PCI stands for Payment Card Industry consists of major credit card brands such as VISA, MasterCard, American Express, Discover Card, and JCB International formed as a consortium to create a Data Security Standard (DSS). This is popularly known as PCI DSS.
PCI DSS consists of 12 broad requirements such as protecting the network, protecting the data channel using SSL etc., implementing tight access control mechanism, protect the cardholder data etc.
Out of all the requirements protecting the card holder data is one requirement that generally takes most effort to implement, as the solution must be part of the core data and access.
Historically: for the applications that are part of mainframe and client/server applications, the solution is typically maintaining the public key as part of the client application in the form of a DLL or EXE to encrypt/decrypt the data.
Building Composite Applications: using SOA framework has it's own advantages but implementing the PCI compliance is on the disadvantage side. This is due to the reason of maintaining so many components that are loosely coupled, such as services, processes and composite services and J2EE applications that typically reside outside of the database.
The Solution is two fold:
1. Buy the technology that supports PCI compliance. Examples including a combination of technologies such as Oracle Advanced Security (ASO), Oracle Data Vault and/or Oracle Virtual Private Database (VPD).
2. Build a custom solution using encrypt / decrypt functions in the database using public/private key infrastructure.
We have implemented both the above solutions and has advantages based on the customer requirements and IT goals of the organization.
Friday, February 15, 2008
Thursday, February 14, 2008
Integration of Oracle SOA with mainframe technolgies
Recently, I was with a customer talking about SOA integration with legacy applications such as mainframe technologies and below is an image. I know this is a blog and supposed to write but I really felt that this picture is worth a thousand words.
Let me know your thoughts on this ...
How to enable debugging in Oracle ESB
Quite some times it is little frustrating to understand what happens inside Oracle ESB. It is because of Error reporting which is very limited and not to the point.
This can be resolved by enabling the ESB log level FINE in the Oracle application server control and below are the steps to do that.
1. Login into the Application Server Control at http://Server.Client.com:7777/em
2. Click on the oc4j_soa instance and Administration tab.
3. Click on Logger Configuration.
4. Now expand Root Logger / oracle to display the logger classes and the Log Level settings.
5. In the Log Level list, select the level FINE for the following classes
. oracle.tip.esb.server.common
. oracle.tip.esb.server.service
6. Restart the SOA suite to apply the changes and the logs can be found at
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-dt\oc4j_soa_default_group_1\application.log
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-rt\oc4j_soa_default_group_1\application.log
This can be resolved by enabling the ESB log level FINE in the Oracle application server control and below are the steps to do that.
1. Login into the Application Server Control at http://Server.Client.com:7777/em
2. Click on the oc4j_soa instance and Administration tab.
3. Click on Logger Configuration.
4. Now expand Root Logger / oracle to display the logger classes and the Log Level settings.
5. In the Log Level list, select the level FINE for the following classes
. oracle.tip.esb.server.common
. oracle.tip.esb.server.service
6. Restart the SOA suite to apply the changes and the logs can be found at
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-dt\oc4j_soa_default_group_1\application.log
\\SERVER\\j2ee\oc4j_soa\application-deployments\esb-rt\oc4j_soa_default_group_1\application.log
Wednesday, February 13, 2008
How to setup BPEL JNDI connection on the application server
At the time of BPEL process / ESB service deployment into Production/QA environment, the developer should remove the following entries to make sure the service is not accidentally uses the local DB connection settings. For the first time deployment, developer should request the system administrator to create JNDI location configuration. Once configured server connection pool will be applicable even if the below mcf.* Properties exists in the xxx.WSDL file.
-------------------------START--------------------------------
<jca:address location="eis/DB/App1" UIConnectionName="App1" />
<!-- ManagedConnectionFactory="oracle.tip.adapter.db.DBManagedConnectionFactory"
mcf.DriverClassName="oracle.jdbc.OracleDriver"
mcf.PlatformClassName="oracle.toplink.internal.databaseaccess.Oracle9Platform"
mcf.ConnectionString="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1)(PORT=1523))(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1523))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EENADU)
)
)"
mcf.UserName="app1"
mcf.Password="8234567129863157899ESDOWI3950MSXSOF" -->
-------------------------END------------------------------------------
If you want to wear the system administrator hat for a second, follow the below process to create the connection pool, data source and to configure the jndi location. This procedure is little different than the ESB.
