Apache CXF - Camel tips on WSDL Validation

I wanted to perform WSDL validation against incoming SOAP Payload.

Here's what I did:

1) In applicationContext.xml,

<cxf:cxfEndpoint id="MyEndPoint" address="http://locahost:test/" serviceClass="com.test.Test" wsdlURL="test.wsdl"  >
        <cxf:properties>
            <entry key="schema-validation-enabled" value="true"/>
        </cxf:properties>
</cxf:cxfEndpoint>

2) In camel-context.xml, 

<camel:route id="myService">
   <camel:from uri="MyEndPoint?dataFormat=POJO"/>
...
</camel:route>

**It is compulsory to use POJO so that it will trigger JAXB validation. Otherwise you won't see any effect. Read this RedHat's document for further study. 

Apache CXF - Camel tips on Working On HTTP Response Header

Apache Camel provides so many features. It is like a blackbox.

I wanted to change the default value of the Http Response Header, for example to set no-cache to the Cache-Control. Here's what I did:

1) Create SoapInterceptor class by extending org.apache.cxf.binding.soap.interceptor.AbstractSoapInterceptor

public class SoapInterceptor extends AbstractSoapInterceptor {

2) In the constructor, set the below line: 

        super(Phase.PRE_PROTOCOL);
        getAfter().add(SAAJInInterceptor.class.getName());

**For Phase, please read this documentation from RedHat . If you wanna become an expert in terms of this, you need to test it out one by one to master its behavior. I think it is wise to include that kind of effort to your project timeline. 

3) Implement the handleMessage(SoapMessage message) method. 

3) Inside this handleMessage, I obtain the HttpServletResponse from the below line: 

HttpServletResponse httpResponse = (HttpServletResponse) message.get(AbstractHTTPDestination.HTTP_RESPONSE);

4) Now I can set the following: 

httpResponse.setHeader("Cache-Control", "no-cache, no-store");

5) Next, in applicationContext.xml,

<cxf:cxfEndpoint id="MyEndPoint" address="http://localhost/test" serviceClass="com.test.Test" >
<cxf:inInterceptors>
            <bean id="inInterceptor1" class="com.test.interceptor.SoapInterceptor" />
        </cxf:inInterceptors>
</cxf:cxfEndpoint>

One URL, Different Certificates

Yesterday I encountered one very weird issue where the web service that my application consumes, actually generates entirely different certificates if you access from browser!

That's a new finding for me. 

What I do normally is to download the SSL certificate from internet browser such as IE. After that I will add the SSL certificate that I downloaded to my application's truststore. This way has worked many and many times before and has never gone wrong. 

However, unfortunately this time the above method did not work anymore. I then troubleshooted the application by enabling the Java SSL Debug mode by adding the JVM parameter "-Djavax.net.debug=ssl" so that my application would print out the SSL debug information to the STDOUT. From there I spotted this line "certificate_unknown", then I further confirmed the CN details of the SSL certificate received by my application from the Web Service Provider is different that the one that I've added to my application's truststore. 

Next I chose to retrieve the SSL certificate by using openssl. I installed OpenSSL for Windows , then ran the following command "openssl s_client -connect host:port" to fetch the SSL certificate details. I saved the details as a CER file, then added that CER to my truststore and hooray my SSL handshake issue is gone! 

Composite Sensor (sensor.xml) for Oracle SOA

There's a logging feature (Composite Audit Level, under 'Settings') in Oracle's Enterprise Manager Console. However, usually you will not enable it in production environment because the feature captures too much detail(even the payload!) for every transaction and hence could lead to low storage level issue if your "composite" is expected to process too many transactions every minute.

Nevertheless, we still need to capture at least one of two detail for each transaction and such detail can be very useful when coming to problem troubleshooting.

So what do we do without enabling the 'logging' feature? We use the "Composite Sensors". At code level, this composite sensor is a xml with the name "sensor.xml". At Enterprise Manager's level, an composite sensor icon will appear in each transaction line. Just click on that and it will open up a new window that shows the detail.

Run Software in Hidden Mode

Many years ago I was building a Car Workshop Management System. The client is a Car Workshop in Johor. Basically the client uses this software to take order, to track work progress and to generate receipt to customers. The software is able to generate "Account Summary" as well showing the total sales and receipts over a period of time.

