{section}
{column}

{warning}This version must be installed on [Petals ESB 5.3.0|petalsesb530:Petals ESB 5.3.0]+{warning}

h1. Features

The SOAP component is a Binding Component (BC) which enables to interact with external SOAP Web Services and to expose JBI services as SOAP Web Services.

In provider role, when a JBI MessageExchange is sent to a ServiceEndpoint (mapped to a Web Service), it is transformed into a SOAP message and sent to the linked external Web Service. In consumer role, when a SOAP message is received on an exposed Web Service, it is transformed into a JBI MessageExchange and sent to the corresponding JBI ServiceEndpoint.

The SOAP component is based on Apache Axis2 v1.7.9 ([http://ws.apache.org/axis2/|http://ws.apache.org/axis2/]) and Eclipse Jetty v9.4.11.v20180605 ([http://www.eclipse.org/jetty/]). It provides the following features:
* Expose JBI Services as SOAP Web Services
* Expose SOAP Web Services as JBI Services
* Handle SOAP attachments (MTOM):
** the attachments of the incoming SOAP message are placed into the JBI message as attachments,
** the JBI attachments are placed in the outgoing SOAP message as attachments.

{info}
If you want more details about SOAP, you can consult this W3C specification: [http://www.w3.org/TR/soap/|http://www.w3.org/TR/soap/].

All attachment are processed by using XOP rules. (XML-binary Optimized Packaging: [http://www.w3.org/TR/xop10/])
{info}
{column}
{column:width=35%}
{panel:title=Table of contents}{toc:outline=true}{panel}
{panel:title=Contributors}{contributors:order=name|mode=list|showAnonymous=true|showCount=true|showLastTime=true}{panel}
{column}

{info}
The HTTPS configuration is located at the service-unit level to be able to use different certificates with different external webservices.
{info}

{warning}
Only JKS keystore and truststore are supported in the HTTPS mode.
Moreover, the key password and the keystore passwords have to be the same.
{warning}

When a message is received on a SOAP linked endpoint from the JBI environment, it is transformed into a SOAP message and sent to the Web Service. The address of the Web Service to send the SOAP message to is defined in the address extension of the deployed Service Unit.

The SOAP message is created like this:
* The JBI message payload is wrapped in the SOAP body
* The JBI message attachments are used to create SOAP ones
* The JBI message exchange operation is used to create the SOAP action

<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

service-name="generatedNs:IntegrationService"

<soap:chunked-mode>false</soap:chunked-mode>
<soap:mode>SOAP</soap:mode>
</jbi:provides>
</jbi:services>
</jbi:jbi>

<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

service-name="generatedNs:IntegrationService"

<soap:chunked-mode>false</soap:chunked-mode>
<soap:mode>SOAP</soap:mode>
<soap:https-truststore-file>../https/clientTruststore.jks</soap:https-truststore-file>
<soap:https-truststore-password>passwordClientTruststore</soap:https-truststore-password>
<soap:https-keystore-file>../https/clientKeystore.jks</soap:https-keystore-file>
<soap:https-keystore-password>passwordClientKeystore</soap:https-keystore-password>
</jbi:provides>
</jbi:services>
</jbi:jbi>

<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/test/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">
<jbi:provides
interface-name="generatedNs:TestServiceAxisWSS"
service-name="generatedNs:TestServiceAxisWSS"

<soap:chunked-mode>false</soap:chunked-mode>
<soap:mode>SOAP</soap:mode>
<soap:modules>rampart</soap:modules>
<soap:wss-policy>wss-policy.xml</soap:wss-policy>
</jbi:provides>
</jbi:services>
</jbi:jbi>
{code}

with the WS-Policy defined as following into the file {{wss-policy.xml}}, completed with the Rampart configuration:
{code:lang=xml}
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:user>user</ramp:user>
<ramp:passwordCallbackClass>org.ow2.petals.binding.soap.test.UTConsumeCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>

In consumer mode, the component exposes an internal JBI service outside the bus to transfer incoming SOAP requests to the internal service.

h2. Usage

The Petals BC SOAP can listen incoming SOAP messages and send messages to a JBI service endpoint by deploying a Service Unit on it. The component consumes the JBI service through HTTP(S) and JMS:
* consumes a JBI service on a HTTP(S)/SOAP message:
{center}
!petals-bc-soap-x.x-consumer.png|border=0,width=500,height=285!
{center}
* onsumes a JBI service on JMS message (containing SOAP envelope)
{center}
!petals-bc-soap-x.x-soap_over_jms.png|border=1,width=500,height=285!
{center}

