Beruflich Dokumente
Kultur Dokumente
1. Introduction
The main objective of this project is to develop a simple supply chain management
application. Therefore, this application does not show the application in a real life
scenario and it only can meet minimum requirements indentified in this project in order
to reduce the complexities of the system. This simple supply chain management avoids
developing many components. In addition, there are some securities requirements need to
be considered.
2
Waterfall model
This model is a sequential development process; it begins with customer
specification of requirements and progress through planning, designing,
coding, testing, maintenance and deployment. It is appropriate when the
requirements of a problem are well understood.
Incremental model
This model supports the iterative and incremental development, which the
various parts of the system are developed at different times and integrated as
they are completed.
Spiral model
This model is suitable for large, expensive and complicated projects
Agile model (Extreme Programming)
This model is suitable for ongoing changes to requirements. They believe that
adaptability to changing requirements anytime during project life is more realistic than
defining all requirements at the beginning of a project. The model also involves
developers doing pair-programming.
2.1 My approach
At the beginning, the system has only basic requirements, for instance,
A simple retail service system can fulfill requests from customers through a web
browser.
The simple JSF web application and a simple retail service were developed in this
increment with a simple user interface. The user only can place an order with the
limitation of number of product provided.
5
The fourth increment, the security requirements needs to be considered and there is a re-
design, and more functions and more services are implemented including testing.
6
Summarize
According to the project plan table, the project plan is divided into 10 stages
It can be clearly seen that I spent a large amount of time investigating SOA approach,
development tools, BPEL language at the first part of this project. Then I found the
problems and changed the approach in developing a supply chain management
application based on SOA so that I was able to complete the project.
8
SOA is not a new architecture; it has been around for years related to the integration,
development, and maintenance of complex enterprise applications. The use of SOA
approach is to improve and extend the flexibility of integration methods (EAI) and
distributed architecture and reusability of existing applications.
The characteristic that makes SOA different from other architecture is loose coupling.
This means that the way a client communicates with the service does not depend on the
implementation of the service. The client does not need to know what language the
service is coded or what platform the service runs on.
But what is new is the web service based on SOA. A web service is a service
communicating with client through a set of protocols and technologies in an
interoperable, technology-agnostic manner. Hence web services are well-suited as the
basis for a service-oriented environment and most often implemented with web services.
9
Scalability
Services in SOA are loosely coupled, thus it easy to enlarge applications using these
services. That because there are few dependencies between the requesting application and
the services it uses.
Flexibility
Because SOA services are loosely coupled, they are more flexible than tightly-coupled
applications. The components of an application are not tightly bound to each other. This
makes it easy to change the application in order to meet new business requirements. The
loosely-coupled, asynchronous nature of services in a SOA makes application flexible.
Location transparency
Location transparency is another main characteristic of SOA architecture. A service
implementation can be moved from location to location without client’s knowledge. This
increases service availability and performance.
10
SOA [27] describes the communication pattern between services, functions and
their operations. The service itself and interactions between services are defined using a
description language such as web service description language (WSDL). Each interaction
is loosely-coupled. Thus, web service technology is main foundation of developing SOA
application. This project focuses on orchestration of a supply chain management. By the
definition, orchestration illustrates how web services can interact with each other at the
message level including the business logic.
According to research, BPEL is a language for specifying with web services.
Hence BPEL is main important component used in developing SOA application.
To have a good understanding in developing a SOA application, it is important to
know details of using BPEL and it will be presented in details on the topic Business
Process.
To build a SOA application, first of all, a developer needs to break out the
different pieces of business logic into services.
The service can be:
Defined by well-published interfaces.
Loosely coupled
Entities encapsulating reusable business functions
In a SOA application, services communicate with each other using different message
exchange patterns (one-way, synchronous and asynchronous)
BPEL [18] (Business Process Execution Language) has become one of the most
important language for developing SOA application. It is a language used for
composition, orchestration, and coordination of web services. It offers rich functions to
manage the behavior of business processes. BPEL also introduces a new concept into
application development. Developers can do programming in the large rather than do
programming in the small using traditional approach. This BPEL concept allows
developers to create business processes quickly by only defining in which services will
be invoked. This makes applications become more flexible to the changes in business
processes.
BPEL Concepts
In addition, the interface of new BPEL web service uses a set of port types, which
it offers operations like any other web services.
To make the BPEL concepts clear, lets look at a BPEL business process Example of a
simple supply chain management.
12
Reusability
Web services play a big role in improving software reusability in organizations. Web
services can wrap legacy application, databases, and objects then expose them as
services. In addition, web services are built on interoperable and ubiquitous standard.
Freedom of choice
Web services standards have created a huge marketplace for tools, products, and
technologies. Organizations have a wide range of options to select configurations that
best meet their requirements. Furthermore, developers can boost their productivity rather
than using their own solutions. They have a chance to choose from a market of
application components.
Support more client types
Since web services offer interoperability, there are more choices in supporting more
client types regardless of the platform: Java or Microsoft or it can be based even on a
wireless platform.
Interoperability in a heterogeneous environment
Web services allow different distributed services to run across different software
platforms and architectures and web services also can be implemented in different
languages.
Location Transparency
A client can find a service and does need to care where the service is located. Thus, an
organization is able to move services to different machines. Developers also can move
code from one platform to another.
14
3.8 SOAP
For Web services, the protocol that is used called SOAP. Soap is a distributed
object protocol based on XML. It is defined by its own XML schema and depended on
XML namespaces.
