This document includes the following topics:
Note: | Documentation for all BEA products, including ALSB documentation, is available on the BEA Product Documentation Web site. |
ALSB is an enterprise-class service bus that connects, manages, and mediates interactions between heterogeneous services. ALSB accelerates service configuration, integration, and deployment, thus simplifying management of shared services across the SOA.
ALSB is policy-driven and enables loose coupling between service clients (service consumers) and business services (service providers). It provides a point of security control, monitoring, and Service Level Agreement (SLA) enforcement. Changes to service integration relationships are implemented dynamically through configuration, not code, allowing you to evolve and customize your service architectures with respect to security, service location, availability, data formats, monitoring, transports, communications, and so on.
As part of an enterprise messaging fabric, ALSB can be used horizontally across many applications and systems, potentially spanning service implementations built by different teams in different departments. ALSB separates a set of management functions from the service implementations, thus allowing the implementations to evolve independently and dynamically as driven by the needs of the business without requiring costly infrastructure development efforts.
For more information about ALSB concepts and architecture, see BEA AquaLogic Service Bus Concepts and Architecture.
To download ALSB, go to the BEA Downloads site.
In addition to its comprehensive connectivity, mediation, and management capabilities, AquaLogic Service Bus 3.0 offers functionality to ease the pain of enterprise-wide SOA. The major themes and features in AquaLogic Service Bus 3.0 include:
Following are more detailed descriptions of new ALSB 3.0 features:
The ALSB Plug-in for WorkSpace Studio lets you configure services in the development environment in addition to the ALSB console. The ALSB plug-in contributes to a unified, collaborative design experience across development teams and BEA products, promoting faster time to value, asset reuse, and higher development productivity.
Working with services in WorkSpace Studio lets you view all aspects of the service quickly, tab to tab, without having to move among multiple screens like you do in the ALSB console.
ALSB is integrated with ALRR and ALSM to provide end-to-end governance and management, providing built-in capabilities for service virtualization, WS-Security, and policy enforcement around throttling and service pooling.
With a unified development environment in WorkSpace Studio, reusable ALSB service components can easily participate in composite business processes developed with ALBPM. You can also expose business process applications as reusable business services within ALSB.
When working with the AquaLogic Enterprise Repository (ALER) plug-in’s Service Assembly Modeler in WorkSpace Studio, you can quickly navigate from a Service Component Architecture (SCA) resource to the design view for an ALSB service.
ALSB 3.0 also supports the sharing of metadata with ALRR in WorkSpace Studio, ensuring an effective communication and feedback loop among service designers.
With ALSB throttling you can limit the amount of throughput to business services to support policy enforcement and prevent overloading of those services.
ALSB’s Split-Join feature lets you split requests, such as orders, into individual line items for concurrent, parallel processing. Parallel processing, rather than sequential processing, greatly improves the efficiency with which services handle requests.
If a service endpoint is not responding, you can take that service endpoint URI offline automatically and route service requests to alternate service endpoints. When the endpoint URI comes back online, it can be automatically added back to the endpoint pool to handle requests.
ALSB expands it’s standards support with support for WS-RM.
ALSB provides native connectivity to WebSphere and WebSphere MQ systems, and it provides SWIFT-certified transports for SWIFT alliance and SWIFT gateway.
For more information, see the ALSB 3.0 datasheet.
The following sections summarize the supported configurations for ALSB 3.0.
For information about supported operating systems, databases, drivers, browsers, plug-ins, and other hardware and software requirements, see Supported Configurations for AquaLogic Service Bus.
For information about installing ALSB, see AquaLogic Service Bus Installation Guide.
For information about ALSB 3.0 interoperability, including information about support for compliance with messaging standards including SOAP, HTTP, JMS, SMTP/POP/IMAP, FTP, SSL, XML, XML Schema, WSDL, WSRP, and WS-Security, see AquaLogic Service Bus Product Support Information.
Two data transformation tools are installed when you install ALSB and Workshop for WebLogic—the BEA XQuery Mapper plug-in for Eclipse 3.1 and Format Builder. Eclipse 3.1 and Format Builder are supported on Windows platforms only.
When you install ALSB 3.0, the required patches listed in Table 1 are installed automatically. If you uninstall any of these required patches and need to reinstall them, use the information in Table 1 in conjunction with Smart Update to reinstall and apply the patches.
For more detailed information about the patches, run Smart Update and click the information icon next to the patch ID.
See the AquaLogic Service Bus Upgrade Guide.
The following sections describe known problems in ALSB 3.0, as well as problems that were resolved in 3.0. Entries include a description of the problem and a workaround or solution where appropriate. A notation in the Fixed In column indicates that the problem has been resolved:
|
|||||
WSDLs with partnerLinkType extensions are not properly handled by the extension parser unless all namespaces used within that element are defined on the element itself with unique namespace prefixes.
