Oct 10

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document, now at rev 0.3.

To provide early access I intend to release revisions of this document as significant new sections become available.

Rev 0.1: Content
•    Assumptions and Notes
•    Person Service XML Schema and WSDL Interface
•    Common XML Project
•    PersonSvc BPEL Module
•    PersonCli BPEL Module
•    JBI-based Person Service – Plain End-to-End
•    JBI-based Person Service – SSL with Server-side Authentication

Rev 0.2: Additional Content
•    JBI-based Person Service – SSL with Mutual Authentication (broken)
•    EJB-based Person Service – No security
•    EJB-based Person Service – SSL with Server-side Authentication

Rev 0.3: Additional Content
•    EJB-based Person Service – SSL with Mutual Authentication
•    JBI-based Person Service – Exploring WS-Addressing

More in CH05_WSSecurityExploration_r0.3.pdf at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.3.2.pdf

Sep 18

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document, now at rev 0.2.

To provide early access I intend to release revisions of this document as significant new sections become available.

Revision 0.1: Content
* Assumptions and Notes
* Person Service XML Schema and WSDL Interface
* Common XML Project
* PersonSvc BPEL Module
* PersonCli BPEL Modules
* Person Service – Plain End-to-End
* Person Service – SSL with Server-side Authentication

Revision 0.2:Added Content
•    JBI-based Person Service – SSL with Mutual Authentication (broken)
•    EJB-based Person Service – No security
•    EJB-based Person Service – SSL with Server-side Authentication

More in CH05_WSSecurityExploration_r0.2.3.pdf at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.2.3.pdf.

Sep 16

As a healthcare enterprise looks after patients, information is gathered about various events that take place. Information about notable events, Admissions and Discharges, for example, is recorded in Hospital Information Systems or Patient Administration Systems. These systems typically broadcast event information in a form of HL7 messages for use by other enterprise systems, for example laboratory or diagnostic imaging. A stream of HL7 messages can be intercepted and processed to derive all sorts of interesting information.

The solution developed in this walkthrough deals with Excessive Length of Stay. Length of stay is defined as the period between patient’s admission to and discharge from the hospital. Statistical average expected length of stay is typically available for different kinds of patients presenting with different kinds of conditions. A significant variation from the average length of stay for specific patients may indicate complications, treatment errors, infections and other kinds of issues that the hospital needs to investigate. Notification of such incidents may help the hospital in addressing these issues and prevent future occurrences.

In this solution the Intelligent Event Processor is used to calculate the continuously updated average length of stay over a period of time and use it to compare against each event’s length of stay. It passes, to the downstream component, all events where the length of stay exceeds the average by 1 ½ times and ignores all others.

In the initial iteration, the solution reads a stream of discharge messages, containing admission date, discharge date, length of stay, and a bunch of other fields from a file and passes them to the IEP process. The IEP process keeps the window on the last 10 seconds worth of records and continuously calculates the average length of stay over all records in that window. As records are added to and removed from the window the average is recalculated. As each record is seen its length of stay is compared to the average length of stay of all records in the window at the time. If the length of stay in the current record is less then or equal to 1 ½ times the average at the same time the record is discarded. If the average is greater the record is ejected to the output and ultimately written to a file of exception records.

In a subsequent iteration the solution is modified to accept messages from a JMS Queue. This modification allows the solution to use the stream of discharge messages produced by the HL7 Processor solution, discussed in “HL7 Processor Demonstration – GlassFish ESB v2.1”, http://blogs.czapski.id.au/?p=23.

In a further modification the solution is configured to send notification messages to another JMS Queue. Notification messages are processed by a different solution and sent to an email recipient.

The document, “Excessive length of Stay Healthcare IEP Demonstration”, can be found at http://blogs.czapski.id.au/wp-content/uploads/2010/03/Combinned_Intelligent_Event_Processor_Demonstration_v1.0.pdf

The pre-built projects in the “Excessive length of Stay Healthcare IEP Demo Companion Archive” can be found at http://blogs.czapski.id.au/wp-content/uploads/2010/03/Healthcare_Demo_Combined_v1.0.zip

Sep 07

In this document I explore the effects of selected web services security policies on SOAP message exchange in the GlassFish ESB v2.1.

This is a work-in-progress document.

To provide early access I intend to release revisions of this document as significant new sections become available.

Revision 0.1: Content

  • Assumptions and Notes
  • Person Service XML Schema and WSDL Interface
  • Common XML Project
  • PersonSvc BPEL Module
  • PersonCli BPEL Modules
  • Person Service – Plain End-to-End
  • Person Service – SSL with Server-side Authentication

More in CH05_WSSecurityExploration_r0.1.pdf, at http://blogs.czapski.id.au/wp-content/uploads/2010/03/CH05_WSSecurityExploration_r0.1.pdf

Sep 04

This Note walks the reader through development of a GlassFish ESB v2.1based solution that addresses a Healthcare-related business problem. The Note elaborates on the healthcare background necessary to get a notion of what is being done and why, and provides detailed steps required to implement and exercise the solution to the business problem.

We will use the HL7 Binding Component, the File Binding Component, the JMS Binding Component, the SOAP/HTTP Binding Component, the BPEL 2.0 Service Engine, the JavaEE Service Engine, the HL7 Encoder and EJB-based Web Services in a JBI-based solution.

