Fusion Middleware - Überblick Teil einer ... · PDF fileto create composites? ... Oracle Virtual Directory ... authorization, role mapping, credentials mapping, cert. lookup, audit,

<Insert Picture Here>

Fusion Middleware - Überblick

Teil einer Referenzarchitektur für die öffentliche

Verwaltung

Berthold Maier – Chief Architect Oracle Consulting

Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

The following is intended to outline our general

product direction. It is intended for information

purposes only, and may not be incorporated into

any contract. It is not a commitment to deliver any

material, code, or functionality, and should not be

relied upon in making purchasing decision. The

development, release, and timing of any features

or functionality described for Oracle’s products

remains at the sole discretion of Oracle.

Safe Harbor Statement


SOA-Suite 11g Architecture - Overview

BPMN 2.0,

BPEL

JDeveloper

Business View

Worklist Process Portal MS Office BAM, BI

Process Core

Human Task (BPEL4People)

Business Rules

BPELBPMN

2.0

Enterprise

Manager

Service Infrastructure

Mediator

MDS soa-infra


Service Enabled Assets

SOA Conceptual ViewS

ervic

e L

ayers

SO

A I

nfr

astr

uctu

re

Med

iati

on

Utility Services

Secu

rit

y

Go

vern

an

ce

Mo

nit

orin

g &

Man

ag

em

en

t

Meta

data

Man

ag

em

en

t

Service

Consumers &

Delivery Channels

Composite Applications Portals BPM ProcessWeb Apps Mashups Fat Clients

Employees

IVRCustomers

Partners Mobil

…..….…..….…..….

Client Apps

Terminal

Encapsulation

Messaging Adapters Custom APIs JDBC file://

Non-Service Enabled Assets

Business Activity Services

Enrichment Custom Business Services

Data Services

Data SynchronizationData AggregationData Caching

Connectivity Services

System Access Messaging Partner Integration

Business Process

Services

Service OrchestrationWorkflow

Presentation Services

Shared Portlets Multi-Channel Delivery

Service

Provider

Assets

Service

Provider /

Consumer

Assets

Rule Services

HW RolesDecissonValidation


BPM 11g – BPMN & BPEL Process Engine

Common Process Core

Se

rvic

e

Invo

ca

tio

n

Co

nn

ec

tivit

y,

Ad

ap

ters

Ta

sk

A

ss

ign

me

nt

No

tifi

ca

tio

n

Se

rvic

es

Err

or

han

dli

ng

Sta

te

Pe

rsis

ten

ce

Se

cu

rity

Pro

ce

ss

A

naly

sis

Me

tad

ata

m

an

ag

em

en

t

Lif

ec

yc

le

co

ntr

ols

BPMN Runtime Activity Set BPEL Runtime Activity Set

BPMN Compiler BPEL Compiler

Process Engine

DEV Studios

BPMN Model BPEL Model

De

sig

n m

od

el A

PIs

Ru

nti

me

& M

gm

t A

PIs

Process Instance Store

Metadata store (MDS)


ZENTRALE

METADATENVERWALTUNG


MDS - Unified Metadata Management

• MDS provides consolidated, consistent metadata

management service for all AS 11 components with

better/comparable performance

• WebCenter, OWSM, ADF, SOA SCA, Rules, …

• Structural and/or behavioral aspect of an object / application

• APIs and tools for managing entire metadata lifecycle from

development to deployment and patching

Metadata Services (MDS)

WLS

ADF

WebCenter Integration Wireless

JDeveloper

E-B

usin

ess S

uit

e En

terp

rise M

an

ag

er

…


ADF: Metadata Services Customization

Base Document

User1’s User Customization Laura’s Page

John’s Page

Site Customization

+

+

MDS Customization Engine

MetadataRepository -

File or DB

No User

Customization

• A framework for building customizable applications

• Uses a single base application and multiple customization layers

• Write once customize anytime


SCA - THE COMPOISTE

DEVELOPMENT PLATTFORM


SCA Composite

• SOA composite is a standards-based deployment unit

• Leverages the SCA assembly model

• Can mix variety of components: Mediator, BPEL,

Human Workflow, etc.

