The document discusses promoting web services from development to production. It covers policies, publishing services, consuming services, and alternatives like UDDI and dependency injection. Key points include using policies for security configuration, designing with promotion in mind from the start, and managing security tokens carefully.
Ensuring Technical Readiness For Copilot in Microsoft 365
Promoting WebServices from Development to Production
1.
2. <Insert Picture Here>
From Developer to Production, Promoting your WebServices
Gerard Davison : Senior Principal Software Engineer
JDeveloper WebServices
3. The following is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.
6. Introduction
P is for promotion
• Make it easy to simplify deployments
• Focus on JAX-WS but a lot is applicable to JAX-RPC
in WebLogic
Dev Test Production
7. Introduction
E is for endpoints
• Need to use different instances of a web service in
different contexts
– Versioning a different problem
• Mock services for development
• “Real” services for production
– Can alter real data
– Can cost money per-transaction
8. Introduction
S is for security
• Web Service Security is like pick’n’mix
– Likely to cause indigestion
– Hard to move to a different shop once you’re started.
• Can hard to set up a dev / test / production env
• Less productive
• Policies are the key to making this easier
13. Policies
WS-Policy
• A description of how to communicate
– Stuff that happens to the message after you have sent it
• A meta pointer for other WS-* standards
• Cover a range of technologies
– WS-Addressing
– WS-Security
– WS-ReliableMessaging
– WS-TX
22. Publishing
Weblogic policies
• For JAX-WS only security policy at the moment
– Use @Addressing for WS-Addressing policy
• For JAX-RPC also reliable messaging
• @Policies(@Policy(uri=“policy:….”))
• weblogic-webservices-policy.xml in WEB-INF / META-
INF
23. Publishing
Centralized configuration
• KeyStores, etc… are configured at the server level
• Allow you to assert rather than configure
• Different configuration at each level:
– Dev - no security
– QA - security using internal certificates
– Deploy - security using “gold” certificates
24. Publishing
Annotation to “standard” policies
@WebService
@Policies(@Policy (uri=“policy:SomePolicy.xml”))
public class Hello
{
public String sayHello(String name)
{
return name;
}
}
26. Publishing
Deployment Plan
• JSR - 88
• Weblogic xml file not standard
• Also can override individual files
• The key to dealing with promotion
• No tooling in JDeveloper yet
28. Publishing
Summary
• A mix of deployment and environmental artifacts
• Security declaratively added at class level
• But the configuration done at domain level
30. Consuming
Endpoints
• Abstract WSDL defines the service
• Concrete WSDL tell you where to find it.
• You often want to change location
– Promotion
– Or Multiple deployments in different environments
• But you want a static interface to program against
32. Consuming
WSDLS
• WSDLs also contain policies
• Won’t be read if you just change the endpoint
• Can create a new service object
– Expensive
• Better to use injection in EE case
35. Consuming
Security Tokens
• Simple .properties file in this example
• Should be using a Keystore
– JCEKS rather than default JKS to store SecretKey instances
– Still need to hard code a password but less open to brute
force searching
• Possibly query WebLogic stores for environmental
configuration
– I’m still learning the stack
39. Consuming
Alternatives : UDDI
• Lookup service by UUID
– UDDI 2.0 repository built in to weblogic
– Just edit uddi.properties to enable
• BPEL has support for this directly
• For JAX-WS write your own code to lookup WSDL
• Some BPEL services do WSDL indirection
– Only changes on the BPEL server
43. Conclusion
• Understand and use policies
• Design from the start with promotion in mind
– EE
– DI
– Home grown
• Managing security tokens is finicky
– Store passwords in wallet or keystore
44. For More Information
• JDeveloper
– http://www.oracle.com/technology/products/jdev/index.html
• Weblogic
– http://www.oracle.com/technology/products/weblogic/index.ht
ml
• Your speaker
– gerard.davison@oracle.com
• http://kingsfleet.blogspot.com/
45. The preceding is intended to outline our general
product direction. It is intended for information
purposes only, and may not be incorporated into any
contract. It is not a commitment to deliver any
material, code, or functionality, and should not be
relied upon in making purchasing decisions.
The development, release, and timing of any
features or functionality described for Oracle’s
products remains at the sole discretion of Oracle.