An overview of a SOA Architecture

09/11/2012 1 comment

Hi, Folks!

I know it’s been quite a while since I’ve last posted in here… lots of projects ­čÖé

As things are evolving on SOA, I would like to give my two cents here about SOA Architectures. So, just to begin the subject, I would like to introduce…

What is SOA?

SOA stands for Service-Oriented Architecture (as you probably know by now ­čśë ). But, WTH is a service?

The efforts to define a service have gone really far, but no one seems to be able to really define a service. People are able to describe a service by how it should be, not by what it actually is. According to Thomas Erl (, a service should:

  • Have a standardized service contract
  • Promote loose coupling
  • promote abstraction
  • be reusable
  • be autonomous
  • be stateless
  • be discoverable
  • be composable

OK, but what does it mean in terms of real-world services?

It means that you should design your services to be as granular as possible to promote composability and reusability. It also means that these services should be stateless (i.e., they should not assume that the server is in a state a previous request set it on); these services should be autonomous (i.e., they should not depend on other services to perform it’s actual task – unless, of course, we are talking about a composition); they should be discoverable (i.e., you should have some kind of directory where you can find the service that performs the task you are looking for); they should be loose coupled to each other; and last but not least, they should have a contract you can rely on – one that is standardized such as your clients will not have trouble when using your service.

Note that, so far, no one has talked about WS-* or REST. That’s because SOA is not defined in terms of technology, or tools, or whatever. SOA is based on a set of good practices, in order to ensure ROI (Return of Investment). BTW, of course SOA is not that cheap (studies prove that a brand new implementation of SOA is 30% more expensive in the initial phases, but they pay off over time).

But, getting back to technology… nor WS-* nor REST define SOA. You can have lots of WS-* Web Services on your architecture, or lots of REST services on your architecture, but still have no SOA. Again: SOA is based on practices, not technology. Of course, enterprises over the world have developed tools to help achieve the goals (some of them don’t even give so much help ;)), but the tools are not the end – they are the means.

If you define your architecture such as enough business logic is exposed as services (again, no one is talking about technology here), then you will have SOA.

Buuuut… here comes the little lines at the bottom.

Why my company always talk about technology and vendors when it comes to SOA?

The truth is that it can be very hard to promote SOA within the terms mentioned above (or, at least, to do so without tools). That’s why companies almost always have SOA with WS-* and tooling. It’s really hard to have directories of services without any kind of tools, and it’s very hard to promote service discovery without WSDL’s (OK, REST has got WADL, but it hasn’t got to a level where every REST service has one. Actually, REST doesn’t need WADL, and that’s not the case with WS-* services).

Also, even that your company decides to make its own tooling to promote these practices, it can be very hard as well to comply with non-functional requirements, such as performance, monitorability, scalability, etc. Remember that these services are granular, and that the traffic over network is XML/JSON. Imagine lots of services doing marshalling / unmarshalling of these data everywhere.

So, the first tool that came around to solve these problems is the ESB.

WTH is an ESB?

ESB stands for Enterprise Service Bus. As the name says, it is nothing but a bus to your services. But, wait… a bus that takes what to what?

The responsability of an ESB is to map requests from a client (usually, these clients see a service, with a contract and everything else) to… somewhere. Really, the ESB may lead to a WS-*, a REST service, the file system, BPEL (I’ll talk about this one later), JMS, and lots of other protocols. Actually, it should be able to transform any protocol to any protocol. But, of course, this very core of an ESB may lead to accomplish several other purposes. Take monitorability, for example: if an ESB will map these protocols, and data will pass through it, it may take metrics over it, and map response times, success rate, failure rates, fire alerts when these metrics reach a given threshold, and so on. Also, it may guarantee security to these services (by exposing only the ESB for clients, and inserting some assertions to routings), as well as several other things.

Also, an ESB may promote security by an application level. They usually have a feature known as throttling, which prevents a client from sending too much data (so much it can cause service failure). Of course, these kind of stuff should be ensured within XML Schemas, but they know detailed schemas are hard to maintain inside an ecosystem of dozens, hundreds or even thousands of web services.