Workaround: If the WSDL resource has
<plnk:partnerLinkType/> , it is necessary to define all the namespaces used within the partnerLinktype on the <plnk:partnerLinkType/> element itself. In addition, the namespace prefix has to be unique within the WSDL even if the namespace values are similar to ones defined on the parent node.
This WSDL will not work because
xmlns:tns is defined both on <wsdl:definitions/> and <plnk:partnerLinkType/> even though the namespace value is exactly the same.
<wsdl:definitions name='LoanServices'
|
|||||
For it to work, change the WSDL as follows. Notice that on the
<plnk:partnerLinkType/> element, the namespace prefix and all its references are changed from tns to tns2 .
<wsdl:definitions name='LoanServices'
<plnk:partnerLinkType name='loanPartnerLinkType'
|
|||||
Creating a domain template from an existing ALSB domain, and then using the template to create a domain in a different
BEA_HOME location will not work.
When creating a domain template from an existing domain, the
setDomainEnv file includes a reference to a hard-coded BEA_HOME location. Therefore, if you use the template to create a new domain in a different BEA_HOME location, ALSB_HOME points to the old BEA_HOME .
|
|||||
Using the MQ transport, you cannot define retry counts on a queue. Therefore if a message is read and rolled back by the pipeline, the proxy service will keep trying to read and process the message indefinitely.
Workaround: Implement the retry logic in the pipeline by checking the
backoutCount MQMD header that is set by MQ on the message. The backoutCount MQMD header tells you the number of times a message has been backed out. The pipeline can be configured to publish the message to a dead letter queue and stop the processing when the backoutCount reaches a certain number.
|
|||||
Upon initially launching WorkSpace Studio and specifying a workspace directory location, do not locate your workspace in a deeply nested directory.
|
|||||
If your reliable client code stores any instances of
weblogic.wsee.connection.transport.https.SSLAdapter or weblogic.wsee.connection.transport.http.HttpTransportInfo , these objects must be serializable and their classes must be on the system classpath. Otherwise, SAF may fail during restart if there are reliable conversations pending.
If you see an error similar to the following, then your implementation of
SSLAdapter or HttpTransportInfo is probably not on the system classpath:
|
|||||
Creating a domain template from an existing ALSB domain, and then creating additional domains from your template doesn't work.
The newly created domain doesn't have the right policy definitions, as a result you can't login to the ALSB Console.
This is because the tool which generates templates from an existing domain (config_builder.cmd/sh) does not include the following files in the resulting template JAR:
DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift .
Workaround: After creating the template, add the missing files,
DefaultAuthorizerInit.ldift and XACMLAuthorizerInit.ldift , from the DOMAIN-ROOT /security folder (of your original domain) to the security folder inside the template JAR. You should do this before you create any new domains from this template.
|
|||||
The activation of a session that deletes a JMS proxy service will hang when an instance of that proxy service is stuck on some operation.
|
|||||
Message flow editing is HTTP session based. While using the message flow editor, you will not be aware of any changes that were done in another browser window or in core. Once you save the message flow and activate your changes, you'll have the option of undoing your changes or another user's changes.
|
|||||
Using a very large input MFL with a file transport proxy service that routes to a business service causes the output file to be duplicated.
|
|||||
Running simultaneous MFL transformations on the same MFL resource may result in the following error:
|
|||||
When you configure JMS endpoints with SSL ports in a clustered environment and use a local queue, rather than a distributed queue, as an inbound request queue, you might see connection exceptions. These exceptions are thrown by the MDBs deployed on the cluster nodes different from the node on which the local queue is deployed.
|
|||||
When running MQ Server under a heavy load (for example, 200 clients) or over an extended period of time (for example, 24 x 7 production system), a connection error occurs.
|
|||||
The following JNDI and JMS resources are secured in ALSB 3.0 and only users in ALSBSystem role or Admin role can access them:
|
|||||
BEA JRockit R27.2.0 is installed with ALSB 2.6 RP1. To avoid potential issues when running the SFTP transport on JRockit R27.2.0, download JRockit R27.3.1 from
http://commerce.bea.com/products/weblogicjrockit/accept_terms50.jsp.
|
|||||
A new SLA alert may not fire if you change the order it appears in the list of alerts for a service in the ALSB Console.
|
|||||
Updates to an EJB client JAR or an EJB converter JAR are not reflected in the deployed EJB transport-based business service.
