Chapter 10. Exposed Direct Connection runtime pattern: generic profile 177
service call using the SOAP Provider in the WebSphere Application Server
Network Deployment V6.0.2.
The Directory and Security services are being provided by the WebSphere
Application Server Network Deployment in this scenario to keep the solution
simple. For more advanced configuration, consult the IBM redbook Enterprise
Security Architecture Using IBM Tivoli Security Solutions, SG24-6014.
10.3 Development guidelines
The scenario in this book describes the development guidelines for implementing
the product mapping shown in Figure 10-8 on page 176 for the Exposed Direct
Connection runtime pattern. This product mapping describes how to add
WS-Security to Web service interactions by configuring enterprise applications in
Rational Application Developer.
10.3.1 Exposed Direct Connection interaction: Generic profile
Figure 10-9 on page 178 shows the interactions that are made by each
component in the sample application.
Note: The development guidelines in this section use Rational Application
Developer V6.0.1.
178 Patterns: Extended Enterprise SOA and Web Services
Figure 10-9 Scenario implementation using the Exposed Direct Connection pattern::Generic profile
Figure 10-9 shows how the application has been written and how it interacts with,
other components. Shown are the enterprise applications (blue boxes), Web
services (white boxes), and the Web service operations (smaller white boxes
such as getCatalog). The e connectivity between the application’s components is
synchronous. Arrows connecting the operations indicate Web service
invocations.
The application interacts as follows:
1. The SCMSampleUI application:
a. Provides a Web user interface.
b. Invokes the Retailer Web service to get a list of all the items for purchase.
c. Invokes the Retailer Web service to order an item.
d. Invokes the LoggingFacility to track an order.
2. When an order is submitted, the Retailer Web service:
a. Invokes the LoggingFacility to log events that occur in the order.
Manufacturer C (CICS Transaction Server)
Manufacturer B (Microsoft .NET)
Manufacturer
Manufacturer A (WebSphere Application Server 6)
submitPO
LoggingFacility
LoggingFacility
logEvent
getEvents
SCMSampleUI
SCMSampleUI
ITSO Good
getEvents
getCatalog
submitOrder
Retailer
Retailer
shipGoods
logEvent
getCatalog
submitOrder
Warehouse
shipGoods
submitPO
logEvent
Warehouse
Indicates a Web service request
Key:
Indicates a one-way operation
Indicates a request/response operation
A Web service operation
or onMessage
Operation name
Chapter 10. Exposed Direct Connection runtime pattern: generic profile 179
b. Invokes the Warehouse to obtain whether the order can be shipped and, if
so, has it shipped.
3. When a request to ship goods is made, the Warehouse Web service:
a. Determines if there is enough of an item in stock to ship the order.
• If there is not enough quantity in stock, it refuses to ship the order.
• If there is enough quantity in stock, it ships the order.
b. Determines if more of the goods need to be ordered:
• If more goods need to be ordered, it submits a purchase order to the
relevant Manufacturer.
• If there is enough of a particular item in stock, it does nothing.
4. When a purchase order is submitted, the Manufacturer Web service receives
and process it, then returns to the Warehouse.
The calls between the Warehouse Web service and the Manufacturer Web
services are interenterprise across an untrusted network, therefore these calls
need to be secured.
10.3.2 Securing applications using WS-Security
The WS-Security specification provides message-level security, which is used to
implement message content integrity and confidentiality.
The advantage of using WS-Security rather than SSL is that WS-Security can
provide end-to-end message-level security. This means that message security
can be protected even if the message goes through multiple services called
intermediaries.
Additionally, WS-Security is independent of the transport layer protocol; it can be
used for any Web service binding (for example, HTTP, JMS, RMI). Using
WS-Security, end-to-end security can be achieved (Figure 10-10).
Figure 10-10 End-to-end security with message-level security
Web service
provider
Web service
consumer
Security Context
Intermediary
Get Patterns: Extended Enterprise SOA and Web Services now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.