WSIT: Web Services Reliability, Security, & Transaction

Sang Shin Technology Architect www.javapassion.com

Topics
What is WSIT? WSIT features
> > > > >

End-to-end reliability Secure communication Atomic transaction Optimized communication Bootstrapping communication

Summary

What is WSIT?

What is WSIT?
Web Services Interoperability Technologies

(WSIT)

> Used to be called project Tango

Goal > Interoperability with Microsoft Windows Communication Foundation (WCF, a.k.a. Indigo) > Implementation of WS-* specifications

End-to-End Reliability

Communication With Reliable Messaging

RMS and

RMD are responsible for message exchange on behalf of Source and Dest.

Rebuild the Hello World Web service using Reliable Messaging (Demo Scenario Next Slide)
http://www.javapassion.com/handsonlabs/wswsit/#Exercise_1

Demo:

Demo Scenario
Configure the Hello World Web service with
> No code change

reliable messaging using NetBeans WIST wizard

Test the Web service > Should work the same Display the newly generated WSDL document > It should contain Reliable messaging policy elements Rebuild the client application > Refresh the client to get new WSDL Show the message exchanges using WS-Monitor > There are two message exchanges
8

Secure Communication

WS-SecurityPolicy
WS-SecurityPolicy defines assertions that can

be used to describe the security capabilities and requirement of the WebService. The capabilities and requirements can be published as part of the WSDL.
> A security requirement specified in the WSDL of a

service forces a communicating party trying to access the service in a certain way.

The capabilities and requirements pertain

primarily to Message Layer Security and also to Transport Security.

10

WS-SecurityPolicy
Examples of security requirement specified

through WS-SecurityPolicy

> Use of a Certificate and Private Key pair or a valid

Username/Password in order to authenticate to the service etc. > The type of Key and Key Sizes and Algorithms that need to be used etc.

11

Rebuild the Hello World Web service using Security (Demo Scenario Next Slide)
http://www.javapassion.com/handsonlabs/wswsit/#Exercise_2

Demo:

12

Demo Scenario
Configure the Hello World Web service with

security using NetBeans WIST wizard

> No code change

Display the newly generated WSDL document > It should contain security policy elements Rebuild the client application > Refresh the client to get new WSDL Show the message exchanges using WS-

Monitor or GlassFish log

13

Web Service Transaction

14

Transaction Support for Web Services

All operations in TX boundary either succeed

or are all rolled back Same as in Enterprise JavaBeans (EJB) architecture/Java RMI-IIOP Technology New to web services
> The transaction context is carried over SOAP

(instead of RMI-IIOP)

15

How to Create Transacted Web Service: 2 Options

Option 1: Starting from Java source using

Annotations

> Stateless EJB using Container Managed Transaction (CMT)

using Annotations > WSDL with WS-AT Policy gets created

Option 2: Starting from WSDL

> Transacted operations denoted with WS-AT Policy Assertion

16

Transacted Web Service: Option 1

@javax.jws.WebService @javax.ejb.Stateless @javax.ejb.TransactionManagement(CONTAINER)[1] public class Bank { @javax.jws.WebMethod @javax.ejb.TransactionAttribute(REQUIRED)[1][2] void transferFunds(...) throws ... ;

[1] stateless EJB default, annotation added to be explicit [2] Implementation restriction: transaction not propagated with a one way message
17

Transacted Web Service: Option 2

<wsdl:definitions> <!-- Define WS-AT policy assertion --> <wsp:Policy wsu:Id="TransactedPolicy1" > <wsat:ATAssertion wsp:Optional="true/> <wsat:ATAlwaysCapability/> </wsp:Policy> <wsdl:binding name="Bank" type="tns:BankPortType" > <!-- Marked Transacted by Operation Policy Subject--> <wsdl:operation name="transferFunds" > <wsp:PolicyReference URI="#TransactedPolicy1" wsdl:required="true" /> ... </wsdl:operation> </wsdl:binding> </wsdl:definitions>

18

WSIT Support on Transaction

WSIT creates an Atomic Transaction Context the first

time a transacted Web service operation is invoked within a JTA transaction scope - line 05 below > 01 @Resource > 02 javax.transaction.UserTransaction ut; > 03 > 04 ut.begin(); > 05 bankWebService.makeWithdrawl(); > 06 ... > 07 ut.commit();.

19

Building Web Services with Transaction

http://www.javapassion.com/handsonlabs/wstransaction/#Exercise_1

Demo:

20

Demo Scenario
Create EJB based Web service > One of the operation is annotated with
@javax.ejb.TransactionAttribute

Create BPEL module, in which the above EJB

based Web service is invoked as as part of a business process Create a composite application which contains the above BPEL module Create a Web client application which starts the business process Show the message exchanges using WSMonitor or GlassFish log
21

Thank You!

Sang Shin sang.shin@sun.com javapassion.com

22