What is an ESB?

ESB products are touted by vendors as key infrastructure component of an SOA. ESB product selection is a great challenge because ESB as a product category is still very new. Unlike in JEE application server space, there are no standards that define ESB capabilities. So vendors are free to use ESB moniker for, essentially, any integration middleware that has some Web services support.

I’ve looked at several ESB products trying to understand exactly what these products are about and what the key features that characterize an ESB are. Here is the list of these features:

  • Data transformation. Supports bi-directional transformation for XML and non-XML formats, such as CSV, EDI, COBOL copybooks. XML-to-XML transformation is done with the help of XSLT or XQuery; non-XML transformation is implemented using various proprietary mechanisms. Multiple transformations can be “chained” together to implement a complex transformation logic.
  • Message routing and service orchestration flows. This facility allows ESB to create a flow that supports transformations, branching (“if” logic), and services invocation. Some vendors use BPEL for routing and orchestration (CapeClear, IBM ProcessServer), some use proprietary mechanisms (BEA, IBM Message Broker) and some use both (Fiorano).
  • Support for multiple protocols. Almost all vendors support HTTP, JMS, FTP and email.
  • GUI tools (typically, Eclipse-based) for developing data transformation and service orchestration flows. All vendors promote ESBs as a way to improve “agility ” of IT, in other words, allowing IT respond to business requirements quicker. Easy-to-use tools are the key piece of this vision; in theory they should allow for designing flows and transformations in a visual manner with minimal or no programming (I have to admit that I’m somewhat skeptical of this view).

This pretty much describes “core” ESB capabilities. Of course, many (if not all) ESB products go above and beyond this basic feature set and implement many other features, such as service management, security, additional WS-* specs (such as WS-ReliableMessaging), services registry, connectors to enterprise applications (SAP, etc.) and others. But I would argue that all these extra amenities are not really what ESBs are about. They can be supported either with other product categories (such as SOA management tools) or by application servers, especially since many ESB products run on top of existing application servers (e.g., BEA, CapeClear).

So when selecting an ESB for your project, focus on the core capabilities and move non-core stuff down the list. By the way, ESB roundup conducted by Network computing magazine provide a good starting point for ESB selection (although their review is a bit too superficial in my opinion).

REST Support in JAX-WS

I was intrigued by the REST support in JAX-WS. REST style could be very useful in certain situations, not to mention the fact that there are already many REST-style services out there.

While I don’t want to get into SOAP vs. REST debate here I still want to quickly mention one very important REST advantage, which is security.

Since each service call operation in REST is an HTTP GET URL, it makes it easy to use traditional Web authorization schemes, including Apache mod_authnz or J2EE declarative security defined in web.xml. Contrast that with SOAP, which requires looking inside the message to figure out what security policy should be applied. Another side of it is auditing and monitoring. With REST I can easily see all the details of the requests to my web service operations just by looking at the Web server’s access log and/or using one of the numerous log analysis tools. SOAP does not give me this information automatically; different application servers and ESB products may provide these capabilities, but there is no guarantee (since it is not part of any specification).

In any event, REST has its place and so it’s nice to see that JAX-WS authors recognized it.

Unfortunately, upon closer examination, it turned out that REST support in JAX-WS is pretty shallow. REST is really a second class citizen compared to SOAP. Here’s why I came to this conclusion:

  • Automatic WSDL generation (when using annotations in service implementation class) is not supported. I was expecting to see the support of HTTP GET binding defined in WSDL 1.1, but it is not there. In general, the spec does not mandate any WSDL to Java or Java to WSDL binding support for REST.
  • Object serialization/deserialization is not supported either. This is not unexpected since mapping of a complex object graph to name/value pair GET string may be non-trivial. But I don’t see a problem of doing it for simple flat objects that don’t have nesting.
  • Consequently, in order to use REST, one has to rely on dispatcher API on the client and so the query string has to be created manually. Same is happening on the server where developers have to use WebServiceContext and parse the query string manually.
In short, using REST requires some low-level programming; its support is clearly limited compared to SOAP.

