Kuali Rice 2.5.16 Kuali Service Bus

The Kuali Service Bus (KSB) is a lightweight service bus designed to allow developers to quickly develop and deploy services for remote and local consumption. You can deploy services to the bus using Spring or programmatically. Services must be named when they are deployed to the bus. Services are acquired from the bus using their name.

At the heart of the KSB is a service registry. This registry is a listing of all services available for consumption on the bus. The registry provides the bus with the information necessary to achieve load balancing, failover, and more.

Figure 1.1. Kuali Service Bus

You can deploy services to the bus using Spring or programmatically. Services must be named when they are deployed to the bus. Services are acquired from the bus using their name.

Overview of Supported Service Protocols

Figure 1.2. Supported Service Protocols

This drawing is conceptual and not representative of true deployment architecture. Essentially, the KSB is a registry with service-calling behavior on the client end (Java client). All policies and behaviors (async as opposed to sync) are coordinated on the client. The client offers some very attractive messaging features:

• Synchronization of message sending with currently running transaction (meaning all messages sent during a transaction are ONLY sent if the transaction is successfully committed)

• Failover - If a call to a service comes back with a 404 (or various other network-related errors), it will try to call other services of the same name on the bus. This is for both sync and async calls.

• Load balancing - Clients will round-robin call services of the same name on the bus. Proxy instances, however, are bound to single machines if you want to keep a line of communication open to a single machine for long periods of time.

• Topics and Queues

• Persistent messages - When using message persistence a message cannot be lost. It will be persisted until it is sent.

• Message Driven Service Execution - Bind standard JavaBean services to messaging queues for message driven beans.

The message filter and fetch section of the Message Queue screen lets you search for, filter, and/or isolate messages in the Documents in route queue. To use the Message Filter section, enter your criteria and click the Filter button:

Figure 2.2. Message Filter Screen

The Execute Message Fetcher button retrieves all the messages in the route queue. You can adjust the number of messages requested by entering a number in the field left of the button.

When you click the Execute Message Fetcher button, a dialog box appears, confirming that you want to execute this command:

Figure 2.3. Execute Message Filter: Confirmation Screen

KSB displays the results of a search and/or filter at the bottom of the page in the Documents currently in route queue table.

Figure 2.4. Documents In Route Queue

When you click View in the Actions menu, KSB displays information about that message. Most of the initial information is the same as that displayed in the Documents currently in route queue table. Additional information on the View screen:

To lock a document via the default Pessimistic Locking mechanism means that the document is locked by a user prior to any changes the user may perform. The traditional setup of documents in Rice is to lock them using Optimistic Locking where two users may edit a document at the same time. However, the first user to take an action that will save the document will 'win', and the second user will see an error saying that the document was edited by another user. For Pessimistic Locking, the first user who has edit privileges will get a lock on the document, and any subsequent users who should have edit privileges on the document, who try to view the document, will only get read-only access to the document, until the first user's lock is 'released'.

There are two places in Rice where Pessimistic Locks can be used:

The default implementation for locking a document for user entry tells the system to place a lock on a document if a user attempts to view it and that user has one or more 'entry' type edit modes as defined by the document's Document Authorizer class. Once the lock is placed, any other user who should have 'entry' privileges on the document will not be allowed to do so until the lock by the first user is released.

To enable Pessimistic Locking on a document the attribute 'usePessimisticLocking' must be set to 'true' in the transactional document's entry.

Example:

  1 <dictionaryEntry>
  2     <transactionalDocument>
  3         ...
  4         <usePessimisticLocking>true</usePessimisticLocking>
  5         ...
  6     </transactionalDocument>
  7 </dictionaryEntry>

For extremely complex customization that goes beyond what may be described in this document a client developer can look at the javadocs of the org.kuali.core.document.authorization.DocumentAuthorizerBase class paying special attention to the methods below:

The completely override the lock handling the Document Authorizer method establishLocks(Document, Map, UniversalUser) can be overriden.

If the Transactional Document that will be using Pessimistic Locking has a custom Document Authorizer class and uses custom edit modes returned by the getEditMode(Document, UniversalUser) method, the custom authorizer class should also override the method isEntryEditMode(Map.Entry) . If the entry parameter passed in is defined as a valid 'entry' mode then the method should return true.

The default Pessimistic Lock implementation does not use Lock Descriptors so only one person may have a lock on a single document at any one time. If something more custom is required Lock Descriptors can be used. The default implementation of a document that uses Pessimistic Locking and custom Lock Descriptors is that once a single user establishes a lock on a certain document with a certain lock descriptor... no other user can create a lock on that document with that descriptor. If another user needs that lock created they will have read only access on the document until the other user releases their lock.

Example

As an example, think of a document that has both an Delivery section and a Billing section. Perhaps a user 'fred' has access to edit the Delivery section but not the Billing section. Likewise, a user 'francine' has access to edit the Billing section but not the Delivery section. In this case it would be possible for both 'francine' and 'fred' to each have a lock on a single document since the data they have editable is mutually exclusive from the other. In this example 'fred' could have a Pessimistic Lock with a descriptor 'Delivery' while 'francine' could have a Pessimistic Lock with a 'Billing' descriptor.

To use lock descriptors the client application document should implement a custom Document Authorizer class if not done already (see Authorizers - Client Developer Guide (0.9.3) for more information). The authorizer class should override the useCustomLockDescriptors() method to return true. The method getCustomLockDescriptor(Document, Map, UniversalUser) must also be overriden to return the value of the desired lock descriptor. It's up to the client to determine how to set these and what values to use.

The default implementation for locking a document for processing by Workflow tells the system to place a lock on a document once a Workflow action is taken if that Workflow action is not contained in a list (see Default Workflow Actions that Don't Require Locks). The default user that will 'own' the lock will be the Rice System User. Once the lock is placed, any other user who should have 'entry' privileges on the document will not be allowed to do so until the lock is released. Locks for Workflow processing are released once the Workflow process completes successfully.

The following actions in Workflow will not set up a Pessimistic Lock for the coinciding process:

To enable Pessimistic Locking for Workflow operations on a document the attribute useWorkflowPessimisticLocking must be set to 'true' in the transactional document's entry.

Example

  1 <dictionaryEntry>
  2     <transactionalDocument>
  3         ...
  4         <useWorkflowPessimisticLocking>true</useWorkflowPessimisticLocking>
  5         ...
  6     </transactionalDocument>
  7 </dictionaryEntry>

The Pessimistic Locking mechanism for Workflow processes has lock creation and lock releasing points that exist in a document's post processor methods. Specifically the method doActionTaken(ActionTakenEventVO) in the DocumentBase class is used to create locks while the method afterWorkflowEngineProcess(boolean) in the same class is used to release locks. If a document overrides either of these methods or does not use the standard KualiPostProcessor implementation, the client will need to use the DocumentBase methods code in whatever method they implement if they would like Pessimistic Locking for Workflow.

The default owner of a Pessimistic Lock created for a Workflow process is the Rice System User. To change that a client can implement a custom Document Authorizer class and override the method getWorkflowPessimisticLockOwnerUser(). This method is used to get the lock owner for lock creation but also will be used to release the lock at the conclusion of the Workflow process. If a non-static user will be used a client may need to override the method releaseWorkflowPessimisticLocking(Document) to handle special cases.

Acegi handles the security layer for KSB. Acegi uses remote method invocation to hold the application's security context and to propagate this object through to the service layer.

For client applications to consume secured services hosted from a standalone Rice server, the implementer must generate a keystore in KSB. KSB security relies on the creation of a keystore using the JVM keytool.

Figure 7.1. Create Keystore

To create a new Client Keystore file, complete all three fields and click the create button that is just below the fields:

Figure 7.2. Create Keystore: File Section

The Desired Alias (name for the new keystore you are creating) must be unique among your keystores. KSB automatically displays a list of existing Keystore entries for your reference below the Create new Client Keystore file table. The data in this list can be sorted in ascending or descending order by clicking the column heading for any column except Actions.

