Archive Page 3

Using ADFBC REST Services in MAF

This article is presented in tutorial format and can be downloaded from here and sample application from here.

Installing Cloud Adapters

When JDeveloper 12.1.3 is installed, the Sales force adapter is shown and available by default but the other cloud adapters like Sales Cloud, Right Now, HCM Cloud etc.. will not be available. In this post, I will show how to install these adapters through patches provided by Oracle.

These integration adapters can be downloaded from here and available on top of (BP1). Do download Oracle Cloud Adapters


  • Install Oracle SOA 12.1.3 using quick installer.
  • Apply p19707784 using OPatch  to bring it to BP1. Refer to this post for additional help on OPatch utility.
  • Unzip the above download and observe the following patches available.


  • Apply p20680367* and p20780464* in same middleware home.
  • Create JDeveloper shortcut from below location and open to observe the cloud adapters Eloqua Adapter, Oracle HCM Cloud, Oracle RightNow and Oracle Sales Cloud available in Cloud section. You will get to see this section when you create new SOA or Service Bus Application.


  • If you are not seeing these adapters, add –clean** option as shown below in your desktop shortcut and re-open JDeveloper.  

MW_HOME\jdeveloper\jdeveloper.exe -clean

* Always read the patch README files and follow the available instructions.

** I thank my colleague who helped me by providing this workaround.

ADF BC REST Services Articles

Sample application can be found here.

ADF BC REST Services–III – Using Row Finder

In this post, we will see how to use Row Finder in ADF BC REST services.

Open REST resource VO and create a View Criteria as shown below having 2 bind variables for Department name and Location ID.



Go to Row Finders section and create new one with searhByDeptName.


Here we can observe that above VC is selected by default. In Variables section as shown below, we can also set whether bind variable is allowed to be passed in REST resource URL along with Required settings.


Deploy the application and use any REST client to test GET method using the following urls. Observe the usage of row finder and bind variables.

Passing single bind variable:


Passing both bind variables:


Now mark bindLocId variable as required and try to test without using it in the URL and you will observe the error as shown below.


Using Translate activity for XML to JSON

In this post, we will discuss about using Translate activity for converting XML to JSON. This is one of the functionalities I wanted to try since release of 12c as nxsd has been enhanced to handle JSON as well. So I tried this using BPEL in both 12.1.3 and 12.2.1 but found to be not working as expected. Hence I will just mention about approach to use Translate activity. And will show you how its working with File Adapter.

Create a BPEL process and drag Translate activity.



Click gear icon to define NXSD schema as per required JSON data.


Finish the wizard as shown below to create NXSD.






Create BPEL variable varJson of NXSD complex type as shown below.


Create XSLT transformation to transform the input variable to varJson. For simplicity, we considered the NXSD structure almost similar to inputVariable.



Now modify Translate activity by giving required values for all other fields.


Click OK. Now our BPEL process should look like below.


Deploy the composite and test to observe the following error.



Note: Please note that the issue has been fixed in latest releases of SOA suite as observed by readers.

However, the same XML to JSON translation is working as expected with File Adapter. Create file adapter using below screenshots using Write operation.







Now in BPEL process, create invoke activity to invoke the file adapter.



Now create XSLT to transform inputVariable to inputFileWrite.



Now deploy composite again and test using same input as above. Now  we will observe an output file in directory D as shown below.



You can find a sample project here having both of the cases discussed above.

ADF BC REST Services–II – Change Indicator

In ADF, often we see error saying ‘JBO-25014: Another user has changed the row with primary key oracle.jbo.Key’. The framework throws this error to make sure that none of the user changes are accidentally overwritten by another user and generally occurs when a user trying to modify record that has been just modified and committed by another user. In this post, we will see how to take care of this scenario using ADF BC REST services in context of HTTP PATCH.

ADF BC REST Services make use of attribute called changeIndicator  which can be observed in response of GET.

Follow the steps mentioned below to enable this in a resource:

  • EO should have an attribute marked as Change Indicator and set Track Change History as shown below.


  • Add this attribute in VO i.e to be exposed as REST resource.