But what an ESB does not do is to recompose requests. Remember service composability? That’s not the function of an ESB (although some of them even do it). Service composability requires a more business-oriented tool, something like…


BPEL stands for Business Process Execution Language. It is the industry’s standard for composing workflows, made of several web service calls. What it does is not only the workflow, but handling of several issues, like:

  • expose the composition as a web service itself;
  • rolling back of failed transactions (known as compensatory transactions);
  • keeping the state of transactions, both in case of server failure as for auditing;
  • optimizing the calls to the several web services it may compose;
  • keeping the flow visual, i.e., to ease the development and/or auditing.

As you may have realized, BPEL is specialized in keeping state of stuff. I know, web services should be stateless, and BPEL is – from the point of view of the client. But it keeps the state of the compositions for more pragmatic stuff like the mentioned above. It is conceptually different from an ESB as ESB’s should not keep the state of the requests, anywhere.

So, how to organize these together?

A good architecture should leverage all non-functional requirements and, at the same time, be able to change whenever it is needed. It’s a bit hard to talk about this subject in a single blog post, but within the mentioned features above, a good architecture could be like this:

Yes, I totally suck at drawing =/

As the picture doesn’t make justice to the thought, let me explain it:

As an ESB does every kind of transformation, protocol A -> protocol B (doesn’t mean, of course, that A is different from B), it is fair to place all data traffic over it, just to place metrics, alerts, throttling, and everything else, onto it. BPEL, WS-* services, REST services, and so on, will be accessible through it, and BPEL will not see directly the other services, but will reference the services that are already placed inside the ESB.

Of course this architecture has a huge drawback: too much overhead inside one piece. The ESB, here, must be intensively took care of (I hope your company has some baby sitters! =D). It means that maybe a few network cards, some gigabytes of RAM, and clustered to some four, five nodes. But believe me, depending on the number of services your company has (maybe the very size of the company), it totally pays off. Of course, maybe does not make sense if you have only a few services, but I’m talking here of a few hundreds (or thousands) of services.


You should not believe a single word that’s written here =D (Just kidding!)

Architectures don’t come inside a box. You need to be very very extra judiciously to analyze whether you need to place these kind of stuff in your company. Perhaps you don’t really need BPEL. Perhaps you don’t really need an ESB at all. Perhaps you need it but you can’t afford it. Perhaps it makes more sense having REST services than WS-* and these bunch of stuff. Every single aspect of SOA comes with positives and negatives. What you need to do is to analyze these points and carefully think if you really need the positives and if you can handle the negatives.

Quickstart series: Spring+Spring Security+Jersey+Hibernate

01/03/2012 3 comments

I’m starting the ‘quickstart series’ – the initial post will be about these four technologies, integrated and fully functional.

The project is built with Maven and Eclipse, sou you may be able to checkout it and import it on your Eclipse (or other environments compatible with Eclipse, like Netbeans).

It is configured with:

Spring and Spring Security 3.0.5
Jersey 1.9
Hibernate 3.4.0
JPA 1.0
MySQL 5.1

If you want a different configuration, feel free to modify it as you wish and, if you don’t mind, please take a few minutes to update the repository. By the way, it is Feel free to clone it and have a bootstrap on your project.


Categories: Uncategorized Tags: , , , , , , , ,

Oracle BPEL Hello World

Hi, everybody! Today, I┬┤m gonna show you how to do a hello world using Oracle┬┤s BPEL engine. You are gonna need:

  • A properly installed SOA Suite , 11g (I┬┤m not gonna show here how to install it, but there are plenty of good stuff on this subject on the web);
  • A JDeveloper 11g with SOA Extensions enabled
  • A test tool named SOAP UI

So, let┬┤s do it: start your SOA Suite and JDeveloper. Once your JDeveloper is open, right-click the applications area, as shown in the figure:

Then, select the menu “SOA Tier” and the SOA Project:

Select your project┬┤s name and the project technology (in our case, SOA):

Create your project using Composite with BPEL (as it should be just a simple BPEL project; some day I will explain here what the other types are):

Select the synchronous template and mark the “expose as a SOAP service” checkbox:

Then, you should see something similar to the image:

Click on the assign component and drag it to the diagram. You see highlighted positions; they are places where you can drop the component:

Place the assign in the proper position:

Then, double click the just-placed component. You should see an image similar to the next one:

Click the ‘plus’ icon and you will see the following options:

Once doing so, click the “copy operation” option. You should see the following screen:

Expand both sides until you see the following screen (you should select the options, too):

Then, click OK. You will get back to the previous screen. Select the “general” tab and change the name of the operation to “AssignEcho”, like the screen:

Click OK and you will get back to the BPEL Designer screen. Now, it┬┤s time to deploy our process. Right-click your project, and you should see a menu like the following:

As you maybe don┬┤t have a connection in place, select the “new connection” option. Then, follow the wizard:

I┬┤m assuming here that your username is weblogic (and you know the password as well):

Also, I┬┤m assuming here that your SOA Suite is loaded on localhost, port 7001 (or 7002 if it┬┤s SSL), with a domain loaded to soa_domain. They are the defaults.

Then, click “test connection”. If everything is OK, you should see the “8 of 8 tests succesful” status message.

Click OK and, once again, you will get back to the BPEL Designer screen. Now, your new connection should be available on the connections list:

Click the newly-created connection and you should see the deploy screen:

While deploying, it should ask for username and password:

Then, access the Enterprise Manager site (for me, it is available on http://localhost:7001/em). Once inputting the username and password, you should see the following screen:

Expand the selections according to the image and select your newly-deployed project:

If you click the “test” button, you should see a screen like this:

Personally, I don┬┤t like using the enterprise manager to test my services, for personal reasons. So, I┬┤d rather using SOAP UI. Select the WSDL of your service and then, create a project in SOAP UI, like this one:

Once doing so, SOAP UI will create a screen like the following (if everything is OK, change the interrogation sign for “hello, world!” or anything like this):

If everything is OK, then you should see a screen like this:

And that┬┤s it! Your BPEL Process is working, as it is echoing every phrase you input to it. If you want to go further, try to explore the Assign component and the others, to improve your knowledge.

See ya!

Categories: BPEL Tags: , , ,

Help me improve!

02/10/2011 2 comments
Categories: Uncategorized

Protecting your services with a simple fuse..

Michael Nygard, in his book Release It! Design and Deploy Production-Ready Software describes a pattern he called Circuit Breaker. It is based on the idea of fuses, that is, anything that may be dangerous should be put around a safe structure, that may disable the operation requests if it has any chance to do any harm to the application itself or others. It is best described through the image (click to enlarge):

The Circuit breaker pattern, as described by Michael Nygard

The flow is like that: the dangerous operation has the fuse as a shell. The first state, “closed fuse”, has a counter of failed invocations and a threshold. When the client produces an invocation, it allows the invocation to pass through. If the call succeeds, then resets the counter. If it fails, increment the counter. If the counter reaches the threshold, it disables the fuse, going to the “open fuse” state. This state has a variable that represents an ammount of time and another one representing the moment in time when it has become the active state. Any call to the dangerous operation in this state will cause it to fail without even invoking the operation. When it is in this state for the amount of time specified in the variable, it decides that the call deserves another chance. So the invocation goes to the “half open fuse”. This state tries to invoke the operation again. If it fails, go to the open state again, resetting the timer. If it succeeds, go to the closed state again, resetting the counter of failed invocations.

OK, nice pattern, but what does it have to do with SOA?

The magic in this pattern (and the whole book) is that it brings light to subjects that most developers don┬┤t give enough attention. One of these subjects is that you cannot rely on the network. Final. I have never seen any thrustable network (and I believe you haven┬┤t, too!), so, as long as SOA is a kind of distributed architecture that relies on the network and we cannot rely on the network, so we can┬┤t rely on services either! So, as long as services are unthrustable, we can apply this pattern, to:

  • Ensure that we won┬┤t get stuck waiting for services that might never return;
  • Ensure that, if the server that is holding the web service is drowning from lots of invocations, at least we are not the ones that are gonna disable it for good;
  • And many many other good reasons to do so. Read the book ­čśë

As Michael himself doesn┬┤t give any hints on the implementation of such a pattern, I decided to implement it, and you can download it from the downloads section. It is very simple, as it doesn┬┤t allow only web services to be invoked via the pattern, but any other kind of dangerous operation too. You can modify the code the way you want to achieve your desire. My hint is that, allied to stuff like AOP and interceptors in general, you may do it the ultimate solution to never, ever have this kind of problem again.


