MSC Dissertation

1
1. Introduction
1.1 Aim and Objectives
The purpose of this dissertation is to develop a supply chain management

application based on SOA (Service Oriented Architecture) and investigate
and the best approach used in developing SOA application
This supply chain management application is simple and scalable.
New services can easily be implemented and added into the system.
The research involves:
 Investigate the best approach in developing SOA application such as

SOA application using BPEL and SOA application using a traditional
approach
 Investigate BPEL language, Oracle database, and various J2EE
technologies
 Find the proper tools and application servers in developing SOA
application such as Oracle SOA Suite, Oracle JDeveloper 10g, Oracle
BPEL Process Manager, and NetBeans IDE6.1
 Investigate JSF (Java Server Faces) used in developing User Interface
 Design and develop a simple supply chain management application
 Compare and evaluate the approaches in developing SOA application
including strengths and weaknesses from both approaches.
1.2 Scope of work
The main objective of this project is to develop a simple supply chain management
application. Therefore, this application does not show the application in a real life
scenario and it only can meet minimum requirements indentified in this project in order
to reduce the complexities of the system. This simple supply chain management avoids
developing many components. In addition, there are some securities requirements need to
be considered.
2
1.3 Arrangement and Contents
Here is a summary of these chapters and how they work together.

In Chapter 1 explains the aim, scope of work, and arrangement of the projects, in the
Chapter 2 shows the software methodology in developing supply chain management
application Chapter 3 provides a developer the concept of SOA, the BPEL language, and
Web Service, so that the developer can have a good understanding of SOA application
design and development and in the Chapter 4 explains what Enterprise Java Bean is, type
of EJBs, and learns how to develop a JAX-WS web service with a basic example. If you
are an experienced java developer, so you might skip this chapter. Next, Chapter 5
provides the concept of Java Server Faces Technology and some important components
such managed-bean and navigation in building server-side user interfaces. And then,
Chapter 6 provides some reasons that why communication between web services and a
web service itself need to be secured and some examples in setting up a secure channel.
Chapter 7 represents the structure of supply chain management system, overall
requirements, use case diagram, The Value List Handler pattern that is used, sequence
diagram and some details of each web service working together in the system then
Chapter 8 explains detailed design and some coding, and Chapter 9 show the table of
testing results how to set up an environment in developing the application. Chapter 10
application demonstration followed by Chapter 11 provides tools used in the project, how
to run the application, next Chapter 12 explains why changes the approach, and Chapter
13 provides critical evaluation and conclusions, finally chapter 14 Bibliography and
Appendix A, B, C, D, E
3
2. Software development methodology
Software development methodology is a framework that is applied to plan, and

control the software process of an information system. There are a wide range of
frameworks evolved over the years. Each methodology is best suited to specific kinds of
projects. These approaches are: [26]
 Waterfall model
This model is a sequential development process; it begins with customer
specification of requirements and progress through planning, designing,
coding, testing, maintenance and deployment. It is appropriate when the
requirements of a problem are well understood.
 Incremental model
This model supports the iterative and incremental development, which the
various parts of the system are developed at different times and integrated as
they are completed.
 Spiral model
This model is suitable for large, expensive and complicated projects
 Agile model (Extreme Programming)
This model is suitable for ongoing changes to requirements. They believe that
adaptability to changing requirements anytime during project life is more realistic than
defining all requirements at the beginning of a project. The model also involves
developers doing pair-programming.
2.1 My approach
After I studied the specific nature of my project, I decided to choose an

incremental model as a main software development approach in this project due to the
following reasons:
 It is not necessary to obtain complete requirements at the beginning of this
project, since the nature of this complete project consists of many small
projects working together as a string of services in an SOA application.
As a result, only basic requirements are addressed, buy many
supplementary features (some known, others unknown) remain
undelivered.
 I was only one developer who worked on this project.
 This project is a small project; it is not large, and complicated.
4
 It is essential to reduce inherent project risk by breaking a project into

smaller segments and provide more requirements such as more complex
user interface or security considerations during the development process.
 Each service can be compared to one increment.
 Each service is implemented at different time and some services needed to
be integrated before adding a new service into the system. The service is
also tested in different time.
 The requirements are easily changes and there are a lot of re-designs and
integration tests.
 The project gets more and more complex and the design is often changed.
2.2 The incremental model
Figure1 the incremental Model
The first increment
At the beginning, the system has only basic requirements, for instance,
A simple retail service system can fulfill requests from customers through a web
browser.
The simple JSF web application and a simple retail service were developed in this
increment with a simple user interface. The user only can place an order with the
limitation of number of product provided.
5
The second increment

In this increment, the system added more services into the system, such as
FirstWarehouse service including integration tests between services.
The third increment

In this increment, is to change user interface in order to make user interface
more flexible and scalable. For example, in the first increment the user only can place an
order with the limitation of number of product.
The fourth increment, the security requirements needs to be considered and there is a re-
design, and more functions and more services are implemented including testing.
6
2.3 Project plan
NO. Task Name Date

Duration
1 Project Preliminary study (SOA) 15 days 15/6/2008
2 Proposal 7 days 22/6/2008
3 Investigating SOA concept and SOA development 15 days 5/7/2008
approach
4 Research and Choose what kind of application that is 15 days 19/7/2008
suitable using SOA and web service technologies
5 Design a simple supply chain management application 7 days 26/7/2008
6 Investigate BPEL language and implement a simple 30 days 26/8/2008
BPEL business process including web services
Using NetBean IDE 6.1
7 Investigate the proper tools in developing SOA 15 days 10/9/2008
application JDeveloper and NetBeans IDE 6.1
8 Investigate Oracle SOA suite and BPEL process 30 days 10/10/2008
manager and Oracle database
9 Develop a BPEL process using Oracle technologies 7 days 17/10/2008
10 Integrating user interface with a BPEL process 7 days 24/10/2008
11 Problems and Solutions, change the approach 7 days 1/11/2008
12 Investigate a new approach to develop SOA application 7 days 8/11/2008
13 Investigate JSF (Java Server Faces) 15 days 22/11/2008
14 Implementation ( start from scratch) Retailer service 15 days 22/11/2008
15 Implementation a web application 15 days 22/12/2008
Implement and integrate between both applications 7 days 29/12/2008
16
17 Testing / Integration Test/ Bug Fix 7 days 5/1/2009
18 Design and implement FirstWarehouse 7 days 12/1/2009
19 Implement and integrate a Retailer Web service and 7 days 19/1/2009
FirstWarehouse service
20 Testing/Integration Test/Bug Fix 7 days 26/1/2009
22 Implement and integrate a Retailer Web service and 7 days 2/2/2009
SecondWarehouse service
23 Testing /Integration Test/ Documentation 3 days 5/2/2009
24 Bug Fix 3 days 8/2/2009
25 Investigate security requirements in a supply chain 3 days 11/2/2009
management application
26 Investigate security technologies in j2EE and web 3 days 14/2/2009
services
27 Add some securities and problems 3 days 17/2/2009
28 Redesign User Interface 7 days 24/2/2009
29 Documentation 29 days 23/2/2009
30 Bug Fix/Testing 7 days 23/3/2009
31 Completion of Project 7 days 30/3/2009
7
Summarize
According to the project plan table, the project plan is divided into 10 stages
1. Project Preliminary study (SOA) and proposal

2. Investigate SOA concept and SOA development
3. SOA development using BPEL , JDeveloper, BPEL process manager, Oracle
Database
4. Problems and Solutions
5. Change the approach and start from scratch
6. Design and implement a supply chain management application
7. Testing /Integration Test/ Bug Fix/ Document
8. Redesign / User Interface/ add more functions/ services
9. Documentation
10. Completion of project
It can be clearly seen that I spent a large amount of time investigating SOA approach,
development tools, BPEL language at the first part of this project. Then I found the
problems and changed the approach in developing a supply chain management
application based on SOA so that I was able to complete the project.
8
3. Concept of SOA and Web Service
3.1 Service Oriented Architecture (SOA)
Figure2. A Service-Oriented Architecture
A service-oriented architecture [18] is an architectural approach supporting loosely

coupled services to enable business flexibility. SOA consists of a collection of business
services in a network such the world-wide-web.
A service offers a business function with a well-defined interface. The service is self-
contained and does not depend on other services such as Loan Processing Service, that
processes the loan application. The many services can work together in a coordinated
way such as supply chain management system based on SOA. Multiple services are used
to satisfy a more complicated business requirement.
SOA is not a new architecture; it has been around for years related to the integration,
development, and maintenance of complex enterprise applications. The use of SOA
approach is to improve and extend the flexibility of integration methods (EAI) and
distributed architecture and reusability of existing applications.
The characteristic that makes SOA different from other architecture is loose coupling.
This means that the way a client communicates with the service does not depend on the
implementation of the service. The client does not need to know what language the
service is coded or what platform the service runs on.
But what is new is the web service based on SOA. A web service is a service
communicating with client through a set of protocols and technologies in an
interoperable, technology-agnostic manner. Hence web services are well-suited as the
basis for a service-oriented environment and most often implemented with web services.
9
3.2 Why SOA
There are many good reasons to take an SOA approach. [23]

 Reusability
Developers can bring code implemented for existing applications and expose it as a web
service, then reuse it to meet new business requirements. This leads to reduce the
development cost and time.
 Interoperability
The clients and services in service oriented environment communicate each other no
matter what platform they run on and which language used to implement services.
 Scalability
Services in SOA are loosely coupled, thus it easy to enlarge applications using these
services. That because there are few dependencies between the requesting application and
the services it uses.
 Flexibility
Because SOA services are loosely coupled, they are more flexible than tightly-coupled
applications. The components of an application are not tightly bound to each other. This
makes it easy to change the application in order to meet new business requirements. The
loosely-coupled, asynchronous nature of services in a SOA makes application flexible.
 Location transparency
Location transparency is another main characteristic of SOA architecture. A service
implementation can be moved from location to location without client’s knowledge. This
increases service availability and performance.
10
3.3 SOA, Web Services and BPEL
SOA [27] describes the communication pattern between services, functions and
their operations. The service itself and interactions between services are defined using a
description language such as web service description language (WSDL). Each interaction
is loosely-coupled. Thus, web service technology is main foundation of developing SOA
application. This project focuses on orchestration of a supply chain management. By the
definition, orchestration illustrates how web services can interact with each other at the
message level including the business logic.
According to research, BPEL is a language for specifying with web services.
Hence BPEL is main important component used in developing SOA application.
To have a good understanding in developing a SOA application, it is important to
know details of using BPEL and it will be presented in details on the topic Business
Process.
3.4 SOA design and Development
To build a SOA application, first of all, a developer needs to break out the
different pieces of business logic into services.
The service can be:
 Defined by well-published interfaces.
 Loosely coupled
 Entities encapsulating reusable business functions
In a SOA application, services communicate with each other using different message
exchange patterns (one-way, synchronous and asynchronous)
To implement SOA application [24]
 Identify the different units of business logic and units of work to be

performed
 The functionality of the units of work is described in term of
services by implementing stateful or stateless service.
 Identify the main infrastructure services, which each service needs
to use.
 Define the major pieces of common functionality, if any, between
the various services. Make sure that the common functionality is
described as a reusable service.
 The different pieces of functionality is exposed as a service in
terms of operations such as web service
 Describe events that services would be producing or consuming.
 Build workflows to enable service choreograph