Figure 7.3. Create Keystore: Existing Keystore Section

There are several security types you can use to propagate the security context object:

The CredentialsSource is an interface that helps obtain security credentials. It encapsulates the actual source of credentials. The two ways to obtain the source are:

  1 <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  2     <!-- Other properties removed -->
  3     <property name="services">
  4         <list>
  5             <bean class="org.kuali.rice.ksb.api.bus.support.SoapServiceDefinition">
  6                 <property name="service">
  7                     <ref bean="soapService" />
  8                 </property>
  9                 <property name="localServiceName" value="soapLocalName"/>
 10                 <property name="serviceNameSpaceURI" value="soapNameSpace"/>
 11                 <property name="serviceInterface" value="org.kuali.ksb.examples.SOAPEchoService"/>
 12                 <property name="priority" value="3"/>
 13                 <property name="retryAttempts" value="1" />
 14                 <property name="busSecurity" value="false"></property>
 15     
 16                 <!-- Valid Values: CAS, KERBEROS -->
 17                 <property name="credentialsType" value="CAS"/>
 18             </bean>
 19             <bean class="org.kuali.rice.ksb.api.bus.support.JavaServiceDefinition">
 20                 <property name="service" ref="echoService"></property>
 21                 <property name="localServiceName" value="javaLocalName" />
 22                 <property name="serviceNameSpaceURI" value="javaNameSpace"/>
 23                 <property name="serviceInterface" value="org.kuali.ksb.examples.EchoService"/>
 24                 <property name="priority" value="5" />
 25                 <property name="retryAttempts" value="1" />
 26                 <property name="busSecurity" value="true" />
 27 
 28                 <!-- Valid Values: CAS, KERBEROS -->
 29                 <property name="credentialsType" value="CAS"/>
 30             </bean>
 31             <!-- Other services removed -->
 32         </list>
 33     </property>
 34 </bean>

  1 <bean id="customCredentialsSourceFactory" class="edu.myinstituition.myapp.security.credentials.CredentialsSourceFactory" />
  2 
  3 <bean id="coreConfigurer" class="org.kuali.rice.core.impl.config.module.CoreConfigurer">
  4     <!-- Other properties removed -->
  5     <property name="credentialsSourceFactory" ref="customCredentialsSourceFactory">
  6 </bean>
  7 

The BasicAuthenticationService allows services published on the KSB to be accessed securely with basic authentication. As an example, here is how the Workflow Document Actions Service could be exposed as a service with basic authentication.

As of the 2.0 version of Rice, the ServiceRegistry is now itself a service. In order to bring the registry online for the client application, the application needs to configure a URL similar to the following:

  1 <param name="rice.ksb.registry.serviceUrl">http://localhost:8080/kr-dev/remoting/serviceRegistrySoap</param>

Currently, this connector is only configured to understand a SOAP interface to the service registry which is secured by digital signatures. This is the only type of interface to the registry that the standalone server currently publishes. Additionally, only a single URL to the registry can be configured at the current time. If someone wants to do load balancing amongst potential registry endpoints, then a hardware or software load balancer could be configured to do this.

The Kuali Service Bus (KSB) is installed as a Kuali Rice (Rice) Module using Spring. Here is an example XML snippet showing how to configure Rice and KSB using Spring:

  1 <beans>
  2   ...
  3   <bean id="coreConfigurer" class="org.kuali.rice.core.impl.config.module.CoreConfigurer">
  4     <property name="dataSource" ref="riceDataSource${connection.pool.impl}" />
  5     <property name="nonTransactionalDataSource" ref="riceNonTransactionalDataSource" />
  6     <property name="transactionManager" ref="transactionManager${connection.pool.impl}" />
  7     <property name="userTransaction" ref="jtaUserTransaction" />
  8   </bean>
  9 
 10   <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer"/>
 11 </beans>

The KSBTestHarnessSpring.xml located in the project folder under /ksb/src/test/resources/ is a good starting place to explore KSB configuration in depth. The first thing the file does is use a PropertyPlaceholderConfigurer to bring tokens into the Spring file for runtime configuration. The source of the tokens is the xml file: ksb-test-config.xml located in the /ksb/src/test/resources/META-INF directory.

  1 <bean id="config" class="org.kuali.rice.core.config.spring.ConfigFactoryBean">
  2     <property name="configLocations">
  3         <list>
  4             <value>classpath:META-INF/ksb-test-config.xml</value>
  5         </list>
  6     </property>
  7 </bean>
  8 
  9 
 10 <bean class="org.springframework.beans.factory.config.MethodInvokingFactoryBean">
 11     <property name="staticMethod" value="org.kuali.rice.core.impl.config.property.ConfigInitializer.initialize"/>
 12     <property name="arguments">
 13         <list>
 14             <ref bean="config"/>
 15         </list>
 16     </property>
 17 </bean>
 18 
 19 
 20 <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
 21     <property name="properties" value="#{config.getProperties()}" />
 22 </bean>

As mentioned above, this allows tokens to be used in the Spring file. If you are not familiar with tokens, they look like this in the Spring file: ${datasource.pool.maxSize}

Let's take a look at the ksb-test-config.xml file:

  1 <config>
  2     <param name="config.location">classpath:META-INF/common-derby-connection-config.xml</param>
  3     <param name="config.location">classpath:META-INF/common-config-test-locations.xml</param>
  4     <param name="client1.location">/data/jenkins/slave/workspace/COR-Rice-Release-Sitedeploy-2.5/app/src/test/clients/TestClient1</param>
  5     <param name="client2.location">/data/jenkins/slave/workspace/COR-Rice-Release-Sitedeploy-2.5/app/src/test/clients/TestClient2</param>
  6     <param name="ksb.client1.port">9913</param>
  7     <param name="ksb.client2.port">9914</param>
  8     <param name="ksb.testharness.port">9915</param>
  9     <param name="threadPool.size">1</param>
 10     <param name="threadPool.fetchFrequency">3000</param>
 11     <param name="bus.refresh.rate">3000</param>
 12     <param name="bam.enabled">true</param>
 13     <param name="transaction.timeout">3600</param>
 14     <param name="keystore.alias">rice<param>
 15     <param name="keystore.password">keystorepass</param>
 16     <param name="keystore.file">/data/jenkins/slave/workspace/COR-Rice-Release-Sitedeploy-2.5/app/src/test/resources/keystore/ricekeystore</param>
 17     <param name="use.clearDatabaseLifecycle">true</param>
 18     <param name="use.sqlDataLoaderLifecycle">true</param>
 19     <!-- bus messaging props -->
 20     <param name="message.delivery">synchronous</param>
 21     <param name="message.persistence">true</param>
 22     <param name="useQuartzDatabase">false</param>
 23     <param name="config.location">${additional.config.locations}</param>
 24     <param name="config.location">${alt.config.location}</param>
 25 </config>

This is an XML file for configuring key value pairs. When used in conjunction with Spring tokenization and the PropertyPlaceHolderConfigurer bean, the parameter name must be equal to the key value in the Spring file so that the properties propagate successfully.

When doing persistent messaging it is best practice to use JTA as your transaction manager. This ensures that the messages you are sending are synchronized with the current executed transaction in your application. It also allows message persistence to be put in a different database than the application's logic if needed. Currently, KSBTestHarnessSpring.xml uses JOTM to configure JTA without an application server. Bitronix is another JTA product that could be used in Rice and you could consider using it instead of JOTM. Below is the bean definition for JOTM that you can find in Spring:

  1 <bean id="jotm" class="org.springframework.transaction.jta.JotmFactoryBean">
  2     <property name="defaultTimeout" value="${transaction.timeout}"/>
  3 
  4 </bean>
  5 <bean id="dataSource" class="org.kuali.rice.database.XAPoolDataSource">
  6     <property name="transactionManager" ref="jotm" />
  7     <property name="driverClassName" value="${datasource.driver.name}" />
  8     <property name="url" value="${datasource.url}" />
  9     <property name="maxSize" value="${datasource.pool.maxSize}" />
 10     <property name="minSize" value="${datasource.pool.minSize}" />
 11     <property name="maxWait" value="${datasource.pool.maxWait}" />
 12     <property name="validationQuery" value="${datasource.pool.validationQuery}" />
 13     <property name="username" value="${datasource.username}" />
 14     <property name="password" value="${datasource.password}" />
 15 
 16 </bean>

Bittronix's configuration is similar. Datasources for both are set up in org.kuali.rice.core.RiceDataSourceSpringBeans.xml. If using JOTM, use the Rice XAPoolDataSource class as your data source because it addresses some bugs in the StandardXAPoolDataSource, which extends from this class.

