Skip to main content

WSO2 ESB Development best practices

Naming Conventions

When developing artifacts for WSO2 servers, follow the guidelines mentioned below.

  1. Project names - Create project names which reflects the intention of the project. It is better to end the project name with the server type which this project is deployed in to. This name should be unique within your source code repository

  1. Artifact names - When you create artifacts, always better to start the name with the project name and end with the artifact type. This would make the artifact name unique within the source repository.

  1. Custom Java Classes - When you create custom java code (custom mediators, custom formatters), adhere to the standard java packaging names with project names to distinguish your code

Project Structures

When developing artifacts for WSO2 servers, follow the guidelines mentioned below

  1. Start with a “Maven multi module” project as your parent project. This will be the top most level project in your source code hierarchy.

  1. Create projects according to the artifact types which you are going to develop.
Ex: ESBConfigProject to develop ESB artifacts, RegistryResourceProject for governance artifacts

  1. Create Composite ARchive (CAR) projects to bundle the relevant artifacts into an archive.

  1. If you need to create a common (core) project to include different types of projects (ESB, Registry), create a maven multi module project and add them as sub projects.

  1. Do not bundle custom mediators with the ESB artifacts which referenced that specific mediators in a single CAR file. This may cause deployment time exceptions during the due to dependencies conflicts. If you have a custom java code, always deploy that before deploying the ESB artifacts, which refers this custom code



General Best Practices

When you have environment specific artifacts such as endpoints, data source configurations, always better to use governance registry to store them.

When sharing the implemented projects among team members of the development team, use WSO2 Project Import Wizard since WSO2 Project Import Wizard is knowledgeable on handling the nested project structures supported by Developer Studio.

When exporting Developer Studio Projects you can either export individual projects and generate individual deployable artifacts or you can package them into a CAR file and export thar CAR file from IDE itself.

If you need to integrate your solution with a Continuous Integration server(Ex:Bamboo, Jenkins) and automate the build and deploy process, you need to use Maven support provided by Developer Studio for that. You should not include the Carbon Server extensions in CAR files and deploy to Carbon Servers,


Developer Studio - Deployment Best Practices

When you want to deploy artifacts to a Carbon Server, first you need to package all the artifacts to a CAR file. There are 2 possible methods to deploy to a Carbon Server.

Via Developer Studio IDE
Via Maven-Car-Deploy-Plugin

You can use any of the above 2 methods to deploy the CAR files to a Carbon Server. When you have modified your projects in Developer Studio, you can simply use Maven or IDE to publish latest version of the CAR file to the Carbon Server.

Design and Development Best Practices

1. Use mediators like XSLT and XQuery in complex transformation. Payload Factory and Enrich mediator perform better in simple transformation scenarios.

2. When a message is sent out from the inSequence , the reply is received by the outSequence by default. To receive the reply to a named sequence, use send mediator in the inSequence .

3. Do not use two consecutive send mediators without cloning the message using Clone mediator.

4. Always use REST APIs to expose RESTful interfaces over invoking Proxy Services.

5. Aggregation mediator works in tandem with Iterate or Clone.

6. Use templates to reuse the ESB configuration whenever possible.

7. Limit the use of in-line endpoints and use references to existing endpoints from sequence or proxy services.

Maintenance is easier when you isolate endpoint definitions from sequences and proxy services.

Security Guidelines and Best Practices
This section provides some security guidelines and best practices useful in service development.

  • Use DMZ-based deployments. Also see  
http://wso2.com/blogs/architecture/2011/04/public-services-gateway-and-internal-services-gateway-patterns.
  • Change default admin username and password.
  • Change the default key stores.
  • Secure plain text passwords and configure user password policies.
  • In REST services deployments, secure your services with OAuth (Bearer and HMAC) and Basic authentication with HTTPS. This is recommended because:
  • It adds authentication, authorization and validation in to the services.
  • It enables communication to be done in a confidential manner while achieving non-repudiation and integrity of the messages.
  • It helps you avoid attacks such as replay, DoS and to define rules for throttling the service calls.
  • It helps you to control access to services in a fine-grained manner using role-based, attribute-based and policy-based access control.

Labels:

Comments

  1. Roger van de KimmenadeMay 31, 2016 at 5:40 AM

    Good post ! Thanks

    ReplyDelete
  2. UnknownNovember 26, 2016 at 11:45 PM

    Thanks

    ReplyDelete
  3. UnknownJuly 19, 2018 at 7:37 AM

    I am sorry post my question here ...what is the difference between ESB Solution Project and ESB Config Project in WSo2?

    ReplyDelete

Post a Comment

Popular posts from this blog

How to setup an WSO2 API manager distributed setup with a clustered gateway with WSO2 ELB

In this blog post I am going to describe about how to configure a WSO2 API Manager in a distributed setup with a clustered gateway with WSO2 ELB and the WSO2 G-REG for a distributed deployment in your production environment. Before continuing with this post, you need to download the above mentioned products from the WSO2 website. WSO2 APIM - http://wso2.com/products/api-manager/ WSO2 ELB - http://wso2.com/products/elastic-load-balancer/ Understanding the API Manager architecture API Manager uses the following four main components: Publisher Creates and publishes APIs Store Provides a user interface to search, select, and subscribe to APIs Key Manager Used for authentication, security, and key-related operations Gateway Responsible for securing, protecting, managing, and scaling API calls Here is the deployment diagram that we are going to configure. In this setup, you have 5 APIM nodes with 2 gateway...
2 comments
Read more

How puppet works in your IT infrstructure

What is Puppet? Puppet is IT automation software that helps system administrators manage infrastructure throughout its lifecycle, from provisioning and configuration to orchestration and reporting. Using Puppet, you can easily automate repetitive tasks, quickly deploy critical applications, and proactively manage change, scaling from 10s of servers to 1000s, on-premise or in the cloud. How the puppet works? It works like this..Puppet agent is a daemon that runs on all the client servers(the servers where you require some configuration, or the servers which are going to be managed using puppet.) All the clients which are to be managed will have puppet agent installed on them, and are called nodes in puppet. Puppet Master: This machine contains all the configuration for different hosts. Puppet master will run as a daemon on this master server. Puppet Agent: This is the daemon that will run on all the servers, which are to be managed using p...
7 comments
Read more

WSO2 ESB tuning performance with threads

I have written several blog posts explaining the internal behavior of the ESB and the threads created inside ESB. With this post, I am talking about the effect of threads in the WSO2 ESB and how to tune up threads for optimal performance. You can refer [1] and [2] to understand the threads created within the ESB. [1] http://soatutorials.blogspot.com/2015/05/understanding-threads-created-in-wso2.html [2] http://wso2.com/library/articles/2012/03/importance-performance-wso2-esb-handles-nonobvious/ Within this blog post, I am discussing about the "worker threads" which are used for processing the data within the WSO2 ESB. There are 2 types of worker threads created when you start sending the requests to the server 1) Server Worker/Client Worker Threads 2) Mediator Worker (Synapse-Worker) Threads Server Worker/Client Worker Threads These set of threads will be used to process all the requests/responses coming to the ESB server. ServerWorker Threads will be used to pr...
5 comments
Read more