Virtual addressing

In a SOA environment there should always be an additional abstraction layer between consumer and service provider. Even though there is only one physical server being the actual service provider, the consumer should address this server via a virtual address, i.e. environment address, not the physical address.

This simple abstraction will enable a decoupling of consumer from provider. In a loadbalanced, or even clustered, environment this will be obvious, but even for more simple setups the advantages are easily won by additional dns entries per environment

WSM installed into non-administrative oc4j instance

When installing WSM into existing oc4j-container, it would be useful to separate the WSM components from the administrative ascontrol instance. This is to avoid interference between the administration component and WSM components.

But this is not working out of the box, see Metalink Service Request 7539563.993.

Workaround as suggested from Oracle:

  1. After creating non-administrative OC4J instance ‘OC4J_WSM’ , please stop the ‘OC4J_WSM’ instance and change the following in the main  configuration file for OPMN “opmn.xml” :

    - Replace this line <port id=”default-web-site” range=”12501-12600″ protocol=”ajp”/>
    - By this line <port id=”default-web-site” range=”9999″ protocol=”http”/>

  2. Execute ‘opmnctl’ reload.
  3. Install a standalone WSM, but with the following configuration:
    - Use ‘<hostname>:9999′.
  4. After installing WSM, please connect to ‘http://<hostname>:9999/ccore’

Oracle Web Services Manager

In a SOA architecture with a set of services originally exposed only to internal network, a new business requirement was to open a set of  services for external Internet access. Rewriting the services for consolidation would be timeconsuming, and changes to the services would also require changes to existing service consumers.

By using Oracle Web Services Manager as a proxy, a declarative security approach was enabled within weeks.

Oracle Web Services Manager consists of four components: gateway, policymanager, control, monitor. A flexible installation setup would be gateway installed in dmz-zone, the remaining components installed in internal zone, together with OWSM database schema. This split enables the gateway to process all incoming requests through a set of policy steps, and reject unauthorized access already in dmz. Oracle licensing and price matrix is negotiable, and one customer actually ended up paying for two OWSM licenses using this distributed setup. But normally this is just a matter of taking advantage of an excellent product for declarative security.

Recommended reading if you are about to spend time on Oracle Web Service Manager, get the book “Oracle Web Services Manager” by Sitaraman Lakshminarayanan

Oracle documentation on the subject is as always volumnious, but unfortunately lacking the useful examples and  perspectives from “real life” projects.

For details on installation, configuration and user guidelines on Oracle Web Services Manager, please send mail to gwrogde(at)

Time to start blogging…

I’ve been working on SOA-projects for several years, and in the J2EE/java-arena for 11 years, still counting. Lately the focus have been on performance, security and SOA governance.

Even though every software-project these days have a touch of SOA, the best practices are still hard to find. And every project seems to be piloting their own way around common pitfalls and obstacles. I have seen the same issues causing problems and delays over and over again.

This blog will be my spot to collect and present best practices gained through real work experience from banking/finance, telecom, publishing/media.

What can be done to get the required performance in a SOA-architecture, but still maintain the layering and reuse capabilities. How to secure SOA-services using standards and off-the-shelf software. How to maintain SOA governance in a production environment. What about robustness and stability as the number of services, reuse of services, and interoperability increases.

This is typical challenges faced in every SOA environment, and should be addressed as non-functional requirements in early stages, not when the issues are turned into crisis.