cpp in soa
TRANSCRIPT
C++ In SOA
Nandika JayawardanaTech Lead, WSO2, Inc [email protected]
Introduction to SOA in C++
● In this presentation we will look in to the implementation of SOA using Web Services in the C/C++ world from a native Web Services Stack's point of View.
Why use C++
● C++ is still widely used in the industry due to● Performance advantage of the native code● Flexibility available from object oriented
language● Tight control over memory and CPU
Typical applications that use C++
● Applications which require high performance and the ability to handle large volumes of data● Financial Market Applications● Large E-Commerce applications● Banking Applications● Telecommunication Systems● Data Base Systems
● Applications which require tight control over memory and CPU● Operating Systems (C/C++)● Embedded Systems
Some Use cases● A legacy C++ system which has been performing
useful work for a long time. This has remained isolated while all other systems in the organization evolved and connected together.
● Need to integrate this system with other applications to use its functionality in a broader perspective.
● Options● Rewrite the system ( Costly )● Integrate using EAI ● Integrate using a native Web Services Stack
Some Use Cases
.NET
J2EE
JavaCICS
SAP
Secure, Reliable, Binary Web Services
Legacy System
Some Use cases
● A high performance application is used in an organization (Telecommunication, Banking )
● Need to provide new products and services using the system on a regular basis to keep up with market competition
● Difficult to keep changing, adding new functionality to the existing system
● Does a better way exist to cater for the new requirements without the hassle of change or loosing the performance ?
Some Use cases
● I need my embedded system (camera, car, printer, robot, ... ) to be able to talk to external systems which are running heterogeneous hardware and software
SOA
● Decomposing business function into reusable, independent components which communicate using standard protocols with messages and semantics defined by contracts.
● SOA is an Enterprise Architecture● The application using a service should be
independent of the location and implementation of any services it uses
SOA
Why SOA
● SOA simplifies connecting systems● Integration is driven by number of factors
● Straight-through-processing● Handling web transactions without manual
intervention, leading to greater scalability● Mergers and De-mergers
● The increasing change in organizational structure is making loosely-coupled connections more important
● Partnerships● Outsourcing ● Time to Value
Native Web Services Stack
● What would you look from a native web services stack to solve the above stated problems ?● Support for Basic Web Services Standards ● Tooling for WSDL ● Portability● Performance / Low memory foot print ● Security● Ability to handle binary data● Interoperability● Asynchronous communication
Basic Web Service Standards● SOAP 1.1 , 1.2● WSDL (Web Services Description Language)● XML Schema ● HTTP
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Header/> <soap:Body>
<getProductDetails xmlns="http://warehouse.example.com/ws">
<productID>827635</productID> </getProductDetails> </soap:Body> </soap:Envelope>
Working with WSDL
● WSDL (Web Service Description Language) ● defines a service contract
● Focuses on:● What the messages are
● Schema● How they flow (in, in-out, etc)
● Message Exchange Pattern● Where they are
● Endpoint URLs
Working with WSDL
● WSDL is complex● WSDL is intended to be machine readable
and machine processable● Typical approaches to building services and
clients using WSDL● Code Generation ( Common)● Dynamic Invocation ( Rare )
Code Generation
<wsdl/>
document
Stub
Skeleton
Code Generation Tool
Advantages of Code Generation
● All complex details of mappings between C++ types and XML schema types are handled by the generated code.
● The developer deals with C++ types● Quickly develop services and clients● Faster than the dynamic invocation technique● Developer can concentrate on his business
logic
Working with WSDL in WSF/C++
● Comes with built in Code Generation tool.● Generates Client Stubs, Service Skeletons,
Service descriptors and Build scripts.● Generating a Service SkeletonLinux: sh WSDL2CPP.sh -uri calculator.wsdl -ss -sd -d adb -uWindows: WSDL2CPP.bat -uri calculator.wsdl -ss -sd -d adb -u ● Generating a Client StubLinux: sh WSDL2CPP.sh -uri calculator.wsdl -d adb -u Windows WSDL2CPP.bat -uri calculator.wsdl -d adb -u
How to adapt a C++ Application as Web Services
Using WSF/C++● Supports multiple platforms
● Linux ● Windows● Solaris
Portability
● My legacy application is running on platform 'X'. Does your Web Service stack run on it ?