1. Create the Connection Pool (eg. App1)
2. Create Data Source (eg. App1)
3. Goto /SERVER/j2ee/oc4j_soa/application-deployments/default/DbAdapter
4. Edit oc4j-ra.xml and add the folllowing
<connector-factory location="eis/DB/App1" connector-name="Database Adapter">
<config-property name="xADataSourceName" value="jdbc/App1"/>
<config-property name="dataSourceName" value=""/>
<config-property name="platformClassName" value="oracle.toplink.platform.database.Oracle9Platform"/>
<config-property name="usesNativeSequencing" value="true"/>
<config-property name="sequencePreallocationSize" value="50"/>
<config-property name="defaultNChar" value="false"/>
<config-property name="usesBatchWriting" value="true"/>
<connection-pooling use="none">
</connection-pooling>
<security-config use="none">
</security-config>
</connector-factory>
5. Restart the Application Server (or only OC4J_SOA instance)
6. Test the Web service using the following URL
7. http://server.client.com:7777/event/DefaultSystem/Service1 (here Service1 is the project)
8. Now test the service to check the validity of the configuration.
9. If you have any issues, you should be able to find the issue in BPEL domain logs.
-------------------------START--------------------------------
<jca:address location="eis/DB/App1" UIConnectionName="App1" />
<!-- ManagedConnectionFactory="oracle.tip.adapter.db.DBManagedConnectionFactory"
mcf.DriverClassName="oracle.jdbc.OracleDriver"
mcf.PlatformClassName="oracle.toplink.internal.databaseaccess.Oracle9Platform"
mcf.ConnectionString="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rac1)(PORT=1523))(ADDRESS=(PROTOCOL=TCP)(HOST=rac2)(PORT=1523))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = EENADU)
)
)"
mcf.UserName="app1"
mcf.Password="8234567129863157899ESDOWI3950MSXSOF" -->
-------------------------END------------------------------------------
If you want to wear the system administrator hat for a second, follow the below process to create the connection pool, data source and to configure the jndi location. This procedure is little different than the ESB.
1. Create the Connection Pool (eg. App1)
2. Create Data Source (eg. App1)
3. Goto /SERVER/j2ee/oc4j_soa/application-deployments/default/DbAdapter
4. Edit oc4j-ra.xml and add the folllowing
<connector-factory location="eis/DB/App1" connector-name="Database Adapter">
<config-property name="xADataSourceName" value="jdbc/App1"/>
<config-property name="dataSourceName" value=""/>
<config-property name="platformClassName" value="oracle.toplink.platform.database.Oracle9Platform"/>
<config-property name="usesNativeSequencing" value="true"/>
<config-property name="sequencePreallocationSize" value="50"/>
<config-property name="defaultNChar" value="false"/>
<config-property name="usesBatchWriting" value="true"/>
<connection-pooling use="none">
</connection-pooling>
<security-config use="none">
</security-config>
</connector-factory>
5. Restart the Application Server (or only OC4J_SOA instance)
6. Test the Web service using the following URL
7. http://server.client.com:7777/event/DefaultSystem/Service1 (here Service1 is the project)
8. Now test the service to check the validity of the configuration.
9. If you have any issues, you should be able to find the issue in BPEL domain logs.
How to create a new OC4J server instance in Oracle Application Server 10g
It is important to segregate all the custom/composite applications into a specific OC4J instance for better manageability and control.
Use the following on the server node to create a new OC4J server instance
./createinstance -instanceName CustomApps
Creating OC4J instance "CustomApps"...
Set OC4J administrator password for "CustomApps" (password text will not be displayed as it is entered):
Enter password:
Confirm password:
Now start the 'CustomApps' instance from /em website.
Use the following on the server node to create a new OC4J server instance
./createinstance -instanceName CustomApps
Creating OC4J instance "CustomApps"...
Set OC4J administrator password for "CustomApps" (password text will not be displayed as it is entered):
Enter password:
Confirm password:
Now start the 'CustomApps' instance from /em website.