<p:departing>New York</p:departing>
<p:arriving>Los Angeles</p:arriving>
<p:departureDate>2001-12-14</p:departureDate>
<p:departureTime>late afternoon</p:departureTime>
<p:seatPreference>aisle</p:seatPreference>
</p:departure>
<p:return>
<p:departing>Los Angeles</p:departing>
<p:arriving>New York</p:arriving>
<p:departureDate>2001-12-20</p:departureDate>
<p:departureTime>mid-morning</p:departureTime>
<p:seatPreference/>
</p:return>
</p:itinerary>
<q:lodging
xmlns:q="http://travelcompany.example.org/reservation/hotels">
<q:preference>none</q:preference>
</q:lodging>
</env:Body>
</env:Envelope>
This element acts like a container for the body element and header
element. The envelop element is used to indicate the start and the end of the message to
the receiver. When the receiver find the </Envelope> tag, it understand that the message
has ended.
The body contains the actual message such as a complete purchase order
sent from the consumer to provider. The message can be RPC style describing details
about procedure and parameters.
This element is embedded in the body and is used to carry error and status
information within a SOAP message. It indicates a problem while processing the
message. Such a message is called a SOAP fault. Problems can be application-specific
(username not found) or system issues such as the problem of finding a host name.
This fault element has two subelements
1. A mandatory fault code element, showing the common errors.
2. A mandatory fault string element, giving a human-readable explanation of errors.
<definitions name="EndorsementSearch"
targetNamespace="http://namespaces.snowboard-info.com"
xmlns:es="http://www.snowboard-info.com/EndorsementSearch.wsdl"
xmlns:esxsd="http://schemas.snowboard-info.com/EndorsementSearch.xsd"
xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
xmlns="http://schemas.xmlsoap.org/wsdl/" >
<!-- omitted types section with content model schema info -->
<input>
<soap:body use="literal" namespace="http://schemas.snowboard-
info.com/EndorsementSearch.xsd"/>
</input>
<output> <soap:body use="literal" namespace="http://schemas.snowboard-
info.com/EndorsementSearch.xsd"/>
</output>
18
In WSDL, there are three elements describing all abstract definitions of the Web
Service interface.
1. Types: contains the language-independent data type definitions using XML schema
the key structure of the types element is
<definitions>
<types>
<xsd:schema../>
</types>
</definitions>
There are two elements of type MathInput (Add, Subtract) and two elements of type
MathOutput (AddResponse, SubtractResponse).
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:y="http://example.org/math/"
xmlns:ns="http://example.org/math/types/"
targetNamespace="http://example.org/math/"
>
19
<types>
<xs:schema
targetNamespace="http://example.org/math/types/"
xmlns="http://example.org/math/types/"
>
<xs:complexType name="MathInput">
<xs:sequence>
<xs:element name="x" type="xs:double"/>
<xs:element name="y" type="xs:double"/>
</xs:sequence>
</xs:complexType>
<xs:complexType name="MathOutput">
<xs:sequence>
<xs:element name="result" type="xs:double"/>
</xs:sequence>
</xs:complexType>
<xs:element name="Add" type="MathInput"/>
<xs:element name="AddResponse" type="MathOutput"/>
<xs:element name="Subtract" type="MathInput"/>
<xs:element name="SubtractResponse" type="MathOutput"/>
</xs:schema>
</types>
...
</definitions>
3. messages: can serve as the input and output parameters for the service .
The content of a message depends on the interaction between the consumer and the
service. For instance, if you define an RPC style service, the message parts is represented
by listing parameters.
<definitions
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:y="http://example.org/math/"
xmlns:ns="http://example.org/math/types/"
targetNamespace="http://example.org/math/"
>
...
<message name="AddMessage">
<part name="parameter" element="ns:Add"/>
</message>
20
<message name="AddResponseMessage">
<part name="parameter" element="ns:AddResponse"/>
</message>
<message name="SubtractMessage">
<part name="parameter" element="ns:Subtract"/>
</message>
<message name="SubtractResponseMessage">
<part name="parameter" element="ns:SubtractResponse"/>
</message>
...
</definitions>
<portType name="MathInterface">
<operation name="Add">
<input message="y:AddMessage"/>
<output message="y:AddResponseMessage"/>
</operation>
</portType>
In addition, one-way message style contains only an input element, but no output element
and fault element.
Bindings: describes the concrete details of a portType, the type of encoding
used to send and receive messages, and protocol that SOAP messages are carried. The
key structure of a binding element is shown below
<binding name="MathSoapHttpBinding" type="y:MathInterface">
<soap:binding style="document"
transport="http://schemas.xmlsoap.org/soap/http"/>
<operation name="Add">
<soap:operation
soapAction="http://example.org/math/#Add"/>
<input>
<soap:body use="literal"/>
21
</input>
<output>
<soap:body use="literal"/>
</output>
</operation>
...
</binding>
<service name="MathService">
<port name="MathEndpoint" binding="y:MathSoapHttpBinding">
<soap:address
location="http://localhost/math/math.asmx"/>
</port>
</service>
22
An Enterprise java bean [2] is a key server-side component used for distributed
applications. It provides a standard model for implementing server components
representing business process. Such as purchasing order, inventory process. Furthermore,
these distributed components do not have to reside on the same server, they can reside in
wherever it is suitable in order to reduce latency or maximize reliability.
Entity beans
Entity beans represent business objects and are mapped to tables in a relation database.
These entity beans objects can be allocated, and sent across the network. They are
persistent, have primary keys and can have relationships with other entity beans.
JAX-WS 2.0 fully supports the java architecture for XML binding (jaxb)
specification and jaxb offers a way to bind a xml schema to a
representation in java code. This is easy for developers to integrate xml
data and processing functions in applications without knowing much
about xml.
.
24
For example,
import javax.ejb.Stateless;
import javax.jws.WebService;
@Stateless
@WebService(name =”TravelAgent”)
public class TravelAgentBean{
@WebMethod(operationName= “Reserve”)
Public String makeReservation(){
}
}
A service endpoint interface is a java interface declaring the methods that a client
can invoke on the service. A JAX-WS client can use the @javax.xml.ws.WebServiceRef
annotation to reference a service endpoint interface directly.
