150 likes | 170 Views
This presentation explores a service-oriented approach to application development, highlighting the benefits of maximizing code reuse, platform independence, and language independence. Topics covered include web services, SOAP communication, and the use of Spring framework and Acegi security provider. The presentation also includes recommendations on versioning, client stub generation, and future work for integrating application authentication and creating a web interface for managing authorizations.
E N D
A Service-Oriented Approach to Application Development Robert Darneille & Gary Schorer WPI MQP PresentationsICS Group 10 October 2007
Acknowledgements • WPI Faculty Advisors • Professor Ciaraldi • Lincoln Laboratory Advisors • Peter Miller • Robert Nicholls • Kathy Carusone • Lincoln Laboratory Testers • Peter Tecce
Web Services • Make applications available for access through the web • Maximize code reuse, minimize rewriting • Write one service to perform a task • Applications call service, no need to rewrite task logic • Platform-independent, language-independent • Clients can use any language • Services can be implemented in any language • Services communicate using SOAP • Declare their functionality using WSDL
Applications with Services With Services Without Services Database Database Application 1 Web Service Search logic in C++ Search logic in Java Application 2 Application 1 Search logic in Java Service call in C++ Application 2 Application 3 Service call in Perl Search logic in Perl
Technologies Java Object • Spring • Framework which converts XML into Java objects and manages their relationships • Service Framework • Exposes Java objects as web services • WSDL • XML-based format used to describe service operations • Acegi • Security provider which restricts access to resources • SOAP • XML-based message format used by services Spring Service Framework WSDL Web Service Acegi SOAP 1: 2: 1 Client
Problem • Services are desirable, but… • Lack of standards • No consistent versioning technique • No consistent authentication protocol • Everyone developing independently • Different platforms • Difficult to communicate • Everyone conducting independent research • No shared research pool to draw on
Our Solution • Create a service skeleton • Distributable file used as a development base • Quick, easy creation of Java services • Authenticating calling applications • Consistency between service structures • Document usage/recommendations • How to setup the skeleton • How to handle versioning • How to generate client stubs
Skeleton Requirements • Expose Java classes as services • Run inside Apache Tomcat • Authenticate other applications • Use Acegi (Spring) Security for authentication • Load Java objects via Spring
Skeleton Creation • Most components were given • Server was Apache Tomcat • Security provider was Acegi • Needed a service framework to make Java objects accessible as services • Needed Acegi to authenticate from SOAP messages, interact with service framework Apache Tomcat Acegi Service Framework Services Java - Required development - Provided by users
Service Framework Selection • 3 major candidates identified: Axis2, CXF, XFire • Tested by making services out of the same Java objects • Ran same set of operations, passing and returning many different data types • Tested for reliable retrieval of many data types • Axis2’s WSDL types differed from actual return types • CXF failed to pass arrays/lists properly • XFire properly passed and returned all data types
Acegi Configuration • Needed to authenticate from SOAP messages • Wrote a filter to retrieve token from SOAP headers • Authentication provider checks token against authentication database • If successful, passes request along to XFire • Makes use of Spring’s Java object management Request Filter Auth. Provider XFire Error Message
Versioning Recommendations • Backwards compatibility must be monitored closely • Addition of operations, data maintains compatibility • Removing/changing existing operations, data does not • Developers must prevent people referencing an old version from using a new one • Changes in meaning, but not data type, could be dangerous • Example: operations which reference groups by name (‘11-05’) changed to reference by ID • Recommend major-minor versioning (e.g. 1.0, 1.1, 2.0) • Major version change means not backwards compatible • Minor version change means new features • Include major version in namespace
Client Stub Generation • Client generators take in a WSDL, generate a client “stub” • Automatically handles Java XML conversions, networking • Makes it easier for other people to use a service • Compared XFire and Axis2 client generators • Axis2 generates better clients • XFire wraps Java types, doubles the layers used to access meaningful data • Included instructions of generating clients with Axis2 Axis2 Person.getPhoneNumber().getAreaCode() XFire Person.getPhoneNumber().getValue().getAreaCode().getValue()
Future Work • Integrate application authentication with existing directories • LDAP, SAP • Create a web interface for managing application authorizations • Reexamine CXF for possible fixes • Same developers as XFire • Should perform just as effectively
Summary • Distributable base for new application development • Easy means of creating services from Java objects • Integrated authentication of remote applications • “Best practices” for versioning services • Recommendations, instructions for client generation • Ease creation of services from new applications • Ease adoption of services overall