netzooid

Thomas just announced that JBoss has been working on making their WS layer pluggable. In addition to supporting the native JBossWS framework, CXF and Metro (the project formerly know as the JAX-WS RI + Tango) integration code will be added for the 2.1.0 release as well. Among other things, this should help make it easier for CXF/Metro users to deploy services and create EJB backed web services inside JBoss.

I’m very happy to see this. Its not uncommon for me to visit a customer who is mixing different stacks together. Its part of the promise of open source, you can pick the best technologies (dare I use the marketing term - best of breed), and integrate them together.

Its great to see JBoss/RedHat support this approach.

<horn-tooting>

Coincidentally, why might you want to use CXF within JBoss [1][2]?

• Spring integration - we have lots of lovely support for the Spring 2.0 syntax. Its trivial to make a Spring bean a web service. Just write a <jaxws:endpoint … /> snippet and you’re done It equally trivial to inject a WS client into your application.
• JAX-WS frontend - Use the standard JAX-WS APIs to build your services via annotations
• Simple frontend - CXF supports the building of services with no annotations needed through the simple frontend. It works well in conjunction with the Aegis databinding, which can generate schemas from just about anything - including Map<Foo, Bar> constructs (maybe someday JAXB will support that).
• RESTful services via annotations
• WS-* support - including Addressing, Policy, Security, and ReliableMessaging
• The ability to work with non-XML data like JSON
• Maven Plugins

</horn-tooting>
1. Important: this is not to imply that the JBossWS Native or Metro does not have any particular one of these features, I just think it is this combination that makes CXF unique.

2. Disclaimer: The JBossWS code is an ongoing effort and the CXF code still isn’t quite ready yet AFAIK. I would encourage you to get involved though if this interests you. Also, CXF can still be run standalone inside JBoss in the mean time - many users do that already.

Most web service frameworks provide some way for you to intercept and work with the raw messages that it receives. In JAX-WS this comes in the form of Handlers. Through these handlers you can either work with the raw protocol message (i.e. the XML DOM) or the logicial message (i.e. the databound objects).

In CXF, this comes in the form of Interceptors. Nearly all CXF functionality is built on interceptors. When a transport receives a message, it does as little work as possible, creates a Message object, and then sends that Message off through an InterceptorChain.

One of the things that I think is unique about CXF’s Interceptor support is its ability to make working with low level I/O streams and non XML formats easy for the developer. I want to explore that momentarily and show how you can easily create a GZip Interceptor.

An Interceptor in it’s rawest form is simply a handleMessage() method. There are some other support methods, but we can focus on just the important stuff by extending AbstractPhaseInterceptor:

public class MyInterceptor extends AbstractInterceptor {
 public MyInterceptor() {
  super(Phase.USER_STREAM);
 }
 public void handleMessage(Message message) throws Fault {
  System.out.println("Hello World!");
 }
}

When an endpoint receives a message, this interceptor will run in the USER_STREAM phase and print out “Hello World.” Now how do we work with the low level InputStream?

InputStream stream = message.getContent(InputStream.class);
GZIPInputStream gzip = new GZIPInputStream(stream);
message.setContent(InputStream.class, gzip);

The CXF Message stores multiple content formats which you can easily access via the “T getContent(Class<T> type)” API. An InputStream is one. XMLStreamReader, List
<Object>, SAAJMessage.class, etc are all other possibilities at well. Its perfectly valid for their to be multiple valid formats at once. For instance, we can have both an XML document and a List of databound objects at late points in the chain.

In the final line of the above example, we can replace the InputStream that was set by the transport with our new GZIPInputStream. Its all pretty simple. So whats the big deal?

Well most web service frameworks (including XFire), only provide an XML document to their message processing engine. In CXF, ALL the binding specific details, including transport level details like recognizing attachments and finding the most appropriate data format, are handled in Interceptors. This ultimately makes the transports much cleaner and more flexible. You don’t need a SOAP specific HTTP transport or a RESTful HTTP specific transport. You just have an HTTP transport and all the protocol details get handled by the Interceptors supplied by the bindings.

It also makes several things possible which weren’t before with XFire. One of these things is working with non-XML data. Another important use case is message routing. Since CXF is just a generic message handling framework, you can route based on some criteria (i.e. SOAP or HTTP headers) and copy the message to its destination without parsing the whole thing.

P.S. CXF 2.0 final is being voted on now… Hopefully we’ll have an announcement soon!

The Apache Geronimo team just announced that they’re JEE certified as of today with their 2.0-M6-RC1 release. This is especially good news from a CXF point of view as Geronimo used CXF for JAX-WS certification!

