Skip to Main Content
Forums

Cloud Platform

How to manage security on Fusion Applications webclient

tristanteuJan 17 2013 — edited Jan 22 2013
Hello,

I have build a Fusion Applications Webclient based on a Java Proxy generated from WSDL. I have successfully deployed & running this project on my local Weblogic server.

The project provides an additional custom use-case. (To extend the functionality of Fusion Applications)

In the future we would prefer to deploy such "Fusion-Extensions" on the "Oracle Public Cloud".


In order to authenticate to Fusion, the server side public certificate must be acquired and added as a trusted cert entry to a keystore used by the client.
This keystore stores a reference to the Fusion public certificate and uses the alias "orakey". The Fusion public certificate is obtained from any Fusion Application object WSDL.
The certificate send by the server and is part of the WSDL:
<dsig:X509Certificate>MIICCzC...</dsig:X509Certificate>



If i want to call the service from a simple Java Class my "main" method looks like this:

public static void main(String [] args)
{
SecurityPolicyFeature[] securityFeature = new SecurityPolicyFeature[] { new SecurityPolicyFeature("oracle/wss11_username_token_with_message_protection_client_policy") };
salesPartyService_Service = new SalesPartyService_Service();
SalesPartyService salesPartyService = salesPartyService_Service.getSalesPartyServiceSoapHttpPort(securityFeature);
// Get the request context to set the outgoing addressing properties
WSBindingProvider wsbp = (WSBindingProvider)salesPartyService;
WSEndpointReference replyTo =
new WSEndpointReference("https://xxxxxxxx.oracleoutsourcing.com:443/crmCommonSalesParties/SalesPartyService", WS_ADDR_VER);
String uuid = "uuid:" + UUID.randomUUID();

BindingProvider bp = (BindingProvider)salesPartyService;
bp.getRequestContext().put(BindingProvider.ENDPOINT_ADDRESS_PROPERTY, "https://xxxxxxxxx.oracleoutsourcing.com:443/crmCommonSalesParties/SalesPartyService");
//wsbp.setOutboundHeaders( new StringHeader(WS_ADDR_VER.messageIDTag, uuid), replyTo.createHeader(WS_ADDR_VER.replyToTag));

// Add Security Headers below if any Authentication is required.
wsbp.getRequestContext().put(WSBindingProvider.USERNAME_PROPERTY, "login");
wsbp.getRequestContext().put(WSBindingProvider.PASSWORD_PROPERTY, "password");
// Add your code to call the desired methods.

// Provide the location of your keystore(.jks file)
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "c:/keystore.jks");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "password" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );

// Add your code to call the desired methods.
FindCriteria findCriteria = new FindCriteria();
findCriteria.setFetchSize(10);
findCriteria.setFetchStart(0);
try{
List<SalesParty> sl = salesPartyService.findSalesParty(findCriteria,null);
System.out.println("salesparty number:"+sl.get(0).getPartyId());
} catch (Exception e){
e.printStackTrace();
}
}
}


Q: My first question is how to reference the keystore, if the project is deployed in the oracle public cloud:

// Provide the location of your keystore(.jks file)
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_LOCATION, "c:/keystore.jks");
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_PASSWORD, "password" );
wsbp.getRequestContext().put(ClientConstants.WSSEC_KEYSTORE_TYPE, "JKS" );


Furthermore i had to setup security on my weblogic server:

Go to “C:\Users\tr_te\AppData\Roaming\JDeveloper\system11.1.1.6.38.62.29\DefaultDomain\bin”

Open setDomainEnv.cmd in Text-Editor.

Add the following lines to the JVM Properties:

set EXTRA_JAVA_PROPERTIES=-Dweblogic.security.SSL.ignoreHostnameVerification=true -Dweblogic.security.SSL.allowSmallRSAExponent=true %EXTRA_JAVA_PROPERTIES%

set EXTRA_JAVA_PROPERTIES=-Djavax.net.ssl.trustStore=C:\owsm_test.jks -Djavax.net.ssl.trustStorePassword=welcome1 %EXTRA_JAVA_PROPERTIES%

configuration explained in more detail:
Dweblogic.security.SSL.allowSmallRSAExponent => because the used certificates of Fusion are lower than 2048
Dweblogic.security.SSL.ignoreHostnameVerification => because the subdomain before oracleoutsourcing.com (https://subdomain.oracleoutsourcing.com)
Djavax.net.ssl.trustStore => to setup the same keystore in the weblogic server

Q: how to deal with this challenge in the oracle public cloud?


I tried to deploy the project but its "failed" every time.
Here are some deployment logs:
https://dl.dropbox.com/u/13344648/log/Deploy%20Application_146483_deploy.txt
https://dl.dropbox.com/u/13344648/log/Deploy%20Application_146483_virus-scan.txt
https://dl.dropbox.com/u/13344648/log/Deploy%20Application_146483_whitelist.txt

regards

Tristan
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Feb 19 2013
Added on Jan 17 2013
#java-cloud-service
4 comments
1,231 views