1. Web Services Developer's Guide
  2. Deploying, Testing, and Invoking Secure Web Services

3 Deploying, Testing, and Invoking Secure Web Services

This chapter provides information about deploying, testing, and invoking secure Oracle Communications MetaSolv Solution (MSS) Web Services.

About Deploying MSS Web Services

You can deploy an MSS Web Service in a single server or in a clustered server environment. If you already have MSS Web Services deployed then you will need to first undeploy them before you can deploy again.

Undeploying MSS Web Services

To undeploy MSS Web Services:

  1. Start the WebLogic Server Administration Console with the following URL: 

    http://serverName:port/console

    where:

    • serverName is the host name for MSS Web Services

    • port is the port number of the system on which MSS Web Services are installed

  2. Enter the administration user name and password.

  3. Click Login.

  4. Under Change Center, click Lock & Edit.

  5. Expand the Domain Structure tree and click Deployments.

    The Summary of Deployments window appears.

  6. On the Control tab, select MSS_WebService.

  7. From the Stop list, select Force Stop Now.

    Ensure that the state of the MSS Web Service application has changed from Active to Prepared.

  8. Click the Configuration tab.

  9. Select MSS_WebService and click Delete.

    The Delete Application Assistant window appears.

  10. Click Yes.

    MSS Web Services are now undeployed.

Deploying MSS Web Services

To deploy MSS Web Services:

Note:

Ensure that you have undeployed any existing MSS Web Services before deploying.

See "Undeploying MSS Web Services" for more information.

  1. Ensure that the administration server is running.

    If it is not running, start it with the following startup script:

    • UNIX

      domainDirectory/startserverName.sh

    • Windows

      domainDirectory/startserverName.cmd

    where:

    • domainDirectory is the WebLogic server domain directory

    • serverName is the name of the administration server

    For a clustered server environment, ensure that any managed servers are also running with the following startup script:

    • UNIX

      domainDirectory/startserverName.sh

    • Windows

      domainDirectory/startserverName.cmd

    where:

    • domainDirectory is the WebLogic server domain directory

    • serverName is the name of the managed server

    Note:

    Ensure for the clustered server environment that the administration and proxy servers are also running.

  2. Start the WebLogic Server Administration Console using the following URL:

    http://serverName:port/console

    • serverName is the host name for MSS Web Services

    • port is the port number of the system on which MSS Web Services are installed

  3. Enter the WebLogic administration user name and password.

  4. Click Login.

  5. Under the Change Center area, click Lock & Edit.

  6. Expand the Domain Structure tree and click Deployments.

    The Summary of Deployments window appears.

  7. On the Configuration tab, click Install.

    The Install Application Assistant window appears.

  8. Under Current Location, navigate to the deploy directory where the desired MSS Web Service EAR file is located.

  9. Select MSS_WebService, and click Next.

    The Choose Targeting Style window appears.

  10. Select Install this deployment as an application and click Next.

  11. Under Source Accessibility, select I will make the deployment accessible from the following location.

  12. Click Finish.

  13. Under the Change Center area, click Activate Changes.

  14. Expand the Domain Structure tree and click Deployments.

    The Summary of Deployments window appears.

  15. On the Control tab, select MSS_WebService.

  16. From the Start list, select Servicing all requests.

    The Start Application Assistant window appears.

  17. Click Yes.

  18. Ensure that the state of the MSS_WebService application has changed from Prepared to Active.

    MSS Web Services should now be deployed.

    Note:

    You can ignore the following warning message when it appears on the appserver.mss.log file during deployment:

    WARNING: Non unique body parts! In a port, according to BP 1.1 R2710 operations must have unique operation signature on the wire for successful dispatch.

About Testing MSS Web Services

You can test MSS Web Services in several ways, for instance by testing using SOAPUI or by writing a Java test client.

Testing MSS Web Services using SOAPUI

SOAPUI is a testing tool that can be used for testing requests like web services. Before testing with SOAPUI, complete the following prerequisites:

  1. Install SOAPUI.

  2. Modify the following settings in SOAPUI:

    • In Global SoapUI Preferences, select the Authenticate Preemptively check box under the HTTP Settings tab. This will add authentication information to the outgoing request.

    • Still in the HTTP Settings tab, set the Socket Time Exception to 10 min (600000 ms).

  3. Ensure that the MSS server is running.

After completing the prerequisites, complete the following steps for testing with SOAPUI:

  1. Get the WSDL location of the module that you need to test from the WebLogic console:

    1. Log in to the WebLogic console.

    2. Under Deployment, expand MSS WebService.

    3. Select the module to test (for example, Order).

    4. Click the Testing tab.

      You should now see the “?WSDL" URL under Test Point.

    5. Click the URL to display the WSDL location.

  2. Copy the WSDL location.

  3. Open SOAPUI.

  4. Click File and then click New Soap Project.

  5. Enter a project name (for example, “OrderTest").

  6. Enter the initial WSDL by pasting the WSDL location.

    Click OK.