Next, you must inject the JOTM into the RiceConfigurer:

  1 <bean id="rice" class="org.kuali.rice.core.impl.config.module.CoreConfigurer">
  2     <property name="dataSource" ref="dataSource" />
  3     <property name="transactionManager" ref="jotm" />
  4     <property name="userTransaction" ref="jotm" />  
  5 <...more.../>

Configuring JTA from an appserver is no different, except the TransactionManager and UserTransaction are going to be fetched using a JNDI FactoryBean from Spring.

You can configure KSB by injecting a PlatformTransactionManager into the KSBConfigurer.

This is a good option if you are an OJB shop and you want to continue using your current setup without introducing JTA into your stack. Normally, when a JTA transaction is found, the message is not sent until the transaction commits. In this case, the message is sent immediately.

Let's take a look at the KSBTestHarnessNoJtaSpring.xml file. Instead of JTA, the following transaction and DataSource configuration is declared:

  1 <bean id="ojbConfigurer" class="org.springmodules.orm.ojb.support.LocalOjbConfigurer" />
  2 
  3 
  4 <bean id="transactionManager" class="org.springmodules.orm.ojb.PersistenceBrokerTransactionManager">
  5     <property name="jcdAlias" value="dataSource" />
  6 </bean>
  7 
  8 
  9 <bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
 10     <property name="driverClassName">
 11         <value>${datasource.driver.name}</value>
 12     </property>
 13     <property name="url">
 14         <value>${datasource.url}</value>
 15     </property>
 16     <property name="username">
 17         <value>${datasource.username}</value>
 18     </property>
 19     <property name="password">
 20         <value>${datasource.password}</value>
 21     </property>
 22 </bean>

The RiceNoJtaOJB.properties file needs to include the Rice connection factory property value:

ConnectionFactoryClass=org.kuali.rice.core.framework.persistence.ojb.RiceDataSourceConnectionFactory

Often, the DataSource is pulled from JNDI using a Spring FactoryBean. Next, we inject the DataSource and transactionManager (now a Spring PlatformTransactionManager).

  1 <bean id="rice" class="org.kuali.rice.core.impl.config.module.CoreConfigurer">
  2     <property name="dataSource" ref="dataSource" />
  3     <property name="nonTransactionalDataSource" ref="dataSource" />
  4     ...
  5 </bean
  6 
  7 
  8 <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  9     <property name="platformTransactionManager" ref="transactionManager" />
 10     <... more .../>
 11 </bean>

Notice that the transactionManager is injected into the KSBConfigurer directly. This is because only KSB, and not Rice, supports this type of configuration. The DataSource is injected normally. When doing this, the OJB setup is entirely in the hands of the client application. That doesn't mean anything more than providing an OJB.properties object at the root of the classpath so OJB can load itself. KSB will automatically register its mappings with OJB, so they don't need to be included in the repository.xml file.

To allow external bus clients to invoke services on the bus-connected node, you must configure the KSBDispatcherServlet in the web applications web.xml file. For example:

  1 <servlet>
  2     <servlet-name>remoting</servlet-name>
  3     <servlet-class>org.kuali.rice.ksb.messaging.servlet.KSBDispatcherServlet</servlet-class>
  4     <load-on-startup>1</load-on-startup>
  5 
  6 </servlet>
  7 
  8 <servlet-mapping>
  9     <servlet-name>remoting</servlet-name>
 10     <url-pattern>/remoting/*</url-pattern>
 11 </servlet-mapping>

This allows bus-exposed services to be accessed at a URL like http://yourlocalip:8080/myapp/remoting/[KSB:service name]. Notice how this URL corresponds to the configured serviceServletUrl property on the KSBConfigurer.

The service bus leverages the Rice configuration system for its configuration. Here is a comprehensive set of configuration parameters that you can use to configure the Kuali Service Bus:

In addition to the configuration parameters that you can specify using the Rice configuration system, the KSBConfigurer bean itself has some properties that can be injected in order to configure it:

The application needs to do one more thing to begin publishing services to the bus: Configure the KSBConfigurer object. This can be done using Spring or programmatically. We'll use Spring because it's the easiest way to get things configured:

  1 <bean id="jotm" class="org.springframework.transaction.jta.JotmFactoryBean">
  2     <property name="defaultTimeout" value="${transaction.timeout}"/>
  3 </bean>
  4 
  5 
  6 
  7 <bean id="dataSource" class=" org.kuali.rice.core.database.XAPoolDataSource ">
  8     <property name="transactionManager" ref="jotm"/>
  9     <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
 10     <property name="maxSize" value="25"/>
 11     <property name="minSize" value="2"/>
 12     <property name="maxWait" value="5000"/>
 13     <property name="validationQuery" value="select 1 from dual"/>
 14     <property name="url" value="jdbc:oracle:thin:@LOCALHOST:1521:XE"/>
 15     <property name="username" value="myapp"/>
 16     <property name="password" value="password"/>
 17 </bean>
 18 
 19 
 20 <bean id="nonTransactionalDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
 21         <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
 22         <property name="url" value="jdbc:oracle:thin:@LOCALHOST:1521:XE"/>
 23         <property name="maxActive" value="50"/>
 24         <property name="minIdle" value="7"/>
 25         <property name="initialSize" value="7"/>
 26         <property name="validationQuery" value="select 1 from dual"/>
 27         <property name="username" value="myapp"/>
 28         <property name="password" value="password"/>
 29         <property name="accessToUnderlyingConnectionAllowed" value="true"/>
 30 </bean>
 31 
 32 <bean id="coreConfigurer" class="org.kuali.rice.core.impl.config.module.CoreConfigurer">
 33     <property name="dataSource" ref="datasource" />
 34     <property name="nonTransactionalDataSource" ref="nonTransactionalDataSource" />
 35     <property name="transactionManager" ref="jotm" />
 36     <property name="userTransaction" ref="jotm" />
 37 </bean>
 38 
 39 <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer"/>

The application is now ready to deploy services to the bus. Let's take a quick look at the Spring file above and what's going on there: The following configures JOTM, which is currently required to run KSB.

  1 <bean id="jotm" class="org.springframework.transaction.jta.JotmFactoryBean" />

Next, we configure the XAPoolDataSource and the non transactional BasicDataSource. This is pretty much standard data source configuration stuff. The XAPoolDataSource is configured through Spring and not JNDI so it can take advantage of JTOM. Servlet containers, which don't support JTA, require this configuration step so the datasource will use JTA.

  1 <bean id="dataSource" class=" org.kuali.rice.core.database.XAPoolDataSource ">
  2     <property name="transactionManager" ref="jotm"/>
  3     <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
  4     <property name="url" value="jdbc:oracle:thin:@LOCALHOST:1521:XE"/>
  5     <property name="maxSize" value="25"/>
  6     <property name="minSize" value="2"/>
  7     <property name="maxWait" value="5000"/>
  8     <property name="validationQuery" value="select 1 from dual"/>
  9     <property name="username" value="myapp"/>
 10     <property name="password" value="password"/>
 11 </bean>
 12 
 13 <bean id="nonTransactionalDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
 14     <property name="driverClassName" value="oracle.jdbc.driver.OracleDriver"/>
 15     <property name="url" value="jdbc:oracle:thin:@LOCALHOST:1521:XE"/>
 16     <property name="maxActive" value="50"/>
 17     <property name="minIdle" value="7"/>
 18     <property name="initialSize" value="7"/>
 19     <property name="validationQuery" value="select 1 from dual"/>
 20     <property name="username" value="myapp"/>
 21     <property name="password" value="password"/>
 22     <property name="accessToUnderlyingConnectionAllowed" value="true"/>
 23 </bean>        

Next, we configure the bus:

  1 <bean id="rice" class="org.kuali.rice.core.config.CoreConfigurer">
  2     <property name="dataSource" ref="dataSource" />
  3     <property name="nonTransactionalDataSource" ref="nonTransactionalDataSource" />
  4     <property name="transactionManager" ref="jotm" />
  5     <property name="userTransaction" ref="jotm" />
  6 </bean>
  7 
  8 <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  9     <property name="registryDataSource" ref="dataSource" />
 10     <property name="bamDataSource" ref="dataSource" />
 11     <property name="messageDataSource" ref="dataSource" />
 12     <property name="nonTransactionalMessageDataSource" ref="nonTransactionalDataSource" />
 13 </bean>

We are injecting JOTM, and the datasources. The injection of the KSBConfigurer class into the ksbConfigurer property tells this instance of Rice to start the Service Bus. The final necessary step is making sure the configuration parameter 'application.id' is set properly to some value that will identify all services deployed from this node as a member of this node.

At this point, the application is configured to use the bus, both for publishing services and to send messages to services. Usually, applications will publish services on the bus using the KSBConfigurer or the SoapServiceExporter classes. See Acquiring and invoking services for more detail.

The Kuali Service Bus (KSB) uses Quartz to schedule delayed tasks, including retry attempts for messages that cannot be sent the first time. By default, KSB uses an embedded quartz scheduler that can be configured by passing parameters starting with "ksb.org.quartz." into the Rice configuration.

If the application is already running a quartz scheduler, you can inject a custom quartz scheduler using code like this:

  1 <bean class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  2     ...
  3     <property name="exceptionMessagingScheduler">
  4         <bean class="org.springframework.scheduling.quartz.SchedulerFactoryBean">
  5             ...
  6         </bean>
  7     </property>
  8 </bean>

When you do this, KSB will not create an embedded scheduler but will instead use the one provided.

In the examples below, notice that the client code is unaware of the protocol with which the underlying service is deployed. Given a connector for a given protocol and a compatible service definition, you could move a service to different protocols as access needs change without affecting dependent client code.

The easiest way to call a service is to grab it and invoke it directly. This uses a direct request/response pattern and what you see is what you get. You will wait for the processing the call takes on the other side plus the cost of the remote connection time. Any exceptions thrown will come across the wire in a protocol-acceptable way.

This code acquires a SOAP-based service and calls it:

QName serviceName = new QName("testNameSpace", "soap-repeatTopic");

SOAPService soapService = (SOAPService) GlobalResourceLoader.getService(serviceName);
soapService.doTheThing("hello");

The SOAPService interface needs to be in the client classpath and bindable to the WSDL. The easiest way to achieve this in Java is to create a bean that is exported as a SOAP service. This is the server-side service declaration in a Spring file:

  1 <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  2   ...
  3   <property name="services">
  4     <list>
  5         <bean class="org.kuali.rice.ksb.api.bus.support.SoapServiceDefinition">
  6             <property name="service">
  7               <ref bean="soapService" />
  8             </property>
  9             <property name="localServiceName" value="soap-repeatTopic" />
 10             <property name="serviceNameSpaceURI" value="testNameSpace" />
 11             <property name="priority" value="3" />
 12             <property name="queue" value="false" />
 13             <property name="retryAttempts" value="1" />
 14         </bean>
 15         ...
 16     </list>
 17   </property>
 18 </bean> 

This declaration exposes the bean soapService on the bus as a SOAP available service. The Web Service Definition Language is available at the serviceServletUrl + serviceNameSpaceURI + localServiceName + ?wsdl.

This next code snippet acquires and calls a Java base service:

EchoService echoService = (EchoService)GlobalResourceLoader.getService(new QName("TestCl1", "echoService"));
String echoValue = "echoValue";
String result = echoService.echo(echoValue);

Again, the interface is all that is required to make the call. This is the server-side service declaration that deploys a bean using Spring's HttpInvoker as the underlying transport:

  1 <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  2   ...
  3   <property name="services">
  4     <list>
  5         <bean class="org.kuali.rice.ksb.api.bus.support.SoapServiceDefinition">
  6             <property name="service" ref="echoService" />
  7             <property name="serviceInterface" value="org.kuali.rice.ksb.messaging.remotedservices.EchoService" />
  8             <property name="localServiceName" value="soap-echoService" />
  9             <property name="busSecurity" value="false"></property>
 10         </bean>
 11         ...
 12     </list>
 13   </property>
 14 </bean> 

Below is a description of each property on the ServiceDefinition (JavaServiceDefinition and SOAPServiceDefinition):

To make a call to a service through messaging, acquire the service by its name using the MessageHelper:

QName serviceName = new QName("testAppsSharedQueue", "sharedQueue");

KEWSampleJavaService testJavaAsyncService = (KEWSampleJavaService) KsbApiServiceLocator.getMessageHelper().getServiceAsynchronously(serviceName);

At this point, the testJavaAsyncService can be called like a normal JavaBean:

testJavaAsyncService.invoke(new ClientAppServiceSharedPayloadObj("message content", false));

Because this is a queue, a single message is sent to one of the beans bound to the service name new QName("testAppsSharedQueue", "sharedQueue"). That 'message' is the call 'invoke' and it takes a ClientAppServiceSharedPayloadObj. Typically, messaging is done asynchronously. Messages are sent when the currently running JTA transaction is committed - that is, the messaging layer automatically synchronizes with the current transaction. So, using JTA, even though the above is coded in line with code, invocation is normally delayed until the transaction surrounding the logic at runtime is committed.

When not using JTA, the message is sent asynchronously (by a different thread of execution), but it's sent ASAP.

To review, the requirements to use a service that is exposed to the bus on a different machine are:

To complete the example: Below is the Spring configuration used to expose this service to the bus. This is taken from the file TestClient1SpringBeans.xml:

  1 <!-- bean declaration -->
  2 <bean id="sharedQueue" class=" org.kuali.rice.ksb.testclient1.ClientApp1SharedQueue" />
  3 
  4 <bean id="ksbConfigurer" class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  5   ...
  6   <property name="services">
  7     <list>
  8         <bean class=" org.kuali.rice.ksb.messaging.JavaServiceDefinition">
  9             <property name="service" ref="sharedQueue" />
 10             <property name="localServiceName" value="sharedQueue" />
 11             <property name="serviceNameSpaceURI" value="testAppsSharedQueue" />
 12         </bean>
 13         <... more .../>
 14     </list>
 15   </property>
 16 </bean> 

This is located in the Spring file of the application exposing the service (in other words, the location in which the actual invocation will occur). The client does not need a Spring configuration to invoke the service.

There are two messaging call paradigms, called Topics and Queues. When any number of services is declared a Topic, then those services are invoked at least once or multiple times. If any number of services is declared a Queue, then one and only one service name will be invoked.

You can use Callback objects to get responses from service calls made using messaging. Acquiring a service for use with a Callback:

QName serviceName = new QName("TestCl1", "testXmlAsyncService");
SimpleCallback callback = new SimpleCallback();
KSBXMLService testXmlAsyncService = (KSBXMLService) KsbApiServiceLocator.getMessageHelper().getServiceAsynchronously(serviceName, callback);

testXmlAsyncService.invoke("message content");

When the service is invoked asynchronously, the AsynchronousCallback object's (the SimpleCallback class above) callback method is called.

When message persistence is turned on, this object is serialized with any method call made through the messaging API. Take into consideration that this object (and the result of a method call) may survive machine restart and therefore it's recommended that you NOT depend on certain transient in-memory resources.

Failover works the same whether making direct service calls or using messaging.

Services exported to the bus have automatic failover from the client's perspective. For example, if service A is deployed on machines 1 and 2 and a client happens to get a proxy that points to machine 1 but machine 1 crashes, the KSB will automatically detect that the exception is a result of some network issue and direct the call to machine 2. KSB then removes machine 1 from the registry so new clients to the bus don't try to acquire the service. When machine 1 returns to the network it will register itself with the service registry and therefore the bus.

When a message calls a service, the failover rules determine which service KSB assigns (topic or queue) to the message.

Because queues require only one call between all beans bound to the queue, if a single call to a queue fails, failover to the next bean occurs. If successful, the call is done. If it is not successful, it continues until a suitable bean is found. If none is found, the message is marked for retry later. Eventually, the message either goes to KSB exception messaging or successfully completes.

If a machine in a topic is unavailable, a failed call to that machine will continue to be retried until that call is successful or that call goes into KSB exception messaging.

When any number of services is bound to a queue and a method is invoked, one and only one service gets the invocation.

When any number of services is bound to a topic and a method is invoked, all services are invoked AT LEAST once or multiple times.

org.kuali.rice.ksb.messaging.MessageFetcher is a Runnable that needs to be configured by the client application to retrieve stored messages from the database that weren't processed when the node went down. This can happen for many reasons. The machine can be under load and just crash.

When message persistence is enabled, a service that fails or throws an Exception stores preprocessed messages in the database until they can be resent. This makes certain that a crash or emergency restart of your machine will not result in message loss.

