate and receive a security token to be sent to a Web Service Provider. The Web Service Provider will, in turn, validate the token and to evaluate authentication and authorization decisions.
The best STS description / tutorial I found on the web is on a deprecated page of Microsoft’s MSDN. If you don’t know about STS, I highly recommend to read this serie of articles.
After installing / setting up OpenSSO / OpenAM, you will be ready to configure the STS part.
There are three approaches to interact with STS Server
Approach #1 – STS’s WSDL definition
This is the platform agnostic approach. Just rely on STS’s WSDL definition to generate whatever client code you will need.
Unfortunately, on Java SE 6, this approach fails because of incompatibilities in OpenSSO’s STS WSDL definition and JAX-WS.
ForgeRock’s community is tracking this issue under Bug ID 287 and Bug ID 306
Stay tuned on ForgeRock’s JIRA for more details on this approach.
Approach #2 : Using JAX-RPC and JSR 196 provider
JSR 196 is a SPI specification allowing to hook a filter inside a container. This filter will be invoked for all incoming and outgoing JAX RPC call, allowing it to be used for logging or security purposes for example.
OpenSSO and OpenAM do provide a JSR 196 provider for web service authentication (JSR 196) and authorization (JSR 115). This provider is able to work with an STS provider. The provider is available as part of openssowssprovider.jar JAR file.
While a little cumbersome to configure, this approach is working out of the box. As long as you strictly follow the documentation. These troubleshooting steps will probably be useful as well.
However, this approach has a major drawback : it is JAX RPC based, i.e. quite old, now that the (Java) world has embraced JAX WS. In other words, Oracle only supports this when the web service provider and the web service consumer are deployed into a GlassFish v2 instance.
So, if you want to use JAX WS, you will require a little more work.
Approach #3 – JAX WS
JAX-WS also provides hooks to intercept outgoing and incoming SOAP requests. These hooks are named “Handler“.
The good news about Handlers is that they are web-app specific, unlike JAX-RPC JSR 196 provider which are installed at container level; hence for all your web applications.
You can think of an Handler as a Servlet Filter, dedicated to web service calls. They can be part of a web app, to protect web services providers, or stand alone client, to protect web service consumers. IBM has a very good documentation about using Handlers with JAX WS web services.
To test OpenSSO / OpenAM STS service with JAX WS handlers, I suggest you to read this tutorial.
All in all, this is an excellent step by step article, covering deployment in Tomcat, GlassFish and Websphere.
Unfortunately, you will soon realize that these step by step instructions are not working.
Problem #1 : Oracle removed the download link to openssowssagents.jar file. Yes you read it right. As of today, there is no binary distribution for the JAX WS Handlers and WSS Agents. The JAR file is only available from ForgeRock.
Problem #2 : JAX-WS ClientHandler and ServerHandler are not included in openssowssagents.jar file. So even, if you are downloading ForgeRock’s JAR file, you won’t get these two JAX WS handlers.
So the only solution is to download the source code and built it yourselves. Building OpenSSO / OpenAM is not an easy task. This product has many dependencies and historical (legacy) branches. Anyway, your build will not be supported by Oracle nor ForgeRock. For your convenience, here is a openssowssagents.jar file with the JAX WS classes included.
Should you have a valid support contract with Oracle and/or ForgeRock, do not hesitate to open a support case and see what / if /how they will handle this situation.
Enjoy !
Coherence Plugin for NetBeans IDE
Posted by Sébastien Stormacq in Java, Oracle on 11/12/2010
While working with Coherence, we might find convenient to start, stop and query Coherence cluster node directly from the IDE.
My colleague Andrew wrote a plugin to allow this. In addition, the plugin takes care of generating the tedious boilerplate code required for object serialization.
Good Job Andrew !
You will have more details and a short documentation on Andrew’s blog. And you can download the plugin from NetBeans’ plugin portal.
Evaluating Coherence on Mac OS X
Posted by Sébastien Stormacq in Java, Oracle on 10/12/2010
Coherence is a in-memory distributed cache system, usually sitting in between your application servers and your databases.
Coherence is designed to be extremely scalable and has no single point of failure.
It was originally developed by TangoSol and acquired by Oracle in March 2007.
Although usually used by large scale Internet web site and transactional system, Coherence happens to be very lightweight and easy to use for evaluation / development.
Coherence is fully developed in Java and runs on any Java-enabled platform, including Solaris, Linux, Windows and Mac OS X. Coherence provides clients libraries for Java, .Net and C++ applications.
In this serie of articles, I will show how to test and evaluate Coherence on a Mac OS X system.
1. Get the package
You can freely download Coherence from Oracle Technology Network (free membership required)
2. Unzip the package
marsu:~ sst$ unzip coherence-java-3.6.0.0b17229.zip
3. Inspect the package and be sure the scripts are executable
marsu:~ sst$ ls coherence bin doc lib product.xml
Without surprises :
- bin – will contains the executable
- doc – contains the javadoc
- lib – contains the JAR to be included with your application
marsu:~ sst$ chmod u+x bin/*.sh
4. Start a first cluster node
marsu:coherence sst$ ./bin/cache-server.sh
Many lines will be output on the console. Be sure to read
Group{Address=224.3.6.0, Port=36000, TTL=4}
MasterMemberSet
(
ThisMember=Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer)
OldestMember=Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer)
ActualMemberSet=MemberSet(Size=1, BitSetCount=2
Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer)
)
RecycleMillis=1200000
RecycleSet=MemberSet(Size=0, BitSetCount=0
)
)
Group{Address=224.3.6.0, Port=36000, TTL=4}
MasterMemberSet ( ThisMember=Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer) OldestMember=Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer) ActualMemberSet=MemberSet(Size=1, BitSetCount=2 Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer) ) RecycleMillis=1200000 RecycleSet=MemberSet(Size=0, BitSetCount=0 ) )
And … that’s it. The first cluster node is started.