    The project is now ready with the list of operations for the respective module.

  7. Choose the operation that you want to test (for example, “assignProvPlanRequest").

  8. Populate the following fields in the Request Properties tab on the left side of the screen.

    • Set Username to a valid WebLogic user name.

    • Set Password to the corresponding WebLogic password.

    • Set WSS-Password Type to PasswordText.

    • Set WSS-TimeToLive to 200 (and for a long running API, consider increasing the value).

    Valid values for these fields are required by the secured MSS Web Services.

  9. After providing login credentials and the required fields if there are any, click Run.

    SOAPUI calls the operation and displays the results.

Note:

If you are testing a web service within an SSL environment, you must set the following vmoptions before creating the SOAPUI project. You update the SoapUI vmoptions file by adding the following new line at the end of the file:

-Dsoapui.https.protocols=TLSv1.2

You find the file with the vmoptions extension under the following directory:

SoapInstallationFolder\bin\

where SoapInstallationFolder is the folder where SOAPUI was installed on your computer.

Testing MSS Web Services with a Java Test Client

MSS Web Services can also be tested by writing a Java test client. MSS Web Services use JAX-WS, the Java API for web services.You can write a simple Java class which invokes the web service, and it should return the expected data.

You must ensure that you handle transaction management properly. MSS Web Services use Web Services Atomic Transaction (WS-AT). You can refer to the following documents for more information:

For 12.2.1.4: https://docs.oracle.com/en/middleware/fusion-middleware/ws-manager/12.2.1.4/wscpt/introduction-using-web-services-atomic-transactions.html#GUID-ABC612E2-0EC2-4537-8E29-77095DCB9B6E

For any operation that needs a commit of the transaction, you need to use the Servlet Test Client which should do a commit/rollback based on the response.

The following URL from WebLogic explains how to create a JAX-WS client:

For 12.2.1.4: https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/wsget/jax-ws-setenv.html#GUID-5B6939E4-064F-47E2-8A10-C7F5CE606063

About Invoking Secure MSS Web Services

The MSS Web Service operations are secured using WS-Security. You must be a registered WebLogic user to access the web service operations externally. The following sections provide information on securing the MSS Web Services:

Refer to the following WebLogic Server documents for more detailed information on securing web services using WS-security:

For 12.2.1.4: https://docs.oracle.com/en/middleware/fusion-middleware/weblogic-server/12.2.1.4/wssov/ws-security-message.html#GUID-C84A28EC-D5AB-430B-899D-FE63AB8B8B48

Securing Web Services

The MSS Web Services has security enabled upon installation. Specifically, the web service ports are associated to the default WebLogic security policy file, usernametoken.xml. As a result, a user name and password must be sent in clear text over a secure tunnel.

About Policy Files

A policy file can be associated to a port, or to a specific operation defined for the port. When a policy file is associated to a port, it automatically secures all operations defined for the web service. When a policy file is not associated to a port, a policy file can be associated to one or more operations. If necessary, each operation can specify a different policy file. If no policy file is associated to the port, or to any operations, the web service is unsecured and no security validations are performed.

Upon installation of MSS, the WebLogic default policy file, usernametoken.xml, is associated to IntegrationEventSoap, InventorySoap, OrderSoap, ServiceActivationDataSoap and SoaSoap. So, all operations are automatically secured, and all operations under each port require a user name and password in the SOAP message header. Example 3-1 shows a SOAP message header with a user name and password specified, where password would be the specific password value.

Example 3-1 SOAP Message Header

<soapenv:Envelope xmlns:open="http://www.openuri.org/" xmlns:ord="http://xmlns.oracle.com/communications/mss/OrderManagementAPI" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
   <soapenv:Header>
   <wsse:Security soapenv:mustUnderstand="1"
   xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
   wss-wssecurity-secext-1.0.xsd"
   xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
   wss-wssecurity-utility-1.0.xsd">
   <wsse:UsernameToken wsu:Id="UsernameToken-D4DD3881F54839961414839602556291">
   <wsse:Username>admin</wsse:Username>
   <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
   wss-username-token-profile-1.0#PasswordText">password</wsse:Password>
   <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-
   200401-wss-soap-message-security-1.0#Base64Binary">/qtCBQf4FsS3Y7GdEk0xcw==
   </wsse:Nonce>
   <wsu:Created>2017-01-09T11:10:55.625Z</wsu:Created>
   </wsse:UsernameToken>
   </wsse:Security>
   </soapenv:Header>
   <soapenv:Body>
      <open:getE911Data>
       .
       .
       .
      </open:getE911Data>
   </soapenv:Body>
</soapenv:Envelope>

Modifying Web Service Security

You can modify the default security settings through the WebLogic Server Administration Console.