11
3.5 Business Processes BPEL
BPEL [18] (Business Process Execution Language) has become one of the most
important language for developing SOA application. It is a language used for
composition, orchestration, and coordination of web services. It offers rich functions to
manage the behavior of business processes. BPEL also introduces a new concept into
application development. Developers can do programming in the large rather than do
programming in the small using traditional approach. This BPEL concept allows
developers to create business processes quickly by only defining in which services will
be invoked. This makes applications become more flexible to the changes in business
processes.
Developing Business Processes with BPEL
Business processes are processes that compose a collection of services. A

business is described in BPEL.
In a typical scenario, the BPEL business process receives a request from client.
To fulfill the request, the BPEL process will invokes the involved web services and
responses to the caller. In the process, a developer requires to specify relations between
several web services. These relations are called partner links.
Furthermore, BPEL provides conditional behavior. For example, a developer can
construct loops, declare variables, copy and assign values.
To understand how BPEL works, a developer needs to understand the concepts first.
BPEL Concepts
A BPEL process is made up of steps. Each step is called an activity. Activities

represent basic constructs and used for common tasks such as
 Invoking other web services, using <invoke>
 Waiting for the client to invoke the business process using <receive>
 Generating a response , using <reply>
 Manipulating data variable, using <assign>
 Terminating the entire process, using <terminate>
In addition, the interface of new BPEL web service uses a set of port types, which
it offers operations like any other web services.
To make the BPEL concepts clear, lets look at a BPEL business process Example of a
simple supply chain management.
12
BPEL Business Process Example (A simple business supply chain management)
Figure 3 BPEL process for business supply chain management
I have defined a simple business process for business supply chain

management. Lets consider the business process. When client make a request to the
business process, first the process will receive the request using the receive activity (no
shown in diagram). Then the process will invoke a retailer service using the invoke
activity to ask for catalog products. After that the retailer service sends the response back
to the process using the reply activity (not shown in the diagram). And the response is
passed to the client. Next the client submits the quantity of products, the new request is
sent to the process and the request is fulfilled by the retailer service. The retailer first
needs to check stock level to see whether warehouseA has enough products or not enough
by invoking the invoke activity (for warehouseA). The response returns the response
using the receive activity. If the warehouseA can not fulfill the request, the warehouseB
will be invoked by the invoke activity (for warehouseB). The response is returned from
warehouse B to the process, finally the process passes this response to client and the
process ends.
13
3.6 Web Service Overview
A web service is a remote application, which is accessed by clients using

XML-based protocols such as Simple Object Access Protocol (SOAP) and data is
transmitted over internet protocols such as Http. It has its interfaces described using Web
Service Definition Language (WSDL) file [7]
Web services use Internet technology for system interoperability, which is

supported by almost every technology vendor (Microsoft, IBM, BEA, Sun Microsystems,
Oracle, HP, and others). Web services also offer a way for applications to expose their
functionality over a network, regardless of implementation languages, platforms. Not
only can web services help an enterprise to enlarge business offerings, improve the
efficiency of business processing. Web Services Technology has been increasingly
adopted, since it can cut down operational costs by allowing organizations to extend and
reuse their existing system functionality.
3.7 Benefits of Web Services
 Reusability
Web services play a big role in improving software reusability in organizations. Web
services can wrap legacy application, databases, and objects then expose them as
services. In addition, web services are built on interoperable and ubiquitous standard.
 Freedom of choice
Web services standards have created a huge marketplace for tools, products, and
technologies. Organizations have a wide range of options to select configurations that
best meet their requirements. Furthermore, developers can boost their productivity rather
than using their own solutions. They have a chance to choose from a market of
application components.
 Support more client types
Since web services offer interoperability, there are more choices in supporting more
client types regardless of the platform: Java or Microsoft or it can be based even on a
wireless platform.
 Interoperability in a heterogeneous environment
Web services allow different distributed services to run across different software
platforms and architectures and web services also can be implemented in different
languages.
 Location Transparency
A client can find a service and does need to care where the service is located. Thus, an
organization is able to move services to different machines. Developers also can move
code from one platform to another.
14
3.8 SOAP
For Web services, the protocol that is used called SOAP. Soap is a distributed
object protocol based on XML. It is defined by its own XML schema and depended on
XML namespaces.
SOAP Message Structure
Figure 4 SOAP Message Structure
Example of soap message
<?xml version='1.0' ?>

<env:Envelope xmlns:env="http://www.w3.org/2003/05/soap-envelope">
<env:Header>
<m:reservation xmlns:m="http://travelcompany.example.org/reservation"
env:role="http://www.w3.org/2003/05/soap-envelope/role/next"
env:mustUnderstand="true">
<m:reference>uuid:093a2da1-q345-739r-ba5d-pqff98fe8j7d</m:reference>
<m:dateAndTime>2001-11-29T13:20:00.000-05:00</m:dateAndTime>
</m:reservation>
<n:passenger xmlns:n="http://mycompany.example.com/employees"
env:role="http://www.w3.org/2003/05/soap-envelope/role/next"
env:mustUnderstand="true">
<n:name>Åke Jógvan Øyvind</n:name>
</n:passenger>
</env:Header>
<env:Body>
<p:itinerary
xmlns:p="http://travelcompany.example.org/reservation/travel">
<p:departure>
15
<p:departing>New York</p:departing>
<p:arriving>Los Angeles</p:arriving>
<p:departureDate>2001-12-14</p:departureDate>
<p:departureTime>late afternoon</p:departureTime>
<p:seatPreference>aisle</p:seatPreference>
</p:departure>
<p:return>
<p:departing>Los Angeles</p:departing>
<p:arriving>New York</p:arriving>
<p:departureDate>2001-12-20</p:departureDate>
<p:departureTime>mid-morning</p:departureTime>
<p:seatPreference/>
</p:return>
</p:itinerary>
<q:lodging
xmlns:q="http://travelcompany.example.org/reservation/hotels">
<q:preference>none</q:preference>
</q:lodging>
</env:Body>
</env:Envelope>
A SOAP message is a XML document containing The optional <Header>

element, The mandatory <Body> element, and envelope element.
The envelope element
This element acts like a container for the body element and header
element. The envelop element is used to indicate the start and the end of the message to
the receiver. When the receiver find the </Envelope> tag, it understand that the message
has ended.
The <Header> element [2]

It is optional element and has to be located at the first immediate child
element of the envelope element. It is used for holding infrastructure data such as security
data, transaction data, routing information.
16
The Body element
The body contains the actual message such as a complete purchase order
sent from the consumer to provider. The message can be RPC style describing details
about procedure and parameters.
The Fault element
This element is embedded in the body and is used to carry error and status
information within a SOAP message. It indicates a problem while processing the
message. Such a message is called a SOAP fault. Problems can be application-specific
(username not found) or system issues such as the problem of finding a host name.
This fault element has two subelements
1. A mandatory fault code element, showing the common errors.
2. A mandatory fault string element, giving a human-readable explanation of errors.
3.9 WSDL (Web Services Description Language)
Figure 5 shows WSDL document: a conceptual representation

17
Sample WSDL document [18]
<definitions name="EndorsementSearch"
targetNamespace="http://namespaces.snowboard-info.com"
xmlns:es="http://www.snowboard-info.com/EndorsementSearch.wsdl"
xmlns:esxsd="http://schemas.snowboard-info.com/EndorsementSearch.xsd"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/" >

<message name="GetEndorsingBoarderRequest"> <part name="body"

element="esxsd:GetEndorsingBoarder"/> </message>
<message name="GetEndorsingBoarderResponse"> <part name="body" e e
element="esxsd:GetEndorsingBoarderResponse"/> </message>
<portType name="GetEndorsingBoarderPortType">
<operation name="GetEndorsingBoarder">
<input message="es:GetEndorsingBoarderRequest"/>
<output message="es:GetEndorsingBoarderResponse"/>
<fault message="es:GetEndorsingBoarderFault"/>
</operation>
</portType> <binding name="EndorsementSearchSoapBinding"
type="es:GetEndorsingBoarderPortType">
<soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="GetEndorsingBoarder">
<soap:operation
soapAction="http://www.snowboard-info.com/EndorsementSearch"/>
<input>
<soap:body use="literal" namespace="http://schemas.snowboard-
info.com/EndorsementSearch.xsd"/>
</input>
<output> <soap:body use="literal" namespace="http://schemas.snowboard-
</output>
18
<fault> <soap:body use="literal" namespace="http://schemas.snowboard-

</fault>
</operation>
</binding>
<service name="EndorsementSearchService"> <documentation>snowboarding-info.com

Endorsement Service</documentation>
<port name="GetEndorsingBoarderPort"
binding="es:EndorsementSearchSoapBinding">
<soap:address location="http://www.snowboard-info.com/EndorsementSearch"/>
</port>
</service>
</definitions>
In WSDL, there are three elements describing all abstract definitions of the Web
Service interface.
1. Types: contains the language-independent data type definitions using XML schema
the key structure of the types element is
<definitions>
<types>
<xsd:schema../>
</types>
</definitions>
There are two elements of type MathInput (Add, Subtract) and two elements of type
MathOutput (AddResponse, SubtractResponse).
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:y="http://example.org/math/"
xmlns:ns="http://example.org/math/types/"
targetNamespace="http://example.org/math/"
>
19
<types>
<xs:schema
targetNamespace="http://example.org/math/types/"
xmlns="http://example.org/math/types/"
>
<xs:complexType name="MathInput">
<xs:sequence>
<xs:element name="x" type="xs:double"/>
<xs:element name="y" type="xs:double"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="MathOutput">
<xs:sequence>
<xs:element name="result" type="xs:double"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Add" type="MathInput"/>
<xs:element name="AddResponse" type="MathOutput"/>
<xs:element name="Subtract" type="MathInput"/>
<xs:element name="SubtractResponse" type="MathOutput"/>
</xs:schema>
</types>
...
</definitions>
3. messages: can serve as the input and output parameters for the service .
The content of a message depends on the interaction between the consumer and the
service. For instance, if you define an RPC style service, the message parts is represented
by listing parameters.
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:y="http://example.org/math/"
xmlns:ns="http://example.org/math/types/"
targetNamespace="http://example.org/math/"
>
...
<message name="AddMessage">
<part name="parameter" element="ns:Add"/>
</message>
20
<message name="AddResponseMessage">
<part name="parameter" element="ns:AddResponse"/>
</message>
<message name="SubtractMessage">
<part name="parameter" element="ns:Subtract"/>
</message>
<message name="SubtractResponseMessage">
<part name="parameter" element="ns:SubtractResponse"/>
</message>
...
</definitions>
3. portTypes: represents operation name, input, and output parameters.

