White Papers
Abstract
This article shows you how to create a web service proxy in WebSphere DataPower for a web service registered and governed in WebSphere Service Registry and Repository. It also shows you how to attach a service-level mediation policy to the service in WebSphere Service Registry and Repository and then enforce it in DataPower.
Content
IBM WSRR can also play a role in other stages of the SOA life cycle. It includes a registry that stores information about services, such as their interfaces, operations, and parameters, and a metadata repository that provides a robust, extensible framework to accommodate the diverse nature of service usage. WSRR also provides management and governance capabilities that help you to get the most business value from your SOA. You can also use WSRR to author and store policy documents and policy attachments. You can then create policy documents, attach them to objects stored in WSRR, and have the policies enforced at runtime by a policy enforcement point (PEP), such a WebSphere DataPower. In summary, WSRR is an essential component of a successful SOA. WebSphere DataPower This article focuses on the service-level mediation (SLM) policies, which let the user specify an expression, such as 500 messages per second, and what should happen when the expression is true or false. For example, when the expression is true, you might want to queue any subsequent messages until the expression is no longer true. This new integration between WSRR and DataPower is a powerful tool to enforce service-level agreements (SLAs) and service-level definitions (SLDs). An SLD is a service provider's statement of what it offers and an SLA is an agreement between a service provider and a service consumer specifying what the consumer is allowed to consume. For example, if a service consumer is allowed to make no more than 400 requests per minute on Tuesdays, with their excess requests rejected, then you can create a policy that says that and attach it to the relevant SLA in WSRR to enforce it. This article provides a set of sample objects and shows you how to import them into WSRR so that they make up all the governed objects in the correct state required for a policy to be attached. Then the article shows you how to create a web service proxy in DataPower that will be subscribed to the WSDL in WSRR and will therefore automatically enforce any policies attached to it. Finally the article shows you how to load an existing policy into WSRR and attach it so that it can be enforced by DataPower. You can download a sample web service at the bottom of this article. It is packaged as an EAR file and must be deployed into a WebSphere Application Server instance of your choice. Then you can access a web-based client for the web service at http://localhost:9080/jkhleClient/sampleEligibility_ServiceProxy/TestClient.jsp, where localhost:9080 is your actual host name and port number. This client lets you set all parameters needed to fully exercise this functionality and is described below. For the sake of simplicity, this article does not show you how to create the required objects in WSRR, but instead provides you with a .zip file to import. For more information on this topic, including how to create the objects yourself, see the GEP Tutorial in the WSRR information center. To import the zip file, navigate to the WSRR Web UI, typically, https://yourserver:9443/ServiceRegistry, and change to the Administrator perspective at the top right. Under Actions, select Import, click Browse, and navigate to where you have saved GeppedObjects.zip. Double-click it and then click OK. After a wait, you will be told that you have successfully imported one object, but you have really imported all the objects created in the GEP tutorial. Whether you imported GeppedObjects.zip or followed the GEP tutorial yourself, you also need to import Policies.zip which contains the three policies used in this article: RouteToRealEndpoint, RejectAll, and Queueing policy. To do this, follow the procedure in the above paragraph for Policies.zip. Earlier you imported three policies into WSRR: RouteToRealEndpoint, RejectAll, and Queueing policy. You will now create some new objects in the registry, govern them, and attach policies to objects new and old. A great feature of DataPower is its ability to enforce SLAs defined in WSRR. When a message comes into DataPower that doesn't have an associated SLA or simply doesn't identify itself, DataPower defers to the Anonymous SLA for that service. In the current example there is no Anonymous SLA as it is not included in the GEP Tutorial. The next step is to create one and attach the RejectAll policy to it to block service invocations from consumers without a valid SLA in place. In order for DataPower to know which SLA to use for an incoming message, messages must contain a The SLD describes how a service should be used. It references, for a web service, the WSDL port and binding. It also has any policies which apply to the service for all consumers. For use with SLA enforcement, it is where the locations of the You now need to edit the SLA that you imported from the .zip file, or created as part of the GEP tutorial, in order to add the Context Identifier and attach the Queueing Policy: An EAR file is supplied with this article with a version of the Eligibility service and a web client for that service. The web client lets you set the Context Identifier, Consumer Identifier, and Endpoint that is called, so that you can direct it to call the Eligibility service through the web service proxy you have created in DataPower and be subject to the policies that you have attached in WSRR. You can now use what you have learned to create your own SLAs and policies for Silver and Bronze. Remember that your SLAs must be Active and your policies Approved for them to be enforced. In this article, you imported sample objects into WSRR and created a web service proxy in DataPower. You then subscribed to the WSDL stored in WSRR, which caused DataPower to automatically enforce the policies attached to the service. Then you loaded policies into WSRR and attached them at various points to be enforced by DataPower. The automatic subscription caused DataPower to enforce them without any further action. This powerful functionality lets you use WSRR to author and attach policies to services directly from the WSRR Business Space UI, giving your business efficient and dynamic control over its services. In addition, the anonymous SLA lets you prevent unauthorized use of services or limit it to a greatly reduced level, so that it cannot impact service consumers with explicit agreements in place.Introduction
Requirements
Importing objects into WSRR
If you're not following the GEP tutorial...
For everyone...