Mediator

BPEL

wire

SOA composite

service reference

S S

R

R

properties

BPEL

WS

WS

WSR

S

S

R

R

R


SCA Specifications

Assembly

Implementation

LanguagesPolicy Framework Bindings

Java JEE

Spring

C++

BPEL

Security

RM

Transactions

Web services

JMS

JCA


SCA Specifications (cont.)

How do I define, configure

and assemble components

to create composites?

SCA Assembly Spec

SOAP/

HTTP

RMIJCA, EJB, SOAP, …

How do I develop SCA

components in BPEL? Or

in Java, SPRING ? Or C++,

PHP,…

SCA BPEL Client & Impl

Spec, …

How do I configure SCA

services/references to use

SOAP/HTTP or JMS or JCA, …

SCA WS Binding Spec, …

How do I define, use and

administer policies for non-

functional aspects (QoS, etc)?

SCA Policy Framework Spec

Composite

ComponentPOJO


EVENT DELIVERY NETWORK

(EDN)


Event Delivery Network (EDN)

External

Event

Published

Component 1 with Events

Component

Subscriber

PublisherComponent

Component 2 with Events

Subscriber

Publisher

Event Dlivery Network (EDN)

Publish : e1

Subscribe: e1

Publish : e2

Re-Publish : e2.1

Subscribe: e2.1

Filte

r

Filte

rJava PL/SQL APIs

Events defined in Event Definition Language (EDL)

SCA


EDN Architektur


publish-subscribe abstraction

•Developers do not need

to know about underlying

eventing infrastructure

•Fully declarative

•(XML)

•No need for explicit wiring

between components:

truly decoupled applications

•3 level of subscription granularity:

1. Namespaces

2. Events Names

3. Content-based XPath filters

Event Delivery Network (EDN)

<subscribe xmlns:bb="http://bigbank.com/events"

name="bb:NewAccount“>

<subscribeNamespace namespace="http://bigbank.com/events"

BigbankNewAccount

[…]country=‘US’

[…]

CustomerProvisioning

(Canada)

Filtercountry = „UK‟


(Canada)

Filtercountry = „Canada‟

EDN


(US)

Filtercountry = „US‟

CRM

(no filter)

AUDIT

(no filter)

Customerportal

(no filter)

Retail Banking

Application

(no filter)

BigbankNewTransfer

[…]

OrderProcessing

(no filter)


name="bb:NewTransfer“>


name="bb:NewTransfer“>

+ XPath filter: $in/tr:NewTransfer/tr:Address/po:Count

ry='US'

2

3

1


Security

• Unified Security Platform

• End2End Identity Propagation

• Policy and Configuration Driven Approach

• Fine Grain Security

• Interoperable & Integrateable: JEE/SOA, …

• Extendable

• Audit Capabilities


OPSS – The Big Picture

Oracle Virtual DirectoryVirtualizes Identity Store, Credential Store, Policy Store

Develop Deploy Manage

Oracle Fusion Middleware Components and Oracle Fusion Applications

ATN, ATZ, CSF, UserRole, Policy Management, Cryptography (OSDT)

Identity Assertion

Role Mapping

Creds Mapping

JEE Policy & Role Depoyment

Custom SSPI Providers Java2 & JAAS Policy Provider

Cert Lookup & Val

OPSS APIs

Audit

SSO

Audit Store

PolicyStore

CredentialStore

IdentityStore


Oracle Products using OPSS

Product Name What It Does How It Uses OPSS

Oracle ADF / WebCenter ADF is the framework

used to develop

WebCenter applications

(portlets, etc.)

Uses CSS for authentication and JPS for authorization

(JAAS). Leverages application role, anonymous and

authenticated role, policy store abstraction, policy

management, credential store framework

Oracle Web Services

Manager (OWSM)

Provides SOA and web

services security

Leverages JPS for authorization, key store services, and

audit

Oracle SOA Suite Provides applications

designed to deploy SOA

environments (BPEL,

ESB, etc.)