What I would like to see is the ability to implement a RESTful service by simply adding @BindingType(value=HTTPBinding.HTTP_BINDING) annotation without having to make any other changes relative to a regular SOAP service (or client). Clearly, we’re not there yet.

Tags: , ,

JAX-WS and Annotations: Looking Good

Lately I’ve been playing with JAX-WS reference implementation (version EA3). JAX-WS is the next version of JAX-RPC (i.e., JAX-WS is renamed JAX-RPC 2.0) and it comes with many interesting features, including annotations, HTTP binding, MTOM, asynchronous client operation, direct access to XML stream (finally!) and others.

In this entry I will focus on annotations. Annotations allow developers to configure binding, handler chains, set names of portType, service and other WSDL parameters. This makes it possible to use “Java to WSDL” approach as the primary way for developing Web services (for the server side). Previously with JAX-RPC I was leery of this approach since it was not possible to “fine tune” generated WSDL file.

Annotations greatly simplify Web services development process. For the server side, JAX-WS only generates a wrapper class for the parameters of the service operation. If “bare” (“unwrapped”) mode is used, then no code is generated and so this step can be skipped completely (in other words, all annotations will be handled at run time). This makes it easy to do all development from IDE, for example in my case I deploy to Tomcat and I use Eclipse with Sysdeo plugin, and so I was able to change the code in my Web service class without having to restart the server.

Changing annotations themselves does require bouncing the server, but still there is no code generation involved and so there is no build file to run.

Note that code generation is still required for the client side unless dynamic API is used.

Finally, here is an example of a simple Web service that takes Person object and returns concatenated full name.


import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;

@WebService(
    // Name maps to PortType in WSDL. Default is the name 
    // of the class which is not very intuitive
    name = "PersonService",
    // by default, the namespace is derived from the Java package 
    // name which is not always desirable
    targetNamespace = "http://myarch.com/personservice",
    /* I use the "Endpoint" suffix as it is better convey the 
     * meaning of this parameter in WSDL and also since this 
     * will be the name of the "factory" class generated for the 
     * client side. The default is the name of the class + "Service"
     */
    serviceName="PersonServiceEndpoint"
)

/*        
 * Note that document/literal/wrapped is the default, but using  
 * "bare" as opposed to "wrapped" allows to avoid code generation.          
 */
@SOAPBinding(
    parameterStyle=SOAPBinding.ParameterStyle.BARE)
        
public class PersonServiceImpl {
    
    public java.lang.String produceFullName( Person person) {

        return person.getFirstName()+" "+person.getLastName();
    }
}

Tags: , ,

Client Library as WSDL Alternative

I think that it‘s time for us to start learning from the successes of public Web services, such as Google maps, Ebay and Amazon. Let‘s face it, today enterprise SOA implementations are still in infancy. Most organizations are just testing waters, developing prototypes and implementing pilot projects.

At the same time, Google maps, Ebay and Amazon Web services have been tremendously successful. I know that Google maps example has already been overused by the “Web 2.0” hype, but it is indeed pretty amazing. I subscribe to Google maps mania blog and there are several new “mashup” applications being announced every day. So how do these service providers manage to keep their diverse array of clients happy?

I think that the most important distinction of a successful Web service provider is that it goes above and beyond just publishing WSDL and schema files. These service providers take time to develop detailed samples, documentation and clients libraries. For example, Ebay provides client libraries for Windows, Java, Perl and so on. Google maps is obviously JavaScript. Google search is exposed using WSLD/SOAP but there are also client libraries for Java and .NET that hide complexities of WSDL. Amazon provides entire Associate Engine application written in Perl to interface with its Web services.