The KSB does not automatically fetch all these messages and attempt to invoke them when it starts, because often the KSB is started when the services the messages are bound for are not yet started. For now, you need to decide when to call the run method on the MessageFetcher. Because it's a Runnable, you could also put the MessageFetcher in the KSBThreadPool that is available on the KSBServiceLocator. You could wrap it in a TimerTask, etc. All that is required is this:

new MessageFetcher((Integer) null).run()

Unfortunately, the cast to Integer is required. The MessageFetcher also has a constructor that takes a long variable as a parameter. This can be used to pull any message in the message store and put it in memory for invocation. Integer is a fetch size; null means all.

A service can be exposed by explicitly registering it with the KSBConfigurer module, services property:

  1 <bean class="org.kuali.rice.ksb.messaging.config.KSBConfigurer">
  2     <property name="serviceServletUrl" value="${base url}/MYAPP/remoting/" />
  3     ...
  4     <property name="services">
  5       <list>
  6           <bean class="org.kuali.rice.ksb.api.bus.support.SoapServiceDefinition">
  7               <property name="service">
  8                   <ref bean="mySoapService" />
  9               </property>
 10               <property name="serviceInterface"><value>org.myapp.services.MySOAPService</value></property>
 11               <property name="localServiceName" value="myExposedSoapService" />
 12           </bean>
 13           <bean class="org.kuali.rice.ksb.api.bus.support.JavaServiceDefinition">
 14               <property name="service">
 15                   <ref bean="myJavaService" />
 16               </property>
 17               <property name="serviceInterface">
 18                   <value>org.myapp.services.MyJavaService</value></property>
 19               <property name="localServiceName" value="myExposedJavaService" />
 20           </bean>
 21 

You can also publish Services in any context using the ServiceBusExporter (or PropertyConditionalServiceBusExporter) bean. Note that KSBConfigurer must also be defined in your RiceConfigurer.

  1 <bean id="myapp.serviceBus"
  2         class="org.kuali.rice.core.framework.resourceloader.GlobalResourceLoaderServiceFactoryBean">
  3     <property name="serviceName" value="rice.ksb.serviceBus"/>
  4 </bean>
  5 
  6 <bean id="myAppServiceExporter"
  7         class="org.kuali.rice.ksb.api.bus.support.ServiceBusExporter"
  8         abstract="true">
  9     <property name="serviceBus" ref="myapp.serviceBus"/>
 10 </bean>
 11 
 12 <bean id="myJavaService.exporter" parent="myAppServiceExporter">
 13     <property name="serviceDefinition">
 14         <bean class="org.kuali.rice.ksb.api.bus.support.JavaServiceDefinition">
 15             <property name="service">
 16                 <ref bean="myJavaService" />
 17             </property>
 18             <property name="serviceInterface">
 19                 <value>org.myapp.services.MyJavaService</value>
 20             </property>
 21             <property name="localServiceName" value="myExposedJavaService" />
 22         </bean>
 23     </property>
 24 </bean>
 25 
 26 <bean id="mySoapService.exporter" parent="myAppServiceExporter">
 27     <property name="serviceDefinition">
 28         <bean class="org.kuali.rice.ksb.api.bus.support.SoapServiceDefinition">
 29             <property name="service">
 30                 <ref bean="mySoapService" />
 31             </property>
 32             <property name="serviceInterface">
 33                 <value>org.myapp.services.MySOAPService</value>
 34             </property>
 35             <property name="localServiceName" value="myExposedSoapService" />
 36         </bean>
 37     </property>
 38 
 39 </bean>

The term "Callback Service" refers to services that client applications write and configure and which are used by various modules of Rice including KIM, KEW, and KRMS. Because of the naming convention on these, they are often referred to as "Type Services". These include:

These are typically called back into from the Rice Standalone Server when needing information for rendering of various components in the server-side user interface. Additionally, in some cases they can also be used to provide custom processing hooks for different components of the various Kuali Rice frameworks.

  1 <bean id="sampleAppPeopleFlowTypeService.exporter"
  2       class="org.kuali.rice.ksb.api.bus.support.CallbackServiceExporter"
  3       p:serviceBus-ref="rice.ksb.serviceBus"
  4       p:callbackService-ref="sampleAppPeopleFlowTypeService"
  5       p:serviceNameSpaceURI="http://rice.kuali.org/sample-app"
  6       p:localServiceName="sampleAppPeopleFlowTypeService"
  7       p:serviceInterface="org.kuali.rice.kew.framework.peopleflow.PeopleFlowTypeService"/>

ServiceDefinitions define how the service is published to the KSB. Currently KSB supports three types of services: Java RPC (via serialization over HTTP), SOAP, and JMS.

ServiceNameSpaceURI is the same as the Message Entity that composes the qualified name under which the service is exposed. When omitted, this namespace defaults to the message entity configured for Rice (e.g., in the RiceConfigurer), thereby qualifying the local name. Note: Although this implicit qualification occurs during export, you must always specify an explicit message entity when acquiring a resource, for example:

GlobalResourceLoader.getService(new QName("MYAPP", "myExposedSoapService"))

We show how you can "import" Rice services into the client Spring application context in Configuring KSB Client in Spring. Using this technique, you can also publish Rice services on the KSB:

  1 <!-- import a Rice service from the ResourceLoader stack -->
  2 <bean id="myapp.aRiceService" class="org.kuali.rice.core.framework.resourceloader.GlobalResourceLoaderServiceFactoryBean">
  3     <property name="serviceName" value="aRiceService"/>
  4 </bean
  5 
  6 
  7 <!-- if Rice does not publish this service on the bus, one can explicitly publish it -->
  8 <bean id="myAppServiceExporter"
  9         class="org.kuali.rice.ksb.api.bus.support.ServiceBusExporter"
 10         abstract="true">
 11     <property name="serviceBus" ref="myapp.serviceBus"/>
 12 </bean>
 13 
 14 <bean id="myJavaService.exporter" parent="myAppServiceExporter">
 15     <property name="serviceDefinition">
 16         <bean class="org.kuali.rice.ksb.api.bus.support.JavaServiceDefinition">
 17             <property name="service">
 18                 <ref bean="aRiceService" />
 19             </property>
 20             <property name="serviceInterface" value="org.kuali.rice...SomeInterface" />
 21             <property name="localServiceName" value="aPublishedRiceService" />
 22         </bean>
 23     </property>
 24 </bean>

Rice is composed of a set of modules that provide distinct functionality and expose various services.

The GlobalResourceLoader is the top-level entry point through which all application code should go to obtain services. The getService call will iterate through each registered ResourceLoader, looking for the service of the specified name. If the service is found, it is returned, but if it is not found, ultimately the call will reach the RemoteResourceLoader. The Root ResourceLoader is registered by the KSB module that exposes services that have been registered on the bus.

Remote service proxies obtained through the resource loader stack using getService(QName) (ultimately through the ServiceBus) are inherently synchronous. In the presence of multiple service registrations, the ServiceBus will choose one at random.

When invoking services asynchronously through the MessageHelper, an asynchronous service call proxy will be constructed with all available service definitions. The MessageServiceInvoker is called to invoke each service. If the service is defined as a queue service, then the ServiceBus will be consulted in a similar fashion to determine a single service to call. After the first queue service invocation the MessageServiceInvoker will return.

The simplest way to invoke a topic service is using the MessageHelper functions to invoke the service asynchronously. As described above for an asynchronous queue invocation, an asynchronous service call proxy will be constructed with the list of all of the services registered as a topic under the given name. Each of these services will be independently obtained and invoked by the MessageServiceInvoker.

Invoking a topic synchronously, however, requires use of a synchronous service call proxy to aggregate all of the topic's services. This functionality is not directly available via the ServiceBus API because the ServiceBus acts as a facade for direct service invocation.

To invoke a topic synchronously, you can construct a SynchronousServiceCallProxy using SynchronousServiceCallProxy.createInstance, passing the list of Endpoint obtained using ServiceBus.getEndpoints(QName). This is done, for example, by MessageHelperImpl when the bus has been forced into synchronous mode via the message.delivery config param.

