SlideShare une entreprise Scribd logo

From Developer to Production, Promoting your Webservices

K
kingsfleet

The document discusses promoting web services from development to production. It covers policies, publishing services, consuming services, and alternatives like UDDI and dependency injection. Key points include using policies for security configuration, designing with promotion in mind from the start, and managing security tokens carefully.

Technologie
1  sur  46
Télécharger pour lire hors ligne
<Insert Picture Here> From Developer to Production, Promoting your WebServices Gerard Davison : Senior Principal Software Engineer JDeveloper WebServices
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Presentation Agenda • Introduction <Insert Picture Here> • Policies • Publishing Services • Consuming Services • Conclusion
<Insert Picture Here> Introduction
Introduction P is for promotion • Make it easy to simplify deployments • Focus on JAX-WS but a lot is applicable to JAX-RPC in WebLogic Dev Test Production
Introduction E is for endpoints • Need to use different instances of a web service in different contexts – Versioning a different problem • Mock services for development • “Real” services for production – Can alter real data – Can cost money per-transaction
Introduction S is for security • Web Service Security is like pick’n’mix – Likely to cause indigestion – Hard to move to a different shop once you’re started. • Can hard to set up a dev / test / production env • Less productive • Policies are the key to making this easier
Introduction Development Mock Rating Loan Credit Client Rating Approver
Introduction Testing Mock Rating Secured Loan Credit Client Rating Approver
Introduction Production Mock Rating Secured Loan Credit Client Rating Approver
<Insert Picture Here> Policies Primer
Policies WS-Policy • A description of how to communicate – Stuff that happens to the message after you have sent it • A meta pointer for other WS-* standards • Cover a range of technologies – WS-Addressing – WS-Security – WS-ReliableMessaging – WS-TX
Policies WS-Policy - Some namespaces • wsp: – http://schemas.xmlsoap.org/ws/2004/09/policy • wsu: – http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd • sp: – http://schemas.xmlsoap.org/ws/2005/07/securit ypolicy
Policies WS-Policy - Normal Form <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
Policies WS-Policy - Compact <wsp:Policy> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
Policies WS-Policy - ID <wsp:Policy name=“UserNameToken” wsu:id=“SP1” > <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
Policies WS-Policy - Referenced From a WSDL <wsdl:portType name=”CreditRatingquot; wsp:PolicyURIs=quot;#SP1quot; > <wsdl:operation>…</wsdl:operation> </wsdl:binding>
Policies WS-Policy - Where does it get referenced Service Policy Subject Service Endpoint Policy Subject Port / Binding / PortType Operation Policy Subject Binding.Operation / PortType.Operation Message Policy Subject Input / Output / Fault / Message
Policies WS-Policy • Important for both publishing and consuming • Can be named • Can be managed at deploy time
<Insert Picture Here> Publishing Services
Publishing Weblogic policies • For JAX-WS only security policy at the moment – Use @Addressing for WS-Addressing policy • For JAX-RPC also reliable messaging • @Policies(@Policy(uri=“policy:….”)) • weblogic-webservices-policy.xml in WEB-INF / META- INF
Publishing Centralized configuration • KeyStores, etc… are configured at the server level • Allow you to assert rather than configure • Different configuration at each level: – Dev - no security – QA - security using internal certificates – Deploy - security using “gold” certificates
Publishing Annotation to “standard” policies @WebService @Policies(@Policy (uri=“policy:SomePolicy.xml”)) public class Hello { public String sayHello(String name) { return name; } }
Publishing Deployment descriptor <webservice-policy-ref …> <port-policy>HelloPort</port-policy> <ws-policy> <uri>policy:SomePolicy.xml</uri> <direction>both</direction> </ws-policy> </webservice-policy-ref>