Deploy your changes and issue GET to observe changeIndicator as below.



for e.g. changeIndicator for department 10 (resource instance):


Now update department 10 using following sql query to simulate the actual update.

update departments set department_name = ‘Administration-modified’, object_version_number = object_version_number+1
where department_id = 10

Issue GET again on same resource and observe the changeIndicator.




As observed above, the value of changeIndicator changes with each update and is calculated by RESTServlet registered in web.xml of RESTWebService project.


Here is an interesting observation and do issue issuing GET for department 10.


If we observe HTTP response headers, the value of ETag is same as that of changeIndicator. Hence changeIndicator works in similar lines of ETag defined in HTTP specification.


Now let us observe the behavior of REST resource when  ETag is used for If-Match/If-None-Match HTTP headers during GET and PATCH. Basically these HTTP headers tells server to do requested operation when sent Etag value matches or did not match respectively.

Make sure you enclose ETag value with “ (double quotes) as shown below.


Using GET:

  • When resource is not modified, returns status code as 304.


  • When resource is modified, returns response with new changeIndicator value.


Using PATCH:

  • When resource is not modified, returns response status code as 412.


  • When the resource is not modified, then returns response with new changeIndicator value after update.




Not Modified


(Query Successful)
Status: 304


Status: 200
(Update Successful)
Status: 412


Using GET:

  • When resource is not modified, resource is returned.


  • When resource is modified, expected response status code is 304 but shows 200 with junk response.


Using PATCH:

  • When resource is not modified, returns response with new change Indicator value after update.


  • When resource is modified, expected response status code is 412 but shows 200 with junk response. However you will observe that the actual update is not happening though it returns 200.




Not Modified


Status:304 Status:200
(Query Successful)


Status:412 Status: 200
(Update Successful)

Note: As you observed above, ETag combination with If-Match header is not working as expected which is a bug in this release.


ADF BC REST Services-I

In this blog post, We will see how to expose ADF VOs as REST resources. ADF has got native REST support in 12.2.1 release.

We will use Department, Employee VOs and following AM Data Model here.



Creating Release Version:

Creating a release version in adf-config.xml is the first step to be done before exposing any of the AM VOs as resource. Use the following steps to create one and you can follow your own conventions for versioning REST resources. Here I  have given the initial version as r1.




Expose VO as REST resources:

Open AM and navigate to Web Service –> REST and Click + icon.


Creation of REST resources create a new project RESTWebService.jpr in our workspace that can be deployed as WAR through which these REST services get deployed.


Give the resource name as shown below and click OK.


Observe the new RESTWebService project gets created.


Also observe other files related to REST resources that get created as shown below.


You can use the following tabs to choose the methods to be exposed and the attributes to be exposed to consumers.


When a VO has View Links the Resource Structure will show all these VOs as shown below. Check these VOs as shown below if it has to be exposed as child resource.



Modify context root of RESTWebService project as shown below representing the purpose of your REST API.


Optionally, we can modify URL pattern in web.xml as shown below.


Integrated WLS:

Select RESTWebservice project and do Run on right click as shown below.


Standalone WLS:

Create EAR profile for ADF application and include RESTWebService project as shown below and deploy this EAR to standalone WLS.


Once the deployment is done, you can access the REST resource using url like:

http://<<host>&gt;:<<port>>/<<ContextRoot>>/<<url pattern>>/<<version>>/<<resource name>>

For e.g.: http://localhost:7001/departmentApi/rest/r1/departments

We can also use latest keyword to access the latest version of the resource.

For e.g.: http://localhost:7001/departmentApi/rest/latest/departments

You can use any REST client to try out POST, DELETE, PUT, PATCH depending on the operations you exposed on REST resource.

Describing Resource – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments/describe

Describing Resource Instance – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments/10/describe


Querying Departments – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments

Querying a particular Department – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}

Creating Department – POST:

URI: http://localhost:7001/departmentApi/rest/r1/departments

Content-Type: application/


“DepartmentId”: 1000,
“DepartmentName”: “Administration”,
“ManagerId”: 200,
“LocationId”: 1700

Deleting a Department – DELETE:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}

Updating a Department – POST:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}

Content-Type: application/

X-HTTP-Method-Override: PATCH

Body: (contains only fields to be modified)

“DepartmentName”: “Administration-Modified”

Replacing a Department – PUT:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}

Content-Type: application/

Body: (Values not sent in body will be set to null)


“DepartmentName”: “Administration-Replace”,
“ManagerId”: 100

Querying Department for a few fields – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments?fields=DepartmentName,ManagerId

Querying a Department using an attribute – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}?q=DepartmentName=Administration

Querying a Department for only Data – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments?onlyData=true

Will not fetch any links or  metadata for resource instances in response.

