SlideShare uma empresa Scribd logo

Promoting WebServices from Development to Production

K
kingsfleet

The document discusses promoting web services from development to production. It covers policies, publishing services, consuming services, and alternatives like UDDI and dependency injection. Key points include using policies for security configuration, designing with promotion in mind from the start, and managing security tokens carefully.

Tecnologia
1 de 46
Baixar para ler offline
<Insert Picture Here> From Developer to Production, Promoting your WebServices Gerard Davison : Senior Principal Software Engineer JDeveloper WebServices
The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Presentation Agenda • Introduction <Insert Picture Here> • Policies • Publishing Services • Consuming Services • Conclusion
<Insert Picture Here> Introduction
Introduction P is for promotion • Make it easy to simplify deployments • Focus on JAX-WS but a lot is applicable to JAX-RPC in WebLogic Dev Test Production
Introduction E is for endpoints • Need to use different instances of a web service in different contexts – Versioning a different problem • Mock services for development • “Real” services for production – Can alter real data – Can cost money per-transaction
Introduction S is for security • Web Service Security is like pick’n’mix – Likely to cause indigestion – Hard to move to a different shop once you’re started. • Can hard to set up a dev / test / production env • Less productive • Policies are the key to making this easier
Introduction Development Mock Rating Loan Credit Client Rating Approver
Introduction Testing Mock Rating Secured Loan Credit Client Rating Approver
Introduction Production Mock Rating Secured Loan Credit Client Rating Approver
<Insert Picture Here> Policies Primer
Policies WS-Policy • A description of how to communicate – Stuff that happens to the message after you have sent it • A meta pointer for other WS-* standards • Cover a range of technologies – WS-Addressing – WS-Security – WS-ReliableMessaging – WS-TX
Policies WS-Policy - Some namespaces • wsp: – http://schemas.xmlsoap.org/ws/2004/09/policy • wsu: – http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd • sp: – http://schemas.xmlsoap.org/ws/2005/07/securit ypolicy
Policies WS-Policy - Normal Form <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
Policies WS-Policy - Compact <wsp:Policy> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
Policies WS-Policy - ID <wsp:Policy name=“UserNameToken” wsu:id=“SP1” > <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
Policies WS-Policy - Referenced From a WSDL <wsdl:portType name=”CreditRatingquot; wsp:PolicyURIs=quot;#SP1quot; > <wsdl:operation>…</wsdl:operation> </wsdl:binding>
Policies WS-Policy - Where does it get referenced Service Policy Subject Service Endpoint Policy Subject Port / Binding / PortType Operation Policy Subject Binding.Operation / PortType.Operation Message Policy Subject Input / Output / Fault / Message
Policies WS-Policy • Important for both publishing and consuming • Can be named • Can be managed at deploy time
<Insert Picture Here> Publishing Services
Publishing Weblogic policies • For JAX-WS only security policy at the moment – Use @Addressing for WS-Addressing policy • For JAX-RPC also reliable messaging • @Policies(@Policy(uri=“policy:….”)) • weblogic-webservices-policy.xml in WEB-INF / META- INF
Publishing Centralized configuration • KeyStores, etc… are configured at the server level • Allow you to assert rather than configure • Different configuration at each level: – Dev - no security – QA - security using internal certificates – Deploy - security using “gold” certificates
Publishing Annotation to “standard” policies @WebService @Policies(@Policy (uri=“policy:SomePolicy.xml”)) public class Hello { public String sayHello(String name) { return name; } }
Publishing Deployment descriptor <webservice-policy-ref …> <port-policy>HelloPort</port-policy> <ws-policy> <uri>policy:SomePolicy.xml</uri> <direction>both</direction> </ws-policy> </webservice-policy-ref>
Publishing Deployment Plan • JSR - 88 • Weblogic xml file not standard • Also can override individual files • The key to dealing with promotion • No tooling in JDeveloper yet
<Insert Picture Here> Publishing Demo
Publishing Summary • A mix of deployment and environmental artifacts • Security declaratively added at class level • But the configuration done at domain level
<Insert Picture Here> Consuming Services
Consuming Endpoints • Abstract WSDL defines the service • Concrete WSDL tell you where to find it. • You often want to change location – Promotion – Or Multiple deployments in different environments • But you want a static interface to program against
Consuming Changing the endpoint public void doSomething(…) { CreditRating_Service crs = … CreditRating cr = crs.getCreditRatingPort(); ((BindingProvider)cr).getRequestContext() .put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY, “http://…………”); }
Consuming WSDLS • WSDLs also contain policies • Won’t be read if you just change the endpoint • Can create a new service object – Expensive • Better to use injection in EE case
Consuming Injection and indirection @WebServiceRef(name = “CreditRatingService”) CreditRating creditRatingPort; <service-ref> <service-ref-name>CreditRatingService</service- ref-name> <service-interface> com.somecreditrating.xmlns.rating.CreditRating _Service</service-interface> </service-ref>
<Insert Picture Here> Consuming Demo
Consuming Security Tokens • Simple .properties file in this example • Should be using a Keystore – JCEKS rather than default JKS to store SecretKey instances – Still need to hard code a password but less open to brute force searching • Possibly query WebLogic stores for environmental configuration – I’m still learning the stack
Consuming Security Tokens : Storing KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(null, keyStorePassword); PasswordProtection keyStorePP = new PasswordProtection(keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKey generatedSecret = factory.generateSecret(new PBEKeySpec( password)); ks.setEntry(key, new SecretKeyEntry( generatedSecret), keyStorePP); ls.save(…, keyStorePassword);
Consuming Security Tokens : Retrieving KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(…, keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKeyEntry ske = (SecretKeyEntry)ks.getEntry(key, keyStorePP); PBEKeySpec keySpec = (PBEKeySpec)factory.getKeySpec( ske.getSecretKey(), PBEKeySpec.class); char[] password = keySpec.getPassword();
Consuming Alternatives : Catalog file @WebServiceRef(type = CreditRating_Service.class) CreditRating creditRatingPort; In WEB-INF or META-INF java-ws-catalog.xml <catalog xmlns=quot;urn:oasis:names:tc:entity:xmlns:xml:cat alogquot; prefer=quot; systemquot;> <system systemId=“CreditRating.wsdlquot; uri=“ExternalCreditRating.wsdlquot;/> </catalog>
Consuming Alternatives : UDDI • Lookup service by UUID – UDDI 2.0 repository built in to weblogic – Just edit uddi.properties to enable • BPEL has support for this directly • For JAX-WS write your own code to lookup WSDL • Some BPEL services do WSDL indirection – Only changes on the BPEL server
Consuming Alternatives: DI, Spring @AuthenticatedService(“CreditRatingService”) CreditRating creditRatingPort; // or <bean id=“CreditRatingService”> … </bean
Consuming Alternatives: Aspects @WebServiceRef(type = CreditRating_Service.class) @InjectionPoint(key = “Name”) CreditRating creditRatingPort; // public aspect InjectionProvider { pointcut injectionPoint(Object target) : set(@WebServiceRef @InjectionPoint * *) && target(target) after injectionPoint(Object target) { BindingProvider = target; … } }
<Insert Picture Here> Conclusion
Conclusion • Understand and use policies • Design from the start with promotion in mind – EE – DI – Home grown • Managing security tokens is finicky – Store passwords in wallet or keystore
For More Information • JDeveloper – http://www.oracle.com/technology/products/jdev/index.html • Weblogic – http://www.oracle.com/technology/products/weblogic/index.ht ml • Your speaker – gerard.davison@oracle.com • http://kingsfleet.blogspot.com/
The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
Promoting WebServices from Development to Production