When a SOAP message is handled by the component, it is transformed into a JBI Message and sent to the JBI service endpoint configured in the Service Unit. The JBI message is created like this:
* The JBI operation is resolved (see [Operation Resolving|#op-resolving]).
* Copy the SOAP body into the JBI one.
* Put the SOAP attachments into JBI ones.
* Put the SOAP headers into the protocol header JBI message property.

h2. As a web-service SOAP over HTTP(S)

{info}
The HTTPS configuration is located at the component level because only one certificat is needed to expose the Petals service as a HTTPS web-service.
{info}

By default, the component is configured to handle URI with the pattern: http://localhost:8084/petals/services/<service-name> (or 8083 for HTTPS). This URI can be configured at [component configuration|#componentConfiguration] level, see [SOAP component configuration|#componentConfiguration]). It also handles "?wsdl" calls, the WSDL description is retrieved from the endpoint and sent back to the consumer.

By default, the list of HTTP services is available at [http://localhost:8084/petals/services/listServices] (or 8083 for HTTPS) URI. It can also be configured at [component configuration|#componentConfiguration] level.

The HTTPS transport is activated at [component configuration|#componentConfiguration] level.

{warning}
If you plan tests with JAX-WS Reference Implementation, please use the JDK one (not the JRE one), otherwise MTOM attachments will not be handled properly.
{warning}

h3. Configuration

All needed information must be defined in the service-unit JBI descriptor. This JBI descriptor is configured through parameters divided in following groups:
* *JBI parameters* that defines the service provider identification,
* *CDK parameters* that are parameters driving the service consumer implementation at CDK layer,
* *CDK interceptor parameters* that are parameters driving interceptors at CDK layer,
* *Dedicated parameters* that are parameters driving the service consumer implementation at component layer.

h4. CDK parameters defining service consumer implementation
The following parameters correspond to the CDK configuration of the service consumer implementation.

{include:0 CDK SU BC Consume Configuration 5.8.0}

{note}
The configuration of the flow tracing (ie. value of parameter '{{activate-flow-tracing}}') can be overridden on HTTP(S) web-service invocation setting the HTTP header '{{org.ow2.petals.monitoring.activate-flow-tracing}}':
* not set: the parameter '{{activate-flow-tracing}}' configured at service unit level is applied,
* '{{true}}': the flow tracing is activated,
* '{{false}}': the flow tracing is deactivated.
{note}

h4. CDK parameters driving interceptors
The following parameters drive interceptors at CDK layer.

{include:0 CDK SU Interceptor configuration 5.8.0}

h4. Dedicated configuration

{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| service-name | Web-service name to expose. This value appears on URL used to expose the service. | \- | Yes |
| soap-action | The SOAP action QName to be used for the Web Service, will override the JBI message operation. | \- | No |
| mode | The mode to be used to receive messages. Possible values are: SOAP for basic Web Service messages, JSON for JSON service messages and REST for REST service messages. | SOAP | Yes |
| enable-compatibility-for | Enable the compatibility with a specified Web Service stack. Possible values are: AXIS1 for Axis1 Web Service stack. | \- | No |
| enable-http-transport | Enable the HTTP transport layer to send or receive SOAP messages. Possible values are: true, false. | true | No |
| enable-https-transport | Enable the HTTPS transport layer to send or receive SOAP messages. Possible values are: true, false. | false | No |
| http-services-redirection | HTTP redirection alias(es) for exposed Web Service. | \- | No |
| address | Same as service-name. {warning:title=Warning}This parameter must not be used any more. service-name must be used.{warning} | \- | No |
{table-plus}

{petalslink}
{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| service-parameters | Additional XML configuration for created Axis2 service as CDATA, same as the Axis2 services.xml file one. | | No |
| enable-wsa \\ | Enable WSA-Addressing. Enable/disable Axis WSA-Addressing processing for incoming SOAP messages. \\
Possible values are: true, false. \\ | false \\ | No \\ |
| modules | A list of Axis2 modules names to engage (separated by comas). | | No |
{table-plus}
{petalslink}

h3. Service unit content

The service unit has to contain the following elements, packaged in the archive:
* the META-INF/jbi.xml descriptor file as described above

{code}
service-unit.zip
+ META-INF
- jbi.xml (as defined above)
{code}

h3. Example

An example of a service unit descriptor that exposes a web-service over HTTP:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">
<jbi:consumes
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<petalsCDK:timeout>500</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />

<soap:address>IntegrationServiceSOAPByPetals</soap:address>
<soap:mode>SOAP</soap:mode>
<soap:enable-http-transport>true</soap:enable-http-transport>
<soap:enable-jms-transport>false</soap:enable-jms-transport>
</jbi:consumes>
</jbi:services>
</jbi:jbi>
{code}

h2. As a web-service SOAP over JMS

The Petals BC SOAP can receive JMS messages from a JMS queue and send SOAP messages (contained in the JMS body message) to a JBI service endpoint by deploying a service unit on it. It enables to support the following scenario: a JMS publisher sends a message to a JMS server and the SOAP component consumes the JMS message which contains a SOAP envelope in its body.

When the service unit is started, a queue is created on the JMS server by the SOAP component if it does not exist. The name of the queue is the value of the parameter "{{service-name}}". When a message is sent to the JMS queue, it is received and treated by the SOAP component.

{note:title=JMS server}
The JMS server must be started before starting the BC SOAP component (if the JMS transport layer is configured).
{note}

{note:title=JMS driver as shared library}
A shared library corresponding to the JMS server must be installed in Petals ESB before installing the BC SOAP component.
{note}

{warning:title=Warning}
This feature is currently only supported in consumer mode with the operation with the MEP InOnly.
{warning}

h3. Configuration

All needed information must be defined in the service-unit JBI descriptor. This JBI descriptor is configured through parameters divided in following groups:
* *JBI parameters* that defines the service provider identification,
* *CDK parameters* that are parameters driving the service consumer implementation at CDK layer,
* *CDK interceptor parameters* that are parameters driving interceptors at CDK layer,
* *Dedicated parameters* that are parameters driving the service consumer implementation at component layer.

h4. CDK parameters defining service consumer implementation
The following parameters correspond to the CDK configuration of the service consumer implementation.

{include:0 CDK SU BC Consume Configuration 5.8.0}

{note}
The configuration of the flow tracing (ie. value of parameter '{{activate-flow-tracing}}') can be overridden on HTTP(S) web-service invocation setting the HTTP header '{{org.ow2.petals.monitoring.activate-flow-tracing}}':
* not set: the parameter '{{activate-flow-tracing}}' configured at service unit level is applied,
* '{{true}}': the flow tracing is activated,
* '{{false}}': the flow tracing is deactivated.
{note}

h4. CDK parameters driving interceptors
The following parameters drive interceptors at CDK layer.

{include:0 CDK SU Interceptor configuration 5.8.0}

h4. Dedicated configuration

{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| service-name | Web-service name to expose, used as JMS destination to listen. | \- | Yes |
| soap-action | The SOAP action QName to be used for the Web Service, will override the JBI message operation. | \- | No |
| mode | The mode to be used to receive messages. Possible values are: SOAP for basic Web Service messages, JSON for JSON service messages and REST for REST service messages. | SOAP | Yes |
| enable-compatibility-for | Enable the compatibility with a specified Web Service stack. Possible values are: AXIS1 for Axis1 Web Service stack. | \- | No |
| enable-jms-transport | Enable the JMS transport layer to receive SOAP messages. Possible values are: true, false. | false | No |
| http-services-redirection | HTTP redirection alias(es) for exposed Web Service. | \- | No |
| address | Same as service-name. {warning:title=Warning}This parameter must not be used any more. service-name must be used.{warning} | \- | No |
{table-plus}

{petalslink}
{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| service-parameters | Additional XML configuration for created Axis2 service as CDATA, same as the Axis2 services.xml file one. | | No |
| enable-wsa \\ | Enable WSA-Addressing. Enable/disable Axis WSA-Addressing processing for incoming SOAP messages. \\
Possible values are: true, false. \\ | false \\ | No \\ |
| modules | A list of Axis2 modules names to engage (separated by comas). | | No |
{table-plus}
{petalslink}

h3. Service unit content

The service unit has to contain the following elements, packaged in the archive:
* the META-INF/jbi.xml descriptor file as described above

{code}
service-unit.zip
+ META-INF
- jbi.xml (as defined above)
{code}

h3. Example

An example of a service unit descriptor that exposes a web-service over JMS:
{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">
<jbi:consumes
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<petalsCDK:timeout>500</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />

<soap:address>IntegrationServiceSOAPByPetals</soap:address>
<soap:mode>SOAP</soap:mode>
<soap:enable-http-transport>false</soap:enable-http-transport>
<soap:enable-jms-transport>true</soap:enable-jms-transport>
</jbi:consumes>
</jbi:services>
</jbi:jbi>
{code}

h2. As a Web Service with WS-Security

We Security is enabled engagong the module '{{rampart}}' and providing a WS Policy file through parameters '{{modules}}' and '{{wss-policy}}'.

h3. Configuration

Moreover the basic configuration to expose the internal endpoint as a HTTP(S)/SOAP or JMS/SOAP service, the following parameters exist to drive WS-Security:

{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||

h3. Example of WS-Security based on UsernameToken

h4. Service unit descriptor

{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">
<jbi:consumes
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<petalsCDK:timeout>60000</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />

<soap:address>IntegrationServiceSOAPByPetalsUsernameToken</soap:address>
<soap:remove-root>false</soap:remove-root>
<soap:mode>SOAP</soap:mode>
<soap:enable-http-transport>true</soap:enable-http-transport>
<soap:modules>rampart</soap:modules>
<soap:wss-policy>wss-policy.xml</soap:wss-policy>
</jbi:consumes>
</jbi:services>
</jbi:jbi>
{code}

with the WS-Policy defined as following into the file {{wss-policy.xml}}:
{code:lang=xml}
<wsp:Policy wsu:Id="UTOverTransport"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SignedSupportingTokens
xmlns:sp="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702">
<wsp:Policy>
<sp:UsernameToken
sp:IncludeToken="http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/AlwaysToRecipient">
<wsp:Policy>
<sp:HashPassword />
</wsp:Policy>
</sp:UsernameToken>
</wsp:Policy>
</sp:SignedSupportingTokens>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:passwordCallbackClass>org.ow2.petals.test.PWCBHandler</ramp:passwordCallbackClass>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
{code}

h4. Service unit content

The service unit has to contain the following elements, packaged in the archive:
* the META-INF/jbi.xml descriptor file as described above
* the WS-Policy file described as above,
* and a JAR file containing a password callback, quoted in the WS-Policy file and necessary to check the user and the password of the token

{code}
service-unit.zip
+ META-INF
- jbi.xml (as defined above)
- wss-policy.xml (The WS Policy description)
- pcwbhandler.jar (The password callback)
{code}

h3. Example of WS-Security based on Timestamp, Signature and Encryption

h4. Service unit descriptor

{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0"
xmlns:generatedNs="http://petals.ow2.org/"
xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-5"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">

<jbi:services binding-component="true">
<jbi:consumes
interface-name="generatedNs:IntegrationService"
service-name="generatedNs:IntegrationService"
endpoint-name="IntegrationServiceSOAP">

<petalsCDK:timeout>60000</petalsCDK:timeout>
<petalsCDK:mep xsi:nil="true" />

<soap:address>IntegrationServiceSOAPByPetalsChiffrementSignature</soap:address>
<soap:remove-root>false</soap:remove-root>
<soap:mode>SOAP</soap:mode>
<soap:enable-http-transport>true</soap:enable-http-transport>
<soap:modules>rampart</soap:modules>
<soap:wss-policy>wss-policy.xml</soap:wss-policy>
</jbi:consumes>
</jbi:services>
</jbi:jbi>
{code}

with the WS-Policy defined as following into the file {{wss-policy.xml}}:
{code:lang=xml}
<wsp:Policy wsu:Id="SigEncr"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:SymmetricBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:ProtectionToken>
<wsp:Policy>
<sp:X509Token
sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never">
<wsp:Policy>
<!-- sp:RequireDerivedKeys />
<sp:RequireIssuerSerialReference />
<sp:RequireThumbprintReference />
<sp:WssX509V3Token10 /-->

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:userCertAlias>signKey</ramp:userCertAlias>
<ramp:encryptionUser>encryptKey</ramp:encryptionUser>
</ramp:RampartConfig>
</wsp:Policy>
</sp:X509Token>
</wsp:Policy>
</sp:ProtectionToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic128 />
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict />
</wsp:Policy>
</sp:Layout>
<sp:EncryptBeforeSigning />
<sp:OnlySignEntireHeadersAndBody />
</wsp:Policy>
</sp:SymmetricBinding>
<sp:SignedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:SignedParts>
<sp:EncryptedParts xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<sp:Body />
</sp:EncryptedParts>