Publishing Deployment Plan • JSR - 88 • Weblogic xml file not standard • Also can override individual files • The key to dealing with promotion • No tooling in JDeveloper yet
<Insert Picture Here> Publishing Demo
Publishing Summary • A mix of deployment and environmental artifacts • Security declaratively added at class level • But the configuration done at domain level
<Insert Picture Here> Consuming Services
Consuming Endpoints • Abstract WSDL defines the service • Concrete WSDL tell you where to find it. • You often want to change location – Promotion – Or Multiple deployments in different environments • But you want a static interface to program against
Consuming Changing the endpoint public void doSomething(…) { CreditRating_Service crs = … CreditRating cr = crs.getCreditRatingPort(); ((BindingProvider)cr).getRequestContext() .put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY, “http://…………”); }
Consuming WSDLS • WSDLs also contain policies • Won’t be read if you just change the endpoint • Can create a new service object – Expensive • Better to use injection in EE case
Consuming Injection and indirection @WebServiceRef(name = “CreditRatingService”) CreditRating creditRatingPort; <service-ref> <service-ref-name>CreditRatingService</service- ref-name> <service-interface> com.somecreditrating.xmlns.rating.CreditRating _Service</service-interface> </service-ref>
<Insert Picture Here> Consuming Demo
Consuming Security Tokens • Simple .properties file in this example • Should be using a Keystore – JCEKS rather than default JKS to store SecretKey instances – Still need to hard code a password but less open to brute force searching • Possibly query WebLogic stores for environmental configuration – I’m still learning the stack
Consuming Security Tokens : Storing KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(null, keyStorePassword); PasswordProtection keyStorePP = new PasswordProtection(keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKey generatedSecret = factory.generateSecret(new PBEKeySpec( password)); ks.setEntry(key, new SecretKeyEntry( generatedSecret), keyStorePP); ls.save(…, keyStorePassword);
Consuming Security Tokens : Retrieving KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(…, keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKeyEntry ske = (SecretKeyEntry)ks.getEntry(key, keyStorePP); PBEKeySpec keySpec = (PBEKeySpec)factory.getKeySpec( ske.getSecretKey(), PBEKeySpec.class); char[] password = keySpec.getPassword();
Consuming Alternatives : Catalog file @WebServiceRef(type = CreditRating_Service.class) CreditRating creditRatingPort; In WEB-INF or META-INF java-ws-catalog.xml <catalog xmlns=quot;urn:oasis:names:tc:entity:xmlns:xml:cat alogquot; prefer=quot; systemquot;> <system systemId=“CreditRating.wsdlquot; uri=“ExternalCreditRating.wsdlquot;/> </catalog>
Consuming Alternatives : UDDI • Lookup service by UUID – UDDI 2.0 repository built in to weblogic – Just edit uddi.properties to enable • BPEL has support for this directly • For JAX-WS write your own code to lookup WSDL • Some BPEL services do WSDL indirection – Only changes on the BPEL server
Consuming Alternatives: DI, Spring @AuthenticatedService(“CreditRatingService”) CreditRating creditRatingPort; // or <bean id=“CreditRatingService”> … </bean
Consuming Alternatives: Aspects @WebServiceRef(type = CreditRating_Service.class) @InjectionPoint(key = “Name”) CreditRating creditRatingPort; // public aspect InjectionProvider { pointcut injectionPoint(Object target) : set(@WebServiceRef @InjectionPoint * *) && target(target) after injectionPoint(Object target) { BindingProvider = target; … } }
<Insert Picture Here> Conclusion
Conclusion • Understand and use policies • Design from the start with promotion in mind – EE – DI – Home grown • Managing security tokens is finicky – Store passwords in wallet or keystore
For More Information • JDeveloper – http://www.oracle.com/technology/products/jdev/index.html • Weblogic – http://www.oracle.com/technology/products/weblogic/index.ht ml • Your speaker – gerard.davison@oracle.com • http://kingsfleet.blogspot.com/
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
From Developer to Production, Promoting your Webservices

