Forum Stats

  • 3,769,484 Users
  • 2,252,969 Discussions
  • 7,875,053 Comments

Discussions

SOAOrderBoooking and obtunnel

659086
659086 Member Posts: 47
edited Sep 19, 2008 3:34AM in SOA Suite Discusssions
Hi,

I installed soa suite 10.1.3.1.0 and SoaOrderBooking demo. Everything works, but then I tried to encrypt &decrypt credit card info sent to CreditValidatingService and the following error occurs:

Faulted while invoking operation "VerifyCC" on provider "CreditValidatingService".
- <messages>
- <input>
- <validateRequest>
- <part xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="CreditCard">
- <CreditCard xmlns="http://www.globalcompany.com/ns/credit.xsd">

<ccType xmlns="">

AMEX

</ccType>

<ccNum xmlns="">

12345678

</ccNum>

</CreditCard>

</part>
</validateRequest>
</input>
- <fault>
- <remoteFault xmlns="http://schemas.oracle.com/bpel/extension">
- <part name="code">
<code>

Client

</code>

</part>
- <part name="summary">
<summary>

Caught exception while handling request: unexpected element name: expected={http://www.globalcompany.com/ns/credit.xsd}CreditCard, actual={http://www.w3.org/2001/04/xmlenc#}EncryptedData

</summary>

</part>
- <part name="detail">
<detail>

null

</detail>

</part>
</remoteFault>
</fault>
</messages>

Copy details to clipboard

[2008/09/16 15:58:46]
"{http://schemas.oracle.com/bpel/extension}remoteFault" has been thrown.
- <remoteFault xmlns="http://schemas.oracle.com/bpel/extension">
- <part name="code">
<code>

Client

</code>

</part>
- <part name="summary">
<summary>

Caught exception while handling request: unexpected element name: expected={http://www.globalcompany.com/ns/credit.xsd}CreditCard, actual={http://www.w3.org/2001/04/xmlenc#}EncryptedData

</summary>

</part>
- <part name="detail">
<detail>

null

</detail>

</part>
</remoteFault>


It seems that something is wrong with decrypting phase.

I tried to use obtunnel to see SOAP messages, but I can not see anything. Can somebody help me with setting obtunnel to debug thing.

brg

Edited by: user5037528 on Sep 17, 2008 1:05 AM
Tagged:

Answers

  • hbuelow
    hbuelow Member Posts: 154
    1. Start up a TCP tunnel listening on port 1234 (or whatever you used for your Gateway CreditValidatingService port).

    * Either start a BPEL Developer Prompt, or from a command line, call SOA_HOME\bpel\bin\obsetenv.bat
    * To start the TCP tunnel, issue the following at the command line:

    "%JAVA_HOME%\bin\java" -classpath %OB_CLASSPATH% org.collaxa.thirdparty.apache.axis.utils.tcpmon 1234 localhost 8888

    * Once it is running, check the XML Format checkbox at the bottom left corner. This doesn't change the data that's displayed, but puts it in a nicer format.

    2. Run new instance of order booking tutorial (or use instance from prior demo). Show that the credit card information is sent in open text across the network in the TCP tunnel.

    3. In OWSM Console click Policy Management > Manage Policies. We need to do two things in OWSM, encrypt the outgoing message and encrypt the incoming message.

    4. Encrypt Outbound SSN

    * Click the Policies link for the MyGateway row
    * Click the pencil to edit the CreditValidatingService policy pipeline
    * In the Request pipeline, add a step below the Start or Log pipeline step
    * Select XML Encrypt from the drop-down in the Step Template
    * Click OK
    * Click the Configure link for your new XML Encrypt step

    o Keystore location = (wherever you stored your keystore file above) for example: C:\Products\OWSM\mykeystore
    o Keystore password = welcome1
    o Public key alias = keyalias
    o (I usually explain now that you could encrypt just a part of the message, e.g. just the credit card number with an XPATH expression but for speed of demo, I'll just encrypt the entire message, so leave all the other settings as defaults)

    * Click OK > Next > Save > Commit

    5. Decrypt Inbound SSN

    * Click Policy Management > Manage Policies
    * Click Policies link for CreditValidatingServiceAgent
    * Click pencil to edit Default Policy
    * In Request pipeline, add step below Start or Log pipeline step
    * Select XML Decrypt and click OK
    * Click Configure for new XML Decrypt step

    o Keystore location = same as above
    o Keystore password = welcome1
    o Decryptors private key alias = keyalias
    o Private key password = welcome1

    * Click OK > Next > Save > Commit

    9. Run new order through and see data encrypted in TCP Tunnel!
    hbuelow
  • 659086
    659086 Member Posts: 47
    edited Sep 18, 2008 4:41AM
    Hello,

    Tnx for detailed explanation.

    How to determine port Gateway CreditValidationService port?

    Should be CreditValidationService agent new agent or can be the same as it is used for authentication to CreditService (as it is described in tutorial)

    excerpt:

    To define the decryption policy step:
    1. In the Web Services Manager Control Console, display the component list by
    clicking Policy Management, then clicking Manage Policies.
    2. From the list of Oracle Web Services Manager components, find the server agent
    associated with the web service. For example, the Authentication Agent is the
    server agent protecting the Credit Validation Service.
    Click Policies and click the Edit icon corresponding to the default policy.
    3. The agent policy appears. Scroll down to the Request pipeline, and click Add Step
    Below on the Start Pipeline to add a new step above the Log step.
    4. From the New Step list, select XML Decrypt and press OK below the dialog box.
    5. Click the Configure link for the new XML Decrypt step you just created.

    I have in Server Agent in request pipeline the following steps:

    Start

    XMl decrypt

    Log

    Extract cred

    File authenticate

    end

    brg

    Edited by: user5037528 on Sep 18, 2008 1:40 AM
  • hbuelow
    hbuelow Member Posts: 154
    Modify Policy to insert TCP Tunnel between Gateway and service Agent

    * From OWSM Console choose: Policy Management > Register Services

    * Select Services link for your gateway

    * Click pencil icon to edit CreditCardValidationService service info
    * Click "Modify Protocol Parameters" link
    * In URL field, change port from 8888 to something else (these
    instructions assume your TCP tunnel is listening on port 1234)
    Click Save > Save > OK > Commit > OK
  • 659086
    659086 Member Posts: 47
    Tnx for the info.
    TCPmonitor now works, but I still get the following error:


    HTTP/1.1 500 Internal Server Error
    Date: Fri, 19 Sep 2008 07:32:17 GMT
    Server: Oracle-Application-Server-10g/10.1.3.1.0 Oracle-HTTP-Server
    Content-Length: 567
    Set-Cookie: JSESSIONID=0a11112230d60b06ffb1fbed48928c8e8f8c1440d926.e34Ka30Sb34Kbi0LbNuQah8Kc3uRe0; path=/CreditService
    SOAPAction: ""
    Connection: close
    Content-Type: text/xml; charset=utf-8

    <?xml version="1.0" encoding="UTF-8"?>
    <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns0="http://www.globalcompany.com/ns/credit.xsd">
    <env:Body>
    <env:Fault>
    <faultcode>env:Client</faultcode>
    <faultstring>Caught exception while handling request: unexpected element name: expected={http://www.globalcompany.com/ns/credit.xsd}CreditCard, actual={http://www.w3.org/2001/04/xmlenc#}EncryptedData</faultstring>
    </env:Fault>
    </env:Body>
    </env:Envelope>
This discussion has been closed.