Sunday, October 28, 2012

Web Service incompatibilities

SOAP Web Services have lost quite some of their popularity: too complex, incompatibilities etc.  My answer is always that 1) SOAP just adds a very simple envelope around the request and response messages and 2) SOAP does work fine when you stick to the rules (a copy of a slide I use in my training classes):

Just recently I had encountered 2 nice examples of SOAP incompatibilities.
 

Cookies and SOAP

While investigating the web services API of a cloud SAAS application, encountered another example how things should not be done.  First of all it was not "stateless" but required the use of a login and logout operation. With security not based on standard HTTP basic authentication or WS-Security, but a proprietary scheme:

  <urn:credential>
    <urn:companyId>company-id</urn:companyId>
    <urn:username>user-name</urn:username>
    <urn:password>password</urn:password>
  </urn:credential>


But then came the surprise: the login operation returns a session handle which is actually a cookie! The cookie is to be passed as an HTTP header in each subsequent web service.  Had seen many ways to make web service implementations incompatible, but this is one for the top 5!  Obviously most web service clients require some hack to pass this cookie along the SOAP request.
 

Doc/literal with 2 parts

A more subtle challenge came recently by at a customer: the IBM DataPower ESB refused to import the WSDL file an Oracle product.  The web service used the document/literal style and one of the operations had a request message consisting of 2 parts.  So who was wrong and who was right: IBM or Oracle?

SOAP went through some growing pains in the beginning. The initial idea was an RPC mechanism whereby an operation could have multiple parameters. These parameters are passed as multiple parts in a request and response message. But with a better understanding of XML and XML schema's, the world move to a model whereby XML documents were passed. Microsoft introduced the document/literal wrapped style whereby the root contains the name of the operation.
<soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope">
  <soap:Body>
    <OperationName>
      actual XML document...
    </operationName>
  <soap:Body>
</soap:Envelope
</soap:Envelope>

So my initial response was, document/literal web services should only have one part and Oracle is wrong. But a colleague pointed to the fact that Oracle would not implement web services that violate the standards. And indeed, the IBM article clearly explains that a document/literal web service can have multiple parts in a message.

The WS-I Basic Profile was an initiative to sharpen the rules and states: "R2201 A document-literal binding in a DESCRIPTION MUST, in each of its soapbind:body element(s), have at most one part listed in the parts attribute, if the parts attribute is specified.". So the Oracle web service is not WS-I basic compliant but does not violate the SOAP/WSDL specifications.

Again a situation where one has to go for workaround, this time in the DataPower ESB. Had IBM implemented the specs correctly and/or Oracle stuck to the widely accepted ways-of-working and the WS-I Basic profile, everything would have worked smoothly.
 
Author: Guy

Thursday, October 18, 2012

Live from Software AG Processworld 2012: Day 2



On day 2 of ProcessWorld I attended some sessions that were focusing on the 9.0 release. The first one was about a general introduction to webMethods 9.0. It started with a short overview of the new products: webMethods cloudStreams, webMethods Pulse, Command Central, ActiveTransfer, etc. After that they dived into the new functions of the existing components like IntegrationServer, Broker, Optimize, etc. The most important ones are:

For integration server:
  • Support for webservice reliable messaging, SFTP and JSON. 
  • Worry-free updates with maintenance mode support. You can put the integration server in maintenance mode to perform updates. 
  • Local development. 
  • BigXML and service caching thanks to the implementation of TerraCotta. 
  • WebMethods Command Central Integration. 
For Trading Networks: 
  • Community management & partner on-boarding 
  • Integration of the new webMethods ActiveTransfer product. 
For BPM: 
  • Improved architecture by OSGI enablement of the my webMethods Server. 
  • Event-enabled BPM processes can feed webMethods Pulse, Business Events & Mashzone. 
  • BPMN 2.0 support for sub-processes & debugging 
Optimize:
  • Improved usability & management of KPI data. 
  • Enhanced dashboards with MashZone. 
  • Improved reliability. 
  • WebMethods Command Central Integration 
CentraSite: 
  • New business UI for occasional & non-technical users 
  • Easy keyword search 
  • Event-based automatic promotion across life-cycle states 
  • Simplified infrastructure 
  • WebMethods Command Central Integration 
Nirvana messaging: 
Something I forgot to mention in my previous blog post is that Nirvana also supports priority messaging and message throttling for bandwidth limitations.
 