Recommandé

CDI and Weld
CDI and WeldCDI and Weld
CDI and Weldjensaug
 
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)Dan Allen
 
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Dan Allen
 
Testing micro services using testkits
Testing micro services using testkitsTesting micro services using testkits
Testing micro services using testkitsMaxim Novak
 
Crossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationCrossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationC4Media
 
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Peter Pilgrim
 
Glassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghGlassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghEduardo Pelegri-Llopart
 
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishBatch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishArun Gupta
 

Recommandé

CDI and Weld
CDI and WeldCDI and Weld
CDI and Weldjensaug
 
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)Dan Allen
 
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Dan Allen
 
Testing micro services using testkits
Testing micro services using testkitsTesting micro services using testkits
Testing micro services using testkitsMaxim Novak
 
Crossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationCrossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationC4Media
 
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Peter Pilgrim
 
Glassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghGlassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghEduardo Pelegri-Llopart
 
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishBatch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishArun Gupta
 
Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onMatt Raible
 
Sustainable Agile Development
Sustainable Agile DevelopmentSustainable Agile Development
Sustainable Agile DevelopmentGabriele Lana
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloudSergejus Barinovas
 
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileEngineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileKenAtIndeed
 
SQL Server 2008 Migration
SQL Server 2008 MigrationSQL Server 2008 Migration
SQL Server 2008 MigrationMark Ginnebaugh
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services SecurityConSanFrancisco123
 
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Atlassian
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR InstallationLoretta Auvil
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat Security Conference
 
WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!Taylor Lovett
 
Seminar - JBoss Migration
Seminar - JBoss MigrationSeminar - JBoss Migration
Seminar - JBoss MigrationXebia IT Architects
 
Wicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWill Hoover
 
Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Andrew Soroka
 
Smart Client Development
Smart Client DevelopmentSmart Client Development
Smart Client DevelopmentTamir Khason
 
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnJenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnAndreas Grabner
 
Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09Bruno Matos Tavares
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingTechWell
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Cloud design pattern using azure
Cloud design pattern using azureCloud design pattern using azure
Cloud design pattern using azureKarthikeyan VK
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 

Contenu connexe

Similaire à From Developer to Production, Promoting your Webservices

Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onMatt Raible
 
Sustainable Agile Development
Sustainable Agile DevelopmentSustainable Agile Development
Sustainable Agile DevelopmentGabriele Lana
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloudSergejus Barinovas
 
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileEngineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileKenAtIndeed
 
SQL Server 2008 Migration
SQL Server 2008 MigrationSQL Server 2008 Migration
SQL Server 2008 MigrationMark Ginnebaugh
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Atlassian
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat Security Conference
 
WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!Taylor Lovett
 
Wicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWill Hoover
 
Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Andrew Soroka
 
Smart Client Development
Smart Client DevelopmentSmart Client Development
Smart Client DevelopmentTamir Khason
 
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnJenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnAndreas Grabner
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingTechWell
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Cloud design pattern using azure
Cloud design pattern using azureCloud design pattern using azure
Cloud design pattern using azureKarthikeyan VK
 

Similaire à From Developer to Production, Promoting your Webservices (20)

Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-on
 
Sustainable Agile Development
Sustainable Agile DevelopmentSustainable Agile Development
Sustainable Agile Development
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloud
 
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileEngineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
 
SQL Server 2008 Migration
SQL Server 2008 MigrationSQL Server 2008 Migration
SQL Server 2008 Migration
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services Security
 
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR Installation
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
 
WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!
 
