1 © talend 2014 service registry / ws-policy registry training slides 2014 jan bernhardt...
TRANSCRIPT
2© Talend 2014
Agenda
➜ Introduction➜ Architecture➜ Installation & Configuration➜ Deployment & Administration➜ Usage➜ Further topics➜ Hands On
3© Talend 2014
Introduction
4© Talend 2014
(SOA) Governance
➜ Define policies for providing guidance for the creation and evolution of the application landscape.
➜ Steps required to implement governance:• Define the policies you want to apply.• Apply these policies during design time.• Monitor and enforce the policies during runtime.
➜ Service / Policy Registry helps to enforce the governance policies during runtime?• Management of service metadata (WSDL’s, policies)• Ensure consistency• Allow traceability
5© Talend 2014
Basics - WSDL
➜ WSDL• Web Service Description Language• Defines the service interface• It contains an abstract description with operations, input and
output• It contains concrete connection information like encoding or
endpoint information
6© Talend 2014
Basics - WSDL in detail
Translated from http://de.wikipedia.org/wiki/Datei:WSDL.png
7© Talend 2014
Basics – WS-Policy
➜ WS-Policy (recap)• Defining nonfunctional aspects of services: assertions
• constraints: conditions that the service requester has to fulfill• capabilities: behavior that the service provider guarantees
• Providing Interoperability• Definition of Service Level Agreements (SLAs)• Security, addressing, transaction, …
• Separation of concerns• WSDL for functional aspects• WS-Policy for nonfunctional aspects
8© Talend 2014
Basics – WS-Policy
➜ WS-Policy in Talend ESB• Security Standard, based
on WS-Security• Authorization Talend ESB• SAM Talend ESB• Correlation Id Talend ESB• Schema validation Talend ESB• WS-Addressing Standard• WS-Reliable Messaging Standard• Custom Policies Up to you
9© Talend 2014
Basics – Link WSDL and WS-Policy
➜ WS-Policies can be attached or embedded and referenced in WSDL elements
➜ WS-Policies and WSDLs can be referenced by using a WS-Policy Attachment• Dedicated file referencing the WSDL and the WS-Policy
WSDL WS-PolicyWS-Policy Attachment
WSDL
WS-Policy
WS-Policy
10© Talend 2014
Basics – WSDL and WS-Policy
➜ CXF is able to use policies configured as following:• Inline• Attached (WS-Policy Attachment)• As spring configuration• Dynamically via properties
11© Talend 2014
Registry Naming
➜ Components and tasks• Service Registry provides WSDLs• Policy Registry provides policies• Policy Registry provides policy attachments
➜ Service Registry and Policy Registry work closely together• In the following slides it is only called Service Registry
12© Talend 2014
Requirements for…
➜ WSDLs• Consumers
• In some cases the WSDL is required at startup
• Providers• Required for validation
➜ WS-Policies• Are used to configure non functional aspects
➜ WS-Policy Attachments• Link WSDL and WS-Policy
13© Talend 2014
Challenges and benefits
➜ How to configure decentralized IT-Systems?• Use a central configuration
• With Service Registry it is possible to store these configurations centrally
• Only one dedicated configuration location keeps the system consistent • Can be reused by others (client and provider)• Easier to get an overview• One building block to support IT- or SOA-Governance
Runtime
Runtime
Runtime
Runtime
Runtime
SR & PR
14© Talend 2014
Challenges and benefits
➜ How to configure a common rule set to all services?• Create common policies
• By creating a common policy, linked to all services via policy attachments.
• Changing a common policy affects all services.• One building block to support IT- or SOA-Governance
Runtime
Runtime
Runtime
SR & PRPolicy
15© Talend 2014
Talend ESB integration
➜ Talend ESB Runtime is prepared with Service Registry server and client
➜ Service Registry and Policy Registry are part of the Enterprise Edition of Talend ESB
➜ It follows the design approach to keep the development effort as less as possible. • Just configure WSDL, WS-Policy and Attachment without
development effort at the service or consumer• Security related policies require minimal development effort
(provide keystores, password handler, …)
16© Talend 2014
Architecture
17© Talend 2014
Architecture – Overview
➜ Clients for CXF consumer and provider➜ Server with
• frontends for management and lookup of WSDL’s and policies• Backend based on JackRabbit with persistent storage
18© Talend 2014
ESB Container
ESB ContainerESB Container
Clients
➜ Clients are CXF consumer or CXF provider➜ Lifecycle hook is used to add Service Registry features➜ Client applications need to configure Service Registry
usage➜ Fallback WSDL is locally configurable
CXF Consumer
CXF Provider
SR Client SR ClientServiceRegistry
19© Talend 2014
Server
➜ Service Registry server provides different frontends• Lookup service (plain REST)• Administration service (AtomPub REST)
➜ Data storage is encapsulated by JackRabbit as Java Content Repository implementation (JCR)
➜ Storage can be• File system• Database system
20© Talend 2014
Architecture - Typical deployment
➜ One Service Registry in a dedicated infrastructure runtime container.