The synchronous service call proxy is the same as the asynchronous service call proxy, except that it does not queue up the invocation, it will invoke it blockingly. The same queue/topic distinctions described above apply when you invoke a topic synchronously. Under the normal queue situation, use of the synchronous service call proxy is not necessary because, as mentioned above, remote services obtained through the ServiceBus are naturally synchronous. You can see this in the example below:

List<Endpoint> servicesToProxy = KsbApiServiceLocator.getServiceBus().getEndpoints(qname);

SynchronousServiceCallProxy sscp = return SynchronousServiceCallProxy.createInstance(servicesToProxy, callback, context, value1, value2);

In addition to the configuration parameters available in the KRice configuration system, the KSBConfigurer bean has some properties that can be injected to configure it:

To expose a simple JAX-RS annotated service on the bus, you can follow this recipe for your spring configuration (which comes from the Rice unit tests):

  1 <!-- The service implementation you want to expose -->
  2 
  3 <bean id="baseballCardCollectionService" class="org.kuali.rice.ksb.testclient1.BaseballCardCollectionServiceImpl"/>
  4 
  5 
  6 <!-- The service definition which tells the KSB to expose our RESTful service -->
  7 <bean class="org.kuali.rice.ksb.messaging.RESTServiceDefinition">
  8     <property name="serviceNameSpaceURI" value="test" />
  9 
 10 
 11     <!-- as noted earlier, the servicePath property of RESTServiceDefinition can't be set here  -->
 12 
 13 
 14     <!-- The service to expose.  Refers to the bean above -->
 15     <property name="service" ref="baseballCardCollectionService" />
 16 
 17 
 18     <!-- The "Resource class", the class with the JAX-RS annotations on it.  Could be the same as the  -->
 19     <!-- service implementation, or could be different, e.g. an interface or superclass    -->
 20   
 21     <property name="resourceClass" 
 22 value="org.kuali.rice.ksb.messaging.remotedservices.BaseballCardCollectionService" />
 23 
 24 
 25     <!-- the name of the service, which will be part of the RESTful URLs used to access it -->
 26     <property name="localServiceName" value="baseballCardCollectionService" />
 27 </bean>
 28 

The following java interface uses JAX-RS annotations to specify its RESTful interface:

  1 // … eliding package and imports
  2 
  3 @Path("/")
  4 public interface BaseballCardCollectionService {
  5     @GET
  6     public List<BaseballCard> getAll();
  7 
  8 
  9     /**
 10       * gets a card by it's (arbitrary) identifier
 11       */
 12     @GET
 13     @Path("/BaseballCard/id/{id}")
 14     public BaseballCard get(@PathParam("id") Integer id);
 15     /**
 16       * gets all the cards in the collection with the given player name
 17       */
 18     @GET
 19     @Path("/BaseballCard/playerName/{playerName}")
 20     public List<BaseballCard> get(@PathParam("playerName") String playerName);
 21 
 22 
 23     /**
 24       * Add a card to the collection.  This is a non-idempotent method
 25       * (because you can add more than one of the same card), so we'll use @POST
 26       * @return the (arbitrary) numerical identifier assigned to this card by the service
 27       */
 28     @POST
 29     @Path("/BaseballCard")
 30     public Integer add(BaseballCard card);
 31 
 32 
 33     /**
 34       * update the card for the given identifier.  This will replace the card that was previously
 35       * associated with that identifier.
 36       */
 37     @PUT
 38     @Path("/BaseballCard/id/{id}")
 39     @Consumes("application/xml")
 40     public void update(@PathParam("id") Integer id, BaseballCard card);
 41 
 42 
 43     /**
 44       * delete the card with the given identifier.
 45       */
 46     @DELETE
 47     @Path("/BaseballCard/id/{id}")
 48     public void delete(@PathParam("id") Integer id);
 49 
 50     /**
 51       * This method lacks JAX-RS annotations
 52       */
 53     public void unannotatedMethod();
 54 }

Acquisition and use of this service over the KSB looks just like that of any other KSB service. In the synchronous case:

BaseballCardCollectionService baseballCardCollection = (BaseballCardCollectionService) GlobalResourceLoader.getService(new QName("test", "baseballCardCollectionService");
);


List<BaseballCard> allMyMickeyMantles = baseballCardCollection.get("Mickey Mantle");
// baseballCardCollection.<other service method>(...)
// etc

It is also possible to aggregate multiple Rice service implementations into a single RESTful service where requests to different sub-paths off of the base service URL can be handled by different underlying services. This may be desirable to expose a RESTful service that is more complex than could be cleanly factored into a single java service interface.

The configuration for a composite RESTfull service looks a little bit different, and as might be expected given the one-to-many mapping from RESTful service to java services, there are some caveats to using that service over the KSB. Here is a simple example of a composite service definition (which also comes from the Rice unit tests):

  1 <bean class="org.kuali.rice.ksb.messaging.RESTServiceDefinition">
  2     <property name="serviceNameSpaceURI" value="test" />
  3     <property name="localServiceName" value="kms" />
  4     <property name="resources">
  5         <list>
  6             <ref bean="inboxResource"/>
  7             <ref bean="messageResource"/>
  8         </list>
  9     </property>
 10     <property name="servicePath" value="/" />
 11 </bean>
 12 
 13 
 14 <!-- the beans referenced above are just JAX-RS annotated Java services -->
 15 <bean id="inboxResource" class="org.kuali.rice.ksb.testclient1.InboxResourceImpl">
 16     <!-- ... eliding bean properties ... -->
 17 </bean>
 18 <bean id="messageResource" class="org.kuali.rice.ksb.testclient1.MessageResourceImpl">
 19     <!-- ... eliding bean properties ... -->
 20 
 21 </bean>

As you can see in the bean definition above, the service name is kms, so the base service url would by default (in a dev environment) be http://localhost:8080/kr-dev/remoting/kms/. Acquiring a composite service such as this one on the KSB will actually return you a org.kuali.rice.ksb.messaging.serviceconnectors.ResourceFacade, which allows you to get the individual java services in a couple of ways, as shown in the following simple example:

ResourceFacade kmsService =
 (ResourceFacade) GlobalResourceLoader.getService(
new QName(NAMESPACE, KMS_SERVICE));


// Get service by resource name (url path)
InboxResource inboxResource = kmsService.getResource("inbox");
// Get service by resource class
MessageResource messageResource = kmsService.getResource(MessageResource.class);

There are some properties on the RESTServiceDefinition object that let you do more advanced configuration:

This documentation will illustrate how to interact with the a base KSB using the expected bus security. The examples will include a SoapUI client and a Java client application. Both of these examples can be used with the demo Rice implementation available at: http://demo.rice.kuali.org/portal.do

The base SOAP services published on the KSB all rely on the use of the Rice Java Keystore included with the base Rice implementation. It is imperative that the client applications use the same rice.keystore file that the server is using. The Rice Administration menu provides an interface where an alias can be added to a new keystore and that new keystore is downloaded by your browser. See the notes on why this approach does not work for newly added aliases.

See this for information on obtaining a rice.keystore.

When consuming SOAP webservices with Java, two approaches are typical: a SoapUI client with tests and assertions, and a Java client application.

SoapUI

Java client application

SOAP request

Kuali Rice Java Keystore (jks)

If you already have a running Rice instance, chances are you are already using, or have configured, a Rice keystore.

The links provided here are for convenience in finding the latest default keystore from source.

Kuali locations

Rice provides an interface for creating new aliases and producing new keystore files.

However, both the server and the client must be using the same PrivateKeyEntry or trustedCertEntry. These are identified inside of your keystore by the owner, issuer, and serial number values. So, in using this interface to create a new alias which produces a new keystore, you will not be able to use the new alias since the new keystore will not be used by the server. You can use the new keystore but only with the alias (representing the cert) that the server is expecting - namely 'rice'.

keytool inspection of keystore

  1 $ keytool -list -v -keystore rice.keystore
  2 Enter keystore password:
  3  
  4 Keystore type: JKS
  5 Keystore provider: SUN
  6  
  7 Your keystore contains 1 entry
  8  
  9 Alias name: rice
 10 Creation date: Oct 10, 2007
 11 Entry type: PrivateKeyEntry
 12 Certificate chain length: 1
 13 Certificate[1]:
 14 Owner: CN=rice
 15 Issuer: CN=rice
 16 Serial number: 470d1315
 17 Valid from: Wed Oct 10 10:59:49 PDT 2007 until: Sat Sep 22 10:59:49 PDT 2018
 18 Certificate fingerprints:
 19          MD5:  53:73:B3:E6:39:56:73:AA:98:D4:A9:2D:C6:36:A2:DB
 20          SHA1: 86:4B:D2:54:39:D8:9B:B2:97:A9:B3:1A:32:B3:1F:12:83:A5:1F:4F
 21          Signature algorithm name: MD5withRSA
 22          Version: 1
 23  
 24  
 25 *******************************************
 26 *******************************************            

SoapUI is an excellent client for exercising, and automated testing of, SOAP services.

