Boston University XML Gateway: Integration with External Vended Products and Local Web...
-
date post
20-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of Boston University XML Gateway: Integration with External Vended Products and Local Web...
Boston University XML Gateway:Integration with External Vended Products and Local Web Applications/Legacy Systems
Vlad GrinmanJacalyn Reisz
Boston UniversityUniversity Information Systems
Boston University
What We Will Cover
What were the events Leading Up to the Development of the Toolkit
What is the XML Gateway How Does It Work How BU Manages Integration Efforts
using the XML Gateway Toolkit Next Steps
Boston University
Apple Pie and Motherhood at BU
Single sign-on for services in use at BU Reuse of existing application code Real time access to data and service Reduction of the exposure of
warehousing data on alien systems
Boston University
Buy vs. Build
Central IT traditionally built all systems to deliver data and service
Vended packages are now bought everyday
More systems are developed locally in offices to enhance main system delivery of data and service
Integration becomes the challenge
Boston University
Vendor Speak
“So you don’t want your students setting up yet another id and password, send us your login names and passwords.”
“Send us an image of your student data, your HR data and your chart of accounts.”
“We’ll take good care of them!”
Boston University
Sample Scenario Vendor requires proprietary
authentication Vendor requires data dump Student uses same username and
password Vendor site compromised,
username/password and identifying details exposed
University data is compromised
Boston University
Custom Integration?
Hard Coding leads to increased maintenance
Voided Warrantees Upgrades have added costs Each solution works differently This is very expensive
Boston University
Back to the Abstract
The XML-Gateway was developed as a Toolkit for integrating Boston University's Authentication Service with vended products and user systems. Additionally, it can provide data to these requestors in a secure, dynamic, and controlled process, thus eliminating the proliferation of accounts at vendors' sites and in the university departments. The required data is exchanged real-time, thereby eliminating warehousing and data synchronization issues.
Boston University
How We Evolved
Technical Proof of Concept Real Implementation Several More Hand-Held
Implementations Product Packaging Integration Procedures Staged and Managed New Efforts
Boston University
Soooo…….This is the “Rest of the Story”
Part II - The Product Technical Detail
Part III - How We do Product Management
Part IV – Where we are going
Boston University
Simple Scenario BU Procurement Office signs contract with large
Vendor to use their web based software to buy chemicals for our bio labs.
To complete any order Vendor must know: Is the buyer authorized for this purchase Which account to charge What is the shipping address
BU wants Vendor to obtain all this information real time and use standard BU authentication for all transactions.
Boston University
Communication with Vendors
Vendors’ applications communicate with BU sending and receiving XML documents tunneled through HTTP/HTTPS protocol
BU “WebLink” service Unique URL shortcut for each Vendor
for filtering Vendor’s requests “WebLink” application
Boston University
Client’s Browser Vendor’s Web Server BU Web server
BU Services
BU WebLogin Service BU Kerberos Service
Request/Response Simple Diagram
HTTP HTTP(XML)
HTTPS(HTML)
JDBC, HTTP,AJP,
CUSSP,ETC…
HTTP(HTML) HTTP(XML)
HTTPS
WebLink
Service
Boston University
Client’s Browser Vendor’s Web Server BU Web server
BU Services
BU WebLogin Service BU Kerberos Service
Sessions Diagram
Vendor’s Client Session
Vendor’s BU Session
Client’s WebLogin Session
Boston University
XML Request Sample
<?xml version='1.0' encoding='UTF-8'?><bu_uis_request session="" version="2.1"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.bu.edu/uis/XmlGateway"xsi:schemaLocation="http://www.bu.edu/uis/XmlGateway http://www.bu.edu/link/system/schemas/Request.xsd">
<parameters><param name=“productCode" value=“12345"/><param name=“productCategory" value=“Chlorine"/>
</parameters><sync_parameters url="http://vendor.com/PurchaseServlet ">
<param name=“buAuth" value="Yes"/></sync_parameters>
</bu_uis_request>
Boston University
XML Response Document
Session Key Response Type (DATA, LOGIN, ERROR) Alias, Id, Name, Email, Output
Parameters (DATA) HTML, Url (LOGIN) HTML, Message (ERROR)
Boston University
XML Response Sample (DATA)
<?xml version="1.0" encoding="UTF-8"?><bu_uis_output version="2.0" session="4a90eb3" xsi:type="DATA"
alias="jsmith"id="U123" name="John Smith" email="[email protected]"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.bu.edu/uis/XmlGateway"xsi:schemaLocation="http://www.bu.edu/uis/
XmlGatewayhttp://www.bu.edu/link/system/schemas/Response.xsd">
<parameters><param name=“account" value=“02348766754"/><param name=“address" value="755 Commonwealth
Avenue 3-d floor Suite 332"/></parameters>
</bu_uis_output>
Boston University
