Comments
yourfanat wrote: I am using another tool for Oracle developers - dbForge Studio for Oracle. This IDE has lots of usefull features, among them: oracle designer, code competion and formatter, query builder, debugger, profiler, erxport/import, reports and many others. The latest version supports Oracle 12C. More information here.
Cloud Computing
Conference & Expo
November 2-4, 2009 NYC
Register Today and SAVE !..

2008 West
DIAMOND SPONSOR:
Data Direct
SOA, WOA and Cloud Computing: The New Frontier for Data Services
PLATINUM SPONSORS:
Red Hat
The Opening of Virtualization
GOLD SPONSORS:
Appsense
User Environment Management – The Third Layer of the Desktop
Cordys
Cloud Computing for Business Agility
EMC
CMIS: A Multi-Vendor Proposal for a Service-Based Content Management Interoperability Standard
Freedom OSS
Practical SOA” Max Yankelevich
Intel
Architecting an Enterprise Service Router (ESR) – A Cost-Effective Way to Scale SOA Across the Enterprise
Sensedia
Return on Assests: Bringing Visibility to your SOA Strategy
Symantec
Managing Hybrid Endpoint Environments
VMWare
Game-Changing Technology for Enterprise Clouds and Applications
Click For 2008 West
Event Webcasts

2008 West
PLATINUM SPONSORS:
Appcelerator
Get ‘Rich’ Quick: Rapid Prototyping for RIA with ZERO Server Code
Keynote Systems
Designing for and Managing Performance in the New Frontier of Rich Internet Applications
GOLD SPONSORS:
ICEsoft
How Can AJAX Improve Homeland Security?
Isomorphic
Beyond Widgets: What a RIA Platform Should Offer
Oracle
REAs: Rich Enterprise Applications
Click For 2008 Event Webcasts
In many cases, the end of the year gives you time to step back and take stock of the last 12 months. This is when many of us take a hard look at what worked and what did not, complete performance reviews, and formulate plans for the coming year. For me, it is all of those things plus a time when I u...
SYS-CON.TV
Bulletproof Web Services
Follow basic principles

Web services are gaining industry-wide acceptance and usage. They are moving from proof-of-concept deployments to actual usage in mission-critical enterprise applications. While Web services allow businesses to connect to partners and customers, the same flexibility and connectivity provide an increased opportunity for errors.

As companies and consumers rely more on Web services, it is increasingly important for Web services developers to know how to properly design, develop, deploy, and ultimately manage a Web services system. However, because of the inherent complexities that can arise with a Web service implementation, it can be difficult to grasp practical fundamentals and devise a step-by-step plan for Web services development.

We will look at the nuts and bolts of implementing and deploying a reliable, high-quality integration system - or rather, a bulletproof Web service. This article explains issues specific to Web services and illustrates the engineering and testing practices required to ensure complete Web service functionality. First, we will discuss the planning and design of a sample Web service. Then, we will discuss the infrastructure needed to ensure that the Web service functions properly. Whether creating Web services from scratch or integrating legacy back-end servers via Web services, the practices and principles outlined in this paper will be of great benefit.

Web Service Creation: Planning and Design
To make the discussion as concrete and pragmatic as possible, a sample Web service implementation is discussed. The example is a service for a large realtor with office branches across the country. This realtor needs to implement a Web services initiative that supports the following requirements:

  • Potential and existing customers will submit contact information, desired living location, and desired price range of a home via the Web service. These users should receive a response from the server that gives them the location of the branch closest to them, as well as an estimate of the monthly mortgage. This will enable users to contact a real estate agent and begin the process of finding a home.
  • Real estate agents from different branches will submit a request for a list of potential customers who are looking for homes in the local area. This will enable the real estate agents to earn business and establish contact with interested customers.
Target Requirements
Two target requirements are needed to build the example Web service. As the name suggests, these targets are landmarks within the development process that your team should aim for. These targets will help to drive the feature set of your Web service and enable you to measure your progress. When these targets are reached, you'll know you are on the right path.

Target 1: A use case scenario shall pass after meeting these requirements:

  1. A dummy request is sent to the Web service for customers.
  2. A SOAP response is received.
  3. Verify that the SOAP response contains a SOAP fault.
Target 2: A use case scenario shall pass after meeting these requirements:
  1. A valid request is sent to the Web service for agents.
  2. A SOAP response is received.
  3. Verify the SOAP response contains a list of customers that may be of length zero.
A test case is created for each target, to verify that each requirement is met. At the beginning, each test case should return an "incomplete" failure message to clearly indicate that the related feature has not yet been implemented. These test cases will continue to fail until the feature is implemented. This example starts with two targets, but this number is arbitrary. For a bigger project, you may want to have 10 targets, each one measuring an incremental step. You can track how close you are to completing your project by monitoring the test cases for these targets.

You may use various frameworks or tools to create test cases for the targets. Whatever framework or tools you decide to use, the use case scenario involves a SOAP Client sending a message, waiting for a response, and then verifying the response.

Robustness Requirements
When test cases for our targets succeed, we can begin to flesh them out and verify that the new feature is implemented correctly. As seen in Figure 1, robustness requirements should be met before moving on to the next target feature.