For example,
@WebServiceRef(wsdlLocation=
"http://localhost:8090/ProductItemsBSBeanService/ProductItemsBSBean?wsdl")
25
Java Server Faces Technology (JSF) [1] is a server-side user interface framework,
which simplifies the creation of java web applications. It offers a set of APIs for
representing UI components, state management, event handling, input validation, and
internationalization support. Furthermore, it also provides custom tag libraries for
expressing UI components in a JSP Page in order to wire up components to server-side
objects.
Ease-of-Use
JSF framework is based on Model-View-Controller architecture (MVC),
offering a clean separation between presentation and business logic
This facilitates each member in a development team to focus on his or her own piece
of development process. For instance, page authors who specialize in graphic design
can design look and feel of web application using the Java Server Faces tag libraries.
This leads to a division of labor and brings a rapid development cycle.
Standardization
JSF technology is a standard framework for constructing a server-side
user interface application. It is being developed through the Java Community Process
under JSR-127. Many respected tools vendors are committed to supporting JSF
technology in their tools.
26
Device Independency
JSF technology is flexible and maintainable. It defines component
functionality in extensible UI component classes, and allows component developers
to extend the component classes to produce their own component tag libraries for
specific clients.
A set of JSF pages, which is a JSP page that has JSF tags. It uses custom tags to
express the user interface components.
A set of backing beans, which are javabeans components, expose properties and
functions for UI components on the page
A configuration file ,which is faces-config.xml file
It could be a set of custom objects implemented by the web developer such as
custom components, validators, converters, or listeners.
In JavaServer Faces development, the application code is written in beans and the design
is in web pages. First, look at beans
5.2 Managed-Beans
Bean is a class that exposes properties and events. In a bean class, properties can
be any attribute of a bean such as a name, a type, and methods for getting and setting the
property value. Bean is used when a developer need to wire up java classes with web
pages or configuration files.
For instance, in this UserBean class, there are two properties, name and password.
<managed-bean>
<managed-bean-name>user </managed-bean-name>
<managed-bean-class>com.corejsf.UserBean</managed-bean-class>
<managed-bean-scope>session</managed-bean-scope>
</managed-bean>
This above means the object named User is created in com.corejsf.UserBean and it is
alive for the duration of the session for all requests that stem from the same client.
<h:inputSecret value=”{user.password}”/>
This input filed reads and updates the password property of the user bean. The beans are
produced according to the managed-bean elements in the configuration file.
JSF pages
In typical JSF pages, it mostly starts with the tag library declarations
5.3 Navigation
Navigation is a set of rules, which tell the JSF application that which page needs
to be displayed next after the button in the form has been submitted.
In this example, when the user clicks the login button,the page is changed from
the index.jsp page to welcome.jsp page.
28
<navigation-rule>
<from-view-id>/index.jsp</from-view-id>
<navigation-case>
<from-outcome>login</from-outcome>
<to-view-id>/welcome.jsp</to-view-id>
</navigation-case>
</navigation-rule>
In the from-outcome tag, the value login matches the action attribute of the command
button of the index.jsp page
<h:commandButton value=”Login” action=”login”/>
There are a number of important JSF tags used in this web application
An example from List.jsp
<f:view>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<!-- We use the url tag to make sure the correct path is found for the resource -->
<c:url value="/styles.css" var="stylesUrl"/>
<!-- The out tag will convert the expression language statement into text that is
used as the href value -->
<link href='<c:out value="${stylesUrl}"/>' rel="stylesheet"
type="text/css"/>
<title>
<h:outputText value="#{msgs.ProductItemDetailsTitlepage}"/>
</title>
</head>
<body>
<center>
<h:graphicImage value="/images/banner.jpg"/>
<h:form>
<center>
<h:outputText value="#{msgs.ProductItemDetailsTitlepage}"
styleClass="emphasis"/>
<h:panelGroup rendered="#{BrowseProduct.itemcount > 0 }">
<!-- Display the Items n..m of pages list. Note the use of parameters -->
<h:outputFormat value="#{msgs.pagePreviousNext}">
<f:param value="#{BrowseProduct.firstItem + 1}"/>
<f:param value="#{BrowseProduct.lastItem}"/>
<f:param value="#{BrowseProduct.itemcount}"/>
</h:outputFormat>
<h:outputText value=" "/>
<h:commandLink action="#{BrowseProduct.prev}"
value="#{msgs.previous} #{BrowseProduct.pageSize}"
rendered="#{BrowseProduct.firstItem >= BrowseProduct.pageSize}"/>
<h:outputText value=" "/>
<h:commandLink action="#{BrowseProduct.next}"
value="#{msgs.next} #{BrowseProduct.pageSize}"
rendered="#{BrowseProduct.lastItem + BrowseProduct.pageSize <=
BrowseProduct.itemcount}"/>
<h:outputText value=" "/>
<h:commandLink action="#{BrowseProduct.next}"
value="#{msgs.remaining} #{BrowseProduct.itemcount -
BrowseProduct.lastItem}"
rendered="#{BrowseProduct.lastItem < BrowseProduct.itemcount &&
BrowseProduct.lastItem + BrowseProduct.pageSize > BrowseProduct.itemcount}"/>
<br />
<!-- We now display the data -->
<h:dataTable value='#{BrowseProduct.items}' var='item'
styleClass="evenRow" headerClass="columnHeader"
columnClasses="evenRow,oddRow">
<h:column headerClass="columnHeader">
<h:graphicImage url="#{item.imageurl}"/>
</h:column>
<h:column headerClass="columnHeader">
<f:facet name="header">
<h:outputText value="#{msgs.productHeader}"/>
</f:facet>
<h:outputText value="#{item.productnumber}"/>
</h:column>
30
<h:column headerClass="columnHeader">
<f:facet name="header">
<h:outputText value="#{msgs.nameHeader}"/>
</f:facet>
<h:outputText value="#{item.productname}"/>
</h:column>
<h:column headerClass="columnHeader">
<f:facet name="header">
<h:outputText value="#{msgs.categoryHeader}"/>
</f:facet>
<h:outputText value="#{item.category}"/>
</h:column>
<h:column headerClass="columnHeader">
<f:facet name="header">
<h:outputText value="#{msgs.priceHeader}"/>
</f:facet>
<h:outputText value="#{item.price}"/>
</h:column>
<h:column headerClass="columnHeader">
<f:facet name="header">
<h:outputText value="Show details"/>
</f:facet>
<center>
<h:commandLink value="#{msgs.show}"
action="#{BrowseProduct.detailSet}">
<f:param name="currentProductItem" value="#{item.productid}"/>
</h:commandLink>
</center>
</h:column>
</h:dataTable>
</h:panelGroup>
</h:form>
</center>
</f:view>
31
These are three basic tags used to display text and images
h:outputText
This tag produces text and a developer can specify many attributes attached to it. For
example, converter, id, rendered, styleClass, value
<h:outputText value="#{msgs.ProductItemDetailsTitlepage}"/>
The value from Message.properties file will be accessed and displayed by using
outputText.
