{section}
{column}

{warning}This version must be installed on [Petals ESB 5.2.0|petalsesb520:Petals ESB 5.2.0]+{warning}

h1. Features

The SOAP component is a Binding Component (BC) which enables to interact with external SOAP Web Services and to expose JBI services as SOAP Web Services.

In provider role, when a JBI MessageExchange is sent to a ServiceEndpoint (mapped to a Web Service), it is transformed into a SOAP message and sent to the linked external Web Service. In consumer role, when a SOAP message is received on an exposed Web Service, it is transformed into a JBI MessageExchange and sent to the corresponding JBI ServiceEndpoint.

The SOAP component is based on Apache Axis2 v1.6.4 ([http://ws.apache.org/axis2/|http://ws.apache.org/axis2/]) and Eclipse Jetty v9.4.10.v20180503 ([http://www.eclipse.org/jetty/]). It provides the following features:
* Expose JBI Services as SOAP Web Services
* Expose SOAP Web Services as JBI Services
* Handle SOAP attachments (MTOM):
** the attachments of the incoming SOAP message are placed into the JBI message as attachments,
** the JBI attachments are placed in the outgoing SOAP message as attachments.

{info}
If you want more details about SOAP, you can consult this W3C specification: [http://www.w3.org/TR/soap/|http://www.w3.org/TR/soap/].

All attachment are processed by using XOP rules. (XML-binary Optimized Packaging: [http://www.w3.org/TR/xop10/])
{info}
{column}
{column:width=35%}
{panel:title=Table of contents}{toc:outline=true}{panel}
{panel:title=Contributors}{contributors:order=name|mode=list|showAnonymous=true|showCount=true|showLastTime=true}{panel}
{column}
{section}

h1. Provide a Web Service access in the ESB (SOAP over HTTP(S))

In provide mode, the component exposes an external Web Service in the JBI environment to send SOAP requests to the external Web Service.

{info}
The HTTPS configuration is located at the service-unit level to be able to use different certificates with different external webservices.
{info}

{warning}
Only JKS keystore and truststore are supported in the HTTPS mode.
Moreover, the key password and the keystore passwords have to be the same.
{warning}

h2. Usage

The SOAP component can expose an external Web Service as a JBI service endpoint by deploying a Service Unit on it:
\\
{center}
*Provides an external Web Service as a JBI service*
\\ !petals-bc-soap-x.x-provider..png|border=0,width=500,height=285!
{center}

When a message is received on a SOAP linked endpoint from the JBI environment, it is transformed into a SOAP message and sent to the Web Service. The address of the Web Service to send the SOAP message to is defined in the address extension of the deployed Service Unit.

The SOAP message is created like this:
* The JBI message payload is wrapped in the SOAP body
* The JBI message attachments are used to create SOAP ones
* The JBI message exchange operation is used to create the SOAP action
* The JBI MEP is used to determine the SOAP MEP

The external Web Service is called and the SOAP response is processed and returned to the JBI environment.

h2. Configuration

h3. Service Unit descriptor

An example of a Service Unit descriptor that provides a Web Service accessed over HTTP:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">

<jbi:provides
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<!-- CDK specific elements -->
<petalsCDK:timeout>1000</petalsCDK:timeout>
<petalsCDK:validate-wsdl>true</petalsCDK:validate-wsdl>
<petalsCDK:forward-security-subject>false</petalsCDK:forward-security-subject>
<petalsCDK:forward-message-properties>false</petalsCDK:forward-message-properties>
<petalsCDK:forward-attachments>false</petalsCDK:forward-attachments>
<petalsCDK:wsdl>IntegrationService.wsdl</petalsCDK:wsdl>

<!-- Component specific elements -->
<soap:address>http://localhost:8088/mockIntegrationServiceSOAP</soap:address>
<soap:soap-version>1.1</soap:soap-version>
<soap:chunked-mode>false</soap:chunked-mode>
<soap:mode>SOAP</soap:mode>
</jbi:provides>
</jbi:services>
</jbi:jbi>
{code}

An example of a Service Unit descriptor that provides a Web Service accessed over HTTPS:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">

<jbi:provides
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<!-- CDK specific elements -->
<petalsCDK:timeout>1000</petalsCDK:timeout>
<petalsCDK:validate-wsdl>true</petalsCDK:validate-wsdl>
<petalsCDK:forward-security-subject>false</petalsCDK:forward-security-subject>
<petalsCDK:forward-message-properties>false</petalsCDK:forward-message-properties>
<petalsCDK:forward-attachments>false</petalsCDK:forward-attachments>
<petalsCDK:wsdl>IntegrationService.wsdl</petalsCDK:wsdl>