The steps necessary for a SoapUI Client include:

Creating the SoapUI project

Create a new SoapUI project and provide the location of the WSDL.

http://demo.rice.kuali.org/remoting/soap/location/v2_0/campusService?wsdl

Figure 22.1. Create a new SoapUI project

Identifying rice.keystore to the SoapUI project

With the project highlighted, use the Enter key to bring up the project attributes.

• choose the WS-Security Configurations parent tab

• choose the Keystores child tab

• add our keystore

  1. Navigate to the location of your rice.keystore

  2. Provide the keystore password (r1c3pw is the default)

  3. Choose a default alias of rice

  4. Provide the alias password (also r1c3pw is the default)

The interface should report the Status of "OK" if the keystore is found and accessible with the keystore password provided.

Figure 22.2. Identify rice.keystore to the SoapUI project

Configure using the keystore for outgoing requests

Still within the project attributes:

• choose the WS-Security Configurations parent tab

• choose the Outgoing WS-Security Configurations child tab

• add a new configuration

• provide an internal name for the configuration

• provide the alias name of rice

• provide the alias password (r1c3pw is the default)

• add a Signature action

  1. Choose our rice.keystore keystore

  2. Choose our rice alias

  3. Provide our alias password (r1c3pw)

  4. The Key Identifier and Serial Number should be defaulted and is the desired choice.

  5. Leave the other entries as default

When done with the project attributes, close the attributes window.

Figure 22.3. Identify rice.keystore to the SoapUI project

Associating our WS-Security Outgoing Configurations to a request

Expand the project tree to find our desired request of findAllCampuses

• click on the Request1 name

• find the Aut (short for Authentication) button at the bottom of the window

• choose our internal name for the outgoing configuration

Figure 22.4. Associate Outgoing Config to a Request

Execute the request

Click the green triangle "run" button at the top of the window to execute the request

• the request should execute successfully and return an XML structure which includes attributes on each of the 12 campuses defined in the demo Rice data set

Figure 22.5. Execute request

The generation of a Java client application is relatively easy using the capabilities of JDK1.6 and Apache CXF libraries.

The steps outlined below include:

  1 wsimport
  2 $ wsimport -keep -Xnocompile -verbose http://demo.rice.kuali.org/remoting/soap/location/v2_0/campusService?wsdl
  3 parsing WSDL...
  4  
  5  
  6 generating code...
  7  
  8 org\kuali\rice\core\v2_0\AbstractPredicate.java
  9 org\kuali\rice\core\v2_0\AndType.java
 10 org\kuali\rice\core\v2_0\CompositePredicateType.java
 11 org\kuali\rice\core\v2_0\EqualIgnoreCaseType.java
 12 org\kuali\rice\core\v2_0\EqualType.java
 13 org\kuali\rice\core\v2_0\GreaterThanOrEqualType.java
 14 org\kuali\rice\core\v2_0\GreaterThanType.java
 15 org\kuali\rice\core\v2_0\IllegalArgumentFault.java
 16 org\kuali\rice\core\v2_0\InIgnoreCaseType.java
 17 org\kuali\rice\core\v2_0\InType.java
 18 org\kuali\rice\core\v2_0\LessThanOrEqualType.java
 19 org\kuali\rice\core\v2_0\LessThanType.java
 20 org\kuali\rice\core\v2_0\LikeType.java
 21 org\kuali\rice\core\v2_0\NotEqualIgnoreCaseType.java
 22 org\kuali\rice\core\v2_0\NotEqualType.java
 23 org\kuali\rice\core\v2_0\NotInIgnoreCaseType.java
 24 org\kuali\rice\core\v2_0\NotInType.java
 25 org\kuali\rice\core\v2_0\NotLikeType.java
 26 org\kuali\rice\core\v2_0\NotNullType.java
 27 org\kuali\rice\core\v2_0\NullType.java
 28 org\kuali\rice\core\v2_0\ObjectFactory.java
 29 org\kuali\rice\core\v2_0\OrType.java
 30 org\kuali\rice\core\v2_0\QueryByCriteriaType.java
 31 org\kuali\rice\core\v2_0\package-info.java
 32 org\kuali\rice\location\v2_0\CampusQueryResultsType.java
 33 org\kuali\rice\location\v2_0\CampusService.java
 34 org\kuali\rice\location\v2_0\CampusService_Service.java
 35 org\kuali\rice\location\v2_0\CampusType.java
 36 org\kuali\rice\location\v2_0\CampusTypeQueryResultsType.java
 37 org\kuali\rice\location\v2_0\CampusTypeType.java
 38 org\kuali\rice\location\v2_0\FindAllCampusTypes.java
 39 org\kuali\rice\location\v2_0\FindAllCampusTypesResponse.java
 40 org\kuali\rice\location\v2_0\FindAllCampuses.java
 41 org\kuali\rice\location\v2_0\FindAllCampusesResponse.java
 42 org\kuali\rice\location\v2_0\FindCampusTypes.java
 43 org\kuali\rice\location\v2_0\FindCampusTypesResponse.java
 44 org\kuali\rice\location\v2_0\FindCampuses.java
 45 org\kuali\rice\location\v2_0\FindCampusesResponse.java
 46 org\kuali\rice\location\v2_0\GetCampus.java
 47 org\kuali\rice\location\v2_0\GetCampusResponse.java
 48 org\kuali\rice\location\v2_0\GetCampusType.java
 49 org\kuali\rice\location\v2_0\GetCampusTypeResponse.java
 50 org\kuali\rice\location\v2_0\ObjectFactory.java
 51 org\kuali\rice\location\v2_0\RiceIllegalArgumentException.java
 52 org\kuali\rice\location\v2_0\package-info.java

  1 pom.xml
  2 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  3   <modelVersion>4.0.0</modelVersion>
  4   <groupId>edu.somewhere</groupId>
  5   <artifactId>ksb-campusservice-client</artifactId>
  6   <version>0.0.1-SNAPSHOT</version>
  7   <dependencies>
  8     <dependency>
  9         <groupId>org.apache.cxf</groupId>
 10         <artifactId>cxf-rt-frontend-jaxws</artifactId>
 11         <version>2.7.3</version>
 12     </dependency>
 13     <dependency>
 14         <groupId>org.apache.cxf</groupId>
 15         <artifactId>cxf-rt-ws-security</artifactId>
 16         <version>2.7.3</version>
 17     </dependency>
 18     <dependency>
 19         <groupId>junit</groupId>
 20         <artifactId>junit</artifactId>
 21         <version>4.11</version>
 22         <scope>test</scope>
 23     </dependency>
 24   </dependencies>
 25 </project>

  1 client-sign.properties
  2 # Properties for the KSB Client Test classes
  3  
  4 # properties for accessing the java keystore using Merlin
  5 org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
  6 org.apache.ws.security.crypto.merlin.keystore.type=jks
  7 org.apache.ws.security.crypto.merlin.keystore.password=r1c3pw
  8 org.apache.ws.security.crypto.merlin.keystore.alias=rice
  9 org.apache.ws.security.crypto.merlin.keystore.file=rice.keystore            

As we decrease the direct database access from Rice clients and expose services remotely, service-level caching becomes more important. Previously in Rice we didn't approach caching with a standard comprehensive solution. This was problematic for many reasons explained later in the document. As caching starts to take a greater role in Rice it is clear that we must have a well thought out plan for caching. The caching solution we are looking for and have implemented must have the following properties:

Spring 3.1 includes a declarative cache abstraction API. This is an annotation driven approach which significantly reduces caching logic. The only thing service authors should have to do is annotate service interfaces (or implementation code) with Spring cache annotations. For example:

  1 @Cacheable(value="foo", key="#p0")
  2 public Foo getFoo(String id);
  3  
  4 @CacheEvict(value = "foos", allEntries=true)
  5 public Foo updatefoo(Foo f);

Then the service implementation would look like:

public Foo getFoo(String id) {
  return getFooFromDB(id);
}
 
public Foo updatefoo(Foo f) {
  return updateinDB(f);
}

All the boilerplate caching logic has been magically melted away through the wonders of AOP proxies. When Spring creates a Spring managed service (bean) it will automatically return a proxy containing caching logic. This works great for most cases, but falls apart when clients are calling services remotely. This is because the remote proxy is not created by Spring, but is instead created by the KSB (ServiceConnectorFactory). In order to handle this case, we will need to directly cache proxy our remote proxies.

