This content has been marked as final. Show 6 replies
Configure the OSB endpoints to recognise the source system based on the security certificate and forward the messages on to the correct target system.U can try using Service Accounts - User Mapping features of OSB to authenticate the request coming from different source systems.
Hope it helps !!
Edited by: Abhinav on Dec 4, 2012 5:32 PM
You can do it at application level based on identity passed in headers, by implementing filters in the services based on identity or consumer application etc.
But my suggestion is to implement it at infrastructure level rather than at application level by separating test environment from production using firewalls. So even if a service in TEST environment tries to call the service deployed in PROD environment, it will not pass the network layer. In my experience its more safe approach to take than building policies within application.
This is one of the options that we have for setup however this leaves us with a remaining problem.
In our SOA server the composites have the endpoints of other systems coded into them.
Currently as we move from SOADEV -> SOATST -> SOAPROD we have a manual step which is to go into enterprise manager -> HTTP Adapter and manually change the addresses. This needs to be done for more than 10 services.
Sometimes our DBA’s need to shuffle systems around. e.g. Our server prj09 may one day be our ICISDEV environment and another day be ICISTST. At the moment this requires our DBA’s to manually adjust the addresses in all services that call the service.
Neither AIA’s endpoint Configurator or Configuration plans can address this issue as they are only activated on deployment.
The problem isn’t just making sure SOA sends messages to the correct system. We have 3 SOA servers (DEV/TST/PROD) and other systems also need to know the correct one to call. We have resolved this with custom tables and custom PLSQL. This gives the DBA's another maintainance job.
To avoid hardcoding addresses weblogic I realise it would be possible to create Java programs to read from simular tables to call the correct system and getting the composites to call the Java code but this is all very complex.
I had thought OSB would solve this problem by providing a single endpoint which every system would call. It would then route the message to the correct system, but if you have 3 different OSB’s (DEV, TST, PROD) then it wouldn’t help resolve this problem at all.
In fact the high level sales talk stuff led me to believe that this was exactly the sort of problem OSB is designed to address. Maybe I mis-understood.
How do you address this issue?