Diego Neri - SOA / BPM / Java

27 October, 2016

Error to start 'usermessagingserver' application in a SOA Environment

I got this issue when I tried to start a SOA managed server:

<Error> <Deployer> <BEA-149205> <Failed to initialize the application 'usermessagingserver' due to error weblogic.application.ModuleException: Exception preparing module: EJBModule(sdpmessagingengine.jar)

Unable to deploy EJB: MessageForwarderBean from sdpmessagingengine.jar:

The run-as security principal, 'OracleSystemUser', chosen for the EJB 'MessageForwarderBean(Application: usermessagingserver, EJBComponent: sdpmessagingengine.jar)' is not a valid user principal in the current security realm. Please specify a valid user principal for the EJB to use.

Looking at the error we can see a complaint about an user: OracleSystemUser.

First of all I've checked if the user was still valid:

Login into Weblogic Console
Navigate to Security Realms -> myrealm -> Users and Groups -> Groups..
I noticed that the user OracleSystemUser wasn't there.

To recreate rightly the user, follow the steps below:

Still in Users and Groups tab:

Access the Groups tab.
Check if the OracleSystemGroup exists. If so, go to step 4.
Click on the 'New' button and enter the below details:
Name: OracleSystemGroup
Description: Oracle application software system group
Provider: <leave the default value: DefaultAuthenticator>
Click OK
Access the Users tab.
Click on the 'New' button and enter:
User: OracleSystemUser
Description: Oracle application software system user
Password: <provide same password as weblogic user>
Click OK.
Click on the username 'OracleSystemUser' and then click on 'Groups'.
Select the previously created 'OracleSystemGroup' and click 'Save'.

Bounce all servers on cluster to complete the changes and let the server starts the applications normally.

Note: that error can occurs with other applications in WLS which uses the OracleSystemUser.

19 June, 2015

Managing your OAuth Clients via REST API - Oracle API Gateway

Usually, Oracle API Gateway (OAG) provides the WebApplication Client Registry Application to manage data from every client application that sends OAuth requests to the API Gateway's OAuth Authorization Server.

In my scenario, I had to manage OAuth data out-of-box of the WebApplication so I tried to look for the REST API documentation of the feature.

Unfortunatelly, Oracle doesn't provide ANY documentation about the REST APIs in this case, so I had to investigate the API.

I am sharing the functionalities with cUrl commands, to improve and resume the information:

PREFACE

All cUrl commands have tested with --insecure (or -k) mode, it was a environment with no certificates installed.
The credentials regadmin:changeme came from the OAG default settings. You can create other users and replace the admin credentials in a safe environment.
You can use | python -mjson.tool to format the JSON output on the GET options
localhost can be replaced by any dns or IP address you need

CREATING DATA

A NEW APPLICATION (WITH MAIN DATA)

URI: /api/portal/v1.1/applications
Example: curl --insecure -X POST --user regadmin:changeme -H "Content-Type:application/json" https://localhost:8089/api/portal/v1.1/applications -d @sampleClient.json

Where sampleClient.json is:

{
"description": "Dummy Description",
"email": "dummy@dummycorp.com",
"name": "DummyCorp"
}

In this case, the ClientApplicationId is an autogenerated value. In a next post, I'll show how to work with this 'problem'.

Given DummyCorpId as the id generated (usually is a value like 1fd97e5d-ec13-4054-8284-3646b86ce02c):

INSERT API KEY:

URI: /api/portal/v1.1/applications/<ClientAppId>/apikeys

Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth -X POST -H

All values (id and secret) are autogenerated.

INSERT OAUTH DATA:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauth

Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth -X POST -H "Content-Type:application/json" -d @oauthclient.json

Where oauthclient.json is:

{
"cert": "",
"enabled": true,
"redirectUrls": [
"http://www.google.com"
],
"id":"ClientID",
"secret": "ClientSecret",
"type": "confidential"
}

INSERT OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource

Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource -X POST -H "Content-Type:application/json" -d @oauthscope.json

Where oauthscope.json is:

{
"id":"CustomerREADScope",
"enabled": true,
"scopes": ["customer.READ"],
"scope": "customer.READ",
"uriprefix": "customer.READ"
}

GETTING DATA

ALL APPLICATIONS REGISTERED

URI: /api/portal/v1.1/applications
Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications | python -mjson.tool

A SIMPLE APPLICATION

URI: /api/portal/v1.1/applications/<ClientAppId>

Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId

API KEYS

URI: /api/portal/v1.1/applications/<ClientAppId>/apikeys/

Example: curl --insecure -X GET --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/apikeys/

THE OAUTH MAIN DATA

URI: /api/portal/v1.1/applications/<ClientAppId>/oauth

Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth

and the OAuth Scopes:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource

Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresouce

UPDATE DATA

In order to update data with this REST API, you should provide all data previously inserted. If you provide just the field(s) you want to update, the others will be null

