Managed File Transfer Capabilities in the WebLogic Platform

Security

In B2B integration, it is essential that the files sent by trading partners to GlobalTx are not intercepted or altered in route. On the receiving end, secure file transfer means you can trust the content of incoming files and allow internal applications to process them automatically. Although WebLogic Platform doesn't provide built-in support for secured file transfer, you can easily create a custom FTP control using a third-party Java client for secure FTP used from a WLI process project.

Let us explore how a custom FTP control can be created using AppGate's MindTerm. MindTerm is probably the most popular client today that implements the SSH1 and SSH2 protocols written in pure Java. Note that if more than 100 distinct users need to use MindTerm, you must purchase a commercial license (a limited commercial use license), unlike many other APIs that are only available for evaluation. The following is an overview of the process of enabling MindTerm usage within WebLogic Workshop.

First, the mindterm.jar should be added in the libraries folder in the Workshop application, and a custom Java control created as Figure 3 depicts:

Figure 3. Adding mindterm.jar to the libraries folder in WebLogic Workshop

The API snapshot of the code to connect to the remote server (where SSH is enabled and SFTP is effectively configured) is briefly described below. Note that host-based, key-based, and password-based authentication is supported by MindTerm. In our present context, we will use the password-based authentication. Configuration between password-based and key-based authentication is similar, and the former authentication method appears to be a smaller subset of the two. Initially, a transport object is created which takes in, among other things, a socket instance to the remote machine. This class implements the transport layer of the SSH2 protocol stack. The initial negotiations for key exchange algorithms and host key type are handled by the following:

SSH2Transport sshTrans = new SSH2Transport(<socket instance>,

            <SecureRandomAndPad-instance>.getNextInt() );

The communication with the server is started with the following:

sshTrans.boot();

An authenticator is an object that supports multiple modules of authentication such as password-based and key-based authentication that can be added as modules to this object. The following is an example of a password-based authentication module:

SSH2Authenticator sshAuth = new SSH2Authenticator(user name);

A password store is an instance present inside the WebLogic Integration OA&M console that can be used to store passwords against an alias. Here is a WebLogic-specific method to extract the password from the password store, corresponding to a known alias:

PasswordStore pwdStore = PasswordStore.getInstance(

               PasswordStore.getDefaultProvider() );
  String password = pwdStore.getPassword(alias);

This example shows how to create and add the password-based authentication module to the user authentication object for the extracted password:

SSH2AuthPassword    authPwd = new SSH2AuthPassword (password);

  sshAuth.addModule(authPwd);

This object implements the user authentication layer of the SSH2 protocol stack:

SSH2UserAuth sshUserAuth = new SSH2UserAuth (sshTrans, sshAuth );

  .....
  if (sshUserAuth.authenticateUser("ssh-connection" )) {

On successful authentication, governed by the above statement, the ssh2connection object is obtained. The connection is set inside the sshTrans object for use with the connection layer, as shown below:

SSH2Connection sshCon =

            new SSH2Connection (sshUserAuth, sshTrans);
  sshTrans.setConnection( sshCon );

Here, the client instance object is used to retrieve information pertaining to the files (along with the actual files) from the remote machine:

SSH2SFTPClient sftpClient = new SSH2SFTPClient( sshCon, true );

First, a file handle is obtained for the directory that the remote location represents, for getting the information pertaining to the files present in that directory (to search for a specific file). The file attributes object represents such a necessity:

FileHandle fileHndle = sftpClient.opendir(<remote location>);

  SSH2SFTP.FileAttributes[] fileAttr = 
                 sftpClient.readdir(fileHndle);

The <file name> represents the individual file of interest, obtained from the file attributes object retrieved above. The action to be taken on the file is also mentioned here, while getting a file handle:

SSH2SFTP.FileHandle fileToBeReadHndle =

    sftpClient.open( <remote location> 
     + "/" + <filename>,
     SSH2SFTP.SSH_FXF_READ, <new file attributes instance> );

Subsequently, the file is retrieved and put into the output stream (in the local system) as mentioned below. The file handle representing that file is defined in this statement:

int bytesRead = sftpClient.readFully(fileToBeReadHndle,

             <buffered output stream> );

Once the file is obtained, then the client and the transport objects are disconnected:

sftpClient.terminate(); }

        //terminates sshUserAuth.authenticateUser()
  sshTrans.normalDisconnect("user disconnected ..." );

These examples form the base solution for providing secure file transfer between the trading partners and GlobalTx's OMS as Figure 2 shows. We will later delve into other functionality such as scheduling and transformation.