The Oracle WebLogic Administration Server is a JVM instance that executes:• The WebLogic Administration Server Console Java Enterprise Edition (EE) application thatmanages the configuration and resources for the WebLogic Server Administration Serverand all its associated WebLogic Managed Servers.• The Oracle Enterprise Manager 11g Fusion Middleware Console Java EE application formanagement and configuration of Oracle SOA Suite 11g run-time environment all OracleSOA Suite 11g composite applications deployed to a WebLogic Managed Server instance.The Oracle WebLogic Managed Server is a JVM instance that executes the Oracle SOA Suite11g run-time environment, which runs SOA composite applications and other Java EEapplications deployed to the WebLogic Managed Server instance
The Metadata Services are used to manage deployed services and composite applications. Thishappens transparently for the application developers and Oracle SOA Suite 11g administrators.However, the MDS can be used as a central location for storing and referencing shared serviceartifacts, such as XSDs, WSDLs and other service documents, which can be deployed in asharable archive format known as the Metadata archive (.MAR files)
Oracle SOA Suite 11g provides a default set of service engines. They are:• The Mediator Engine for processing Mediator implementations• BPEL Engine for processing BPEL Process implementations• Business Rule Engine for processing Business Rule implementations• Human Workflow Engine for processing Human Task implementations• Business Activity Monitoring, which runs as a Java EE application• Complex Event Processing for CEP implementations• Business to Business for B2B implementationsThe Event Delivery Network (EDN) provides an application with a way to publish events so that acomposite application with a Mediator component can subscribe to events that trigger executionof the composite application.
The service infrastructure, which includes the Mediator component, provides:• An optimized internal communication path between “service engines” (such as BPEL orMediator) through a normalized message structure• An event delivery network that supports an event-driven architecture for event-drivenapplications• A “multi-protocol” access layer through “binding components” (SOAP, JMS, JCAbindings)
The Service Infrastructure provides the internal message routing infrastructure capabilities forconnecting components and enabling data flow:• Receives messages from the service providers or external partners through SOAP services oradapters• Sends the message to the appropriate service engine• Receives the message back from the service engine and sends it to any additional serviceenginesService components are the building blocks that you use to construct an SOA compositeapplication. Service engines are containers that host the business logic or processing rules of theseservice components. Service engines process the message information received from the ServiceInfrastructure.Message information is transferred internally using a normalized message structure.Some of the service engines supported include:• BPEL Process Manager• Mediator• Human Task• Business Rules
The key components you work with to build SOA composite applications in this course include:• Various adapter services, such as File, JMS, and Database adapters• Oracle Mediator components for filter, data enrichment, and routing• Oracle BPEL process components, for service orchestration and process flow• Oracle Business Rule components, for business rule implementation and execution• Oracle Human Task components, for human workflow and human interaction.You also explore publishing and subscribing to business events through Mediator components.The diagram represents a collection of cooperating components that can make up a compositeapplication, which may expose multiple entry points. Subsequent pages in the lesson providemore information about each of these components.
Oracle SOA Suite 11g is shipped with a variety of adapters commonly used to accessfunctionality that is not normally available in a service-oriented context, such as:• File and FTP Adapters for reading, write, and transferring of files• Database Adapter for interacting with relational database data• JMS Adapter for communicating asynchronously with other applications through messageorientedmiddleware (MOM) services, such as Oracle Advanced Queuing, IBM MessageQueue among others.• Custom Adapters that expose a variety of functionality as service operations.Adapters developed with the JCA API standards supports the ability to create customimplementations to expose existing functionality that is not usually available to an SOAapplication context. Adapters are an integration technology that extend the reach of SOAcomposite application.
To facilitate the integration between message providers and consumers, the Mediator servicecomponent includes the following features:• Event handling• Content-based and header-based routing• Synchronous/asynchronous interactions• Service virtualization• Validations• Transformations• Error handling
The BPEL4WS specifications, and its later version WS-BPEL, are designed as a language formodeling the behavior of both executable and abstract processes. BPEL Process components areinstances of BPEL implementations that executed in the BPEL Process Manager service engine.A BPEL Process receives messages and orchestrates, through different invocation patterns, one ormore services that contribute to completing a business process flow.
