Skip to main content

WSO2 ESB Development best practices

Naming Conventions

When developing artifacts for WSO2 servers, follow the guidelines mentioned below.

  1. Project names - Create project names which reflects the intention of the project. It is better to end the project name with the server type which this project is deployed in to. This name should be unique within your source code repository

  1. Artifact names - When you create artifacts, always better to start the name with the project name and end with the artifact type. This would make the artifact name unique within the source repository.

  1. Custom Java Classes - When you create custom java code (custom mediators, custom formatters), adhere to the standard java packaging names with project names to distinguish your code

Project Structures

When developing artifacts for WSO2 servers, follow the guidelines mentioned below

  1. Start with a “Maven multi module” project as your parent project. This will be the top most level project in your source code hierarchy.

  1. Create projects according to the artifact types which you are going to develop.
Ex: ESBConfigProject to develop ESB artifacts, RegistryResourceProject for governance artifacts

  1. Create Composite ARchive (CAR) projects to bundle the relevant artifacts into an archive.

  1. If you need to create a common (core) project to include different types of projects (ESB, Registry), create a maven multi module project and add them as sub projects.

  1. Do not bundle custom mediators with the ESB artifacts which referenced that specific mediators in a single CAR file. This may cause deployment time exceptions during the due to dependencies conflicts. If you have a custom java code, always deploy that before deploying the ESB artifacts, which refers this custom code



General Best Practices

When you have environment specific artifacts such as endpoints, data source configurations, always better to use governance registry to store them.

When sharing the implemented projects among team members of the development team, use WSO2 Project Import Wizard since WSO2 Project Import Wizard is knowledgeable on handling the nested project structures supported by Developer Studio.

When exporting Developer Studio Projects you can either export individual projects and generate individual deployable artifacts or you can package them into a CAR file and export thar CAR file from IDE itself.

If you need to integrate your solution with a Continuous Integration server(Ex:Bamboo, Jenkins) and automate the build and deploy process, you need to use Maven support provided by Developer Studio for that. You should not include the Carbon Server extensions in CAR files and deploy to Carbon Servers,


Developer Studio - Deployment Best Practices

When you want to deploy artifacts to a Carbon Server, first you need to package all the artifacts to a CAR file. There are 2 possible methods to deploy to a Carbon Server.

Via Developer Studio IDE
Via Maven-Car-Deploy-Plugin

You can use any of the above 2 methods to deploy the CAR files to a Carbon Server. When you have modified your projects in Developer Studio, you can simply use Maven or IDE to publish latest version of the CAR file to the Carbon Server.

Design and Development Best Practices

1. Use mediators like XSLT and XQuery in complex transformation. Payload Factory and Enrich mediator perform better in simple transformation scenarios.

2. When a message is sent out from the inSequence , the reply is received by the outSequence by default. To receive the reply to a named sequence, use send mediator in the inSequence .

3. Do not use two consecutive send mediators without cloning the message using Clone mediator.

4. Always use REST APIs to expose RESTful interfaces over invoking Proxy Services.

5. Aggregation mediator works in tandem with Iterate or Clone.

6. Use templates to reuse the ESB configuration whenever possible.

7. Limit the use of in-line endpoints and use references to existing endpoints from sequence or proxy services.

Maintenance is easier when you isolate endpoint definitions from sequences and proxy services.

Security Guidelines and Best Practices
This section provides some security guidelines and best practices useful in service development.

  • Use DMZ-based deployments. Also see  
http://wso2.com/blogs/architecture/2011/04/public-services-gateway-and-internal-services-gateway-patterns.
  • Change default admin username and password.
  • Change the default key stores.
  • Secure plain text passwords and configure user password policies.
  • In REST services deployments, secure your services with OAuth (Bearer and HMAC) and Basic authentication with HTTPS. This is recommended because:
  • It adds authentication, authorization and validation in to the services.
  • It enables communication to be done in a confidential manner while achieving non-repudiation and integrity of the messages.
  • It helps you avoid attacks such as replay, DoS and to define rules for throttling the service calls.
  • It helps you to control access to services in a fine-grained manner using role-based, attribute-based and policy-based access control.

Comments

  1. I am sorry post my question here ...what is the difference between ESB Solution Project and ESB Config Project in WSo2?

    ReplyDelete

Post a Comment

Popular posts from this blog

How to configure timeouts in WSO2 ESB to get rid of client timeout errors

WSO2 ESB has defined some configuration parameters which controls the timeout of a particular request which is going out of ESB. In a particular  scneario, your client sends a request to ESB, and then ESB sends a request to another endpoint to serve the request. CLIENT->WSO2 ESB->BACKEND The reason for clients getting timeout is that ESB timeout is larger than client's timeout. This can be solved by either increasing the timeout at client side or by decreasing the timeout in ESB side. In any of the case, you can control the timeout in ESB using the below properties. 1) Global timeout defined in synapse.properties (ESB_HOME\repository\conf\) file. This will decide the maximum time that a callback is waiting in the ESB for a response for a particular request. If ESB does not get any response from Back End, it will drop the message and clears out the call back. This is a global level parameter which affects all the endpoints configured in ESB. synapse.global_timeout_inte

Understanding Threads created in WSO2 ESB

WSO2 ESB is an asynchronous high performing messaging engine which uses Java NIO technology for its internal implementations. You can find more information about the implementation details about the WSO2 ESB’s high performing http transport known as Pass-Through Transport (PTT) from the links given below. [1] http://soatutorials.blogspot.com/2015/05/understanding-wso2-esb-pass-through.html [2] http://wso2.com/library/articles/2013/12/demystifying-wso2-esb-pass-through-transport-part-i/ From this tutorial, I am going to discuss about various threads created when you start the ESB and start processing requests with that. This would help you to troubleshoot critical ESB server issues with the usage of a thread dump. You can monitor the threads created by using a monitoring tool like Jconsole or java mission control (java 1.7.40 upwards). Given below is a list of important threads and their stack traces from an active ESB server.  PassThroughHTTPSSender ( 1 Thread )

How puppet works in your IT infrstructure

What is Puppet? Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud. How the puppet works? It works like this..Puppet agent is a daemon that runs on all the client servers(the servers where you require some configuration, or the servers which are going to be managed using puppet.) All the clients which are to be managed will have puppet agent installed on them, and are called nodes in puppet. Puppet Master: This machine contains all the configuration for different hosts. Puppet master will run as a daemon on this master server. Puppet Agent: This is the daemon that will run on all the servers, which are to be managed using p