To modify the default web service security settings, see the following:

Accessing Security

To access security:

  1. Log in to the WebLogic Server Administration Console.

  2. In the left panel, under Domain Structure, click the Deployments link.

    The Summary of Deployments page appears.

  3. Expand MSS_WebService.

  4. Under MSS_WebService, expand Web Services.

  5. Under Web Services, click the link that represents the name of the web service.

    For example, click the Order link.

  6. Click the Configuration tab, then click the WS-Policy tab.

    The WS-Policy tab lists the policy files associated with the web service. Upon installation, this page shows OrderSoap with the usernametoken.xml policy file associated.

  7. Expand the port.

    All operations are listed under the port.

Associating a Policy File

You can associate a policy file to a port, or to a specific operation defined for the port.

To associate a policy file:

  1. Access security for the web service.

    See "Accessing Security" for more information.

  2. Click the port or a specific operation.

    The available policy files are listed on the left, and the policy files associated with the port or operation are listed on the right.

  3. In the left side, select an available policy file to associate to the port or operation.

  4. Click the right arrow, which moves the available policy file to the list of associated policy files.

  5. Click OK.

Disassociating a Policy File

You can disassociate a policy file from a port or from a specific operation defined for the port.

To disassociate a policy file:

  1. Access security for the web service.

    See "Accessing Security" for more information.

  2. Click the port or a specific operation.

    The available policy files are listed on the left, and the policy files associated with the port or operation are listed on the right.

  3. In the right side, select the policy file to disassociate from the port or operation.

  4. Click the left arrow, which moves the associated policy file to the list of available policy files.

  5. Click OK.

Enabling Transactions Transport Security Mode

You use the SSL (Secure Sockets Layer) protocol to encrypt and secure information transported in a web service operation. In an SSL environment where the HTTPS port is enabled and the HTTP port is disabled, the Transactions Transport Security Mode must have an “SSL Required" setting. For example, you can invoke the following in this scenario:

https://hostname:httpsPort/MssWS/customer/CustomerAccount?WSDL

where the hostname and httpsPort are relevant to your WebLogic Server instance.

To enable this setting, perform the following steps:

  1. Start the WebLogic Server Administration Console with the following URL: 

    http://serverName:port/console

    where:

    • serverName is the host name for MSS Web Services

    • port is the port number of the system on which MSS Web Services are installed

  2. Enter the administration user name and password.

  3. Click Login.

  4. Under the Change Center, click Lock & Edit.

  5. Expand the Domain Structure tree and select your domain.

  6. On the JTA tab, select Advanced.

  7. For the Web Service Transactions Transport Security Mode, set it to a SSL Required value.

  8. In the Change Center area of the Administration Console, click Activate Changes, which activates these changes.

  9. Restart the Administration server.

Troubleshooting

You use the following section to help resolve items that you can encounter during your testing.

Connecting to the WSDL Location

When trying to connect to the MSS Web Service WSDL location using the IP Address, you can get an error. For example, the following location:

http://IPaddress:port/MssWS/order/Order?WSDL

can give the error “The page cannot be displayed" but the server is running. The issue involves the internal and external IP Address defined for the computer. When the computer has both an internal and an external IP Address defined, then the MSS Web Service WSDL location might not work using the IP Address.

Solution

The workaround for this issue is to use the host name instead of an IP Address. For example:

http://hostname:port/MssWS/order/Order?WSDL

This location with the host name provides the proper WSDL details.

Redirecting Log Messages

When an MSS Web Service operation fails in 6.3.1.452 or earlier, sometimes the error is not logged in the mss.log or the appserverlog.xml file. Instead, it is logged to the appserverlog_misc.xml file which is also available on the logs directory. If you are in version greater than 6.3.1.452, the errors are automatically logged in the appserver.log file.

Solution

If you are in 6.3.1.452 or earlier, you can redirect the logs to the appserverlog.xml file. You add the section in Example 3-2 to the loggingConfig.xml file which is under the following directory: 

MSLV_HOME\m63Server\AppServer\Config

Example 3-2 Snippet Addition to loggingConfig.xml File for the version 6.3.1.452 or earlier

<category name="cmm.Integration.API"
      class="com.metasolv.common.framework.logging.api.log4jext.MSLVLogger"
      additivity="false">
   <level value ="error"
      class="com.metasolv.common.framework.logging.api.log4jext.MSLVLevel"/>
      <appender-ref ref="XMLFileApp"/>
</category>

Invoking MSS Web Services in an SSL Environment

When you invoke an MSS Web Service operation in an SSL environment where the HTTP port is disabled sometimes an error can occur. This error occurs when you invoke the web service through the HTTPS port and the API throws the following error: 

weblogic.wsee.server.ServerURLNotFoundException: Cannot resolve uri for protocol http/https

Solution

You must enable the Transactions Transport Security Mode setting through the WebLogic Console to “SSL Required" value. See "Enabling Transactions Transport Security Mode" for the steps to set this mode.