The portType describes a set of webservice operations. Each operation consists of input
element,output element,and also a fault element.
An input element represents the type of soap message that a client should send to the web
service. An output element describes the type of soap message that a client expects to get
back.
There are two styles of web services messaging: request-response and one-way.
Request-response messaging requires an input element, an output element, and an
optional fault element.
The following request-response messaging:
<portType name="MathInterface">
<operation name="Add">
<input message="y:AddMessage"/>
<output message="y:AddResponseMessage"/>
</operation>
</portType>
In addition, one-way message style contains only an input element, but no output element
and fault element.
Bindings: describes the concrete details of a portType, the type of encoding
used to send and receive messages, and protocol that SOAP messages are carried. The
key structure of a binding element is shown below
<binding name="MathSoapHttpBinding" type="y:MathInterface">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="Add">
<soap:operation
soapAction="http://example.org/math/#Add"/>
<input>
<soap:body use="literal"/>
21
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
...
</binding>
Services: describes a group of ports or endpoints.

In the port element,there is the address details showing where the service is located.
<service name="MathService">
<port name="MathEndpoint" binding="y:MathSoapHttpBinding">
<soap:address
location="http://localhost/math/math.asmx"/>
</port>
</service>
22
4.1 Enterprise Bean
An Enterprise java bean [2] is a key server-side component used for distributed
applications. It provides a standard model for implementing server components
representing business process. Such as purchasing order, inventory process. Furthermore,
these distributed components do not have to reside on the same server, they can reside in
wherever it is suitable in order to reduce latency or maximize reliability.
Benefits of Enterprise Beans
EJB architecture increases the productivity of application developers by

automating the use of complex infrastructure services such as transaction management
and security authorization. While developing distributed application, developers only
need to focus on business logic rather than transaction and security issues. In addition,
EJB supports scalability; it accommodates a growing number of users.
4.2 Type of EJBs
Enterprise java bean comes in two different types

 Session beans
Session bean is used to manage business process or perform tasks for clients. A session
bean is not persistent and data is not mapped and stored into a database. Session beans
work with entity beans and other resources to control interactions of beans. They manage
tasks and resources but they don not represent data.
In addition, a stateless session bean does not maintain state from one method invocation
to the next. It does not care what other requests have gone or followed.
More importantly, a stateless session bean can be implemented as a web service and it is
used in this Supply chain management system.
 Entity beans
Entity beans represent business objects and are mapped to tables in a relation database.
These entity beans objects can be allocated, and sent across the network. They are
persistent, have primary keys and can have relationships with other entity beans.
4.3 Using JAX-WS
JAX-WS is a fundamental technology for developing web services and

clients. JAX-WS is designed to take place of JA-RPC, thus it can simplify the creation of
web service.
In addition, the JAX-WS specification offers an extensive set of
annotations and these annotations make web services a lot easier to implement.
Developers only needs to add two annotations @WebService and @WebMethod to
transform a statless EJB into a web service.
23
Reason to implement a JAX-WS web service [22]
 JAX-WS 2.0 fully supports the java architecture for XML binding (jaxb)
specification and jaxb offers a way to bind a xml schema to a
representation in java code. This is easy for developers to integrate xml
data and processing functions in applications without knowing much
about xml.
 JAX-WS model is robust because developers can use additional

annotations to customize the mapping from java to xml schema or
WSDL and map Web Service operation names to meaningful names in
the WSDL file.
 Since JAX-RPC is not evolving , the future of web service is JAX-WS
The @WebService annotation
@javax.jws.WebService is main annotation used to specify that the class is a web

service. This annotation has to be placed on the stateless session bean class so as to
expose it as a web service. There are some key attributes that developers should know:
 The name() attribute is the name of the web service
 The wsdlLocation() attribute defines the URL of the WSDL document
representing this web service.
The @WebMethod annotation
@javax.jws.WebMethod is another key annotation used to define an operation of

web service. Every method in java class is transformed to operations of web service by
adding @javax.jws.WebMethod. There are some key attributes that developers should
know:
 The operationName() attribute is used to define the WSDL operation. If

it is not specified, the java method is used.
.
24
For example,
import javax.ejb.Stateless;
import javax.jws.WebService;
@Stateless
@WebService(name =”TravelAgent”)
public class TravelAgentBean{
@WebMethod(operationName= “Reserve”)
Public String makeReservation(){
}
}
The Service Endpoint Interface
A service endpoint interface is a java interface declaring the methods that a client
can invoke on the service. A JAX-WS client can use the @javax.xml.ws.WebServiceRef
annotation to reference a service endpoint interface directly.
For example,
@WebServiceRef(wsdlLocation=
"http://localhost:8090/ProductItemsBSBeanService/ProductItemsBSBean?wsdl")
25
5.1 JSF Overview
Java Server Faces Technology (JSF) [1] is a server-side user interface framework,
which simplifies the creation of java web applications. It offers a set of APIs for
representing UI components, state management, event handling, input validation, and
internationalization support. Furthermore, it also provides custom tag libraries for
expressing UI components in a JSP Page in order to wire up components to server-side
objects.
Figure 6 High-level Overview of the JSF framework
The primary benefits of Java Server Faces Technology [2]
 Ease-of-Use
JSF framework is based on Model-View-Controller architecture (MVC),
offering a clean separation between presentation and business logic
This facilitates each member in a development team to focus on his or her own piece
of development process. For instance, page authors who specialize in graphic design
can design look and feel of web application using the Java Server Faces tag libraries.
This leads to a division of labor and brings a rapid development cycle.
 Standardization
JSF technology is a standard framework for constructing a server-side
user interface application. It is being developed through the Java Community Process
under JSR-127. Many respected tools vendors are committed to supporting JSF
technology in their tools.
26
 Device Independency
JSF technology is flexible and maintainable. It defines component
functionality in extensible UI component classes, and allows component developers
to extend the component classes to produce their own component tag libraries for
specific clients.
Java Server Faces Application
A typical JSF application comprises the following:
 A set of JSF pages, which is a JSP page that has JSF tags. It uses custom tags to
express the user interface components.
 A set of backing beans, which are javabeans components, expose properties and
functions for UI components on the page
 A configuration file ,which is faces-config.xml file
 It could be a set of custom objects implemented by the web developer such as
custom components, validators, converters, or listeners.
In JavaServer Faces development, the application code is written in beans and the design
is in web pages. First, look at beans
5.2 Managed-Beans
Bean is a class that exposes properties and events. In a bean class, properties can
be any attribute of a bean such as a name, a type, and methods for getting and setting the
property value. Bean is used when a developer need to wire up java classes with web
pages or configuration files.
For instance, in this UserBean class, there are two properties, name and password.
Public class UserBean{

public String getName(){…}
public void setName(String newValue){…..}
public String getPassword(){……..}
public void setPassword(String newValue){….}
}
27
In addition, UserBean instance needs to be configured in the face-config.xml file:
<managed-bean>
<managed-bean-name>user </managed-bean-name>
<managed-bean-class>com.corejsf.UserBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
This above means the object named User is created in com.corejsf.UserBean and it is
alive for the duration of the session for all requests that stem from the same client.
When looking in the User design code,
<h:inputSecret value=”{user.password}”/>
This input filed reads and updates the password property of the user bean. The beans are
produced according to the managed-bean elements in the configuration file.
JSF pages
In typical JSF pages, it mostly starts with the tag library declarations
<%@ taglib uri=”http://java.sun.com/jsf/core” prefix=”f” %>

<%@ taglib uri=”http://java.sun.com/jsf/html” prefix=”h” %>
<f:view>
<h:form id=”helloForm1”>
</h:form>
</f:view>
The first tag is the core tag that is independent of the redering technology and the
second tag is the HTML tags that creates HTML-specific markup and is followed by the
view tag. All JavaServer Faces component tags need to be inside this view tag.
5.3 Navigation
Navigation is a set of rules, which tell the JSF application that which page needs
to be displayed next after the button in the form has been submitted.
In this example, when the user clicks the login button,the page is changed from
the index.jsp page to welcome.jsp page.
28
<navigation-rule>
<from-view-id>/index.jsp</from-view-id>
<navigation-case>
<from-outcome>login</from-outcome>
<to-view-id>/welcome.jsp</to-view-id>
</navigation-case>
</navigation-rule>
In the from-outcome tag, the value login matches the action attribute of the command
button of the index.jsp page
<h:commandButton value=”Login” action=”login”/>
5.4 JSF TAGS
There are a number of important JSF tags used in this web application
An example from List.jsp
<f:view>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<c:url value="/styles.css" var="stylesUrl"/>

<link href='<c:out value="${stylesUrl}"/>' rel="stylesheet"
type="text/css"/>
<title>
<h:outputText value="#{msgs.ProductItemDetailsTitlepage}"/>
</title>
</head>
<body>
<center>
<h:graphicImage value="/images/banner.jpg"/>
<h:form>
<center>
<h:commandLink value="TV" action="tv"/> |

<h:commandLink value="Camera" action="camera"/> |
<h:commandLink value="MP3" action="mp3"/> |
<h:commandLink value="LAPTOP" action="laptop"/> |
<h:commandLink value="Mobile phone" action="phone"/> |
</center>
29
<h:outputText value="#{msgs.ProductItemDetailsTitlepage}"
styleClass="emphasis"/>
<h:panelGroup rendered="#{BrowseProduct.itemcount > 0 }">

<h:outputFormat value="#{msgs.pagePreviousNext}">
<f:param value="#{BrowseProduct.firstItem + 1}"/>
<f:param value="#{BrowseProduct.lastItem}"/>
<f:param value="#{BrowseProduct.itemcount}"/>
</h:outputFormat>
<h:outputText value=" "/>
<h:commandLink action="#{BrowseProduct.prev}"
value="#{msgs.previous} #{BrowseProduct.pageSize}"
rendered="#{BrowseProduct.firstItem >= BrowseProduct.pageSize}"/>
<h:commandLink action="#{BrowseProduct.next}"
value="#{msgs.next} #{BrowseProduct.pageSize}"
rendered="#{BrowseProduct.lastItem + BrowseProduct.pageSize <=
BrowseProduct.itemcount}"/>
<h:commandLink action="#{BrowseProduct.next}"
value="#{msgs.remaining} #{BrowseProduct.itemcount -
BrowseProduct.lastItem}"
rendered="#{BrowseProduct.lastItem < BrowseProduct.itemcount &&
BrowseProduct.lastItem + BrowseProduct.pageSize > BrowseProduct.itemcount}"/>
<br />