This goes against the common view that WSDL /Schema of a service provides complete service definition. This view also suggests that all that a service provider needs to do is to announce its WSDL to the world (or to a community of customers/partners) and the world will immediately adopt the service. This approach shifts the responsibility of implementing the code to access a service (client library or SDK ) to the clients. And for a complex WSDL (or multiple WSDLs), this may mean a lot of effort (especially if we take testing into account). We all know how tricky it is to develop an elegant API . Code generators typically don‘t do a very good job, or they are too inflexible. Just look at code generators supplied with today‘s JAX -RPC implementations that all insist on generating Java objects from schema. Besides, letting the clients develop the code does not allow service provider to implement validations on the client side, as I pointed out in my previous entry.

I think that successful SOA implementations will rely on the clients libraries developed by service providers. These libraries will utilize features of the target language and incorporate some client-side logic. They will also ensure interoperability. These libraries could also take into account capabilities of the client‘s underlying application server or platform. For example, a client library can utilize WS-ReliableMessaging if the client’s application server supports it.

As a result, the role of WSDL will diminish greatly. WSDL has many problems, including its hard-to-comprehend name-based links, verbosity and incompleteness (for example, it does not explain if any of WS-* specs, such as WS-Security, must be used in order to be able to access a service). Client libraries can fix these problems and shield users of a service from having to deal with low-level details of WSDL and WS-* specs.

Tags: ,

Design by Contract for Web Services

Contracts are important for Web services. Design by contract (DBC) is nothing new, but, unfortunately, formal precondition and postcondition specifications have never become mainstream, at least not in the way they were presented by Bertrand Mayer in Object Oriented Software Construction.

However, with the advent of Web services, I think it‘s time to re-introduce DBC to the mainstream. Here‘s why:

  • From a client‘s prospective, testing and debugging a Web services call is much costlier than a local method call. For example, service providers may restrict the number of calls per day in test environment, so trial and error may not be an option. So it is important for a client to be able to understand exactly what is required from the clients (precondition) and what is returned by the service (postcondition).
  • Web services can be exposed to a very wide range of clients that use different technologies. So it is important for service providers to be able to unambiguously define the contract with the clients to simplify error and exception processing by potentially separating (externalizing) validation logic from the service‘s business logic.

Preconditions and postconditions for Web services must support the following capabilities:

  • Validation of input and output parameters. This is partly addressed by the Schema, but that are many types of validations that can‘t be expressed using Schema, such as cross-field or cross-parameter validations (e.g., “endDate > beginDate“). Postconditions should also be able to validate the outputs relative to the inputs, e.g., “resultFlightDate>=requestedDate“.
  • Preconditions and postconditions should be able to validate the state of the service. Classical Meyer‘s example is a stack class with “remove“ operation where the precondition states the stack must not be empty. In Web services world, oftentimes there is a need to specify dependencies (so they would be clear to the clients) between calls to different operations, e.g., operation “b“ can only be called after operation “a“ was called. BPEL can do some of it but only on a very limited scale. And BPEL is not really a validation tool.
  • Precondition and postcondition checks can run on the server or on the client. In test environment it might be beneficial to run them on the client for faster development.

So what is the solution? I‘m hoping that at some point DBC will find its way into one of the numerous WS specifications. For example, there are some “traces” of DBC in the newly announced WS-Semantics. Although at this point WS-* specifications proliferate at such speed that I doubt that anyone can keep up with them (except, of course, vendors and standard organizations who keep churning them out) so it may do more harm than good.

So the easiest solution for the time being could be for service providers to actually develop client libraries that implement preconditions (and may be even postconditions). This will allow the clients to deal with APIs (and perhaps the source code) expressed in the language that they understand instead of having to deal with bare-bone WSDL which has to be translated into the target language anyway. These libraries can even include “stubbed” versions of the services that can run entirely on the client for testing purposes. Yes, it‘s more work for service providers, but, realistically, how many different languages/platforms are we talking here? In enterprise it probably boils down to various flavors of J2EE and .NET. There are also Python, PHP , Ruby and JavaScript for AJAX clients. For a commercial service provider, the cost of developing these fairly simple client libraries will be returned many times over by the added convenience for the clients. For an example, just look at pygoogle and other Python wrappers for popular Web services. Granted, this approach does not fully address my second requirement for state validation (although it can be done using a smart client library), but I think it‘s a good start nevertheless.

