domingo, 29 de mayo de 2016

Oracle Soa Suite Unit test with Groovy (11g, 12c) - part 1

It's going to be a little long but if you stay until the last line, you are going to know what i did to create dynamic xml requests and responses usign the unit test framework of the Soa Suite with groovy. (yes, groovy!)

I'm going to give some background of the problem and later my own personal solution. Lets begin :D

[Update 30/06/2016] Wrote a second blog about subject with more functionality for the tests; JUnit test execution, pre load of dat and post processing of information. http://carlgira.blogspot.com.es/2016/06/oracle-soa-suite-unit-test-with-groovy.html

PROBLEM


I was trying to create Unit Test for some Bpel with several Web Service calls, human task, JCAs to database, and i get really frustated trying to create dynamic requests or responses using the tool within the Jdeveloper.

I wanted to re-create some fields, update dates etc.

The only thing i found was something that the TestSuites supports but the graphic wizards dont show. You can use small Xpath functions to replace values of the payloads in your TestSuite.

The next image shows the initiation message of a TestCase. You can see that after the payload, there is an element called "update". This element only receives two attributes, the "updateLocation" that refers a XpathLocation of a field to update, and the "updateXpathFunction" with the xpath function with the new value.



You could think that this could work but there is a problem with the Xpath functions you can use, there are only avalaible the "basic" Xpath functions https://www.w3.org/TR/1999/REC-xpath-19991116/#corelib ( Node-Set, String, Boolean and math functions - check the link with the full list)

But there are also some diferences between versions of the Soa Suite that i check:

Soa Suite 11.1.1.7: Only basic Xpath functions
Soa Suite 11.1.1.7.3: After this versions they add several functions of the http://www.oracle.com/XSL/Transform/java/oracle.tip.pc.services.functions.Xpath20 that you can use, (all of them related with dates and durations).
Soa Suite 12.1.3: I check again if there was more supported functions in 12c but it seems that again you only can use the basic Xpath functions. (lost all the Xpath20 functions dont know why)

So, there are few options to create dynamic XML in your unit test.

SOLUTION


I love the way the SoapUI gives you the possibility to create dynamic request using incrusted groovy inside of your XML. So i've spent some time looking for doing this possible with the Soa Suite.

I tried for long to found the "spot" of code that i should replace to make this possible, and i found it :D. The basic idea is that you can create dynamic XML request or response using incrusted groovy.

The best way to explain what it does is with an example.


  •  When you build the request add some code of groovy. In the next example you can see how a date is created and later a random integer value.





When you execute the test, those values are replaced and you get a dynamic XML!!


HOW IT WORKS


I had to look for the spot with minimun changes. I found it in the class oracle.integration.platform.testfwk.TestCase in the fabric-ext.jar

I create an exact copy of that class and add some code to execute the groovy code inside the method "populatePayload".

Finally, the idea is to add my jar to the server classpath and make sure that is loaded first that the original one.

You can see everything inside the sources


INSTALLATION/CONFIGURATION

These are all the instructions to make it work.

  • Create the jar (Soa 11.1.1.7 or 12.1.3, use a custom profile for your version)
    • mvn -Dsoa-version=11.1.1.7 clean package
    • mvn -Dsoa-version=12.1.3 clean package
  • Copy the file custom-test-case-1.0-jar-with-dependencies.jar to the directory Middleware\Oracle_SOA1\soa\modules\oracle.soa.fabric_11.1.1 in 11g or in the Middleware/soa/soa/modules/oracle.soa.fabric_11.1.1 on 12c.
  • Add the custom-test-case-1.0-jar-with-dependencies.jar in the classpath of the MANIFEST file of the jar oracle.soa.fabric.jar. Make sure that this file appears before than the fabric-ext.jar in the classpath variable. (create a backup of jar before the modification)
  •  Reboot your server
  •  Now you can add to your XML messages in the Jdeveloper the groovy code :D

SUMMARY
  • The utility allow you to create dynamic XML messages with groovy.
  • You need to change the classpath to make sure to load the modified class.
  • This utility is intended to your test environment.


Thanks! i hope someone find this useful.








Publicado por en 2 comentarios:

lunes, 23 de mayo de 2016

Full Weblogic Custom Authenticator (11g, 12c)

I could not find a full example of custom weblogic asserter using maven. I got some examples using ant, but i dont like that... it never works for me for some reason, so i simply create a maven project using the sources of [1] getting some ideas of this github snippet wiht the "WebLogic MBean Maker" pom.xml [2], and most important the explanation on the creation of a custom authenticator in the book "Securing WebLogic Server 12c" chapter 4  (really recommended if you want to understand what you are doing).

