Projects:Integration With Apache CXF/Specifications
The goal of this project is to create a module that provides an infrastructure that allows to create and consume SOAP web services.
The main functional requirement of this project is to have an infrastructure that allows to communicate with external systems using the SOAP protocol.
Web Service Framework
A first research stage was done for this project in order to decide which Java based web service framework should be taken as the base for our infrastructure. After this stage, the following frameworks were pre-selected:
To determine which framework we should finally took, the following aspects were considered:
- Maintenance: if it is an active project, with good support and frequent updates.
- Performance: it if has an acceptable performance.
- Deployment: how complex is its integration with Openbravo.
- Library Collisions: how many conflicts does the framework has with the libraries already present in Openbravo?.
- Developer Oriented: if the framework provides a good API for developers to play with it.
Taking into account all of these factors, we finally decide to select Apache CXF as the framework which our infrastructure would be based on.
The following sheet has a summary of all this research stage.
Tasks for Supporting Apache CXF
After selecting Apache CXF option, several tasks were performed in order to ensure that we correctly support this framework:
- Avoid collisions with the woodstox library. See issue 40246.
- Upgrade the wsdl4j library. See issue 40528
- Avoid collisions with the JAXB implementation library and its dependencies, which were updated in core as part of the Hibernate upgrade to version 5.4.2.
Apache CXF provides an advanced security API to help in the implementation of secured web services.
To provide this API it is necessary to include big set of libraries into the classpath (together with the minimum required ones).
For this reason, for the moment the use of the Apache CXF security modules has been discarded, and a basic HTTP authentication based in interceptors will be provided instead. This authentication is based in the AuthenticationManager infrastructure, this way it will take into account the standard login features (license, stateless sessions, etc.) in a transparent way.