Oracle Business Rules provides a way for a business analyst to change policies that are expressedas business rules, with little or no assistance from a programmer.Examples for using business rules can include:• Dynamic processing: Rules can determine intelligent routing paths within a business processbased on service level agreements or other guidelines.• Externalize business rules in the process: Rule conditions evaluated as part of a businesswhere parameters can be changed are best implemented separate from the process.• Data validation and constraint checks: Rules can validate input documents or applyadditional constraints on requests.• Human task routing: Rules can be used to perform:- Policy-based task assignments dispatch tasks to specific roles or users.- Load balancing of tasks among users to control the task assignment load
Human tasks can be added to a composite application in the following two ways:• A standalone human task, where it is created as a component in the SOA Composite Editorand not associated with a BPEL Process. A standalone human task component is usefulwhen the client application creates the task themselves by interacting with the operationsexposed from the human task component.• A human task associated with a BPEL Process, where the human task is created in thecomposite application and wired to a BPEL Process and integrated as part of businessprocess flow, such as getting human approval for expenses exceeding a given amount.Assignee’s are authorized users of a Worklist application that is used to view and act on taskassignments. The Worklist application is part of Oracle SOA Suite 11g that is developed withOracle Application Developer Framework (ADF) technology.
An ADF-BC application module can be configured and deployed as a business service, providingan SOA composite application components with a way to invoke ADF-BC application as a Webservice that performs CRUD operations. Since ADF-BC component objects implement standardSDO interfaces, ADF-BC applications deployed as business services can be used as an SDO toperform CRUD operations from a BPEL Process through Entity Variables.ADF-BC can be configured to publish events for its CRUD operations. An SOA Mediatorcomponents can subscribe to and receive these events to initiate a composite application process.For more information Oracle University provides ADF related training courses.
Oracle Web Service Manager (OWSM) enables attachment of security policies to service endpoints post-deployment. By using JDeveloper, you can attach security policies to service endpoints at design-time, such that the security requirements are attached and deployed with theapplication into a run-time environment where the policies are enforced. The Oracle SOA Suite11g Service Infrastructure provides an Security Interceptor Framework that enforces securitypolicies attached to service end points at run-time. The interceptor framework comprises of thefollowing series of fixed interceptors:• The Message Transmission Optimization Mechanism (MTOM) interceptor, used to applyoptimization policies• The Security interceptor, to enforce the name security policies defined by WSSecurityPolicystandards• The Addressing interceptor, to implement WS-Addressing standards• The Management interceptor, to implement management features• The Reliable Messaging interceptor, to apply WS-ReliableMessaging standards to ensuremessage integrity
Oracle BPEL Process Manager can interface with Business Activity Monitoring (BAM). OracleBPEL Designer provides the ability to add sensors and sensor actions to BPEL process activitiesto monitor events and components associated with each activity.The BPEL process sensors can send information to Java Message Service (JMS) and databaseproviders that store the information, which is collected by the BAM modeler. The BAM modelingtool provides real-time dashboard and alert facilities on data collected from providers that storethe sensor monitor information produced by the BPEL Process Manager. The BAM modeling toolsupports:• Capturing of events• Production of correlation metrics and key performance indicators (KPIs) that are meaningfulto the businessSensor data can be viewed and monitored using the Oracle BAM product.
Oracle Service Bus (OSB) is a configuration-based, policy-driven Enterprise Service Bus (ESB).It provides a feature-rich console for dynamic service and policy configuration, as well as forsystem monitoring and operations tasks. Oracle Service Bus facilitates a loosely coupledarchitecture, facilitates enterprise-wide reuse of services, and centralizes management. The OracleService Bus:• Filters, transforms, and routes messages with many different capabilities• Insulates integration logic by creating virtual service interfaces for SOA compositeapplications and ESB implementations• Provides service tracking and service management functionalityOracle Service Bus is a different product that is installed separately from Oracle SOA Suite 11g.OSB is a technology complimentary to Oracle SOA Suite 11g and earlier release of Oracle SOAproducts.
Oracle Service Bus implementations can provide a proxy service as an entry point for a businessprocess that directs and controls subsequent interactions with business services. In the diagramone of the business services is a reference to an Oracle SOA Suite 11g composite application, andthe other business service can be an Oracle SOA Suite 10g Enterprise Service Bus (OESB)instance, which invokes a local BPEL instance, and so on. Oracle Service Bus can be used as theglue to bind different services together to implement some business process requirement.
A business event is a way for one application to notify another application of a significantoccurrence to the business.A business event is defined by a unique name and has a structure to contain information about theevent. When a business event is published, another application (or service component) cansubscribe to it and initiate processing that is required to support the business requirements whenthat event occurs. For example, when product stock levels are updated in a store, this event canrequire the need to start processes to fulfill orders that might be on hold until the products becomeavailable.Oracle SOA Suite 11g provide support for events though the Mediator component, which can be apublisher or subscriber to events.The Entity Object in an Oracle ADF-BC component application can be configured to publish anevent when the data row represented by an Entity Object instance is created, modified, or deleted.These events can be subscribed to by a Mediator component enabling SOA compositeapplications to integrate with ADF application by using an event-driven approach.