There are lots of blogs with the same sources (SimpleSampleIdentityAsserterProviderImpl), so you are going to find the same example over and over again on internet, based in a really old sample used with Bea-server. In some moment in time the authenticator sources came with a sample web application to test it but you could not find that application anymore.

I don't want to extend to much with this, so i'll try to remark only the most important, and give you the basic instructions to make it work.
  • First understand the difference between and authenticator and a asserter. The asserter is a way to "translate" a key or token to a set of credentials, that can be used to authenticate (lets say a cookie, http header or a certificate). The authenticator has the responsibility to check if with those credentials  the user can continue to the protected resource. (A better explanation can be found in the A-team blog about asserters [5])
          Why this is important? Because on many internet sources you are only going to get the asserter and not the full authenticator (the asserter plus the LoginModule). If you only get the asserter you are half way. Check [6] to get the LoginModule or this one [7] to extend your already mbean asserter to an authenticator provider.

  • The second thing was to test it. It was funny, it was harder to find the right configuration for the web application than the sources of the authenticator. 
          With the authenticator we create a custom token. The key that the user must use, so the asserter gets activated.  A token can be a cookie, a http header or a certificate [8], so to test your application you must send the token the correct way (i use the cookie and the http header and both works fine)

        You also need to configure your web application with the protected resources, the roles and the principal mapping.

        In your web.xml add something like this (add the "login-config", the "security-role" and a "security-constraint")
 
  CLIENT-CERT
 

 
  LoggedUsers
 

 
  
   Protected resources
   protected/*
   GET
   POST
  
  
   LoggedUsers

       In your weblogic.xml add the mapping between the role and the principals.
        
  LoggedUsers
  users

**** For a beautiful example with the sources of the web application see [9]

CONFIGURE


The project is on github  https://github.com/carlgira/soa-utils/tree/master/http-token-authenticator
  • In the pom.xml configure the "mdw.home" with your Middleware path (on the 11g or 12c profile)
  • According with your version probably you'll have to change some jar paths.
  • Execute maven install (11.1.1.7 or 12.1.3)
    • mvn -Dsoa-version=12.1.3 clean install
    • mvn -Dsoa-version=11.1.1.7 clean install
  • Copy the jar to the path Middleware\wlserver_10.3\server\lib\mbeantypes
  • Reboot your server
  • Go to Security Realms->myrealm->Providers and create a SimpleSampleIdentityAsserter.
  •  Make sure to put all the authenticators flags to "SUFFICENT"
  • Reorder your authenticators and put the new one the last.
  • Reboot your server

TEST A PROTECTED APPLICATION

I use the firebug add-on of Firefox to test it. Just create a custom cookie named "PerimeterAtnToken" and value "username=weblogic".

You can also make a http request with a http header named "PerimeterAtnToken" and with a value of "username=weblogic".


That should be enough, if not, make sure to check the "References" read the book and all the examples.

Thanks!

REFERENCES


1. Simple Sample Custom Identity Asserter for Weblogic Server 12c http://weblogic-wonders.com/weblogic/2014/01/13/simple-sample-custom-identity-asserter-weblogic-server-12c/
2. WebLogic MBean Maker. https://gist.github.com/kares/356576
3 Creating a wlfullclient.jar. https://docs.oracle.com/cd/E12840_01/wls/docs103/client/jarbuilder.html
4. Securing WebLogic Server 12c,
5. Why do I need an Authenticator when I have an Identity Asserter?, Oracle A-team http://www.ateam-oracle.com/why-do-i-need-an-authenticator-when-i-have-an-identity-asserter/
6. Do You Need to Develop a Custom Authentication Provider?http://docs.oracle.com/cd/E21764_01/web.1111/e13718/atn.htm#DEVSP220
7. Weblogic Identity Asserter and Athorization Provider in one! http://darylwiest.blogspot.com.es/2015/02/weblogic-identity-asserter-and.html
Extends the mbean to an authenticator
8. Passing Tokens for Perimeter Authentication http://docs.oracle.com/cd/E21764_01/web.1111/e13718/ia.htm#DEVSP254
9. SiteMinder WebLogic Security Provider Mock, https://gibaholms.wordpress.com/2015/01/21/siteminder-weblogic-security-provider-mock/
10. Mock Weblogic Login module - Identity Asserter and Authenticator,  http://danielveselka.blogspot.com.es/2012/04/mock-weblogic-login-module-identity.html


Publicado por en No hay comentarios:
Suscribirse a: Entradas (Atom)