Sorting Departments – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments?orderBy=DepartmentName:asc

URI: http://localhost:7001/departmentApi/rest/r1/departments?orderBy=DepartmentName: desc

Limiting the records in Querying Departments – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments?limit=2

Fetches only 2 records.

Querying Departments from a particular record– GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments?offset=2

Fetches only 2 records.

URI: http://localhost:7001/departmentApi/rest/r1/departments?offset=2&limit=5

Fetches 5 records starting from 2nd record.

Expanding a Child Resource – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments?expand=Employee (Child Resource Name)

Querying Child Resource – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}/child/Employee

Querying a particular Child Resource – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}/child/Employee/{Child Resource Id}

Querying a Child Resource using an attribute – GET:

URI: http://localhost:7001/departmentApi/rest/r1/departments/{id}/child/Employee?q=FirstName=Jennifer


MAF 2.1.2 to MAF 2.2 observations

Recently involved in activity of migrating MAF 2.1.2 application to MAF 2.2. Here in this blog post, I want to list down my quick observations of this. We have not used lot of advanced features of MAF in our application so the following list is not going to be exhaustive and at the same time, it will be different if you are doing migration from MAF 2.1.3.

  • Now the default Alta Skin version is 1.4, however we need to manually modify to this version in maf-config.xml for a migrated application.
  • AdfmfContainerUtilities.toggleSpringboard() APi is provided to toggle the spring board.
  • AdfmfJavaUtilities.getAdfELContext is deprecated and replaced by AdfmfJavaUtilities.getELContext.
  • The plugin-ids for core plugins Network Information, Camera and geo-location are changed to cordova-plugin-network-informationcordova-plugin-camera and cordova-plugin-geolocation respectively.
  • The options Include login server cookie in REST calls and Include basic authentication header in HTTP requests in Authorization tab of Login connection are no longer available.
  • Web Service Security Policies section came as new security section of maf-application.xml and we need to add OSWM policies oracle/http_cookie_client_ policy and oracle/wss_http_token_client_policy to imitate the 2 options listed above and this information is stored in new file wsm-assembly.xml found in .adf folder of application.
  • oracle/wss_http_token_client_policy policy is mandatory to be attached if you are making use of HTTP PATCH method in mobile application. This is one of the observations and may be required in another scenarios as well.
  • A new file is added in resources/security folder containing security related properties where SSLv3 is disabled by default.
  • Android Back functionality is supported out of the box. The tag amx:systemActionBehavior can be used to override/add some functionality during back navigation.
  • We can achieve previous release back functionality using legacyBack tag in maf-config.xml.
  • Swipe  to Reveal design pattern is supported out of the box in ListView using amx:accessoryLayout.

I observed the following issues are resolved in MAF 2.2:

  • Now we can load multiple resource bundles in maf-feature.xml using loadBundle tag which was an issue in 2.1.2.
  • We can use the notation like #{resourceBundle[‘’]} for labels and all in AMX pages. This was an issue in 2.1.2 because of ‘.’ in resource bundle key though it’s working from java code.
  • In 2.1.2, junk characters are shown in the response by RestServiceAdapter if the REST service returns an exception and is in Gzip format. This issue has been fixed in 2.2.

And I am still using a workaround for the following issues even after migrating to MAF 2.2:

  • Seeing inconsistency in behavior of Action property of command button/link. When throw AdfException is used in Action property binding code, the error is shown properly in android but not in iOS – Fixed in 2.2.1
  • When AdfmfJavaUtilities.overrideConnectionProperty is used to override ACS URL in connections, it’s not persisted on application relaunch, thus facing authorization issues – Fixed in 2.2.1

And I am still facing following new issues in MAF 2.2:

  • Range Change Listener with managed bean is not working for child collection in data control – Fixed in 2.2.1

OWSM 12c–Using WSS10 SAML Policies

In this post, we will see  the required setup for WSS10 SAML policies and we will use SOAP UI to demonstrate client side setup in brief and recommend to refer to previous post for detailed steps to create Outgoing Configuration at client side and server side keystore setup.

