Using ServiceMix to proxy a SOAP API that requires reading and writing HTTP headers for authentication

[Mariusz Brylant <mb...@gmail.com>]

Hi,

I'm very very new to ServiceMix and I need your help to figure out if  
what I'm trying to achieve is possible at all.

On out project we are using Intalio|BPMS (effectively Apache ODE but  
bundled with an Eclipse based Intalio Designer and a couple of other  
goodies).

One of the systems that we will have to "orchestrate" provides SOAP/ 
HTTP APIs, however these APIs use a non-standard authentication scheme  
that renders them unusable directly from within Intalio|BPMS, that is  
before you can call any "business" service you first have to invoke a  
Login service which provides you with the session token and later you  
have to use this token to authenticate in any subsequent calls...  
well, that would not necessarily be so bad, if that was described in  
the WSDL, however this API expects this token to be passed through...  
hmm... HTTP header.

There are a number of reasons why we cannot modify this behavior and  
we need to stick to what we have, but at the same time we need to find  
a way of working around this "feature".

Now, we have few to options here:
- either we build a properly annotated POJOs which would proxy this  
behavior so that instead of the HTTP header BPEL engine would be  
exchanging this token as part of the SOAP paylod,
- or - prefered one - I hope we could deploy some sort of the magic on  
ServiceMix that would allow us to expose a proxy service that would in  
turn convert from SOAP paylod into HTTP header and invoke this ugly API.

I've been RTFM-ing for a while (http://servicemix.apache.org/servicemix-http-new-endpoints.html 
) but I'm too much a newbie to the ServiceMix to make any sense out of  
it and thus validate my idea. My gut feeling is that we would have to  
engage a custom HTTP marshaler for a consumer of this ugly API to do  
the job of reading and writing HTTP headers and possibly some sort of  
EIP to create a flow between a proxy and a consumer.

If this is possible at all, I would highly appreciate some concrete  
examples.

And BTW, I'm more of the analyst than a developer - it was a very long  
time ago when I have written my last working line of code ;) - so  
please be understanding if I confused things here.

No need to say that as with all the projects around the Globe (and  
possibly beyond) this is very urgent :)

Anyway, looking forward to responses from you guys.

/Mario

pozdrawiam / best regards
vriendelijke groeten / bien à vous / cordialmente / a mais melhor  
consideração / bester respekt / distinti saluti / с  
наилучшими пожеланиями / 此致敬意 /  
Μεφιλικούςχαιρετισμούς / よろしく / 안부를  
전하며 / أفضل التّحيّات

Mariusz Brylant, PMP
MediaSmiths
Mobile: +447590439740
Email: mariusz.brylant@mediasmiths.com

"Try not to become a man of success but rather to become a man of  
value."
- Albert Einstein

Re: Using ServiceMix to proxy a SOAP API that requires reading and writing HTTP headers for authentication

[Gert Vanthienen <ge...@gmail.com>]

Mariusz Brylant,


Well, first of all, I would define a provider endpoint for the
Authentication service, so you can invoke it from within the ESB.  You
can use the ServiceMix client API to invoke the service from within
your marshaler afterwards (cfr.
http://servicemix.apache.org/client-api.html).

Now, you can implement your marshaler by extending the
DefaultHttpProviderMarshaler class and overriding the createRequest()
method.  Just let the method do its work as usual and afterwards
invoke you authentication service and add the header to the
SmxHttpExchange object.  The endpoint will then perform the HTTP
request based on the information in that object, making sure that the
required header is sent along.

With this solution, all the 'wackiness' of the external service is
hidden inside the endpoint.  You just configure the marshaler on the
endpoint and the BPEL bits don't even have to know about it.  They
just send the payload to the endpoint as usual and it will take care
of things.


Regards,

Gert Vanthienen
------------------------
Open Source SOA: http://fusesource.com
Blog: http://gertvanthienen.blogspot.com/



2009/5/26 Mariusz Brylant <mb...@gmail.com>:
> Hi,
>
> I'm very very new to ServiceMix and I need your help to figure out if what
> I'm trying to achieve is possible at all.
>
> On out project we are using Intalio|BPMS (effectively Apache ODE but bundled
> with an Eclipse based Intalio Designer and a couple of other goodies).
>
> One of the systems that we will have to "orchestrate" provides SOAP/HTTP
> APIs, however these APIs use a non-standard authentication scheme that
> renders them unusable directly from within Intalio|BPMS, that is before you
> can call any "business" service you first have to invoke a Login service
> which provides you with the session token and later you have to use this
> token to authenticate in any subsequent calls... well, that would not
> necessarily be so bad, if that was described in the WSDL, however this API
> expects this token to be passed through... hmm... HTTP header.
>
> There are a number of reasons why we cannot modify this behavior and we need
> to stick to what we have, but at the same time we need to find a way of
> working around this "feature".
>
> Now, we have few to options here:
> - either we build a properly annotated POJOs which would proxy this behavior
> so that instead of the HTTP header BPEL engine would be exchanging this
> token as part of the SOAP paylod,
> - or - prefered one - I hope we could deploy some sort of the magic on
> ServiceMix that would allow us to expose a proxy service that would in turn
> convert from SOAP paylod into HTTP header and invoke this ugly API.
>
> I've been RTFM-ing for a while
> (http://servicemix.apache.org/servicemix-http-new-endpoints.html) but I'm
> too much a newbie to the ServiceMix to make any sense out of it and thus
> validate my idea. My gut feeling is that we would have to engage a custom
> HTTP marshaler for a consumer of this ugly API to do the job of reading and
> writing HTTP headers and possibly some sort of EIP to create a flow between
> a proxy and a consumer.
>
> If this is possible at all, I would highly appreciate some concrete
> examples.
>
> And BTW, I'm more of the analyst than a developer - it was a very long time
> ago when I have written my last working line of code ;) - so please be
> understanding if I confused things here.
>
> No need to say that as with all the projects around the Globe (and possibly
> beyond) this is very urgent :)
>
> Anyway, looking forward to responses from you guys.
>
> /Mario
>
> pozdrawiam / best regards
> vriendelijke groeten / bien à vous / cordialmente / a mais melhor
> consideração / bester respekt / distinti saluti / с наилучшими пожеланиями /
> 此致敬意 / Μεφιλικούςχαιρετισμούς / よろしく / 안부를 전하며 / أفضل التّحيّات
>
> Mariusz Brylant, PMP
> MediaSmiths
> Mobile: +447590439740
> Email: mariusz.brylant@mediasmiths.com
>
> "Try not to become a man of success but rather to become a man of value."
> - Albert Einstein
>
>