While the target requirements drive the features set, these additional requirements ensure the robustness of the Web service:

  • Normal Use: The Web service must function in the manner for which it was designed. For each operation exposed through the Web service, the request and response pair should adhere to the binding, and the XML should conform to the message description. In short, the server and client send and receive what is expected.
  • Abnormal use: The Web service must function even when it is being consumed outside the lines of its intended use. An abnormal use case would involve sending a value other than those expected or not sending a value at all. For example, one application may send an XML instance document based on an older version of schema, and the receiving application may use a newer version of schema. In any case, a Web service should alert the consumer appropriately without any malfunctions.
  • Malicious Use: The Web service must function even when it is deliberately and maliciously being consumed outside the lines of its intended use. For example, hackers may try to gain access to privileged information from a Web service transaction without authorization, or they may attempt to undermine the availability of the Web service. To be able to function under, or even prevent, malicious use, a Web service should have security measures in place.
  • Use over time: A Web service implementation is likely to change over time. For example, perhaps a Web service exposes an application that is undergoing an iterative development process. Any Web service must continue to function properly during its entire life span, even as it is evolving.
Initial Architecture
Before jumping into the steps necessary to fulfill the target and robustness requirements above, you must be aware of the parts of the Web service that will need to be developed, tested, and verified. The initial architecture of the sample Web service will be comprised of the following (see also Figure 2):
  • Application logic (or business logic): Handles requests from customers and agents, makes necessary connection to the database, and returns responses to customers and agents.
  • Database: Stores relevant information about customers and agents.
  • Server: SOAP-enabled HTTP server that handles serialization from XML to objects for the application logic. The Apache Axis SOAP engine is an open source SOAP implementation that can be deployed on any J2EE server.
  • Proxy server: Allows for security and access management, so customers and agents have different levels of access to the available Web service.
  • WSDL (Web Service Description Language) document: A description of the Web service.
  • Client: The Web service client that the customers and agents will use to invoke the Web services.
Critical Infrastructure
Now that the basic necessities of the service to be created have been explained, you must concentrate on the foundations from which this service can be built. For Web service development to be successful, specific practices must be implemented correctly and consistently throughout your development group. This consistent application requires you to ensure that your development group has an appropriate supporting infrastructure, then ensure that the group follows a workflow from which error prevention practices are performed appropriately. Until this critical infrastructure is in place, you cannot expect a team to begin the development of a bulletproof Web service.

As seen in Figure 3, your development group must have a functioning source control system and automated build process before its members can begin writing code. A source control system and an automated build process are the fundamental requirements needed to ensure the development of quality Web services. As you will see, establishing this infrastructure provides the necessary framework for creating reliable Web services.

Source Control
A source control system is a database where source code is stored. Its purpose is to provide a central place where the team members can store and access the entire source base. There are two main reasons why we require a source control system.

First, source control gives each developer the freedom and safety to write, modify, and refactor code - even when it is risky to do so on his own sandbox (the concept of a sandbox will be explained later). If a code change turns out to be undesirable, the developers can easily undo their changes by reverting back to the code in the source control. While they are working on their changes, the rest of the developers always have a working version of the code.

Second, having a source control system is a prerequisite for the nightly build process. All of the files needed for the build process should be in source control. As explained later, the nightly processes access all required files from the source control.

Most organizations do not understand how to effectively use their source control system. Many simply underuse their source control system, don't require its use at all, or have it configured incorrectly for the group environment. To put your source control system to proper use, it is important that you understand and establish guidelines for your developers. Source control systems are so important that, without a properly configured system, quality software cannot be made.

Using a Sandbox
A sandbox is an area where copies of source code and other project-related files can be stored and manipulated without affecting the master source-code base. As I mentioned earlier, the reason that each developer should have his or her own developer sandbox is so that he or she can have the freedom and safety to undertake code changes even when it is risky. In addition to these indivisual sandboxes, organizations should keep one sandbox called the build sandbox. The nightly build process will take place on the build sandbox.

None of the files in the developer sandbox should be checked out for extended periods of time. Once a developer is finished writing a feature, he or she should delete all files from his developer sandbox and then shadow a new copy. This way, the sandbox stays in synch with the source of the application.

Before checking any code into the source control system, it is vitally important that the code be compiled first. Developers should never check in code that has not been compiled. The moment code is written, developers should resolve all compilation errors and compile-level warnings.

The build sandbox should be cleanly shadowed (i.e., receive read-only copies of the master files stored in the source control system) from the source control system and deleted on a daily basis.

These principles may sound obvious, or even naive, but it is surprising to find that many software organizations lack a clear policy on what is allowed to be checked in and out of their source control systems.

Nightly Build, Deployment, and Test Process
Once a source control system is in place, the next step is to establish an automated nightly build, deployment, and test process. The main reason for establishing these processes is to be able to monitor the progress of your development. The results from the nightly build process tell you whether there are any incompatible changes in the application components. A side benefit to having a nightly build process is that, in cases where a build is shipped or released, you already have a tested build process that has been running all along. The nightly deployment process serves to set up a context in which a set of tests can be run that verify your Web service. This enables you to run the nightly test process, which, in turn, tells you whether the Web service continues to run as expected even as it continues to grow and change.