A big congratulations to everyone on the Geronimo and CXF teams. Some people that deserve an especially large thanks for helping certify CXF inside G include Dan Kulp, Jarek Gawor, Jeff Genender, Jervis Liu,  Jim Ma, and I’m sure many others as well. (I’m pretty sure that I’ll be permanently remembered as the guy who kept breaking the Geronimo build in an effort to add some of the missing features, so I’m lucky these people are still talking to me ;-)).

I’m happy to announce that the first version of Navigating WS-* is now available. It expands on my ApacheCon EU presentation about WS-* and tries to answer some of the following questions:

• What standards should I be aware of, which ones should I consider using, and what do they offer me?
• How do these specifications work and how can they be composed?
• What platforms and tools interoperate with particular standards?
• Where are these standards going in the future?

We’ll be distributing copies at our JavaOne booth this year, so if you’re around, come pick one up and say hi!

No doubt there are some errors, unclear sections, etc in my writing. If you have feedback I would love to hear it. Leave a comment here or send along an email to dan AT envoisolutions dot com. There is definitely still more to cover and I should be updating the document in the future - as well as producing an HTML and/or wiki version (*mutters something about Word HTML generation*).

Stephan just recently wrote in to say that my XFire Web Services talk is no on Parleys, which is where all the Javapolis and Bejug videos are hosted. In it I talk about XFire, some tips for building good web services, and give a little intro into CXF.

Its a pretty cool site in general. One of the talks on there that I really enjoyed at Javapolis was Guy Pardon’s talk on WS-AtomicTransactions, BusinessActivity, and Coordination. Not being a transactions wonk, it clarified how everything was supposed to fit together.

I’m very happy to announce that the CXF team has produced a 2.0 release candiate! This release has some real quality stuff in it:

• A JAX-WS implementation - although we aren’t quite TCK compliant yet.
• Built in support for WS-Addressing, WS-Policy, WS-RM, and WS-Security
• Really good Spring 2.0 integration
• Support for building web services from POJOs - i.e. no annotations
• HTTP, JMS, and local (in-JVM) transports
• RESTful services support - including JSON services

If you’re currently an XFire user, I would suggest you take a look. I think there is a lot to benefit from:

• Improved WSDL support
• Improved JAX-WS support
• Improved JMS transport
• Maven plugins
• Spring 2.0 syntax support
• Improved WS-* support
• Cleaned up APIs for building services
• Easier to use extension points
• RESTful support
• Support for a “bare” XML binding, which doesn’t include a SOAP envelope

Most XFire services that you have written should be compatabile out of the box with CXF. You will however have to change your deployment code or xml configuration to take advantage of the improved APIs and improved XML format. See the XFire migration guide for some more details.

There has been a question or two about why we are announcing a release candidate as people don’t often announce RCs. There are a couple reasons. First, we’re attempting to finish the JAX-WS TCK testing before we release 2.0 final - although that may wait until 2.0.1. So we wanted to give people a release to use in the meantime. Second, while we’ve had many users testing CXF, we’re sure there are a few bugs out there yet (people have already pointed out a couple which we’re working on fixing). We’d like to throw the release out to the wider community to run through the gauntlet before we declare 2.0 final.

Stefan Tilkov writes today:

The SOAP/WSDL/WS-* SOA view of the world is like a statically typed programming language, i.e. C++ or Java — everything is pre-defined, contracts govern everything, nobody can interact without following formal rules … and ideally, everything violating the rules (and policies) will get caught before even going into production.

RESTful HTTP is like a dynamic programming language (i.e. Smalltalk, Ruby, Python, etc.) — you’ll only find out at runtime whether things actually work together, and might well run into errors that would have been caught by a rigorous (and strict) rule-checking process up front; but on the other hand, you have a much more dynamic system, where you can add and remove and change stuff on the fly, and even have some means to react to errors dynamically.

While that may be how things are currently, I don’t know that SOAP and WS-* necessarily implies such an approach (although WSDL may), nor do I think that RESTful services preclude a more static approach.

For instance, I can send messages over a JAX-WS Provider/Dispatch instances without any typing at all. Also, WS standards like WS-Security, WS-RM, etc are supposed to operate in a transparent way, so they shouldn’t affect how you build your service and the amount of “typing” needed. Just like SSL is transparent with HTTP, so these should theoretically be transparent. We also have people like Arjen arguing for a more dynamic approach (I really need to follow on that post too!).