Tags: , ,

BPEL, SCA and Refactoring

With the advent of SOA and SOA -related technologies and standards, such as WSDL , BPEL, and, more recently, SCA and SDO, more and more application metadata (and just plain data) is externalized into XML . XML is used for:

  • Flow definitions (BPEL).
  • Interface definitions (WSDL).
  • Component and assembly definitions (SCA).
  • Data (SDO).

Business logic, however, largely remains written in Java. For many people, key strength of Java and Java IDEs has been very strong support for refactoring (other languages support refactoring as well, but in this blog I focus mostly on Java). In fact, in my view, refactoring made agile development possible; it finally combined design and coding activities into one continuous process.

Unfortunately, with more and more information going into XML files, benefits of pure Java refactoring are diminishing.

For example, with SOA technologies, an interface name could be used in several different places:

  • WSDL file (probably in multiple places if we want to use naming conventions, e.g., in “portType“ and “service“ elements).
  • BPEL (multiple places, e.g., in “import“ and “portType“).
  • SCA component definition file.

So what happens if I want to change the name of an interface or rename an operation? Personally I am not aware of XML refactoring support in BPEL products (obviously, I have not tested all of them, so I might be wrong here) and I don‘t expect the situation to improve when SCA /SDO are added to the mix. For example, is SDO property renaming going to be supported? How will it work if I use XPath expressions against XML -backed SDO in BPEL ?

Now, dynamic APIs are nothing new, we‘ve been dealing with XML for quite some time now. However, the approach in Java has always been to map XML to statically defined classes and so the ripple effect from, for instance, renaming was somewhat contained (I know that I‘m simplifying here). With BPEL and SCA , the problem becomes more widespread.

Also, tools for working with these technologies are supposed to rely mostly on visual modeling and so their users are not necessarily J2EE developers. In fact, the idea of BPEL is to be able to change business process-related logic quickly and easily. The idea of SCA (among other things) is to be able to easily wire and assemble components together. I think that without refactoring, the ability to accomplish these goals could be impaired.

I just hope that tool vendors realize this risk; otherwise we‘re in for another round of “XML hell”.

To SOAP or Not To SOAP : That is The Question

SOAP gets mentioned every time people talk about Web services. SOAP is almost always considered an integral part of any “serious” Web services implementation, especially if there is also a desire to use WSDL.

But it does not have to be. WSDL 1.1 has HTTP binding support and this support will be beefed up in WSDL 2.0. Granted, the support for WSLD HTTP binding is not very good right now, for example JAX-RPC does not mandate it at all (SOAP binging and SOAP with Attachment are the only two requirements). Assuming the support for HTTP binding will improve or if using WSDL is not even a requirement (after all, a service can be described using “plain English”, as long as developers can understand this description), how should one decide whether to use SOAP?

To me, it all comes down to metadata. The main purpose of SOAP (in case of document-style services) is to provide a place where to put message metadata. This place is SOAP header. WS-Security digital signature, WS-Addressing headers or application-specific metadata all belong there. Today, many (if not most) Web services implementations don’t use SOAP headers and so for these implementations SOAP is just overhead and added complexity (just try get direct access to the InputStream of the message payload in any JAX-RPC-compliant implementaiton). Without anything in the header, SOAP does not have any advantage over good old XML over HTTP “post” (assuming that there is a schema for this XML).

One can argue that SOAP engines also provide XML mapping to the host language primitives, i.e., mapping to/from objects. I personally think that XML mapping capabilities must be de-coupled from SOAP processing. A good XML mapping framework should work with any XML source (in fact, this is exactly where JAX-WS, which is the next version of JAX-RPC is going). A developer must have a choice of receiving “raw” XML from SOAP engine or converting this XML into objects using a framework of his/her choice (e.g., what if I want to use Castor instead of JAXB), I really don’t understand why SOAP engine should make this choice for me.