Creating a web service proxy
EligibilityServiceWSP
, and then click Create Web Service Proxy.EligibilityService.wsdl
.WSDL Document
. Enter the Object Name and Namespace based on the WSDL, which for the eligibility service is EligibilityService.wsdl
and http://jkhle.com/Eligibility_Service
respectively.EligibilityServiceFSH
and an unused port number, and then click Apply, which will return you to the previous window: Completing the governance and policy objects in WSRR
Anonymous SLA
Anonymous SLA -- Eligibility Service
in the Name Property field.SLD -- Eligibility service
and select it once it is autosuggested.RejectAll
and select it.SLA Requested
state: Click Action => Request SLA and then click OK.Editing the SLD
Consumer ID
and a Context ID
. The consumer ID
is for a given consumer, such as a company, or perhaps a department for an internal service consumer. The context ID
allows different messages from each consumer to get different levels of service depending on who or what is the consumer. For example, the Account creation service might have two SLAs for the Eligibility Service. One, for the Account Creation Service's premium customers and with a higher price, might guarantee an 0.5-second response time and up to 100 messages per second. A cheaper SLA for normal customers of the Account Creation Service might guarantee only a 5-second response time and up to 500 messages per second.Consumer ID
and Context ID
are specified.
SLD - Eligibility service
) and click the Pencil icon to edit.
Property Value Description Context Identifier Location Information http://www.w3.org/TR/1999/REC-xpath-19991116(/*[local-name()='Envelope']/*[local-name()='Header']/*[local-name()='ContextIdentifier']) This tells DataPower to look in the SOAP Header for a tag called ContextIdentifier
. Consumer Identifier Location Information http://www.w3.org/TR/1999/REC-xpath-19991116(/*[local-name()='Envelope']/*[local-name()='Header']/*[local-name()='ConsumerIdentifier']) This tells DataPower to look in the SOAP Header for a tag called ConsumerIdentifier
.
SLD -- Eligibility service
in the Name box and select it when it is auto-suggested. The dialog should look like the figure below. Editing the SLA
Gold
as the value for the Context Identifier and then scroll down and under Attached Policies, click Add Policy.Queueing Policy
and select it when it is auto-suggested. Click Finish.Verifying your policies
Conclusion
A single Web portal to all WebSphere DataPower documentation, with conceptual, task, and reference information on installing, configuring, and using the various WebSphere Appliances.
This retail book shows you how to use DataPower Appliances from the network, security, and ESB perspectives. The book describes installation, configuration, management, monitoring, configuration, build, deployment, DataPower as a network device, and DataPower services, especially the "big three" of XML firewall, Web service proxy, and multi-protocol gateway.
DataPower SOA appliances are purpose-built, easy-to-deploy network devices that simplify, secure, and accelerate your XML and Web services deployments while extending your SOA infrastructure. This IBM Redbook describes DataPower architecture, use cases, deployment scenarios, and implementation details, as well as best practices for SOA message-oriented architecture in a production ESB environment.
This IBM Redbook includes the following DataPower authentication and authorization topics: basic concepts, creating policies, using Tivoli Access Manager, and using LDAP directories.
This IBM Redbook describes how to use a DataPower appliance to secure incoming web services within an SOA environment, how to integrate your DataPower appliance with WebSphere Message Broker, and how to protect against security attacks by implementing the XML Denial of Service (XDoS) provided by DataPower appliances.
This IBM Redbook describes how to integrate a DataPower appliance with other products such as WebSphere Registry and Repository, IBM Tivoli Composite Application Manager for SOA, and Tivoli Composite Application Manager System Edition.
A single Web portal to all WebSphere Service Registry and Repository documentation, with conceptual, task, and reference information to help you install, configure, and use the product.
Product descriptions, product news, training information, support information, and more.
Hardware and software requirements.
This developerWorks article shows you how to populate WebSphere Service Registry and Repository with existing Web services information.
These short video demos show you how to complete several key service governance tasks using WebSphere Service Registry and Repository.
This wiki provides an alternative portal for quick access to a wide variety of WebSphere Service Registry and Repository resources, and also makes it easy for you to give feedback on the product.
This IBM Redbook discusses the architecture and functions of Service Registry, along with sample integration scenarios that you can use to implement Service Registry in an SOA.
A searchable database of support problems and their solutions, plus downloads, fixes, and problem tracking.
in the WebSphere Service Registry and Repository V8 information center
Technical information and resources for developers who use WebSphere products. developerWorks WebSphere provides product downloads, how-to information, support resources, and a free technical library of more than 2000 technical articles, tutorials, best practices, IBM Redbooks, and online product manuals.
No-charge trial downloads for key WebSphere products.
Over 3000 edited and categorized articles on WebSphere and related technologies by top practitioners and consultants inside and outside IBM. Search for what you need.
The developerWorks newsletter gives you the latest articles and information only on those topics that interest you. In addition to WebSphere, you can select from Java, Linux, Open source, Rational, SOA, Web services, and other topics. Subscribe now and design your custom mailing.
Convenient online ordering through Barnes & Noble.
Conferences, trade shows, Webcasts, and other events around the world of interest to WebSphere developers.
No-charge trial downloads for selected IBM
BPM how-to articles, downloads, tutorials, education, product info, and other resources to help you model, assemble, deploy, and manage business processes.
Join a conversation with developerWorks users and authors, and IBM editors and developers.
Free technical sessions by IBM experts to accelerate your learning curve and help you succeed in your most challenging software projects. Sessions range from one-hour virtual briefings to half-day and full-day live sessions in cities worldwide.
Check out recent Twitter messages and URLs.
A collection of multimedia educational modules that will help you better understand IBM software products and use them more effectively to meet your business requirements.
Was this topic helpful?
Document Information
Modified date:
08 June 2021
UID
ibm11109523