SOA Suite 11g Technology Preview 3 needs an Oracle database and Oracle XE (the free database edition) is ideal as the installation is so straight forward. By default the installation sets the database listener port to 1521 and the http server port to 8080. If these ports are already in use on your machine, the installer will prompt you to specify an available port number.
Figure 1. Choosing another port number. This dialog box only gets displayed during installation if port is in use or blocked by firewall.
On a Windows XP installation the Oracle XE installer reports that a port is in use if that port number is being blocked by the firewall. Disabling the firewall is generally not a good idea as, along with anti-virus software, it provides a crucial defence for your machine, network and business.
The windows firewall settings can be found in the Control Panel. Just add the default port numbers to the firewall exception list. Once that is done, one can switch back to the ‘Choose Port’ dialog, put the default value in and continue with the Oracle XE installation.
Figure 2. Keep the firewall ‘On’ and go to the Exceptions list.
Figure 3. Adding the Oracle XE port 1521 to the Exceptions list.
A recent white paper by Marc Chanliau, Oracle Fusion Middleware Product Management, on Web Services Security is now available on OTN. The What is required to secure SOA white paper gives a clear overview of the security requirements for services and how these requirements, with corresponding ‘standards’, have evolved.
In his paper, Marc discusses transport layer as well as application layer security for services. He also outlines the role of the many security related standards, technologies and tools out there. The approach taken shows how and where they compliment or overlap. Such topics include:
Confidentiality, Integrity, Authenticity: XML Encryption, XML Signature.
Every web services developer should have an understanding of these concepts. I highly recommend this document as a basic primer in web services security.
Within the past week the 3rd technology preview of JDeveloper 11g was made available on the Oracle Technology Network (OTN) website. For me, the most significant aspect of this preview is that it includes a preview of the long awaited SOA Suite 11g which supports the Service Component Architecture (SCA) specification. This Technology Preview release of Oracle SOA Suite 11g showcases the support for SCA through the new composite assembly editor in JDeveloper as well as a unified service engine foundation for the full set of SOA Suite components.
The SOA Suite 11g software is available within the JDeveloper 11g environment – yes, that’s right! You only install JDeveloper and you also get the SOA Suite server side for deploying your 11g composite applications!
Web service handlers are not a new concept. One obvious issue with developing a web service is catering for common behaviour. If each operation requires the same set of services, such as security or logging, how do you provide those services? A web service handler is the solution for both common client-side as well as server-side behaviour. Handlers allow you to process SOAP messages before and after the message is sent through the network.
Web service handlers are a part of the JAX-RPC specification, and the JAX-WS specification caters for the same concept, but in a slightly different way. There are some handler examples on the net but most just deal with logging the request and response. This article will introduce something a bit more complicated, putting a Software As A Service handler on the Dice web service. For an overview of JAX-WS handler infrastructure, as well as the difference between SOAPHandler and LogicalHandler see the excellent Handlers Introduction on java.net.
In this Dice SAAS example JDeveloper 11g Technology Preview 2 is used. It supports JAX-WS and has an embedded OC4J server for running the web service. To get started, download the Dice project, which is ready to go with the annotated web service code and add it to your JDev workspace. Details about the Dice web service and how it is constructed can be found in a previous article.
The first thing to do is test that the web service works in your environment. To do this launch the Test Web Service utility by right clicking on the Dice web service in the Application Navigator.
This will start the embedded OC4J server, deploy the web service and launch the HTTP Analyzer with the WSDL for the Dice web service loaded. In the SOAP Structure panel enter a number of sides for the Die and press the Send Request button. Of course you can choose to add more Die by clicking on the + symbol beside the die: Array, or editing the request in the HTTP Content panel.
After pressing the Send Request button you should see the response showing each Die and their value after rolling.
Once you have that working you can move on to writing a handler class and configure the web service to use it. In this example, the SOAP handler class will use resource injection (i.e. @Resource annotation and environment entry elements) for initialisation parameters rather than using the init-params element in the deployment descriptor. This is a little emphasised difference between JAX-RPC and JAX-WS.
There is one more download to get for this example, the handler class and the handler chain descriptor which refers to it. A handler chain defines a set of handlers that should be used for the web service. The web service implementation will have an annotation stating where the handler chain descriptor file is. Extract these two files to the project. To use them add the following to the Dice.java, just after the @WebService annotation:
Note that you will need to import javax.jws.HandlerChain.
The SaaSServerHandler class in this case checks that the calling client is allowed to invoke the web service by looking in the SOAP header for a ‘key’ element with a namespace of urn:soastation:saas. It will also check that the value matches a ‘ValidKeyValue’ environment entry in the web app deployment descriptor. You could further modify the handler to only allow a single Die element in the SOAP envelope if no valid key is provided. That is, a client with the key can use multiple Die while a client without, such as a guest or demonstration client can only use one. Alternatively you could keep track of registered keys and usage. The software as a service options are endless.
Back to the example, looking at the SaaSServerHandler the handleMessage method checks if the message is inbound (request coming in) or outbound (response going out). If the handler was being used for a web service client the outbound message would be the request being sent and the inbound message would be the response beng received. In our example we are interested in the inbound message because we are expecting a particular element. Note that the handler class has a instance variable called saasKeyValue which is set be the ‘ValidKeyValue’ environment entry. To set this, edit the web.xml and add the following:
eValidKeyValue java.lang.String soastation
Test the web service as before. You should get the following fault:
javax.xml.ws.WebServiceException: Invalid service key in SOAP Header. Expecting {urn:soastation:saas}key
Now test it again, but add the required element to the SOAP header. To do this edit the request in the HTTP Content tab. The request should look like this:
soastation
The corresponding result should be the same as when you originally tested the web service before adding the handler. If so, you have successfully implemented the soap handler.
This article discussed how to implement a server side JAX-WS SOAP Handler using the second technology preview of JDeveloper. It has provided code examples of how the handler concept work, including externalising properties in the environment entry elements. Also mentioned were ideas for further development such as reducing the capabilities for ‘guest’ clients. There really is a lot one can do with web service handlers.
At last! A software development manifesto for all of us! Martha Stewart provides some top tips for success in the Autumn edition of wired magazine’s How To Guide. Now, whether you are Agile, Extreme, or recovering from COBOL Fingers you can huddle with the masses under the ‘Making things go faster – but not worse’ banner.
Of course Martha is not a patch on The Toilet Roll Lady who inspired a whole generation of scientists, engineers and public relation gurus. Yes folks, Mary ‘Make and Do’ has a DVD out to capture the nostalgia of yesteryear. Ideal Christmas present for the toilet roll collector in your family.
Figure 1. Choosing another port number. This dialog box only gets displayed during installation if port is in use or blocked by firewall.
Figure 2. Keep the firewall ‘On’ and go to the Exceptions list.
Figure 3. Adding the Oracle XE port 1521 to the Exceptions list.
Peter's Random Topic Library 