Tài liệu SOA Governance in Action doc

MANNING

Jos Dirksen

IN ACTION

REST and Web Service architectures

www.it-ebooks.info

SOA Governance in Action

www.it-ebooks.info

www.it-ebooks.info

SOA Governance

in Action

REST AND WS-* ARCHITECTURES

JOS DIRKSEN

MANNING

SHELTER ISLAND

www.it-ebooks.info

For online information and ordering of this and other Manning books, please visit

www.manning.com. The publisher offers discounts on this book when ordered in quantity.

For more information, please contact

Special Sales Department

Manning Publications Co.

20 Baldwin Road

PO Box 261

Shelter Island, NY 11964

Email: [email protected]

©2013 by Manning Publications Co. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in

any form or by means electronic, mechanical, photocopying, or otherwise, without prior written

permission of the publisher.

Many of the designations used by manufacturers and sellers to distinguish their products are

claimed as trademarks. Where those designations appear in the book, and Manning

Publications was aware of a trademark claim, the designations have been printed in initial caps

or all caps.

Recognizing the importance of preserving what has been written, it is Manning’s policy to have

the books we publish printed on acid-free paper, and we exert our best efforts to that end.

Recognizing also our responsibility to conserve the resources of our planet, Manning books are

printed on paper that is at least 15 percent recycled and processed without elemental chlorine.