SAML Issuer Setup:



wss10_saml_token_service_ policy:

Create an Outgoing Configuration with SAML Token as shown below.


SAML Token:



Attach Outgoing Configuration to request as shown below.


wss10_saml_token_with_message_integrity_service_ policy:

Requires both SAML Token and message body to be digitally signed, hence we need to modify above SAML token setup to consider signing and need to add separate Signature setup in Outgoing Configuration.

SAML Token modification:

Check Signed attribute and use the client side keystore and private key alias as shown below.


Add Signature setup in Outgoing Configuration as shown below.


wss10_saml_token_with_message_protection_service_ policy:

Requires to  setup SAML Token, Timestamp, Signature and Encryption in Outgoing Configuration where as SAML Token, Timestamp and Body to be digitally signed and Body to be encrypted.




SAML Token:

  • SAML Verison: 1.1
  • Uncheck Signed
  • Assertion Type: Authentication
  • Confirmation Method: Sender Vouches
  • Issuer:
  • Subject Name: <<username>>
  • Subject Qualifier: leave it blank








Note: we should maintain the order Signature and Encryption in Outgoing Configuration as shown above.

Attach both Outgoing and Incoming configuration as shown below.


Sample SAML1.1 Assertion:

<saml1:Assertion AssertionID="_14F9EF7DC64266B61B144285601642823" IssueInstant="2015-09-21T17:20:16.428Z" Issuer="" MajorVersion="1" MinorVersion="1" xsi:type="saml1:AssertionType" xmlns:saml1="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xsi="">
   <saml1:Conditions NotBefore="2015-09-21T17:20:16.428Z" NotOnOrAfter="2015-09-21T17:25:16.428Z"/>
   <saml1:AuthenticationStatement AuthenticationInstant="2015-09-21T17:20:16.428Z" AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" xsi:type="saml1:AuthenticationStatementType">
         <saml1:NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">weblogic</saml1:NameIdentifier>


  • With above setup, the request is returning error response when I used SOAP UI5.0.0 but working with SOAP UI 5.2.0. So I would recommend to use SOAP UI 5.2.0.
  • Observe that, we had added Assertion as one of the Parts in Signature setup. This is the only option working for Message Protection policy and it’s not working when signing setup is done in SAML Token by checking Signed.
  • In SOAP UI, i got the saying Error getting response for […]; null even with all this setup. Following solution is given here to resolve this issue.

    Replace the existing xmlsec-1.4.5.jar file in /lib folder with xmlsec-1.5.2.jar.

    Replace the existing wss4j-1.6.16.jar file in /lib folder with wss4j-1.6.2.jar.

wss10_saml20_token_service_ policy:

Required setup is similar to wss10_saml_token_service_ policy except that we have to use SAML Token version 2.0 as shown below.


Sample SAML2.0 Assertion:

<saml2:Assertion ID="_14F9EF7DC64266B61B144294396204152" IssueInstant="2015-09-22T17:46:02.041Z" Version="2.0" xsi:type="saml2:AssertionType" xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:xsi="">
      <saml2:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">weblogic</saml2:NameID>
      <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"/>
   <saml2:Conditions NotBefore="2015-09-22T17:46:02.041Z" NotOnOrAfter="2015-09-22T17:51:02.041Z"/>
   <saml2:AuthnStatement AuthnInstant="2015-09-22T17:46:02.041Z">

wss10_saml20_token_with_message_protection_service_ policy:

Required setup is similar to wss10_saml_token_with_message_protection_ service_ policy except that we have to use SAML Token V2.0 and have to add the following in Parts of Signature setup. Note the namespace change.

  • Assertion urn:oasis:names:tc:SAML:2.0:assertion






Similar setup as OWSM policy wss10_saml_token_with_message_protection _ service_ policy except that different Key Encryption, Encoding algorithms and Key referencing mechanism.