Just to confirm my point that SOAP is not a requirement for a successful Web service implementation, here is the list of Internet heavyweights and their use of SOAP versus XML. Note that none of them (as far as I know) use WSDL HTTP binding, WSDL is only used when SOAP is used.

 SOAPXML
EbayXX
Yahoo(maps, search, Flickr, Upcoming, etc.) X
Google maps X (JavaScript)
Google searchX 
Blogger X
PayPalX 
del.icio.us X
MSN SearchX 

Of course, SOAP has some other benefits, such as solid tool support. SOAP also provides SOAP encoding (for RPC-style services), although the document style is quickly taking over. But is SOAP absolutely required to implement a “proper” Web service? I don’t think so.

Implementing Document-style Web Service with Sun’s JWSDP

I‘m currently using JWSPD to develop some prototypes and I thought it might be useful to document a few things that are not immediately clear from the documentation (at least, they were not to me).

Why use Sun’s JWSDP (JAX-RPC Standard Implementation)?

  • From my experience, it has better WSDL and document-style web services support than Axis. For example, you can read this article or my blog entry about the problems that Axis has with document/literal services (alhough these problems might be fixed in Axis2).
  • It‘s a reference implementation which should have better JAX -RPC compliance.

On the downside, JWSDP is more difficult to use than Axis, you have to use “wscomplile“ and “wsdeploy“ tools and it takes some time to set it up.

First of all, you probably want to run JWSDP under the latest version of the Jakarta/ Tomcat. JWSDP documentation says that it requires modified Tomcat 5.0 which you can download from Sun‘s website (or Sun‘s application server), but you don‘t need it. From my experience, it works with jakarta-tomcat-5.5.9 just fine. You just need to pull all JWSDP jars under “WEB-INF/lib”. Here is the list (I may have some extras there, I did not try to figure out which ones are not needed):

FastInfoset.jar
activation.jar
commons-beanutils.jar
commons-collections.jar
commons-digester.jar
commons-logging.jar
dom.jar
jaas.jar
jax-qname.jar
jaxb-api.jar
jaxb-impl.jar
jaxb-libs.jar
jaxb-xjc.jar
jaxp-api.jar
jaxrpc-api.jar
jaxrpc-impl.jar
jaxrpc-spi.jar
jsr173_api.jar
mail.jar
namespace.jar
saaj-api.jar
saaj-impl.jar
sjsxp.jar
xmlsec.jar
xsdlib.jar

You need to read this article first to understand the difference between wrapped and unwrapped mode.

I‘m assuming that you‘ll be generating Java classes from WSDL , not the other way around.

  • If you‘re implementing document/literal service with wrapper (JAX-RPC style):
    This is the default in JWSDP . From my experience, JWSDP uses this style even if operation name does not match the outer element name in the schema as prescribed by JAX -RPC.
  • If you‘re implementing document/literal non-wrapper (WS-I style):
    You need to use “-f:wsi“ to switch to this mode. Note that in this case you must use model file (“-model“). Model file is used to pass the information to “wsdeploy“ utility. “wsdeploy“ calls “wscompile“ under the covers, but you can‘t directly set “wscompile“ options on “wsdeploy“ command line. Model file is what‘s used to pass these options to “wsdeploy“. Also, don‘t forget to use “-f:wsi“ for the client‘s stub generation (“-gen:client”) option.

Finally, a sample build file is available here.

Tags: , , ,

What’s Missing from XML Schema

Over the last several weeks I‘ve been working on developing XML schemas for a client to support information exchanges between several different organizations, so it was important to make the schemas very explicit and “tight“ so that each party can validate XML before or after sending it. The XML documents could be used in conjunction with Web services or as part of “old-fashion“ file based exchange. In short, this was pretty typical system integration task.

The client had already decided to standardize on XML Schema, so using Relax NG or Schematron was not an option.