h:graphicImage
This tag helps to generate an image
<h:graphicImage value="/images/banner.jpg"/>
h:outputFormat
This tag is used for displaying output with parameters specified in the body of the
tag
For example,
<h:outputFormat value=”{0} is{1} high”>
<f:param value=”This building” />
<f:param value=”very”/>
</h:outputFormat>
Links
h:commandLink
The h:commandLink tag produces an HTML anchor element that acts like a
submit button.
<h:commandLink value="TV" action="tv"/>
32
PanelGroup
<h:panelGrid column=”2”>
<h:panelGroup>
<h:inputText id=”name” value=”#{user.name}”>
<h:message for=”name” />
</h:panelGroup>
</h:panelGrid>
33
Data Tables
h:dataTable tag
Java Server Faces offers a powerful tag called h:dataTable used for creating Tables
while iterating the data from a backing bean. This tag can iterate over the collection or
array of values.
While h:dataTable iterates, it create each item in the list and the name of the item
is specified with h:dataTable’s attribute.
<h:column headerClass="columnHeader">
<f:facet name="header">
<h:outputText value="#{msgs.productHeader}"/>
</f:facet>
<h:outputText value="#{item.productnumber}"/>
</h:column>
</h:dataTable>
NumberConverter
This converter is attached to the text field and tells to format the current value
with at least two digits after the decimal point:
<h:inputText value=”#{payment.amount}”>
<f:convertNumber minFractionDigits=”2”/>
</h:inputText>
DataTimeConverter
<h:outputText value=”#{payment.amount}”>
<f:convertDateTime pattern=”MM/yyyy”/>
</h:outputText>
Conversion Errors
When the text field is submitted, the validator checks that the string contains at least 13
characters. If the validation fails, validators produce error messages.
35
This method is used when a string is sent from the client such as in a text field.
String getAsString(FacesContext context, UIComponent component,
Object value)
This method converts an object into a string and is shown in the client interface.
One good example that uses customer conversion is Credit card converter.
<converter>
<converter-id> com.corejsf.CreditCard</converter-id>
<converter-class>com.corejsf.CreditCardConverter</converter-class>
</converter>
The developer implements a Payment Bean that has a property type CreditCard
public class PaymentBean{
Then developer can use the f:converter tag and specify the converter ID:
<h:inputText value=”#{payment.card}”>
<f:converter converterId=” com.corejsf.CreditCard”/>
</h:inputText>
Like custom converters, when a developer wants to use validator, the developer
needs to implement the javax.faces.validator.Validator interface and register that
validator in a configuration file faces-config.xml. If validation fails, it generates a
FacesMessage describing the error.
36
If (validation fails){
FacesMessage message=….;
Message.setSeverity(FacesMessage.SEVERITY_ERROR);
Throw new ValidatorException(message);
and then you can use custom validators with the f:validator tag
For instance,
The EJB containers provide the ability to handle authentication between a client
and a web service endpoint implemented by an enterprise bean.
In J2EE web services scenarios, they have some security requirements that need
to implement between a client and a service. In addition, it is important that when a client
makes a request to a service, then web service endpoints can securely access other J2EE
components such as entity beans, databases. As the service processes the client request,
service endpoints might need to interact with other web services in a secure manner.
Moreover, a secure web service includes more than securing initial interaction
between the client and the service. Developers also need to consider web service
endpoint’s subsequent interactions with other components. This means that whole
channel should be secure.
38
The J2EE platform has supported WS-I Basic Profile 1.0 specifications for secure
interoperable web service interactions. This specification involves the transport layer of
HTTPS to be combined with other mechanisms for basic and mutual authentication.
The j2EE platform offers web tier and EJB tier endpoints with similar security
mechanisms for web services.
Since the main requirement for a secure web service are authentication and setting
up a secure SSL channel for interaction and security can be applied to web services at
both transport-level and the message-level. Hence, let’s examine how to secure at
transport layer first.
Secure Socket Layer (SSL) [10] is a popular standard for establishing a secure
connection between web browsers and web servers. In the SSL connection, data will be
encrypted before being sent and is decrypted on the receipt. Therefore, this SSL
mechanism is essential that web services should have for security reasons. SSL addresses
the following important security considerations.
For example,
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>retailService</web-resource-name>
<url-pattern> /mywebservice</url-pattern>
<http-method> GET</http-method>
<http-method> POST</http-method>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee> CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
</web-app>
The strength of the required protection is defined by the value of the transport guarantee.
Specify CONFIDENTIAL when the application requires that data be sent in order
to prevent other entities from motoring the contents of the transmission.
Specify INTEGRAL when the application requires that data be sent between
client and server in a way that it can not be changed in transit.
Specify NONE this means that the container must accept the constrained requests
on any connection.
