<Insert Picture Here>




From Developer to Production, Promoting your WebServices
Gerard Davison : Senior Principal Softw...
The following is intended to outline our general
product direction. It is intended for information
purposes only, and may ...
Presentation Agenda


•   Introduction          <Insert Picture Here>

•   Policies
•   Publishing Services
•   Consuming ...
<Insert Picture Here>



Introduction
Introduction
P is for promotion



• Make it easy to simplify deployments
• Focus on JAX-WS but a lot is applicable to JAX...
Introduction
E is for endpoints



• Need to use different instances of a web service in
  different contexts
   – Version...
Introduction
S is for security



• Web Service Security is like pick’n’mix
   – Likely to cause indigestion
   – Hard to ...
Introduction
Development




                            Mock
                            Rating




                  Loa...
Introduction
Testing




                                        Mock
                                        Rating
     ...
Introduction
Production




                                       Mock
                                       Rating
    ...
<Insert Picture Here>



Policies Primer
Policies
WS-Policy



• A description of how to communicate
  – Stuff that happens to the message after you have sent it
•...
Policies
WS-Policy - Some namespaces



• wsp:
  – http://schemas.xmlsoap.org/ws/2004/09/policy
• wsu:
  – http://docs.oas...
Policies
WS-Policy - Normal Form

<wsp:Policy>
 <wsp:ExactlyOne>
    <wsp:All>
      <sp:SupportingTokens>
        <wsp:Po...
Policies
WS-Policy - Compact


<wsp:Policy>
 <sp:SupportingTokens>
    <wsp:Policy>
      <sp:UsernameToken
        sp:Inc...
Policies
WS-Policy - ID


<wsp:Policy name=“UserNameToken” wsu:id=“SP1” >
 <sp:SupportingTokens>
    <wsp:Policy>
      <s...
Policies
WS-Policy - Referenced From a WSDL




<wsdl:portType name=”CreditRatingquot;
  wsp:PolicyURIs=quot;#SP1quot; >
 ...
Policies
WS-Policy - Where does it get referenced


   Service Policy Subject          Service



   Endpoint Policy Subje...
Policies
WS-Policy



• Important for both publishing and consuming
• Can be named
• Can be managed at deploy time
<Insert Picture Here>



Publishing Services
Publishing
Weblogic policies



• For JAX-WS only security policy at the moment
   – Use @Addressing for WS-Addressing pol...
Publishing
Centralized configuration



• KeyStores, etc… are configured at the server level
• Allow you to assert rather ...
Publishing
Annotation to “standard” policies




@WebService
@Policies(@Policy (uri=“policy:SomePolicy.xml”))
public class...
Publishing
Deployment descriptor




<webservice-policy-ref …>
  <port-policy>HelloPort</port-policy>
  <ws-policy>
    <u...
Publishing
Deployment Plan



•   JSR - 88
•   Weblogic xml file not standard
•   Also can override individual files
•   T...
<Insert Picture Here>



Publishing Demo
Publishing
Summary



• A mix of deployment and environmental artifacts
• Security declaratively added at class level
• Bu...
<Insert Picture Here>



Consuming Services
Consuming
Endpoints



• Abstract WSDL defines the service
• Concrete WSDL tell you where to find it.
• You often want to ...
Consuming
Changing the endpoint




public void doSomething(…)
{
   CreditRating_Service crs = …
   CreditRating cr = crs....
Consuming
WSDLS



• WSDLs also contain policies
• Won’t be read if you just change the endpoint
• Can create a new servic...
Consuming
Injection and indirection


@WebServiceRef(name = “CreditRatingService”)
CreditRating creditRatingPort;




<ser...
<Insert Picture Here>



Consuming Demo
Consuming
Security Tokens



• Simple .properties file in this example
• Should be using a Keystore
   – JCEKS rather than...
Consuming
Security Tokens : Storing

 KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;);
 ks.load(null, keyStorePassword...
Consuming
Security Tokens : Retrieving

 KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;);
 ks.load(…, keyStorePassword...
Consuming
Alternatives : Catalog file


@WebServiceRef(type = CreditRating_Service.class)
CreditRating creditRatingPort;

...
Consuming
Alternatives : UDDI



• Lookup service by UUID
   – UDDI 2.0 repository built in to weblogic
   – Just edit udd...
Consuming
Alternatives: DI, Spring


@AuthenticatedService(“CreditRatingService”)
CreditRating creditRatingPort;

