Wednesday, 19 January 2022

VBCS Deployment Commands

We can create a separate Git repository for each VBCS applications and we can use the following NPM command (Node JS) to install the application. 

We can use Jenkins or Oracle Developer Cloud Service to Get the code from repository and install the application. 

Create a respective build parameters and use them in the script. 

#!/bin/bash


cd $(pwd)/vbcs/application/${APPLICATION_NAME}

npm install

./node_modules/.bin/grunt vb-build --url=https://${VBCS_HOST_NAME}/ic/builder/ --username=${USER_NAME} --password=${PASSWORD} --id=${APPLICATION_ID} --ver=${VERSION} --schema=live




Tuesday, 4 January 2022

Proxy Servers

 Forward Proxy : This will hide the source details and forward the requests to target server.  Forward proxy will acts like VPN - Virtual Private Network. 

    • This can be used where there is Geo restrictions. We can hide the source location and access the server. 
    • This will anonymize client IP address. 
    • Servers will receive the requests from Proxy Server and respond back to same proxy server. 
    • Both VPN and Forward proxy will perform the same action.  Both have advantage and disadvantage. 
    • Depending on the Proxy Server performance your end to end performance will vary.  
    • Always go for VPN.

Reverse Proxy: Reverse proxy acts like a front for Servers. Like a load balancers. This will anonymize the server IP address. 
    • Reverse proxy can acts like a Load Balancer and distribute the traffic to multiple servers. 
    • Acts like Global Server Load Balancer . Advanced load balancer concept to distribute the traffic to multiple servers deployed across the world. 
    • Provides enhanced security to secure the servers. Avoid DDoS attacks. 
    • Provides caching capabilities. 
    • Provides SSL encryption and termination. 

  • Main Reverse Proxies
      • Nginx
      • Varnish
      • Apache Traffic Server





Root Domain:  snvvijaya.com
Blog Hosted On Sub Domain : blog.snvvijaya.com
Blog Hosted on Sub Folder : snvvijaya.com/blog


Friday, 31 December 2021

Oracle Fusion ERP - Update Event Subscriber URL

 


/server:port/soa-infra/PublicEvent/subscriptions/{id}

HTTP Method: PUT

Sample Input:

{

"id": 102,

"name": "{http://schemas.oracle.com/events/edl/Bpel20EssJobEvents}EssJobRequest",

"filter": "/ns2:a/ns2:b < 200",

"endpointURL": "http://my.service.com:9000/EssJob",

"state" : true

}



Wednesday, 8 December 2021

Oracle Fusion - Callback using Event Subscription

When we design a callback integration using ERP Adapter, we can select the Receive Callback Message upon completion of FBDI bulk import job submitted via another integration option on the Request page.

After selecting this option, we must select the specific bulk data import process for which the callback event is received. When this callback integration is activated, event subscription automatically occurs.

Once the import job completes, the event is raised by the Oracle ERP Cloud application. The Oracle ERP Cloud application then invokes the Oracle Integration endpoint that is the callback integration.

Since it follows event subscription mechanism , we need to configure CSF key in ERP to invoke the integration.

In order to generate the CSF key , we need to capture identity domain details. These details will be available in OCI console. 

  • Login into OIC console.
  • Click on the user icon on the right corner. 
  • Click on about
  • Get the Service Instance Name - vijaya-dvp-oic
  • Get the Identity Domain Details - idcs-xxxxxxxx62941exxxxxxxvvvvvv
  • CSF-KEY = idcs-xxxxxxxx62941exxxxxxxvvvvvvvijaya-dvp-oic



  • Login into SaaS page using following soa composer URL.
    •  https://xx-vijaya.fa.ocs.oraclecloud.com/soa/composer
  • Click on the Manage Security from right side of the page and enter value as below and click on the Register button
    • csf-key: Enter the csf-key which we created above
    • Username: Enter OIC username
    • Password: Enter OIC password
    • Confirm Password: Enter OIC password
            





Thursday, 2 December 2021

Oracle API Platform Cloud Service - Groovy Script to Check Payload and SOAP Header

