SOA Policy Enforcement with JaxView

JaxView provides a number of options to provide enforcement of policies in the service-oriented environment. This includes options to provide an authentication enforcement for accessing service operations as well as enforcing daily service usage limits.

Service Request Authentication

There are two ways that JaxView can be used to authenticate Web service consumer clients. Both options require that JaxView be deployed as a service gateway/proxy server for the Web services that are being consumed. This means that all Web service requests and responses are routed through a JaxView management server or a cluster of load balanced JaxView servers. See the section JaxView Deployment Options for more information.

LDAP Authentication

For this option JaxView is configured to confirm user credentials included with Web service requests against a LDAP or Active Directory data store. This option assumes that the service clients are designed to collect and forward user name and password data as part of the service request messages and that the user data corresponds to that which is stored in the directory server.

The following is an outline of the steps you use to configure a JaxView gateway to perform client authentication:

1. Deploy JaxView as a services gateway or proxy. See the section JaxView Deployment Options for more information.
2. Add Service definitions to the Services object tree for the service endpoints for which client authentication will be required.
3. Gather the connection information for the Directory server that will be used for authentication.
4. In the JaxView Services view, select one of the Service nodes for a service that requires authentication.
5. Use the Service node action menu to Edit the service definition.
6. Expand the Security Policies sub panel and enter XPath expressions or regular expressions to match on the user name and password in the request messages.
7. Expand the LDAP/AD Authentication sub panel and check the Enable LDAP Authentication check box.
8. Complete the LDAP/AD Authentication sub panel form with the necessary information to connect to and query the directory data store. See the section Applying Policies to Services in JaxView for more information on LDAP authentication settings.
9. Save the settings
10. Use the service node action menu item Assign Policies to Services to replicate these policy setting to other service definition in the JaxView Services object tree.

JaxView will now enforce authentication for service requests on the services for the policy has been assigned and enabled.

JaxView Client List Authentication

This authentication option uses a simple client list native to JaxView.

1. Deploy JaxView as a services gateway or proxy. See the section JaxView Deployment Options for more information.
2. Add Service definitions to the Services object tree for the service endpoints for which client authentication will be required.
3. Gather user information for the users who are expected to access the target services and that will need authentication.
4. In the JaxView Admin tab, create a Client object for each user that will be allowed to access the services. See the Administration Options section for more information on how to configure JaxView client objects.
5. In the JaxView Services view, select one of the Service nodes for a service that requires authentication.
6. Use the Service node action menu to Edit the service definition.
7. Expand the Security Policies sub panel and check the Authenticate Client checkbox.
8. Enter XPath expressions or regular expressions to match on the user name and password in the request messages.
9. Complete the Security Policies sub panel form with the necessary information. See the section Applying Policies to Services in JaxView for more information on Security Policies settings.
10. Save the settings
11. Use the service node action menu item Assign Policies to Services to replicate these policy setting to other service definition in the JaxView Services object tree.

Message Encryption and Decryption

Message data security should be an essential part of service-oriented policies. Deployed as a service gateway or proxy, JaxView can decrypt XML request messages before passing them to a service endpoint JaxView can also encrypt XML response messages from services before forwarding them to the client. This can be useful in the case that the service application does not support encryption but the runtime governance policies require the use of encryption. JaxView uses the XML decryption and encryption standards for this function.

The following is an outline of the steps you use to configure a JaxView gateway to perform XML message decryption and encryption:

1. Deploy JaxView as a services gateway or proxy. See the section JaxView Deployment Options for more information.
2. Add Service definitions to the Services object tree for the service endpoints for which message decryption will be required.
3. In the JaxView Services view, select the Service node for a service that requires request message decryption.
4. Use the Service node action menu to Edit the service definition.
5. Expand the Security Policies sub panel and locate the Encryption/Decryption section.
6. To decrypt incoming service request messages, check the Decrypt Request check box.
7. To encrypt outgoing service response messages, check the Decrypt Request check box.
8. Save the settings
9. Use the service node action menu item Assign Policies to Services to replicate these policy setting to other service definition in the JaxView Services object tree.

Service Message Modification

With the evolving standards and development practices employed in SOA implementations, there may be situations where service clients and providers have incompatibilities. In case where the technology that is deployed can not be easily modified, it may be necessary to implement a form of middleware to modify request and response message content. Alternately, there may be policies in the organization that require messages from certain clients or endpoints to be modified before they are forwarded based on some criteria in the content of the message.

When deployed as a gateway or proxy, JaxView can perform middleware functions to integrate otherwise disparate systems. JaxView includes policy options for modifying request or response message content. The following outlines the steps to enable message modification using JaxView:

1. Deploy JaxView as a services gateway. See the section JaxView Deployment Options for more information.
2. Add Service definitions to the Services object tree for the service endpoints for which message decryption will be required.
3. In the JaxView Services view, select the Service node for a service that requires request message modification.
4. Use the Service node action menu to Edit the service definition.
5. Expand the Request/Response Modification Policies section.
   • To modify incoming service request messages, enter one or more XPath or regular expressions in the Request Modification Expressions text area. These expressions identify the portions or elements of the message to be modified. Enter corresponding substitution parameters in the Modify Request With text area, maintaining a one-to-one mapping between the substitution parameters and the expressions entered in the field above.
   • To modify outgoing service response messages, enter one or more XPath or regular expressions in the Response Modification Expressions text area. These expressions identify the portions or elements of the message to be modified. Enter corresponding substitution parameters in the Modify Response With text area, maintaining a one-to-one mapping between the substitution parameters and the expressions entered in the field above.
6. Save the settings
7. Use the service node action menu item Assign Policies to Services to replicate these policy setting to other service definition in the JaxView Services object tree.

Service Level Governance

Along with enforcement of security policies, supporting service level agreements is another important SOA runtime governance. JaxView provides tools to support monitoring for, reporting on, and enforcing service level agreements.

Service Usage Monitoring and SLA Reporting

When used as a service gateway or as a service monitoring application, JaxView can be used to monitor and report on service availability and client usage. This is an important tool for managing service level agreements. The following outlines how JaxView can be used for service level monitoring

1. Deploy JaxView as a services gateway or as a service monitoring application. See the section JaxView Deployment Options for more information.
2. Add Service definitions to the Services object tree for the service endpoints to be metered for the SLA.
3. Add Client Usage Rate monitors to the services.
4. Add Fault Percentage monitors to the services to monitor and report on what percentage of service requests generated faults.
5. Add active service Heartbeat monitors to confirm that the service is available for the required time periods regardless of load or usage.
6. Configure scheduled reports to for the services to be monitored.
7. Configure rules and alerts to notify operations staff when service levels are at risk of falling below required levels

Daily Service Usage Limits

When deployed as a service gateway or proxy, JaxView can be used to enforce service daily total request limits. You can set a total number of requests that can be made to a service and JaxView can reject messages when the daily service limit has been reached. The following describes the steps for setting daily message limits.

1. Deploy JaxView as a services gateway or proxy. See the section JaxView Deployment Options for more information.
2. Add Service definitions to the Services object tree for the service endpoints.
3. Determine what the total number of requests made to the service should be.
4. In the JaxView Services view, select the Service node for the service that should be usage limited.
5. Use the Service node action menu to Edit the service definition.
6. Expand the General Web Service Policies sub panel.
7. Enter the number of messages to be allowed to the service in the Service Daily Threshold field.
8. Save the settings.