<!-- Component specific elements -->
<soap:address>https://localhost:8088/mockIntegrationServiceSOAP</soap:address>
<soap:soap-version>1.1</soap:soap-version>
<soap:chunked-mode>false</soap:chunked-mode>
<soap:mode>SOAP</soap:mode>
<soap:https-truststore-file>../https/clientTruststore.jks</soap:https-truststore-file>
<soap:https-truststore-password>passwordClientTruststore</soap:https-truststore-password>
<soap:https-keystore-file>../https/clientKeystore.jks</soap:https-keystore-file>
<soap:https-keystore-password>passwordClientKeystore</soap:https-keystore-password>
</jbi:provides>
</jbi:services>
</jbi:jbi>
{code}

{include:0 CDK SU Provide Configuration 5.7.0}

{note}
When an HTTP connection is established with the external service provider, the connection timeout and the socket read timeout are defined with the value of the parameter '{{timeout}}'.
{note}

{center}{*}Configuration of a Service Unit to provide a service (SOAP)*{center}
{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}

|| Parameter || Description || Default || Required ||
| soap-version | The SOAP version used to create SOAP messages. \\
Possible values are 1.1 and 1.2. | 1.1 | Yes |
| address | Address of the external Web Service to send JBI messages to. This parameter supports place holders reloading | \- | Yes |
| chunked-mode | Activate the HTTP chunked mode on Web Service calls. \\
Possible values are: true, false. | false | Yes |
| mode | The mode to be used to send SOAP message to the specified address. \\
Possible values are: SOAP for basic Web Service calls, JSON for JSON service calls and REST for REST service calls. | SOAP | Yes |
| enable-compatibility-for | Enable the compatibility with a specified Web Service stack. \\
Possible values are: AXIS1 for Axis1 Web Service stack. \\ | \- | No |
| enable-wsa \\ | Enable the WSA-Addressing. Set the WSA headers in the outcoming SOAP messages. \\
Possible values are: true, false. | false \\ | No \\ |
| proxy-host | The proxy host name. \\
If it is not set, the proxy mode will be disabled and all others proxy parameters are ignored. | \- | No |
| proxy-port | The proxy host port | \- | No |
| proxy-user | The proxy user | \- | No |
| proxy-password | The proxy password | \- | No |
| proxy-domain | The proxy domain | \- | No |
| https-truststore-file \\ | The file path of the truststore file. \\ | \- \\ | No \\ |
| https-truststore-password \\ | The password of the truststore. \\ | \- \\ | No |
| https-keystore-file \\ | The file path of the keystore file. | \- \\ | No |
| https-keystore-password \\ | The password of the keystore \\ {info:title=Note}(The password key must be the same than the password keystore.{info} | \- \\ | No |
| http-basic-auth-username \\ | the username for HTTP Basic authentication. | \- \\ | No |
| http-basic-auth-password | the password for HTTP Basic authentication. \\ | \- \\ | No |
{table-plus}

{petalslink}
{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}

|| Parameter || Description || Default || Required ||
| wsa-to | Default address of the external Web Service to send JBI messages to. | \- | No |
| wsa-replyto | Address of an external Web Service to add to the WSA header wsa:ReplyTo. | \- | No |
| wsa-from | Address of an external Web Service to add to the WSA header wsa:From. | \- | No |
| wsa-faultto | Address of an external Web Service to add to the WSA header wsa:FaultTo. | \- | No |
| headers-filter | A value used to filter Normalized Message properties to be added to the outgoing SOAP message. All the normalized message properties which are org.w3c.dom.DocumentFragment instances. These values can be filtered at the Service Unit level with the headers-filter property. If the headers-filter property is set to 'org.ow2.petals.foo.*,* org.ow2.petals.soap.bar', all the DocumentFragment properties which are starting with 'org.ow2.petals.soap.foo.' and with 'org.ow2.petals.soap.bar' will be added to the outgoing SOAP Headers (as children). | \- | No |
| inject-headers | Inject some additional headers to the outgoing SOAP message. All the elements of the org.w3c.dom.DocumentFragment Map which is available in the javax.jbi.messaging.protocol.headers message properties will be added if the Service Unit level property inject-headers is set to true. | \- | No |
| headers-to-inject | Set of XML headers (CDATA) to be injected into the outgoing SOAP message (in SOAP Headers). | \- | No |
| service-parameters | Additional XML configuration for created Axis2 service as CDATA, same as the Axis2 services.xml file one. | | No |
| modules | A list of Axis2 modules names to engage (separated by comas). | | No |
{table-plus}
{petalslink}

h3. Service Unit content

The Service Unit has to contain the following elements, packaged in an archive:
* The META-INF/jbi.xml descriptor file as described above,
* An optional imported WSDL file describing the partner service

h1. Exposing an internal JBI service endpoint as a Web Service (SOAP over HTTP(S))

In consumer mode, the component exposes an internal JBI service outside the bus to transfer incoming SOAP requests to the internal service.

