OSB - Split-Join calling secured web service - parallel-processing

I create a new Split-Join (in the OSB workshop application). Then
I use an action "Invoke Service" to call a not secured business service. So far no problem. When I assign a security policy to my business service, the OSB does not accept. Here is the error message in the OSB workshop:
[Parallel, Scope, Invoke Service]
The WSDL Binding for BusinessService "OSB/1_0/BusinessServices/TestBS" is not supported: The service feature "WS-Security" is not supported.
How can I call a secured business service in a splitJoin?
Thanks

I'll put a little more expanded version of the correct answer of user2364825.
Split-Join is actually a "window" into an older product (that's why it looks and behave differently from OSB). That product has some limitation, including inability to work with WS_POLICY.
There are two commonly used workarounds for that.
Approach #1. Make a version of the same WSDL stripped of WS_POLICY and use it in the Split-Join. From the Split-Join, call the intermediate proxy with that stripped WSDL which in turn calls a business service with the original WSDL.
BizService(Stripped WSDL)->Split-Join->Proxy2(Stripped WSDL)->BizService(Real WSDL)
That approach only works if the WS_POLICY headers are created by OSB code.
If the message going via Split-Join already has some SOAP Headers (including Policies), those are going to be lost, and the approach #1 is not working.
Approach #2. Make a custom WSDL which wraps the original message with all its SOAP Headers and whatnot. Use that WSDL for Split-Join, pass the wrapped message to an unwrapping proxy, and then call the real proxy/biz.
BizService(Wrapper WSDL)->Split-Join->Proxy2(Wrapper WSDL)->BizService(Real WSDL)
The second approach is more complex, but also more powerful. For instance, it easily can be extended to support user headers (Split-Join doesn't support them too), passing debug information and pretty much anything else.
This approach is implemented in my GenericParallel service which does all above and some more.
I also have a blog post outlining passing the SOAP Headers via Split-Join in a bit more details. (The WS_Policy is just a SOAP Header after all).

YOu can never a call a WSDL based proxy/Business Service that has WS_POLICY defined in the WSDL. You need to have a intermediate business/proxy to pass the message to the WS-policy containg WSDL service.

Related

Spring-WS: Route a SOAP request through two different endpoints

I have a SOAP endpoint which processes XML requests by identifying the unmarshalled object and then using appropriate handlers. Now, I am trying to make a new endpoint and handler method which would handle the same request differently. From what I understand, Spring-Webservices (or SOAP for that matter) doesn't have a RESTful-kind of routing for requests.
Can I route a SOAP request through two different endpoints with a URL suffix or something in the API path (kind-of RESTful) ? The namespace, localpart, etc all being same. If not, is there a way ?
SO doesn't seem to have working answers on this topic, tried this:
How can i have two separate web services with identical name space and local name requests be routed to different end points?
Multiple SOAP endpoints with one namespace & localpart
Any approach/ideas are appreciated.
As far as I understood, you need to execute different business logic methods depending on the flag value. Well, the most straightforward approach is to use an if statement directly inside the endpoint. If you want to call different API (controllers) methods, you can take a look at Spring Functional Endpoints. Though I'm not sure they are integrated with SOAP
The mentioned approaches in the question didn't work for me, so I used a mixed approach - made a RESTful api for the new endpoint with a different suffix in the url. I read the payload as a string and used marshallers to validate.

Forming a SOAP request message through WSDL

I'm very new to webservices. I'm trying to figure out how I can formulate a request message (and determine what the response message) would be based on the wsdl description that I have.
This is from a third party web service. The WSDL description that I have access to gives me a bunch of information like <types> <message> <operation> etc.
But in the examples that I've seen online, it's showing the request mesage within the "soap:envelope" tag.
What am I missing?
Eventually I'd like to be able to call this webservice using JQuery. But I can't even figure out how to formulate the request message let alone make an ajax call to it.
any help would be appreciated.
For these types of situations I would download soapUI, point it to your WSDL and use it to generate a few sample requests to get familiar with the endpoints, messages and the data model (XSD) for the service.
Armed with soapUI's sample requests it should be fairly easy to move this to jQuery's SOAP client (assuming of cause that the service is not humongous and requires you to transfer a big object graph as XML - in these cases you might want to check if your service vendor has a REST API as these are generally very easy to work with from jQuery).

How does WCF RIA Services handle authentication/authorization/security?

Since no one answered this question:
What issues to consider when rolling your own data-backend for Silverlight / AJAX on non-ASP.NET server?
Let me ask it another way:
How does WCF RIA Services handle authentication/authorization/security at a low level?
e.g. how does the application on the server determine that the incoming http request to change data is coming from a valid client and not from non-desirable source, e.g. a denial-of-service bot?
From my investigation, all calls into the RIA service classes are forced through a custom IOperationInvoker class (enforced by a custom IOperationBehavior class). This invoker calls into DomainService to have the operation executed.
Before it is executed, the method call is validated any/all AuthorizationAttribute attributes marked on the operation in question. Each AuthorizationAttribute (two provided are RequiresAuthenticationAttribute & RequiresRoleAttribute) is given an opportunity to accept or reject the call via the abstract IsAuthorized method.
If any of these attributes returns something other than "AuthorizationResult.Allowed", an UnauthorizedAccessException exception is thrown with the ErrorMessage from the AuthorizationResult returned.

