Tug’s Blog

My journey in Big Data, Hadoop, NoSQL and MapR

A Nice Christmas Present for Groovy and Grails Project

| Comments

The groovy project gets funding for its development. Big Sky is hiring Jochen Theodorou one of the Groovy commiter. For the people that do not know Big Sky. Big Sky is the company behind the the No Fluff Just Stuff symposium tour. Talking about this symposium, in 2007, Groovy and Grails will have a dedicated track.

More about this funding:

In addition to this very good news, here some other activities around Groovy and Grails:

  • Releases of Groovy 1.0 and Grails 0.4
  • Two books on Groovy and one on Grails.
  • A dedicated Groovy and Grails website: aboutGroovy.com
  • Also a dedicated Groovy and Grails conference: theGrails eXchange 2007
  • And the third Groovy Developer Conference in Paris at the end of January

Jesus Rodriguez: Interoperability Between OracleAS and Between Windows Communication Foundation (WCF)

| Comments

Jesus Rodrigues has published on his blog multiple articles on interoperability between OracleAS and Microsoft WCF:

MTOM Interoperability:

WS-Security Interoperability:

In addition Jesus did also publish previously articles on OracleAS BPEL Process Manager and Microsoft:

Web Conference: Groovy & Grails UG London

| Comments

The London Groovy and Grails User Group will be holding their next meeting on Wednesday, 6th December 2006 at Skills Matter in London and for the first time ever the meeting will be available via a live web conference, so don’t worry if you are not in London!

Speaking at this month’s meeting will be Graeme Rocher, Grails Project Lead and CTO at Skills Matter. During his talk entitled; Grails Dynamic Tags: Making Tag Libraries Agile, Graeme will discuss Groovy Server Pages and its support for the creation of dynamic tag libraries without the need for configuration.

John Wilson, Groovy Committer, will also be presenting at this meeting. During his talk, entitled; The MetaClass: How Groovy works Under the Hood, John will shed light on the MetaClass so you can better understand its’ function and see how to use it to get your Groovy programs smaller, clearer and faster.

For more information on attending this meeting or signing up for the web conference, please go to: http://skillsmatter.com/groovy-grails-ug

Calling a Web Services Protected Using HTTP Basic

| Comments

WS-Security provides a way to protect Web Services at the message level (SOAP) and it is independent of the protocol used (HTTP, JMS, …). However, some services are still using HTTP based authentication for protection. JAX-RPC and its Oracle implementation provides a way to set the username and password in the client (Stub) using some properties on the Stub.

1
2
((Stub)port)._setProperty(Stub.USERNAME_PROPERTY, "username");
((Stub)port)._setProperty(Stub.PASSWORD_PROPERTY, "password");

That’s it…

Theses properties are shortcuts to the standard JAX-RPC properties:

1
2
javax.xml.rpc.security.auth.username
javax.xml.rpc.security.auth.password

This code is the same when you are using the Call interface.

OC4J: Sending System Level Message in the Console Window

| Comments

OracleAS 10gR3, so OC4J standalone, is using the standard Java logging framework. Some of the benefits are easy configuration, and extensibility. The configuration of the level of logging of the different loggers has been exposes in the Oracle Application Server Console. To see the logger configuration, click on the Administration Tab and then Logger Configuration, you can then configure the different loggers.

By default the logger will write all the information in the default log.xml file, and for application lever logger it will go in the application.log. You may want to send the information in the console during development to debug/analyze your application. This is done using the configuration of the Handler. This information is currently not available in the Application Server Console, so I am documenting in the next steps how to send the information in the console (terminal window).

The configuration of the OracleAS Logging is saved in the $ORACLE_HOME/j2ee/home/config/j2ee-logging.xml file. In this file you can see that Oracle has defined various handlers where information can be sent:

  • console-handler : Log the information in the console (the one we want to use in this sample)
  • oc4j-handler : the default handler for most of the loggers, saving the information in the $ORACLE_HOME/j2ee/home/log/oc4j/log.xml using the Oracle Logger formatting
  • oracle-webservices-management-auditing-handler : the handler used by the Web Services Auditing feature in the $ORACLE_HOME/j2ee/home/log/wsmgmt/auditing/log.xml
  • oracle-webservices-management-logging-handler : the handler used by the Web Service Logging feature in the $ORACLE_HOME/j2ee/home/log/wsmgmt/logging/log.xml