➜ Service Registry and Policy Registry may be deployed in a high availability deployment and configuration.
➜ Multiple runtime container with business applications using or providing CXF based Web Services.
➜ For each runtime container exactly one Service Registry client.
21© Talend 2014
Installation &
Configuration
22© Talend 2014
Installation
➜ Client• Installed and started by default in the runtime
➜ Server• Not installed by default in the runtime• Runtime provides commands
• tesb:start-registry to install and start• tesb:stop-registry to uninstall and stop
[ 254] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: Server (5.4.1)[ 255] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: REST Atom Service (5.4.1)[ 256] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: REST Lookup Service (5.4.1)[ 257] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: Server :: Commands (5.4.1)
23© Talend 2014
Configuration
➜ Ports• The Talend Service Registry service is exposed via the
container HTTP(s) port which can be configured in the org.ops4j.pax.web.cfg.
➜ SSL• Client relevant setting.
• etc/org.talend.esb.registry.client.policy.cfg– Change registry.url property to the https endpoint
• etc/org.talend.esb.registry.client.wsdl.cfg– Change registry.url property to the https endpoint
24© Talend 2014
Configuration
➜ Authentication• Enforce authentication on server for administration
• org.talend.esb.registry.service.admin.cfg– registry.authentication (NO, BASIC, SAML)
• Enforce authentication on server for runtime (lookup)• org.talend.esb.registry.service.lookup.cfg to
– registry.authentication (NO, BASIC, SAML)
• Client needs a corresponding configuration.
25© Talend 2014
Deployment &
Administration
26© Talend 2014
Administration interfaces
➜ Three administration interfaces are provided• Command line interface
• Inside of the Talend runtime
• AtomPub REST Service• Talend Administration Center (TAC)
27© Talend 2014
Command Line
➜ The following commands are available:tregistry:createtregistry:deletetregistry:exporttregistry:helptregistry:importtregistry:listtregistry:readtregistry:update
Create Registry resourceDelete Registry resourceExport Service Registry resourcesShow Registry helpImport resources from file to RegistryList Registry resources by typeRead Registry resourceUpdate Registry resource (content)
➜ Typical parameter:• type = wsdl, ws-policy or ws-policy-attach• name = an identifier• file = path to a file
28© Talend 2014
Command Line
➜ Sample• Import a WSDL and validate it is imported:
karaf@infra> tregistry:create wsdl etc/wsdl/Greeter.wsdlCreate Registry wsdl resource with name = Greeter : DONE
karaf@infra> tregistry:list wsdlTalend ESB Registry :: Collection of wsdl resources [size:1] Name - Greeter
karaf@infra> tregistry:read wsdl GreeterRegistry wsdl resource with name = Greeter----------------------------------------------------------------------<wsdl:definitions xmlns:wsdl=http://schemas.xmlsoap.org/wsdl/…
…
29© Talend 2014
AtomPub REST Service
➜ The REST Service provides an additional administration interface• based on RFC 5023 and RFC 4287• Most inputs and results are represented as atom xml media
type➜ The interface can be found at
• http://<host>:<port>/services/registry/admin?_wadl
30© Talend 2014
AtomPub REST Service
➜ Sample• We use ‘wget’ command to download the registered services
• wget http://localhost:8040/services/registry/admin/wsdl/
• The downloaded file has the name index.html and contains the result of the registry in XML format
<feed xmlns="http://www.w3.org/2005/Atom">…
<entry xmlns:reg="http://www.talend.com/esb/registry/1.0">…
<reg:targetNamespace>http://talend.org/greeter</reg:targetNamespace> <reg:serviceName> {http://talend.org/greeter}GreeterService </reg:serviceName> <reg:name>Greeter</reg:name> </entry>
…</feed>
The result contains links. For example to the WSDL content
31© Talend 2014
Usage
32© Talend 2014
General procedure
➜ Registry• Register the WSDL• Register a WS-Policy• Register a WS-Policy Attachment
➜ Provider• Enable Service Registry usage• Use case specific: Add required configuration or sources
➜ Consumer• Enable Service Registry usage• Use case specific: Add required configuration or sources
33© Talend 2014
Example on the slides
➜ The following slides uses the Greeter service➜ The service shall be available via HTTPS only➜ The restriction shall be implemented by using policies➜ All required files are copied into the container ➜ Code snippets are reduced. Hidden elements are
marked with ‘…’
34© Talend 2014
Registry
➜ WSDL• Register the WSDL
• For example with the Command Line karaf@infra> tregistry:create wsdl etc/wsdl/GreeterHttps.wsdlCreate Registry wsdl resource with name = Greeter : DONE
<wsdl:definitions … name="Greeter“ targetNamespace="http://talend.org/greeter" > <wsdl:service name="GreeterService"> <wsdl:port binding="tns:Greeter_SOAPBinding" name="GreeterPort"> <soap:address location="https://localhost:9002/services/GreeterServiceProvider" /> </wsdl:port> </wsdl:service></wsdl:definitions>
The identifier is the name attribute from the definition element.