Seminar - JBoss Migration
Seminar - JBoss MigrationSeminar - JBoss Migration
Seminar - JBoss Migration
 
Wicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On Time
 
Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2
 
Smart Client Development
Smart Client DevelopmentSmart Client Development
Smart Client Development
 
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnJenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
 
Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous Testing
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration Management
 
Cloud design pattern using azure
Cloud design pattern using azureCloud design pattern using azure
Cloud design pattern using azure
 

Dernier

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfOrbitshub
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistandanishmna97
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityWSO2
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Victor Rentea
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 

Dernier (20)

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 

From Developer to Production, Promoting your Webservices

  • 1.
  • 2. <Insert Picture Here> From Developer to Production, Promoting your WebServices Gerard Davison : Senior Principal Software Engineer JDeveloper WebServices
  • 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 4. Presentation Agenda • Introduction <Insert Picture Here> • Policies • Publishing Services • Consuming Services • Conclusion
  • 6. Introduction P is for promotion • Make it easy to simplify deployments • Focus on JAX-WS but a lot is applicable to JAX-RPC in WebLogic Dev Test Production
  • 7. Introduction E is for endpoints • Need to use different instances of a web service in different contexts – Versioning a different problem • Mock services for development • “Real” services for production – Can alter real data – Can cost money per-transaction
  • 8. Introduction S is for security • Web Service Security is like pick’n’mix – Likely to cause indigestion – Hard to move to a different shop once you’re started. • Can hard to set up a dev / test / production env • Less productive • Policies are the key to making this easier
  • 9. Introduction Development Mock Rating Loan Credit Client Rating Approver
  • 10. Introduction Testing Mock Rating Secured Loan Credit Client Rating Approver
  • 11. Introduction Production Mock Rating Secured Loan Credit Client Rating Approver
  • 13. Policies WS-Policy • A description of how to communicate – Stuff that happens to the message after you have sent it • A meta pointer for other WS-* standards • Cover a range of technologies – WS-Addressing – WS-Security – WS-ReliableMessaging – WS-TX
  • 14. Policies WS-Policy - Some namespaces • wsp: – http://schemas.xmlsoap.org/ws/2004/09/policy • wsu: – http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd • sp: – http://schemas.xmlsoap.org/ws/2005/07/securit ypolicy
  • 15. Policies WS-Policy - Normal Form <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
  • 16. Policies WS-Policy - Compact <wsp:Policy> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
  • 17. Policies WS-Policy - ID <wsp:Policy name=“UserNameToken” wsu:id=“SP1” > <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
  • 18. Policies WS-Policy - Referenced From a WSDL <wsdl:portType name=”CreditRatingquot; wsp:PolicyURIs=quot;#SP1quot; > <wsdl:operation>…</wsdl:operation> </wsdl:binding>
  • 19. Policies WS-Policy - Where does it get referenced Service Policy Subject Service Endpoint Policy Subject Port / Binding / PortType Operation Policy Subject Binding.Operation / PortType.Operation Message Policy Subject Input / Output / Fault / Message
  • 20. Policies WS-Policy • Important for both publishing and consuming • Can be named • Can be managed at deploy time
  • 22. Publishing Weblogic policies • For JAX-WS only security policy at the moment – Use @Addressing for WS-Addressing policy • For JAX-RPC also reliable messaging • @Policies(@Policy(uri=“policy:….”)) • weblogic-webservices-policy.xml in WEB-INF / META- INF
  • 23. Publishing Centralized configuration • KeyStores, etc… are configured at the server level • Allow you to assert rather than configure • Different configuration at each level: – Dev - no security – QA - security using internal certificates – Deploy - security using “gold” certificates