XML Response Sample (LOGIN)<bu_uis_output version="2.0" session="216b53" xsi:type="LOGIN"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"xmlns="http://www.bu.edu/uis/XmlGateway"
<?xml version="1.0" encoding="UTF-8"?>xsi:schemaLocation="http://www.bu.edu/uis/XmlGateway
http://www.bu.edu/link/system/schemas/Response.xsd"><html url="http://www.bu.edu/link/bin/uiscgi_demo_uiscgi_xml_devl.pl/PreLogin?session=216b53&AuthServCd=it_kerb&LoginPromptInd=ON&SidPromptInd=&reason=Initial%2520request%2520for%2520authentication&app=Demo&contact=%253Ca%2520href%253D%2522mailto%253ATheLink%2540bu.edu%2522%253ETheLink%253C%252Fa%253E">
<![CDATA[<html>
<head><title>PreLogin Re-direction
Page</title><script language="JavaScript">
window.document.location = "http://www.bu.edu/link/bin/uiscgi_demo_uiscgi_xml_devl.pl/PreLogin?session=216b53&AuthServCd=it_kerb&LoginPromptInd=ON&SidPromptInd=&reason=Initial%2520request%2520for%2520authentication&app=Demo&contact=%253Ca%2520href%253D%2522mailto%253ATheLink%2540bu.edu%2522%253ETheLink%253C%252Fa%253E"
</script></head>
Boston University
Security
Filtering Scope (available functions) IP Authentication/Authorization SecurId
PreLogin and PostLogin Services SSL
Boston University
Toolkit Client-side libraries Live Demo Web-site Source code for all Demo Scenarios Specification Diagrams Schemas Java Docs Developers Web-site
Boston University
Client-side libraries
Generate XML Request Document Send/Receive HTTP(S) message Parse XML Response Document Currently supported languages
Java Perl VBScript PHP
Boston University
Live Demo Web-sitehttp://uis-eta.bu.edu/demo/xml_gateway
Scenario 1Get public data from BU: no authentication is required,
but access is restricted by IP. Scenario 2
Get BU authentication information: alias, id, name, email.
Scenario 3Get protected data from BU (including authentication
information).
Boston University
Source Code for Scenario 3 (Java).package edu.bu.uis.XmlGateway.connector_demo;import java.net.URL;import javax.servlet.http.*;import java.io.*;import edu.bu.uis.XmlGateway.connector.*;
public class Scenario_3_Servlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String modulename = request.getParameter("ModuleName"); String session = ""; Cookie[] cookies = request.getCookies(); for (int ii=0; ii < cookies.length; ++ii) { if (cookies[ii].getName().equals(SERVLET_COOKIE_NAME)) { session = cookies[ii].getValue(); } } ServletVendorRequest svr = new JservServletVendorRequest(); BuResponse br = null; try {
svr.setSession(session); svr.setUrl(new URL("http://www.bu.edu/link/bin/uiscgi_demo_uiscgi_xml_devl.pl")); svr.addParameter("ModuleName", modulename); svr.setSyncUrl(request); br = svr.getResponse(); } catch (Exception e) { out.println("System Error: " + e.toString()); }
Boston University
Cookie cookie = new Cookie(SERVLET_COOKIE_NAME, br.getSession()); cookie.setPath("/"); cookie.setDomain(".bu.edu"); response.addCookie(cookie); if (br.getType().equals("ERROR")) { out.print(br.getHtml()); } else if (br.getType().equals("LOGIN")) {
out.print(br.getHtml()); } else if (br.getType().equals("DATA")) { String emailAddress = br.getParameter("EmailAddress"); String uid = br.getId(); String studentSalutation = br.getParameter("StudentSalutation"); String studentSalutation = br.getParameter("StudentSalutation");
…………………… String normalHtml =
"<html>\n" + " <head>\n" + ………………………. " </body>\n" + "</html>\n“;
out.print(normalHtml); } else {
out.println("XmlGateway Error: Unsupported data type" + br.getType());}
} // endof doGet() private final String SERVLET_COOKIE_NAME = "bu_session";}
Boston University
Developers Web-sitehttp://uis-eta.bu.edu/xmlgateway
Demo Specification Schemas Diagrams JavaDocs Sources (protected) Projects (protected)
Boston University
It Takes More Than Technology to Solve This One!
Getting the right tools……….
to the right people…………….
at the right time.
Boston University
Understanding the XML Gateway
Reviewing the spec Visiting the Demo site Playing with the sample code
Boston University
How do you want to use the XML Gateway?
Choose a scenario Identify your development language Complete the contract
Data exchange? Authentication? Input/Output Parms? ……..
Boston University
Security Issues
Access Control Custom vs. Common
IP Locking Authentication
Who What
Authorization
Boston University
The Box Score IKON E-Alumni WBUR Pinnacle Maximus BNW FSAtlas COD SBI (Degree Audit) EOS Thin Client
Enviromental Health and Safety
Engineering - ECE Med Campus IT Sargent College Alumni Directory Modern Foreign
Language School of Dental
Medicine
Boston University
Realized Gains
Reduction of stale or inaccurate data Increased knowledge of who has data
and where Increased review of/advice about
securing locally held data
Boston University
Next Steps: SOAP? Pros:
Standard message format instead of proprietary XML
Standard, rich, and self explanatory interface: WSDL
Standard SOAP client library instead of proprietary libraries
Standard error handling No language limitations: almost any
language supports SOAP now
Boston University
Next Steps: SOAP?
Cons: Increased code on the Vendor side Higher qualification for Vendor programmers SOAP server production environment at BU
not fully implemented yet