<h:dataTable value='#{BrowseProduct.items}' var='item'
styleClass="evenRow" headerClass="columnHeader"
columnClasses="evenRow,oddRow">
<h:column headerClass="columnHeader">
<h:graphicImage url="#{item.imageurl}"/>
</h:column>
<f:facet name="header">
<h:outputText value="#{msgs.productHeader}"/>
</f:facet>
<h:outputText value="#{item.productnumber}"/>
</h:column>
30
<h:outputText value="#{msgs.nameHeader}"/>
</f:facet>
<h:outputText value="#{item.productname}"/>
</h:column>
<h:outputText value="#{msgs.categoryHeader}"/>
</f:facet>
<h:outputText value="#{item.category}"/>
</h:column>
<h:outputText value="#{msgs.priceHeader}"/>
</f:facet>
<h:outputText value="#{item.price}"/>
</h:column>
<h:outputText value="Show details"/>
</f:facet>
<center>
<h:commandLink value="#{msgs.show}"
action="#{BrowseProduct.detailSet}">
<f:param name="currentProductItem" value="#{item.productid}"/>
</h:commandLink>
</center>
</h:column>
</h:dataTable>
</h:panelGroup>
</h:form>
</center>
</f:view>
31
Displaying Text and Images
These are three basic tags used to display text and images
 h:outputText
This tag produces text and a developer can specify many attributes attached to it. For
example, converter, id, rendered, styleClass, value
<h:outputText value="#{msgs.ProductItemDetailsTitlepage}"/>
The value from Message.properties file will be accessed and displayed by using
outputText.
 h:graphicImage
This tag helps to generate an image
<h:graphicImage value="/images/banner.jpg"/>
 h:outputFormat
This tag is used for displaying output with parameters specified in the body of the
tag
For example,
<h:outputFormat value=”{0} is{1} high”>
<f:param value=”This building” />
<f:param value=”very”/>
</h:outputFormat>
Links
 h:commandLink
The h:commandLink tag produces an HTML anchor element that acts like a
submit button.
<h:commandLink value="TV" action="tv"/>
32
Passing data from User interface to the server
 The f:param tag
Using this tag, a developer can attach a parameter to a component. More

interestingly, the f:param tag perform differently depending on the type of
component attached.
For instance, you use h:outputFormat , JSF uses the value of parameters to fill in
placeholders, such as {0}, {1}. If you use f:param tag with a command
component such as h:commandLink. JSF will pass the parameter’s value to the
server as a request parameter.
An example is shown below:
<h:commandLink action="#{OrderController.add}"
value="#{msgs.addToCart}">
<f:param name="currentProductItem"
value="#{BrowseProduct.productItem.productid}" />
<f:param name="currentNumberItem"
value="#{BrowseProduct.productItem.productnumber}" />
<f:param name="currentNameItem"
value="#{BrowseProduct.productItem.productname}" />
</h:commandLink>
PanelGroup
h:panelGroup is often used with h:panelGrid. The role of panelGroup is to group

two or more components, therefore they can be treated as one component.
For instance, you group an input field and error message together:
<h:panelGrid column=”2”>
<h:panelGroup>
<h:inputText id=”name” value=”#{user.name}”>
<h:message for=”name” />
</h:panelGroup>
</h:panelGrid>
33
Data Tables
h:dataTable tag
Java Server Faces offers a powerful tag called h:dataTable used for creating Tables
while iterating the data from a backing bean. This tag can iterate over the collection or
array of values.
While h:dataTable iterates, it create each item in the list and the name of the item
is specified with h:dataTable’s attribute.
<h:dataTable value='#{BrowseProduct.items}' var='item'

styleClass="evenRow" headerClass="columnHeader"
columnClasses="evenRow,oddRow">
<h:graphicImage url="#{item.imageurl}"/>
</h:column>
<h:outputText value="#{msgs.productHeader}"/>
</f:facet>
<h:outputText value="#{item.productnumber}"/>
</h:column>
</h:dataTable>
From the example above,

h:dataTable iterates through the collection called items and each item is populated
in each column. h:dataTable also provides useful attribute specifying CSS
classes such as columnClasses ,which is list of CSS classes for columns, headerClass
that is CSS class for the table header.
34
5.5 Using Standard Converters
Java Server Faces library, which is in the javax.faces.convert package, provides a

set of Converters, for examples [21]
 NumberConverter
This converter is attached to the text field and tells to format the current value
with at least two digits after the decimal point:
<h:inputText value=”#{payment.amount}”>
<f:convertNumber minFractionDigits=”2”/>
</h:inputText>
 DataTimeConverter
<h:outputText value=”#{payment.amount}”>
<f:convertDateTime pattern=”MM/yyyy”/>
</h:outputText>
In addition, other standard converts can be used in three ways:

 Ensure that the component using the converter has its value bound
to a backing bean property of the same type as the converter
 Add the converter to the component tag by using converted
attribute.
 Using converter by class or its ID using the converter attribute
Conversion Errors
When conversion errors occur, they can be seen by adding h:message

tags when using converters such as
<h:inputText id=”amount” label=”#{msgs.amount}”
value =”#{payment.amount}”/>
<h:message for=”amount”/>
Using Standard Validators
When using the standard validators, developers do not need to implement

any code to perform validation. They only can attach the standard validator tag inside a
tag representing a component of type UInput and provide the necessary constraints.
<h:inputText id=”card” value=”#{payment.card}”>

<f:validateLength minimum=”13”/>
</h:inputText>
When the text field is submitted, the validator checks that the string contains at least 13
characters. If the validation fails, validators produce error messages.
35
5.6 Programming with Custom Converters and Validators
By definition, a converter is a class converting between strings and object. When

developers want to use a converter, they need to write the Converter interface
There are two methods:[6]
 Object getAsObject(FacesContext context, UIComponent component,
String newValue)
This method is used when a string is sent from the client such as in a text field.
 String getAsString(FacesContext context, UIComponent component,
Object value)
This method converts an object into a string and is shown in the client interface.
One good example that uses customer conversion is Credit card converter.
Specify custom converters
First a developer adds <converter> tag in faces.config.xml file and specifies

converter using a ID. For instance, the developer uses the ID com.corejsf.CreditCard for
credit card converter.
<converter>
<converter-id> com.corejsf.CreditCard</converter-id>
<converter-class>com.corejsf.CreditCardConverter</converter-class>
</converter>
The developer implements a Payment Bean that has a property type CreditCard
public class PaymentBean{
private CreditCard card=new CreditCard(“”);

}
Then developer can use the f:converter tag and specify the converter ID:
<h:inputText value=”#{payment.card}”>
<f:converter converterId=” com.corejsf.CreditCard”/>
</h:inputText>
Specify custom validators
Like custom converters, when a developer wants to use validator, the developer
needs to implement the javax.faces.validator.Validator interface and register that
validator in a configuration file faces-config.xml. If validation fails, it generates a
FacesMessage describing the error.
36
If (validation fails){
FacesMessage message=….;
Message.setSeverity(FacesMessage.SEVERITY_ERROR);
Throw new ValidatorException(message);
Specify Custom Validators
In the configuration file,

<validator>
<validator-id> com.corejsf.CreditCard</validator-id>
<validator-class>com.corejsf.CreditCardValidator</validator-class
</validator>
and then you can use custom validators with the f:validator tag
For instance,
<h:inputText id=”card” value=”#{payment.card}” required=”true”>

<f:converter converterId=”com.corejsf.CreditCard”/>
<f:validator validatorId=”com.corejsf.CreditCard”/>
<h:inputText>
37
6.1 J2EE Platform Security Model
Security on the j2EE platforms is mainly declarative and is specified externally

from the application code. Security mechanisms used is expressed in a configuration file
called a deployment descriptor in an application. The main advantage of defining security
declaratively is that it is easy for developers to change these settings to match their
security policy.
In addition, j2EE security model, it provides a collection of security services to its
application and clients such as authorization, authentication mechanisms, and digital
certificates.
Let take a look in more detail at the j2EE security services provided
6.2 Web Tier Authentication
J2EE web containers provides three different authentication mechanisms [7]
 HTTP basic authentication

The username and password are used in this mechanism obtained from the web client
These two values are attached in the HTTP headers and are managed at the transport
layer sent to the web server.
 Form-based authentication
Developers create a form for receiving username and password and use this form to
transmit the information to the web container.
 HTTPS mutual authentication
The client and the server employ digital certificates to establish their identity over a
secure channel using SSL (Secure Sockets Layer)
6.3 EJB Tier Authentication
The EJB containers provide the ability to handle authentication between a client
and a web service endpoint implemented by an enterprise bean.
Web Service Security
In J2EE web services scenarios, they have some security requirements that need
to implement between a client and a service. In addition, it is important that when a client
makes a request to a service, then web service endpoints can securely access other J2EE
components such as entity beans, databases. As the service processes the client request,
service endpoints might need to interact with other web services in a secure manner.
Moreover, a secure web service includes more than securing initial interaction
between the client and the service. Developers also need to consider web service
endpoint’s subsequent interactions with other components. This means that whole
channel should be secure.
38
6.4 Security for Web Service Interactions
The J2EE platform has supported WS-I Basic Profile 1.0 specifications for secure
interoperable web service interactions. This specification involves the transport layer of
HTTPS to be combined with other mechanisms for basic and mutual authentication.
The j2EE platform offers web tier and EJB tier endpoints with similar security
mechanisms for web services.
Since the main requirement for a secure web service are authentication and setting
up a secure SSL channel for interaction and security can be applied to web services at
both transport-level and the message-level. Hence, let’s examine how to secure at
transport layer first.
6.4.1 Transport-Level Security
Secure Socket Layer (SSL) [10] is a popular standard for establishing a secure
connection between web browsers and web servers. In the SSL connection, data will be
encrypted before being sent and is decrypted on the receipt. Therefore, this SSL
mechanism is essential that web services should have for security reasons. SSL addresses
the following important security considerations.
 Authentication [7]: In a secure connection, the server will require

a set of credentials from the browser in the form of a username, password or a digital
certificate to verify that a claimed identity is genuine. In addition, the service might have
to access a set of components and resource such as enterprise beans (EJB), web service
endpoints, and databases. Thus, the components and resources might need to prove their
identity to the service.
 Confidentiality: This SSL mechanism ensures that the data from
the client to the server can not be viewed and intercepted by the third parties. The
message content is encrypted and is still confidential.
 Integrity: SSL helps guarantee that data will not be altered in
transit by the third party.
39
In addition, j2EE platform provides authentication mechanism in establishing an

HTTPS connection for Web service.
 The server authenticates itself to clients ,by setting up SSL and

make its certificate available.
 The client applies basic authentication over SSL connection.

