REST based webservices in OUAF framework

Rest based web services is a relatively new feature added in the OUAF framework. It is a new addition and still a lot of changes are coming up continuously in newer versions of the framework. It will take some time for the changes to stabilize.

Depending on which version of the OUAF framework, there may be variations in how you access REST web service.

This blog is targeted at providing some insight into how to access REST based web services in the OUAF framework.

Accessing REST Web services

Framework version 4.4.0.2 - FW V4.4.0.2.0 (C2M V2.7.0.3.0)

This is the old way of accessing REST web services. This has changed in recent version. Documenting this in case anyone is trying to access REST web services in old versions of the product.

There are three steps you need to follow to access a REST web service in this version.

1. Authentication:

This is done by invoking j_security_check and passing the username and password of C2M login user in j_username and j_password parameters respectively.

2. Get Rest Token:

This is done by invoking ‘/restSecurityToken’ url. You will get the Rest security token in the response header with the key ‘OUAF-Security-Token’.

3. Invoke Rest WebService (Set Token in Header in this request):

Set the token received in the earlier request in the header for the session. Call the actual REST api that you want to invoke.

Am using python to demonstrate accessing of REST web service. Alternatively you can use POSTMAN or SOAPUI also.

Using requests module in python for accessing web service.

import requests headers = {'Accept':'application/json'} session = requests.Session() session.headers.update(headers) #authenticate session authResponse = session.post('http://localhost:6600/ouaf/j_security_check?j_username=username&j_password=password') #Fetch Token tokenResponse = session.post('http://localhost:6600/ouaf/restSecurityToken') # Set Token in header tokenHeader = {'OUAF-Security-Token': tokenResponse.headers['OUAF-Security-Token']} session.headers.update(tokenHeader) session.headers.update({'Content-Type': 'application/json'}) # Call Rest API tranResponse = session.get('http://localhost:6600/ouaf/rest/apis/cm/customers/demo/satypes') json_formatted_str = json.dumps(tranResponse.json(), indent=4) print(json_formatted_str)

Run the python file using command “python retrieveSAtypesold.py”

As seen below the output of the rest call is displayed

Framework version 4.4.0.3 - FW V4.4.0.3.0 (C2M V2.8.0.0.0)

In this framework version, the Rest module has been moved to a separate web container (rest.war) having target URL as ‘ouaf/rest’. Hence it can have its own authentication separate from the main web container having target URL ‘/ouaf’.

Hence the steps for accessing REST web service is different.

You no longer need to authenticate by calling ‘j_security_check’ now. (If you hit ‘j_security_check’ you will get authentication error and will be logged out, as cis.jsp has been modified to not allow direct access to j_security_check.)

You can specify the authentication to use for the REST web container. This would be different from the authentication specified for the root web container.

By default the framework provides you Oracle Web Services Manager (OWSM) option. You can enable that by setting below parameter to true in ENVIRON.INI file

OWSM_PROTECTION_FOR_REST_SERVICES=true

Will provide more details for accessing REST web service using OWSM later. OWSM provides support for token based security also.

Currently I am setting the authentication to ‘BASIC’, for the rest web container, for demo purposes.

You can do this by modifying “web.xml.rest.template” file in the folder ‘$SPLEBASE/templates’ folder.

Add the following snippet to the file

<login-config>         <auth-method>BASIC</auth-method> </login-config>

You can use any valid authentication allowed by weblogic for the web container.

Accessing REST Web service:

Am using python to demonstrate accessing of REST web service. Alternatively you can use POSTMAN or SOAPUI also.

Have created a new REST inbound web service in C2M. Am accessing an out of box business service ‘C1-ALL-SATYP’ in the operation. Have set the URI component of IWS to ‘/demo’. Have set the URI component of IWS to ‘satypes’.

Have set resource category to ‘Customer Information’

As seen below the IWS is created.

Click on ‘View Specification’ to view details of REST webservice in open API format

Expand the service and execute it. You will see the result below.

You can access the REST URL in the ‘Request URL’ window below for quick access.

The URL of the REST webservices is composed of the following parts:

http://server:port/ouaf/rest/apis/{Owner URI component}/{resource Category URI component}/{IWS URI component}/{Operation URI component}

Sample URL: http://localhost:6700/ouaf/rest/apis/cm/customers/demo/satypes

Extendable lookup for Resource category Extendable lookup (F1-RESTResourceCategory)

As seen below the URI component for resource category ‘Customer information’ is ‘/customers’

Extendable lookup - Owner Configuration for REST Services (F1-RESTOwnerURLComponent)

Similarly for owner uri component the value is ‘/cm’

Using requests module in python for accessing web service.

First set following headers – ‘Accept’ and ‘Content-Type’ to ‘application/json’

Also as authentication is set to BASIC, use HTTPBasicAuth for providing authentication as shown below. Set the username and password for C2M application in that.

import requests from requests.auth import HTTPBasicAuth import json headers = {'Accept':'application/json', 'Content-Type': 'application/json'} response = requests.get('http://localhost:6700/ouaf/rest/apis/cm/customers/demo/satypes', auth=HTTPBasicAuth('username', 'password'), headers=headers) json_formatted_str = json.dumps(response.json(), indent=4) print(json_formatted_str)

Run the python file using command “python retrieveSAtypes.py”

As seen below the output of the web service is displayed on the command prompt.