15 March 2005

A Service-Oriented Architecture for Enabling Centralized Authentication Across WebLogic Domains

This paper:
A Service-Oriented Architecture for Enabling Centralized Authentication Across WebLogic Domains contains a few diagrams very clearly describe SOA and SAML together that provides a centralised security gateway. Example is given in WebLogic Web Server, but same principles apply to any web server. Likewise, LDAP is used to search user credentials but can use any mechanism, e.g. an account database for e-Commerce application.

07 March 2005

London Stock Exchange Retail Service Provider Gateway - Programming with WSE

LSE RSP Gateway (London Stock Exchange Retail Service Provider Gateway) is a London Stock Exchange service providing a central facility for routing quote and execution messages between private client brokers and Retail Service Providers.

Based on the public information available on: RSP Technical CTG Presentation, design and implement a RSP Gateway using SOAP messaging and WSE

What we trying to achieve by this exercise:
This exercise will likely to use knowledge you have on following domain: SOAP (synchronous/asynchronous) messaging, web services, multithread, WSE (Web Services Enhancements), windows services, instrumentation, configuration

Draft requirement and tasks list

Part 1 The Gateway
Task1. Implement functions listening to income requests for stock quote from brokers.
Task2. Implement functions reply to brokers for the stocks prices asked.
Task3. Implement functions ‘broadcasts’ request to RSPs for quotes on a particular stock.
Task4. Collect quotes from RSPs
Task5. Orchestrate the workflow, business logics.
Task6. If the gateway is not implemented as a windows service, please turn that into a windows service.

Part 2 The broker and RSP console
Task1. Implement a broker console program that request stocks quotes from RPS Gateway and display the stock quotes
Task2. Implement a RSP console that reply to RSP with their best price.
Task3. Demonstrate multiple brokers and RSP work concurrently

Part 3 Deal Execution
Task1 Modify the gateway so it can propagate deal requests to the RSP based on the offer. (Broker to provide information on who offers the deal so the gateway can route it to the specific RSP).
Task2 Modify the gateway so the dealt result from RSP can be routed back to the broker.
Task 3. Modify the broker console to handle deal request and reply.
Task 4. Modify the RSP console to handle deal execution and reply.

Hope I can find some time this week.

06 March 2005

Service-Oriented Architectures (SOA)

SOA is the new buzz word everyone in the architect team is talking about. The other two are SmartClient and WSE, by the way. So what is SOA? What a service-oriented application looked like? What is drive for SOA? What are the implications in terms of customer experience, operation benchmarks: reliability, availability, scalability, performance etc and software engineering: implementation process agility, data and process modelling and designed patterns.

After a week’s miserable, wintry days, I am sitting in my study whcih flooded with sunshine, enjoying this glorious Sunday morning. What could be an even better thing to consolidate all these? I even have my sunglasses on .The better half is tidying up the front garden. Bless her.

What is SOA?
By definition from Microsoft .NET Frequently Asked Questions, ‘SOA describes an information technology architecture that enables distributed computing environments with many different types of computing platforms and applications.’ SOA is not a programming language, nor a programming model, nor a Design Pattern. It is an emerged ENTERPRISE Pattern.

What SOA looked like?
In typical n-tier enterprise architectures, SOA abstracts middle tiers and exposes the complex business object interactions and heterogeneous backend (say composed of a DB2 database, an Oracle and a few 3rd party extranet calls) as ‘contract-services’. The result is a ‘loosely coupled, and standards based’(Dave Chappell Extracting Business Value from SOA )enterprise system.

Following figures are from Chip Irek’s excellent paper Realizing a Service-Oriented Architecture with .NET shows a sitting plan of the SOA service interface.


A typical 3-tier application architecture


A service-oriented application architecture

Now image this is a simplified IT architecture of a bank. There are handheld devices, browser client and other smart clients the presentation box needs to support for internal and external customers. For a typical transaction of credit account, it involves customer database, product database and calls to BACS (Bankers Automated Clearing System).

As you can see in the second figure, the purple cloud - service interface wraps the entire transaction and exposes it as single point of contact to the caller – the presentation box. (The two cubicles in the purple cloud should be read as two unrelated requests happened to be invoked from the same client to simplify the case.)