 Mutual authentication is there are two certificates sent from the
server and the client so that both parties can authenticate to each
other.
Since a web service can be developed in the web tier and EJB tier, the secure
mechanisms are different in details when defining declarative settings in the deployment
descriptor file.
For web tier endpoint, a developer can indicate that the developer is setting up
SSL by defining all settings in the web.xml deployment descriptor. This setting enforces
an SSL interaction between the client and a web service endpoint.
An example of a web.xml application deployment descriptor that specifies that

SSL be used:
For example,
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>retailService</web-resource-name>
<url-pattern> /mywebservice</url-pattern>
<http-method> GET</http-method>
<http-method> POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee> CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
A user data constraint specifies a transport guarantee (<transport-guarantee> in the

deployment descriptor. The options for transport-guarantee include CONFIDENTIAL,
INTEGRAL, or NONE.
40
The strength of the required protection is defined by the value of the transport guarantee.
 Specify CONFIDENTIAL when the application requires that data be sent in order
to prevent other entities from motoring the contents of the transmission.
 Specify INTEGRAL when the application requires that data be sent between
client and server in a way that it can not be changed in transit.
 Specify NONE this means that the container must accept the constrained requests
on any connection.
Setting up SSL for EJB tier endpoints varies according to the particular
application server. For instance, in glassfish application server, a developer defines all
security settings in sun-ejb-jar.xml deployment descriptor.
There are two kinds of authentication employed in EJB: SSL server authentication and
SSL mutual authentication.
6.4.2 SSL Mutual authentication
In this case, both the client and the server verify the identity of each other by checking
certificates in mutual truststores.
For SSL mutual authentication, you need to specify the <login-config> element to
CLIENT-CERT. You also need to specify the <transport-gurantee> element to
CONFIDENTIAL. For instance,
<ejb>
<ejb-name>RetailerEjb</ejb-name>
<webservice-endpoint>
<port-component-name>RetailerEjb</port-component-name>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm>certificate</realm>
</login-config>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</webservice-endpoint>
</ejb>
Verifying SSL support
To test that SSL support has been properly installed, load the default page with a
URL connecting to the port defined in the server deployment descriptor.
https://localhost:8081/
41
The https indicates that the browser is using the SSL protocol and the local host
shows that a developer is running the example on local machine. The 8081 is secure port
defined.
Enable SSL in the application server
To enable SSL, we learn how to manage certificate files, which store the digital
certificates for all ssl participants including server, the client and CA.
Certificate Files and Tools
By default, the application server stores the certificate information in the

domain_dir/domain_name/config
1. KeyStore file, this file contains the application server’s digital certificate,
including private key. (keystore.jks)
2. Trust-store file, the file contains the application server’s trusted certificates,
including public keys for other entities. (cacerts.jks)++client certificate is self-signed.
Digital certificates are used with HTTPS protocol to authenticate web clients, the https
service of most web servers will not run unless a digital certificate has been installed.
***
Creating a server certificate
a server certificate has already been created for the application server. The certificate can
be found in the domain-dir/config/
If necessary, you can use keytool to generate certificates. The keytool utility stores the
keys and certificates in a file termed a keystore.
Specifying a secure connection in your application Deployment Descriptor
Running SSL
It is not strictly necessary to run an entire web application over SSL, and it is
customary for a developer to decide which pages require a secure connection and which
do not. Pages that might require a secure connection include login pages, personal
information pages, shopping cart, or credit card information pages.
Creating a server certificate

1. Create the keystore
2. Export the certificate from the keystore
3. Sign the certificate
4. Import the certificate into a trustore:(a repository of certificates) A trustore typically
contains more than one certificate
42
7. Supply chain management Architecture
7.1 Concept of supply chain management
Supply chain management [13] is a process that is still evolving and

developing in business world. This business process helps companies to ensure that
materials, information, and finances are moved in a process and there are customers,
supplier, manufacturers could work closely together to ensure that goods and services are
delivered as required, with appropriate quantity and effective cost.
In addition, there are five areas where companies use to decide that will
define the capability of there supply chains [11]
 Production
Companies need good strategies for managing all resources so that the
supply chain can be efficient, costs less and products are delivered with high quality and
value to customers. Moreover, the companies also need to know what products that
market wants, how much of which products should be produced and by when?
The facilities of production are warehouses. When warehouses are constructed with a lot
of excess capacity, they can be very flexible and respond rapidly to product demand.
However, excess capacity is not in use. This means that the more excess capacity exists,
the less efficient the operation becomes.
 Inventory
Inventory can be raw material or finished goods held by warehouses, manufacturers,
distributors, and retailer in a supply chain. Holding a large number of inventories can
make the supply chain very responsive to rise and fall in customer demand. On the other
hand, manufacturing inventory is a cost and the cost of inventory should remain as low as
possible.
 Location
This is another important factor that should be carefully considered. A manager
determines which locations should be the most efficient for production and storage of
inventory. The manager also needs to make a good decision and considers a range of
factors relating to location such as the cost of labor, the cost of facilities, taxes, skills, and
closeness to suppliers, manufacturers, warehouses, and customers.
 Transportation
Which modes of transport should be selected and how should inventory be traveled from
one location to another location. If airfreight delivery is selected, this choice can be very
fast, but it is expensive or if slow mode of transports such as ship and rail is chosen, it
can be cost efficient, but not very responsive.
43
 Information
With good information, managers can make better decisions about what to manufacture
and how much, where to place inventory and which mode of transport is the most
suitable. Information is used for two main reasons First, Coordinating daily activity,
Companies use data on product supply and demand to choose on weekly production
schedules, inventory levels, and locations. The second reason is to use for forecasting and
planning. Available data helps the companies to set monthly and quarterly production
schedules and timetables.
Supply chain management flows [14] are made of three important flows.
 The product flow
This flow involves the movement of producers from a supplier to
manufacturers to warehouse to a customer.
 The information flow
This flow consists of transmitting and updating the status of delivery.
 The financial flow
This flow contains credit terms, payment details and schedules, and
consignment.
44
Supply Chain Management Architecture
This Supply Chain Management Application consists of three different services

and one web application. These services are designed and architected separately and
brought them together using SOA and web services technologies. In order to fully
understand this application, several architectural diagrams are provided in different
aspects of the application such as flow of the application, uses cases, sequence
diagrams, and class diagrams. In addition, the technical descriptions and WSDL file of
this system are be presented.
7.2 Overall Requirements
1. The system allows everyone to browse every product in the catalog

2. Only registered customers can place an order, change a delivery address, and
make a payment.
3. JSF Login application includes a user authorization procedure that users need to
identify themselves using a login name and password.
4. There are two warehouses, which are FirstWarehouse and SecondWarehouse in
the supply chain management system.
5. Each database contains 200 products including their details.
6. There are five categories of products (Camera, Laptop, MobilePhone, Mp3, TV )
in each database.
7. There are two manufacturers in the manufacturer system
8. The retailer service has its own database and two warehouses also have their own
database Therefore, there are three databases in this whole system.
9. An order contains several line items; each line item is associated with a particular
product and a required quantity.
10. The consumer’s details (email, first name, last name, address) are known when
the user can log into the system successfully.
11. When a stock-level in a warehouse is lower than a threshold level, the warehouse
must invoke a manufacturer to product more products.
12. There are no minimum quantities.
13. The selected products and required quantities are sent from a JSF web application
to Retailer service and then are passed to Warehouse to fulfill request.
14. Customers can choose any products and also can remove any products if they
wish to do before placing an order.
15. When a customer has selected the products he/she wants, he/she can see the price
of each product and subtotal price.
16. A customer can browse products represented in many pages.
17. If the FirstWarehouse can not fulfill a request, the SecondWarehouse will be
invoked by a retailer service.
18. Only customers, who have credit cards, can make a payment.
19. In each order, the shipment can be either sent from FirstWarehouse or
SecondWarehouse.
20. The stock levels in FirstWarehouse and SecondWarehouse are updated when
Warehouses can fulfill requests.
45
7.3 Use Case Model for Supply Chain Management System
Figure 7 Use Case Model for Supply Chain Management Application

46
7.4 Use Case diagram
7.4.1UC1 Place a purchase order
Goal: A customer can go to the retailer web site and place a purchase order.
Preconditions: 1. Product Catalog Exists and it can be browsed on a browser without

logging in.
Success Conditions:
1. At least one product is shipped

2. The Retailer has invoked the warehouses to ship the available products
Failed Conditions
1. None of the items in the order can be fulfilled.
Actors: Retailer System, Customer
Path
1. The customer navigates to a catalog products page

2. The JSF application present a catalog products page, including details of products
3. The customer enters the number of selected product
4. The customer can whether remove the selected product or carry on buying a new
product until the customer is satisfied with the kind of products, quantities of
products.
5. The retailer’s system determine which warehouse can deliver each line item and
requests the warehouse to ship them
6. The retailer system sends the order back to the customer showing the line
items that have been shipped and quantities.
47
UC2 Inventory
Goal: To place selected products in a warehouse and send shipment back to the
retailer System.
Preconditions: None
Success Conditions:
1. For each line item, a warehouse is chosen to provide available quantity and that
warehouse sends shipment back to the retailer system.
2. A stock level in a warehouse is reduced by the quantity in the line item that is
accepted.
Failed Post Conditions: There is no stock availability in any warehouse
Actors: Retailer System
Path
1. A collection of line items is delivered to warehouseOne and requests warehouseOne to

ship those line items that are available.
2. Record the line items that warehouseOne has shipped and reduce the stock level of the
warehouseOne and then update the new value of the stock level.
Alternative1
1. If warehouseOne can not fullfill some line items, the request will be automatically
sent to warehouseTwo to ship those items that warehouseTwo has available.
2.Record the line items that warehouseTwo has shipped, and decrement the stock level of
the warehouseTwo and then update the new value of the stock level.
Alternative2
1. If warehouseTwo can not fulfill some line items, it will record that no warehouse
can ship those items.
48
7.4.3 U3: Create Line Items

Goal: The retailer system creates a set of line items in each order
Preconditions: The line items might be whether shipped from WarehouseOne or

WarehouseTwo
Success conditions: The retailer system creates a set of line items and they are delivered
back to the JSFweb application and the set of line items are shown on the browser.
Path
1. The retailer system receives the line items from warehouseOne or warehouseTwo.
2. Record the line items that are sent from WarehouseOne or warehouseTwo
3. The recorded line items are delivered to the JSFweb application and details of the
collection of line items are shown on the browser.
7.4.4 U4: Check ValidUser
Goal: A customer can change the delivery address and make a payment.
Preconditions: The customer has selected products they want.
Success conditions: The customer can change the delivery address and make a payment.
Failed conditions: The LoginFail Page is shown and tells the customer to login with a
valid email and password.
Path:
1. The customer fills in an email address and password
2. If the registered customer logs in with a valid email and password, the delivery
address will be shown.
U5: Change the Delivery Address
Goal: The customer can change the delivery address and the items will be sent to this
address
Preconditions:
1. The customer logged in successfully
Success conditions:
1. The customer can change the delivery address
Path:
1. The customer fills in a new address in a Change Delivery Address Form.
49
U6: Payment
Goal: The customer can make a payment
Preconditions:
1. The customer dispatch the address
Success conditions:
1. The customer can make a payment.
Path:
2. The customer fills in payment details in a Payment Form.
U7: Display order status
Goal: The customer can display order status
Preconditions:
1. The customer can make a payment
Success conditions:
1. The customer can see order status of products purchased
50
Supply Chain Management Glossary
Term Description
Catalog A list of electronic products
Customer A person who wishes to buy products from a retailer service
Product Item The details of a product, these are product number, product name,
price, quantity, brand , category, description
Line Item An item in an order ,which relates to a product(product number ,
quantity)
Order A collection of line items
Stock item The details of a product that is in a stock of a warehouse
(product number, stock level, minimum level, maximum level,
warehouse name, warehouse location)
Retailer A party offering products for sale
Warehouse A place storing products and maintains an inventory level for each
product and send line items back to a Retailer’s warehouses.
7.5 Retailer Web Service
The Retailer Web Service provides web service operations to access the catalog of
electrical products, validate Customer names, place orders, and create line items for each
order, change a customer’s delivery address, and make a payment.
Functions
 Check the User account and validate the password, if they are
correct, the order can be processed and line items can be created.
 Present a list of electrical products on the browser.
 Handle a request from a JSF web application and determine which
warehouse can fulfill the request.
Input Message: use name, password, list of selected products, quantities, the details of
customer delivery address, and payment details
Output Message: Order Confirmation showing the detail of selected order, the total price
of the order, quantities, customer name, the shipping address, and the anticipated
Delivery dates for the items of the order.
51
Operations/ Message Type / Parameters / Description (Retailer Service)
Operation Message Type Message Parameters Type

getSize input getSize
output getSizeResponse Int
fault CommunicationException Client
 getSize
Description
A call to this operation results in the Retailer returning the number of products in
a database, and it is sent to a browser showing the size of product items. There are no
input parameters.
Message Type Message Parameters Type

Operation
Delete Input Delete item ProductItem
output deleteResponse
Fault CommunicationException Client
Fault CannotBeDeletedException Client
Fault AlreadyExistsException Client
 delete
Description
This operation provides deletion of a particular item in a database.
Operation MessageType Message Parameters Type

Create input Create Item ProductItem
output createResponse
fault Communication Client
Exceptoin
fault AlreadyExistsException Client
Fault CannotBeCreated Client
Exception
 create
Description
This operation provides creation of a particular item in a database
52
Operation Messag Message Parameters Type

e
Type
findByPrimaryKey input findByPrimaryKey Key String
output findByPrimary
KeyResponse
Fault Communication Exception Client
 findByPrimaryKey
Description
This method is used to locate product Item objects with a primary key in a
retailer database.
Operation Message Message Parameters Type

Type
resetIndex input resetIndex resetFirstItem boolean
output resetIndexResponse
CommunicationException client
resetIndex
Description
Since there is a large number of product items that need to be displayed on a
browser, for an efficient reason, product catalogs are shown page by page rather than
shown in one large page. Hence, this operation is implemented and it is used to reset a
page counter to the first item, when resetFirstItem is true. This operation provides a
change of first item position that is sent to the start of a first page.