Development editor: Scott Meyers

Manning Publications Co. Technical proofreader: Niek Palm

20 Baldwin Road Copyeditor: Linda Recktenwald

PO Box 261 Proofreader: Melody Dolab

Shelter Island, NY 11964 Typesetter: Marija Tudor

Cover designer: Marija Tudor

ISBN: 9781617290275

Printed in the United States of America

1 2 3 4 5 6 7 8 9 10 – MAL – 18 17 16 15 14 13 12

www.it-ebooks.info

To my wife Brigitte, my daughter Sophie, and my parents

www.it-ebooks.info

www.it-ebooks.info

vii

brief contents

PART 1 INTRODUCTION ........................................................... 1

1 ■ Introducing SOA governance 3

2 ■ Setting up the SOA governance environment 27

3 ■ Using a case study to understand SOA governance 60

PART 2 DESIGN-TIME POLICIES ............................................... 79

4 ■ Service design and documentation policies 81

5 ■ Security policies 116

6 ■ Testing, performance, and the cloud 156

PART 3 RUNTIME POLICIES................................................... 187

7 ■ Using tools for runtime governance 189

8 ■ Lifecycle support and discovering resources 212

9 ■ Integrating SOA governance tools with existing tools and

technologies 235

www.it-ebooks.info

viii BRIEF CONTENTS

www.it-ebooks.info

ix

contents

preface xv

acknowledgments xvii

about this book xix

about the cover illustration xxiii

PART 1 INTRODUCTION................................................ 1

1 Introducing SOA governance 3

1.1 What is SOA governance? 4

Definition of service-oriented architecture 4 ■ Introducing

governance 7 ■ Defining SOA governance 10

1.2 How using SOA governance can help 13

Keeping track of how services are used 13 ■ Keeping uniformity

among services 14

1.3 Common pitfalls when introducing SOA governance 14

1.4 Requirements of an SOA governance solution 15

Creating and maintaining policies 16 ■ Applying policies at

design time 17 ■ Applying policies at runtime 18

1.5 Getting started with SOA governance 18

www.it-ebooks.info

x CONTENTS

1.6 Getting an overview of the available policies 20

Design and documentation policies 21 ■ Security policies 21

Testing and performance policies 22

1.7 SOA governance and open source 22

Where is open source at the moment? 22 ■ Open source

tools 24

1.8 Summary 25

2 Setting up the SOA governance environment 27

2.1 Architecture of the SOA governance environment 28

Services architecture 29

2.2 Setting up the Eclipse environment 31

2.3 Introducing the traffic avoidance example 32

2.4 Configuring the general services and database 34

The data model used in this service 34 ■ Setting up the data

access layer 35 ■ Setting up the logic layer 37

2.5 Checking out and configuring the REST services 38

Overview of the REST layer 38 ■ Implementation of the

REST layer 40 ■ Testing the REST layer 41

2.6 Checking out and configuring the SOAP services 43

Overview of the WS-* layer 43 ■ The WSDL-based contract

for this service 44 ■ Implementation of the WS-* layer 47

Testing the WS-* remoting layer 48

2.7 Setting up the SOA registry 49

Running the SOA registry for the first time 49 ■ Registering a

service manually in the registry 50 ■ Accessing the WSO2

Governance Registry 51

2.8 Setting up the BAM application 53

Installing BAM tools and checking out the code from SVN 53

Attaching an event sender to the service 54 ■ Setting up the

widget to visualize the statistics 57

2.9 Summary 59

3 Using a case study to understand SOA governance 60

3.1 Getting to know OpenGov 61

The organizational chart of OpenGov 61 ■ The stakeholders

of OpenGov 63

www.it-ebooks.info

CONTENTS xi

3.2 Explaining SOA governance using OpenGov

products 64

GovForms: permit registration 65 ■ GovTraffic: the traffic

avoidance system 66 ■ GovMobile: registering your complaint

using mobile devices 66 ■ GovPortal: information about city

services 67 ■ GovData: OpenGov’s open data portal 67

3.3 Overview of the available services 68

3.4 Defining policies for the OpenGov organization 69

Service design and documentation policies 70 ■ Security

policies 72 ■ Performance and testing-related policies 75

3.5 Summary 77

PART 2 DESIGN-TIME POLICIES.................................... 79

4 Service design and documentation policies 81

4.1 Complying with the self-documenting service policy 82

Documenting a REST-based service 83 ■ Documenting a WS-*

based service 88 ■ Adding documentation to the service

repository 92

4.2 Following existing standards and definitions 95

Including an existing XML schema in a WSDL 95 ■ Using an

existing XML schema in a REST resource 98 ■ Using a

REST-based search definition 99

4.3 Creating a reusable service 103

Define the correct level of granularity 103 ■ Decoupling the

transport layer from the logical layer 104 ■ Service

discovery 104 ■ Versioning, documentation, and using

standards 106

4.4 How to version services 107

Versioning a WS-* based service 107 ■ Versioning a REST

service 111

4.5 Summary 115

5 Security policies 116

5.1 Encrypting a communications channel for sensitive

data 117

Using HTTPS with Jetty 118 ■ Using HTTPS and client-side

SSL with Jetty 119

www.it-ebooks.info

xii CONTENTS

5.2 Validating message integrity and non-repudiation 120

Applying WS-Security to SOAP messages 121 ■ Using HMAC

for message integrity and non-repudiation 126

5.3 Using a centralized identity system 131

Installing the authentication provider 133 ■ Configuring the

authentication provider 133 ■ Creating the authentication

façade 134 ■ Creating the authentication filter 137

5.4 Using OAuth to allow other services to access your service 141

5.5 Reusing existing authorization services 149

Configuring the OpenAM entitlement service 150

Creating an authorization filter 153

5.6 Summary 155

6 Testing, performance, and the cloud 156

6.1 How to test your service 157

Logic layer and data layer testing 158 ■ Remoting layer

testing 161 ■ Integration testing 167

6.2 Using quality management tools 170

Running a maven build for Sonar 172

6.3 Developing for the cloud 174

Different types of cloud services 174 ■ Requirements for the

cloud provider 175 ■ Creating a service that can run in the

Amazon cloud 176

6.4 Summary 185

PART 3 RUNTIME POLICIES ....................................... 187

7 Using tools for runtime governance 189

7.1 Runtime governance 189

Gadget 191 ■ Gadget server 191 ■ Event producer 192

Event service 193 ■ Event processor 194

7.2 Monitor performance and service usage 195

Average response time 196 ■ Report usage based on

service 199 ■ Report usage based on location 202

Number of requests per time period 206

7.3 Security and documentation 208

Failed authentication and authorization 208

Documentation compliance 211

7.4 Summary 211

www.it-ebooks.info

CONTENTS xiii

8 Lifecycle support and discovering resources 212

8.1 Defining the lifecycle of a service 213

Standard service lifecycle 213 ■ OpenGov service lifecycle 214

8.2 Creating a custom view for the policy 217

8.3 Defining the lifecycle of a policy 225

8.4 Discovery of a service and a policy in the service

repository 227

Searching the repository from the web application 227

Searching the repository from the repository client 229

8.5 Visualizing the information from the registry 230

Creating a gauge that shows the documentation

percentage 231 ■ Creating a pie chart that shows the

lifecycle stages 232

8.6 Summary 234

9 Integrating SOA governance tools with existing tools and

technologies 235

9.1 Enterprise integration 236

Provisioning a WSDL from the repository 236 ■ Provisioning

the configuration from the repository 238 ■ Sending events

from Mule 241 ■ Loading the Mule configuration from the

repository 245 ■ Sending events to Nagios from the Bamos

event server 246

9.2 BPM engine integration 251

Monitoring average task execution 251 ■ Monitoring which

processes are started 255

9.3 Language integration 257

C# 257 ■ Ruby 260 ■ Python 261

9.4 What you should remember from this book 263

9.5 Summary 264

appendix Installing tools, libraries, and frameworks 265

index 277

www.it-ebooks.info

www.it-ebooks.info