1© Talend 2014

Service Registry / WS-Policy RegistryTraining Slides 2014

Jan Bernhardtjbernhardt@talend.com

Zsolt Beothy-Elozbeothy-elo@talend.com

2© Talend 2014

Agenda

➜ Introduction➜ Architecture➜ Installation & Configuration➜ Deployment & Administration➜ Usage➜ Further topics➜ Hands On

3© Talend 2014

Introduction

4© Talend 2014

(SOA) Governance

➜ Define policies for providing guidance for the creation and evolution of the application landscape.

➜ Steps required to implement governance:• Define the policies you want to apply.• Apply these policies during design time.• Monitor and enforce the policies during runtime.

➜ Service / Policy Registry helps to enforce the governance policies during runtime?• Management of service metadata (WSDL’s, policies)• Ensure consistency• Allow traceability

5© Talend 2014

Basics - WSDL

➜ WSDL• Web Service Description Language• Defines the service interface• It contains an abstract description with operations, input and

output• It contains concrete connection information like encoding or

endpoint information

6© Talend 2014

Basics - WSDL in detail

Translated from http://de.wikipedia.org/wiki/Datei:WSDL.png

7© Talend 2014

Basics – WS-Policy

➜ WS-Policy (recap)• Defining nonfunctional aspects of services: assertions

• constraints: conditions that the service requester has to fulfill• capabilities: behavior that the service provider guarantees

• Providing Interoperability• Definition of Service Level Agreements (SLAs)• Security, addressing, transaction, …

• Separation of concerns• WSDL for functional aspects• WS-Policy for nonfunctional aspects

8© Talend 2014

Basics – WS-Policy

➜ WS-Policy in Talend ESB• Security Standard, based

on WS-Security• Authorization Talend ESB• SAM Talend ESB• Correlation Id Talend ESB• Schema validation Talend ESB• WS-Addressing Standard• WS-Reliable Messaging Standard• Custom Policies Up to you

9© Talend 2014

Basics – Link WSDL and WS-Policy

➜ WS-Policies can be attached or embedded and referenced in WSDL elements

➜ WS-Policies and WSDLs can be referenced by using a WS-Policy Attachment• Dedicated file referencing the WSDL and the WS-Policy

WSDL WS-PolicyWS-Policy Attachment

WSDL

WS-Policy

WS-Policy

10© Talend 2014

Basics – WSDL and WS-Policy

➜ CXF is able to use policies configured as following:• Inline• Attached (WS-Policy Attachment)• As spring configuration• Dynamically via properties

11© Talend 2014

Registry Naming

➜ Components and tasks• Service Registry provides WSDLs• Policy Registry provides policies• Policy Registry provides policy attachments

➜ Service Registry and Policy Registry work closely together• In the following slides it is only called Service Registry

12© Talend 2014

Requirements for…

➜ WSDLs• Consumers

• In some cases the WSDL is required at startup

• Providers• Required for validation

➜ WS-Policies• Are used to configure non functional aspects

➜ WS-Policy Attachments• Link WSDL and WS-Policy

13© Talend 2014

Challenges and benefits

➜ How to configure decentralized IT-Systems?• Use a central configuration

• With Service Registry it is possible to store these configurations centrally

• Only one dedicated configuration location keeps the system consistent • Can be reused by others (client and provider)• Easier to get an overview• One building block to support IT- or SOA-Governance

Runtime

Runtime

Runtime

Runtime

Runtime

SR & PR

14© Talend 2014

Challenges and benefits

➜ How to configure a common rule set to all services?• Create common policies

• By creating a common policy, linked to all services via policy attachments.

• Changing a common policy affects all services.• One building block to support IT- or SOA-Governance

Runtime

Runtime

Runtime

SR & PRPolicy

15© Talend 2014

Talend ESB integration

➜ Talend ESB Runtime is prepared with Service Registry server and client

➜ Service Registry and Policy Registry are part of the Enterprise Edition of Talend ESB

➜ It follows the design approach to keep the development effort as less as possible. • Just configure WSDL, WS-Policy and Attachment without

development effort at the service or consumer• Security related policies require minimal development effort

(provide keystores, password handler, …)

16© Talend 2014

Architecture

17© Talend 2014

Architecture – Overview

➜ Clients for CXF consumer and provider➜ Server with

• frontends for management and lookup of WSDL’s and policies• Backend based on JackRabbit with persistent storage

18© Talend 2014

ESB Container

ESB ContainerESB Container

Clients

➜ Clients are CXF consumer or CXF provider➜ Lifecycle hook is used to add Service Registry features➜ Client applications need to configure Service Registry

usage➜ Fallback WSDL is locally configurable

CXF Consumer

CXF Provider

SR Client SR ClientServiceRegistry

19© Talend 2014

Server

➜ Service Registry server provides different frontends• Lookup service (plain REST)• Administration service (AtomPub REST)

➜ Data storage is encapsulated by JackRabbit as Java Content Repository implementation (JCR)

➜ Storage can be• File system• Database system

20© Talend 2014

Architecture - Typical deployment

➜ One Service Registry in a dedicated infrastructure runtime container.