// or

<...
Consuming
Alternatives: Aspects

@WebServiceRef(type = CreditRating_Service.class)
@InjectionPoint(key = “Name”)
CreditRat...
<Insert Picture Here>



Conclusion
Conclusion


• Understand and use policies

• Design from the start with promotion in mind
  – EE
  – DI
  – Home grown


...
For More Information




• JDeveloper
  – http://www.oracle.com/technology/products/jdev/index.html
• Weblogic
  – http://...
The preceding is intended to outline our general
product direction. It is intended for information
purposes only, and may ...
From Developer to Production, Promoting your Webservices
From Developer to Production, Promoting your Webservices
Upcoming SlideShare
Loading in …5
×

From Developer to Production, Promoting your Webservices

3,489 views

Published on

As given at UKOUG'08

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
3,489
On SlideShare
0
From Embeds
0
Number of Embeds
319
Actions
Shares
0
Downloads
57
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

From Developer to Production, Promoting your Webservices

  1. 1. <Insert Picture Here> From Developer to Production, Promoting your WebServices Gerard Davison : Senior Principal Software Engineer JDeveloper WebServices
  2. 2. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  3. 3. Presentation Agenda • Introduction <Insert Picture Here> • Policies • Publishing Services • Consuming Services • Conclusion
  4. 4. <Insert Picture Here> Introduction
  5. 5. Introduction P is for promotion • Make it easy to simplify deployments • Focus on JAX-WS but a lot is applicable to JAX-RPC in WebLogic Dev Test Production
  6. 6. Introduction E is for endpoints • Need to use different instances of a web service in different contexts – Versioning a different problem • Mock services for development • “Real” services for production – Can alter real data – Can cost money per-transaction
  7. 7. Introduction S is for security • Web Service Security is like pick’n’mix – Likely to cause indigestion – Hard to move to a different shop once you’re started. • Can hard to set up a dev / test / production env • Less productive • Policies are the key to making this easier
  8. 8. Introduction Development Mock Rating Loan Credit Client Rating Approver
  9. 9. Introduction Testing Mock Rating Secured Loan Credit Client Rating Approver
  10. 10. Introduction Production Mock Rating Secured Loan Credit Client Rating Approver
  11. 11. <Insert Picture Here> Policies Primer
  12. 12. Policies WS-Policy • A description of how to communicate – Stuff that happens to the message after you have sent it • A meta pointer for other WS-* standards • Cover a range of technologies – WS-Addressing – WS-Security – WS-ReliableMessaging – WS-TX
  13. 13. Policies WS-Policy - Some namespaces • wsp: – http://schemas.xmlsoap.org/ws/2004/09/policy • wsu: – http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd • sp: – http://schemas.xmlsoap.org/ws/2005/07/securit ypolicy
  14. 14. Policies WS-Policy - Normal Form <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
  15. 15. Policies WS-Policy - Compact <wsp:Policy> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
  16. 16. Policies WS-Policy - ID <wsp:Policy name=“UserNameToken” wsu:id=“SP1” > <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
  17. 17. Policies WS-Policy - Referenced From a WSDL <wsdl:portType name=”CreditRatingquot; wsp:PolicyURIs=quot;#SP1quot; > <wsdl:operation>…</wsdl:operation> </wsdl:binding>
  18. 18. Policies WS-Policy - Where does it get referenced Service Policy Subject Service Endpoint Policy Subject Port / Binding / PortType Operation Policy Subject Binding.Operation / PortType.Operation Message Policy Subject Input / Output / Fault / Message
  19. 19. Policies WS-Policy • Important for both publishing and consuming • Can be named • Can be managed at deploy time
  20. 20. <Insert Picture Here> Publishing Services
  21. 21. Publishing Weblogic policies • For JAX-WS only security policy at the moment – Use @Addressing for WS-Addressing policy • For JAX-RPC also reliable messaging • @Policies(@Policy(uri=“policy:….”)) • weblogic-webservices-policy.xml in WEB-INF / META- INF
  22. 22. Publishing Centralized configuration • KeyStores, etc… are configured at the server level • Allow you to assert rather than configure • Different configuration at each level: – Dev - no security – QA - security using internal certificates – Deploy - security using “gold” certificates
  23. 23. Publishing Annotation to “standard” policies @WebService @Policies(@Policy (uri=“policy:SomePolicy.xml”)) public class Hello { public String sayHello(String name) { return name; } }