To make sure the annotations are actually being read by Spring, we must include the following in our Spring xml files:

  1 <cache:annotation-driven />

and declare a cache manager like:

  1 <bean id="cacheManager" class="org.springframework.cache.ehcache.EhcacheCacheManager" p:cache-manager="ehcache"/>
  2  
  3 <!-- Ehcache library setup -->
  4 <bean id="ehcache" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean" p:config-location="ehcache.xml"/>

Due to the fact that Spring is using proxies, there is a slight overhead in going through an extra layer. This will probably not be a problem, but if it is, Spring provides the option to use aspectj and aspect weaving. This will remove the proxying at the expense of complexity.

Figure 23.1. Cache Proposal

The above proposal has been put to code, which here is explained in more detail. To understand the various parts of the Spring Cache abstraction and the implementation it is recommended to read the Spring cache documentation before going any further.

  1 FooService.java
  2 interface FooService {
  3    
  4   //demonstrates a simple argument
  5   @Cacheable(value=Foo.Cache.NAME, key="'id=' + #p0")
  6   Foo getFoo(String id);
  7    
  8   //demonstrates a complex argument - build a string. No using the actual object as key
  9   @Cacheable(value=Foo.Cache.NAME, key="'name=' + #p0.name + '|' + 'name=' + #p0.code")
 10   Foo getFooByNameAndCode(NameAndCode nc);
 11  
 12   //demonstrates no arguments.  making up a key
 13   @Cacheable(value=Foo.Cache.NAME, key="all")
 14   Collection<Foo> findAllFoos();
 15  
 16   //demonstrates a single evict. 
 17   //We need to be careful here because if multiple
 18   //"keys" hold the FooType object then the allEntries must be true*
 19   @CacheEvict(value=FooType.Cache.NAME, key="'id=' + #p0")
 20   void updateNameOnFooType(String id, String name);
 21  
 22   //demonstrates a complete evict.
 23   @CacheEvict(value=Foo.Cache.NAME, allEntries=true)
 24   void addFoos(Collection<Foo> foos);
 25 }

  1 FooSpringBeans.xml
  2 <beans>
  3   <!-- tell Spring to look for cache annotations and which CacheManager to use -->
  4   <cache:annotation-driven cache-manager="fooDistributedCacheManager" />
  5  
  6   <!-- 
  7      create a local CacheManager.  Cache operations on this CacheManager only happen
  8      against the application's local cache.  
  9      Can use any cache implementation: java.util.concurrent, ehcache, etc.
 10    -->
 11   <bean id="fooLocalCacheManager" class="org.springframework.cache.support.SimpleCacheManager">
 12     <property name="caches">
 13       <set>
 14         <bean class="org.springframework.cache.concurrent.ConcurrentMapCacheFactoryBean"
 15           p:name="#{T(org.Kuali.Rice.module.api.foo.Foo$Cache).NAME}"/>
 16         <bean class="org.springframework.cache.concurrent.ConcurrentMapCacheFactoryBean"
 17           p:name="#{T(org.Kuali.Rice.module.api.foo.FooType$Cache).NAME}"/>
 18       </set>
 19     </property>
 20   </bean>
 21  
 22   <!-- 
 23        Wrap the local CacheManager in a decorator to enable distributed cache
 24        operations across the Kuali ecosystem.
 25    -->
 26   <bean id="fooDistributedCacheManager" class="org.Kuali.Rice.core.impl.cache.DistributedCacheManagerDecorator">
 27     <!-- the local CacheManager to wrap -->
 28     <property name="cacheManager" ref="sharedDataLocalCacheManager" />
 29     <!-- the ksb service to lookup and call CacheService Enpoints asynchronously -->
 30     <property name="messageHelper" ref="Rice.ksb.messageHelper" />
 31     <!-- the name of the endpoint to call.  Must be the same (for this module) across all applications in the Kuali ecosystem -->
 32     <property name="serviceName" value="{http://Rice.Kuali.org/foo/2_0}fooModuleCacheServiceSoap" />
 33     <!-- 
 34          how long to wait in milliseconds before flushing the distributed cache queue and sending distributed flush messages.
 35          defaults to 60000 (60 seconds).
 36      -->
 37     <property name="flushQueueMaxWait" value="${Rice.cache.flush.queue.max.wait}" />
 38   </bean>
 39  
 40   <!-- 
 41     Service that should be exposed on the ksb to receive messages from the distributed cache manager.
 42     Notice it handles calling into the *local* CacheManager.
 43    -->
 44   <bean id="fooCacheService" class="org.Kuali.Rice.core.impl.cache.CacheServiceImpl"
 45         p:cacheManager-ref="fooLocalCacheManager" />
 46 </beans>

  1 FooServiceBusSpringBeans.xml
  2 <beans>
  3   <!-- export the CacheService on the service bus to receive distributed cache messages for the foo module-->
  4   <bean parent="fooRemoteServiceExporter">
  5     <property name="serviceBus" ref="Rice.ksb.serviceBus"/>
  6     <property name="serviceDefinition">
  7       <bean parent="fooJaxWsSoapService"
  8             p:service-ref="fooCacheService"
  9             p:localServiceName="fooCacheServiceSoap"/>
 10     </property>
 11     <property name="exportIf" value="fooCacheServiceSOAP.expose"/>
 12   </bean>
 13 </beans>

  1 
  2 GlobalResourceLoader.getService("alternateDistributedCacheManager").getCache("the_cache_to_retrieve").evict("the_specific_key");

GlobalResourceLoader.getService("fooDistributedCacheManager").getCache("the_cache_to_retrieve").evict("the_specific_key");

  1 @Cacheable(value= Group.Cache.NAME, key="'{getAttributes}' + 'groupId=' + #p0")

  1 @Cacheable(value= Group.Cache.NAME, key="'id=' + #p0")

Putting it all together

Below are a couple pseudo examples of UML sequence diagrams to help illustrate a couple standard call flows.

Figure 23.2. Standard call flow 1

Figure 23.3. Standard call flow 2

  1 <bean id="sharedDataLocalCacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
  2   <property name="cacheManager">
  3     <bean class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean"
  4        p:config-location="${shareddata.ehcache.config.location}"/>
  5   </property>
  6 </bean>

  1 <!-- this assumes org.jboss.JBossCacheManager implements the org.springframework.cache.support.CacheManager interface -->
  2 <bean id="sharedDataLocalCacheManager" class="org.jboss.JBossCacheManager">
  3   <!--...-->
  4 </bean>

  1 <bean id="sharedDataDistributedCacheManager" class="org.Kuali.Rice.core.impl.cache.DistributedCacheManagerDecorator">
  2   <property name="cacheManager" ref="sharedDataLocalCacheManager" />
  3   <property name="messageHelper" ref="Rice.ksb.messageHelper" />
  4   <property name="serviceName" value="{http://Rice.Kuali.org/shareddata}sharedDataCacheServiceSoap" />
  5 </bean>

  1 <bean id="sharedDataCacheService" class="org.Kuali.Rice.core.impl.cache.CacheServiceImpl"
  2   p:cacheManager-ref="sharedDataLocalCacheManager" />

  1 <bean parent="sharedDataRemoteServiceExporter">
  2   <property name="serviceBus" ref="Rice.ksb.serviceBus"/>
  3   <property name="serviceDefinition">
  4     <bean parent="sharedDataJaxWsSoapService"
  5           p:service-ref="sharedDataCacheService"
  6           p:localServiceName="sharedDataCacheServiceSoap"/>
  7   </property>
  8   <property name="exportIf" value="sharedDataCacheServiceSOAP.expose"/>
  9 </bean>

  1 <cache:annotation-driven cache-manager="jbossDistributedCacheManager" />

  1 <cache:annotation-driven cache-manager="sharedDataDistributedCacheManager" />

  1 <cache:annotation-driven cache-manager="sharedDataDistributedCacheManager" mode="aspectj" />

Kuali Rice JIRA

Design/Code Review

Spring Cache Abstraction

EhCache

Spring enhancement JIRA #1

Spring enhancement JIRA #2

Spring bug JIRA #1

Rice 2.0 Wiki - Compatibility Refactoring - Caching Infrastructure