Nightly Build Process
A separate build computer (different from the computers used by developers) should be designated for the nightly build process. A separate computer is used because configurations and system settings on a developer machine can sometimes hide various dependency errors.

Each night, all of the source code and related files should be shadowed from the source control system. A scheduled task should initiate the build script that compiles the necessary components and builds the application. The results of the nightly build process must be monitored each morning. If for any reason the build process fails, the failure must be investigated and resolved so that the build process succeeds and the following processes can be performed.

Nightly Deployment Process
If the nightly build process succeeds, the nightly deployment process should be launched. This process should also be automated via a script that is initiated by a scheduled task after the nightly build process succeeds. The deployment consists of the WSDL, server, database, client, and proxy server.

First the WSDL should be created from the latest source code and exposed on a port on the same machine that the build process ran on. The WSDL should reference the most recent versions of the schemas. The application should then be exposed as a Web service on the same machine. This machine, which should be the server, should be accessible on the network and should have a reliable connection to the database. The database should be set to its default configuration during this process. The Web service client, when applicable, should be created from the latest source code and deployed. The nightly deployment process should also be monitored each night so that any errors can be detected and fixed right away.

Nightly Test Process
Finally, a nightly test process must be implemented. In this process, the newly built application, WSDL, Web service, and client are automatically tested to verify that they satisfy all the requirements and that no regressions occur in the functionality. All the test cases should be shadowed from the source control and run. Any failures must be reported and monitored the next morning. In this way, a feedback loop is established whereby errors are detected and fixed as soon as they are introduced.

Conclusion
In order to develop fully functional, robust Web services, you must begin with the basic principles of creating and effectively using your source control system and automatic build process. For the example used here, we took a systematic approach to creating a Web service. At each step, we defined requirements and froze them once they were met. We were able to do this through creation of verification tests that were incorporated into source control and the nightly build process. By incorporating these fundamental building blocks throughout your entire development cycle, you will be able to confidently say that you created a bulletproof Web service.

About Adam Kolawa
Adam Kolawa is the co-founder and CEO of Parasoft, leading provider of solutions and services that deliver quality as a continuous process throughout the SDLC. In 1983, he came to the United States from Poland to pursue his PhD. In 1987, he and a group of fellow graduate students founded Parasoft to create value-added products that could significantly improve the software development process. Adam's years of experience with various software development processes has resulted in his unique insight into the high-tech industry and the uncanny ability to successfully identify technology trends. As a result, he has orchestrated the development of numerous successful commercial software products to meet growing industry needs to improve software quality - often before the trends have been widely accepted. Adam has been granted 10 patents for the technologies behind these innovative products.

Kolawa, co-author of Bulletproofing Web Applications (Hungry Minds 2001), has contributed to and written over 100 commentary pieces and technical articles for publications including The Wall Street Journal, Java Developer's Journal, SOA World Magazine, AJAXWorld Magazine; he has also authored numerous scientific papers on physics and parallel processing. His recent media engagements include CNN, CNBC, BBC, and NPR. Additionally he has presented on software quality, trends and development issues at various industry conferences. Kolawa holds a Ph.D. in theoretical physics from the California Institute of Technology. In 2001, Kolawa was awarded the Los Angeles Ernst & Young's Entrepreneur of the Year Award in the software category.

In order to post a comment you need to be registered and logged in.

Register | Sign-in

Reader Feedback: Page 1 of 1

SOA World Latest Stories
In his general session at 19th Cloud Expo, Manish Dixit, VP of Product and Engineering at Dice, discussed how Dice leverages data insights and tools to help both tech professionals and recruiters better understand how skills relate to each other and which skills are in high demand usin...
When building large, cloud-based applications that operate at a high scale, it’s important to maintain a high availability and resilience to failures. In order to do that, you must be tolerant of failures, even in light of failures in other areas of your application. “Fly two mistakes ...
Lori MacVittie is a subject matter expert on emerging technology responsible for outbound evangelism across F5's entire product suite. MacVittie has extensive development and technical architecture experience in both high-tech and enterprise organizations, in addition to network and sy...
Containers and Kubernetes allow for code portability across on-premise VMs, bare metal, or multiple cloud provider environments. Yet, despite this portability promise, developers may include configuration and application definitions that constrain or even eliminate application portabil...
Modern software design has fundamentally changed how we manage applications, causing many to turn to containers as the new virtual machine for resource management. As container adoption grows beyond stateless applications to stateful workloads, the need for persistent storage is founda...
Using new techniques of information modeling, indexing, and processing, new cloud-based systems can support cloud-based workloads previously not possible for high-throughput insurance, banking, and case-based applications. In his session at 18th Cloud Expo, John Newton, CTO, Founder an...
Subscribe to the World's Most Powerful Newsletters
Subscribe to Our Rss Feeds & Get Your SYS-CON News Live!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021


SYS-CON Featured Whitepapers
Most Read This Week
ADS BY GOOGLE