Metro 2.0 – the advanced SOAP web services stack in GlassFish metro.dev.java.net Harold Carr Architect, Project Metro 1
Metro – SOAP-based Web Services Stack • Built into: GlassFish, Java CAPS, OpenSSO • Works with any servlet 2.5 compliant web container > WebLogic, WebSphere, JBoss, Tomcat, … > Also standalone • Advanced Interoperability with .NET 3.x/4.0 t Trus
STS (e.g., OpenSSO, MS Geneva)
Security, Reliability, Transactions .NET 3.x/4, Java, ....
.NET 3.x/4, JavaEE, ... 2
Metro: main features • • JAX-WS 2.2 (new version) • > autogen JAXB beans (new) • • Security > password derived keys (new) • > @RolesAllowed (new) • • Identity • > SSO for services (new) • > Identity delegation (new) • Reliable Messaging > persistent (new)
Atomic Transactions Centralized config (new) Monitoring (new) NetBeans support Eclipse support (new) Extensible Standards-based > addressing metadata (new) > WS-MakeConnection (new) 3
Metro Interoperability Metro
.NET 3.x/4.0
Client
Client
Endpoint
Endpoint
4
Metro SOAP Web Services Stack JAX-WS Tooling, NetBeans & Studio Support Software Security Secure Conv. Trust XWSS
Reliability ReliableMessaging
Transactions AtomicTransactions Coordination
Metadata WSDL MEX Policy
SOAP Based Messaging (WSA, MTOM) JAXB Based XML Data Binding (XSD, XPATH) HTTP
TCP
SMTP 5
Metro : Security
6
Metro : clear text communication
Metro
client code
load balancer Metro SEI Hello
He llo
stub
Hello
llo He
He llo
proxy server
app code 7
Metro : HTTPS communication
Metro
client code
load balancer Metro SEI Hello
He llo
stub
X!zf7
llo He
X!z f7
proxy server
app code 8
Metro : end-to-end secure comm
Metro
client code
load balancer Metro SEI Hello
He llo
stub
X!zf7
f7 X! z
X!z f7
proxy server
app code 9
Metro: mutual certificates security
10
Metro: creating a web service package foo; import javax.jws.WebService; @WebService() public class MyService { public String echo(final String x) { return "echo: " + x; } } 11
Metro: adding security using NetBeans
12
Option: Secure Conversation
Use: increase performance/security on multiple msgs WSS vs WSSC vs TLS
time in milliseconds
8000
6000
4000
2000
0 WSS WSSC(with KD) WSSC(without KD) TLS
1 KD = Key Derivation
2
5
10
number of messages
13
Option: Secure Conversation
Use: increase performance/security on multiple msgs WSS vs WSSC vs TLS
190000
time in milliseconds
160000 130000 100000 70000 40000 10000 -20000
1 WSS WSSC(with KD) KD = Key Derivation WSSC(without KD) TLS
2
5
10
50
250000 225000 200000 175000 150000 125000 100000 75000 50000 25000 0 100 200 300 400 500 600
number of messages
(note: baseline is plain text)
14
Metro : Identity
15
Metro : authentication ntials Check crede tials eden Check cr credentials Check
n logliogin
login
16
rd
Metro : 3 party authentication
log in log in
Secure Token Service (STS) credentials Check e.g., OpenSSO
n) e k o ken) t h t i th to ) w ( n i e g k w to msmsg ( h t i (w g s m NEW Trust features: * Identity delegation * SSO among services (token cache/sharing) * Managing token lifetime and renew 17
Metro : brokered trust
ed r e k bro
logi
n
(w g s m
n) e k o ith t
18
Metro : Reliable Messaging
19
Metro : Reliable Messaging 1
1 2 3 4 missing #2
3 missing #2
2'
2'
Metro
4
1 2
Recovery from - missing messages - out-of-order messages - server-side crash/restart (NEW)
4
client code
SEI
3
1 2 3
stub
4
Metro
app code 20
Metro : Atomic Transactions
21
Metro : Atomic Transactions UserTransaction ut = context.getUserTransaction(); try { ut.begin(); accountA.withdraw(amount); accountB.deposit(amount); ut.commit(); } catch (Exception ex) { ut.rollback(); }
all or nothing
22
Metro : Monitoring & Management
23
Metro : Monitoring & Management
24
Metro Management using jmxterm $>open localhost:8686
www.cyclopsgroup.org/projects/jmxterm
$>beans amx:name=/RMService-RMServiceService-RMServicePort,pp=... $>bean amx:name=/RMService-RMServiceService-RMServiceP... $>get features features = [ { enabled = true; iD = com.sun.xml.ws.rm.ReliableMessagingFeature; }, { enabled = true; iD = http://www.w3.org/2005/08/addressing/module; } ]; $>set dumpHTTPMessages true
25
Metro : centralized web service configuration management
Policy Group A Administration Group B Point
configure configu re configure
WS 1
WS 2 WS 3
26
Metro Interoperability via Standards • Basic Web Services > JCP: JAX-WS 2.2 & JAXB 2.2 > W3C: SOAP 1.1/1.2, WSDL 1.1, WS-Addressing, MTOM > WS-I: Basic Profile 1.x, 2.0, SSBP 1.0, AP 1.0, BSP 1.0
• Enterprise Web Services > Oasis: WS-Security, WS-SecureConversation,
WS-Trust, WS-SecurityPolicy, WS-ReliableMessaging, WS-MakeConnection, WS-AtomicTransactions, WS-Coordintation > W3C: WS-Addressing, WS-Policy, WS-Transfer > WS-MetadataExchange
• (Same specs implemented by MS .NET)
27
Metro: main features • • JAX-WS 2.2 (new version) • > autogen JAXB beans (new) • • Security > password derived keys (new) • > @RolesAllowed (new) • • Identity • > SSO for services (new) • > Identity delegation (new) • Reliable Messaging > persistent (new)
Atomic Transactions Centralized config (new) Monitoring (new) NetBeans support Eclipse support (new) Extensible Standards-based > addressing metadata (new) > WS-MakeConnection (new) 28
Metro SOAP Web Services stack in GlassFish v3 metro.dev.java.net
29