<ramp:RampartConfig xmlns:ramp="http://ws.apache.org/rampart/policy">
<ramp:userCertAlias>signKey</ramp:userCertAlias-->
<ramp:encryptionUser>encryptKey</ramp:encryptionUser>
<ramp:passwordCallbackClass>org.ow2.petals.test.PWCBHandler</ramp:passwordCallbackClass>

<ramp:signatureCrypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">serverKeystore.jks</ramp:property>
<!-- Password of the keystore -->
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">serverKeystorePassword</ramp:property>
</ramp:crypto>
</ramp:signatureCrypto>
<ramp:encryptionCypto>
<ramp:crypto provider="org.apache.ws.security.components.crypto.Merlin">
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.type">JKS</ramp:property>
<ramp:property name="org.apache.ws.security.crypto.merlin.file">serverKeystore.jks</ramp:property>
<!-- Password of the keystore -->
<ramp:property name="org.apache.ws.security.crypto.merlin.keystore.password">serverKeystorePassword</ramp:property>
</ramp:crypto>
</ramp:encryptionCypto>
</ramp:RampartConfig>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
{code}

h4. Service unit content

The service unit has to contain the following elements, packaged in the archive:
* the META-INF/jbi.xml descriptor file as described above,
* the WS-Policy file described as above,
* a JAR file containing a password callback, quoted in the WS-Policy file and necessary to get the private key pair from the keystore to encrypt/decrypt the incoming and outgoing messages and to get the public/private key pair to sign the messages,
* the serverKeystore.jks keystore file, quoted in the WS-Policy and containing keys for encryption and signature.

{code}
service-unit.zip
+ META-INF
- jbi.xml (as defined above)
- wss-policy.xml (The WS Policy description)
- pcwbhandler.jar (The password callback)
- serverKeystore.jks (The key store)
{code}

{anchor:componentConfiguration}
h1. Configuring the component

The component can be configured through the parameters of its JBI descriptor file. These parameters are divided in following groups:
* *JBI parameters* that have not to be changed otherwise the component will not work,
* *CDK parameters* that are parameters driving the processing of the CDK layer,
* and parameters dedicated to the embedded SOAP servers and clients:
** embedded HTTP server,
** embedded HTTP web-service clients,
** embedded JMS client listenning incoming messages.

h2. CDK parameters
The component configuration includes the configuration of the CDK. The following parameters correspond to the CDK configuration.

{include:0 CDK Component Configuration Table 5.8.0}

h2. Interception configuration
{include:0 CDK Component Interceptor configuration 5.8.0}

h2. Dedicated configuration

These parameters drive features proposed by the component and configure the embedded SOAP servers and clients:
** embedded HTTP server,
** embedded HTTP web-service clients,
** embedded JMS client listenning incoming messages.

h3. Parameters of the embedded HTTP server

{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| http-port | HTTP port of the Jetty embedded server \\ | 8084 | No |
| http-host | Local Hostname to be used, can be hostname or host IP address. \\
If the value of the parameter is empty (default configuration), all interfaces are listen. | \- | Yes |
| http-service-list | Enables to display the available Web Service list on http://<http-host>:<http-port>/ \\
<http-service-context>/<http-service-mapping>/listServices. \\
Possible values are: true, false. \\ | true | No |
| http-service-context | The URL context. | petals | No |
| http-service-mapping | The URL service mapping. | services | No |
| http-thread-pool-size-min | The minimum size of the HTTP thread pool. | 2 | No |
| http-thread-pool-size-max | The maximum size of the HTTP thread pool. | 255 | No |
| http-acceptors | Number of acceptors for HTTP. Its value is limited to the number of available CPU. *Caution*, as an acceptor is a thread borrowed from the thread pool, the values of {{http-thread-pool-size-min}} and {{http-thread-pool-size-max}} MUST take into account this value. If {{http-thread-pool-size-max}} < {{http-acceptors}} + {{https-acceptors}}, no request can be processed. | 4 | No |
| http-backlog-size | The size of the TCP queue in which incoming HTTP connection request are put waiting to be accepted. | 50 | No |
| https-enabled \\ | Enable the HTTPS support. \\
Possible values are: true, false. \\ | false \\ | No \\ |
| https-port \\ | HTTPS port of the Jetty embedded server | 8083 \\ | No \\ |
| https-acceptors | Number of acceptors for HTTPS. Its value is limited to the number of available CPU. *Caution*, as an acceptor is a thread borrowed from the thread pool, the values of {{http-thread-pool-size-min}} and {{http-thread-pool-size-max}} MUST take into account this value. If {{http-thread-pool-size-max}} < {{http-acceptors}} + {{https-acceptors}}, no request can be processed. | 4 | No |
| https-backlog-size | The size of the TCP queue in which incoming HTTPS connection request are put waiting to be accepted. | 50 | No |
| https-keystore-type \\ | Type of the keystore. \\
Possible values are: JKS, PKCS12. \\ | JKS \\ | No |
| https-keystore-file | File path of the keystore. The SSL support is disabled if the keystore file does not exist, and a WARNING is logged. \\ | \- \\ | No |
| https-keystore-password \\ | Password of the keystore. \\ | \- \\ | No |
| https-key-password \\ | Password of the key. \\ | \- \\ | No |
| https-truststore-type \\ | Type of the truststore. \\
Possible values are: JKS, PKCS12. | JKS \\ | No |
| https-truststore-file \\ | File path of the truststore. | \- \\ | No \\ |
| https-truststore-password \\ | Password of the truststore. | \- \\ | No \\ |
{table-plus}