Steps to Get Payload Data: 

def apiRequestBody = context.ApiRequest.getBody().asString()

def soapEnv = new XmlSlurper().parseText(apiRequestBody)

def clientSystem = soapEnv['Header']['XXHeader']['XXSystem'].toString()


if ( clientSystem != 'SNV-Vijaya' )

{

  throw new oracle.apiplatform.policies.sdk.exceptions.PolicyProcessingException('Forbidden', 403, 'Access Denied')

}


def sourceEnv = soapEnv['Header']['XXHeader']['XXEnvironment'].toString()

def corrId = soapEnv['Header']['XXHeader']['XXId'].toString()


Set Custom Header Values: 

context.ServiceRequest.setHeader("x-intg-source-system", clientSystem )

context.ServiceRequest.setHeader("x-intg-source-env", sourceEnv)

context.ServiceRequest.setHeader("x-intg-corrid", corrId)


Sample Payload : 

<soapenv:Envelope  xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xxs="http://xmlns.oracle.com/svn/ics/SampleService">

   <soapenv:Header>
      <xxintegration:XXHeader xmlns:xxintegration="http://xmlns.oracle.com/svn/ics/types/base/XXHeader/v001">
         <xxintegration:XXUserInfo>
            <xxintegration:IdentityId>12345</xxintegration:IdentityId>
            <xxintegration:User>VijayaKumar</xxintegration:User>
         </xxintegration:XXUserInfo>
         <xxintegration:XXEnvironment>development</xxintegration:XXEnvironment>
         <xxintegration:XXSystem>SNV-Vijaya</xxintegration:XXSystem>
         <xxintegration:XXId>Id-0f218d61d48c3a8c8b46afe5</xxintegration:XXId>
      </xxintegration:XXHeader>
   </soapenv:Header>
   <soapenv:Body>
      <xxs:SalesTransactionMessage>
         <xxs:TransactionType>ICSSales</xxs:TransactionType>
         <xxs:TransactionID>123459</xxs:TransactionID>
         <xxs:CustomerOrderMode/>
         <xxs:BusinessDate/>
         <xxs:ReceiptNo/>
         <xxs:SalesId/>
         <xxs:CustomerId/>
         <xxs:Sales>
            <xxs:SalesTrans>
               <xxs:ItemId/>
               <xxs:ItemCategory/>
               <xxs:Quantity/>
               <xxs:Serial/>
               <xxs:NetAmount/>
               <xxs:SalesTaxAmount/>
               <xxs:GrossAmount/>
               <xxs:SalesTaxPercentage/>
               <xxs:DiscountAmount/>
               <xxs:Price/>
               <xxs:LineNumber/>
            </xxs:SalesTrans>
         </xxs:Sales>
         <xxs:Payment>
            <xxs:PaymentTrans>
               <xxs:PaymentType/>
               <xxs:Amount/>
               <xxs:Currency/>
            </xxs:PaymentTrans>
         </xxs:Payment>
      </xxs:SalesTransactionMessage>
   </soapenv:Body>
</soapenv:Envelope>



Unix - Command Execution Status Check

 #!/bin/bash

mvn deploy

STATUS=$?

if [ $STATUS -eq 0 ]; then

echo "Deployment Successful"

else

echo "Deployment Failed"

fi


Tuesday, 16 November 2021

Weblogic - Enable Two Way SSL

Weblogic SSL Implementation:


Basic Terminologies :

SSL Termination: You can terminate SSL at Load Balancer and communication from Load Balancer to WebLogic Server as non SSL (In this case Load Balancer is configured to listen on SSL but WebLogic Server is configured to listen on NON SSL)

Identity/Keystore: A server which hosts traffic on a port which has SSL/TLS enabled, has an identity keystore. This identity keystore contains a private key and a public key/certificate. The public key/certificate can safely be given to other parties. With websites when visiting an HTTPS website (HTTP with SSL enabled), the public key is send to you. The other party / client can use the public key to encrypt messages meant for the server. The only one who can decrypt the messages is the one having the private key of the server. This is usually only the server.

