Explaining the Configuration of a Process

The figure illustrates the basic principle of the SOA web service provider configuration. Further explanations:

Scenario

A scenario is a group of service definitions. You can assign policies to one or more services in a scenario.

Policy

Policies contain runtime configuration settings (for example, for security and reliable messaging), that are enforced during consumer-provider communication. Policies, also called communication profiles, are reusable.

Service Group

A service group is a development artifact that is part of the consumer application configured at runtime. When configuring a service group, you can configure the consumer endpoints of the consumer application. A service group is a group of consumed services that run on the same system provider, for example for data integrity reasons on the provider side.

For a consumer, a service group is a bundle of references to services that must be provided by the same provider system. A consumer can contain many service groups. The service groups in a composite application developed in SAP Composition Environment are published to the service registry so that you can easily see which consumer applications can use by a service at runtime.

You can apply runtime configuration settings to multiple service definitions of a provider application all at once. You decide which service definitions to configure in a provider application and then expose those service definitions for consumption through runtime settings. You can search for and choose the provider applications that you want to configure in the Composite Explorer.

The figure illustrates the basic principle of the SOA configuration for connectivity. It also highlights the three main steps:

• Configure consumers.

• Connect systems.

• Configure providers.

The following are the main elements required to configure services for consumers:

Configure Consumers

When configuring consumers as follows, the system automatically creates logical ports and publishes service groups to the Services Registry:

• Group consumer proxies in service groups.
• Associate policies and service groups.

Connect Systems

The following should be created to connect systems:

• Create policies.
• Create connections between the consumer system and the provider systems.

Configure Providers

When configuring providers as follows, the system automatically generates endpoints and publishes them to the Services Registry:

• Group Web services in scenarios.
• Apply policies to the Web services in the scenario.

Create Service Groups

A composite application can make use of a multitude of services. Configuring those services individually would:

• Require a large initial effort.
• Make configuration changes expensive because all affected services have to be touched.
• Increase the chance of configuration errors and inconsistencies.

Grouping the services eliminates those issues because configuration is done only once for a set of services, and changes can be applied quickly at a single point. A general approach is to:

• Create Service Groups at design time in SAP NetWeaver Developer Studio (NWDS)
• Configure the groups in NetWeaver Administrator after the deployment onto the application server

Service Groups are defined in SAP NWDS when importing service interfaces. Once deployed to the AS Java, the Service Groups need to be configured in the SAP NetWeaver Administrator.

The settings for assigning system are found under SAP NetWeaver Administrator → SOA Management → Technical Configuration → System Connections

When creating communication profiles, you will need to specify the following:

• Security policies
• Messaging settings
• Transport settings
• Name and description of the communication profile

When a communication profile is assigned to a service definition, the system creates one or more service endpoints for the service definition. Each endpoint represents an alternative policy in the communication profile. For example, the system can create separate endpoints that require basic authentication, X.509 Client Certificate, and SAML Assertion for HTTP communication. If checked, Allow Only Secure Communication radio button enables only HTTPs communication.

Each communication profile has a version, which is automatically assigned to the profile when it is created. Each time you edit a communication profile a new version is created. Multiple versions of a communication profile can exist, each version with its own settings. Version numbers start at 1, and each subsequent version number is increased by 1.

When you assign different profiles to the same service definition, the system creates service endpoints that contain the configuration settings of each profile assigned to the service definition. When you assign a profile to a service definition, all of the profile versions are assigned to that service definition. The system then creates a service endpoint for every version available in the active profile.

After having configured the profiles, it is required, to set up the connections to a provider system. The figure illustrates the required steps.

You can apply runtime configuration settings to multiple service definitions of an application. You decide which service definitions in an application to configure and expose for consumption with applicable runtime settings. Find and choose the application you want to configure. You can find applications by entering a string in the Search field.

The figure illustrates the required steps for configuring service groups, as a potential part of configuring service consumers.

The settings for assigning system are found under SAP NetWeaver Administrator → SOA Management → Technical Configuration → System Connections.

To establish a connection from a consumer to a provider system, you have to specify the following configuration settings:

• Credentials to the system back end.
• Communication profile.
• Search method on the provider system.
• Messaging settings.
• System details and descriptions.

The system connection contains specific information about the provider system in the landscape, such as host name and port number, as well as information about the communication profile defining the policies for communication with that system, the mechanism for the discovery of Web services on it, and the concrete authentication credentials to access the Web Services Description Language (WSDL) or Web Service Inspection Language (WSIL) sources. You can create only one connection for every provider system in the landscape.

At a later stage, you identify the configured provider systems in the SAP NetWeaver Administrator applications by the system landscape directory ID (SLD ID) which you provide in this stage.

When creating a connection, you browse provider systems on the wizard that opens by choosing the button next to the System Name field. To use this value help, you must have established connection to the Services Registry. The value help displays all systems whose Web services are published to the Services Registry.

As a next step, you provide a metadata user with which you can access the back end of the system. On the next step you choose the communication profile, which you want to use. Note that the system connection is established over the highest active version of the profile. Finally, you can choose a specific search mechanism for services on the provider system (WSDL or WSIL documents, or Services Registry).

Use the following high level procedure to edit a connection to a provider system:

1. Open the connection for editing and update the relevant settings.
2. Ping a connection.

   Use Ping Connection to test the created system connection. If the connection is set correctly, the framework displays all service definitions running on the provider system.

3. Import and Export a connection.

   The framework allows you to export an established connection to a provider system from a consumer system and then reuse it on another consumer system.

Services are often called in the context of the user that currently runs the SOA application. In that case, the credentials of the user are passed on from the Java application server to the back end system using SAP logon tickets or similar methods.

In some instances, it might be required to call back end services using a fixed technical user. The credentials can be specified in the NetWeaver Administrator. Those credentials can then be added to provider systems or service groups to make sure that all related service calls are executed in the context of that user.

The procedure for adding user accounts follows:

1. Enter a name and description.
2. Enter authentication credentials.
3. Enter WS Security settings.
4. Enter HTTPs settings.

User Account: Assignment

To consume Web services, which require authentication and to consume them using a dedicated service user, you have to assign a user account to them. You can assign user accounts to one or more than one Web service running on a provider system. In addition, you can assign the same user account to one or more than one Service Group that contains a reference to the Web service. The consumer application invokes the business logic on the provider side using the authentication methods, which you provide in the user account.

The user account assignments which you create are also used by the system when you configure Service Groups.

The figure illustrates the procedure to assign the account.

You can narrow the user account assignment in one of the following ways:

Assignment to a provider system

In this case, you apply the user account to all Service Groups and the corresponding Web services that are running on the provider system.

Assignment to service definitions on a provider system

In this case, you apply the user account to the Service Groups and the corresponding Web services, which are specified explicitly in the assignment.

Assignment to a concrete service group and concrete service definition

In this case, you apply the user account to a specific Service Group and specific Web services, which are referred by this Service Group.

If there is more than one assignment to services on the same provider system, the framework uses the most concrete assignment with priority.