Doorgaan naar hoofdcontent

Posts

Posts uit juli, 2010 tonen

Hermes ebXML SSL Configuration

Introduction This blog item describes how I setup End-2-End security ebXML communication using the Hermes2 framework. The ebMS client is on a Tomcat installation and it communicates with an Apache WebServer (running on Linux and redirecting ebms communication to Tomcat instance on the same server). Prerequisite: Hermes2 (client) and Tomcat installed Hermes2 (server) and Tomcat installed Server certificates generated (self signed) Configuring Hermes2 (corvus webbapplication within Tomcat) When you change the partner agreement to use the https:// protocol towards the receiver you will get the following error (look in the ebms.log of the ebMS sender). hk.hku.cecid.ebms.spa.task.DeliveryException: Cannot send the message     by hk.hku.cecid.piazza.commons.net.ConnectionException: Unable to send HTTP SOAP request     by javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider...

SSL: Tomcat and Apache some handy links

Introduction I know there has been written a lot already about SSL configuration on Tomcat and Apache, but for my own registration I store some links I used to setup SSL. It also contains some handy commands I used to generate certificates. Links Client Certificate Authentication with Apache Apache webserver and SSL configuration Nice overview of SSL and OpenSSL OpenSSL and PKCS#12 FQA Description of Java keytool Most common keytool commands Configuration of Hermes2 (ebXML framework) with SSL Configuration of SSL in Tomcat Terms X.509 In cryptography, X.509 is an ITU-T standard for a public key infrastructure (PKI) for single sign-on (SSO) and Privilege Management Infrastructure (PMI). X.509 specifies, amongst other things, standard formats for public key certificates , certificate revocation lists , attribute certificates , and a certification path validation algorithm. PKCS#12 PKCS#12 is a standard for storing private keys and certificates securely. It define...

How to explain Cordys BPM?

Today I got a question from Anita one of my Twitter followers: "Most people just dont get the whole application, BPM, layered language, how do you explain Cordys to people? " So to get a discussion going i post this question to my Blog so that we can discuss here ! A few questions come to me: What do people don't get? The layering? The BPM language? Or the step towards Cordys? The whole thing about BPM is that you get a flexible business architecture that is abstracting the business processes from the technical implementation. This way you get technical flexibility as well as business flexibility. BPM brings business and IT together ! Cordys BOP4 is a platform that supports this notion of layering and processes with a service oriented architecture. It follows the principles as set by Thomas Erl's SOA Principles . Within the SOA patterns there is also the layering pattern : This is about layering your Services into three abstraction layers. Thomas ta...

Cordys: Authenticator is not instantiated via the properties

I was testing Basic Authentication with soapUI and got the following error: "Authenticator is not instantiated via the properties". <soapenv:Envelope xmlns:def="http://schemas.cordys.com/default" xmlns:mes="http://www.cvz.nl/csp/message" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">    <soapenv:Body>       <soapenv:Fault>          <faultcode xmlns:ns0="http://schemas.xmlsoap.org/soap/envelope/">ns0:Client</faultcode>          <faultstring xml:lang="en-US">User validation failed for: '5517'.</faultstring>          <detail>             <cordys:FaultDetails xmlns:cordys="http://schemas.cordys.com/General/1.0/">                <cordys:...

Cordys: Contract First design

Introduction One of the principles of Service Design is Contract First . With this principle you first design the service contract of the service and then implement it. This blog item will show a small example within Cordys BOP4. Contract First First I will create a simple HRM Employee service first. The WSDL can be found here Before you can use this WSDL you have to import the WSDL. Create a Project with com/examples Folders Create new Web Service document in com/examples Folder Select Import WSDL and name the service, click Next Now you have to fill in the URL of the WSDL. I have installed Cordys on my Windows machine and put my EmployeeService within the <CordysInstallDir>/Web directory. This way the WSDL is accessable through a URL. Select Show Services to view the service defined within the WSDL. Check Interface WSDL , because it is just the interface and not the implementation we are importing. Now you are able to use this as a basis to define a Contract Bas...

SOA Business Events

Introduction I read a nice article here on the SOA Magazine site about "SOA: Dealing with events". This blog item discusses some of the points made and the practical consequences it has (in my opinion). What is an event? The first fundamental question you have to ask yourself is "what a business event" actually is. The writer talks about "a significant or meaningful change in state", "a higher level semantic form" and "meaningfull" for the business. Technical local events are not considered business events. I think this is the same discussion you always have about what a "Service" is. So this always remains a point of discussion. A technical event can also be very usefull when for example systems are going down. This shall have impact on other parts of the business and maybe should trigger the business. Key Concepts Autonomous messages The clue of the statement the writer makes here is: "each message contains just e...

Cordys: Configuring Apache and BOP4 for SSL

Introduction This blog item will show an example how to configure secure SSL with Apache 2.2.x and Cordys BOP4 (CU9) (on Windows). Creating Test Certificate First we will create a test certificate with Apache. Copy the <Apache>/conf/ openssl.cnf to a temportary directory (<temp>) Because the EventService of Cordys uses the IP address as an alternate domain, you have to change the openssl.cnf file in the <temp> directory. Add the following line behind [ v3_req ]: subjectAltName=DNS: www.example.com,DNS: 192.168.2.103 (Change localhost and IP address accordingly) First we will create the RSA Private Key: <Apache>/bin/openssl genrsa -des3 -out server.key 1024 Now we must generate a Certificate Signed Request (CSR). During the generation of the CSR, you will be prompted for several pieces of information. These are the X.509 attributes of the certificate. One of the prompts will be for "Common Name (e.g., YOUR name)". It is important that this field be fil...

Configuring Security with Cordys is easy or ..

Introduction The last week we had to implement some Authorization functionality on Cordys BOP4 (CU9) services. During this journey I discovered that there were several ways in defining the security and this makes it very complex (if you’re a first user just like me). So this blog item describes some ways to define the security and my experiences. Ways to Identify Cordys supports several ways to identify users: No identification is used, in this case this is mapped to an “anonymous” authenticated user within Cordys. Cordys. The credentials are put in the soap header request and are mapped to a Cordys user. WS-Security SAML. This can be used for single-sign-on WS-Security User name token. The user puts its identity (user and password, clear text or encrypted are possible) within the soap header This blog item uses the last with clear text user and password. You can set Cordys identification within the LDAP Explorer: Open LDAP Explorer Goto Organization (HRM) > soap nodes ...

Book review request

Today I received a request to review a new book on SOA:   Service Oriented Architecture: An integration blueprint I feel honoured of course and in a few weeks I will receive a hard copy of the book. Looking forward to it and I will keep you up-to-date about my review ! Regards, Roger

Cordys: Using custom Java within your Message Map

Introduction Sometimes it is needed to add a custom Java call within your Message Map or Data Transformation. This blog item describes how to do this for a Message Map. In this example I wrote a decode/encode methods for base64Binary. Java Code First you have to write your Java code. This can be done in any environment you like. Generate the .jar file. Here's my Java code: package com.util; import com.eibus.util.system.Native; public class Base64Util { public static String decodeFromBase64(String input){ String result = new String(Native.decodeBinBase64(input.getBytes(), input.length())); return result; } public static String encodeToBase64(String input){ String result = new String(Native.encodeBinBase64(input.getBytes(), input.length())); return result; } } Import within BOP4 The next step you need to do is to import your .jar library within Cordys. Create a Folder where you want to import the .jar file ...