{info}
The HTTPS configuration is located at the component level because only one certificat is needed to expose the Petals service as a HTTPS web-service.
{info}

h2. Usage

The petals-bc-soap component can listen incoming SOAP messages and send messages to a JBI service endpoint by deploying a Service Unit on it. The component consumes the JBI service:
\\
\\
{center}
*Consumes a JBI service on a SOAP message*
\\ !petals-bc-soap-x.x-consumer.png|border=0,width=500,height=285!
{center}

The service-name Service Unit extension value will be used as Axis2 service name.

When a SOAP message is handled by the component, it is transformed into a JBI Message and sent to the JBI service endpoint configured in the Service Unit. The JBI message is created like this:
* The JBI operation is resolved (see [Operation Resolving|#op-resolving]).
* Copy the SOAP body into the JBI one.
* Put the SOAP attachments into JBI ones.
* Put the SOAP headers into the protocol header JBI message property.

By default, the component is configured to handle URI with the [http://localhost:8084/petals/services/]<service-name> (or 8083 for HTTPS) pattern (this URI can be configured in the [SOAP component configuration|#componentConfiguration]). It also handles ?wsdl calls; the WSDL description is retrieved from the endpoint and sent back to the consumer.

By default, the list of HTTP services is available at [http://localhost:8084/petals/services/listServices] (or 8083 for HTTPS) URI (it can also be configured in the [SOAP component configuration|#componentConfiguration]).

{warning}
If you plan tests with JAX-WS Reference Implementation, please use the JDK one (not the JRE one), otherwise MTOM attachments will not be handled properly.
{warning}

h2. Configuration

h3. Service Unit descriptor

An example of a Service Unit descriptor that exposes a Web Service over HTTP:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">

<jbi:consumes
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<!-- CDK specific elements -->
<petalsCDK:timeout>500</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />

<!-- Component specific elements -->
<soap:address>IntegrationServiceSOAPByPetals</soap:address>
<soap:mode>SOAP</soap:mode>
<soap:enable-http-transport>true</soap:enable-http-transport>
<soap:enable-jms-transport>false</soap:enable-jms-transport>
</jbi:consumes>
</jbi:services>
</jbi:jbi>
{code}

The HTTPS transport layer must be set in the component jbi.xml file (cf [SOAP component configuration|#componentConfiguration]):
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0" xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4">
<jbi:component type="binding-component"
bootstrap-class-loader-delegation="parent-first">
<jbi:identification>
<jbi:name>petals-bc-soap</jbi:name>
<jbi:description>The SOAP Binding Component (based on Axis2 + Jetty)</jbi:description>
</jbi:identification>
...

<!-- SOAP Component Parameters -->
...
<!-- HTTPS support -->
<soap:https-enabled>true</soap:https-enabled>
<soap:https-port>8083</soap:https-port>
<soap:https-keystore-type>JKS</soap:https-keystore-type>
<soap:https-keystore-file>../https/serverKeystore.jks</soap:https-keystore-file>
<soap:https-keystore-password>passwordServerKeystore</soap:https-keystore-password>
<soap:https-key-password>petalsServerK</soap:https-key-password>
<soap:https-truststore-type>JKS</soap:https-truststore-type>
<soap:https-truststore-file>../https/serverTruststore.jks</soap:https-truststore-file>
<soap:https-truststore-password>passwordServerTruststore</soap:https-truststore-password>
...