● It can boil down to multitude of issues● Differences in operating system versions● Differences in build tool versions, compiler
versions● Dependency problems
Performance● Performance is a broad area. Usually
Performance means response time. In another way, how many requests can the server handle per second
● However, performance depends on the system's hardware as well as load on the system
● Does the performance stay constant or does it degrade over time
● How does the performance vary with the size of the messages, load of the system
Low Memory Foot Print
● Some servers take large amount of memory just to start up
● How much memory does it require to run efficiently ( Important in embedded systems)
● Does the memory usage stay constant while handling large xml messages, large binary content
Security
● Important, confidential data need to be exchanged between parties.
● Transport Level security● Message Level Security
Security Terminology
● Confidentiality ● The assurance that the message has not been read
by anyone other than the intended reader● Integrity
● The assurance that data is complete and accurate● Non-repudiation
● Prevent denial of action● unforgeable evidence
● Authentication● The verification of a claimed identity
Transport Level Security
● Achieved by using HTTPS● Provides confidentiality through encryption● Provides integrity through digital signature● Service authenticate to client via certificates● Client can authenticate to the service via
certificates / basic, digest authentication
Transport Level Security
HTTPS
Is it really what you want ?
Client Service
Transport Level Security vsMessage Level Security
Message Level Security
● Achieved using WS-Security● Authentication with UsernameToken● Provides confidentiality through encryption● Provides integrity and non-repudiation
through digital signature
Security with WSF/C++
● Supports Both transport Level security and Message Level Security
● Security is configured using WS-Security Policy
● Client is configured by specifying the policy configuration.
● Service is configured for security by the deployment script
● EgServiceClient sc(client_repo, end_point);sc.engageModule(“rampart”);sc.setPolicy(new NeethiPolicy(security_policy_file));
Handling binary data● “Attachments”
● Video, Images, Documents, ...● There are two ways to transfer binary data in
SOAP● By Value (Encoded text of data within the xml)
● base64 – 4/3x original size● hex – 2x original size
● Reference ● pointer to outside the XML
● MTOM/XOP ● Standardised approach to transfer binary data
Attachment handling with WSF/C++
● Class DataHandler which handles binary content
// Enable mtom in the options object. options->setEnableMTOM(true);
// Create a Data Handler with the image OMDataHandler * data_handler = new
OMDataHandler(image_file_name, "image/jpeg"); // Create OMText with Data Handler OMText * child3 = new OMText(child2, data_handler);
● Supports ● Base64 ● MTOM and SwA
● Support for caching large attachments
Interoperability
● The ability of two or more systems or components to exchange information and to use the information that has been exchanged
● Achieved by adherence to the specifications and regular testing against other systems
● Interoperability with the major SOA players guarantees that you services will be accessible by other products and your clients will be able to talk to other services
WSF/C++ and Interoperability
● Interoperability tested with .Net, Axis2 and other Java Web Services Stacks
● Has been tested with data types (Complex, Simple) as well as advanced features such as XOP/MTOM, WS-Security, WS-RM
WSF/C++● SOAP 1.1 and SOAP 1.2● WS-Addressing
● 1.0 ● submission
● MTOM and SwA● Support for caching large attachments
● WS-Security ● Base security standards mean that messages can be
protected using Encryption, Authentication and Signature● Including WS-SecureConversation and WS-Trust
● WSDL2CPP Code Generation tool● Supports generating client stubs, service skeletons, build
scripts and deployment scripts
WSF/C++
● WS-Policy and WS-Security Policy● Enables using industry standard XML to configure security
● SSL Enabled Transport Layer● WS-Reliable Messaging 1.0, 1.1 and WS-RMPolicy
● Enables reliability between platforms including message resending, duplicate detection and persistence
● Full REST support (GET, PUT, DELETE, POST) with custom URI Mapping
● Enables mapping a REST API easily and naturally● Useful tools
● Tcpmon● wsclient
Q & A