Uses CSS for authentication and JPS for authorization and

audit

Oracle Service Bus (OSB) Connects, mediates, and

manages SOA

composites interaction

Uses CSS for authentication, identity assertion,

authorization, role mapping, credentials mapping, cert.

lookup, audit, SSO, SSPI framework for third-party

integration

Oracle Entitlements

Service (OES)

Provides externalized

fine-grained authorization



lookup, audit.

WebLogic Server (WLS)

Container

Java EE server /

container



lookup, audit, SSO, SSPI framework for third-party

integration


Task: Secure the Application

JDeveloper IDE

Invoice Summary

Cancel Invoice

Create Invoice

ADF Taskflows Enable OPSS Security

Authz Policy Store

WLS Embedded LDAP

ID Store

OPSS XML provider

Authentication

Form Based Authn

Roles & Policies

Manage Payable Invoices

Cancel Payable Invoices

Cancel Invoice

Create Invoice

Invoice Summary

Cancel Invoice

Invoice Summary

Mike Allen

Manage Payable Invoices

User Role Grant


OWSM – Policy driven Identity Propagation

OrderBooking SOA Process

Receive Order

Get Customer Info

Verify Credit Card

Fulfill Order

Notify Customer

Web

Client

Validate

Credit

Card

Service

SAML

Username token

• Authorize user

component_authorization_policy

• Verify security

• Authenticate

• Set Subject

wss_username_token_service_policy

• Read Subject

• Insert SAML Token

wss10_saml_token_client_policy

• Verify SAML token

• Authenticate

• Set Subject

wss10_saml_token_service_policy


Component Architecture*except for JAX-WS

Web Service

Policy Reference:

oracle-webservices.xml

Oracle Fabric

Policy Reference:

composite.xml

Policy Access Point (PAP)

Oracle WSM Policy Manager

Policy Name

Policy NamePolicy Name

Policy

Interceptor Framework

RMIRMI

MDS


ADF - APPLICATION

DEVELOPMENT


View

Controller

Model

BusinessServices

ADF Controller

ADF Bindings

ADF Data Control

ADF Business ComponentsQuery Object

ADF Business ComponentsEntity Object

AD

F M

eta

data

Se

rvic

es

Swing/JClientJSF

ADF Faces

ADF Controller

ADF Bindings

ADF Data Control

Java / Spring

Classes

EJBSessionBeans

WebServices

ADF Business Components

Service Object

JDBCEJB

FindersTopLinkQueries

ADF Business ComponentsQuery Object

DataAccess

ADF Business ComponentsEntity Object

Java Classes EJB Entity Beans

TopLink Mapping

PersistentBusinessObjects

AD

F M

eta

data

Se

rvic

es

MS OFFICE

ADF Components

Mobile


The Fusion ArchitectureBusiness LogicView Data

OrchestrationHuman interaction Policy evaluationMonitoring

Rules

EngineAssign Task

TaskComplete

Human Workflow

Service

Mediator /BPEL

Process

results

factsBusiness

Activity

Monitoring

User

InterfaceADF Faces

components

Business ServicesADF Business Components

Data

Binding

SDO Services

Database

Schema

Events

Web

Cen

ter


HUMAN TASK –

ZENTRALER POSTKORB


Worklist

Application

Assign Tasks

Human

Workflow

Service

TaskComplete

Update

Task

BPMN/BPEL

Process

WSDL Contract Component Services

Identity Service

(Users, Roles)

User Metadata

Service

(Rules,

work queues )

Worklist Service

(Task Query,

Reporting )

Notification

Service

(Email & wireless)

Task Management

Service

(Task data, forms,

Attachments)

Task Routing

Service

(Assignment,

Dispatching)

Supervisor

Work Assignee

Process Owner

Eclipse, JDeveloper

BPEL Designer Task Metadata

HT - Workflow Architecture

Custom App


UseCase: ADF + Human workflow Interaction (contd..)