On receiving a client request, ‘services purple cloud’ orchestrates calls to discreet business objects (traditional middleware), in our case retrieving customer data, retrieving product information and issues a request for credit to BACS. The purple cloud also manages the responses, and finally response to client.

In contrast, in a traditional n-tier application, presentation box are heavily interacting with business objects directly.

Why do SOA?
I cited Chip’s Realizing a Service-Oriented Architecture with .NET here: ‘A good architecture emphasizes a separation of responsibilities. For example, the presentation tier manages presentation components; the business logic tier manages business logic components; and the data access tier manages data access components.’
‘This separation provides for fault tolerance, easier maintenance, and future-proofing. A good service-oriented architecture is nothing new, just a smart way of separating (and exposing) a component's responsibilities.’
Fault tolerance, easier maintenance, and future-proofing are big marketecture buzz words to tell VPs and CIO. Regardless how these words have been abused, they are true in SOA scenario.
In a recent online application project I have worked on, we see these immediate benefits. This is high level description of the archetecture:

  • The application form is modelled as an xml schema.
  • ‘Service purple cloud’ is implemented as web service (we will come to that in next section) and associated assemblies.
  • Request/Response between presentation and middleware (business objects) is via this web service. Transaction orchestration is implemented as part of the purple cloud in the associated assemblies.
  • Business functions – retrieving customer data, product data, calls to BACS are already existed.


  • The gain is multi-dimensional.

    From presentation (client) point of view, what happens between request-submitted to response-returned is a black box case. We do online transaction at the moment, but we could also dehydrate the application data if some business functions hosting in a different platform down. These are all transparent to the client. And because the only link between client and service is the application XML schema, it is easily accommodate the future needs. Say, we now have presentation supports web client, but if we do Windows Form or B2B whole sale, the same XML schema is suffice without requiring any change to purple cloud and behind it.

    For code implementation point, the development is naturally broken down into more manageable iterations. The first iteration is to implement the application data dehydration. Then we add online transaction capacity in second iteration. Should business process decide to call a stop for iteration 2, the iteration 1 deliverable can still go live without a hinge. (There is a process to extract dehydrated data though, it is needed anyway.)

    What enables SOA?
    As you guessed, the key player in SOA is the SOAP and Web Services. In our case study, presentation box validates and serializes application data SOAP message then invokes call to the web service. From presentation point of view, the entire end-to-end business process has only a single point of contact.

    Compares SOA and OOA
    SOA is not the Chinese monkey king born out from rock. It evolves from the classic object-oriented architectures.

    In Object-oriented architectures (OOA) paradigm - not sure if this is an establish name, I used it just to contrasting SOA – such like COM, DCOM, RPC, .NET Remoting and etc, ‘objects are marshaled across process boundaries through the proxy/stub techniques… provides benefits such as location transparency.’ (Chip Irek). This requires stateful objects persisted multiple communication links and lots of plumbing boilerplate codes. These communication links contributes to more tightly coupled architecture between presentation and middleware.
    Table is turned in a service-oriented architecture. As you see there is no coupling between presentation and middleware. Clients consume services rather than invoking discreet method calls directly. The result is a loosely coupled system that glued together by contract of SOAP message.

    Don’t get confused by the SOA, OOA and OOAD (as of object-oriented analysis and design). Object-oriented architectures and service-oriented architecture are enterprise architecture patterns while OOAD is the data modeling, programming methodology. SOA doesn’t and shouldn’t defy OOAD in implementing business process – the black box behind the purple cloud.

    On a side note, in last year’ MS PDC in Amsterdam, Don Box informally compared the performance between Remoting and Web Service and the conclusion is web service wins. 'On ASMX serialization vs. binary serialization with remoting, ASMX will be faster than .NET remoting, short term performance gains using remoting today will not position your applications for future releases'. Read it here

    SOA Design Issue
    Having said the OOAD can be applied, it doesn’t mean there is absolutely not changes in the design patterns. I reckon the biggest challenge is to design the application as composed of stateless components while it still provides a rich customer experience. Get back to the online application process in our case study, the application data should be a modelled against its paper based cousin. It should be self –described. So anyone picks it up can process it without restoring help from other system.

    I cite (again) Chip Irek to conclusion how to effectively implement SOA design: ‘Web methods should be designed to perform an entire service for an entire form.