Business events are typically a one-way, fire-and-forget, asynchronous way to send anotification of a business occurrence. The business process does not:• Rely on any service component receiving the business event to complete.• Care if any other service components receive the business event.• Need to know where subscribers (if any) are and what they do with the dataThese are important distinctions between business events and direct service invocations that relyon the Web Services Description Language (WSDL) file contract (for example, a SOAP serviceclient). If the author of the event depends on the receiver of the event, then messaging typicallymust be accomplished through service invocation rather than through a business event. Unlikedirect service invocation, the business event separates the client from the server.A business event is defined using the event definition language (EDL). EDL is a schema used tobuild business event definitions. Applications work with instances of the business eventdefinition.
Service Component Architecture provides a model for both:• The composition of services• The creation of service components, including the reuse of existing application functionsThe benefits of an SCA model are:• Loose coupling is realized as components are integrated with other components withoutneeding to know the implementation of other components• Flexibility is enabled through the ability to easily replace one component by anothercomponent• Services are easily invoked either synchronously or asynchronously• Compositions of solutions are clearly described visually and in an XML format
SCA components support implementations of many different technologies, which reflect thereality of businesses containing mixed systems with different technologies developed over manyyears. The flexibility of implementation language enables the selection of technologies bettersuited to different types of work—for example, using BPEL for business processes, and Java orC++ for detailed number crunching.Each SCA component is identified by a <component> element in the SCA descriptor. The<component> element identifies the component type and the location of the component source.
A composite defines components and reference implementation code. It describes services andreferences, and the connections (wires) linking them. Service components that can be assembledinto a composite include:• BPEL process, Business Rules, Mediator, Human Task• SDO service and any Web serviceBinding styles include:• SOAP bindings• SDO bindings• JCA adapters, among others (RFID, WSIF)
An SCA binding specifies how communication should be done between an SCA component and any other software component.A component that communicates with another component in the same domain need not have any explicit bindings specified. It is determined at run time.To communicate outside its domain, a component’s creator must specify one or more bindings for this communication.Each binding defines a particular protocol that can be used to communicate with this service or reference.
To create a new SOA project containing an SOA composite as shown in the slide, perform thefollowing tasks:1. Select New Application in the Application Navigator pane and enter the details in theCreate Application dialog box.2. Select SOA from the project technologies.3. Select the specific composite template that you want to use for developing the compositeapplication.
The key elements in the Composite Editor that directly maps to corresponding SCA elements are:• Exposed services, which are the composite service entry points enabling external clients tointeract with the composite• Components, which form the building blocks of the composite application and providebusiness functionality implemented by the component type. Components can be:– A BPEL process– Business Rule– Human Task– Mediator
The Fusion Middleware Control enables you to perform tasks such as:• Deploying and undeploying composite applications• Managing the run-time state of composite applications• Shutting down and restarting the composite applications• Initiating tests of SOA applications by using a Web-based service testing tool• Tracking and monitoring composite application instances and message flows through acomposite application• Examining and managing application fault conditions• Monitoring component engines
SOA composite applications designed in Oracle JDeveloper are deployed to the SOAInfrastructure. Deployed composite applications are visible in Oracle Enterprise Manager FusionMiddleware Control. From the Fusion Middleware Control (SOA Infrastructure) home page, youcan:• Perform administration tasks, such as monitoring SOA composite applications, monitoringindividual composite instances• Update the state of SOA composite applications and individual composite instances.• Perform corrective actions such as fault recovery
When you click the soa-infra link, either in the Farm navigation bar (as shown in the slide) orunder the Deployments section of the Fusion Middleware home page, the SOA Infrastructurehome page is displayed showing the Dashboard tab containing sections for:• Recent Completed Instances, in which you can view completed composite applicationinstances and those currently running. You can select the “Show Only Running Instances”option to view in-flight applications. You can click the displayed instance ID links tomonitor the application progress or view what happened in completed applications. TheComposite links access the composite application home page.• Deployed Composites, in which you can view the list of deployed composite applicationversions, and their status, mode, and a count of the number of instances are running andcompleted.• Recent Faults and Reject Messages, in which you can locate faults and start troubleshootingthe problem by clicking a log link for each fault or accessing the application instanceinformation via links provided.