  24. 24. Publishing Deployment descriptor <webservice-policy-ref …> <port-policy>HelloPort</port-policy> <ws-policy> <uri>policy:SomePolicy.xml</uri> <direction>both</direction> </ws-policy> </webservice-policy-ref>
  25. 25. Publishing Deployment Plan • JSR - 88 • Weblogic xml file not standard • Also can override individual files • The key to dealing with promotion • No tooling in JDeveloper yet
  26. 26. <Insert Picture Here> Publishing Demo
  27. 27. Publishing Summary • A mix of deployment and environmental artifacts • Security declaratively added at class level • But the configuration done at domain level
  28. 28. <Insert Picture Here> Consuming Services
  29. 29. Consuming Endpoints • Abstract WSDL defines the service • Concrete WSDL tell you where to find it. • You often want to change location – Promotion – Or Multiple deployments in different environments • But you want a static interface to program against
  30. 30. Consuming Changing the endpoint public void doSomething(…) { CreditRating_Service crs = … CreditRating cr = crs.getCreditRatingPort(); ((BindingProvider)cr).getRequestContext() .put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY, “http://…………”); }
  31. 31. Consuming WSDLS • WSDLs also contain policies • Won’t be read if you just change the endpoint • Can create a new service object – Expensive • Better to use injection in EE case
  32. 32. Consuming Injection and indirection @WebServiceRef(name = “CreditRatingService”) CreditRating creditRatingPort; <service-ref> <service-ref-name>CreditRatingService</service- ref-name> <service-interface> com.somecreditrating.xmlns.rating.CreditRating _Service</service-interface> </service-ref>
  33. 33. <Insert Picture Here> Consuming Demo
  34. 34. Consuming Security Tokens • Simple .properties file in this example • Should be using a Keystore – JCEKS rather than default JKS to store SecretKey instances – Still need to hard code a password but less open to brute force searching • Possibly query WebLogic stores for environmental configuration – I’m still learning the stack
  35. 35. Consuming Security Tokens : Storing KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(null, keyStorePassword); PasswordProtection keyStorePP = new PasswordProtection(keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKey generatedSecret = factory.generateSecret(new PBEKeySpec( password)); ks.setEntry(key, new SecretKeyEntry( generatedSecret), keyStorePP); ls.save(…, keyStorePassword);
  36. 36. Consuming Security Tokens : Retrieving KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(…, keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKeyEntry ske = (SecretKeyEntry)ks.getEntry(key, keyStorePP); PBEKeySpec keySpec = (PBEKeySpec)factory.getKeySpec( ske.getSecretKey(), PBEKeySpec.class); char[] password = keySpec.getPassword();
  37. 37. Consuming Alternatives : Catalog file @WebServiceRef(type = CreditRating_Service.class) CreditRating creditRatingPort; In WEB-INF or META-INF java-ws-catalog.xml <catalog xmlns=quot;urn:oasis:names:tc:entity:xmlns:xml:cat alogquot; prefer=quot; systemquot;> <system systemId=“CreditRating.wsdlquot; uri=“ExternalCreditRating.wsdlquot;/> </catalog>
  38. 38. Consuming Alternatives : UDDI • Lookup service by UUID – UDDI 2.0 repository built in to weblogic – Just edit uddi.properties to enable • BPEL has support for this directly • For JAX-WS write your own code to lookup WSDL • Some BPEL services do WSDL indirection – Only changes on the BPEL server
  39. 39. Consuming Alternatives: DI, Spring @AuthenticatedService(“CreditRatingService”) CreditRating creditRatingPort; // or <bean id=“CreditRatingService”> … </bean
  40. 40. Consuming Alternatives: Aspects @WebServiceRef(type = CreditRating_Service.class) @InjectionPoint(key = “Name”) CreditRating creditRatingPort; // public aspect InjectionProvider { pointcut injectionPoint(Object target) : set(@WebServiceRef @InjectionPoint * *) && target(target) after injectionPoint(Object target) { BindingProvider = target; … } }
  41. 41. <Insert Picture Here> Conclusion
  42. 42. Conclusion • Understand and use policies • Design from the start with promotion in mind – EE – DI – Home grown • Managing security tokens is finicky – Store passwords in wallet or keystore
  43. 43. For More Information • JDeveloper – http://www.oracle.com/technology/products/jdev/index.html • Weblogic – http://www.oracle.com/technology/products/weblogic/index.ht ml • Your speaker – gerard.davison@oracle.com • http://kingsfleet.blogspot.com/
  44. 44. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

×