How to find a string recursively in Unix / Linux
Quite interestingly there is no simple approach in UNIX / Linux to find a string in the files recursively. Here is the command that you can use
find . -type f -exec grep "string to find" {} \; -print
find . -type f -exec grep "string to find" {} \; -print
Saturday, February 9, 2008
Configuring JNDI location for Composite applications
Developing J2EE applications through Jdeveloper IDE and deploying them to the target application server is an easy process but not widely accepted deployment method/pattern. Ant script is a widely accepted solution to achieve this.
Irrespective of which method you are using for deployment, you must setup the JNDI location as part of the application server. This is required to have a reusable managed connection on the server that is properly configured with various attributes such as caching, timeouts and other advanced attributes like “fastConnectionFailoverEnabled” etc.
Following is the procedure to setup this
Connection Pool Creation
Irrespective of which method you are using for deployment, you must setup the JNDI location as part of the application server. This is required to have a reusable managed connection on the server that is properly configured with various attributes such as caching, timeouts and other advanced attributes like “fastConnectionFailoverEnabled” etc.
Following is the procedure to setup this
Connection Pool Creation
- Login to Enterprise Manager website (ex: Server.Client.com:7777/em).
- Goto specific OC4J Instance / Administration / JDBC Resources.
- Create a new Connection pool named ‘App1’ (This may be typically the application name) by feeding the jdbc URL (remember to list all nodes if is a Oracle RAC database), user name and password.
- Click on the Attributes tab and verify the values as appropriate to your architecture.
- Click Apply.
Managed Data Source Creation
- Create a data source named “App1” by selecting “Managed Data Source” option name, default application name and set the JNDI Location to “jdbc/app1” and select "App1" connection pool. It is important to match this location name with what is defined in the Jdeveloper project.
JDeveloper
- Now, de-select the “Bundle Default data-sources.xml During Deployment” option from your Jdeveloper. This option can be found in Tools menu / Preferences option / Deployment section. This action will prevent it from copying your jdeveloper connections to the application server, if you are using JDeveloper for your deployment.
- Delete connection pool and data source related to the old Jdeveloper’s JNDI Location ‘jdbc/jdev-app1’, if any already created/exist.
- Test the application. If the app is working, continue to next step.
Connection Failure Configuration for Oracle RAC
- If you are using Oracle RAC environment, it is important to configure this Connection Pool for RAC to detect the connection failures and balance the conection to the appropriate RAC node. Now set the Connection Factory Properties named “connectionCachingEnabled”, “fastConnectionFailoverEnabled” with a value of “true” in the ‘App1’ connection pool definition. It is also important to have these properties created in the order mentioned by clicking the button "Add Another Row".
Now your application is ready to use the connection pool's user and password rather the user/password that you have embeded as part of the ear file from JDeveloper.
Oracle ESB Deployment Methods
Oracle ESB Deployment can be done from one environment to another using either of the following four methods.
Method-1: Jdeveloper – Only One service can be deployed at one time to the Integration Server Connection.
Method-2: ANT Script – Multiple services can be deployed at one time to the server by configuring the build.xml
Method-3: Using export and Import Utility – This requires to have the service deployed either of the above methods for the first time. Once deployed to an environment, one can use export and import utility to move the code to other environments.
Method-4: Zip file copy method – By droping the Service Zip file at the appropriate location AS will take care of the deployment. This is the simplest of all methods.
Method-1: Using Jdeveloper
Use the following procedure to deploy on to the server.
- Create the integration server connection
- Create the ESB Project
- Right click on the project to click on the integration server connection
- This will deploy the project(service) into the server.5. Once you get the confirmation, test the service using below6. http://server.client.com:7777/event/DefaultSystem/Service1 (here Service1 is the project)
Method-2: Using ANT Script
Use the following procedure to deploy on the server.
- Copy the ESBDeployment.zip file from Shared folder to local machine. Download this file in to local machine from ESBDeployment location.
- Extract this file into C:\ in local machine. ESBDeployment.zip file contains several jar files grouped into different folders like JAXB_CLIENT, HTTPCLIENT_LIB, SOA_LIB etc. It also has build.properties, build.xml file and buildesb.bat file to execute deployment script.