</jbi:component>
</jbi:jbi>
{code}

{include:0 CDK SU Consume Configuration 5.7.0}
\\
{center}{*}Configuration of a Service Unit to consume a service (SOAP)*{center}
{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}

|| Parameter || Description || Default || Required ||
| wsdl | Path to the WSDL document describing services and operations called by the JBI consumes defined in the SU.
The value of this parameter is :
- an URL
- a file relative to the root of the SU package| \- | No |
| service-name | Web Service name to expose. | \- | Yes |
| soap-action | The SOAP action QName to be used for the Web Service, will override the JBI message operation. | \- | No |
| mode | The mode to be used to receive messages. \\
Possible values are: SOAP for basic Web Service messages, JSON for JSON service messages and REST for REST service messages. | SOAP | Yes |
| enable-compatibility-for | Enable the compatibility with a specified Web Service stack. \\
Possible values are: AXIS1 for Axis1 Web Service stack. | \- | No |
| enable-http-transport | Enable the HTTP transport layer to send or receive SOAP messages. \\
Possible values are: true, false. | true | No |
| enable-https-transport \\ | Enable the HTTPS transport layer to send or receive SOAP messages. \\
Possible values are: true, false. \\ | false \\ | No \\ |
| enable-jms-transport | Enable the JMS transport layer to receive SOAP messages. \\
Possible values are: true, false. | false | No |
| http-services-redirection | HTTP redirection alias(es) for exposed Web Service. | \- | No |
| address | Same as service-name. \\ {warning:title=Warning}This parameter must not be used any more. service-name must be used.{warning} | \- | No |
{table-plus}

{petalslink}
{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}




|| Parameter || Description || Default || Required ||
| service-parameters | Additional XML configuration for created Axis2 service as CDATA, same as the Axis2 services.xml file one. | | No |
| enable-wsa \\ | Enable WSA-Addressing. Enable/disable Axis WSA-Addressing processing for incoming SOAP messages. \\
Possible values are: true, false. \\ | false \\ | No \\ |
| modules | A list of Axis2 modules names to engage (separated by comas). | | No |
{table-plus}
{petalslink}

h3. Service Unit content

The Service Unit has to contain the following elements, packaged in an archive:
* The META-INF/jbi.xml descriptor file as described above

h1. SOAP over JMS

By configuring the SOAP component and a Service Unit, it is possible to consume an internal JBI service.

{warning:title=Warning}
This feature is currently only supported in consumer mode with the operation with the MEP InOnly.
{warning}

h2. Usage

The petals-bc-soap component can receive JMS messages from a JMS queue and send SOAP messages (contained in the JMS body message) to a JBI service endpoint by deploying a Service Unit on it. The component consumes the JBI service.

It enables to support the following scenario: A JMS publisher sends a message to a JMS server and the SOAP component consumes the JMS message which contains a SOAP envelope in its body:

{center}
!petals-bc-soap-x.x-soap_over_jms.png|border=1,width=500,height=285!
*Consumes a JBI service on JMS message (containing SOAP envelope)*
{center}

The service-name Service Unit extension value will be used as Axis2 service name.

When a JMS message is handled by the component, the SOAP envelope (in its body) is extracted by Axis, is transformed into a JBI Message and sent to the JBI service endpoint configured in the Service Unit. The JBI message is created like this:
* The JBI operation is created from the SOAP action.
* Copy the SOAP body into the JBI one.
* Put the SOAP attachments into JBI ones.
* Put the SOAP headers into the protocol header JBI message property.

h2. Configuration

h3. JMS server

A JMS server must be started before starting the BC SOAP component (if the JMS transport layer is configured). The compatible JMS servers are Joram and Apache ActiveMQ.

h3. Shared library

A shared library corresponding to the JMS server (SL-JMS-Joram or SL-JMS-ActimeMQ) must be installed in Petals ESB before installing the BC SOAP component in Petals ESB.

h3. Component descriptor

The JMS transport layer must be set in the component jbi.xml file (cf [SOAP component configuration|#componentConfiguration]):
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0" xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4">
<jbi:component type="binding-component"
bootstrap-class-loader-delegation="parent-first">
<jbi:identification>
<jbi:name>petals-bc-soap</jbi:name>
<jbi:description>The SOAP Binding Component (based on Axis2 + Jetty)</jbi:description>
</jbi:identification>
...