On the other hand we have things like WADL which are bring a more contract oriented approach to RESTful services. The thing that does seem more dynamic about RESTful services is it’s linkability. Where as WSDL based services have operations which are very static, a RESTful data model will provide links for me to navigate. However, I still need to understand the various content-types and data structures. We can exchange these via a contract, put it in documentation, or let the user figure it out for themselves.

I’m just finishing my stay here in Amsterdam where ApacheCon EU was hosted. It was a good conference, and like most ApacheCons, thats because of the people here.

I gave two talks this week. The first was Secure, scalable and reliable RESTful services. Its always fun to talk about REST at ApacheCon, because the members/committers are the definitely experts in the area and everyone has an opinion to voice :-). It was a good time though, and hopefully it was informative for some of the non HTTPD committers in the room!

The second was Navigating WS-(death?)*. It wasn’t so much WS-* bashing as trying to help people understand why these specifications sprang into existinence (it all flows from the concept of a transport neutral, message oriented system), how they work, who interoperates with the various standards and if they should consider using them. I focused mainly on WS-Addressing, WS-ReliableMessaging, WS-Policy, and WS-SX*.

I’m off to home tonight, and then off to JavaOne on Sunday. See you all there!

At Dim’s suggestion, I’d like to spend a few moments going over one of the underlying components of our policy framework in CXF - Apache Neethi.

Neethi provides an object model for working with Policy expressions. In some sense its the WSDL4J equivalent in the policy world. It provides a common model for both 1.2 and 1.5 policy expressions. For instance, here is a snippet which creates a Policy which says that MTOM is optional:

Policy policy = new Policy();
ExactlyOne exactlyOne = new ExactlyOne();
All all1 = new All();
Assertion a = new PrimitiveAssertion(
new QName("http://schemas.xmlsoap.org/ws/2004/09/policy/optimizedmimeserialization",
"OptimizedMimeSerialization"));
all1.addPolicyComponent(a);
exactlyOne.addPolicyComponent(all1);
exactlyOne.addPolicyComponent(new All());


ExactlyOne and All are policy components which contain other components. ExactlyOne states that ONE of it’s policy components MUST be matched for a particular message/invocation. An All component states that ALL of it’s policy components MUST be matched for a particular message/invocation.

The first policy component that we set up here (all1) contains an MTOM Policy Assertion. The Assertion class represents this, provides Neethi with the assertion QName, and is able to normalize/serialize itself. The PrimitiveAssertion class is an implementation of the Assertion interface which resides in CXF. Its a very simple class which just creates an assertion around a particular QName. In essence, it just represents the XML <mtom:OptimizedMimeSerialization>.

The second policy component is an All with no assertions. Since both of the Alls reside in the ExactlyOne, the net effect is a Policy which says that MTOM is optional:

<Policy>
<ExactlyOne>
<All>
<mtom:OptimizedMimeSerialization/>
</All>
<All/>
</ExactlyOne>
</Policy>


This seems rather verbose, and it is. Luckily there is a way to shorten this:

<wsp:Policy>
<mtom:OptimizedMimeSerialization wsp:Optional="true"/>
</wsp:Policy>

And this leads us to the concept of normalization. The first Policy snippet is a normalized version of the second one. Whenever an Optional=”true” attribute is encountered that means that the particular policy assertion that is optional can be transformed into two <All>s in an <ExactlyOne>. While its more verbose, its a bit more machine friendly when you’re trying to look through and figure out if any of the Policies were met.

Neethi also includes an AssertionBuilder class which builds these assertions from AXIOM elements. As we’re trying to reduce the amount of dependencies needed for CXF, we opted to create our own version of the AssertionBuilder class which uses DOM elements instead. We have a few implementations of the AssertionBuilder floating around, but one of the most interesting is probably the JaxbAssertionBuilder. This builder can build an assertion from a JAXB object. This makes it trivial to add new assertions. Just write your schema, generate your JAXB beans, and tell CXF to look for the new assertion builder.

All in all, I’m pretty pleased with the model Neethi has given us. If I could change one thing though, I would separate out the AXIOM dependant interfaces into a separate package. And similarly with the DOM implementations that we’ve written. However at this point (post 2.0 release), I don’t think its really possible so I haven’t brought it up.

As we near our CXF 2.0-RC release (we’re cutting it today hopefully!), I want to spend a bit more time on my blog talking about CXF, some of the unique things I think we’ve done, and why you should consider it for your projects. Consider this part 1 of n :-).

In CXF we’ve taken the philosophy that we want to leverage the containers and appservers that are out there. Our primary container that we support is Spring. We can also run without Spring, but then you miss out on some of the features.

