Metro 2.0 – the advanced SOAP web services stack in GlassFish metro.dev.java.net Harold Carr Architect, Project Metro 1

Metro – SOAP-based Web Services Stack • Built into: GlassFish, Java CAPS, OpenSSO • Works with any servlet 2.5 compliant web container > WebLogic, WebSphere, JBoss, Tomcat, … > Also standalone • Advanced Interoperability with .NET 3.x/4.0 t Trus

STS (e.g., OpenSSO, MS Geneva)

Security, Reliability, Transactions .NET 3.x/4, Java, ....

.NET 3.x/4, JavaEE, ... 2

Metro: main features • • JAX-WS 2.2 (new version) • > autogen JAXB beans (new) • • Security > password derived keys (new) • > @RolesAllowed (new) • • Identity • > SSO for services (new) • > Identity delegation (new) • Reliable Messaging > persistent (new)

Atomic Transactions Centralized config (new) Monitoring (new) NetBeans support Eclipse support (new) Extensible Standards-based > addressing metadata (new) > WS-MakeConnection (new) 3

Metro Interoperability Metro

.NET 3.x/4.0

Client

Client

Endpoint

Endpoint

4

Metro SOAP Web Services Stack JAX-WS Tooling, NetBeans & Studio Support Software Security Secure Conv. Trust XWSS

Reliability ReliableMessaging

Transactions AtomicTransactions Coordination

Metadata WSDL MEX Policy

SOAP Based Messaging (WSA, MTOM) JAXB Based XML Data Binding (XSD, XPATH) HTTP

TCP

SMTP 5

Metro : Security

6

Metro : clear text communication

Metro

client code

load balancer Metro SEI Hello

He llo

stub

Hello

llo He

He llo

proxy server

app code 7

Metro : HTTPS communication

Metro

client code

load balancer Metro SEI Hello

He llo

stub

X!zf7

llo He

X!z f7

proxy server

app code 8

Metro : end-to-end secure comm

Metro

client code

load balancer Metro SEI Hello

He llo

stub

X!zf7

f7 X! z

X!z f7

proxy server

app code 9

Metro: mutual certificates security

10

Metro: creating a web service package foo; import javax.jws.WebService; @WebService() public class MyService { public String echo(final String x) { return "echo: " + x; } } 11

Metro: adding security using NetBeans

12

Option: Secure Conversation

Use: increase performance/security on multiple msgs WSS vs WSSC vs TLS

time in milliseconds

8000

6000

4000

2000

0 WSS WSSC(with KD) WSSC(without KD) TLS

1 KD = Key Derivation

2

5

10

number of messages

13

Option: Secure Conversation

Use: increase performance/security on multiple msgs WSS vs WSSC vs TLS

190000

time in milliseconds

160000 130000 100000 70000 40000 10000 -20000

1 WSS WSSC(with KD) KD = Key Derivation WSSC(without KD) TLS

2

5

10

50

250000 225000 200000 175000 150000 125000 100000 75000 50000 25000 0 100 200 300 400 500 600

number of messages

(note: baseline is plain text)

14

Metro : Identity

15

Metro : authentication ntials Check crede tials eden Check cr credentials Check

n logliogin

login

16

rd

Metro : 3 party authentication

log in log in

Secure Token Service (STS) credentials Check e.g., OpenSSO

n) e k o ken) t h t i th to ) w ( n i e g k w to msmsg ( h t i (w g s m NEW Trust features: * Identity delegation * SSO among services (token cache/sharing) * Managing token lifetime and renew 17

Metro : brokered trust

ed r e k bro

logi

n

(w g s m

n) e k o ith t

18

Metro : Reliable Messaging

19

Metro : Reliable Messaging 1

1 2 3 4 missing #2

3 missing #2

2'

2'

Metro

4

1 2

Recovery from - missing messages - out-of-order messages - server-side crash/restart (NEW)

4

client code

SEI

3

1 2 3

stub

4

Metro

app code 20

Metro : Atomic Transactions

21

Metro : Atomic Transactions UserTransaction ut = context.getUserTransaction(); try { ut.begin(); accountA.withdraw(amount); accountB.deposit(amount); ut.commit(); } catch (Exception ex) { ut.rollback(); }

all or nothing

22

Metro : Monitoring & Management

23

Metro : Monitoring & Management

24

Metro Management using jmxterm $>open localhost:8686

www.cyclopsgroup.org/projects/jmxterm

$>beans amx:name=/RMService-RMServiceService-RMServicePort,pp=... $>bean amx:name=/RMService-RMServiceService-RMServiceP... $>get features features = [ { enabled = true; iD = com.sun.xml.ws.rm.ReliableMessagingFeature; }, { enabled = true; iD = http://www.w3.org/2005/08/addressing/module; } ]; $>set dumpHTTPMessages true

25

Metro : centralized web service configuration management

Policy Group A Administration Group B Point

configure configu re configure

WS 1

WS 2 WS 3

26

Metro Interoperability via Standards • Basic Web Services > JCP: JAX-WS 2.2 & JAXB 2.2 > W3C: SOAP 1.1/1.2, WSDL 1.1, WS-Addressing, MTOM > WS-I: Basic Profile 1.x, 2.0, SSBP 1.0, AP 1.0, BSP 1.0

• Enterprise Web Services > Oasis: WS-Security, WS-SecureConversation,

WS-Trust, WS-SecurityPolicy, WS-ReliableMessaging, WS-MakeConnection, WS-AtomicTransactions, WS-Coordintation > W3C: WS-Addressing, WS-Policy, WS-Transfer > WS-MetadataExchange

• (Same specs implemented by MS .NET)

27

Metro: main features • • JAX-WS 2.2 (new version) • > autogen JAXB beans (new) • • Security > password derived keys (new) • > @RolesAllowed (new) • • Identity • > SSO for services (new) • > Identity delegation (new) • Reliable Messaging > persistent (new)

Atomic Transactions Centralized config (new) Monitoring (new) NetBeans support Eclipse support (new) Extensible Standards-based > addressing metadata (new) > WS-MakeConnection (new) 28

Metro SOAP Web Services stack in GlassFish v3 metro.dev.java.net

29