➜ Service Registry and Policy Registry may be deployed in a high availability deployment and configuration.

➜ Multiple runtime container with business applications using or providing CXF based Web Services.

➜ For each runtime container exactly one Service Registry client.

21© Talend 2014

Installation &

Configuration

22© Talend 2014

Installation

➜ Client• Installed and started by default in the runtime

➜ Server• Not installed by default in the runtime• Runtime provides commands

• tesb:start-registry to install and start• tesb:stop-registry to uninstall and stop

[ 254] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: Server (5.4.1)[ 255] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: REST Atom Service (5.4.1)[ 256] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: REST Lookup Service (5.4.1)[ 257] [Active ] [Created ] [ ] [ 80] Talend ESB Registry :: Server :: Commands (5.4.1)

23© Talend 2014

Configuration

➜ Ports• The Talend Service Registry service is exposed via the

container HTTP(s) port which can be configured in the org.ops4j.pax.web.cfg.

➜ SSL• Client relevant setting.

• etc/org.talend.esb.registry.client.policy.cfg– Change registry.url property to the https endpoint

• etc/org.talend.esb.registry.client.wsdl.cfg– Change registry.url property to the https endpoint

24© Talend 2014

Configuration

➜ Authentication• Enforce authentication on server for administration

• org.talend.esb.registry.service.admin.cfg– registry.authentication (NO, BASIC, SAML)

• Enforce authentication on server for runtime (lookup)• org.talend.esb.registry.service.lookup.cfg to

– registry.authentication (NO, BASIC, SAML)

• Client needs a corresponding configuration.

25© Talend 2014

Deployment &

Administration

26© Talend 2014

Administration interfaces

➜ Three administration interfaces are provided• Command line interface

• Inside of the Talend runtime

• AtomPub REST Service• Talend Administration Center (TAC)

27© Talend 2014

Command Line

➜ The following commands are available:tregistry:createtregistry:deletetregistry:exporttregistry:helptregistry:importtregistry:listtregistry:readtregistry:update

Create Registry resourceDelete Registry resourceExport Service Registry resourcesShow Registry helpImport resources from file to RegistryList Registry resources by typeRead Registry resourceUpdate Registry resource (content)

➜ Typical parameter:• type = wsdl, ws-policy or ws-policy-attach• name = an identifier• file = path to a file

28© Talend 2014

Command Line

➜ Sample• Import a WSDL and validate it is imported:

karaf@infra> tregistry:create wsdl etc/wsdl/Greeter.wsdlCreate Registry wsdl resource with name = Greeter : DONE

karaf@infra> tregistry:list wsdlTalend ESB Registry :: Collection of wsdl resources [size:1] Name - Greeter

karaf@infra> tregistry:read wsdl GreeterRegistry wsdl resource with name = Greeter----------------------------------------------------------------------<wsdl:definitions xmlns:wsdl=http://schemas.xmlsoap.org/wsdl/…

…

29© Talend 2014

AtomPub REST Service

➜ The REST Service provides an additional administration interface• based on RFC 5023 and RFC 4287• Most inputs and results are represented as atom xml media

type➜ The interface can be found at

• http://<host>:<port>/services/registry/admin?_wadl

30© Talend 2014

AtomPub REST Service

➜ Sample• We use ‘wget’ command to download the registered services

• wget http://localhost:8040/services/registry/admin/wsdl/

• The downloaded file has the name index.html and contains the result of the registry in XML format

<feed xmlns="http://www.w3.org/2005/Atom">…

<entry xmlns:reg="http://www.talend.com/esb/registry/1.0">…

<reg:targetNamespace>http://talend.org/greeter</reg:targetNamespace> <reg:serviceName> {http://talend.org/greeter}GreeterService </reg:serviceName> <reg:name>Greeter</reg:name> </entry>

…</feed>

The result contains links. For example to the WSDL content

31© Talend 2014

Usage

32© Talend 2014

General procedure

➜ Registry• Register the WSDL• Register a WS-Policy• Register a WS-Policy Attachment

➜ Provider• Enable Service Registry usage• Use case specific: Add required configuration or sources

➜ Consumer• Enable Service Registry usage• Use case specific: Add required configuration or sources

33© Talend 2014

Example on the slides

➜ The following slides uses the Greeter service➜ The service shall be available via HTTPS only➜ The restriction shall be implemented by using policies➜ All required files are copied into the container ➜ Code snippets are reduced. Hidden elements are

marked with ‘…’

34© Talend 2014

Registry

➜ WSDL• Register the WSDL

• For example with the Command Line karaf@infra> tregistry:create wsdl etc/wsdl/GreeterHttps.wsdlCreate Registry wsdl resource with name = Greeter : DONE

<wsdl:definitions … name="Greeter“ targetNamespace="http://talend.org/greeter" > <wsdl:service name="GreeterService"> <wsdl:port binding="tns:Greeter_SOAPBinding" name="GreeterPort"> <soap:address location="https://localhost:9002/services/GreeterServiceProvider" /> </wsdl:port> </wsdl:service></wsdl:definitions>

The identifier is the name attribute from the definition element.