XML Schema provides a lot of different capabilities but based on my experience I think that it could benefit from some improvements. Here are my random thoughts on this. Now, I don‘t claim to be the ultimate XML Schema expert, so take it for what it‘s worth.

  • Schema‘s verbosity and unwieldy syntax makes it a poor candidate for communicating and publishing XML structure and rules to the wide audience of technical people from different organizations that may or may not know XML Schema. For example, “minOccur=0“ means “optional field” which is probably not very intuitive to anyone unfamiliar with the Schema specification. Even after formatting the schema for publishing (e.g., by using xsddoc) schemas are still hard to understand. Of course, one can use the annotations and try to explain each type in plain English, but then the documentation always tends to get out of synch.
    The obvious counter-argument here is that XML Schema is designed to be the data modeling/validation tool and as such it is not suitable for capturing business requirements but I just think that it would be nice if it could really be used for both, essentially becoming the “system of records“ for integrating different systems and organization.
  • Error messages thrown by XML parsers are far from being the most intuitive (this obviously depends on the parser and I have not done any comparative analysis). For example, missing required element results in “Element ‘element name‘ is not valid for content model“ where ‘element name‘ is the name of the element following the missing required missing element. Why can‘t the parser simply say “Required element is missing“? Again, this problem is exacerbated when you‘re dealing with people with only cursory XML Schema knowledge. I‘m not aware of a standard way to customize error messages, so in my case developers will have to do error translation in the code.
  • XML Schema users are forced to use regular expressions for defining any more or less complex template for simple types (phone number, SSN , etc). This poses a problem in an environment where you can‘t expect all users to be familiar with regexp syntax. When you get a message “Value does not match regular expression facet ‘\+?[0–9\-\(\)\s]{1,25}“, it could very easily befuddle an uninitiated. I wish there was a simplified templating mechanism, may be something similar to java.text.MessageFormat “##.##“.
  • Reuse capabilities in XML Schema are not perfect. “extend“ only allows to append an element to the end of the sequence. “Restrict“ requires repeating the content model of the parent type. This creates very brittle schemas and violates DRY principle. There is no way to parameterize an XML type. Let‘s say there is “name“ type with “first“ and “last“ elements. When a new person is added, I want “last“ element to be mandatory. In “update“ situation all fields could be optional. I wish I could make “minOccur“ a parameter here.
  • XML Schema may seem very OO-like at the first glance, but in fact it is missing some important OO-like capabilities. For instance, there is no element-level polymorphism. In the example above, I wanted to change the “behavior“ of “last” (some aspect of this type definition) in a subtype and I can‘t do that. Inheritance by restriction for complex types (I don‘t have a problem with using it for simple types) is IMO counter-intuitive. So now I can have a child which does not have all properties of its parent, and so there is no way to enforce optional elements for all children.
  • Element and type scoping could‘ve been more flexible. All declarations are either parent element-scoped (local) or global. This does not allow me to define a reusable type or a group scoped to certain parent element or to a file (any more or less complex schema would have to broken down into multiple files for manageability sake). So say I have a name type for person‘s name (first, middle, last) and business‘ name type with a different structure. If I want use to person‘s name type for different elements within Person type, I will have to define as global and name it PersonNameType, essentially embedding parent‘s name into the child‘s name. I wish I could simply define NameType and specify what parent type or element it is scoped to.
  • XML Schema is a declarative language and so it lacks programming constructs, which is fine. But there is still a need for Schematron-like facility or the scripting language for expressing complex rules (such as cross-field validation). Schematron works fine when embedded inside annotations, but it requires a separate validation step and Schematron XSLT . So it would be great if this capability was supported by the Schema standard and natively understood by XML parsers. This would make schemas truly self-contained.

So my wish list is actually quite simple:

  • Make XML schemas easier to understand for non-technical users or people without schema knowledge perhaps via some intelligent translation mechanism.
  • Make the Schema more powerful by allowing programming constructs, variables and more flexible scoping.