To track, monitor, and troubleshoot execution of composite application instances, click therelevant tabs. Across the top of the composite application page, just above the tabs, you can see atoolbar of buttons that enable you to manage composite application, where:• The Retire button enables you to stop further instances of the application and prepare theapplication for removal from the system• The Shut Down button allows existing instances to complete but prevents new instancesfrom being initiated• The Test button takes you to a page where you can initiate new instances of the compositeapplication and examine the results.• The Settings button enables you to change audit level and payload validation settings.
The slide shows a SOA Project and deployment profile created in the JDeveloper developmentenvironment. A project can have one or more deployment profiles, which JDeveloper uses tocreate the SOA Archive file.
Oracle JDeveloper by default creates a SOA Composite project contains a deployment profile thathas the same name as the project. If you prefer you can create a new deployment profile using thefollowing steps:1. On the Applications Navigator window right-click the project name and select ProjectProperties2. On the Project Properties window, select Deployment and click NewAfter configuring a deployment profile you can deploy the composite application to a SOA run-time environment by right-clicking the project name and selecting the Deploy > profile-name >To > soa-server, where profile-name is the name of the default profile or the one you created inthe Project Properties window, and soa-server is the connection name for the SOA run-timeenvironment.
The typical sequence of steps that occur when you deploy are:1. The SOA Deployment Configuration Dialog window is displayed, allowing you to change deployment parameters and settings.2. The Authorization Request window is displayed if this is the first time you are deploying a project the to a SOA Server in a JDeveloper session. The Username and Password fieldsshould be entered with a user name authorized to deploy to the target SOA Server, such as the user weblogic.3. The JDeveloper SOA – Log window, contains tab pages that enable you to view the results of compilation and deployment of your project. You should view these log windows forconfirmation of successful deployment or deployment failures.
To deploy, undeploy, or redeploy a SAR Archive by using Oracle Enterprise Manager 11g FusionMiddleware Control you can choose one of the following methods:1. On the soa-infra home page in the SOA Infrastructure menu, select SOA Deployment >Deploy (Undeploy, or Redeploy)2. On the Farm navigation tree, right-click the soa-infra node and select SOA Deployment >Deploy (Undeploy, or Redeploy)3. On the Farm navigation tree, expand the soa-infra node, and right-click any compositeapplication and select SOA Deployment > Deploy Another Composite.
Web service security is addressed by many standards, such as WS-Security, WS-Security Policy,and so on, which define various elements for securing Web service end points and the messagesthat flow between the service consumer and provider. WS-Security standards cover:• Authentication, the process of obtaining a username and password that is validated by usingsome kind of identity store• Authorization, the process of allowing or disallowing access to some functionality or data,usually implemented through privileges assigned to roles, or attaching policies to theenvironment• Signing and encryption of the message flowing from the client to a service end pointUsing the WS-* security standards, much of the configuration is declarative, removing most requirements for adding security logic to the code. The key benefit of a declarative approach isthe ability to change things at post-deployment time—that is, no code changes.
The three main operations on which the Oracle Web Services Manager (OWSM) is based are:• Define consists in attaching security and management policies to the Web services to be protected• Enforce is the ability provided by OWSM to distribute policies from a central policy manager to policy enforcement points that execute security and management policies atruntime.• Monitor is the tracking of runtime security and management events captured by OWSM.
OWSM can be leveraged from the Oracle Enterprise Manager Fusion Middleware Control to:• Centrally define policies using the OWSM Policy Manager.• Enforce OWSM security and management polices locally at runtime.The tasks that can be performed from OWSM are:• Handle WS-Security (for example, encryption, decryption, signing, signature validation, and so on)• Define authentication and authorization policies against an LDAP directory• Generate standard security tokens, such as SAML tokens, to propagate identities across multiple Web services used in a single transaction• Segment policies into different namespaces by creating policies within different folders• Examine log files
The components of the Oracle Web Services Manager Architecture can be described as follows:• Oracle Enterprise Manager Fusion Middleware Control – Enables administrators to access Oracle Web Services Manager's functionality to manage, secure, and monitor Web services• Oracle Web Services Manager Policy Manager - Reads/writes the policies, including predefined and custom policies from the metadata store• Oracle WSM Agent - Manages the enforcement of policies via the Policy Interceptor Pipeline• Policy Interceptors - Enforce policies, including reliable messaging, management, addressing, security, and Message Transmission Optimization Mechanism (MTOM)• Metadata Store – Used for storing policies. Policies can be stored either as files in the file system (supported for development) or to the Oracle Fusion Middleware database(supported for production). • Oracle Fusion Middleware Database - Provides database support for the MDS
The different types of policies available are as follows:• WS-ReliableMessaging - Reliable messaging policies that implement the WS-ReliableMessaging standard describes a wire-level protocol that allows guaranteed deliveryof SOAP messages, and can maintain the sequential order in which a set of messages aredelivered. • Management - Management policies that log request, response, and fault messages to amessage log. Management policies may include custom policies. • WS-Addressing - WS-Addressing policies that verify that SOAP messages include WSAddressingheadersinconformancewiththeWS-Addressingspecification.Transport-leveldataisincludedintheXMLmessageratherthanrelyingonthenetwork-leveltransporttoconveythisinformation.• Security - Security policies that implement the WS-Security 1.0 and 1.1 standards. Theyenforce message protection (message integrity and message confidentiality), andauthentication and authorization of Web service requesters and providers. The followingtoken profiles are supported: username token, X.509 certificate, Kerberos ticket, andSecurity Assertion Markup Language (SAML) assertion. • Message Transmission Optimization Mechanism - Binary content, such as an image in JPEGformat, can be passed between the client and the Web service. In order to be passed, thebinary content is typically inserted into an XML document.