Trust : Can you trust a server? You can use a certificate authority - CA to create a signed public key. If someone trust the certificate authority, that someone also automatically trusts the signed key. With websites you often see a green lock when a certain website uses HTTPS with a public certificate signed by a (by your we browser) trusted certificate authority.

Usually a trust store is used to store trusted certificate authorities -CA or specific trusted certificates. If you have many servers in your application landscape, it is recommended to use a certificate authority since it is cumbersome to load every public key of every server in every trust store. Trusting a single certificate authority makes things a lot easier.

If you are accessing Public Servers (Example Microsoft , Google etc.) then server will verify these certificates with Public CA and trust the connections automatically.  In case if you are accessing non Public Servers (Internal Servers) then we need to add the public certificates of these Servers into Trust store to Trust the Server and Connection. 

Default JRE cacerts (%JAVA_HOME%\jre\lib\security\cacertswill contain collection of trusted CA certificates and trust the connection. We don't need to add CA certificates explicitly 

We can also create a separate Keystore to store Identity and Trust Keys.

-javax.net.ssl.keyStore 

 -javax.net.ssl.trustStore 

SSL Connection - One Way:  Anytime when a client makes a SSL connection request to Server/Origin, Server will present the Key stored in Keystore/Identity Store.  Client will verify the presented Key by comparing it with the keys stored in Trust Store. 






SSL Connection - Two WayAnytime when a client makes a SSL connection request to Server/Origin, Server will present the Key stored in Keystore/Identity Store.  Client will verify the presented Key by comparing it with the keys stored in Trust Store. In two way SSL client also has to authenticate itself and it has to present the Key stored in Keystore and Server will validate the Key with the keys stored in Server Trust Store. 




Keystore Setup: 

Create Identity Key

keytool -genkey -keystore <keystore_name>.jks -alias <privatekey_alias_name> -keyalg RSA -validity <validity in days> -keysize 2048

Note down the password. 

Create CSR Request:

keytool -certreq -alias <privatekey_alias_name> -keystore <keystore_name>.jks -file <csr_file_name>.csr

Send the CSR request file to signing authority.  Get the signed certificate and import the certificates into identity key. 

Import Signed Certificate and Root Certificate. 

keytool -import -alias signedCer -keystore <keystore_name>.jks -file <signed_certificate>.crt

keytool -import -trustcacerts -alias root -file <root_certificate>.cer -keystore <keystore_name>.jks


Export Public Certificate From Keystore. 

keytool -export -alias <privatekey_alias_name> -keystore <keystore_name>.jks  -file <pub_cert_name>.cer


Create Trust Store Key and Import Client Cert:

keytool -import -alias <alias_name> -trustcacerts -file  <client_certificate> -keystore <trust_store_file_name>.jks

Note down the password. 


Weblogic Server Configurations:

Servers --> Managed Server   --> Kestore --> (Change Keystore Type to Custom Identity and Custom Trust)

Go to SSL Tab --> Provide Private Key Alias and Pass Phrase. 

Select Advanced --> Two Way Client Cert Behavior: ---> Client Certs Requested And Enforced


NoteSelecting Client Certs Requested But Not Enforced enables two-way SSL. With this option, the server requests a certificate from the client, but the connection continues if the client does not present a certificate. 

Selecting Client Certs Requested And Enforced also enables two-way SSL and requires a client to present a certificate. However, if a certificate is not presented, the SSL connection is terminated.

Reference : https://docs.oracle.com/cd/E24329_01/web.1211/e24422/identity_trust.htm#SECMG536


How WebLogic Server Locates Trust

  • If the keystore is specified by the -Dweblogic.security.SSL.trustedCAkeystore command-line argument, load the trusted CA certificates from that keystore.
  • Else if the keystore is specified in the configuration file (config.xml), load trusted CA certificates from the specified keystore. If the server is configured with DemoTrust, trusted CA certificates will be loaded from the WL_HOME\server\lib\DemoTrust.jks and the JDK cacerts keystores.
  • Else if the trusted CA file is specified in the configuration file (config.xml), load trusted CA certificates from that file (this is only for compatibility with 6.x SSL configurations).
  • Else load trusted CA certificates from WL_HOME\server\lib\cacerts keystore.