Setting up SSL for EJB tier endpoints varies according to the particular
application server. For instance, in glassfish application server, a developer defines all
security settings in sun-ejb-jar.xml deployment descriptor.
There are two kinds of authentication employed in EJB: SSL server authentication and
SSL mutual authentication.
In this case, both the client and the server verify the identity of each other by checking
certificates in mutual truststores.
For SSL mutual authentication, you need to specify the <login-config> element to
CLIENT-CERT. You also need to specify the <transport-gurantee> element to
CONFIDENTIAL. For instance,
<ejb>
<ejb-name>RetailerEjb</ejb-name>
<webservice-endpoint>
<port-component-name>RetailerEjb</port-component-name>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
<realm>certificate</realm>
</login-config>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</webservice-endpoint>
</ejb>
To test that SSL support has been properly installed, load the default page with a
URL connecting to the port defined in the server deployment descriptor.
https://localhost:8081/
41
The https indicates that the browser is using the SSL protocol and the local host
shows that a developer is running the example on local machine. The 8081 is secure port
defined.
To enable SSL, we learn how to manage certificate files, which store the digital
certificates for all ssl participants including server, the client and CA.
1. KeyStore file, this file contains the application server’s digital certificate,
including private key. (keystore.jks)
2. Trust-store file, the file contains the application server’s trusted certificates,
including public keys for other entities. (cacerts.jks)++client certificate is self-signed.
Digital certificates are used with HTTPS protocol to authenticate web clients, the https
service of most web servers will not run unless a digital certificate has been installed.
***
Creating a server certificate
a server certificate has already been created for the application server. The certificate can
be found in the domain-dir/config/
If necessary, you can use keytool to generate certificates. The keytool utility stores the
keys and certificates in a file termed a keystore.
Specifying a secure connection in your application Deployment Descriptor
Running SSL
It is not strictly necessary to run an entire web application over SSL, and it is
customary for a developer to decide which pages require a secure connection and which
do not. Pages that might require a secure connection include login pages, personal
information pages, shopping cart, or credit card information pages.
Production
Companies need good strategies for managing all resources so that the
supply chain can be efficient, costs less and products are delivered with high quality and
value to customers. Moreover, the companies also need to know what products that
market wants, how much of which products should be produced and by when?
The facilities of production are warehouses. When warehouses are constructed with a lot
of excess capacity, they can be very flexible and respond rapidly to product demand.
However, excess capacity is not in use. This means that the more excess capacity exists,
the less efficient the operation becomes.
Inventory
Inventory can be raw material or finished goods held by warehouses, manufacturers,
distributors, and retailer in a supply chain. Holding a large number of inventories can
make the supply chain very responsive to rise and fall in customer demand. On the other
hand, manufacturing inventory is a cost and the cost of inventory should remain as low as
possible.
Location
This is another important factor that should be carefully considered. A manager
determines which locations should be the most efficient for production and storage of
inventory. The manager also needs to make a good decision and considers a range of
factors relating to location such as the cost of labor, the cost of facilities, taxes, skills, and
closeness to suppliers, manufacturers, warehouses, and customers.
Transportation
Which modes of transport should be selected and how should inventory be traveled from
one location to another location. If airfreight delivery is selected, this choice can be very
fast, but it is expensive or if slow mode of transports such as ship and rail is chosen, it
can be cost efficient, but not very responsive.
43
Information
With good information, managers can make better decisions about what to manufacture
and how much, where to place inventory and which mode of transport is the most
suitable. Information is used for two main reasons First, Coordinating daily activity,
Companies use data on product supply and demand to choose on weekly production
schedules, inventory levels, and locations. The second reason is to use for forecasting and
planning. Available data helps the companies to set monthly and quarterly production
schedules and timetables.
Supply chain management flows [14] are made of three important flows.
The product flow
This flow involves the movement of producers from a supplier to
manufacturers to warehouse to a customer.
The information flow
This flow consists of transmitting and updating the status of delivery.
The financial flow
This flow contains credit terms, payment details and schedules, and
consignment.
44
Goal: A customer can go to the retailer web site and place a purchase order.
Success Conditions:
Failed Conditions
Path
UC2 Inventory
Goal: To place selected products in a warehouse and send shipment back to the
retailer System.
Preconditions: None
Success Conditions:
1. For each line item, a warehouse is chosen to provide available quantity and that
warehouse sends shipment back to the retailer system.
2. A stock level in a warehouse is reduced by the quantity in the line item that is
accepted.
Path
Alternative1
1. If warehouseOne can not fullfill some line items, the request will be automatically
sent to warehouseTwo to ship those items that warehouseTwo has available.
2.Record the line items that warehouseTwo has shipped, and decrement the stock level of
the warehouseTwo and then update the new value of the stock level.
Alternative2
1. If warehouseTwo can not fulfill some line items, it will record that no warehouse
can ship those items.
48
Path
1. The retailer system receives the line items from warehouseOne or warehouseTwo.
2. Record the line items that are sent from WarehouseOne or warehouseTwo
3. The recorded line items are delivered to the JSFweb application and details of the
collection of line items are shown on the browser.
Goal: A customer can change the delivery address and make a payment.
Success conditions: The customer can change the delivery address and make a payment.
Failed conditions: The LoginFail Page is shown and tells the customer to login with a
valid email and password.
Path:
1. The customer fills in an email address and password
2. If the registered customer logs in with a valid email and password, the delivery
address will be shown.
Goal: The customer can change the delivery address and the items will be sent to this
address
Preconditions:
1. The customer logged in successfully
Success conditions:
1. The customer can change the delivery address
Path:
1. The customer fills in a new address in a Change Delivery Address Form.
49
U6: Payment
Preconditions:
1. The customer dispatch the address
Success conditions:
1. The customer can make a payment.
Path:
2. The customer fills in payment details in a Payment Form.
Preconditions:
1. The customer can make a payment
Success conditions:
1. The customer can see order status of products purchased
50
Term Description
Catalog A list of electronic products
Customer A person who wishes to buy products from a retailer service
Product Item The details of a product, these are product number, product name,
price, quantity, brand , category, description
Line Item An item in an order ,which relates to a product(product number ,
quantity)
Order A collection of line items
Stock item The details of a product that is in a stock of a warehouse
(product number, stock level, minimum level, maximum level,
warehouse name, warehouse location)
Retailer A party offering products for sale
Warehouse A place storing products and maintains an inventory level for each
product and send line items back to a Retailer’s warehouses.
