Wednesday, April 30, 2008

How to change Input/Output Variable for a BPEL Process

When you create a BPEL process project it asks for input and output XSD elements, you can choose your input and output elements over there. Once you are finish with the project creation you can start designing BPEL flow using the IDE. It is the ideal scenario where you have your input and output XML schema's defined before starting development of BPEL process and these schema's won't require any modifications in the future. But in the real life scenarios it rarely happens. Any change in requirements or policies impacts input and output XML schema's. Sometimes you need to change input and output schema elements for a BPEL process.

Changing input or output XML schema element types is really a challenge in JDeveloper. You need to check for the impact of these changes. JDeveloper doesn't give any feature to update all the artifacts impacted by any changes in the input/output XSD elements. You need to modify all the impacted artifacts manually.

Every BPEL process is exposed as a web service using WSDL so you need to change the WSDL first. If you need to use input/output elements from an XSD or WSDL file, you need to import the XSD or WSDL in your BPEL process project WSDL.

To import a WSDL use the following statement:

<import namespace="Namespace of WSDL" location="WSDL Location"/>

To import an XSD use the following statement:

<types>

<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<xsd:import namespace="Namespace of XSD" schemaLocation="XSD Location"/>

</xsd:schema>

</types>

Delete all the <import> statements having unused XSD's or WSDL's. Make sure that all the imported XSD's and WSDL's doesn't have duplicate elements and you are not importing any WSDL, XSD more than one time, otherwise you will get ORABPEL-10902 error while compiling the BPEL process project.

Next step is to change the input/output element type. If you are importing a WSDL for input/output element you need to change the input and output message for the desired operation. e.g.

<operation name="process">

<input message="prefix:Message Type"/>

<output message="prefix:Message Type"/>

</operation>

If you are importing an XSD for input/output element you need to change the element name in the message part for request and response messages.

<message name="YourProcessNameRequestMessage">

<part name="payload" element="prefix:Element Name"/>

</message>

<message name="YourProcessNameResponseMessage">

<part name="payload" element="prefix:Element Name"/>

</message>

Make sure that you are providing the correct elements and you are using the correct namespaces otherwise you will get ORRABPEL-10902 error with the following message:

[Error ORABPEL-10902]: compilation failed [Description]: in "bpel.xml", XML parsing failed because "undefined part element.

Validate your BPEL flow, compile it and deploy it on the server.

Sunday, April 27, 2008

How to change Namespace for a BPEL Process Project:

I have seen many developers faced problems while changing namespaces for a BPEL process project. When you create a project in JDeveloper it asks for the project namespace and uses the given namespace for the project artifacts. JDeveloper does not give any option to change namespace for a BPEL process project after creating the project. You could have faced the same issue many times.

To change namespace for a BPEL Process project you need to modify .wsdl, .bpel and .xsd files in your BPEL Process project manually. You need to modify the targetNamespace in .wsdl, .bpel, .xsd files from old to the new one.

Saturday, April 26, 2008

Bug In Oracle BPEL Process Manager Console

Last week one of my colleague was developing a synchronous BPEL process. He was using a nested XML schema to create input variable for the BPEL process. After completion of development he deployed the BPEL process on Oracle BPEL Process Manager 10.1.3.3. While testing he got a time out exception, he thought process is doing heavy processing so it might take longer to complete the execution so he increased the time out for synchronous process by setting a larger value for “syncMaxWaitTime” property. He tried so many times with no luck. Then he checked the flow on BPEL console and he found the assign activity is having SelectionFailure error so he started checking BPEL process . He checked XSD's and the XPATH expressions used in assign activity. He was wondering why he is getting SelectionFailure even though everything is correct in the BPEL process and XSD's.

After investing ample of time he has got frustrated and started looking for someone who has already faced the same issue and lucky enough to get rid of this issue.

The reason behind this issue is the wrong input XML that was generated by Oracle BPEL Process Manager. The namespace prefixes are not correct in the input XML so it was not able to find the values from input XML document.

Following input XML is generated by the BPEL Process Manager Console, see the namespace prefixes given in bold, these namespace prefixes are wrong :

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body xmlns:ns1="http://xmlns.oracle.com/schemas/employee">
<ns1:Employee>
<ns1:PersonalDetails>
<ns1:Name>Vijay</ns1:Name>
<ns1:Age>30</ns1:Age>
</ns1:PersonalDetails>
<ns1:Address xmlns:ns2="http://xmlns.oracle.com/schemas/common">
<ns2:Address1>2800 S Ashland</ns2:Address1>
<ns2:Address2>GeenBay</ns2:Address2>
</ns1:Address>
<ns1:Department xmlns:ns3="http://xmlns.oracle.com/schemas/common">
<ns3:Name>IT</ns3:Name>
<ns3:DeptType>Development</ns3:DeptType>
</ns1:Department>
</ns1:Employee>
</soap:Body>
</soap:Envelope>

So correcting the namespace prefixes solved the problem. See the modified XML schema given below.