Suppose you have an EJB transport-based business service that uses an EJB Client JAR file and a Converter JAR file. If you update the implementation in one of those dependent JAR files, ALSB re-validates the business service, but because the interface has not changed, no errors are raised. However, ALSB will not redeploy the EJB transport-based business service, so it will continue to contain the implementation from the previous version of the JAR file. The EJB endpoint needs to be redeployed to contain the updated JAR file implementation.
|
|||||
A monitoring run-time exception can occur at startup for managed servers if activation notifications reach different managed nodes at different times
Failed to initialize statistics data structure after checkpoint #### due to java.lang.Exception: [WLI-Monitoring Runtime:473230]Aggregator rejected statistics reported by server <managerserver> with tick #### because the server snapshot version xxxx is not compatible with current snapshot version yyyy
|
|||||
Attributes on the SOAP envelope element may not be preserved when the message is modified in the pipeline.
Previously, insert, replace, delete and rename operations on $body or $header left attributes on the SOAP envelope unaffected (though not so for an assign to $body or $header). These attributes can include the
encodingStyle attribute or other custom attributes whose loss may have a serious impact on the processing of the message. However, namespace attributes are preserved in the message.
Workaround: Do not use attributes, other than namespace declarations, on the SOAP envelope. Instead, push these attributes (such as
soap:encodingStyle ) down to the SOAP Body element. When attributes are on the SOAP Body or Header element, they are fully exposed in the pipeline and under the control of the transformation operations.
|
|||||
ALSB can successfully import services from a UDDI registry even if those services were created with a newer version of ALSB. For example, services created in 2.6 can be published to UDDI and subsequently imported into 2.5.
This presents no problem if the proxy service published by the later version uses no features new in the later release—that is, the service can be imported and invoked in the earlier ALSB version.
However, if a proxy service published by the later version uses features new in that version, it cannot be used in the earlier version. (for example, a SOAP1.2-based business service can be imported, but it does not work.)
It is also possible that a proxy service published by a later version of ALSB differs in how it is published compared to how services were published from older versions. The service may be supported after import to the earlier version; however, the imported business service may need to be fixed after import (for example, in 2.6, there were changes to how transport security was published).
|
|||||
Due to hot deployment, the correct version of an invoked service's MFL or WSDL may not be properly seen by a proxy service that invokes that service.
|
|||||
Publishing to UDDI intermittently returns an error when you publish a service to AquaLogic Service Registry.
|
|||||
A single stand-alone JMS client cannot consume all messages on uniform distributed queues (UDQs) when the default ForwardDelay is set.
|
|||||
When you copy large files into an input directory in Windows, misleading errors are logged to the server log file.
In the Windows operating system, when you copy large files (for example, 100MB) into the input directory of a file transport proxy service, errors are logged in the server log file that state
"File cannot be moved from location <filename> to the stage directory. Current Process may not have permission to do this operation" . These errors may occur while the file is being copied. However, the file is processed successfully on the next polling cycle after the copy completes.
|
|||||
Do Not Use the Default System Prefix (soap-env) when Constructing a Non-System Fault in AquaLogic Service Bus
When you create a non-system fault in ALSB, you cannot use the default system prefix (
soap-env ) for the namespace. You must declare a new namespace prefix and use it in the faultcode .
|
|||||
An ALSB domain cannot boot and generates weblogic.transaction.loggingresource.LoggingResourceException if the domain is a new domain using the same database, schema, and LLR table as an existing domain.
When you move a domain template to a different machine and use the template to create the new domain, the new domain is not able to boot and
weblogic.transaction.loggingresource.LoggingResourceException is thrown. The following details outline the scenario:
|
|||||
Workaround: You must use the same domain name when you create the new domain using the same template on a different machine. Alternatively, change the name of the LLR table that the new domain uses. You can configure this on the WebLogic Server Administration Console on a per Server basis, using the
JDBCLLRTableName attribute on the ServerMBean.
|
|||||
Keep the path of proxy services short for successful deployment on Windows machines because of a system path length limitation.
This limitation applies to both JMS proxy services and business services with responses. Because the generated proxy service EAR file is created in the domain directory, you should keep the path to the domain directory short. It is not necessary to keep the name of the proxy service or business service short.
The limit for the generated EAR file is 50 characters and the null terminator is 1 character. Therefore, in a single server domain, the domain directory path (including the following slash) may not exceed 209 characters. In a cluster domain, the domain directory path plus the name of any managed server may not exceed 142 characters.
|
Web Services security user name token with password digest requires using the default Authentication provider.
The DefaultAuthenticator is the only out-of-the-box Authentication provider that supports password digest authentication. For more information on Authentication providers, see
Configuring Authentication Providers in the AquaLogic Service Bus Security Guide.
|
|||||
Consider the scenario in which an HTTPS request (HTTP over SSL) comes into the Web server front end; the WebLogic Server Web server plug-in subsequently forwards that request to an ALSB managed server containing an ALSB HTTP proxy service.