- After extracting the file first open build.properties file and change following properties in build.propertiesworkspace – Change it to root of application workspace where all the Web Service are developedOther properities like oc4j parameters are environment specific and need to be changed depending upon the target location.
- Open ESBMetadataMigrationTaskdefs.xml file and verify the value of following properties in the file - commons.httpclient.home - jaxb.v2.0.2.home- soa.suite.home
- Open the build.xml and modify the followigng tags under deployESBProjects tag by actual ESB project name to be deployed
Open buildesb.bat and set J2EE_HOME and ANT_HOME path as per local machine. - Execute the buildesb.bat and ESB service will be deployed.
- At the end of execution message should appear stating that Build is Successful.
- Test the code after few minutes.
- Make sure if testing is performed through browser then copy the test link and perform test in new browser.
- All the JAR files contained in zip are mandatory for deployment.
Method-3: Using export/import utility
Use the following procedure to deploy on the server.
- Use the utilities in the server to do this process
- Test the Service using http://server.client.com:7777/event/DefaultSystem/Service1 (here Service1 is the project)
Method-4: .ear file copy
Copy the .zip file (.ear file in .zip format) to the esb deploy folder.
Example :- /SERVER/integration/esb/oraesb/deploy
Example zip file:- Project_Service1.zip
This method will automatically deploys to all the instances in a cluster, if the architecture is HAA or MAA.
Caching : How to improve application performance using Oracle ADF Caching?
Application tier in the enterprise architecture is specialized to carry an important perhaps complex role in overall response preparation. For ADF applications or Composite SOA applications, it is important and wise decision to use multi-level caching solutions.
- Use the Web-tier caching for all static content such as images and html and ESI includes (if is needed and cost is not a criteria)
- Use ADF caching in the application layer
- Use Data caching at the database layer
Today, I will cover the ADF Caching solution by using the ADF Cache tag
Step-1: Add the ADF Faces Cache Library (afc.jar) to your project
Step-2: Add xmlns:afc="http://xmlns.oracle.com/adf/faces/webcache" to the
Step-3: Now add the
index.jspx
<f:view>
<afc:cache duration="”3600”"><!--1 Hour-->
<!-- resource intensive cacheable content/fragment -->
</afc:cache>
</f:view>
Step-4: Now Run the Jspx in the Jdev environment to see the logging to know whether the fragment is cached or not. You may see a cache miss for the first time and is normal as the first request builds the cache and is available from there after.
Depends on the complexity of the page view the second request is 1-10 times faster when using the adf cache tag.
Now, it's your turn to try it.
Sunday, February 3, 2008
What is a Composite Application?
Composite Application is an application that was built using multiple smaller applications and/or components of other systems to source the data and/or business logic. The term composite application is not new and in fact coined in many software engineering texts that were published in 80’s. Yet today the word composite application is referred in the context of Service Oriented Architecture.
Let’s re-look at what the new definition …
Definition:-
“Applications that built using existing reusable services and components that can either source data or do specific task/process. Composite applications are like mashups.”
Unlike a traditional application where the source data is typically stored in a common place such as a database, composite application uses XML messages as the way to communicate between a service/component layers to the application layer.
With more and more vendors support composite application development in their middleware offerings, the support to integrate these services is easier than ever. Even easier to support and maintain as big vendors like Oracle, IBM and BEA supporting industry standards.
Let’s re-look at what the new definition …
Definition:-
“Applications that built using existing reusable services and components that can either source data or do specific task/process. Composite applications are like mashups.”
Unlike a traditional application where the source data is typically stored in a common place such as a database, composite application uses XML messages as the way to communicate between a service/component layers to the application layer.
With more and more vendors support composite application development in their middleware offerings, the support to integrate these services is easier than ever. Even easier to support and maintain as big vendors like Oracle, IBM and BEA supporting industry standards.
Saturday, February 2, 2008
Enterprise SOA
SOA is one of the greatest paradigm in the computing industry and getting matured to get into almost every major enterprise. Interstingly to get quality information on enterprise architecture, deployment, security, and maintenance aspects of SOA one need to spend so much time and collect small portions of information from site to site.
Today I decided to have some refinement mainly concentrating in this area in the form of this blog. Hope this will be useful.
Today I decided to have some refinement mainly concentrating in this area in the form of this blog. Hope this will be useful.
