The sample application

The sample application consists of a Web Service and a RESTful API both described and governed in WSRR. A DataPower® domain is configured with WSRR to be a gateway and a sample Web Client is provided to exercise the services.

The basic scenario in the sample application is that of an inventory application for a store (Warehouse), and a RESTful service that duplicates one of the operations for mobile. The Store web service has three operations:
  • purchase
  • findInventory
  • returnProduct
The last operation, findInventory, is also available as a RESTful service.

The Sample Web Service

The basic service level definition (SLD) has two mediation policies attached:
  • Validation against Store.wsdl. The sample assumes that the DataPower Validation is turned off.
  • Reject if there are more than 5 messages in 90 seconds. This threshold is low for ease of demonstration.

The consumer of the Store service is the StoreConsumer application, which has the consumer ID of CEO. This consumer has two Service Level Agreements (SLAs), Gold and Silver. If a request comes into DataPower with the consumer ID of CEO, and a Context ID of Silver, the request is allowed to pass through, because the Silver SLA is in place. If the consumer ID is CEO, and the context ID is Gold, the Gold SLA is matched. This SLA has a re-route policy attached to it, so the request is re-routed to the alternate endpoint stated in the policy.

If a request arrives with a consumer ID other than CEO, there is no Application Version with this consumer ID. There are therefore also no SLAs that could match, so this is a request from an anonymous consumer. As such, any policies attached to the anonymous SLA are applied. In this case, this causes a notification to appear in the logs. Note, the sample does not include a way to send a request with a consumer ID that is not CEO.

The scenario also performs authorization for the findInventory operation, which is based upon user group membership. An LDAP server is provided with the sample for mapping user credentials to the correct group.

The sample application flow diagram shows the flow of the application with each box representing a different DataPower gateway.

Figure 1. The sample application flow diagramThe incoming request has a SKU ID and Basic authentication, security goes to the StoreAddLTPA then StoreWSP where the request is authenticated by using the LTPA token. If the user is a Gold user. the request is sent to the StoreAlternateMockService, and if not the request is sent to the StoreMockService. If the user is a manager, the response contains all of the data, and if not, the response is the redacted price data.

The Sample RESTful Service

The RESTful service is governed in a similar way to the web service, except in how policies are used. As with the web service there are two SLAs: one for Silver customers and one for Gold customers. For the REST service, however, there are no polices attached at the SLD level (applied to all requests). Instead, there is one policy attached to each of the SLAs. The Gold SLA has a policy that rejects messages after more then 5 requests are made in 9 seconds, and Silver allows 2 requests in 90 seconds before rejecting.


Concept Concept

Feedback

Timestamp icon Last updated: Thursday, 3 July 2014
http://publib.boulder.ibm.com/infocenter/prodconn/v1r0m0/topic/com.ibm.scenarios.soawdpwsrr25.doc/topics/csoa2_samples.htm