QoS - Security and Reliable Messaging - Example 2
This is the second example that demonstrates the ease of integrating security and reliable messaging to the WSO2 Application Server.
It demonstrates trading interactions between a stock exchange, trader (stock broker) and a client (shareholder). A shareholder who needs to buy and sell shares, should first become a client of that particular trader. A trader can register his client (the shareholder) in the stock exchange. Once registered, the shareholder uses his Central Depository System (CDS) account to buy and sell.
The following section describes the services offered by each party involved.
Scenario Description
1. Client creates an account with a trader and receives a user ID. The Trader registers the Client with the stock exchange using client information.
2. The Client obtains a CDS account using which he is allowed to trade. The Client can only buy and sell shares on the market through the Trader who registered him/her.
3. The Trader places the client's buying and selling orders in the stock exchange.
4. The trader also registers feed targets to the Exchange.
5. To access any of the services from the stock exchange, the Trader needs to first login to the Exchange using the Trader's username and password.
6. The Clients get stock quotes (company name, symbol, selling price, high, low), and portfolio information from the Trader. He also deposits money in his account through the Trader.
7. The User (shareholder) can directly gain market information such as total traded shares, average price, and average size of trade from the stock exchange.
8. Trader provides market data updates to the stock exchange.
In summary the services are as follows:
1. Services offered by Stock Exchange to Trader
- Registering clients
- Logging in to Stock Exchange
- Buying and selling shares for Clients
- Registering feed targets
2. Services offered by Stock Exchange to Client
- Provide market information such as total traded shares, average price, average size of trade
3. Services offered by Trader to Client
- Create accounts
- Ability to make deposits to account
- Buying and selling shares
- Get stock quote (name, symbol, price, high, low) and portfolio
4. Services offered by Trader to Stock Exchange
- Provide market data updates
Note: Attributes of Stock Quote are name, symbol, selling price, high price and low price
How to Build and run the Sample
Find the "CommodityQuote" sample discussed here in <AS_HOME>/samples/Trader directory. You need Apache Ant to build the sample.
The steps are as follows:
1. Install and run the WSO2 Application Server. Refer to the Installation Guide for instructions.
2. In a command prompt, switch to the Trader directory.
For example, cd AS_HOME\samples\Trader
3. From there, type ant .
4. The build resumes and should be completed successfully. You should see a message like this:
5. The build automatically copies the .aar file containing the service into the repository. If you go to Deployed Services in the Application Serve Management Console, you will see the ExchangeTrader, ExchangeClient, TraderClient and TraderExchange services deployed.
Note:
If you don't see the services deployed, wait for a while for the deployment engine of Axis2 to pick up the newly added .aar. Then refresh/reload the page.
6. To see the sample services in action, you can use the following syntax on the command prompt.
- On MS Windows: run-client.bat [ -qos (rm | secure | securerm)] [-te <TraderService URL>] [-ee <ExchangeService URL> ]
- On Unix/Linux: run-client.sh [ -qos (rm | secure | securerm)] [-te <TraderService URL>] [-ee <ExchangeService URL> ]
You can find the run-client.bat and run-client.sh files in the <AS_HOME>/samples/Trader directory.
Terms Used
TraderService URL is the End Point Reference (EPR) of the TraderClient. This can be obtained from the Management Console.
Go to the " Deployed Services" window and click on the service "TraderClient". This will open up its dashboard, where you can find its endpoints. (under services column) > End Points. For this sample the default URLs for the standalone distribution and the embeddable version are as follows:
The same for ExchangeService, according to this example is as follows:
If rm, secure or securerm is to be used, the following modules should be engaged. This can be done by selecting the Engage Module option from the Service Information page for the services listed in the management console.
- rm - Sandesha (Sandesha2)
- secure - Security (Rampart)
- securerm - Both Sandesha and Security
Note:
- If security is used, the default username / password for the client is test / test123.
- The listed EPR's are for the stand-alone server. When WSO2 Application Server is running inside a servlet container, the EPR's are different. It is recommended to get the EPR through the management console.
The options shown above are illustrated using the following samples.
Example 1: Without any Module Engaged.
From the "Trader" directory, type the following command.
$ ./run-client.sh.
You should see the following:
Populating the stock market ................Done. Using following parameters TraderService URL : http://localhost:9762/services/TraderClient ExchangeService URL : http://localhost:9762/services/ExchangeClient STARTING TRADE SAMPLE CLIENT ============================= ... Please select your operation... --------------------------------- (1) createAccount (2) getQuote (3) getSymbols (4) deposit (5) buy (6) sell (7) getPortFolio (8) getMarketInfo (9) Exit
Example 2: With the Security Module Engaged.
- Login to the Application Server Management Console.
- Add a user (under configure menu -> Users and Roles) named "test" with password "test123."
- Similarly, add a role "testrole" and add user "bob" to that role.
- Similarly, add a role "testrole" and add user "test" to that role.
- Provide all permissions for this role.
- Then go to the "Deployed Services" window in the AS Management Console. (Manage > Service > List).
- Access the dashboard of the service "TraderClient" service by clicking on it.
- In the dashboard, under "Security," select "Username Token." Press "Next."
- Then select "testrole" from the user groups listed.
- Click "Finish."
Follow the same steps for ExchangeClient service. Then go to <AS_HOME>/samples/Trader directory and type: ./run-client.sh -qos secureYou would see a prompt asking for the username and password before listing the operations available as follows:
Populating the stock market ................Done. Using following parameters TraderService URL : http://localhost:9763/services/TraderClient ExchangeService URL : http://localhost:9763/services/ExchangeClient QOS : security STARTING TRADE SAMPLE CLIENT ============================= ... Please enter your username :test Please enter your password :test123
Example 3: Creating an account.
...Creating account... Please enter the Name:test1 Please enter the password:test1 Results ------- User ID :test1
Example 4: Depositing money in the exchange.
...Doing deposit... Please enter the username:test1 Please enter the password:test1 Please enter the amount:100 Deposit Successful !!
Sample 5: Buying '100 mn' stocks in the exchange.
...Buying stocks... Please enter the username:test1 Please enter the password:test1 Please enter the symbol:mn Please enter the quantity:100 Results ------- Status :true Reason :Success
Example 6: Selling '50 mn' stocks in the exchange.
...Selling stocks... Please enter the username:test1 Please enter the password:test1 Please enter the symbol:mn Please enter the quantity:50 Results -------- Status :true Reason :Success
Example 7: Getting the portfolio of the user 'test1' after buying a further '200 h' stocks.
...Getting Portfolio... Please enter the username:test1 Please enter the password:test1 Results ------- Symbol:mn Amount:50 Symbol:h Amount:200
Similarly, you can explore the options available in the Trader client and see how it works for yourself.
Trader service internally calls the Stock exchange services. Since the internally-used stubs try to use the configuration of the container by default, engaging QoS on the Stock Exchange service will break the trader sample. Therefore, for the trader sample to run properly, QoS should not be engaged on the Stock Exchange service.
The WSDL files of the services can be found in: <AS_HOME>\samples\Trader\wsdl