Demonstration of Infologica Web Services Routing Gateway
Infologica Fusion Framework can be easily deployed in the perimeter network and configured to work as a web services routing gateway providing the seamless integration of the external web clients with the internal business infrastructure.
The current demo shows how Infologica Enterprise Services Manager helps Web Services administrator with discovery and secure exposure of the internal web service to the outside world. According to the scenario given below we are going to create the service intermediary in the DMZ which validates the digitally signed SOAP envelopes, making sure that only Cryptographically Endorsed messages can be routed to the internal business service.
The current demo shows how Infologica Enterprise Services Manager helps Web Services administrator with discovery and secure exposure of the internal web service to the outside world. According to the scenario given below we are going to create the service intermediary in the DMZ which validates the digitally signed SOAP envelopes, making sure that only Cryptographically Endorsed messages can be routed to the internal business service.
 |
Using Infologica Enterprise service manager we first login to the Infologica Fusion development environment.
 |
As an example of the internal standard web service we are going to use the "Sample" Web Service which comes with the Infologica Fusion SDK.
This service configuration does not allow anonymous access and enforces the XSD validation of web service request.
 |
The WebServices Administrator uses Enterprise Services Manager to create the new web client "InfologicaService" which will identify the DMZ routing web service.
Administrator creates the new subscription policy which represents the mapping between the client identity and the list of selected web service(s), in our case the "Sample" service.
Administrator also enforces the message encryption for both inbound and outbound messages.
 |
Administrator continues configuring the client and chooses the X.509 certificate as a client identity.
This means that only messages digitally signed by InfologicaService private key will be routed to the Sample Web Service.
 |
At this stage the Web Services Administrator has to create and configure the intermediary service which requires loging to the DMZ environment using Infologica Enterprise Management console.
Administrator creates the new service "SampleRouterService" and selects the "Intermediary" Service type. This enables the UDDI service discovery interface.
 |
Administrator specifies the url of the internal "Sample" Web Service and clicks the "Go" button which initiates a web service discovery.
The UDDI discovery returns the lists of schemas, services, ports and web service operations.
 |
The Enterprise Manager visual interface allows to save the target schema files and map the ultimate service web operations to the external end-points.
In this example the routing end-point "Negotiate" has SOAP mapping to the target action "Infologica.Web.Services.Sample/Negotiate"
 |
On the next stage the Web Services Administrator configures the Intermediary service proxy access, execution timeout, authentication and data encryption policy.
Administrator makes sure that selected digital signing and data encryption certificates for DMZ environment do match to the one defined by the client subscription policy for the internal network.
 |
Once the changes have been applied and propagated to all Infologica Fusion Clusters the SampleRouterService Interface became publicly available for UDDI/WSDL discovery and web client proxy generation.
 |
The last step for the WebServices Administrator is to configure the public access policy to the internal service.
In this example Administrator creates the new web client "InfologicaClient" identified by the Infologica.Client X.509 certificate with the subscription for the "SampleRouterService" service.
Administrator also enforces the message encryption for message request and response.
 |
All configuration is done. WebServices Administrator just needs to conduct the end-to-end wdeb service routing test using Infologica WebServices TestBench.
According to first test scenario the message is not digitally signed which results in the "Unauthorised request" SOAP Exception.
 |
In the second test scenario the message is digitally signed by the Infologica.Client X.509 Certificate selected from the certificate store.
 |
Administrator uses Infologica WebServices TestBench to send the test XML request message...
 |
...and receives the successfull test response message from the Sample Service.
 |