SAML Token:






Note: When we use 256-bit encryption algorithm in SOAP UI, we are seeing the error Illegal key size or default parameters’. This is because java does not support key sizes greater than 128 by default. To get rid of this error, we need to copy policy files local_policy.jar and US_export_policy.jar to %java_home%/jre/lib/security. The policy files can be downloaded using the following links depending on the JDK you use.

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 6

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 7 Download

Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 Download

SOAP UI can either use your existing JDK installation or bundled JRE and this information can be found in <<SOAP UI Install Dir>>\bin\soapui.bat. If bundled JRE is used by SOAP UI then we need to copy above policy files to location <<SOAP UI Install Dir>>\jre\lib\security.

You can get the SOAP UI project and keystores used in this post over here.

OWSM 12c–Using Username Message Protection Policy

In this post, I will demonstrate required steps at both server and client side for the OWSM  policy oracle/wss10_username_with_message_protection_ server_policy. I will use SOAP UI to demonstrate the client side setup.

Server Side

Attach OWSM policy to service, here I will be using OSB Proxy Service for demo.


This OWSM policy requires private keys to be generated at both server and client side. So create clientkeystore.jks for SOAP UI and osbkeystore.jks for server using commands below.

keytool -genkeypair -keyalg RSA -alias localclient -keystore clientkeystore.jks -storepass cljks123 -validity 360 -keysize 2048

keytool -genkeypair -keyalg RSA -alias localosb -keystore osbkeystore.jks -storepass osbjks123 -validity 360 -keysize 2048

Export the public certificate from each keystore using following commands.

keytool -exportcert -alias localclient -keystore clientkeystore.jks -file localclient.cer

keytool -exportcert -alias localosb –keystore osbkeystore.jks -file localosb.cer

Import the certificate into each other using following commands.

keytool -importcert -alias localclient -keystore osbkeystore.jks -file localclient.cer

keytool -importcert -alias localosb –keystore clientkeystore.jks -file localosb.cer

Now add these keys in map using the following steps.



Create key keystore-csf-key as below.


Also create other 2 keys enc-csf-key and sign-csf-key similar to above using the same alias  localosb.


Now navigate to the WSM Domain Configuration as shown below to set the keystore and keys to be used by OWSM runtime.



Client Side

The SOAP UI documentation has detailed information related to ws-security setup here so I will keep my description brief and readers are recommended to go through the given link.

Double click on SOAP UI project where we can specify ws-security setup.



Add clientkeystore.jks in Keystores tab and give the key store password as shown below. Status should be shown as OK implies that it’s a valid keystore.


Incoming WS-Security configuration:

Since clientkeystore.jks has required keys for both encryption and digital signature, we have to just select this keystore in Incoming Configuration as shown below.


Outgoing WS-Security configuration:

Add Outgoing Configuration with name OutConfig as shown below.


Now we have to add the configuration for Timestamp, Username Token, Signature and Encryption in detail tabs of Outgoing Configuration as required.

  • Timestamp
    • Give 20000 as value for Time to live
    • Check Millisecond precision



  • Username Token
    • Give Username and Password
    • Check Add Nonce and Add Created
    • Select Password Type as PasswordText







Note: we should maintain the order Signature and Encryption in Outgoing Configuration as shown above.

Adding Outgoing/Incoming configuration:


With all this setup in place, when I execute the request I was getting the error saying Error getting response for […]; null. Following is the solution given in one of the forum posts here. Note that, I was using SOAP UI 5.0.0.

Replace the existing xmlsec-1.4.5.jar file in /lib folder with xmlsec-1.5.2.jar.

Replace the existing wss4j-1.6.16.jar file in /lib folder with wss4j-1.6.2.jar.

Sample Request


Sample Response


Note: We also have another way of attaching Outgoing Configuration to the request as shown below by doing right click on request window. When we do this way, don’t select Format XML option on right click which is causing digital signature verification failure.So I always recommend the above mentioned way to attach Outgoing Configuration.



Similarly, for OWSM policy oracle/wss_username_token_service_policy the above Username token setup is enough.

You can get the SOAP UI project and keystores used in this post over here.


Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 379 other followers

Enter your email address to follow this blog and receive notifications of new posts by email.

%d bloggers like this: