Projects:Integration With Apache CXF/Specifications

Contents 1 Goal 2 Functional Requirements 3 Technical Specs 3.1 Web Service Framework 3.2 Tasks for Supporting Apache CXF 3.3 Security

Goal

The goal of this project is to create a module that provides an infrastructure that allows to create and consume SOAP web services.

Functional Requirements

The main functional requirement of this project is to have an infrastructure that allows to communicate with external systems using the SOAP protocol.

Technical Specs

Web Service Framework

A first research stage was done for this project in order to decide which Java based web service framework should be taken as the base for our infrastructure. After this stage, the following frameworks were pre-selected:

• Apache CXF
• JAX-WS RI (Metro)
• Axis2

To determine which framework we should finally took, the following aspects were considered:

• Maintenance: if it is an active project, with good support and frequent updates.
• Performance: it if has an acceptable performance.
• Deployment: how complex is its integration with Openbravo.
• Library Collisions: how many conflicts does the framework has with the libraries already present in Openbravo?.
• Developer Oriented: if the framework provides a good API for developers to play with it.

Taking into account all of these factors, we finally decide to select Apache CXF as the framework which our infrastructure would be based on.

The following sheet has a summary of all this research stage.

Tasks for Supporting Apache CXF

After selecting Apache CXF option, several tasks were performed in order to ensure that we correctly support this framework:

• Avoid collisions with the woodstox library. See issue 40246.
• Upgrade the wsdl4j library. See issue 40528
• Avoid collisions with the JAXB implementation library and its dependencies, which were updated in core as part of the Hibernate upgrade to version 5.4.2.

Security

Apache CXF provides an advanced security API to help in the implementation of secured web services.

To provide this API it is necessary to include big set of libraries into the classpath (together with the minimum required ones).

For this reason, for the moment the use of the Apache CXF security modules has been discarded, and a basic HTTP authentication based in interceptors will be provided instead. This authentication is based in the AuthenticationManager infrastructure, this way it will take into account the standard login features (license, stateless sessions, etc.) in a transparent way.