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body xmlns:ns1="http://xmlns.oracle.com/schemas/employee">
<ns1:Employee>
<ns1:PersonalDetails>
<ns1:Name>Dan</ns1:Name>
<ns1:Age>30</ns1:Age>
</ns1:PersonalDetails>
<ns2:Address xmlns:ns2="http://xmlns.oracle.com/schemas/common">
<ns2:Address1>2800 S Ashland</ns2:Address1>
<ns2:Address2>GeenBay</ns2:Address2>
</ns2:Address>
<ns3:Department xmlns:ns3="http://xmlns.oracle.com/schemas/common">
<ns3:Name>IT</ns3:Name>
<ns3:DeptType>Development</ns3:DeptType>
</ns3:Department>
</ns1:Employee>
</soap:Body>
</soap:Envelope>

Wednesday, April 9, 2008

Invoking WS-Security compliant Web Services from Oracle BPEL

In last post I have discussed my experience on invoking Web Services using SSL from Oracle BPEL. SSL is a transport level security mechanism; it offers authentication, confidentiality and message integrity. It is one of the proven technologies to secure web applications. Various organizations leverage SSL to protect their web applications.

SOA applications are loosely coupled and composed with multiple services. SOA applications are discoverable from public registries. So securing SOA application is not only securing the transport layer. For a Business Process it might be required to invoke multiple intermediary services. Transport Layer Security can only guarantees security when data is on wires. SOA application security requires a mix of Transport Layer Security and Application-Level Security.

Nowadays many organizations are using Web Services to implement SOA. In Web Services world a lot of specifications are existed to address SOA security needs:

  • WS-Security.

  • WS-Addressing.

  • WS-ReliableMessaging.

  • WS-Policy.

  • WS-SecurityPolicy.

  • SAML.

  • WS-Trust.

  • WS-SecureConversation.

  • WSFederation

In future posts I would discuss all the above mentioned standards in detail.

WS-Security specification provides extensions to the SOAP envelope header used to implement integrity and confidentiality of a message and authenticating the sender. WS-Security specifies how to associate a security token with a SOAP message. WS-Security specification is designed to be extensible. It doesn’t require any specific type of security token.

Oracle SOA Suite supports WS-Security specification. We can handle most of the complex SOA security scenarios using Oracle BPEL Process Manager and Oracle Web Service Manager.

User Name Token” is a very common scenario to authenticate the web service consumer. It provides a standards-based way to send user credentials so that web services deployed on different platforms can share user credentials. It utilizes a message-based security approach moving credentials outside of the actual operation into SOAP headers without modifying the Web Service contract,

Let’s assume a WS-Security compliant Web Service is deployed on Axis2 and this method contains a method named getPrice(). To interact with this web service, you need to send SOAP messages containing valid WS-security credentials. We can convert any unsecured web service to a secured web service. No need to modify any web service to make it secure. The WS security specification plays with the soap headers rather than modifying the business logic or adding the authentication and authorization logic inside any service. It is the beauty of the WS-Security specification.

To pass security credentials from a BPEL process to another BPEL Process or any other web service it is required to set the following properties on the partner link which is used to invoke a WS Security compliant web service:

wsseHeaders Creates a WS-Security username token. The following values are supported:

  • propagate — If the process has been invoked securely, these credentials are also used for the outbound direction

  • credentials — Passes credentials from the BPEL deployment descriptor(bpel.xml).

wsseUsername The username for the token. It is a required property.

wssePassword The password for the token. It is an optional property.

Now you are ready to create a BPEL process in JDeveloper. Follow the given steps to create a BPEL Process:

  • Create a new BPEL process project named “InvokeWSSecurityCompliantService“ with the Synchronous BPEL Process.


  • Click on next and accept all the defaults and finish the wizard.

  • Right click on the services area and choose “Create Partner Link” from the context menu.

  • Name this partner link “WSSecurityCompliantServicePL”.

  • Browse the WSDL file from the file system. JDeveloper would ask to make a local copy of the external WSDL file and ask to add partner link in the WSDL. Click on “Yes” on both the dialog boxes.

  • Select Partner Link Type, Partner Role and click on the “Property” tab to provide WS security credentials.

  • Click on “Create” and select “wsseHeaders” from the drop down list.

  • You can use either “credentials” or “propagate” based on the requirement. If this BPEL process would be invoked by another process which is passing security credentials then you can use “propagate” to tell BPEL process manager to pass the incoming credentials to the service you are calling. You can use “credentials” as the property value to instruct BPEL Process Manager to read credentials from the deployment descriptor(bpel.xml).

  • Create two new properties “wsseUsername” and “wssePassword” by following the same approach.

  • Add “invoke” activity, name it as “InvokeSecuredWS” and link it with the partner link. Select the operation “getPrice” and create input and output variables.

  • Add 2 assign activities to assign and transform the input and out variables. Final BPEL process will look like the following image:

  • To deploy the BPEL process project on Oracle BPEL Process manager right click on the BPEL Process Project. From the context menu select “Deploy”, choose the appropriate integration server connection from the Deploy menu and select the appropriate domain.

  • Test the BPEL process from the BPEL Console or from any client.

Now you are able to invoke WS-Security compliant web services. In next post I would throw some light on BEPL deployment descriptors configuration and preference properties. These properties play a crucial role in customizing BPEL processes as per our requirements.