The Retailer Web Service provides web service operations to access the catalog of
electrical products, validate Customer names, place orders, and create line items for each
order, change a customer’s delivery address, and make a payment.
Functions
Check the User account and validate the password, if they are
correct, the order can be processed and line items can be created.
Present a list of electrical products on the browser.
Handle a request from a JSF web application and determine which
warehouse can fulfill the request.
Input Message: use name, password, list of selected products, quantities, the details of
customer delivery address, and payment details
Output Message: Order Confirmation showing the detail of selected order, the total price
of the order, quantities, customer name, the shipping address, and the anticipated
Delivery dates for the items of the order.
51
getSize
Description
A call to this operation results in the Retailer returning the number of products in
a database, and it is sent to a browser showing the size of product items. There are no
input parameters.
delete
Description
This operation provides deletion of a particular item in a database.
create
Description
This operation provides creation of a particular item in a database
52
findByPrimaryKey
Description
This method is used to locate product Item objects with a primary key in a
retailer database.
resetIndex
Description
Since there is a large number of product items that need to be displayed on a
browser, for an efficient reason, product catalogs are shown page by page rather than
shown in one large page. Hence, this operation is implemented and it is used to reset a
page counter to the first item, when resetFirstItem is true. This operation provides a
change of first item position that is sent to the start of a first page.
getPageSize
Description
This operation returns the page size, which is a default page size 20
Operation Message Message Parameters Type
Type
setPageSize Input setPageSize void
output setPageSizeResponse
Fault CommunicationException client
53
setPageSize
Description
This operation is used to make sure that the size is more than zero.
createLineItems
Description
requestLineItem
Description
When this operation is invoked, it returns a list of line items created in the
database of a retailer web service to the JSF web application so that a list of line items
can be displayed on a browser.
54
getAllItems
Description
This operation returns a list of product items with their details to the browser in
form of a table of product catalog.
getFirstItem
Description
This operation returns a firstItem position of a table to a browser.
getLastItem
Description
This operation returns a LastItem position of a table to a browser.
nextPage
Description
This operation returns the current page index to a browser.
55
getNextPage
Description
This operation returns the next page
checkValidUser
Description
This operation is implemented to validate an email address and password. If a
registered customer fills in a correct email address and password, the registered customer
can log in so that he/she can make a payment or change a delivery address.
printCustomerInfo
Description
This operation is used to print the details of customer and customer‘s address
including the details of required products, warehouse name, and warehouse location.
ChangeDeliveryAddress
Description
This operation is used to update a delivery address, when a customer wishes to change
into a new address.
This Warehouse Web Service provides service operations for a Retailer Service to
access the stock of electronic goods, check the stock level and place required Line Items,
and send shipment back to the Retailer Web Service.
ShipGoods
Description
According to UC2 Inventory, when this ShipGoods operation is invoked, The
warehouseOne manages to check each line items in the order. If the stock level is higher
than the required quantity, the warehouseOne will record those lines items with status
indicating that which ones it does not have enough in the stock and which ones it can be
shipped in a database. This results in the reduction of stock level and is updated by a new
value.
RequestShipment
Description
This operation results in the warehouse delivering shipment to the retailer service.
57
Design Overview
As you can see, this system has two parts the presentation layer (JSF) and the
business logic (EJB Web Service).
In the first part of the system, JSF application provides presentation such as
PrintCatalog page and business processing is done by the Managed Beans. These beans
are in charge of delegating their functionalities to the Retailer Web Service.
58
Business Process
First, List page is displayed, it shows the product catalog. The customer can see the detail
of each product by clicking the link. To see detail of the product selected and then the
customer can fill the quantity of product. After filling the quantity,the
OrderControllerBean will be triggered and the add method is called. After that, the detail
of the product will be added into the Cart temporally. Then the Order Page is shown, it
show products details, its quantities,and subtotal. On Order Page, the customer can
remove products by clicking the link Remove or purchase more products by clicking the
button Continue Ordering. If the customer clicks the button Proceed, the system will ask
the customer to log into the system first. Since the system only allows a registered
customer to place an order. After the customer fills in email and password,
CustomerDetailBean will be triggered and CheckValidUser method is called. This
method has the logic code that invokes a CheckValidUser operation of Retailer Web
Service. The request is transmitted in a soap message and the message is sent to the
server. The server processes the request. If the email and password are valid, the delivery
address page will be shown and ask the customer to dispatch this address or the customer
has a chance to change an address by filling in the delivery address. After hitting the
dispatch-this-address-button, the CustomerDetailBean will be triggered again and the
method ChangeDeliveryAddress will be called If the customer fill in the new address and
hit the submit button. If the customer does not want to change the address, it will take the
customer to the Payment Page. On this page the customer needs to fill in the payment
details and after that the customer can see the order status of the product selected.
Figure 10: Sequence Diagram for JSF Web Application and Retailer Service
60
Before exploring the details of design, it is helpful to look at a service from a high
level in terms of layers: an interaction layer and a processing layer [7]
The service interaction layer comprises the endpoint interface that the service
exposes to clients. This layer has the logic for delegating requests to business logic and
can formulate responses. In addition, when this layer obtains requests from clients, it
performs required preprocessing before delegating requests to the business logic. After
completing the business logic, the interaction layer returns the response to the client.
Another layer is the service processing layer. It holds all business logic in order to
process client requests including the function for integration with EIS such as a database.