Type
getPageSize input getPageSize int
output getPageSizeResponse
CommunicationException client
 getPageSize
Description
This operation returns the page size, which is a default page size 20
Type
setPageSize Input setPageSize void
output setPageSizeResponse
Fault CommunicationException client
53
 setPageSize
Description
This operation is used to make sure that the size is more than zero.

Type
creatLineItems input creatLineItems Request OrderRequest
output createLineItemsResponse String
Fault CommunicationException Client
 createLineItems
Description
When a customer submits an order in form of a list of selected product items to

a retailer web service, this operation is invoked and the a list of selected product items
will be passed onto the warehouseOne web service in order to check which products
are available in the stock of warehouseOne, then the list of products with status are
sent back to the retailer web service.
This operation bring the list of product items with status from warehouseOne to
check whether which product can be shipped or which product does not enough
The product that is not enough will be delivered to warehouseTwo so that
warehouseTwo can check and fulfill an order.
After that, the list of product items with status from warehouseTwo will be
sent back to the retailer web service. In addition, this operation records a list of
product items in a database. To fulfill a request, shipment might be sent only from
warehouseOne or from warehouseTwo, or from both warehouses.
Finally, if it is successful, the successful String will be sent to a JSF web
application.

Type
requestLineItem input requestLineItem lineItem
output requestLineItemResponse
 requestLineItem
Description
When this operation is invoked, it returns a list of line items created in the
database of a retailer web service to the JSF web application so that a list of line items
can be displayed on a browser.
54

Type
getAllItems Input getAllItems
output getAllItemsResponse productItem
 getAllItems
Description
This operation returns a list of product items with their details to the browser in
form of a table of product catalog.

Type
getFirstItem input getFirstItem int
output getFirstItemResponse int
fault CommunicationException client
 getFirstItem
Description
This operation returns a firstItem position of a table to a browser.
Operation Message Message Type

Type Parameters
getLastItem Input getLastItem
output getLastItemResponse
 getLastItem
Description
This operation returns a LastItem position of a table to a browser.

Type Parameters
nextPage Input nextPage
output nextPageResponse
 nextPage
Description
This operation returns the current page index to a browser.
55

Type Parameters
getNextPage input getNextPage
output getNextPageResponse productItem
fault CommunicationException client
 getNextPage
Description
This operation returns the next page

Type
checkValidUser input checkValidUser LoginId String
output checkValidUserResponse password String
fault
 checkValidUser
Description
This operation is implemented to validate an email address and password. If a
registered customer fills in a correct email address and password, the registered customer
can log in so that he/she can make a payment or change a delivery address.

Type
printCustomerInfo input printCustomer
Info
output printCustomer List of
InfoResponse CustomerInfoRequest
fault
 printCustomerInfo
Description
This operation is used to print the details of customer and customer‘s address
including the details of required products, warehouse name, and warehouse location.

Type
ChangeDelivery input ChangeDeliveryAddress request Address
Address Request
output ChangeDeliveryAddress String

Response
fault
56
 ChangeDeliveryAddress
Description
This operation is used to update a delivery address, when a customer wishes to change
into a new address.
7.6 Warehouse Web Service
This Warehouse Web Service provides service operations for a Retailer Service to
access the stock of electronic goods, check the stock level and place required Line Items,
and send shipment back to the Retailer Web Service.
Operations/ Message Type / Parameters / Description (Retailer Service)
Operations Message Message Parameters Type

Type
ShipGoods input ShipGoods Request goodsRequest
output ShipGoodsResponse
 ShipGoods
Description
According to UC2 Inventory, when this ShipGoods operation is invoked, The
warehouseOne manages to check each line items in the order. If the stock level is higher
than the required quantity, the warehouseOne will record those lines items with status
indicating that which ones it does not have enough in the stock and which ones it can be
shipped in a database. This results in the reduction of stock level and is updated by a new
value.
Operations Message Message Parameters Type

Type
requestShipment input requestShipment
output requestShipmentResponse shipItem
 RequestShipment
Description
This operation results in the warehouse delivering shipment to the retailer service.
57
Design Overview
Figure 8 Supply Chain Management Application Architecture
As you can see, this system has two parts the presentation layer (JSF) and the
business logic (EJB Web Service).
In the first part of the system, JSF application provides presentation such as
PrintCatalog page and business processing is done by the Managed Beans. These beans
are in charge of delegating their functionalities to the Retailer Web Service.
58
Business Process
First, List page is displayed, it shows the product catalog. The customer can see the detail
of each product by clicking the link. To see detail of the product selected and then the
customer can fill the quantity of product. After filling the quantity,the
OrderControllerBean will be triggered and the add method is called. After that, the detail
of the product will be added into the Cart temporally. Then the Order Page is shown, it
show products details, its quantities,and subtotal. On Order Page, the customer can
remove products by clicking the link Remove or purchase more products by clicking the
button Continue Ordering. If the customer clicks the button Proceed, the system will ask
the customer to log into the system first. Since the system only allows a registered
customer to place an order. After the customer fills in email and password,
CustomerDetailBean will be triggered and CheckValidUser method is called. This
method has the logic code that invokes a CheckValidUser operation of Retailer Web
Service. The request is transmitted in a soap message and the message is sent to the
server. The server processes the request. If the email and password are valid, the delivery
address page will be shown and ask the customer to dispatch this address or the customer
has a chance to change an address by filling in the delivery address. After hitting the
dispatch-this-address-button, the CustomerDetailBean will be triggered again and the
method ChangeDeliveryAddress will be called If the customer fill in the new address and
hit the submit button. If the customer does not want to change the address, it will take the
customer to the Payment Page. On this page the customer needs to fill in the payment
details and after that the customer can see the order status of the product selected.
The OrderControllerBean will be triggered and the Method sendSelectedProductOrder is

called to invoke createLineItems operation of The Retailer Web Service. In this
createLineItems operation, it will pass the request to the FirstWarehouse web service in
order to check which line items are available and also check the stock level. If some line
items can not be fulfilled, the createLine Items operation will invoke the Shipgoods
operation of the SecondWarehouse web service to fulfill the request and the
SecondWarehouse will return the response to the Retailer web service. The retailer web
service will create LineItems and send all line items with its status back to the browser.
59
7.7 SEQUENCE DIAGRAM (JSF - Retailer)
Figure 10: Sequence Diagram for JSF Web Application and Retailer Service
60
7.8 SEQUENCE DIAGRAM (Retailer – Warehouse)
The interactions between the Retailer Service and WarehouseOne, WarehouseTwo
Figure 11 Sequence Diagram for Retailer Service, FirstWarehouse, and

SecondWarehouse
61
8 Detailed design and Coding
Before exploring the details of design, it is helpful to look at a service from a high
level in terms of layers: an interaction layer and a processing layer [7]
The service interaction layer comprises the endpoint interface that the service
exposes to clients. This layer has the logic for delegating requests to business logic and
can formulate responses. In addition, when this layer obtains requests from clients, it
performs required preprocessing before delegating requests to the business logic. After
completing the business logic, the interaction layer returns the response to the client.
Another layer is the service processing layer. It holds all business logic in order to
process client requests including the function for integration with EIS such as a database.
Figure 12 Layered View of a Web Service

62
Figure 13 Layered View of a Supply Chain Management Application
Now, let’s take a look at Figure 13, it can be clearly seen those responsibilities of each
service and its interface endpoint type: Web tier end point and EJB service endpoint.
A JAX-WS service endpoint interface is added to the JSF web application. When
a client makes requests by placing an order on a web browser, the Retailer Web Service
receives the request and this service delegates the request from the web application and
passes it to FirstWarehouse Web Service. After that, the FirstWarehouse processes the
request and return the response to the Retailer Web Service again. Each service
communicates to each other through web service interface.
As it can be seen that the retailer service has many responsibilities, it begins with
processing the request from the client (Service Interaction layer), delegates to another
service, and receives the response from the First Warehouse. The service uses EJB
service endpoint (the service processing layer) to integrate with the Retailer database for
creating line items for each order.
63
Sample Code in the Retailer web service
@WebServiceRef(wsdlLocation =
"http://localhost:8090/WarehouseBeanService/WarehouseBean?wsdl")
private WarehouseBeanService service;
// this JAX-web service client use WebServiceRef annotation to reference
Warehouse service interface.
ac.uk.warehouse.model.WarehouseBean port = service.getWarehouseBeanPort();
bc.warehouse2.SecondWarehouseBean port1 =service1.getSecondWarehouseBeanPort();
// TODO initialize WS operation arguments here
ac.uk.warehouse.model.GoodsRequest goodsrequest = new
ac.uk.warehouse.model.GoodsRequest();
bc.warehouse2.GoodsRequest goodsRequest2 = new bc.warehouse2.GoodsRequest();
// Retailer Web Service receives an empty list from the firstWarehouse though
goodsrequest operation.
List<SelectedProductRequest> selection =goodsrequest.getSelectedProduct();
List<bc.warehouse2.SelectedProductRequest>selectp=goodsRequest2.getSelectedProduc
t();
List<uk.ac.model.service.SelectedProductRequest>
select=request.getSelectedProduct();
for(int i=0; i<select.size(); i++){

SelectedProductRequest selected=new SelectedProductRequest();
selected.setProductId(select.get(i).getProductId());
selected.setQuantity(select.get(i).getQuantity());
selection.add(selected);
}
// Delegate the request from the JSF web application and pass it to the
FirstWarehouse web service.
port.shipGoods(goodsrequest);
In addition, in the figure 21, Retailer web service has two web service clients using their
interfaces, referencing to FirstWarehouse and SecondWarehouse. This means that this
Retailer Web Service is able to interact with both Warehouses.
Each warehouse web service only has an EJB tier endpoint for integrating with its own
database in order to check the stock level.
64
8.1 Service endpoint Design
There are some considerations that a developer should think while designing the interface
of a web service such as choosing the endpoint type
There are two approaches to developing the interface of a web service