Tags: ,

BPEL as a Modeling Tool

BPEL can be used to implement workflow and business processes. In theory, BPEL is not tied up with Web services or SOA since all J2EE BPEL vendors support callouts to EJB , JMS or even POJOs in their BPEL implementations (BPELWS, BPELJ ). BPEL has some interesting capabilities, such as the support for asynchronous and long-running processes, transaction compensation, and integration with UI for human activities. But the main point of BPEL is really its visual nature, the fact that the BPEL flow can be modeled in a visual designer tool. If not for that, it would’ve been more efficient to provide the aforementioned capabilities in the form of yet another Java API . The fact that BPEL is “visual” should make it easier to gather requirements and communicate changes to business stakeholders. Some vendors even go as far as proclaiming that now a business analyst can change and optimize a business process without requiring the involvement of a software developer.

However, for any real-life system some logic would still remain in the Java code. At the very least, the Java code would have some kind of persistence support for data transferred by the BPEL flow. More likely, complex business rules, the ones that would be too unwieldy to implement in BPEL will also be coded in Java. Also, since BPEL does not have the reuse capabilities of an OO language, anything reusable will probably be coded in Java (although, a piece of reusable logic could also be implemented as a reusable BPEL subprocess).

So on one hand, BPEL should be pretty high level and the business process‘ activities (and, therefore services APIs) should be coarse-grained. But this will externalize only the most rudimentary logic of the system. Granted, this high level flow could still be useful if the goal is to integrate different (probably heterogeneous) systems, but if we want to use BPEL for its process modeling capabilities, this may prove insufficient. Devil is always in details and so most likely in real life business process changes or optimization will require changes to these complex business rules implemented in Java. In other words, no matter how we try, business people still need to work together with the developers, make sure that the use case are right, changes are thoroughly tested and so on.

On the other hand, implementing very complex detailed business processes in BPEL is probably difficult at best. Visual modeling approach has its natural limits and so at some point it will become much easier to fire up a Java IDE . I guess it is also possible to hand-edit BPEL XML code, although this probably won‘t be pretty either, using XML as a procedural programming language has its limits too.

So what is the right usage of BPEL ? Is just a Web services orchestration language or a general purpose business modeling environment?

How Loosely Coupled is Your SOA?

SOA is the all about loosely coupled services, right? The Web service behind WSDL is an opaque black box, i.e., it might be implemented by an EJB today and by some COTS package tomorrow. XML must to be used for passing data between layers; we can‘t assume that service provider and service consumer understand the same binary protocol.

What does it mean to a typical J2EE application? For the sake of the discussion, let‘s assume that our application has rich domain object model (say, POJOs with Hibernate persistence), EJB session fasade classes and Struts/JSP on the front-end. Domain classes are directly used in the UI tier; there are no DTOs.

Now, some business functions of our application turned out to be pretty useful so we now want to build Web services to allow the entire organization (or may be even business partners) to benefit from these functions.

“Pure“ SOA would require us to change the UI so that it would rely on Web services API and XML instead of POJOs to communicate with the back-end. Potentially, we‘d also have some kind of ESB /messaging solution in the middle. With that, the service becomes fully de-coupled from the UI and we‘re well on our way to SOA nirvana. Now the implementation of the Web service can be changed without affecting anything on the client‘s side.

But if you look at this approach closely, it immediately raises some nagging questions:

  • Both UI and back-end still depend on the same object model. So whenever object model classes change, we want to re-deploy both the service and the UI component.
  • If data model changes, object model, UI and may be APIs will be affected anyway.
  • We loose the ability to call the service from other EJBs (still co-deployed with the UI) as part of the same transaction unless some kind of proprietary SOAP binding is implemented (and then we need two different WSDL files, one for external consumers, one for internal).
  • There are also some “minor“ issues, like concurrency. Let‘s say each updatable POJO has a version number and the UI keeps the object in session for each form. This is not exactly the best model for Web services that are supposed to be stateless; perhaps we should not assume that all service consumers will be able to comply with that.