How to call Java web service (JAX-WS) from AJAX?

I am developing java web services (JAX-WS) to insert data into mysql DB and retrieve it. This web service has two methods i.e. fetchFromDB and insertIntoDB. Services seems to be running fine when I test them using netbeans IDE.
Address: /CalculatorWSService
WSDL: /CalculatorWSService?wsdl
but when I try to access it using AJAX's xmlHttpRequest object by providing url http://localhost:8080/CalculatorApp/CalculatorWSService. It is not able to access it. I have developed C# web services and It has been so easy to access them with a url but java web services don't seem to follow that.
My question is
What url to use to access the web service operations in AJAX? (Do I need to use '?wsdl' in the url?
Is there a javascript ajax library to easily access JAX-WS web services?
Apache Axis web services are a better choice over JAX-WS?
Please help me, Thanks, Jay
I was having the same problem of yours, couldn't invoke a Jax-ws web service from Javascript, but i've found a way to do this.
The Url to use can be your same (EndPointAddress) "http://localhost:8080/CalculatorApp/CalculatorWSService"
but when you create the XMLHttpRequest object from javascript you have to:
* Use the POST method to open the URL , i tried with GET but it didn't work for me.
* Set the SOAPAction Request Header to the one in your wsdl, even if its empty "".
* Be very careful with the request body to send, the soap Envelope must be correct.
hope this can help you!.
Bye.
Paul Manjarres.
From the client's perspective, I wasn't expecting significant differences between Axis and JAX-WS. Everything the client needs should be in the WSDL.
One thing that sometimes happens is that the URL used when developing a WebService references the develpoment host and port (and maybe even the ContextRoot) When deployed to a particular server any of those could be changed. Ideally a new WSDL could be created with new "binding" information.
My first step would be to point a browser directly at the Web Service you want to invoke. In my environments that returns a nice "Hi this is a Web Service" kind of message. If you get 401 not found errors then you just need to study exactly how the web service was deployed. Was a different port or context root specified?

Are there any MVC web frameworks that support multiple request types?

In every MVC framework I've tried (Rails, Merb, Waves, Spring, and Struts), the idea of a Request (and Response) is tied to the HTTP notion of a Request. That is, even if there is an AbstractRequest that is a superclass of Request, the AbstractRequest has things like headers, request method (GET, POST, etc.), and all of the other things tied to HTTP.
I'd like to support a request-response cycle over SMS, Twitter, email, or any other medium for which I can make an adapter. Is there a framework that does this particularly well?
The only other option I've thought of is creating, for example, a Twitter poller that runs in a separate thread and translates messages into local HTTP requests, then sends the responses back out.
If there were a good framework for multiple request media, what would routing look like? In Rails, the HTTP routing looks something like:
map.connect 'some/path/with/:parameter_1/:paramter_2', :controller => 'foo', :action => 'bar'
How would a Twitter or SMS route look? Regular expressions to match keywords and parameters?
I haven't seen one. The issue is that the request is also tied to the host, and the response is tied to the request.
So if you get a request in via email, and a controller says to render view "aboutus", you'd need the MVC framework to know how to :
get the request in the first place - the MVC framework would almost need to be a host (IIS doesn't get notified on new emails, so how does your email polling code get fired?)
allow flexible route matching - matching by path/url wouldn't work for all, so request-specific controller routing would be needed
use the aboutus email view rather than the SMS or HTTP view named "aboutus"
send the response out via email, to the correct recipient
A web MVC framework isn't going to cut it - you'll need a MVC "host" that can handle activation through web, sms, email, whatever.
The Java Servlet specification was designed for Servlets to be protocol neutral, and to be extended in a protocol-specific way - HttpServlet being a protocol-specific Servlet extension. I always imagined that Sun, or other third poarty framework providers, would come up with other protocol-specific extensions like FtpServlet or MailServlet, or in this case SmsServlet and TwitterServlet.
Instead what has happened is that people either completely bypassed the Servlet framework, or have built their protocols on top of HTTP.
Of course, if you want to implement a protocol-specific extension for your required protocols, you would have to develop the whole stack - request object, response object, a mechanism of identifying sessions (for example using the MSISDN in an SMS instead of cookies), a templating and rendering framework (equivalent of JSP) - and then build an MVC framework on top of it.
You seem to be working mostly with Java and/or Ruby, so forgive me that this answer is based on Perl :-).
I'm very fond of the Catalyst MVC Framework (http://www.catalystframework.org/). It delegates the actual mapping of requests (in the general, generic sense) to code via engines. Granted, all the engine classes are currently based on HTTP, but I have toyed with the idea of trying to write an engine class that wasn't based on HTTP (or was perhaps tied to something like Twitter, but was separated from the HTTP interactions that Twitter uses). At the very least, I'm convinced it can be done, even if I haven't gotten around to trying it yet.
You could implement a REST-based Adapter over your website, which replaces the templates and redirects according to the input parameters.
All requestes coming in on api.yourhost.com will be handled by the REST based adapter.
This adapter would allow to call your website programmatically and have the result in a parseable format.
Practically this means: It replaces the Templates with an own Template Engine, on which this things happen:
instead of the assigned template, a generic xml/json template is called, which just outputs a xml that contains all template vars
then you can make your Twitter Poller, SMS Gateway or even call it from Javascript.

Resources