5. Start a second cluster node
In another terminal, type :
marsu:~ sst$ cd coherence marsu:coherence sst$ ./bin/cache-server.sh
In the output, be sure to read
MasterMemberSet ( ThisMember=Member(Id=2, Timestamp=2010-12-10 13:05:16.693, Address=192.168.0.2:8090, MachineId=26626, Location=machine:marsu,process:42023, Role=CoherenceServer) OldestMember=Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer) ActualMemberSet=MemberSet(Size=2, BitSetCount=2 Member(Id=1, Timestamp=2010-12-10 13:02:01.121, Address=192.168.0.2:8088, MachineId=26626, Location=machine:marsu,process:42007, Role=CoherenceServer) Member(Id=2, Timestamp=2010-12-10 13:05:16.693, Address=192.168.0.2:8090, MachineId=26626, Location=machine:marsu,process:42023, Role=CoherenceServer) ) RecycleMillis=1200000 RecycleSet=MemberSet(Size=0, BitSetCount=0 ) )
6. Troubleshooting startup issues
By default, Coherence uses multicast to communicate between servers. In some rare cases, Multicast might fail, preventing the second node to join the cluster.
Be sure to check the documentation and these troubleshooting notes if you run into a problem.
7. Using the cache interractively
Coherence has a command line interface to manipulate objects in the cache,
marsu:coherence sst$ ./bin/coherence.sh ** Starting storage enabled console ** (many lines suppressed) 2010-12-10 13:26:02.066/1.264 Oracle Coherence GE 3.6.0.0 <D5> (thread=Invocation:Management, member=3): Service Management joined the cluster with senior service member 1 Map (?):
Let’s first create a cache :
Map (?): cache currencies 2010-12-10 13:31:30.019/329.217 Oracle Coherence GE 3.6.0.0 <Info> (thread=main, member=3): Loaded cache configuration from "jar:file:/Users/sst/coherence/lib/coherence.jar!/coherence-cache-config.xml" 2010-12-10 13:31:30.151/329.350 Oracle Coherence GE 3.6.0.0 <D5> (thread=DistributedCache, member=3): Service DistributedCache joined the cluster with senior service member 1 <distributed-scheme> <scheme-name>example-distributed</scheme-name> <service-name>DistributedCache</service-name> <backing-map-scheme> <local-scheme> <scheme-ref>example-binary-backing-map</scheme-ref> </local-scheme> </backing-map-scheme> <autostart>true</autostart> </distributed-scheme> Map (currencies): Map (?): cache currencies2010-12-10 13:31:30.019/329.217 Oracle Coherence GE 3.6.0.0 <Info> (thread=main, member=3): Loaded cache configuration from "jar:file:/Users/sst/coherence/lib/coherence.jar!/coherence-cache-config.xml"2010-12-10 13:31:30.151/329.350 Oracle Coherence GE 3.6.0.0 <D5> (thread=DistributedCache, member=3): Service DistributedCache joined the cluster with senior service member 1<distributed-scheme> <scheme-name>example-distributed</scheme-name> <service-name>DistributedCache</service-name> <backing-map-scheme> <local-scheme> <scheme-ref>example-binary-backing-map</scheme-ref> </local-scheme> </backing-map-scheme> <autostart>true</autostart></distributed-scheme> Map (currencies):
Populate the cache :
Map (currencies): put USD "US Dollar" null Map (currencies): put EUR "Euro" null Map (currencies): put CHF "Swiss Franc" null Map (currencies): put GPB "British Pound" null
Play with the cache :
Map (currencies): size 4 Map (currencies): get CHF Swiss Franc Map (currencies): remove CHF Swiss Franc Map (currencies): size 3 Map (currencies): list GPB = British Pound USD = US Dollar EUR = Euro
8. Next Step
In the next article, I will show you how to programmatically interact with Coherence from a Java application.
Out of the box integration
Posted by Sébastien Stormacq in Oracle on 09/12/2010
 |
One year ago, when I tried to run Oracle’s Enterprise Linux 5 within VirtualBox, I ran into many configuration issues to get folder sharing, mouse integration and full screen correctly working.
Today the story is different. I just tried Enterprise Linux 5 update 4, with the latest VirtualBox 3.2.12. Everything is working out of the box. Everything. I have to admit I am impressed how Oracle manage to integrate all its product line. Enjoy ! |
An easy way to evaluate Oracle SOA / BPM offering
Posted by Sébastien Stormacq in Java, Oracle on 06/12/2010
| One of the big pain when willing to evaluate the SOA or BPM offering from Oracle is the installation process. These are not simple toys to play with, they require some hundreds of Mb to download and some patience to carefully install all components and their dependencies.
Unless you have a good tutorial or book at hands, the result is likely to fail, believe me. I’ve been there, I’ve done that. The good news, is that we are helping you out by providing Virtual Machines images, ready to run and pre-installed with all the software you will need : the database, the application server, the SOA suite with BPM and BAM. Patience is only required during the 6Gb download now. Be sure to have the latest version of Virtual Box installed on your machine and a few Gbs (2-3 at least) available for the virtual machine. Enjoy ! |
 |