The list can go on, but I‘ll stop here. Doesn‘t look like we‘ve accomplished much by “SOA-izing” our application, does it? Perhaps, what we should‘ve done is to leave the application alone and build the service just for the external consumers. Oh, and it would be nice to know what their requirements are before we do that, may be we should not assume that one size will fit all of them.

Are Web Services Suitable for SOA?

SOA may mean different things to different people (to me, SOA is just an architectural style), but one thing is certain – SOA is being touted as the next generation enterprise integration technology and architecture. And yes, SOA is not all about Web services; however, Web services (SOAP and WSDL specifically) are immediately brought into conversation when SOA is mentioned.

But do Web services today provide necessary enterprise-level capabilities?

Take transaction support. Ideally, we should be able to wrap any access to a remote resource in a transaction since remote resources are prone to failing. In J2EE , this is certainly supported for JMS , JDBC and RMI . Yes, two-phase commit comes at a price, but it‘s nice to have it available when it‘s needed. Now, SOA is all about remote calls (synchronous or asynchronous, does not matter). So where is the transaction support? Well, there is WS-AtomicTransaction specification that in theory should provide it. But where are the products that support it today? Also, this specification is not currently part of any WS-I profile, so interoperability is a big question.

WS-ReliableMessaging is in the similar situation, and so the rule of thumb today is that Web services should conform to WS-I basic profile, which does not include any of the advanced specifications.

In theory, one could use SOAP over JMS supported by many J2EE vendors today which immediately makes SOA implementation more robust. But this approach is hardly interoperable with non-Java technologies and what is it really buying for J2EE applications? JMS is already an abstraction of the messaging middleware, so why do we need another abstraction on the top of it?

I concede that describing JMS destinations using WSDL might be useful for some environments, but in many cases it is simply overkill (if you must use BPEL , use the BPELJ variant which directly supports JMS ).

Using JAX-RPC or WSIF to communicate with JMS does not sound like a good idea either. These APIs are not JMS -aware, so, for example, how do I get/set messageID or correlationID?

I do realize that developing true enterprise-level integration technologies takes time, and so perhaps in a couple years most Web services products will provide WS-Transaction and WS-ReliableMessaging support out of the box. But are Web services really ready to take on the enterprise today?

Hurdles with Document-Style Web Service

Lat week I spent some time prototyping a simple document-style web service. Basically, I wanted to figure out how to pass an XML document with several nested repeating groups to a web service. Apache Axis was the obvious choice for a SOAP engine-I did not want to install anything heavy.

I totally expected it to be a half an hour deal at most — after all, SOAP is already XML, so wrapping my XML message in SOAP envelope should not be a big deal, right?

In reality though, I immediately ran into issues. My first approach was to try to pass an object graph (a la order with line items). Turned out, Axis does not know how to serialize objects in case of “document literal“ service; serialization only works for “soap encoded“. I can understand that-since this is custom XML, rules for serialization are not defined. Although it could‘ve generated some default names based on reflection (I wish we could use annotations for that, but that would have to wait until JAXB 2.0).

Then I tried passing XML as a string (still with “document literal“ in wsdl). Axis had some problems recognizing the name of the operation (basically, the name of the parameter had to match the name of the operation) and then it escaped the XML string (using entities such as “& lt;“). This was not acceptable-I could not count on all clients uniformly escaping their XML before calling the service

So I ended up using DOM and special “message“ style web service that Axis supports-in this case the signature of the service would be “public Document process( Document message )”. This works fine, although I still had to mess with SOAPElement on the client and I could not pass the XML string directly. I actually ended up writing a simple utility class to convert XML string to SOAPElement. Unfortunately, this approach is not portable-WebSphere, for instance, does not support it. So much for JAX-RPC spec support.
This article explains how it should work by the spec but it is obvious that support for at least this part of the spec varies among different implementations.

Morale of the story? “document literal“ web service style is touted everywhere as the “right” way to implement the service but its support leaves a lot to be desired.