    Reference:
    Chip Irek: Realizing a Service-Oriented Architecture with .NET

    Further Reading:
    Dave Chappell Extracting Business Value from SOA
    James Greenwood SOA Design with Agile methodologies

    05 March 2005

    Fun and not so fun stuff about techie interview

    Chris Sells collected a bunch of Microsoft Interview Questions Manhole is the new classic. I wish my boss could ask me that in my next internal review.

    Mike Woood has some excellent questions to 'strike' back (How to ask questions at your interview...or which questions to ask)What type of work is more prevalent at the company currently? How much project work is there? How much .Net? What are the goals of the company? ...
    Observe their body language on above most 'interesting' questions.

    Why WSE?

    WSE Executive Summary

  • Free. Save your investment on in-house development of WS-specifications framework or 3rd part product, such like GetAccess

  • Current release is guaranteed side-by-side compatible with future releases, thanks .net framwork

  • Message is end2end secured. This is in contrast to transport protocol or wire level security (e.g. HTTPS, SSL). It can be used for many different protocols such as SMTP, FTP, and TCP


  • What has been acheive?
  • Message Integrity
  • it uses XML Digital Signatures.
  • Confidentiality
  • is based on the XML Encryption specification
  • Authentication
  • It uses security token that embeds in SOAP header to identify a caller.

    For demo and more information read this:Web Services Home: Why WSE?

    04 March 2005

    Import/Export VS.Net keybinding shortcut mappings

    Every time a new Visual Studio released there are changes to the key binding or shortcut key mappings. Vs.NET 2005 seemed make sense than its predecessors as it introduces command themes and use chords (e.g. Ctrl+k, ctrl+c) instead of three-key shortcuts (Ctrl+Shift+b), as discussed in JoeN's Blog So why did the C# keybindings change?

    But it just annoying when everytime move to a new developement box, I have to reassign the keybings from Tools(Menu) Customize Keyboard...(button). At the moment I am fine on stealing my beloved box when I moved to new team without being caught by security cameras (there are two in the office known to me :-) ). Would it be great if I can just export the profile and import it to the new IDE? Seen a really straight forward idea, but VS.NET doesn’t offer you such function.

    As I am car-sharing with Jim and he is still fiddling on live release (Friday, 18:30 pm) I am in the mood for a little experiment.

    After a few searches, I found Joel Ross wrote a blog Saving VS.NET Settings on how to do it. The article also covers saving setting for Window Layouts, Toolbar\Menu Configurations, Customized Toolbox Settings and other Add-ins settings. For now saving a copy of keybindings and ReSharper will serve me well.

    Task 1 Export/import custom Keybindings:

  • Create Custom Keybindings: Launch an instnace of VS.NET. Then click Tools(Menu) | Customize | Keyboard...(button on the pop-out property window). This will open the Options window.

  • Assign shortcuts to commands as you wish. I select the Reflector add-in command: Reflector.ManageAddIn.Connect.Diassembler.CSharpCommand and assignit ALT+T,I

  • Save the Keyboard mapping secheme as a new seheme using the "Save as" button. I save it as Jingye keybindings

  • Click OK to close the Option window. Then close the Customize window. Close the VS.NET instance so the setting saved to your personal VS AppData directory

  • Use windows file expolorer to go to your AppDara directory: “\Documents and Settings\%Current User%\Application Data\Microsoft\VisualStudio\7.1\”

  • In this directory you will find a file called: "Jingye keybindings.vsk", it contains the shortcuts just created.

  • Copy and take it to another development machine, still put it in the same directory. If this directory is not existed, create it as “\Documents and Settings\%Current User%\Application Data\Microsoft\VisualStudio\7.1\”

  • Launch an instance of VS.Net on this machine, and select "Jingye keybindings" from Tools(Menu) | Customize | Keyboard...(button)| Keyboard mapping secheme (drop down list)


  • Now the new shortcut [ALT+T] [ALT+I] can be used on the new environment.

    While doing this I notice there are a folder "JetBrains" in the “\Documents and Settings\%Current User%\Application Data\". Guess can move the ReSharper profile I assigned in a similar way.