UPDATE APP MAIN DATA

URI: /api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure -X PUT --user regadmin:changeme -H "Content-Type:application/json" https://localhost:8089/api/portal/v1.1/applications/DummyCorpId -d @updateClient.json

Where updateClient.json is:

{
"id": "DummyCorpId",
"description": "Dummy Description",
"email": "dummy@dummycorp.com",
"name": "New DummyCorp",
"createdOn": 1434714309524,
"enabled": true,
"image": null,
"organizationId": null,
"phone": "phone",
"state": null
}

UPDATE OAUTH DATA:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauth/<ClientId>

Example: curl --insecure --user regadmin:changeme -X PUT https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth/ClientID -d @oauthclient_update.json -H "Content-Type:application/json"

Where oauthclient_update.json is:

{
"applicationId": "DummyCorpId",
"cert": "",
"corsOrigins": [],
"createdBy": null,
"createdOn": 1434715843102,
"enabled": true,
"id": "ClientID",
"redirectUrls": [
"http://www.google.com/redirect"
],
"secret": "ClientSecret",
"type": "confidential"
}

In this case, you should provide applicationId as well. If you don't, the value will be updated to null.

UPDATE OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource/<resourceId>

Example: curl --insecure --user regadmin:changeme https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource/CustomerREADScope -X PUT -H "Content-Type:application/json" -d @updateoauthscope.json

Where updateoauthscope.json is:

{

"applicationId": "DummyCorpId",
"enabled": true,
"id": "CustomerREADScope",
"isDefault": true,
"scope": "customer_READ",
"scopes": ["customer_READ"],
"uriprefix": "customer_READ"
}

DELETE DATA

DELETE ALL APP DATA

URI: /api/portal/v1.1/applications/<ClientAppId>
Example: curl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId

DELETE OAUTH DATA:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauth/<ClientId>

Example: curl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauth/ClientID

DELETE OAUTH SCOPE:

URI: /api/portal/v1.1/applications/<ClientAppId>/oauthresource/<resourceId>

Example: curl --insecure --user regadmin:changeme -X DELETE https://localhost:8089/api/portal/v1.1/applications/DummyCorpId/oauthresource/CustomerREADScope

REFERENCES

http://docs.oracle.com/cd/E39820_01/doc.11121/gateway_docs/content/oauth_app_registration.html
https://docs.oracle.com/cd/E55956_01/index.htm

03 June, 2015

OAG (Oracle API Gateway) Silent (or unattended) install

There are few options on the official guide, to build a Silent (Unnatended) Install for Oracle API Gateway.
The basic mode to build a Silent Install is:

./OAG-11.1.2.1.0-linux-installer.run --mode unattended 
  --enable-components nodemanager --disable-components analytics,policystudio

Follow a command I have created to just install the APIGateway without any other components of the install:

./OAG_11.1.2.3.0-linux-x86-64-installer.run --optionfile OAG_11.1.2.3.0-linux-x86-64-installer.run.options

Here is the OAG_11.1.2.3.0-linux-x86-64-installer.run.options file content:

prefix=/oracle/middleware/oag_home
mode=unattended
debugtrace=log/debug_install.out
enable-components=apigateway
disable-components=analytics,policystudio,configurationstudio,apitester
setup_type=standard
firstInNewDomain=1
nmHostnameOrIpChoice=127.0.0.1
nmPort=8090
rnmUsername=admin
rnmPassword=changeme
askNmService=0
nmServiceUser=admin
nmServiceUserQuestion=0
configureGatewayQuestion=0
askGwService=0
nmStartupQuestion=0

You can find more tricks to build your options file by using the option --help with the .run file.

References:
https://docs.oracle.com/cd/E39820_01/doc.11121/gateway_install_docs/content/install_gateway.html#p_install_gateway_command
http://docs.axway.com/u/documentation/api_gateway/7.4.0/APIGateway_InstallationGuide_allOS_en.pdf, Page 24

17 March, 2015

Error with a JDeveloper Project - output files couldn't be created

There is an issue regarding the project building with JDeveloper, doesn't matter the techonology you are using (Java, SCA).
If you are facing an error like below:

[scac] error: C:\git\bpels\MyProject\classes\scac_out.xml (The system can not find the path specified)
[scac] ====> Faulted
[scac] java.io.FileNotFoundException: C:\git\bpels\MyProject\classes\scac.log (The system can not find the path specified)
[scac] at java.io.FileOutputStream.open(Native Method)
[scac] at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
[scac] at java.io.FileOutputStream.<init>(FileOutputStream.java:142)
[scac] at org.apache.tools.ant.util.LazyFileOutputStream.ensureOpened(LazyFileOutputStream.java:158)

Here is the solution:

You only need to recreate the folder "classes" under the "MyProject" structure.
Then, try to build your project again.