The Web server plug-in can be configured to forward the request over HTTP—that is, without using SSL. However, the ALSB HTTP proxy service interprets the request as having come over HTTPS and rejects it. In this case, the server log shows an error of the form:
<Exception in HttpTransportServlet.service: javax.servlet.ServletException: Cannot process inbound request to endpoint ProxyService Project/folder/ProxyName over https
Workaround: Configure the proxy service with the HTTPS transport. Even though the message comes over the non-SSL port from the Web server, ALSB recognizes that the message originally used the HTTPS protocol and accepts the message as an HTTPS message. The SSL port in the ALSB domain must be enabled to do this, even though it is not used in this scenario.
|
|||||
Workaround: Establish domain trust. When there is no cross-domain transaction, these security exceptions can occur for WebLogic Server 9.1 and earlier releases. For 9.2 to 9.2 cross clustered domain JMS/JNDI/RMI calls, this exception is intermittent. Workaround: Configure the JTA SecurityInteropMode to “Performance” in the WebLogic Server Administration Console for 9.x domains, and on the command line for older versions. For more information, see “Setting Security Interoperability Mode” in Configuring Domains for Inter-Domain Transactions in Programming WebLogic JTA. |
|||||
ALSB 2.5 service validation generates warnings when a policy bound to the service has unknown policy assertions. However, this release does not check for unknown policy assertions in WSDL or WS-Policy resources.
Workaround: Check for unknown WS-policy assertions in the WSDL. Ensure that the WSDL contains only valid assertion entries. For more information see
Using Web Services Policy to Specify Inbound Message Security in the Security Guide.
|
|||||
Before deleting, moving, renaming, cloning or deleting a proxy service (or deleting, renaming, or moving a project or folder (which, in effect, changes the URL for proxy services in the projects or folders)), delete all associated Transport-level (HTTP and HTTPS) and Service-level access control security policies.
Failure to delete these policies will leave the policies in the authorization-provider database and potentially cause unexpected results and potential security vulnerabilities, such as leaving unprotected a service which was previously protected.
|
|||||
A problem in the client-side Web Service Security runtime causes X.509 token authentication to fail in certain cases.
Make sure to include a dummy username token
CredentialProvider (see source code that follows) along with a ClientBSTCredentialProvider in the list of credential providers passed to the JAX-RPC client. The credential provider list is passed to the client as the value of the property named weblogic.wsee.security.wss.CredentialProviderList .
For more information, see “Updating a Client Application to Invoke a Message-Secured Web Service” under “Configuring Message-Level Security (Digital Signatures and Encryption)” in
WebLogic Server Web Services: Security.
|
When running the cross-domain request-response JAX-RPC over a JMS application with different security subjects in the communicating domains, you would not be able to protect the inbound request queue with the ACL-based security policy. This is because, accessing this queue would require setting local username and password on the stub using
Stub.USERNAME_PROPERTY and Stub.PASSWORD_PROPERTY . Such a setting causes propagation of the local subject into the remote domain, consequent security exception and lack of the JWS execution.
|
|||
You cannot move an ALSB configuration JAR file with encrypted resources exported with the Sun or JRockit JDK to the IBM AIX JDK and vice-versa.
There are differences in the various JDK implementations of the Password-Based Encryption algorithms used by ALSB to protect resources with sensitive data. These differences cause import to fail when an encrypted resource created with the Sun or JRockit JDK is imported into the IBM JDK or vice versa.
For information about the encryption algorithms, see http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html#PBE).
|
|||
XQuery Mapper exits abruptly while a new XQuery transformation is being created with a large schema.
|
|||||
It is not possible to create a copy link while doing non-XML to XML and XML to non-XML data transfer.
|
|||||
When the transformation file involves both XML and non-XML schema as inputs—even if the XML schemas are not mapped for output—testing of such transformation requires both the XML and MFL (non-XML types) source data to be available in order to perform testing. However, this is not the case with XML-only transformations.
|
|||||
The XQuery Mapper may hang, displaying the following message when attempting to open large XQuery files in the Test view: “Initializing... Please wait.”
Workaround: Close the XQuery file and reopen it. Do not switch views while the file is being opened.
See CR250692.
|
|||||
In Eclipse, if you click on a target node item and right-click on any OR, then select Change Join condition to And from the pop-up menu, nothing happens.
|
|||||
This section contains required patch information and known and resolved issues for SmartConnect.
The patches in Table 2 are required for SmartConnect 3.0. Use Smart Update to install and apply the patches.
Table 9-3 in the
AquaLogic Service Bus Security Guide incorrectly states that a user in the IntegrationDeployer role can view and edit, but cannot create or delete UDDI registries.
|
|||||
The Listing and Locating Access Control Policies topic provided in the online help that you launch from the ALSB Console does not mention that you can create a message-level access control policy for proxy services that have message-level custom authentication.
|