Quick Post: Integrating Spring and Jersey

02/02/2011 2 comments

When: When you need Spring to manage Jersey┬┤s libraries, but still want to be free to develop your services using JAX-RS.

When not: If your team does not know REST, maybe it┬┤s not a good idea to use it in development, because REST has its own culture – Uniform Interfaces, Hypermedia, the concept of Resource-Oriented, etc.


package com.alesaudate.domain;

import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.MappedSuperclass;
import javax.persistence.Version;

import org.hibernate.validator.ClassValidator;
import org.hibernate.validator.InvalidValue;

public abstract class BaseEntity {
	private Long id;
	private Long version;

	public Long getId() {
		return id;

	public void setId(Long id) { = id;

	public Long getVersion() {
		return version;

	public void setVersion(Long version) {
		this.version = version;
	Validation code, that is valid for all subclasses.
	public void validate () throws ValidationException {
		ClassValidator validator = new ClassValidator(getClass());		
		InvalidValue[] invalidValues = validator.getInvalidValues(this);
		if (invalidValues != null && invalidValues.length > 0) {
			throw new ValidationException(buildValidationExceptionMessage(invalidValues));
	public String buildValidationExceptionMessage (InvalidValue[] invalidValues) {
		StringBuilder builder = new StringBuilder();
		for (InvalidValue value : invalidValues) {
		return builder.toString();


import java.util.ArrayList;
import java.util.List;


import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.orm.hibernate3.HibernateTemplate;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Transactional;

import com.alesaudate.domain.BaseEntity;
import com.alesaudate.domain.InvalidStateException;
import com.alesaudate.domain.Person;

public abstract class BaseService<T extends BaseEntity> {
	private HibernateTemplate hibernateTemplate;
	public T createOnDatabase (T entity) throws InvalidStateException {
		return entity;
	@Produces({MediaType.TEXT_XML, MediaType.APPLICATION_XML})
	public T create (T entity) throws InvalidStateException {
		return createOnDatabase(entity);
	public T updateOnDatabase (T entity) throws InvalidStateException {
		return entity;
	@Produces({MediaType.TEXT_XML, MediaType.APPLICATION_XML})
	public T update (T entity) throws InvalidStateException  {
		return updateOnDatabase(entity);
	public T findOnDatabase (Long id) {
		DetachedCriteria criteria = DetachedCriteria.forClass(getManagedClass()).add(Restrictions.eq("id", id));
		List entities = getHibernateTemplate().findByCriteria(criteria);
		if (entities.isEmpty()) 
			return null;
		return (T)entities.get(0);
	@Produces({MediaType.TEXT_XML, MediaType.APPLICATION_XML})
	public T find (@PathParam("id")Long id) {
		T entity = findOnDatabase(id);
		return entity;
	public List<T > findAllFromDatabase () {
		DetachedCriteria criteria = DetachedCriteria.forClass(getManagedClass());
		List<T> all = getHibernateTemplate().findByCriteria(criteria);
		return all;
	@Produces({MediaType.TEXT_XML, MediaType.APPLICATION_XML})	
	public List<T> findAll() {
		return findAllFromDatabase();
	public void deleteFromDatabase (T toDelete) {