  • 24. Publishing Annotation to “standard” policies @WebService @Policies(@Policy (uri=“policy:SomePolicy.xml”)) public class Hello { public String sayHello(String name) { return name; } }
  • 25. Publishing Deployment descriptor <webservice-policy-ref …> <port-policy>HelloPort</port-policy> <ws-policy> <uri>policy:SomePolicy.xml</uri> <direction>both</direction> </ws-policy> </webservice-policy-ref>
  • 26. Publishing Deployment Plan • JSR - 88 • Weblogic xml file not standard • Also can override individual files • The key to dealing with promotion • No tooling in JDeveloper yet
  • 28. Publishing Summary • A mix of deployment and environmental artifacts • Security declaratively added at class level • But the configuration done at domain level
  • 30. Consuming Endpoints • Abstract WSDL defines the service • Concrete WSDL tell you where to find it. • You often want to change location – Promotion – Or Multiple deployments in different environments • But you want a static interface to program against
  • 31. Consuming Changing the endpoint public void doSomething(…) { CreditRating_Service crs = … CreditRating cr = crs.getCreditRatingPort(); ((BindingProvider)cr).getRequestContext() .put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY, “http://…………”); }
  • 32. Consuming WSDLS • WSDLs also contain policies • Won’t be read if you just change the endpoint • Can create a new service object – Expensive • Better to use injection in EE case
  • 33. Consuming Injection and indirection @WebServiceRef(name = “CreditRatingService”) CreditRating creditRatingPort; <service-ref> <service-ref-name>CreditRatingService</service- ref-name> <service-interface> com.somecreditrating.xmlns.rating.CreditRating _Service</service-interface> </service-ref>
  • 35. Consuming Security Tokens • Simple .properties file in this example • Should be using a Keystore – JCEKS rather than default JKS to store SecretKey instances – Still need to hard code a password but less open to brute force searching • Possibly query WebLogic stores for environmental configuration – I’m still learning the stack
  • 36. Consuming Security Tokens : Storing KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(null, keyStorePassword); PasswordProtection keyStorePP = new PasswordProtection(keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKey generatedSecret = factory.generateSecret(new PBEKeySpec( password)); ks.setEntry(key, new SecretKeyEntry( generatedSecret), keyStorePP); ls.save(…, keyStorePassword);
  • 37. Consuming Security Tokens : Retrieving KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(…, keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKeyEntry ske = (SecretKeyEntry)ks.getEntry(key, keyStorePP); PBEKeySpec keySpec = (PBEKeySpec)factory.getKeySpec( ske.getSecretKey(), PBEKeySpec.class); char[] password = keySpec.getPassword();
  • 38. Consuming Alternatives : Catalog file @WebServiceRef(type = CreditRating_Service.class) CreditRating creditRatingPort; In WEB-INF or META-INF java-ws-catalog.xml <catalog xmlns=quot;urn:oasis:names:tc:entity:xmlns:xml:cat alogquot; prefer=quot; systemquot;> <system systemId=“CreditRating.wsdlquot; uri=“ExternalCreditRating.wsdlquot;/> </catalog>
  • 39. Consuming Alternatives : UDDI • Lookup service by UUID – UDDI 2.0 repository built in to weblogic – Just edit uddi.properties to enable • BPEL has support for this directly • For JAX-WS write your own code to lookup WSDL • Some BPEL services do WSDL indirection – Only changes on the BPEL server
  • 40. Consuming Alternatives: DI, Spring @AuthenticatedService(“CreditRatingService”) CreditRating creditRatingPort; // or <bean id=“CreditRatingService”> … </bean
  • 41. Consuming Alternatives: Aspects @WebServiceRef(type = CreditRating_Service.class) @InjectionPoint(key = “Name”) CreditRating creditRatingPort; // public aspect InjectionProvider { pointcut injectionPoint(Object target) : set(@WebServiceRef @InjectionPoint * *) && target(target) after injectionPoint(Object target) { BindingProvider = target; … } }
  • 43. Conclusion • Understand and use policies • Design from the start with promotion in mind – EE – DI – Home grown • Managing security tokens is finicky – Store passwords in wallet or keystore
  • 44. For More Information • JDeveloper – http://www.oracle.com/technology/products/jdev/index.html • Weblogic – http://www.oracle.com/technology/products/weblogic/index.ht ml • Your speaker – gerard.davison@oracle.com • http://kingsfleet.blogspot.com/
  • 45. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.