35© Talend 2014
Registry
➜ Policy• Register the WS-Policy
• For example with the Command Line karaf@infra> tregistry:create ws-policy etc/policies/Https.policyCreate Registry ws-policy resource with name = https : DONE<wsp:Policy Name="https" wsu:Id="https-policy" … > <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken> </wsp:Policy> </sp:TransportToken>
…
The identifier is the nameattribute from the Policy
36© Talend 2014
Registry
➜ Policy Attachment• Register the WS-Policy Attachment
• For example with the Command Line karaf@infra> tregistry:create ws-policy-attach etc/policies/GreeterHttps.policyCreate Registry ws-policy-attach resource with name = GreeterHttps : DONE
<wsp:PolicyAttachment Name="GreeterHttps" xmlns:wsp="http://www.w3.org/ns/ws-policy"> <wsp:AppliesTo> <wsp:URI> http://talend.org/greeter#wsdl11.service(GreeterService) </wsp:URI> </wsp:AppliesTo> <wsp:PolicyReference URI="https" /></wsp:PolicyAttachment>
The identifier is the name attribute fromthe PolicyAttachment.
37© Talend 2014
Policy Attachment
➜ WSDL elements to refer• The AppliesTo element refers the WSDL element which shall
be linked with the WS-Policy• It is build by the following pattern
• <wsdl-target-namespace>#<pointer-part>– For example the wsdl-target-namespace is ‘http://talend.org/greeter’– The pointer-part could be:
• the complete service ‘wsdl11.service(serviceName)’ and the serviceName must be replaced with the real service name
• a service operation ‘wsdl11.bindingOperation(binding/operation)’ and the binding/operation must be replaced with the real operation
38© Talend 2014
Policy Attachment
<wsp:PolicyAttachment Name="GreeterHttps” xmlns:wsp="http://www.w3.org/ns/ws-policy"> <wsp:AppliesTo> <wsp:URI> http://talend.org/greeter#wsdl11.service(GreeterService) </wsp:URI> </wsp:AppliesTo> <wsp:PolicyReference URI="https" /></wsp:PolicyAttachment>
WS-Policy Attachment
WS-Policy
WSDL
39© Talend 2014
Provider
➜ Enable Service Registry feature• In this example it is activated in the blueprint
<blueprint … > <jaxws:endpoint id="greeterService” implementor="org.talend.training.esb.greeter.provider.GreeterServiceImpl” address="/GreeterServiceProvider"> <jaxws:properties> <entry key="use.service.registry" value="true" /> <jaxws:properties> </jaxws:endpoint></blueprint>
40© Talend 2014
Consumer
➜ Enable Service Registry feature• In this example it is activated in the blueprint
<blueprint … > <jaxws:client id="greeterServiceClient” serviceClass="org.talend.greeter.Greeter"> <jaxws:properties> <entry key="use.service.registry" value="true" /> </jaxws:properties> </jaxws:client>
…</blueprint>
Do not use the ‘address’ attribute. It would overwrite the registry values.
41© Talend 2014
At runtime
➜ REST service for lookup➜ The service is automatically called by the service
registry client
42© Talend 2014
Hands On
43© Talend 2014
Hands On
➜ Install the Service Registry➜ Define Security Policy
• Enforce HTTPS transport• Set Policy Name• Define Policy Attachment
➜ Upload SR Artifacts• Upload WSDL, WS-Policy, Policy-Attachment
➜ Enable SR Usage• Set JAX-WS Property at Provider & Consumer
➜ Bonus: Enforce schema validation at provider side
44© Talend 2014
Resources➜ Infrastructure Services
Talend_ESB_InfrastructureServices_CG_5.4.1_EN.pdf
➜ CXF and WS-Policy http://cxf.apache.org/docs/ws-policy.html
➜ WSDL http://www.w3.org/TR/wsdl
➜ WS-Policy http://www.w3.org/TR/ws-policy/
➜ WS-Policy Attachmenthttp://www.w3.org/TR/ws-policy-attach/
➜ RFC 5023 https://www.ietf.org/rfc/rfc5023.txt
➜ RFC 4287 https://www.ietf.org/rfc/rfc4287.txt
45© Talend 2014
Thank You!