Recomendados

CDI and Weld
CDI and WeldCDI and Weld
CDI and Weldjensaug
 
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)Dan Allen
 
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Dan Allen
 
Testing micro services using testkits
Testing micro services using testkitsTesting micro services using testkits
Testing micro services using testkitsMaxim Novak
 
Crossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationCrossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationC4Media
 
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Peter Pilgrim
 
Glassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghGlassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghEduardo Pelegri-Llopart
 
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishBatch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishArun Gupta
 

Recomendados

CDI and Weld
CDI and WeldCDI and Weld
CDI and Weldjensaug
 
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)
JSR-299 (CDI), Weld & the Future of Seam (JavaOne 2010)Dan Allen
 
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Throwing complexity over the wall: Rapid development for enterprise Java (Jav...
Throwing complexity over the wall: Rapid development for enterprise Java (Jav...Dan Allen
 
Testing micro services using testkits
Testing micro services using testkitsTesting micro services using testkits
Testing micro services using testkitsMaxim Novak
 
Crossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationCrossroads of Asynchrony and Graceful Degradation
Crossroads of Asynchrony and Graceful DegradationC4Media
 
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...
Devoxx UK 2013 Test-Driven Development with JavaEE 7, Arquillian and Embedded...Peter Pilgrim
 
Glassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghGlassfish V2.1 Harpreet Singh
Glassfish V2.1 Harpreet SinghEduardo Pelegri-Llopart
 
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishBatch Applications for Java Platform 1.0: Java EE 7 and GlassFish
Batch Applications for Java Platform 1.0: Java EE 7 and GlassFishArun Gupta
 
Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onMatt Raible
 
Sustainable Agile Development
Sustainable Agile DevelopmentSustainable Agile Development
Sustainable Agile DevelopmentGabriele Lana
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloudSergejus Barinovas
 
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileEngineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileKenAtIndeed
 
SQL Server 2008 Migration
SQL Server 2008 MigrationSQL Server 2008 Migration
SQL Server 2008 MigrationMark Ginnebaugh
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services SecurityConSanFrancisco123
 
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Atlassian
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR InstallationLoretta Auvil
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat Security Conference
 
WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!Taylor Lovett
 
Seminar - JBoss Migration
Seminar - JBoss MigrationSeminar - JBoss Migration
Seminar - JBoss MigrationXebia IT Architects
 
Wicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWill Hoover
 
Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Andrew Soroka
 
Smart Client Development
Smart Client DevelopmentSmart Client Development
Smart Client DevelopmentTamir Khason
 
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnJenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnAndreas Grabner
 
Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09Bruno Matos Tavares
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingTechWell
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Cloud design pattern using azure
Cloud design pattern using azureCloud design pattern using azure
Cloud design pattern using azureKarthikeyan VK
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 

Mais conteúdo relacionado

Semelhante a Promoting WebServices from Development to Production

Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onMatt Raible
 
Sustainable Agile Development
Sustainable Agile DevelopmentSustainable Agile Development
Sustainable Agile DevelopmentGabriele Lana
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloudSergejus Barinovas
 
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileEngineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileKenAtIndeed
 
SQL Server 2008 Migration
SQL Server 2008 MigrationSQL Server 2008 Migration
SQL Server 2008 MigrationMark Ginnebaugh
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Atlassian
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat Security Conference
 
WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!Taylor Lovett
 
Wicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWill Hoover
 
Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Andrew Soroka
 
Smart Client Development
Smart Client DevelopmentSmart Client Development
Smart Client DevelopmentTamir Khason
 
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnJenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnAndreas Grabner
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingTechWell
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Cloud design pattern using azure
Cloud design pattern using azureCloud design pattern using azure
Cloud design pattern using azureKarthikeyan VK
 

Semelhante a Promoting WebServices from Development to Production (20)

Apache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-onApache Roller, Acegi Security and Single Sign-on
Apache Roller, Acegi Security and Single Sign-on
 
Sustainable Agile Development
Sustainable Agile DevelopmentSustainable Agile Development
Sustainable Agile Development
 
Moving applications to the cloud
Moving applications to the cloudMoving applications to the cloud
Moving applications to the cloud
 
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond AgileEngineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
Engineering Velocity @indeed eng presented on Sept 24 2014 at Beyond Agile
 
SQL Server 2008 Migration
SQL Server 2008 MigrationSQL Server 2008 Migration
SQL Server 2008 Migration
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
 
Soa And Web Services Security
Soa And Web Services SecuritySoa And Web Services Security
Soa And Web Services Security
 
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
Peer Code Review: In a Nutshell and The Tantric Team: Getting Your Automated ...
 
SEASR Installation
SEASR InstallationSEASR Installation
SEASR Installation
 
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
BlueHat v17 || Where, how, and why is SSL traffic on mobile getting intercept...
 
WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!WordPress Acceptance Testing, Solved!
WordPress Acceptance Testing, Solved!
 
Seminar - JBoss Migration
Seminar - JBoss MigrationSeminar - JBoss Migration
Seminar - JBoss Migration
 
Wicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On TimeWicket Deliver Your Webapp On Time
Wicket Deliver Your Webapp On Time
 
Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2Soroka Resume 2016 Rev.2
Soroka Resume 2016 Rev.2
 
Smart Client Development
Smart Client DevelopmentSmart Client Development
Smart Client Development
 
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with KeptnJenkins Online Meetup - Automated SLI based Build Validation with Keptn
Jenkins Online Meetup - Automated SLI based Build Validation with Keptn
 
Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09Asp.Net Mvc Dev Days09
Asp.Net Mvc Dev Days09
 
Use Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous TestingUse Layered Model-Based Requirements to Achieve Continuous Testing
Use Layered Model-Based Requirements to Achieve Continuous Testing
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration Management
 