<!-- SOAP Component Parameters -->
...
<!-- JMS transport layer -->
<soap:java-naming-factory-initial>org.apache.activemq.jndi.ActiveMQInitialContextFactory</soap:java-naming-factory-initial>
<soap:java-naming-provider-url>tcp://localhost:61616</soap:java-naming-provider-url>
<soap:jms-connection-factory-jndiname>QueueConnectionFactory</soap:jms-connection-factory-jndiname>
</jbi:component>
</jbi:jbi>
{code}

h3. Service Unit descriptor

The JMS transport must be enabled in the Service Unit jbi.xml file:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
    xmlns:generatedNs="http://petals.ow2.org/"
    xmlns:jbi="http://java.sun.com/xml/ns/jbi"
    xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
    xmlns:soap="http://petals.ow2.org/components/soap/version-4"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    
    <!-- Import a Service into Petals or Expose a Petals Service => use a BC. -->
    <jbi:services binding-component="true">
    
        <!-- Expose a Petals Service => consumes a Service. -->
        <jbi:consumes
            interface-name="generatedNs:JMSService"
            service-name="generatedNs:JMSService"
            endpoint-name="JMSServiceSOAP">
    
...            
<soap:enable-jms-transport>true</soap:enable-jms-transport>
        </jbi:consumes>
    </jbi:services>
</jbi:jbi>
{code}

When the SU is started, a queue is created on the JMS server by the SOAP component if it does not exist. The name of the queue is the value of the parameter soap:address or soap:service-name.

When a message is sent to the JMS queue, it is received and treated by the SOAP component.

h1. Exposing an internal JBI service endpoint as a Web Service with WS-Security (UsernameToken)

h2. Configuration

h3. Service Unit descriptor

An example of a Service Unit descriptor that consumes a Web Service with a WS-Plicy based on UsernameToken:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">
<jbi:consumes
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<petalsCDK:timeout>60000</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />

<soap:address>IntegrationServiceSOAPByPetalsUsernameToken</soap:address>
<soap:remove-root>false</soap:remove-root>
<soap:mode>SOAP</soap:mode>
<soap:enable-http-transport>true</soap:enable-http-transport>
<soap:modules>rampart</soap:modules>
<soap:wss-policy>wss-policy.xml</soap:wss-policy>
</jbi:consumes>
</jbi:services>
</jbi:jbi>
{code}

with the WS-Policy defined as following into the file {{wss-policy.xml}}:
{code:lang=xml}
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>org.ow2.petals.test.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
{code}

h3. Service Unit content

h1. Exposing an internal JBI service endpoint as a Web Service with WS-Security (Signature and Encryption)

h2. Configuration

h3. Service Unit descriptor

An example of a Service Unit descriptor that consumes a Web Service with Timestamp, Signature and Encryption:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">
<jbi:consumes
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<petalsCDK:timeout>60000</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />

<soap:address>IntegrationServiceSOAPByPetalsChiffrementSignature</soap:address>
<soap:remove-root>false</soap:remove-root>
<soap:mode>SOAP</soap:mode>

</jbi:jbi>
{code}

with the WS-Policy defined as following into the file {{wss-policy.xml}}:
{code:lang=xml}
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<!-- sp:RequireDerivedKeys />
<sp:RequireIssuerSerialReference />
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 /-->

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:userCertAlias>signKey</ramp:userCertAlias>
<ramp:encryptionUser>encryptKey</ramp:encryptionUser>
</ramp:RampartConfig>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:EncryptBeforeSigning />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:userCertAlias>signKey</ramp:userCertAlias-->
<ramp:encryptionUser>encryptKey</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.ow2.petals.test.PWCBHandler</ramp:passwordCallbackClass>

<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">serverKeystore.jks</ramp:property>
<!-- Password of the keystore -->
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">serverKeystorePassword</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">serverKeystore.jks</ramp:property>
<!-- Password of the keystore -->
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">serverKeystorePassword</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
{code}

h3. Service Unit content

h3. Service Unit descriptor

An example of a Service Unit descriptor that provides a Web Service with Timestamp, Signature and Encryption:

xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"

service-name="generatedNs:TestServiceAxisWSS"
endpoint-name="TestServiceAxisWSSSOAP">

<!-- CDK specific elements -->
<petalsCDK:timeout>30000</petalsCDK:timeout>
<petalsCDK:validate-wsdl>true</petalsCDK:validate-wsdl>
<petalsCDK:forward-security-subject>false</petalsCDK:forward-security-subject>
<petalsCDK:forward-message-properties>false</petalsCDK:forward-message-properties>
<petalsCDK:forward-attachments>false</petalsCDK:forward-attachments>
<petalsCDK:wsdl>TestServiceAxisWSS.wsdl</petalsCDK:wsdl>

<!-- Component specific elements -->
<soap:address>http://192.168.1.161:8080/axis2/services/TestServiceAxisWSS/</soap:address>
<soap:soap-version>1.1</soap:soap-version>
<soap:chunked-mode>false</soap:chunked-mode>