One day my boss came to me with a new requirement. The client wanted to have a "secret" mode of the software. Under this secret mode, the client can show to Tax Officers different series of sequence number for invoices and receipts.

So in the software we keep two IDs with running number as the value, one is the "real" invoice number and another one is the "fake" invoice number. So when the client runs the software under "secret" mode, the Account Summary report will show only those transactions with fake number.

Ha ha. What a fun memory!

Oracle SOA Composite SCAC-50012 error during Build

Earlier on my head was spinning for trying to resolve this SCAC-50012 error. JDeveloper throws out this error while building the SOA Composite. 

The compiler suggests me to go to a specific location for the scac.log file. It said the log should contain the detail for the error. 

Well yes there is error detail in the log. It says "could not initialize variable" and "the schema processor cannot find the element " blar blar. So I go ahead and check the blar blar WSDLs + XSDs. They all look perfect. So what the fuck is going on?

So I started all the "long troubleshooting process" which basically means multiple times of "Trial and Error". I removed this WSDL reference, removed that "Invoke Activity". For each change I will compile the whole thing. So I repeated this for every change. Just to narrow down where exactly has gone wrong. 

I did not perform all this in one day as I have other higher priority tasks to take care of. But on and off I will come back to this one as this problem slowly becomes a needle that keeps poking me every time the user asking for an enhancement for this particular SOA Composite. 

So today finally I managed to 'gotcha' the culprit that caused this bloody issue. It is due to the reference to a specific XSD in one of the WSDLs consumed by my SOA Composite is invalid. 

Lesson learnt. Next time the same issue comes to you, please don't "TRUST" the scac.log file. Just examine every WSDLs or XSDs in your Project. Some references may be invalid already.

Dev and Ops

My company's CIO recently came out with an interesting idea.

Before that, let me briefly explain the background for this.

In an organization where the core business is non-IT, the IT department usually gets vendors to help implement an IT solution or product and the vendors should do a KT to the IT department staff so that the IT department staff is able to help maintain the solution or product.

Maintenance usually means :

1) To make sure the solution or product is working well 24x7. If things go wrong, usually it is due to environment issues. For e.g. an version upgrade of one of the products that is also part of the whole solution. Sometimes it could be due to mistakes as the current solution does not read data properly under certain scenarios.

2) To enhance the product or solution to provide more values to the users. Most of the time the values means to save cost for performing one transaction. What kind of cost to save? Maybe to reduce the number of steps for the users to perform a transaction; or maybe to remove some of the manual processes such as "verify data in excel by eyes" thus avoid human error. 

Usually enhancement comes in the form of Change Request. Change Request is very common term used in the IT department of all organizations.

If it is something bigger than a "product/solution enhancement", usually such requirement will be turned into a Project. So the management or PMO will set up a project team for this.

The members of the project shall consist of Project Managers, Solution Architects, Business Analysts, and Developers, and sometimes Testers too.

Every project must be reviewed by Enterprise Architects. According to TOGAF framework, Enterprise Architects should govern the IT architecture of one organization. The value of Enterprise Architect is usually to create "Business Services" to perform certain "Business Processes", and after that the EAs have to define Information Services for each Business Service.

Anyway, my company does not have a EA team right now. As far as I know the management are working on it. When will these come into reality, I don't know.

Let's get back to Project. The problem now is there are so many issues happened to a recent project despite all the proper planning. So CIO and his team decided that:

1) To create a DEV division and a OPS division in one IT team. Take the Middleware team as the example, Middleware has one lead at the moment. In the future there will be a lead for DEV and a lead for OPS. Some developers will be parked under DEV, some developers will be parked under OPS. DEV will need to be held accountable for Project, and OPS will be held accountable for OPS.

This arrangement is not a fixed thing for developers so one developer can jump freely from DEV or OPS and vice versa at anytime.

This arrangement only matters most to the top management so that it is easier for them to check for status with the right person, in this case the lead. If some issues happened in project, look for DEV lead. If something screwed up in operation, look for OPS lead. This is how it works. Top management don't really care if the developer is in DEV or OPS.