Service endpoint (SOAP)

Component

Mediator

(consume

events)

Component

BPEL

Process

Application DB

Component

Human

Workflow

Application

module (ADF-BC)

Submit Expense

UI screens

(ADF Task Flow)

Subscribe to Events

Approve Expense

UI Screens

(ADF Task Flow based on

Human Task data control)

May also include

transactional data using

ADF-BC data controls

Update

operations on

ADF-BC objects

Events raised

asynchronously

to SOA

infrastructure

(Fabric)

SCA composite

This task flow

communicates with

both the Human task

infrastructure as well

as ADF-BC to show

transactional data

There is an out-of-the-box

worklist application to

display task assigned to a

user. When a user drills

down into a specific task –

the associated ADF task

flow is displayed to show

the task details

Human workflow

component

assigns tasks to

users/roles

Users log on to worklist to

see tasks assigned to

them.

The worklist may be

embedded as a region in

other apps pages

Deployed onWLS

Deployed standalone with SOA components


BUSINESS RULES


Dynamische Prozesse durch Regeln

Business Rules

Engine und Repository

Regelbasierte Datenvalidierung

Regelbasiertes Aufgaben-Management

(Routing, Delegation, Eskalation)

Regelgetriebene Prozesse

Activity guide player manages

screen flow – it seamlessly

navigates the user from the

screen for one Level 2

process to anotherand

updates the case screens to

show task status

Level 1

Process

Phase 1 Phase 2 Phase 3 ..

Level 2

Processes for

each phase

Activity guide player

(using human workflow)

PendingOffer contractPhase 3

PendingCustomer acceptancePhase 2

CompleteCustomer registrationPhas e1

Sales Process: Case 12000

Case Status

Activity guide player manages

screen flow – it seamlessly

navigates the user from the

screen for one Level 2

process to anotherand

updates the case screens to

show task status

Level 1

Process

Phase 1 Phase 2 Phase 3 ..

Level 2

Processes for

each phase

Activity guide player

(using human workflow)

PendingOffer contractPhase 3

PendingCustomer acceptancePhase 2

CompleteCustomer registrationPhas e1

Sales Process: Case 12000

Case Status

Dynamisches Service Binding


RETE Rules “Engine”

CA

Java FactsXML Facts

En

tsch

eid

un

gs

-D

ien

st

BPEL Prozess

Java Anwendung

/** @Foo **/method Foo(....)

{

Rules SDK

Rules Repository

Dictionary 1

Rule Set A

If … Then ...

If … Then ...

If … Then ...

Rule Set B

Dictionary 2

Rules Designer Custom AuthorCustom Author

Ru

les

AP

I(J

SR

94

)

Agility Through Business Rules -


Ablauf Rules Engine


SUMMARY


Scenario: SOA + ADF BC (SDO) + Flex fields

2. Query Employee Details

ADF application to Start Employee Review Process

ADF Application module

DB Schema includes: Employee, Dept

Employee includes Emp_No, JobType, Salary, Dept_id etc

Also has “Flex fields” with type as discriminator. Some employees are Salesmen and have an additional “Commission” column

2. Query employee using Service interface (SDO based). Although the WSDL is defined with Employee as signature, the call may return regular Employees or Salesmen (with extra flex fields)

ADF BC Service

interface

1. ADF raises event to start process. Event should only include reference Ids (say Emp No).

Flex fields should ideally not be part of the event

3. Get recommended raise and commission

4. Check Employee type (using new InstanceOf XPath function )

3. Decision Service should be based on the following facts: Input: EmpNo, Output: Raise, Commission

Rules should be based on ADF-VO based facts that include the complete Employee and Salesman object (polymorphic VO). These should be queried based on the ID passed in. Commission should be returned only for Salesmen

5. Declare variables of both Emp type and Salesman type. “Cast/Copy” the base object to the appropriate derived type

6. Approve Adjustment using human workflow

The task parameters should include only references to the employee_id

6. ADF task flow application to retrieve task details should use the keys from the task parameters to retrieve the emp data using ADF-BC. ADF dynamic tables can be used to display flex attributes

7. Update Employee using ADF BC service interface (SDO based)

ADF BC Service

interface


Fragen & Antworten

Documents

Fusion Middleware - Überblick Teil einer ... · PDF fileto create composites? ... Oracle Virtual Directory ... authorization, role mapping, credentials mapping, cert. lookup, audit,