Cloud design pattern using azure
Cloud design pattern using azureCloud design pattern using azure
Cloud design pattern using azure
 

Último

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dashnarutouzumaki53779
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demoHarshalMandlekar2
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rick Flair
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Último (20)

WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Visualising and forecasting stocks using Dash
Visualising and forecasting stocks using DashVisualising and forecasting stocks using Dash
Visualising and forecasting stocks using Dash
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Sample pptx for embedding into website for demo
Sample pptx for embedding into website for demoSample pptx for embedding into website for demo
Sample pptx for embedding into website for demo
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...Rise of the Machines: Known As Drones...
Rise of the Machines: Known As Drones...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Promoting WebServices from Development to Production

  • 1.
  • 2. <Insert Picture Here> From Developer to Production, Promoting your WebServices Gerard Davison : Senior Principal Software Engineer JDeveloper WebServices
  • 3. The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.
  • 4. Presentation Agenda • Introduction <Insert Picture Here> • Policies • Publishing Services • Consuming Services • Conclusion
  • 6. Introduction P is for promotion • Make it easy to simplify deployments • Focus on JAX-WS but a lot is applicable to JAX-RPC in WebLogic Dev Test Production
  • 7. Introduction E is for endpoints • Need to use different instances of a web service in different contexts – Versioning a different problem • Mock services for development • “Real” services for production – Can alter real data – Can cost money per-transaction
  • 8. Introduction S is for security • Web Service Security is like pick’n’mix – Likely to cause indigestion – Hard to move to a different shop once you’re started. • Can hard to set up a dev / test / production env • Less productive • Policies are the key to making this easier
  • 9. Introduction Development Mock Rating Loan Credit Client Rating Approver
  • 10. Introduction Testing Mock Rating Secured Loan Credit Client Rating Approver
  • 11. Introduction Production Mock Rating Secured Loan Credit Client Rating Approver
  • 13. Policies WS-Policy • A description of how to communicate – Stuff that happens to the message after you have sent it • A meta pointer for other WS-* standards • Cover a range of technologies – WS-Addressing – WS-Security – WS-ReliableMessaging – WS-TX
  • 14. Policies WS-Policy - Some namespaces • wsp: – http://schemas.xmlsoap.org/ws/2004/09/policy • wsu: – http://docs.oasis-open.org/wss/2004/01/oasis- 200401-wss-wssecurity-utility-1.0.xsd • sp: – http://schemas.xmlsoap.org/ws/2005/07/securit ypolicy
  • 15. Policies WS-Policy - Normal Form <wsp:Policy> <wsp:ExactlyOne> <wsp:All> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:All> </wsp:ExactlyOne> </wsp:Policy>
  • 16. Policies WS-Policy - Compact <wsp:Policy> <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
  • 17. Policies WS-Policy - ID <wsp:Policy name=“UserNameToken” wsu:id=“SP1” > <sp:SupportingTokens> <wsp:Policy> <sp:UsernameToken sp:IncludeToken=quot;http://docs.oasis- open.org/…quot;> <wsp:Policy> <sp:WssUsernameToken10/> </wsp:Policy> </sp:UsernameToken> </wsp:Policy> </sp:SupportingTokens> </wsp:Policy>
  • 18. Policies WS-Policy - Referenced From a WSDL <wsdl:portType name=”CreditRatingquot; wsp:PolicyURIs=quot;#SP1quot; > <wsdl:operation>…</wsdl:operation> </wsdl:binding>
  • 19. Policies WS-Policy - Where does it get referenced Service Policy Subject Service Endpoint Policy Subject Port / Binding / PortType Operation Policy Subject Binding.Operation / PortType.Operation Message Policy Subject Input / Output / Fault / Message
  • 20. Policies WS-Policy • Important for both publishing and consuming • Can be named • Can be managed at deploy time
  • 22. Publishing Weblogic policies • For JAX-WS only security policy at the moment – Use @Addressing for WS-Addressing policy • For JAX-RPC also reliable messaging • @Policies(@Policy(uri=“policy:….”)) • weblogic-webservices-policy.xml in WEB-INF / META- INF
  • 23. Publishing Centralized configuration • KeyStores, etc… are configured at the server level • Allow you to assert rather than configure • Different configuration at each level: – Dev - no security – QA - security using internal certificates – Deploy - security using “gold” certificates