</jbi:jbi>

org.apache.ws.security.crypto.provider=org.apache.ws.security.components.crypto.Merlin
org.apache.ws.security.crypto.merlin.keystore.type=jks
org.apache.ws.security.crypto.merlin.keystore.password=serverKeystorePassword
org.apache.ws.security.crypto.merlin.file=serverKeystore.jks
{code}
* the serverKeystore.jks keystore file (quoted in the service.properties)
* the pcwbhandler.jar containing org.ow2.petals.test.PWCBHandler (quoted in the jbi.xml - necessary to get the public/private key pair to sign the outcoming message and to get the private key pair from the keystore to decrypt the incoming message)

{anchor:componentConfiguration}

h1. Component Configuration

{include:0 CDK Component Configuration Table 5.6.0}

{center}{*}Configuration of the component, component part*{center}
{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| http-port | HTTP port of the Jetty embedded server \\ | 8084 | No |
| http-host | Local Hostname to be used, can be hostname or host IP address. \\
If the value of the parameter is empty (default configuration), all interfaces are listen. | \- | Yes |
| http-service-list | Enables to display the available Web Service list on http://<http-host>:<http-port>/ \\
<http-service-context>/<http-service-mapping>/listServices. \\
Possible values are: true, false. \\ | true | No |
| http-service-context | The URL context. | petals | No |
| http-service-mapping | The URL service mapping. | services | No |
| http-thread-pool-size-min | The minimum size of the HTTP thread pool. | 2 | No |
| http-thread-pool-size-max | The maximum size of the HTTP thread pool. | 255 | No |
| http-acceptors | Number of acceptors for HTTP. Its value is limited to the number of available CPU. *Caution*, as an acceptor is a thread borrowed from the thread pool, the values of {{http-thread-pool-size-min}} and {{http-thread-pool-size-max}} MUST take into account this value. If {{http-thread-pool-size-max}} < {{http-acceptors}} + {{https-acceptors}}, no request can be processed. | 4 | No |
| http-backlog-size | The size of the TCP queue in which incoming HTTP connection request are put waiting to be accepted. | 50 | No |
| max-http-connections-per-host | Max concurrently opened connections to external services (used by provides). | The max size of the message exchange processor thread pool ({{processor-max-pool-size}}) | No |
| https-enabled \\ | Enable the HTTPS support. \\
Possible values are: true, false. \\ | false \\ | No \\ |
| https-port \\ | HTTPS port of the Jetty embedded server | 8083 \\ | No \\ |
| https-acceptors | Number of acceptors for HTTPS. Its value is limited to the number of available CPU. *Caution*, as an acceptor is a thread borrowed from the thread pool, the values of {{http-thread-pool-size-min}} and {{http-thread-pool-size-max}} MUST take into account this value. If {{http-thread-pool-size-max}} < {{http-acceptors}} + {{https-acceptors}}, no request can be processed. | 4 | No |
| https-backlog-size | The size of the TCP queue in which incoming HTTPS connection request are put waiting to be accepted. | 50 | No |
| https-keystore-type \\ | Type of the keystore. \\
Possible values are: JKS, PKCS12. \\ | JKS \\ | No |
| https-keystore-file | File path of the keystore. The SSL support is disabled if the keystore file does not exist, and a WARNING is logged.\\ | \- \\ | No |
| https-keystore-password \\ | Password of the keystore. \\ | \- \\ | No |
| https-key-password \\ | Password of the key. \\ | \- \\ | No |
| https-truststore-type \\ | Type of the truststore. \\
Possible values are: JKS, PKCS12. | JKS \\ | No |
| https-truststore-file \\ | File path of the truststore. | \- \\ | No \\ |
| https-truststore-password \\ | Password of the truststore. | \- \\ | No \\ |
| java-naming-factory-initial | The initial context factory class needed to access the JNDI server where the JMS connection factory can be found. | \- | No |
| java-naming-provider-url | The JNDI provider URL where the JMS connection factory can be found. | \- | No |
| jms-connection-factory-jndiname | Name of the default JMS connection factory in the JNDI. | \- | No |
{table-plus}

{include:0 CDK Parameter scope}

h1. Monitoring the component

h2. Using metrics

Several probes providing metrics are included in the component, and are available through the JMX MBean '{{org.ow2.petals:type=custom,name=monitoring_*<component-id>*}}', where {{*<component-id>*}} is the unique JBI identifier of the component.