h3. Parameters of the embedded HTTP web-service clients

{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| max-http-connections-per-host | Max concurrently opened connections to external services (used by provides). | The max size of the message exchange processor thread pool ({{processor-max-pool-size}}) | No |
{table-plus}

h3. Parameters of the embedded JMS client listenning incoming messages

{table-plus:columnAttributes=,,style="text-align:center;",style="text-align:center;"}
|| Parameter || Description || Default || Required ||
| java-naming-factory-initial | The initial context factory class needed to access the JNDI server where the JMS connection factory can be found. | \- | No |
| java-naming-provider-url | The JNDI provider URL where the JMS connection factory can be found. | \- | No |
| jms-connection-factory-jndiname | Name of the default JMS connection factory in the JNDI. | \- | No |
{table-plus}

h3. Example of component configuration

{code:lang=xml}
<?xml version="1.0" encoding="UTF-8"?>
<jbi:jbi version="1.0" xmlns:jbi="http://java.sun.com/xml/ns/jbi"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:petalsCDK="http://petals.ow2.org/components/extensions/version-5"
xmlns:soap="http://petals.ow2.org/components/soap/version-4">
<jbi:component type="binding-component"
bootstrap-class-loader-delegation="parent-first">
...

<!-- HTTPS support -->
<soap:http-port>8080</soap:http-port>

<!-- HTTPS support -->
<soap:https-enabled>true</soap:https-enabled>
<soap:https-port>8081</soap:https-port>
<soap:https-keystore-type>JKS</soap:https-keystore-type>
<soap:https-keystore-file>../https/serverKeystore.jks</soap:https-keystore-file>
<soap:https-keystore-password>passwordServerKeystore</soap:https-keystore-password>
<soap:https-key-password>petalsServerK</soap:https-key-password>
<soap:https-truststore-type>JKS</soap:https-truststore-type>
<soap:https-truststore-file>../https/serverTruststore.jks</soap:https-truststore-file>
<soap:https-truststore-password>passwordServerTruststore</soap:https-truststore-password>

<!-- JMS transport layer -->
<soap:java-naming-factory-initial>org.apache.activemq.jndi.ActiveMQInitialContextFactory</soap:java-naming-factory-initial>
<soap:java-naming-provider-url>tcp://localhost:61616</soap:java-naming-provider-url>
<soap:jms-connection-factory-jndiname>QueueConnectionFactory</soap:jms-connection-factory-jndiname>
</jbi:component>
</jbi:jbi>
{code}

h1. Business monitoring

h2. MONIT traces

{include:0 CDK BC Business Monitoring Traces 5.8.0}

Following MONIT level traces have information specific to the component defined here:

|| Trace code || Description || Specific information || Message content stored ||
| {{consumeExtFlowStepBegin}} | An external incoming web-service request received | * {{requestedURL}}: URL of the web-service invoked | - |
| {{provideExtFlowStepBegin}} | An external outgoing web-service request is sent | * {{requestedURL}}: URL of the web-service invoked | - |

h2. Flow tracing activation

{include:0 CDK BC Provides Business Monitoring Flow Tracing Activation 5.8.0}

h1. Monitoring the component

h2. Using metrics

Several probes providing metrics are included in the component, and are available through the JMX MBean '{{org.ow2.petals:type=custom,name=monitoring\_}}{{{}*<component-id>*}}', where {{*<component-id>*}} is the unique JBI identifier of the component.

