Manage Password in bpm process or bpel — oracle-tech

    Forum Stats

  • 3,702,028 Users
  • 2,239,548 Discussions
  • 7,835,719 Comments

Discussions

Manage Password in bpm process or bpel

MipiMipi Posts: 33 Red Ribbon

Hi all,

I need create a BPEL service witch need call a REST service.

The Rest Service required authentication in input .

My proplem is password field , How I manage the password without include password in the code?

Can I use an eis or similar as it is used for DB connections with DBAdapter?

Thanks,

M.

Tagged:
Mipi

Best Answer

Answers

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited May 2019 Accepted Answer

    Hi,

    You can use the Credential Store Frame work for that. Then using a java snippet in an Embedded Java activity you can fetch it: https://dzone.com/articles/get-credential-store-framework-key-inside-soa-comp

    Regards,
    Martien

    MipiMipi
  • MipiMipi Posts: 33 Red Ribbon
    edited May 2019

    Thanks, I will try!

  • MipiMipi Posts: 33 Red Ribbon
    edited May 2019

    I have try this solution but when restart the soa the configuration is missing.

    All nights SOA is restarted. I will thing use properties file in oracle path,

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited May 2019

    That is strange: it should store it in the database.

    Mipi
  • MipiMipi Posts: 33 Red Ribbon
    edited May 2019

    sorry, my error

    thanks for all

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    Hi I have try this solutions, but now I have a problem:

    1) Deploy Jar : OK

    2) Test KO

    When test the service, return follow error:

    java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=##..

    In file jazn-data file was already present in configurations.

    Thanks for support.

    M.

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited June 2019

    Could show a bit more on what you did, how you configered it, your BPEL process, how you tested it and what happens?

    Regards,
    Martien

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    Yes (sorry for my english),

    I have create a BPEL, in bpel file I have import my Class (because past code directly on th java Embedding palete, I received error in deploy phase), I have add import in also

    <import location="oracle.soa.management.facade.ComponentInstance"

    importType="http://schemas.oracle.com/bpel/extension/java"/>

        <import location="oracle.soa.management.facade.LocatorFactory"

                importType="http://schemas.oracle.com/bpel/extension/java"/>

        <import location="oracle.soa.management.facade.Composite"

    importType="http://schemas.oracle.com/bpel/extension/java"/>

        <import location="oracle.soa.management.facade.LocatorFactory"

                importType="http://schemas.oracle.com/bpel/extension/java"/>

        <import location="oracle.soa.management.facade.Locator"

    importType="http://schemas.oracle.com/bpel/extension/java"/>

    (not used in java Embedding).

    My java Class is :

    package xxx.yyy;

    import oracle.soa.management.facade.Locator;

    import oracle.soa.management.facade.LocatorFactory;

    import oracle.soa.management.facade.Composite;

    import oracle.soa.management.facade.LocatorFactory;

    import oracle.soa.management.facade.ComponentInstance;

    public class SecurityRetrieve {

        public SecurityRetrieve() {

            super();

        }

        public static String getCredential(String mode) {

            String result = "";

            try {

    oracle.security.jps.JpsContextFactory jpsCtxFactory =

    oracle.security.jps.JpsContextFactory.getContextFactory();

                oracle.security.jps.JpsContext jpsCtx = jpsCtxFactory.getContext();

    oracle.security.jps.service.credstore.CredentialStore credStore =

    jpsCtx.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);

    oracle.security.jps.service.credstore.PasswordCredential cred =

    (oracle.security.jps.service.credstore.PasswordCredential)credStore.getCredential("OAM_STORE",

                                                                                                      "KeystorePassword");

                if (cred == null) {

                    result = "Credential not found.";

    System.out.println("Credential not found.");

                } else {

                    if (mode.equalsIgnoreCase("User")) {

                        result = getUser(cred);

                    }else{

                        result = getPwd(cred);

                    }

                   

                }

               

            } catch (Exception e) {

                e.printStackTrace();

                return e.toString();

            }

            return result;

        }

        private static String getUser(oracle.security.jps.service.credstore.PasswordCredential cred) {

            String user = "";

            //user = cred.getName();

            user="Michele";

            return user;

        }

       

        private static String getPwd(oracle.security.jps.service.credstore.PasswordCredential cred) {

            String pwd = "";

            //pwd = String.valueOf(cred.getPassword());

            pwd="Pass";

            return pwd;

        }

    }

    And in java embedding

    try {   

                  XMLElement modeX = (XMLElement) getVariableData("inputVariable", "payload", "/client:process/client:mode");

                  String mode = modeX.getTextContent();   

                  XMLElement jobNameX = (XMLElement) getVariableData("inputVariable", "payload", "/client:process/client:jobName");

                  String jobName = jobNameX.getTextContent();   

                  String json="";   

            String user =""; 

            String pwd ="";  

       

                  user =xxx.yyy.SecurityRetrieve.getCredential("User");   

                  pwd =xxx.yyy.SecurityRetrieve.getCredential("Password");   

     

    json="{\"actionName\":\"getTaskIdByName\",\"authPass\":\""+pwd+"\",\"authUser\":\""+user+"\",\"mode\":\""+mode+"\",\"taskName\":\""+jobName+"\"}";   

        oracle.soa.common.util.Base64Encoder encoder = new oracle.soa.common.util.Base64Encoder();     

         

    String encodedString = null;      

    encodedString = encoder.encode(json);      

    setVariableData("base64EncodedJson",encodedString);    

    setVariableData("base64EncodedJson",json);  

    }   

    catch (Exception e){   

                  e.printStackTrace();    

                  addAuditTrailEntry(e);   

    }

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited June 2019

    Hi Michele,

    In your class you now hard code your user name/password. You somehow tested those values are correct?