h3. Common metrics

{include:0 CDK Component Monitoring Metrics 5.6.0}

h3. Dedicated metrics

Moreover the common metrics, some dedicated probes are include on the component:

|| Metrics, as MBean attribute || Description || Detail of the value || Configurable ||
| HttpServerThreadPoolActiveThreadsCurrent | The current number of active threads of the HTTP thread pool | instant integer value | no |
| HttpServerThreadPoolActiveThreadsMax | The maximum number of threads of the HTTP thread pool that was active | integer value, since the last startup of the component | no |
| HttpServerThreadPoolIdleThreadsCurrent | The current number of idle threads of the HTTP thread pool | instant integer value | no |
| HttpServerThreadPoolIdleThreadsMax | The maximum number of threads of the HTTP thread pool that was idle | integer value, since the last startup of the component | no |
| HttpServerThreadPoolMaxSize | The maximum size, in threads, of the HTTP thread pool | instant integer value | yes, through {{http-thread-pool-size-max}} |
| HttpServerThreadPoolMinSize | The minimum size, in threads, of the HTTP thread pool | instant integer value | yes, through {{http-thread-pool-size-min}} |
| HttpServerThreadPoolQueuedRequestsCurrent | The current number of enqueued requests waiting to be processed by the HTTP thread pool | instant integer value | no |
| HttpServerThreadPoolQueuedRequestsMax | The maximum number of enqueued requests waiting to be processed by the HTTP thread pool +since the last startup of the component+ | instant integer value | no |
| IncomingWsRequestsCounter | The number of incoming webservice requests grouped by:
* path of the invoked web-service URL,
* invoked operation, as {{QName}},
* ws-client IP address,
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer counter value since the last startup of the component | no |
| IncomingWsRequestsResponseTimeAbs | The aggregated response times of the incoming web-service requests +since the last startup of the component+ grouped by:
* path of the invoked web-service URL,
* invoked operation, as {{QName}},
* ws-client IP address,
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time. | no |
| IncomingWsRequestsResponseTimeRel | The aggregated response times of the incoming web-service requests +on the last sample+, grouped by:
* path of the invoked web-service URL,
* invoked operation, as {{QName}},
* ws-client IP address,
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time,
* the 10-percentile response time (10% of the response times are lesser than this value),
* the 50-percentile response time (50% of the response times are lesser than this value),
* the 90-percentile response time (90% of the response times are upper than this value). | no |
| InformationURLsCounter | The number of HTTP requests associated to the information servlet | integer counter value since the last startup of the component | no |
| ServiceContractsCounter | The number of a service contract request ('{{http://<server>:<port>/petals/services/<service-name>?wsdl}}' per HTTP(S)/SOAP service | integer counter value since the last startup of the component grouped by service| no |
| OutgoingWsRequestsCounter | The number of outgoing web-service requests to external web-service grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer counter value since the last startup of the component | no |
| OutgoingWsRequestsResponseTimeAbs | The aggregated response times of the outgoing web-service requests +since the last startup of the component+ grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time. | no |
| OutgoingWsRequestsResponseTimeRel | The aggregated response times of the outgoing web-service requests +on the last sample+, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time,
* the 10-percentile response time (10% of the response times are lesser than this value),
* the 50-percentile response time (50% of the response times are lesser than this value),
* the 90-percentile response time (90% of the response times are upper than this value). | no |
| UnknownURLsCounter | The number of HTTP requests associated to an unknown servlet or web-service | integer counter value since the last startup of the component | no |
| WsClientPoolClientsInUseCurrent | The current number of web-service client in use, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer instant value | no |
| WsClientPoolClientsInUseMax | The maximum number of web-service client in use, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer value, since the last startup of the component | no |
| WsClientPoolExhaustions | The number of exhaustion of the web-service client pool, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer counter value, since the last startup of the component | no |


h2. Receiving alerts

Several alerts are notified by the component through notification of the JMX MBean '{{org.ow2.petals:type=custom,name=monitoring_*<component-id>*}}', where {{*<component-id>*}} is the unique JBI identifier of the component.