	@Produces({MediaType.TEXT_XML, MediaType.APPLICATION_XML})
	public void delete (T toDelete) {
	public abstract Class<? extends BaseEntity> getManagedClass();
	public abstract void loadEntity (T data);
	public abstract void loadList (java.util.Collection<T> data);
	public void setHibernateTemplate(HibernateTemplate hibernateTemplate) {
		this.hibernateTemplate = hibernateTemplate;
	public HibernateTemplate getHibernateTemplate() {
		return hibernateTemplate;



import java.util.Collection;


import org.hibernate.criterion.DetachedCriteria;
import org.hibernate.criterion.Restrictions;
import org.springframework.stereotype.Component;
import org.springframework.transaction.annotation.Propagation;
import org.springframework.transaction.annotation.Transactional;

import com.alesaudate.domain.Address;
import com.alesaudate.domain.BaseEntity;
import com.alesaudate.domain.Person;

public class PersonService extends BaseService<Person>{

	public Class<? extends BaseEntity> getManagedClass() {
		return Person.class;

	public void loadEntity(Person data) {
		//Load addresses

	public void loadList(Collection<Person> data) {
		for (Person p : data) {			
			getHibernateTemplate().find("select p.addresses from Person p");
			for (Address address : p.getAddresses()) {



<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns=""


	<context:component-scan base-package="" />

<!-- Other bean definitions... -->		



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="" xmlns="" xmlns:web="" xsi:schemaLocation="" id="WebApp_ID" version="2.5">


 	<servlet-name>Jersey Servlet</servlet-name>
 	<servlet-name>Jersey Servlet</servlet-name>


How to develop a standalone SSL web service

12/08/2010 14 comments

How to develop a standalone SSL web service

Hi! Today, I┬┤m gonna show you how to develop a simple SSL web service. Please note that this is not a “enterprise” way of developing a secure web service, but this may be very useful for testing purposes.


To develop this service, you need to use a Sun/Oracle JVM (I tested with 1.6 VM, but should work with 1.5, too). This is not gonna work in any other kind of VM. Also, you need to have JAX-WS in your classpath.

The code

The code begins with the development of the web service itself. I used a standard JAX-WS service as an example, so my service looks like this:

public class SOAPService {

	public String test() {
		return "Hello, SSL world!";

Next, we may use Java┬┤s Endpoint class to create our object as an web service. The code is like

Endpoint endpoint = Endpoint.create(new SOAPService());

At this point, you need to create the server, and to create the server, you need a .jks (Java Keystore) file. You may create this file using JDK┬┤s (or JRE┬┤s) tooling, but I prefer using a GUI to do so. Personally, I like Lazgo┬┤s KeyStore Explorer (available here). I won┬┤t get in details here on how to create the JKS file; if you don┬┤t know how to do it, you may want to have a look here.

Note: be aware that the CN attribute of your certificate must be equal to your host┬┤s name!

After creating the JKS file, we are ready to create our HTTPS server. I won┬┤t explain this code very much, as it should be pretty self-explanatory:

public static void main(String[] args) throws Exception {
		Endpoint endpoint = Endpoint.create(new SOAPService());
		SSLContext ssl =  SSLContext.getInstance("SSLv3");
		KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm()); 
		KeyStore store = KeyStore.getInstance(KeyStore.getDefaultType());

		//Load the JKS file (located, in this case, at D:\keystore.jks, with password 'test'
		store.load(new FileInputStream("D:\\keystore.jks"), "test".toCharArray()); 

		//init the key store, along with the password 'test'
		kmf.init(store, "test".toCharArray());
		KeyManager[] keyManagers = new KeyManager[1];
		keyManagers = kmf.getKeyManagers();

		//Init the trust manager factory
		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

		//It will reference the same key store as the key managers
		TrustManager[] trustManagers = tmf.getTrustManagers();
		ssl.init(keyManagers, trustManagers, new SecureRandom());

		//Init a configuration with our SSL context
		HttpsConfigurator configurator = new HttpsConfigurator(ssl);

		//Create a server on localhost, port 443 (https port)
		HttpsServer httpsServer = HttpsServer.create(new InetSocketAddress("localhost", 443), 443);
		//Create a context so our service will be available under this context
		HttpContext context = httpsServer.createContext("/test");

		//Finally, use the created context to publish the service


And voilà! That should be enough to your service be available under SSL. With this code, the wsdl of the service should be available under https://localhost:443/test?wsdl.

Please note that, at the time that I developed this service, I had some trouble with the generated WSDL, specifically with the port address and references to schema files. A reasonable work around for this problem (if you have it too) is to download the files (WSDL, schemas, and so on) and fix it by hand.

See ya!