h3. Common metrics

{include:0 CDK Component Monitoring Metrics 5.8.0}

h3. Dedicated metrics

Moreover the common metrics, some dedicated probes are include on the component:

|| Metrics, as MBean attribute || Description || Detail of the value || Configurable ||
| HttpServerThreadPoolActiveThreadsCurrent | The current number of active threads of the HTTP thread pool | instant integer value | no |
| HttpServerThreadPoolActiveThreadsMax | The maximum number of threads of the HTTP thread pool that was active | integer value, since the last startup of the component | no |
| HttpServerThreadPoolIdleThreadsCurrent | The current number of idle threads of the HTTP thread pool | instant integer value | no |
| HttpServerThreadPoolIdleThreadsMax | The maximum number of threads of the HTTP thread pool that was idle | integer value, since the last startup of the component | no |
| HttpServerThreadPoolMaxSize | The maximum size, in threads, of the HTTP thread pool | instant integer value | yes, through {{http-thread-pool-size-max}} |
| HttpServerThreadPoolMinSize | The minimum size, in threads, of the HTTP thread pool | instant integer value | yes, through {{http-thread-pool-size-min}} |
| HttpServerThreadPoolQueuedRequestsCurrent | The current number of enqueued requests waiting to be processed by the HTTP thread pool | instant integer value | no |
| HttpServerThreadPoolQueuedRequestsMax | The maximum number of enqueued requests waiting to be processed by the HTTP thread pool +since the last startup of the component+ | instant integer value | no |
| IncomingWsRequestsCounter | The number of incoming webservice requests grouped by:
* path of the invoked web-service URL,
* invoked operation, as {{QName}},
* ws-client IP address,
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer counter value since the last startup of the component | no |
| IncomingWsRequestsResponseTimeAbs | The aggregated response times of the incoming web-service requests +since the last startup of the component+ grouped by:
* path of the invoked web-service URL,
* invoked operation, as {{QName}},
* ws-client IP address,
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time. | no |
| IncomingWsRequestsResponseTimeRel | The aggregated response times of the incoming web-service requests +on the last sample+, grouped by:
* path of the invoked web-service URL,
* invoked operation, as {{QName}},
* ws-client IP address,
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time,
* the 10-percentile response time (10% of the response times are lesser than this value),
* the 50-percentile response time (50% of the response times are lesser than this value),
* the 90-percentile response time (90% of the response times are lesser than this value). | no |
| InformationURLsCounter | The number of HTTP requests associated to the information servlet | integer counter value since the last startup of the component | no |
| ServiceContractsCounter | The number of a service contract request ('{{http://<server>:<port>/petals/services/<service-name>?wsdl}}' per HTTP(S)/SOAP service | integer counter value since the last startup of the component grouped by service | no |
| OutgoingWsRequestsCounter | The number of outgoing web-service requests to external web-service grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer counter value since the last startup of the component | no |
| OutgoingWsRequestsResponseTimeAbs | The aggregated response times of the outgoing web-service requests +since the last startup of the component+ grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time. | no |
| OutgoingWsRequestsResponseTimeRel | The aggregated response times of the outgoing web-service requests +on the last sample+, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | n-tuple value containing, in millisecond:
* the maximum response time,
* the average response time,
* the minimum response time,
* the 10-percentile response time (10% of the response times are lesser than this value),
* the 50-percentile response time (50% of the response times are lesser than this value),
* the 90-percentile response time (90% of the response times are lesser than this value). | no |
| UnknownURLsCounter | The number of HTTP requests associated to an unknown servlet or web-service | integer counter value since the last startup of the component | no |
| WsClientPoolClientsInUseCurrent | The current number of web-service client in use, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}}. | integer instant value | no |
| WsClientPoolClientsInUseMax | The maximum number of web-service client in use, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}}. | integer value, since the last startup of the component | no |
| WsClientPoolExhaustions | The number of exhaustion of the web-service client pool, grouped by:
* URL of the external web-service to invoke,
* the operation to invoke, as {{QName}},
* the message exchange pattern, as {{URI}},
* and execution status (PENDING, ERROR, FAULT, SUCCEEDED). | integer counter value, since the last startup of the component | no |

h2. Receiving alerts

Several alerts are notified by the component through notification of the JMX MBean '{{org.ow2.petals:type=custom,name=monitoring\_}}{{{}*<component-id>*}}', where {{*<component-id>*}} is the unique JBI identifier of the component.