1. Java-to-WSDL (bottom up)
It starts from implementing java classes for the web service and from these create WSDL
description of the service.
2. WSDL-to-Java
It starts with designing a WSDL document that describes the details of the web service
interface and use this information to build java interfaces.
Comparison
With java-to-wsdl approach, if a developer starts from a java class, and then creates a
WSDL document. It is probably easier approach and the developer can be sure that the
implementation class has the desirable java data types, because the developer does not
need to know any WSDL details , the vendor provides tools to create the WSDL
description. However, with this approach, the developer will has less control of the XML
schema.
With the java-to-WSDL approach, the developer has total control over what XML
schema is used, but has less control over what the classes it uses will contain and the
developer also needs to have a good knowledge of WSDL file.
A good knowledge of WSDL is required to properly describe these web services.
WSDL-to-Java approach gives you a powerful way to expose a stable service interface
that developers can evolve with relative ease. Not only does it gives developer greater
design flexibility.
65
User Interface
This JSF web application is designed to display large results on a web browser.
Users are allowed to browse a hundred of product items or even a thousand of product
items using multiple pages rather than all at once. Therefore, the pattern Value List
Handler is used in this application. First lets show how this pattern works and
how it can be applied.
8.2 Value List Handler Design Pattern
This pattern is useful when the results is large, for instance, a search in an online
product catalog containing hundred thousand products. When an application returns huge
queried data to a client, it might take the client long time to retrieve that large data. The
application can encounter scalability and performance problems.
It offers an efficient way while retrieving huge amounts of records from the
database. This pattern is used when:
 A client is interested in browsing a small portion of the list results by viewing

only first few pages
 The entire list can not fit in memory and on the client display
 It takes the client too much time for retrieving the data.
In the pattern, the result is not returned all at once, but is returned with small chunks of
data multiple times iteratively to the client. It is recommended to use Data Access
Objects (DAO) rather than Entity Beans, since by nature ejb has an overhead. This
overhead can obstruct application performance if the application yields huge results.
Moreover, using Enterprise javaBeans finder methods may produce a lot of
overhead when used to find huge numbers of results objects and EJB finder methods also
are not suitable for caching.
JSF Web application
Lets consider a database of Retailer web service. It is populated with 200 product
items and this JSF web application shows 20 product items in each page. This sample
code below demonstrates the usage of this pattern.
66
Pagination using Java Persistence
List<ItemType> getItems(boolean all, String entityName)throws

CommunicationException{
javax.persistence.Query query= em.createQuery("select object(o) from " +
entityName + " as o");
if(!all){
query.setMaxResults(getPageSize());
query.setFirstResult(getFirstItem(entityName));
}
return query.getResultList();
This getItems method can return a list of product item results. It has methods that a
developer can use to specify the chuck of a list the developer needs. These methods are
 setMaxResults(int maxResult)
This method helps the developer to set the maximum number of results to retrieve.
 setFirstResult(int startPosition)
This method helps the developer to set the position of the first result to retrieve.
In addition, the interface ListHandlerBusincessService is implemented in order to

control query execution functionality and result caching. The result can be returned as a
small collection of product items.
Take a look in this interface, this interface provides iteration facility with the some
important methods:
public int getSize() throws CommunicationException;

// Obtain the size of the result set
public void setPageSize(int size) throws CommunicationException;
public int getFirstItem() throws CommunicationException;

// Obtain the first item of the result set
public int getLastItem() throws CommunicationException;
// Obtain the lastitem of the result set
public int getPageSize() throws CommunicationException;
// Obrtain the default page size (20 product items)
public void resetIndex(boolean resetFirstItem) throws CommunicationException;
// Reset the index to the start of the list
public List<ItemType> getNextPage() throws CommunicationException;
67
8.3 Designed Detail (Client tier- Server tier)
Figure 14 Client tier and Server tier in a supply chain management
In the server tier, the Interface ListHandlerBusinessService is designed and implemented

to provide iterator functionality. It helps to handle a huge number of product items and
cache them from a query execution. Consequently, the small list of product items can be
sent back to the client tier avoid using too much memory that can affect performance.
The interface CRUDBusinessService provides a basic interaction with a database
such create, update, and delete methods.
In addition, the CRUDBusinessServiceCommon abstract class has inherited the
characteristic of dealing with large result sets. This abstract class manages to keep track
of the current query being executed, the start and end position of the list of product items,
the page size, the number of list items to retrieve at a time.
This design offers reusability and scalability to the system when the system gets
more complicated and a developer can easily change the code in the server tier and do not
affect much in the client tier due to its interface.
68
ProductItemBSBean class provides a service endpoint interface or a single of

contact to the client tier to communicate with the backend business system using soap
protocol.
In the client tier, Web service client ProuctItemBSBean is added in the JSF web
application. This makes the JSF web application is able to talk to the other services in the
server tier when client makes requests and receives response back from the back-end
system.
The BrowseProduct class handles business logic and product data sent from the
server tier and passes them to user interface. This class provides an efficient way to
separate the presentation and business logic using JSF technologies.
The Structure of Value List Handler Pattern
Figure 15 Value List Handler class Diagram

69
Figure 16 Value List Handler Sequence Diagram

70
8.4 Benefits of Value List Handler pattern
 Caches query results on server side

The result set obtained from a query execution has to be cached as a client only shows a
subset of results, not entire results. The caching facility provided by the value list pattern
is used to hold the result set gained from a query execution. As the client makes a
request to the server, the handler session bean returns the requested results as a collection
of Transfer objects. When the client needs an additional subset of results, the handler
session bean will be asked to return another collection that contains the required results.
Since the handler bean offers the client with navigation facilities (previous and next page)
in order that the result can be viewed forward and backward.
 Improve network performance

The result with a small portion can be returned iteratively instead of entire portion
immediately. This can increase network performance. The client can display the first few
pages of results and discard the query. The network bandwidth is not wasted, since the
result is cached on the server side and is not sent to the client.
Detailed Retailer Class diagram can be found in Appendix C

71
8.5 Detailed Design for a Secure Supply Chain Application
Figure 17 Secure Supply Chain Application model
In secure supply chain application model, it can be seen clearly that the supply chain
application is a typical business-to-consumer (B2C) model of a retailer service providing
electronic products to customers through (JSF web application) Between Retailer Service
and two warehouse services is a typical business-to-business (B2B) model.
1. There are many interactions between the client and retailer web service, some
particular interactions must be secure and encrypted so that unauthorized entities
can not manage to intercept the data, and can not read or alter the data. For
example, when a client makes a request and calls CheckValidUser operation on
Retailer web service. All sensitive data such as username (email address),
password are protected and encrypted. When a client logs in or in the payment
page, payment details are encrypted in order to avoid authorized access. As a
result, HTTPS is set up during these interactions.
72
2. The security requirements at the back-end system (are different from security
requirements at front-end system.(a typical business-to-consumer(B2C))
Confidentiality and integrity need to be implemented to ensure private
communication between the retailer service and two warehouses web services by
encrypting the message content so that a third party or man-in-the-middle-attack
can not read or tamper.
As retailer web service passes a SOAP request by invoking ShipGoods operation on

EJB warehouse service endpoint so as to check the stock level and ship the available line
items ,quantities, and status back to the retailer web service. The retailer service must
prove its identity to the FirstWarehouse at the same time, the FirstWarehouse must prove
its identity to the retailer service to ensure that both parties are legitimate and genuine
and data has not been tampered.
For the reason above, two-way authentication or mutual authentication is
employed between these interactions by setting up SSL between the retailer
service and FirstWarehouse web service.
In addition, the same principle and same security requirements are used between
the retailer web services and SecondWarehouse web services.
The detail of mutual authentication is provided in the previous Chapter.
73
9. Testing
1. Functional Testing
Functional testing is performed in this project and the tests are carried out manually over
a web browser in order to ensure that each functional requirement is met.
FR1. User Log-in Validation
Only a registered customer with a valid email address and password can login
so that the customer can change a delivery address, make a payment.
Input Pass/Fail Comments

Email:mms06@aber.ac.uk Pass A registered customer
Password:divingpadi
Email:mmseeee4rr.uk Pass A customer who is not, registered, is not

Password: mssfre allowed to place an order, change
a delivery address or make a payment
FR2. Change a delivery address
Input Pass/ Fail Comments

housename:123 Pass a customer will be ask
street: oxford street to fill in country and
city: Manchester postcode
country: (empty)
postcode: (empty)
housename:1245 Pass a delivery address is
street: liver changed
city: Leed
postcode: sy23 a23
FR3. Browsing a product catalog
Test Description Pass/ Fail Comments

A user is able to browse Pass
every product in every
page
74
FR4. Check quantity
Input Pass/Fail Comments

bb Pass Show a warning message
‘bb’ is not a number
23 Pass Go to the next page
75
10 Application Demonstrations
The following shows a demonstration of the Supply Chain Management Application

The product Catalog Page:
Figure 18: Product Catalog Page

76
Figure 19 Different page of product catalog

77
Figure 20 List of MP3 items

78
The Detail Page:
The user can see the product detail and enter quantity
Figure 21: Product Detail Page

79
The Login Page
Figure 22 log in Page
Login Fail Page
Figure 23 Login Fail Page

80
Delivery Address Page:
Figure 24 delivery address Page

81
The Order Page:
Figure 25: Order Page
The Order Status Page:
Figure 26: The Order Status

82
The Payment Page
Figure 27 Payment Page
Database view of Shipment and items status sent from FirstWarehouse
Figure 28 Shipment and items status in FirstWarehouse

83
Database view of Shipment and items status sent from SecondWarehouse
Figure 29 Shipment and items status in SecondWarehouse

84
11. Tools used in this project
I used several tools in this project as listed below:
Purpose Tool
UML/ Design diagrams Microsoft Office Word 2003
Integrated development environment(IDE) NetBeans IDE 6.1
Editor EditPlus 2.10c
Application Server Glassfish v2
Database server Java Derby Database
Document writing Ms Word 2003
Java SDK SDK 1.6
How to run the application
There are three databases used in this application

1. Database for RetailST Service
2. Database for FirstWarehouse Service
3. Database for SecondWarehouse Service
It is required to populate data in these three databases first before running the
services, otherwise there will be no data in three databases and an exception will
be shown on a browser after running the application
Steps
1. Run the ProductDatabaseSetup project to populate data for RetailST Service
2. Run the FirstWH project to populate data for FirstWarehouse Service
3. Run the SecondWH project to populate data for SecondWarehouse Service
4. Deploy the RetailST project
5. Deploy the FirstWarehouse project
6. Deploy the SecondWarehouse project
7. Run the JSFwebApps project
85
12 Change the approach
1. Top-down design approach.