One of the big new things in Spring 2 is its support for custom XML snippets, meaning we can mix and match any XML types inside a spring config. We’ve added support for configuring clients and servers via this mechanism. Here’s an example of what configuring a JAX-WS endpoint looks like:

<jaxws:endpoint id="helloWorld" class="com.acme.HelloWorld" addressing="http://localhost/helloworld"/>


We expanded this functionality to support various “features” which you can plugin to your service. Features are simply classes which can customize your Server/Client at load time. For instance, I wrote a simple logging feature:

<jaxws:endpoint id="helloWorld" class="com.acme.HelloWorld" addressing="http://localhost/helloworld">
<jaxws:features>
<bean class="org.apache.cxf.feature.LoggingFeature"/>
</jaxws:features>
</jaxws:endpoint>

Notice that you can easily mix & match the Spring syntax and our own jaxws:endpoint syntax. This helps the user as they can leverage the Spring syntax they already know. It also helps developers as it makes creating extensions pretty easy - no XML parsing needed and no schemas need to be written.

CXF and WS-Policy
Before we continue, I’d like to explain a little bit about CXF supports WS-Policy. With WS-Policy I can assert various policies on my service - like that it needs to be using WS-Addressing or it should be using WS-ReliableMessaging. Within CXF there are two things associated with each type of assertion - an AssertionBuilder and a PolicyInterceptorProvider. The AssertionBuilder is responsible for building Assertions classes from XML. The Assertion class is from the Apache Neethi project which provides us with a nice API for working with WS-Policy.

The PolicyInterceptorProvider is where the magic comes in. It allows you to supply interceptors to the CXF message processing chain for whenver your policy is active. For instance, say you are writing support for the <UsingAddressing/> assertion. Then you can have a PolicyInterceptorProvider which provides WS-Addressing Interceptors which get added dynamically to the chain if the policy is active. This means you only have to configure WS-Policy - you don’t have to also configure your service’s interceptors for WS-Addressing.

Bringing together WS-Policy and Spring

The above lays a foundation for simple configuration via WS-Policy. All that you need to do is simply write an assertion for your service and it will get configured correctly (that is, the assertion’s interceptors will be added to interceptor chain).

This merges really well with the Feature framework. We wrote a WSPolicyFeature which understands <Policy> documents embedded inside your <jaxws:endpoint> definition.

<jaxws:endpoint id="helloWorld" class="com.acme.HelloWorld" addressing="http://localhost/helloworld">
<jaxws:features>
<wsp:Policy xmlns:wsp="http://www.w3.org/2006/07/ws-policy"
xmlns:wsam="http://www.w3.org/2007/01/addressing/metadata">
<wsam:Addressing>
<wsp:Policy />
</wsam:Addressing>
</wsp:Policy>
</jaxws:features>
</jaxws:endpoint>

Since this is still Spring, the <Policy> element becomes a WSPolicyFeature Spring bean which you can reference anywhere else inside your code. We simply use the Id attribute on the Policy. This makes it very easy to share Policy configurations across endpoints inside a spring file:

<jaxws:endpoint id="helloWorld" class="com.acme.HelloWorld" addressing="http://localhost/helloworld">
<jaxws:features>
<ref bean="AddressingPolicy"/>
</jaxws:features>
</jaxws:endpoint>

<wsp:Policy wsu:Id="AddressingPolicy"
xmlns:wsp="http://www.w3.org/2006/07/ws-policy"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsam="http://www.w3.org/2007/01/addressing/metadata">
<wsam:Addressing>
<wsp:Policy />
</wsam:Addressing>
</wsp:Policy>

You can of course do policy attachments and what not as well, but I’m just focusing on the Spring part of things for now.

More Spring Configuration Coolness
One of the other cool things about this is that we can also apply this configuration to an Endpoint I’ve created via the API through Spring’s AOP mechanisms. For instance, when you create a JAX-WS Endpoint, interally CXF calls into Spring and configures your Endpoint. It finds the appropriate <endpoint> definition using the service’s name. Here’s a sample of a configuration that could be applied to your service:

<jaxws:endpoint id="{http://my.service.namespace}ServicePort" createdFromAPI="true">
<jaxws:features>...</jaxws:features>
</jaxws:endpoint>


Closing Thoughts
All in all, this makes me much more likely to use WS-Policy than I ever thought I would be predisposed to before. I don’t have to write extra XML files and WS-Policy automatically configures features like Addressing, RM, and soon MTOM as well. Much of the credit here goes to Andrea Smyth for doing the WS-Policy layer the AOP configuration stuff. It all looks very cool!