  • 24. Publishing Annotation to “standard” policies @WebService @Policies(@Policy (uri=“policy:SomePolicy.xml”)) public class Hello { public String sayHello(String name) { return name; } }
  • 25. Publishing Deployment descriptor <webservice-policy-ref …> <port-policy>HelloPort</port-policy> <ws-policy> <uri>policy:SomePolicy.xml</uri> <direction>both</direction> </ws-policy> </webservice-policy-ref>
  • 26. Publishing Deployment Plan • JSR - 88 • Weblogic xml file not standard • Also can override individual files • The key to dealing with promotion • No tooling in JDeveloper yet
  • 28. Publishing Summary • A mix of deployment and environmental artifacts • Security declaratively added at class level • But the configuration done at domain level
  • 30. Consuming Endpoints • Abstract WSDL defines the service • Concrete WSDL tell you where to find it. • You often want to change location – Promotion – Or Multiple deployments in different environments • But you want a static interface to program against
  • 31. Consuming Changing the endpoint public void doSomething(…) { CreditRating_Service crs = … CreditRating cr = crs.getCreditRatingPort(); ((BindingProvider)cr).getRequestContext() .put( BindingProvider.ENDPOINT_ADDRESS_PROPERTY, “http://…………”); }
  • 32. Consuming WSDLS • WSDLs also contain policies • Won’t be read if you just change the endpoint • Can create a new service object – Expensive • Better to use injection in EE case
  • 33. Consuming Injection and indirection @WebServiceRef(name = “CreditRatingService”) CreditRating creditRatingPort; <service-ref> <service-ref-name>CreditRatingService</service- ref-name> <service-interface> com.somecreditrating.xmlns.rating.CreditRating _Service</service-interface> </service-ref>
  • 35. Consuming Security Tokens • Simple .properties file in this example • Should be using a Keystore – JCEKS rather than default JKS to store SecretKey instances – Still need to hard code a password but less open to brute force searching • Possibly query WebLogic stores for environmental configuration – I’m still learning the stack
  • 36. Consuming Security Tokens : Storing KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(null, keyStorePassword); PasswordProtection keyStorePP = new PasswordProtection(keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKey generatedSecret = factory.generateSecret(new PBEKeySpec( password)); ks.setEntry(key, new SecretKeyEntry( generatedSecret), keyStorePP); ls.save(…, keyStorePassword);
  • 37. Consuming Security Tokens : Retrieving KeyStore ks = KeyStore.getInstance(quot;JCEKSquot;); ks.load(…, keyStorePassword); SecretKeyFactory factory = SecretKeyFactory.getInstance(quot;PBEquot;); SecretKeyEntry ske = (SecretKeyEntry)ks.getEntry(key, keyStorePP); PBEKeySpec keySpec = (PBEKeySpec)factory.getKeySpec( ske.getSecretKey(), PBEKeySpec.class); char[] password = keySpec.getPassword();
  • 38. Consuming Alternatives : Catalog file @WebServiceRef(type = CreditRating_Service.class) CreditRating creditRatingPort; In WEB-INF or META-INF java-ws-catalog.xml <catalog xmlns=quot;urn:oasis:names:tc:entity:xmlns:xml:cat alogquot; prefer=quot; systemquot;> <system systemId=“CreditRating.wsdlquot; uri=“ExternalCreditRating.wsdlquot;/> </catalog>
  • 39. Consuming Alternatives : UDDI • Lookup service by UUID – UDDI 2.0 repository built in to weblogic – Just edit uddi.properties to enable • BPEL has support for this directly • For JAX-WS write your own code to lookup WSDL • Some BPEL services do WSDL indirection – Only changes on the BPEL server
  • 40. Consuming Alternatives: DI, Spring @AuthenticatedService(“CreditRatingService”) CreditRating creditRatingPort; // or <bean id=“CreditRatingService”> … </bean
  • 41. Consuming Alternatives: Aspects @WebServiceRef(type = CreditRating_Service.class) @InjectionPoint(key = “Name”) CreditRating creditRatingPort; // public aspect InjectionProvider { pointcut injectionPoint(Object target) : set(@WebServiceRef @InjectionPoint * *) && target(target) after injectionPoint(Object target) { BindingProvider = target; … } }
  • 43. Conclusion • Understand and use policies • Design from the start with promotion in mind – EE – DI – Home grown • Managing security tokens is finicky – Store passwords in wallet or keystore
  • 44. For More Information • JDeveloper – http://www.oracle.com/technology/products/jdev/index.html • Weblogic – http://www.oracle.com/technology/products/weblogic/index.ht ml • Your speaker – gerard.davison@oracle.com • http://kingsfleet.blogspot.com/
  • 45. The preceding is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.