The slide depicts Policy Interceptors acting on messages between a client and Web service. Themessaging order can be described as follows:• The client sends a request message to a Web service.• The policy interceptors intercept and execute the policies attached to the client. After the client policies are successfully executed, the request message is sent to the Web service.• The request message is intercepted by policy interceptors which then execute any service policies that are attached to the Web service.• After the service policies are successfully executed, the request message is passed to the Web service. The Web service executes the request message and returns a responsemessage. • The response message is intercepted by the policy interceptors which execute the servicepolicies attached to the Web service. After the service policies are successfully executed, theresponse message is sent to the client. • The response message is intercepted by the policy interceptors which execute any clientpolicies attached to the client. • After the client policies are successfully executed, the response message is passed to theclient.
OWSM policy assertions are instances of policy assertion templates that are added to a policy atpolicy creation time. OWSM:• Provides a set of predefined policy assertion templates• Enables users to define custom policy assertions that can be combined with predefined policy assertions
Policies are configured by using Oracle JDeveloper at design time, and the Oracle EnterpriseManager Fusion Middleware Control console at runtime. Predefined OWSM authenticationpolicies are:• oracle/wss_username_token_service_policy• oracle/wss11_saml_token_client_policy• oracle/wss11_saml_token_service_policy
The graphic example illustrates the use of three different policies used to authenticate, authorize,and propagate username credentials. Following the request flow, Web service policies are used forauthentication and identity propagation:• The Web client obtains the username and password from the user and authenticates theinformation and populates the Username token using WS-Security headers.• The ProcessOrder BPEL service entry point applies theoracle/wss_username_token_service_policy attachment to verify security, authenticate theuser, and set the Subject with identity details.• The authorization part may then be applied using a specified policy.• The ProcessOrder BPEL component is configured with oracle/wss11_saml_token_client_policy attached to the external reference for the CreditAuthorization Service, causing the process to read the Subject and insert the identityinformation into the SAML token sent in the request to the external services.• The Credit Authorization Service has oracle/wss11_saml_token_client_policy attached sothat it can verify the SAML token, authenticate, and set the Subject completing identitypropagation between service.
You use Oracle JDeveloper 11g to attach policies for testing security in a design-timeenvironment. When your application is ready for deployment to a production environment, youcan attach runtime policies in Oracle Enterprise Manager Fusion Middleware Control console.To attach a policy to an exposed service, execute the following steps:1. Right-click the exposed service. Select Configure WS-Policies.2. Click the Add icon for the type of policy, and select the respective policy to attach. Theslide shows an example to attach anoracle/wss_username_token_service_policy security policy to thereceiveOrder service.
Policies apply security to the delivery of messages. You can attach or detach security policies toand from currently deployed SOA composite applications. To manage SOA composite applicationpolicies: 1. On the Oracle Enterprise Manager home page, expand the soa-infra > SOA folders, andclick a SOA composite application link.2. On the SOA composite home page, click the Policies tab.The Policies page enables you to attach and detach policies to Web service bindingcomponents and service components of the SOA Composite Application. The policies tabledisplays the attached policy name, component to which the policy is attached, policyreference status (enabled or disabled) that you can toggle, category (Management, ReliableMessaging, MTOM Attachment, Security, or WS Addressing), violations, andauthentication, authorization, confidentiality, and integrity failures since the SOAInfrastructure was last restarted.
Oracle soa suite 11g introduction slide share
Module ObjectiveAfter completing this module, you should be able to:• Explain the Oracle SOA Suite 11g platform andArchitecture• Describe the different components and features