    I see that you build up your string like 'json="{\"actionName\":\"getTaskIdByName\",\"authPass\":\""+pwd+"\",\"authUser\":\""+user+"\",\"mode\":\""+mode+"\",\"taskName\":\""+jobName+"\"}";  ' and then b64 encode it.

    What do you do with it and why is it build up like this?

    At what point do you get your error?

    Have you tried the invocation of the service for which you do this using SoapUI or Postman?

    Regards,

    Martien

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    Hi, i call my service with soapui and my service call by http with json in base64 other service.

    I thinks the problem Is in

    oracle.security.jps.service.credstore.PasswordCredential cred =

    (oracle.security.jps.service.credstore.PasswordCredential)credStore.getCredential("map","Key");

    Becouse if I add this code directly in Java embendding I Have problem i  deploy phase .

    Yes I have add user and password  in code for test but return always some error :

    java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=External-System,keyName=xxx read)

    Thanks,

    Mipi

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited June 2019

    The fault 'java.security.AccessControlException: access denied (oracle.security.jps.service.credstore.CredentialAccessPermission context=SYSTEM,mapName=External-System,keyName=xxx read)' are you getting this at the call of the embedded java?

    It seems you have the same problem as: https://community.oracle.com/thread/2434632

    You should check the jazn file, but I would expect that SOA Suite should be in there already.

    I would say that the java class does not add many, so I'd put it all in the embedded java, to circumvent that the class isn't authorized.

    At least strip it down to simple calls in the embedded java and then expand it bit by bit and test by every bit. For instance, I'd create an embedded java activity and add only:

    oracle.security.jps.JpsContextFactory jpsCtxFactory = oracle.security.jps.JpsContextFactory.getContextFactory();

    And the following lines commented:

    //oracle.security.jps.JpsContext jpsCtx = jpsCtxFactory.getContext();//oracle.security.jps.service.credstore.CredentialStore credStore = jpsCtx.getServiceInstance(oracle.security.jps.service.credstore.CredentialStore.class);//oracle.security.jps.service.credstore.PasswordCredential cred = (oracle.security.jps.service.credstore.PasswordCredential)credStore.getCredential("OAM_STORE",                                                                                           "KeystorePassword");

    Then if that works, uncomment one of the following lines and redeploy and test. Do this one by one. Until it either works or you get the exception. If you get an exception then you know the exact method call that is responsible and can concentrate on that. If it works, then you can refine the solution at will.

    Regards,
    Martien

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    Hi,

    I Have try with demo BPEL, new BPEL have only java Embedding with this code

    and return erro in deploy phase:

    Error occurred during deployment of component: BPELDemo to service engine: implementation.bpel for composite: Demo: ORABPEL-05250.

    In Bpel i have add follow import:

    <import location="oracle.soa.management.facade.LocatorFactory"            importType="http://schemas.oracle.com/bpel/extension/java"/>

    <import location="oracle.soa.management.facade.Composite"            importType="http://schemas.oracle.com/bpel/extension/java"/>

    <import location="oracle.soa.management.facade.Locator"            importType="http://schemas.oracle.com/bpel/extension/java"/>

    <import location="java.util.List"          importType="http://schemas.oracle.com/bpel/extension/java"/>

    <import location="oracle.soa.management.util.CompositeInstanceFilter"          importType="http://schemas.oracle.com/bpel/extension/java"/>

    <import location="oracle.soa.management.facade.CompositeInstance"          importType="http://schemas.oracle.com/bpel/extension/java"/>

    <import location="oracle.security.jps.JpsContextFactory"          importType="http://schemas.oracle.com/bpel/extension/java"/>

    Thanks,

    Mipi

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    I think the problem is BpelcClasspath value.

    When change BPELProperties, i need restart?

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    I try a restart, but the problem persists

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited June 2019

    Where did you store your .java file? In the SCA-INF/src or the /src folder within the project? It turns out that in 12c the SCA-INF/src classes don't get compiled when deployed using the ant scripts.

    Regards,
    Martien

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    my java is in SCA-INF/src bu i'm using 11g

    Regards,

    Mipi

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited June 2019

    Could you try and move it to /src?

    Regards,
    Martien

  • MipiMipi Posts: 33 Red Ribbon
    edited June 2019

    ok, I can!

    Thanks

    M.

  • MipiMipi Posts: 33 Red Ribbon
    edited July 2019

    I have add mi lib in /lib.

    In jar i present  /lib with jar but when i run the bpel lib is not view. How i fix this problem?

    If i add jar in SCA-INF/lib i don't have problem

  • Martien van den AkkerMartien van den Akker Posts: 2,756 Bronze Crown
    edited July 2019

    For some years now, I'm not fond in using embedded java. I prevent using it. Only if I need to do a fairly simple java statement I use it. As it becomes a little bit more complex, I use a Spring component: https://blog.darwin-it.nl/2018/09/zipping-is-easy-in-javaspringsoasuite.html

    Advantage of this approach is that you can test the java code separately and you can just invoke the java-service from BPEL. So in the Flow Trace you see it as an invoke, and thus you see the input document.

    In your case, deploying may become simpeler.

    Regards,
    Martien

  • MipiMipi Posts: 33 Red Ribbon
    edited July 2019

    ok, Thanks

Sign In or Register to comment.