Thursday, January 10, 2008
How to setup Session Timeout in Oracle AS 10g?
As the Middleware in general is a set of tools that work together in a common infrastructure, it is important to understand every component/tool may have separate session management due to the way and where it operates in the whole technology stack. Here are the various ways one can setup the session timeout. Some cases we may need to set more than one place to make it work together.
OC4J Application level (Custom applications in particular)
Change the session-timeout value in web.xml file.
session-config>
session-timeout>60 session-timeout>
session-config>
Once done, deploy and test.
Oracle Applications 11i
System Profile option ICX:Session Timeout 30 (Minutes)
zone.properties file session.timeout=180000 (Milliseconds=30 Minutes)
OID
To set the interval in ODM select the server, then the Query Optimization tab, LDAP Connection Timeout. Then set the value to 30 (default is 0, no timeout). The value is in minutes. Remember, the value should be set to less than any firewall or load balancer timeout.
In ODM select the server, then the System Operational Attributes tab, Statistics Collection Interval is set to 15. The default is 60 minutes. This value should be set to about half the connection timeout.
SSO
a) Navigate to http://:port/pls/orasso
b) Login with an administration account
c) Press 'SSO Server Administration'
d) Press 'Edit SSO Server Configuration'
e) In the section 'Single Sign-On Session Policy', change the Single Sign-on Session Duration from 8Hrs to .5 Hr (30 Min) à this must match 11i Timeout
ORASSO
Set Global Inactivity Timeout – Login as ORASSO and run $ORACLE_HOME/sso/admin/plsql/sso/ssogito.sq set the “inactivity_period” in Minutes (Default 15 min, To disable timeout set inactivity period to 0)
Set connectionIdleTimeout = 30 (default 120 min) in $ORACLE_HOME/sso/conf/policy.properties
Set OssoIdleTimeout on (Default off) in $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf
Bounce the services on 10gAS and 11i
Use whichever is applicable for your environment and needs
opmnctl stopproc process-type=HTTP_Server
opmnctl startproc process-type=HTTP_Server
opmnctl stopproc process-type=OC4J_OID
opmnctl startproc process-type=OC4J_OID
opmnctl status -l
adapcctl.sh stop
adapcctl.sh start
OC4J Application level (Custom applications in particular)
Change the session-timeout value in web.xml file.
session-config>
session-timeout>60 session-timeout>
session-config>
Once done, deploy and test.
Oracle Applications 11i
System Profile option ICX:Session Timeout 30 (Minutes)
zone.properties file session.timeout=180000 (Milliseconds=30 Minutes)
OID
To set the interval in ODM select the server, then the Query Optimization tab, LDAP Connection Timeout. Then set the value to 30 (default is 0, no timeout). The value is in minutes. Remember, the value should be set to less than any firewall or load balancer timeout.
In ODM select the server, then the System Operational Attributes tab, Statistics Collection Interval is set to 15. The default is 60 minutes. This value should be set to about half the connection timeout.
SSO
a) Navigate to http://:port/pls/orasso
b) Login with an administration account
c) Press 'SSO Server Administration'
d) Press 'Edit SSO Server Configuration'
e) In the section 'Single Sign-On Session Policy', change the Single Sign-on Session Duration from 8Hrs to .5 Hr (30 Min) à this must match 11i Timeout
ORASSO
Set Global Inactivity Timeout – Login as ORASSO and run $ORACLE_HOME/sso/admin/plsql/sso/ssogito.sq set the “inactivity_period” in Minutes (Default 15 min, To disable timeout set inactivity period to 0)
Set connectionIdleTimeout = 30 (default 120 min) in $ORACLE_HOME/sso/conf/policy.properties
Set OssoIdleTimeout on (Default off) in $ORACLE_HOME/Apache/Apache/conf/mod_osso.conf
Bounce the services on 10gAS and 11i
Use whichever is applicable for your environment and needs
opmnctl stopproc process-type=HTTP_Server
opmnctl startproc process-type=HTTP_Server
opmnctl stopproc process-type=OC4J_OID
opmnctl startproc process-type=OC4J_OID
opmnctl status -l
adapcctl.sh stop
adapcctl.sh start
Subscribe to:
Posts (Atom)