{tip}To integrate these alerts with Nagios, see [petalsesbsnapshot:Receiving Petals ESB defects in Nagios].{tip}

h3. Common alerts

{include:0 CDK Component Monitoring Alerts 5.6.0}

h3. Dedicated alerts

Moreover the common metrics, some dedicated alerts can be sent by the component:

|| Defect || JMX Notification ||
| No more thread is available in the HTTP thread pool | \\
* {{type}}: {{org.ow2.petals.bc.soap.httpserver.threadpool.exhausted}}
* {{name}}: {{org.ow2.petals.binding.soap.monitoring.notification.HTTPServerThreadPoolExhaustedNotification}}
* no user data |
| No more web-service client is available | \\
* {{type}}: {{org.ow2.petals.bc.soap.serviceclientspool.exhausted}}
* {{name}}: {{org.ow2.petals.binding.soap.monitoring.notification.ServiceClientPoolExhaustedNotification}}
* {{user data}}: The web-service client pool id as {{String}} |

{show-to:users=llacote, cdeneux}

h1. MONIT level traces description

Following MONIT level traces have information specific to the component defined here:

|| Trace code \\ || Specific information \\ || Message content stored \\ ||
| MON-005 | * specific information identifying the outside client: IP-address
* specific information identifying the consume service unit: URL of the exposed webservice | * SOAP Envelope,
* attachments |
| MON-006 | * specific information identifying the external service provider: URL of the external webservice | * SOAP Envelope,
* attachments |
| MON-007 | \- \\ | * SOAP Envelope,
* attachments |
| MON-008 | \- \\ | * SOAP Envelope,
* attachments |
{show-to}

{anchor:op-resolving}
h1. Operation resolving: Mapping from URI, SOAP/WSA Action, Document/Literal-wrapped pattern and RPC/Literal pattern

The SOAP BC serves many SOAP services to the exterior (defined by JBI Consumes in the deployed SU) at the same time.
While it is not difficult for it to know which service is concerned by a request (because its name is in the called URI), determining the concerned operation is more complex.

There exists many ways to approach this question (see for example http://www.ibm.com/developerworks/library/ws-whichwsdl/).

In Petals we support the most common ones (those that are provided by Axis2) in that order:
- URI: if the service call's URI has the form: .../services/MyService/myOperation then the operation will be myOperation.
- SOAP/WSA Action: if the http header contains a SOAP Action or the SOAP message header contains a WSA Action, then it will be used to resolve the operation as defined in the WSDL.
- Document/Literal wrapping: from the first element's QName of the body, the operation that contains the message that contains the part that refers to this element is used.
- RPC/Literal: from the first element's localName (and not full QName) of the body, the operation that has the same name will be used.

For the last two, in case of ambiguity, the call will fails.

h1. Advanced usages

h2. Getting log traces from the underlying layers

The Petals BC SOAP is based on [Axis2|http://axis.apache.org/axis2/java/core/] and [Jetty 9.2|http://www.eclipse.org/jetty/documentation/9.2.10.v20150310]. To get log traces from these underlying layers, just add something as the following configuration to the Petals ESB logging configuration:
{code}
Petals.Container.Components.level=MONIT
# The following line enable debug traces from the BC SOAP itself
Petals.Container.Components.petals-bc-soap.level=FINE
# The following line enable debug traces from the underlying layer 'Jetty'
org.eclipse.jetty.level=FINE
# The following line enable debug traces from the underlying layer 'Axiom'
org.apache.axiom.level=FINE
# The following line enable debug traces from the underlying layer 'Axis2'
org.apache.axis2.level=FINE
org.apache.ws.security=FINE
org.apache.rampart=FINE
org.apache.commons.httpclient=FINE
{code}

h1. Know problems

h2. No HTTP/WS request is processed

When you try to invok a web-service with your favorite client, you get a time out instead of a standard response. A possible cause is configuration error of the HTTP thread pool. Check your configuration: the HTTP thread pool max size must be upper than the HTTP acceptor number, see [the component configuration|#componentConfiguration].

h2. Error invoking a service with 2\+ attachments from SoapUI

If you get an error invoking a service with at least two attachments from SoapUI, check that you have enabled the multi-part mode in the SoapUI properties of the request.

h2. "sec_error_inadequate_cert_type" appears when trying to get services list available through SSL on the HTTPS client side

If get the error "sec_error_inadequate_cert_type" using a browser to get available services through SSL, check your SSL configuration of your BC SOAP. Probably, you inverse certificates usage: You configure the public key of the server instead its private key.

h2. "sec_error_bad_cert_alert" appears when trying to get services list available through SSL on the HTTPS client side

You get this error on the HTTPS client side when the client authentication is *enabled* on the server side and no or bad certificate is available on the client side.

h2. Receiving fault "WSDoAllReceiver: security processing failed (actions mismatch)" invoking a webservice secured by WS-Security

The following fault returned by the BC SOAP to our client means that you have not set all required WS-Security headers. Check you client configuration against WS-Security configuration expected by the webservice.
{code}
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>WSDoAllReceiver: security processing failed (actions mismatch)</faultstring>
<detail>
...
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
{code}