This approach starts from designing XML schema, creates WSDL, and then publishes
WSDL. At the end, create a web service from a WSDL file and use BPEL business
process for managing each web service.
2. Bottm-up design approach

This approach starts from designing java classes first, and uses JAX-WS to create web
services. This approach is faster and easier, especially you are new to web services.
However, there are some strengths and weaknesses of each approach
BPEL
1. Developers need to have good understanding of developing SOA and the
concept of service composition and BPEL orchestration.
2. It is easy to manage web services in BPEL process, a developer does not need
to write the code for invoking and some interactions between services.
3. it takes a lot of time to understand a new language (BPEL)
12.1 Problems
I have spent a large amount of time to investigate and evaluate SOA developer’s
tools based on top-down approach (BPEL) from Oracle and Sun Microsystems to
determine which tools would be the best and fit supply chain management’s
requirements.
I have found these tools lacking in several areas:
 Tools offer a confusing mix of features, and functions and it can be worse when
tool vendors provide a little guidance and technical documents to use their tools in
SOA environments. For instance, SOA development tool from Sun Microsystems
provides very little tutorial how to solve a problem when exception occurs in
BPEL process.
 The tools require an extensive skills, backgrounds, and architectural experiences
such as developing SOA application using Oracle tool, a developer needs to have
a good knowledge in Java, XML, XQuery, EJB, BPEL, WSDL and its proprietary
extensions.
 It is very time-consuming to learn different tools and understand how to use tools
with different application server and different configurations and deployments.
Since the vendors’ tools are inherently tied to their own application servers, and
they don’t work well with each other. For instance, WSDL generated from Sun
(NetBean IDE) might not be able to use in Oracle tool( Jdeveloper). Oracle adds
proprietary elements to their WSDL.
86
 Deal with the complexity of deploying and managing services.

 It is difficult to debug when an exception occurs. For instance, Using Oracle SOA
suite tool, bugs can occur in BPEL process, in Java codes, or at run-time in Oracle
BPEL Process Manager.
 Tools need more features to simplify service development
12.2 Solutions
 Change the approach to develop a SOA application without using BPEL process
in order to improve productivity and performance due to time limitation.
12.3 Future directions

 Add more functions in my supply chain management application such as supplier
services.
 Security- meet all security requirements such mutual authentication (SSL) at
transport-level and also try to implement security at the message-level.
 BPEL- now this language is still evolving, wait until this language is more mature
and have more supports in integration.
 I wish to change the Java Derby Database into Oracle Database 11g Enterprise
Edition. Since Oracle database provides more functionality and has a better
security features.
12.4 What I have learned

 BPEL
 Oracle database and Oracle SOA suite
 SOA
 JSF
 Jdeveloper (IDE)
 Web Service Security
 SOA design approach
87
Critical Evaluation and Conclusions
This project has achieved its aim as set out at the beginning. It shows how to implement a
simple SOA-based application. However, some requirements such as security
mechanisms (SSL, https, and mutual authentication) had been implemented but they were
not successful due to time restrictions and the problems rose from my own machine. I
hope that these security requirements will be implemented in next improvement.
According to the project plan, I spent a large amount of time to investigate and learn how
to develop SOA application using top-down design approach, BPEL language was used
in the business logic part of the system. However, it still has some weaknesses as BPEL
is still evolving and SOA developer’s tools are not mature enough for solving some
integration problems between user interface and business logic part. These might have
increased the time of implementation. I decided to change the approach from top-down
design approach (BPEL) to buttom-up design approach for the SOA-based application.
This objective of this project is to develop a simple Supply Chain management

application based on SOA using Web Service technologies. The front end of the system
used a typical business-to-consumer (B2C) model and the back-end of the system used a
typical business-to-business (B2B) model. In addition, The IDE tool used in this project
is NetBean 6. 1,the application server is Glassfish v2, and the database used is java derby
database.
Value List Handler design pattern have been used in this project. It helps to increase the
system performance, reusability, maintainability, and scalability. The user interface is
designed for easy access. A customer does not need to look through every product.
Although this design provides a lot of benefits, the back-end system was implemented
using Web services technology. This rose the number of interactions between client and
the service. I tried to avoid having too many interactions as much as it was possible.
In addition, JSF is used for user interface development. The reason of using JSF is it
simplifies development by offering a component-centric approach to developing web user
interfaces. JSF also ensures that applications are well designed by integrating the Model-
View-Controller (MVC) design pattern.
Since this application is based on SOA, this application is loosely coupled, reusable, and
interoperable. It is easy for a developer to extend and add more functions or services
regardless of how web service is implemented and accessed. Nonetheless, this application
is not a complete supply chain management application due to time limitation. It does not
have some services such as manufacturers or suppliers service.
88
There were a lot of re-design and change of implementation due to the approach. (Top-
down design approach and buttom-up design approach). The important factor of
developing SOA application is a developer needs to know that which approach is most
suitable for application’s requirements and knows strengths and weaknesses of each
approach.
Only functional Tests and integration tests have been performed in this project due to
time limitation.
Through my real SOA experience, it might not always true that SOA’s provides cost and
time benefits. Every though SOA has many benefits, another import factor that needs to
be considered is skills and architectural experiences of SOA developers. SOA
development requires extensive skills of developers, the developer should have a good
knowledge in Java, XML, XQuery, EJB, BPEL. WSDL and its proprietary extensions for
top-down design approach
89
Bibliography
[1] David Geary and Cay Horstmann, (2007), Core Java Server Faces second
edition, Indiana, prentice hall
[2] Monson-Haefel R. and Bill Burke (2006), Enterprise JavaBeans 3.0, Fifth
Edition, O’Reilly Media, Inc., CA
[3] Mark D. Hansen (2007), SOA Using Java Web Services, Pearson Education,
USA
[4] Scott Anderson (2003), “Supply Chain Management Use Case Model “
[5] JavaServer Faces Technology,

http://java.sun.com/javaee/5/docs/tutorial/doc/index.html
[6] Mcgovern J and Tyagi s, et al. (2003), Java Web Services Architecture, San
Francisco, CA: Morgan Kaufmann, 2003
[7] Signgh I and Brydon S, et al., Designing Web Services with the J2EE 1.4
Platform, California, 2004
[8] XML and Web Services Security,

http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Security7.html
[9] Understanding WS-Security

http://msdn.microsoft.com/en-us/library/ms977327.aspx
[10] Establishing a secure Connection using ssl

http://java.sun.com/javaee/5/docs/tutorial/doc/bnbxw.html#bnbxz
[11] Basic Concepts of Supply Chain Management chapter 1.

http://catalogimages.wiley.com/imaages/db/pdf/R0471235172.01.pff
[12] Web Services For Your Supply Chain

http://www.decisioncraft.com/dmdirect/webservicessuplychain.htm
90
[13] Supply Chain Management

http://www.cips.org/documents/Supply_Chain_Management.pdf
[14] Supply Chain Management

http://www.eccouncil.org/docs/SCM.pdf
[15] Best practices to improve performance using Patterns in j2EE

Value List Handler
http://www.precisejava.com/javaperf/j2ee/Patterns.htm
[16] Design Patterns Handling Large Database Results Sets

http://www.kruse-it.de/publications/WLDJ-3-2004-ArticleOnly.pdf
[17] Core j2EE Patterns- Value List Handler
http://java.sun.com/blueprints/corej2eepatterns/Patterns/ValueListHandler.html
[18] Matjaz B. Juric (2006), Business Process Execution Language for Web Services
, Second edition, Packt Publishing Ltd, UK
[19] Sample WSDL document

http://www.w3.org/2001/04/wsws-proceedings/uche/wsdl.html
[20] Understanding WSDL
http://msdn.microsoft.com/en-us/library/ms996486.aspx
[21] Using the standard Converters and Validators

http://java.sun.com/j2ee/1.4/docs/tutorial/doc/JSPage7.html
[22] Implementing a JAX-WS 2.0 web service

http://edocs.bea.com/wls/docs100/webserv/jaxws.html
[23] Service-Oriented Architecture and Web Services: Concepts, Technologies, and

Tools
http://java.sun.com/developer/technicalArticles/WebServices/soa2/SOATerms.html
[24] An Overview of Service-oriented Architecture Web Services and Grid
Computing
http://h71028.www7.hp.com/ERC/downloads/SOA-Grid-HP-WhitePaper.pdf
[25] The Composition Approach for Large-Scale SOA

http://www.tibco.com/resources/solutions/soa/pushtotest_soa_wp.pdf
[26] Roger S.(2005), Software Engineering A Practitioner’s Approach, Sixth edition,

McGraw-Hill, Singapore.
91
[27] E-supply Chain Orchestration using web service technologies A case using
BPEL4WS
[28] Supply Chain Management Use Case Model
http://www.ws-i.org/SampleApplications/SupplyChainManagement/2002-
11/SCMUseCases-0.18-WGD.pdf
92
Appendix A- Warehouse Class Diagram

93
Appendix B- Retailer Service Class Diagram and their exception classes

94
Appendix-C-the transition diagram of the JSF application

95
Appendix- D JSF web application Class Diagram

96

MSC Dissertation

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

MSC Dissertation

Hochgeladen von

Copyright:

Verfügbare Formate

1

1.1 Aim and Objectives

The purpose of this dissertation is to develop a supply chain management

The research involves:

 Investigate the best approach in developing SOA application such as

1.2 Scope of work

1.3 Arrangement and Contents

Here is a summary of these chapters and how they work together.

2. Software development methodology

Software development methodology is a framework that is applied to plan, and

After I studied the specific nature of my project, I decided to choose an

 It is essential to reduce inherent project risk by breaking a project into

2.2 The incremental model

Figure1 the incremental Model

The first increment

The second increment

The third increment

2.3 Project plan

NO. Task Name Date

1. Project Preliminary study (SOA) and proposal

3. Concept of SOA and Web Service

3.1 Service Oriented Architecture (SOA)

Figure2. A Service-Oriented Architecture

A service-oriented architecture [18] is an architectural approach supporting loosely

3.2 Why SOA

There are many good reasons to take an SOA approach. [23]

3.3 SOA, Web Services and BPEL

3.4 SOA design and Development

To implement SOA application [24]

 Identify the different units of business logic and units of work to be

 Describe events that services would be producing or consuming.

 Build workflows to enable service choreograph

3.5 Business Processes BPEL

Developing Business Processes with BPEL

Business processes are processes that compose a collection of services. A

A BPEL process is made up of steps. Each step is called an activity. Activities

BPEL Business Process Example (A simple business supply chain management)

Figure 3 BPEL process for business supply chain management

I have defined a simple business process for business supply chain

3.6 Web Service Overview

A web service is a remote application, which is accessed by clients using

Web services use Internet technology for system interoperability, which is

3.7 Benefits of Web Services

SOAP Message Structure

Figure 4 SOAP Message Structure

Example of soap message

<?xml version='1.0' ?>

A SOAP message is a XML document containing The optional <Header>

The envelope element

The <Header> element [2]

The Body element

The Fault element

3.9 WSDL (Web Services Description Language)

Figure 5 shows WSDL document: a conceptual representation

Sample WSDL document [18]

<message name="GetEndorsingBoarderRequest"> <part name="body"

<fault> <soap:body use="literal" namespace="http://schemas.snowboard-

<service name="EndorsementSearchService"> <documentation>snowboarding-info.com

3. portTypes: represents operation name, input, and output parameters.

The following request-response messaging:

Services: describes a group of ports or endpoints.

4.1 Enterprise Bean

Benefits of Enterprise Beans