{tip}To integrate these alerts with Nagios, see [petalsesbsnapshot:Receiving Petals ESB defects in Nagios].{tip}

h3. Common alerts

{include:0 CDK Component Monitoring Alerts 5.6.0}

h3. Dedicated alerts

Moreover the common metrics, some dedicated alerts can be sent by the component:

|| Defect || JMX Notification ||
| No more thread is available in the HTTP thread pool | \\
* {{type}}: {{org.ow2.petals.bc.soap.httpserver.threadpool.exhausted}}
* {{name}}: {{org.ow2.petals.binding.soap.monitoring.notification.HTTPServerThreadPoolExhaustedNotification}}
* no user data |
| No more web-service client is available | \\
* {{type}}: {{org.ow2.petals.bc.soap.serviceclientspool.exhausted}}
* {{name}}: {{org.ow2.petals.binding.soap.monitoring.notification.ServiceClientPoolExhaustedNotification}}
* {{user data}}: The web-service client pool id as {{String}} |

{anchor:op-resolving}
h1. Operation resolving: Mapping from URI, SOAP/WSA Action, Document/Literal-wrapped pattern and RPC/Literal pattern

The SOAP BC serves many SOAP services to the exterior (defined by JBI Consumes in the deployed SU) at the same time.
While it is not difficult for it to know which service is concerned by a request (because its name is in the called URI), determining the concerned operation is more complex.

There exists many ways to approach this question (see for example [http://www.ibm.com/developerworks/library/ws-whichwsdl/]).

In Petals we support the most common ones (those that are provided by Axis2) in that order:
- URI: if the service call's URI has the form: .../services/MyService/myOperation then the operation will be myOperation.
- SOAP/WSA Action: if the http header contains a SOAP Action or the SOAP message header contains a WSA Action, then it will be used to resolve the operation as defined in the WSDL.
- Document/Literal wrapping: from the first element's QName of the body, the operation that contains the message that contains the part that refers to this element is used.
- RPC/Literal: from the first element's localName (and not full QName) of the body, the operation that has the same name will be used.

For the last two, in case of ambiguity, the call will fails.

h1. Advanced usages

h2. Getting log traces from the underlying layers

The Petals BC SOAP is based on [Axis2|http://axis.apache.org/axis2/java/core/] and [Jetty 9.2|http://www.eclipse.org/jetty/documentation/9.2.10.v20150310]. To get log traces from these underlying layers, just add something as the following configuration to the Petals ESB logging configuration:
{code}
Petals.Container.Components.level=MONIT
# The following line enable debug traces from the BC SOAP itself
Petals.Container.Components.petals-bc-soap.level=FINE
# The following line enable debug traces from the underlying layer 'Jetty'
org.eclipse.jetty.level=FINE
# The following line enable debug traces from the underlying layer 'Axiom'
org.apache.axiom.level=FINE
# The following line enable debug traces from the underlying layer 'Axis2'
org.apache.axis2.level=FINE
org.apache.ws.security=FINE
org.apache.rampart=FINE
org.apache.commons.httpclient=FINE
{code}

h1. Know problems

h2. No HTTP/WS request is processed

When you try to invok a web-service with your favorite client, you get a time out instead of a standard response. A possible cause is configuration error of the HTTP thread pool. Check your configuration: the HTTP thread pool max size must be upper than the HTTP acceptor number, see [the component configuration|#componentConfiguration].

h2. Error invoking a service with 2\+ attachments from SoapUI

If you get an error invoking a service with at least two attachments from SoapUI, check that you have enabled the multi-part mode in the SoapUI properties of the request.

h2. "sec_error_inadequate_cert_type" appears when trying to get services list available through SSL on the HTTPS client side

If get the error "sec_error_inadequate_cert_type" using a browser to get available services through SSL, check your SSL configuration of your BC SOAP. Probably, you inverse certificates usage: You configure the public key of the server instead its private key.

h2. "sec_error_bad_cert_alert" appears when trying to get services list available through SSL on the HTTPS client side

You get this error on the HTTPS client side when the client authentication is *enabled* on the server side and no or bad certificate is available on the client side.

h2. Receiving fault "WSDoAllReceiver: security processing failed (actions mismatch)" invoking a webservice secured by WS-Security

The following fault returned by the BC SOAP to our client means that you have not set all required WS-Security headers. Check you client configuration against WS-Security configuration expected by the webservice.
{code}
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>WSDoAllReceiver: security processing failed (actions mismatch)</faultstring>
<detail>
...
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
{code}