Now, let’s take a look at Figure 13, it can be clearly seen those responsibilities of each
service and its interface endpoint type: Web tier end point and EJB service endpoint.
A JAX-WS service endpoint interface is added to the JSF web application. When
a client makes requests by placing an order on a web browser, the Retailer Web Service
receives the request and this service delegates the request from the web application and
passes it to FirstWarehouse Web Service. After that, the FirstWarehouse processes the
request and return the response to the Retailer Web Service again. Each service
communicates to each other through web service interface.
As it can be seen that the retailer service has many responsibilities, it begins with
processing the request from the client (Service Interaction layer), delegates to another
service, and receives the response from the First Warehouse. The service uses EJB
service endpoint (the service processing layer) to integrate with the Retailer database for
creating line items for each order.
63
@WebServiceRef(wsdlLocation =
"http://localhost:8090/WarehouseBeanService/WarehouseBean?wsdl")
private WarehouseBeanService service;
// this JAX-web service client use WebServiceRef annotation to reference
Warehouse service interface.
ac.uk.warehouse.model.WarehouseBean port = service.getWarehouseBeanPort();
bc.warehouse2.SecondWarehouseBean port1 =service1.getSecondWarehouseBeanPort();
// TODO initialize WS operation arguments here
ac.uk.warehouse.model.GoodsRequest goodsrequest = new
ac.uk.warehouse.model.GoodsRequest();
bc.warehouse2.GoodsRequest goodsRequest2 = new bc.warehouse2.GoodsRequest();
// Retailer Web Service receives an empty list from the firstWarehouse though
goodsrequest operation.
List<SelectedProductRequest> selection =goodsrequest.getSelectedProduct();
List<bc.warehouse2.SelectedProductRequest>selectp=goodsRequest2.getSelectedProduc
t();
List<uk.ac.model.service.SelectedProductRequest>
select=request.getSelectedProduct();
In addition, in the figure 21, Retailer web service has two web service clients using their
interfaces, referencing to FirstWarehouse and SecondWarehouse. This means that this
Retailer Web Service is able to interact with both Warehouses.
Each warehouse web service only has an EJB tier endpoint for integrating with its own
database in order to check the stock level.
64
There are some considerations that a developer should think while designing the interface
of a web service such as choosing the endpoint type
2. WSDL-to-Java
It starts with designing a WSDL document that describes the details of the web service
interface and use this information to build java interfaces.
Comparison
With java-to-wsdl approach, if a developer starts from a java class, and then creates a
WSDL document. It is probably easier approach and the developer can be sure that the
implementation class has the desirable java data types, because the developer does not
need to know any WSDL details , the vendor provides tools to create the WSDL
description. However, with this approach, the developer will has less control of the XML
schema.
With the java-to-WSDL approach, the developer has total control over what XML
schema is used, but has less control over what the classes it uses will contain and the
developer also needs to have a good knowledge of WSDL file.
A good knowledge of WSDL is required to properly describe these web services.
WSDL-to-Java approach gives you a powerful way to expose a stable service interface
that developers can evolve with relative ease. Not only does it gives developer greater
design flexibility.
65
User Interface
This JSF web application is designed to display large results on a web browser.
Users are allowed to browse a hundred of product items or even a thousand of product
items using multiple pages rather than all at once. Therefore, the pattern Value List
Handler is used in this application. First lets show how this pattern works and
how it can be applied.
This pattern is useful when the results is large, for instance, a search in an online
product catalog containing hundred thousand products. When an application returns huge
queried data to a client, it might take the client long time to retrieve that large data. The
application can encounter scalability and performance problems.
It offers an efficient way while retrieving huge amounts of records from the
database. This pattern is used when:
In the pattern, the result is not returned all at once, but is returned with small chunks of
data multiple times iteratively to the client. It is recommended to use Data Access
Objects (DAO) rather than Entity Beans, since by nature ejb has an overhead. This
overhead can obstruct application performance if the application yields huge results.
Moreover, using Enterprise javaBeans finder methods may produce a lot of
overhead when used to find huge numbers of results objects and EJB finder methods also
are not suitable for caching.
Lets consider a database of Retailer web service. It is populated with 200 product
items and this JSF web application shows 20 product items in each page. This sample
code below demonstrates the usage of this pattern.
66
This getItems method can return a list of product item results. It has methods that a
developer can use to specify the chuck of a list the developer needs. These methods are
setMaxResults(int maxResult)
This method helps the developer to set the maximum number of results to retrieve.
setFirstResult(int startPosition)
This method helps the developer to set the position of the first result to retrieve.
In the client tier, Web service client ProuctItemBSBean is added in the JSF web
application. This makes the JSF web application is able to talk to the other services in the
server tier when client makes requests and receives response back from the back-end
system.
The BrowseProduct class handles business logic and product data sent from the
server tier and passes them to user interface. This class provides an efficient way to
separate the presentation and business logic using JSF technologies.
In secure supply chain application model, it can be seen clearly that the supply chain
application is a typical business-to-consumer (B2C) model of a retailer service providing
electronic products to customers through (JSF web application) Between Retailer Service
and two warehouse services is a typical business-to-business (B2B) model.
1. There are many interactions between the client and retailer web service, some
particular interactions must be secure and encrypted so that unauthorized entities
can not manage to intercept the data, and can not read or alter the data. For
example, when a client makes a request and calls CheckValidUser operation on
Retailer web service. All sensitive data such as username (email address),
password are protected and encrypted. When a client logs in or in the payment
page, payment details are encrypted in order to avoid authorized access. As a
result, HTTPS is set up during these interactions.
72
2. The security requirements at the back-end system (are different from security
requirements at front-end system.(a typical business-to-consumer(B2C))
Confidentiality and integrity need to be implemented to ensure private
communication between the retailer service and two warehouses web services by
encrypting the message content so that a third party or man-in-the-middle-attack
can not read or tamper.