As you may know, OracleAS Web Service provides out of the box support for Auditing of the SOAP messages. You just need to go in the administration page of the Web Service and enable the auditing. By default the messages are logged in the auditing log pointed above. But during development it is really interesting to see the SOAP Messages in the console without having to configure a Proxy to capture the request/response. The easiest way to do that is to edit the j2ee-logging.xml file and associate the console-handler to the auditing logger using the following configuration:

1
2
3
4
<logger name="oracle.webservices.management.auditing" level="NOTIFICATION:1" useParentHandlers="false">
<handler name="oracle-webservices-management-auditing-handler"/>
<handler name="console-handler"/>
</logger>

by doing this you will see the SOAP Message in the OC4J console that is running in your system.

You can also use this configuration with any loggers available in OC4J.

Download the the Oracle Technology Network (OTN) ‘Greatest Hits’

| Comments

The Oracle Technology Network (OTN) “Greatest Hits” is a compilation of the most popular technical articles, software downloads, podcasts, sample code, and documentation, we’ve published in a given 12-month period. The compilation provides you with convenient access to the “best” of OTN as well as an insight into the interests of the Oracle developer and DBA communities.

IBM Article: JAX-RPC vs JAX-WS

| Comments

I was discussing with a customer not familiar with the JAX-WS standard. I was writing him a mail explaining the difference when I found this nice article on the IBM DeveloperWorks library:

It is an opportunity for me to remind OracleAS users that the 10.1.3.1 stack in addition to the JAX-RPC support also provides support for:

  • Attachments with MTOM, Soap with Attachment and DIME
  • Annotations based development (JSR-181) that is part of JAX-WS
  • WS-Security and WS-Reliability

Using HTTPS With Web Services

| Comments

Prerequisites:

In this article you have

  • already a Web Service deployed in OC4J that is running on the default HTTP port. The WSDL and Endpoint are available. In my sample the non secure Web Service endpoint is: http://127.0.0.1:8888/math-service/MathServiceSoapHttpPort

Add HTTPS to OC4J

Creating of the Keystore

The first thing to do to secure OC4J would be to create a new keystore that will contain the different certificates. The easiest way to do that for a Java developer is to use SUN’s keytool:

1
keytool -genkey -alias oracle-server -dname "CN=Tug Grall, OU=Blog O=Grall And Co L=Redwood Shores, S=CA, C=US" -keyalg RSA -keypass welcome -storepass welcome -keystore server.keystore

You can copy the server.keystore into the $ORACLE_HOME/j2ee/home/config to simplify the next steps.

Configuring OC4J

OC4J stand alone is using the notion of Web-Site to expose HTTP resources (Web Applications). The default-web-site is define is he $ORACLE_HOME/j2ee/home/config/default-web-site.xml. To secure an OC4J you can follow the steps describe in the OC4J Security guide that I have summarized in the following section.

What we want to achieve for the purpose of the demonstration is to have OC4J using HTTP and HTTPS, on port 8888 and 4443 for example.

  1. Copy default-web-site.xml to secure-web-site.xml
  2. Edit the secure-web-site.xml:
    • Change the web-site tag by changing the port to 4443 and adding the element secure="true"
    • Add the ssl-config element and point this to the new created keystore.

The file looks like:

1
2
3
4
5
6
7
8
9
10
11
<web-site   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:noNamespaceSchemaLocation="http://xmlns.oracle.com/oracleas/schema/web-site-10_0.xsd"
  port="4443"
  secure="true"
  display-name="OC4J 10g (10.1.3) Default Web Site"
  schema-major-version="10"
  schema-minor-version="0" >
  ...
  <ssl-config keystore="server.keystore" keystore-password="welcome" />
  ...
</web-site>
  1. Import the new Web site in your OC4J instance by editing the $ORACLE_HOME/j2ee/home/server.xml file. You need to add or replace the web-site tag. In my case I want to add the secure web site to my instance so the configuration looks like:
1
2
3
4
...
<web-site default="true" path="./default-web-site.xml" />
<web-site path="./secure-web-site.xml" />
...

Since we have copied the file from the default-web-site, all applications are available using HTTP and HTTPS

Start OC4J and test the HTTPS port

Start OC4J using the standard Java command or shell script, I am adding the Java Network debug flag that would help you to see what is happening at the SSL level.

