Fusion Applications provides web services that allow external systems to integrate with Fusion Applications. There are two types of services: ADF services and composite services. ADF services are created for a logical business object and provide functionality to access and manipulate these objects. The composite services are mostly process oriented and provide an orchestration of multiple steps.
Information about the web services provided by Fusion Applications is hosted in Oracle Enterprise Repository (OER). The information provided by OER can be used to understand the functionality provided by the service and how the service can be called.
This series of articles describes how one can invoke SOAP web services provided by Fusion Applications using various technologies. In previous article we covered how to invoke a Fusion Application web service secured with simple username token using SoapUI. In this article we will cover a call to service secured with SSL policy.
Prerequisites
SoapUi
The reader is expected to have SoapUI installed.
Fusion Applications Web Service Policy
This example covers a call to a web service that support user name tokens and SSL. The example was tested with a service using "oracle/wss_username_token_over_ssl_service_policy" commonly available for Oracle SaaS environments.
Implementing Web Service Call
Generally the steps to call a SSL and non-SSL services are the same. The SSL services are however commonly configured to validate a timestamp though. So calls to SSL services commonly require the "wsu:Timestamp" element and the value used must be within tolerance. If the timestamp is not provided or the value is not within the tolerance you would see error such as:
<env:Fault xmlns:ns0="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"> <faultcode>ns0:InvalidSecurityToken</faultcode> <faultstring>InvalidSecurityToken : The security token is not valid.</faultstring> <faultactor/> </env:Fault>
To resolve the issue add the Timestamp element:
<wsu:Timestamp wsu:Id="TS-2"> <wsu:Created>2014-07-07T14:53:52.600Z</wsu:Created> </wsu:Timestamp>
Tolerance is configured on the server for details of configuration refer to Advanced Administration. In Cloud environment the tolerance is not configurable by customer. While the timestamp can be "manually" added to the SOAP envelope, Soap UI provides easier way to default the value. First we create a SoapUi project by navigating "File -> New Soap Project":
The project name can be anything; it does not impact the web service call. For the "Initial WSDL" enter the location of the WSDL for the service to be called, in this example we will use the "LocationService" for HCM. The "Create Requests" checkbox is checked to generate an example SOAP Envelope. Click OK and once the tool is done with the generation navigate to the operation to be invoked, in this case we will invoke the "findByLocationId" operation.
To populate the header we can create a template to be applied on the request. Double click the project name, in this case "SoapUIDemoSSL" and navigate to "WS-Security Configurations -> Outgoing WS-Security Configurations". Here create a new "Outgoing WS-Security Configuration" and define values as follows:
- Name: can be anything; it does not impact the web service call
- Default Username/Alias: Populate the user name that you use to call the service with
- Default Password: Populate the user name that you use to call the service with
- Must Understand: check the checkbox
- WSS-Entry -> Timestamp:
- Time to Live: Set to some suitable value for example 1000 seconds, this controls the value used for expires component on the timestamp element created
- WSS-Entry -> Username:
- Password Type: PasswordText
- Other values: accept the defaulted values
Now back on the request we add header to the request by right clicking and choosing "Outgoing WSS -> Apply SoapUiDemoSSL":
And to make the XML more readable choose the "Format XML":
The security header is defaulted to the request:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:typ="http://xmlns.oracle.com/apps/hcm/locations/locationServiceV2/types/"> <soapenv:Header> <wsse:Security soapenv:mustUnderstand="1" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"> <wsse:UsernameToken wsu:Id="UsernameToken-5"> <wsse:Username>username</wsse:Username> <wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</wsse:Password> <wsse:Nonce EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">B+atlEHEOWulzwCDLua3Jw==</wsse:Nonce> <wsu:Created>2014-07-07T15:21:10.307Z</wsu:Created> </wsse:UsernameToken> <wsu:Timestamp wsu:Id="TS-4"> <wsu:Created>2014-07-07T15:21:10.306Z</wsu:Created> <wsu:Expires>2014-07-07T15:37:50.306Z</wsu:Expires> </wsu:Timestamp> </wsse:Security> </soapenv:Header> <soapenv:Body> <typ:findByLocationId> <typ:locationId>300000000678079</typ:locationId> </typ:findByLocationId> </soapenv:Body></soapenv:Envelope>
With this the call to the service would succeed.
Summary
In this article we covered an example using SoapUI to integrate with Fusion Applications using web services secured with SSL policy. In future articles other technologies for invoking Fusion Applications web services will be covered.