    Task 2 Export/import ReSharper user profile/options.
  • ReSharper adds a "ReSharper" menu to the VS.NET IDE. You can change the default setting with "Options..." sub-menu. Such like code style, code completion, etc.

  • The user settings is saved to “\Documents and Settings\%Current User%\Application Data\JetBrains\ReSharper\UserSettings.xml" once you close the VS.net instance.

  • The UserSettings.xml contains all configurable settings including code style, intellisense, as well as license key. You can port this file to a different user profile or developement box, but be careful and stay at the right side with the license agreement. Guys work on this deserve every respect of it.


  • I am still waiting for Jim to complete the release... :-(

    01 March 2005

    vs.net developer's toolbox

    I used to love playing PC RPG game such like The Magic Sword & The Chivalrous Youngsters. Player impersonates a Kongfu master and experiences the life of JiangHu(lives of the 'gang ring' and dark society). Typically you start with a junior level and knowing very little about martial art weapon and armour art master. Then you start learning from other masters and pick up some ‘Kongfu Sutra’ and practicing yourself. You will be on assignments, such like escort a convoy through treacherous terrain or to steal a treasure chest from the royal palace etc. In these assignments you will found lots o gem or little secret chest. Pick it up, and some are powerful weapons that require practicing. Some are secret potions that will grant you transit magic power. Inevitably by the time the game ends, you are a grown Kongfu master.

    Similarly, there are VS.Net add-ins tools to the IDE that help us more to be more productive and write better code. I think part of the fun of it is to find the add-ins, install it, evaluate the usefulness, assigned the keyboard shortcuts and being familiar on using them without mouse click. In pair programming, it is just amused to play the trick and see the look on your peer’s face: ‘how do you do that?’ (VS.net 2005 has incorporate many of these add-in features such like TestDriven.net or code refactoring :-) ).

    Order in weight of importance, I feel these tools are must have (some of them are not really VS.NET addins but just powerful tools):


    • Google tool bar, save you many clicks and key stokes to go to it’s home page.


    • nUnit + TestDriven.Net
    • (an very cool nUnit addin to VS.NET that enables inline unit test and debugging without leaving the IDE.

    • ReSharper.
    • Code refactoring and code reformat are the two I used most.

      Sometimes object browser is just not enough. A spycam would be useful:
    • Lutz Roeder's .Net Reflector + Reflector Addins.
    • The one I use most is the Reflector.VisualStudio

    • In a team enviroment CruiseControl.net is the most important tool for code shared check-out and continuous integration(CI).
    • It reads an nAnt script and do whatever commandline tasks it is told. Monitoring code repository, build solution with VS.net (devenv), run all unit test etc. There are also a system tray client appicon (CCtray) sends notifications on build state.

    • nCover should also be considered as part of the nAnt task in your continuous integration(CI)
    • In the dev environment I am working, we have an uber code integration build server and many team and projects are contributing to the same code repository. Our team was quite proud to bring the 'green bar' from 11% to 53%. Alan Dean compares the usefulness of nCover and CoverageEye.net in commandline mode. I haven't tried the CoverageEye.net for the CI.

    • ieHTTPHeader
    • an explorer bar for Internet Explorer that will show you the HTTP Headers IE are sending and receiving. Quite useful at ASP.NET web app debugging.

    • Chris Sells' RegexDesigner.NET A very inspiring regex composer, helps a lot on learning reguar expression.


    • nDoc Your PA for documentation, taking awful longtime to run but works well.
    • The good news is you don't have to run it until next release.

    • Albeit the not very smart name FxCop
    • does help the development team on code review. Sometimes I find it is quite daunting to click the analysis button particularly newbies on .NET. We started with runing it as part of continous integration, then disabling a few rules and endup with running it for code review only.

      Last but not least the
    • Araxis Merge Tool. Similar to windiff just 100 times better. ASCII, binary and recursive comparison on file system. You can specify multiple regex to by-pass trivial things like comment. Last time we use it for code migration on 100+ java packages with more than 800 classes, which coupling with live binaries version identification. It helped a lot.

    I may have missed some but these are the most important tools to me. Once get them running, the next step it to hook them into VS.NET using Add-manager. Then assign keyboard mappings and be familiar with them.

    It won't be long before you call mouse as the WMD (Weapon of Mass Distraction)