9. Testing
1. Functional Testing
Functional testing is performed in this project and the tests are carried out manually over
a web browser in order to ensure that each functional requirement is met.
Only a registered customer with a valid email address and password can login
so that the customer can change a delivery address, make a payment.
10 Application Demonstrations
The user can see the product detail and enter quantity
Purpose Tool
UML/ Design diagrams Microsoft Office Word 2003
Integrated development environment(IDE) NetBeans IDE 6.1
Editor EditPlus 2.10c
Application Server Glassfish v2
Database server Java Derby Database
Document writing Ms Word 2003
Java SDK SDK 1.6
Steps
1. Run the ProductDatabaseSetup project to populate data for RetailST Service
2. Run the FirstWH project to populate data for FirstWarehouse Service
3. Run the SecondWH project to populate data for SecondWarehouse Service
4. Deploy the RetailST project
5. Deploy the FirstWarehouse project
6. Deploy the SecondWarehouse project
7. Run the JSFwebApps project
85
BPEL
1. Developers need to have good understanding of developing SOA and the
concept of service composition and BPEL orchestration.
2. It is easy to manage web services in BPEL process, a developer does not need
to write the code for invoking and some interactions between services.
3. it takes a lot of time to understand a new language (BPEL)
12.1 Problems
I have spent a large amount of time to investigate and evaluate SOA developer’s
tools based on top-down approach (BPEL) from Oracle and Sun Microsystems to
determine which tools would be the best and fit supply chain management’s
requirements.
I have found these tools lacking in several areas:
Tools offer a confusing mix of features, and functions and it can be worse when
tool vendors provide a little guidance and technical documents to use their tools in
SOA environments. For instance, SOA development tool from Sun Microsystems
provides very little tutorial how to solve a problem when exception occurs in
BPEL process.
The tools require an extensive skills, backgrounds, and architectural experiences
such as developing SOA application using Oracle tool, a developer needs to have
a good knowledge in Java, XML, XQuery, EJB, BPEL, WSDL and its proprietary
extensions.
It is very time-consuming to learn different tools and understand how to use tools
with different application server and different configurations and deployments.
Since the vendors’ tools are inherently tied to their own application servers, and
they don’t work well with each other. For instance, WSDL generated from Sun
(NetBean IDE) might not be able to use in Oracle tool( Jdeveloper). Oracle adds
proprietary elements to their WSDL.
86
12.2 Solutions
Change the approach to develop a SOA application without using BPEL process
in order to improve productivity and performance due to time limitation.
This project has achieved its aim as set out at the beginning. It shows how to implement a
simple SOA-based application. However, some requirements such as security
mechanisms (SSL, https, and mutual authentication) had been implemented but they were
not successful due to time restrictions and the problems rose from my own machine. I
hope that these security requirements will be implemented in next improvement.
According to the project plan, I spent a large amount of time to investigate and learn how
to develop SOA application using top-down design approach, BPEL language was used
in the business logic part of the system. However, it still has some weaknesses as BPEL
is still evolving and SOA developer’s tools are not mature enough for solving some
integration problems between user interface and business logic part. These might have
increased the time of implementation. I decided to change the approach from top-down
design approach (BPEL) to buttom-up design approach for the SOA-based application.
Value List Handler design pattern have been used in this project. It helps to increase the
system performance, reusability, maintainability, and scalability. The user interface is
designed for easy access. A customer does not need to look through every product.
Although this design provides a lot of benefits, the back-end system was implemented
using Web services technology. This rose the number of interactions between client and
the service. I tried to avoid having too many interactions as much as it was possible.
In addition, JSF is used for user interface development. The reason of using JSF is it
simplifies development by offering a component-centric approach to developing web user
interfaces. JSF also ensures that applications are well designed by integrating the Model-
View-Controller (MVC) design pattern.
Since this application is based on SOA, this application is loosely coupled, reusable, and
interoperable. It is easy for a developer to extend and add more functions or services
regardless of how web service is implemented and accessed. Nonetheless, this application
is not a complete supply chain management application due to time limitation. It does not
have some services such as manufacturers or suppliers service.
88
There were a lot of re-design and change of implementation due to the approach. (Top-
down design approach and buttom-up design approach). The important factor of
developing SOA application is a developer needs to know that which approach is most
suitable for application’s requirements and knows strengths and weaknesses of each
approach.
Only functional Tests and integration tests have been performed in this project due to
time limitation.
Through my real SOA experience, it might not always true that SOA’s provides cost and
time benefits. Every though SOA has many benefits, another import factor that needs to
be considered is skills and architectural experiences of SOA developers. SOA
development requires extensive skills of developers, the developer should have a good
knowledge in Java, XML, XQuery, EJB, BPEL. WSDL and its proprietary extensions for
top-down design approach
89
Bibliography
[1] David Geary and Cay Horstmann, (2007), Core Java Server Faces second
edition, Indiana, prentice hall
[2] Monson-Haefel R. and Bill Burke (2006), Enterprise JavaBeans 3.0, Fifth
Edition, O’Reilly Media, Inc., CA
[3] Mark D. Hansen (2007), SOA Using Java Web Services, Pearson Education,
USA
[4] Scott Anderson (2003), “Supply Chain Management Use Case Model “
[6] Mcgovern J and Tyagi s, et al. (2003), Java Web Services Architecture, San
Francisco, CA: Morgan Kaufmann, 2003
[7] Signgh I and Brydon S, et al., Designing Web Services with the J2EE 1.4
Platform, California, 2004
[18] Matjaz B. Juric (2006), Business Process Execution Language for Web Services
, Second edition, Packt Publishing Ltd, UK
[27] E-supply Chain Orchestration using web service technologies A case using
BPEL4WS
[28] Supply Chain Management Use Case Model
http://www.ws-i.org/SampleApplications/SupplyChainManagement/2002-
11/SCMUseCases-0.18-WGD.pdf
92