1
java -Djavax.net.debug=ssl -jar oc4j.jar

You should be able to access the service WSDL using the HTTPS port for example in my case:

  • https://127.0.0.1:4443/math-service/MathServiceSoapHttpPort?WSDL

Consuming the Service using HTTPS

Generate and configure a client Keystore

Event if this is possible to use the same keystore for the server and the client, I will guide you in the steps to create a client certificate and import the certificate from the existing -server- one.

Here the command to create a new keystore:

1
keytool -genkey -alias oracle-client -dname "CN=John Doe, OU=Blog O=MyDummyClient, S=CA, C=US" -keyalg RSA -keypass welcomeClient -storepass welcomeClient -keystore client.keystore

The next step is to export the certificate from the server keystore to be able to import it in the client:

1
keytool -keystore server.keystore -export -alias oracle-server -file server.cer

You can now import the cerificate in the client keystore:

1
keytool -keystore client.keystore -import -file server.cer

Generate the proxy

You have now the client certificate so you can use the Oracle Web Service Assembler to generate the proxy. The only specific thing you have to do is to specify which key store to use when running the tool. The command to use when generating the proxy is:

1
2
3
4
5
6
7
java -Djavax.net.ssl.trustStore=/Users/tgrall/ssl/client.keystore
    -Djavax.net.ssl.keyStore=/Users/tgrall/ssl/client.keystore
    -Djavax.net.ssl.trustStorePassword=welcomeClient
    -Djavax.net.ssl.keyStorePassword=welcomeClient
    -jar $ORACLE_HOME/webservices/lib/wsa.jar
    -genProxy
    -wsdl https://127.0.0.1:4443/math-service/MathServiceSoapHttpPort?WSDL

Calling the Service using secure endpoint

Configure the Java Environment to use the client store is made using the following System properties:

  • javax.net.ssl.trustStore
  • javax.net.ssl.keyStore
  • javax.net.ssl.trustStorePassword
  • javax.net.ssl.keyStorePassword

This could be done using different approach, property file, -D command line parameter or programmatically. To simply the example I am using the programmatic approach, the following code is part of the main method of the Client class:

1
2
3
4
5
6
7
8
9
...
System.setProperty("javax.net.ssl.trustStore", "/Users/tgrall/ssl/client.keystore");
System.setProperty("javax.net.ssl.keyStore", "/Users/tgrall/ssl/client.keystore");
System.setProperty("javax.net.ssl.trustStorePassword", "welcomeClient");
System.setProperty("javax.net.ssl.keyStorePassword", "welcomeClient");
...
// Adding Debug information
System.setProperty("javax.net.debug", "ssl");
...

It is possible to change the Endpoint dynamically in the Proxy using the setEndpoint method.

1
2
3
4
5
6
7
...
democlient.proxy.MathServiceSoapHttpPortClient myPort = new democlient.proxy.MathServiceSoapHttpPortClient();
...
String ep = "https://127.0.0.1:4443/math-service/MathServiceSoapHttpPort";
myPort.setEndpoint(ep);
System.out.println("Result of the operation is "+ myPort.add(2,2));
...

You should now be able to run the client and call the service using HTTPS. This would look like:

JDeveloper: What Are My System Properties?

| Comments

I have been using JDeveloper for many years, since the first release ;-). But I’ve never payed attention to a simple and very useful feature. When you click the Help > About menu you can access all the System properties of the Java VM used by Jdeveloper by clicking on the Properties tab

Thanks to Gerard for the tip….

Come to Oracle Open World and Watch Mr Spring and Mr Apache Speak

| Comments

Oracle Open World is getting very close… And I am very excited to go to lot of sessions, two of them looks very interesting in the Oracle Develop track:

  • Rod Johnson - Spring Update: What’s New and Cool in Spring 2.0 (Monday 10/23/2006, 12:45 PM - 1:45 PM in the Hilton Hotel Grand Ballroom A)
  • Brian Behlendorf - Bringing Open Source Software Development Practices and Principles Into Your Company (Tuesday 10/24/2006, 1:15 PM - 2:15 PM in the Hilton Hotel Grand Ballroom A)

This is quite exciting to have Open Source gurus coming to present to the Oracle conference, and explain how to use the new Spring in their projects or leverage Open Source practices to improve development in house… Take a look to the full program of Oracle Develop.

Start to use the Oracle OpenWorld Schedule Builder to organize your week in SF, if you have not registered yet for OOW click here.