This note is an update, for GlassFish ESB v2.1, of the original note  “HL7 Processor Demonstration – Java CAPS 6/JBI and OpenESB”, to be found at http://blogs.czapski.id.au/wp-content/uploads/2010/03/00_HL7_Example_Development_Instructions_Final.pdf.

Updated note is available at http://blogs.czapski.id.au/wp-content/uploads/2010/03/00_HL7_Example_Development_Instructions_Final_1.1.2.pdf

Aug 05

This document discusses how the SOAP/HTTP Binding Component can be configured, in a service provider and in a service consumer, to use WS-Security 1.0 (2004) Username Token Profile support. WS-Security 1.0 (2004) provided support for the Username Token, which could be sent over the wire in the clear. This was insecure but Sun JAX-RPC libraries allowed this, since the standard allowed this. Through Project Metro release 1.4 it was impossibly to formulate a WS-Security policy that decorated a SOAP message with the Username Token headers, without requiring to also encrypt parts of the message. This prevented solutions built on top Metro 1.4, or earlier, from supporting cleartext Username Token. Metro 1.5 relaxed this requirement. The WS-Security policy configured using the GlassFish ESB NetBeans WS-Security wizard will be modified to require and provide a Plain text Username Token.

The document is here: 02_Configuring_HTTP_BC_for_WS-Security_UsernameToken.pdf

The companion archive containing all projects is here: WSSecPolicies_PersonUsernamePlain.zip

Aug 01

In this walkthrough I will add a Google Map showing a Route between patient’s home address location and the location of patient’s facility of record, as well as directions to follow along this route, to the Visual Web JSF Portlet developed in “Patient Lookup Visual Web JSF Portlet with a nicer looking Google Map”.

The walkthrough document is here: 02_PatienLookup_VWJSFPortletGooRoute.pdf

The comnpanion archive with NetBeans project artifacts is here: PatientLookupGooRouteVWJSFP.zip

Jul 31

The previous blog, walked through development and deployment of the Patient Lookup Portlet with a basic Google Map centered at the location identified by patient address, if any. It was a fairly basic Google Map, as Google maps go. In this document I will add a better looking Google Map to the Patient Lookup Portlet, explicitly using Google Maps APIs to construct the map.

The walkthrough is here: 02_PatienLookup_VWJSFPortletGooMapFancy.pdf

The companion archive, containing the NetBeans project, is here: PatientLookupGooMapBetterVWJSFP.zip

Jul 30

Every now and then there arises a need to carry out-of-band information alongside the business payload but without disturbing or modifying it. Message Envelope Pattern is the Enterprise Integration Pattern label that is typically applied to solutions that address this issue. How the issue is addressed in practice varies depending on the technology in use. For JMS, for example, JMS Message Properties could be used to carry out-of-band information while the payload would be carried as the JMS payload. Web Services, typically using SOAP over HTTP, can address this requirement through the SOAP Header Extension Mechanism, whereby custom headers can be added to the SOAP Header while the payload is carried in the SOAP Body.

This document discusses construction of a WSDL that supports custom SOAP Header element and BPEL processes that are used to set and get custom header values in JBI and in eInsight. This mechanism is known to work in Java CAPS 5.x, Java CAPS 6 Classic and OpenESB / GlassFish ESB.

It is assumed that the reader is sufficiently familiar with the GlassFish ESB / OpenESB BPEL Service Engine and the SOAP/HTTP Binding Component, and / or Java CAPS Classic eInsight Business Process Manager and eDesigner IDE to be able to build projects without a step-by-step pictorial document.

The document is available here: 01_Handling_SOAP_Headers_in_BPEL_.pdf
The companion archive, containing WSDLs and projects, is available here: 01_Handling_SOAP_Headers_in_BPEL.zip

While the method discussed in this entry is still valid there is now a different treatment of the topic, using NM Properties, “GlassFish ESB v2.x – Reading and Writing arbitrary SOAP Headers in BPEL 2.0 using NMProperties“.

Tagged with:
Jul 24

This document discusses how to implement support for WS-Security 1.0 (2004) in Java CAPS 6 Repository projects without resorting to SOAP Message Handlers. This is an update to my 3 year old Java CAPS 5.1 document on this topic, “Java CAPS 5.1, Implementing WS-Security 1.0 (2004) with JAX-RPC“. In this “release” Access Manager support for Username Token Profile has been removed. Feel free to add it if you need such support.

Java CAPS 6 Update 1 supports a mechanism for hooking SOAP envelope handlers into the Java CAPS Web Services framework so what I did and described in this document can now be done differently – perhaps better. I had a look at how to implement SOAP Message Handlers and it looked like work so I did not go there.

This material is provided on “all care but no responsibility” basis. Sun Java CAPS Support will not support this and neither will I. JAX-RPC from JWSDP 2.0, which is at the heart of the implementation, is deprecated and has long since been replaced by WSIT/JAX-WS/Tango.

Here is the document: Implementing_WS-Security_1.3_for_JavaCAPS6U1Repository.pdf
Here is the companion archive with all the required material: WSSecSampleProject_1.3_JCAPS6U1.zip

The WSSecurity.jar contains both the binary classes and the Java sources.

preload preload preload