35© Talend 2014

Registry

➜ Policy• Register the WS-Policy

• For example with the Command Line karaf@infra> tregistry:create ws-policy etc/policies/Https.policyCreate Registry ws-policy resource with name = https : DONE<wsp:Policy Name="https" wsu:Id="https-policy" … > <wsp:ExactlyOne> <wsp:All> <sp:TransportBinding> <wsp:Policy> <sp:TransportToken> <wsp:Policy> <sp:HttpsToken> </wsp:Policy> </sp:TransportToken>

…

The identifier is the nameattribute from the Policy

36© Talend 2014

Registry

➜ Policy Attachment• Register the WS-Policy Attachment

• For example with the Command Line karaf@infra> tregistry:create ws-policy-attach etc/policies/GreeterHttps.policyCreate Registry ws-policy-attach resource with name = GreeterHttps : DONE

<wsp:PolicyAttachment Name="GreeterHttps" xmlns:wsp="http://www.w3.org/ns/ws-policy"> <wsp:AppliesTo> <wsp:URI> http://talend.org/greeter#wsdl11.service(GreeterService) </wsp:URI> </wsp:AppliesTo> <wsp:PolicyReference URI="https" /></wsp:PolicyAttachment>

The identifier is the name attribute fromthe PolicyAttachment.

37© Talend 2014

Policy Attachment

➜ WSDL elements to refer• The AppliesTo element refers the WSDL element which shall

be linked with the WS-Policy• It is build by the following pattern

• <wsdl-target-namespace>#<pointer-part>– For example the wsdl-target-namespace is ‘http://talend.org/greeter’– The pointer-part could be:

• the complete service ‘wsdl11.service(serviceName)’ and the serviceName must be replaced with the real service name

• a service operation ‘wsdl11.bindingOperation(binding/operation)’ and the binding/operation must be replaced with the real operation

38© Talend 2014

Policy Attachment

<wsp:PolicyAttachment Name="GreeterHttps” xmlns:wsp="http://www.w3.org/ns/ws-policy"> <wsp:AppliesTo> <wsp:URI> http://talend.org/greeter#wsdl11.service(GreeterService) </wsp:URI> </wsp:AppliesTo> <wsp:PolicyReference URI="https" /></wsp:PolicyAttachment>

WS-Policy Attachment

WS-Policy

WSDL

39© Talend 2014

Provider

➜ Enable Service Registry feature• In this example it is activated in the blueprint

<blueprint … > <jaxws:endpoint id="greeterService” implementor="org.talend.training.esb.greeter.provider.GreeterServiceImpl” address="/GreeterServiceProvider"> <jaxws:properties> <entry key="use.service.registry" value="true" /> <jaxws:properties> </jaxws:endpoint></blueprint>

40© Talend 2014

Consumer

➜ Enable Service Registry feature• In this example it is activated in the blueprint

<blueprint … > <jaxws:client id="greeterServiceClient” serviceClass="org.talend.greeter.Greeter"> <jaxws:properties> <entry key="use.service.registry" value="true" /> </jaxws:properties> </jaxws:client>

…</blueprint>

Do not use the ‘address’ attribute. It would overwrite the registry values.

41© Talend 2014

At runtime

➜ REST service for lookup➜ The service is automatically called by the service

registry client

42© Talend 2014

Hands On

43© Talend 2014

Hands On

➜ Install the Service Registry➜ Define Security Policy

• Enforce HTTPS transport• Set Policy Name• Define Policy Attachment

➜ Upload SR Artifacts• Upload WSDL, WS-Policy, Policy-Attachment

➜ Enable SR Usage• Set JAX-WS Property at Provider & Consumer

➜ Bonus: Enforce schema validation at provider side

44© Talend 2014

Resources➜ Infrastructure Services

Talend_ESB_InfrastructureServices_CG_5.4.1_EN.pdf

➜ CXF and WS-Policy http://cxf.apache.org/docs/ws-policy.html

➜ WSDL http://www.w3.org/TR/wsdl

➜ WS-Policy http://www.w3.org/TR/ws-policy/

➜ WS-Policy Attachmenthttp://www.w3.org/TR/ws-policy-attach/

➜ RFC 5023 https://www.ietf.org/rfc/rfc5023.txt

➜ RFC 4287 https://www.ietf.org/rfc/rfc4287.txt

45© Talend 2014

Thank You!