Important to mention are the following system requirements for the whole webMethods 9.0 suite.
  • There will be ipV6 support 
  • Only 64-bit operating systems will be supported 
  • The standard JDK is Java 7 
  • The ability to define checkpoints & the rollback of deployments  

Another new webMethods product that I didn’t mention yesterday is webMethods ActiveTransfer for Managed File Transfer. There are two major components: ActiveTransfer server & ActiveTransfer proxy. The ActiveTransfer server needs to be installed on an IntegrationServer in the trusted zone of your IT infrastructure. The server part allows you to:
  • Configure and manage all server instances centrally. It allows you to define IP banning rules and/or filename or folder restrictions. 
  • Manage users and their access privileges by prioritizing file transfers, restrict file transfer actions and inheritance of user settings from templates. 
  • Perform post-processing and alerting by the definition of file transfer criteria based triggers. Based on these triggers IntegrationServer services can be invoked or native scripts can be called. 
  • Perform scheduled and event-driven transfers 
  • Accelerate file transfers in high latency environments by definition of multiple active transfer tunnels. This allows file transfers speed up to 20 times faster. 
  • Suspend and resume file transfers by the definition of checkpoints 
  • Provide centralized monitoring to keep track of all transfers.
 
The ActiveTransfer proxy server part runs on a reverse gateway IntegrationServer in the DMZ and communicates with third parties.

Author: Dimitri Van Kerckhoven

Wednesday, October 17, 2012

Live from Software AG Processworld 2012: Day 1



The day started with general keynotes from the CEO and CTO of Software AG. During these keynotes the so called “4 forces, shaping the future of IT” of Processworld 2012 were introduced:

  • Big Data    
  • Social/Collaboration 
  • Cloud 
  • Mobile

All of these 4 forces are integrated in the new ARIS 9.0 and webMethods 9.0 releases by a number of new products. The one that were addressed today are the following:

  • ARIS connect: a complete new product focusing on the social and collaboration part. It is an addition to the existing ARIS product line. During the session a demo has been given showing how multiple persons can collaborate in an ARIS process. A person can invite someone else to collaborate in an ARIS process, meaning the person can put comments, can view the part he or she is responsible for and so on.
    At this moment there are different ARIS products, each of them having their own version. With ARIS 9.0 there will be only one ARIS client with version number 9.0 and extension packs in case specific features are wanted.
     
  • webMethods pulse: is focusing on the social and mobile part. This event-driven solution is based on the webMethods ESB and allows us to subscribe to business events and to get warned in real time on our mobile phone or tablet. 
  • Cloud streams: is responsible for cloud integration. While the webMethods SalesForce adapter is only focusing on integration with SalesForce, cloud streams comes out of the box with a lot more SAAS connectors (salesforce, google, …). It has also advanced security, traffic analysis and SAAS governance on board.
    I discussed the comparison of the salesforce adapter with the cloudstream solution with a software AG expert at the cloud booth. The main advantage of cloudstreams is that it delivers a shorter time to market compared to the adapter. With cloudstreams they provide a framework that can easily adopt a new version of the API that is availaible in the cloud (cfr the updates of the salesforce partner WSDL).
    Cloudstreams can be installed as an integration server package.
     
  • Nirvana messaging: A java based messaging system for webMethods with the same functions as the broker + additional API's for javascript, iOS, android, ... Tests have shown that the nirvana messaging solution is up to 10 times faster than the broker (including guaranteed delivery). So there is a chance that it will replace the broker in a far future.
  • Command Central allows us to administer almost all webMethods components via one central GUI. It allows administrators to: 
    • Perform landscape management by stopping or starting, monitoring, perform license management, basic alerting of webmethods components. 
    • Manage fixes by comparing fixes across servers and install fixes on the servers. 
    • Perform central configuration across products, compare the configuration and provide access to the legacy UI. 
    At this moment they are still working at the product, since the central configuration is still a work in progress. Although the GUI is one way to access command central, it also can be accessed via command line, service API and even a mobile API. For the command line you can give a command to perform a specific operation or XML scripts can be used to apply changes using the command line.
    Command central provides a standard API, independent of the underlying runtime. This means you can configure for instance a JNDI connection in CC in one way, whether it needs to be applied on integration server of MWS.
    In the future it also will be possible to install products using CC.
    On top is this all you can define templates, manage substitution variables and apply these templates to target servers.  

    Author: Dimitri Van Kerckhoven