Home | Documentation |
The WS-ReliableMessaging plugin
updated Tue May 21 2024 by Robert van Engelen
|
The material in this section relates to the WS-ReliableMessaging and WS-Addressing (2005) specifications.
To use the wsrm plugin:
wsdl2h -b -t typemap.dat
on a WSDL of a service that requires WS-ReliableMessaging and WS-Addressing headers. The typemap.dat file included in the gSOAP package is used to recognize and translate header blocks. The -b
option ensures that one-way response message operations are added for duplex communications that require a client-side callback service.soapcpp2 -a
on the header file produced by wsdl2h. To enable reliable-messaging and addressing-based service operation selection, you MUST use soapcpp2 option -a
. This allows the service to dispatch methods based on the WS-Addressing action information header value (when the wsa plugin is registered).-DWITH_WCF
for enhanced WCF compatibility and use compiler flag -DWITH_WCF_SIM
to enable simulated WCF features channel instance and netrm BufferRemaining.An example wsrm client/server application can be found in samples/wsrm.
A gSOAP service definitions header file with an #import "wsrm.h"
to support WS-ReliableMessaging 1.1 or #import "wsrm5.h"
to support WS-ReliableMessaging 1.0 (2005). The imports are automatically generated by wsdl2h for a set of WSDLs that use WS-ReliableMessaging as per WS-Policy. The wsdl2h-generated header file should be further processed by soapcpp2 to generate the binding code. The wsrmapi.h and wsrmapi.c implement the WS-ReliableMessaging API described in this document.
A wsdl2h-generated service definitions header file might include the following imports, where the wsrm.h is mandatory to support WS-ReliableMessaging:
The wsrm.h header file is imported from import/wsrm.h by soapcpp2. The wsrm.h import can be manually added to enable WS-ReliableMessaging when needed. The gSOAP service definitions header file is processed with soapcpp2 to generate the client-side and/or server-side binding code.
Note that the wsrm.h and the WS-ReliableMessaging-dependent wsrx.h and wsa5.h header files are located in the import directory of the gSOAP package. These files define the WS-ReliableMessaging and WS-Addressing information header elements and types. The wsrx.h header file defines the WS-ReliableMessaging CreateSequence, CloseSequence, and TerminateSequence operations, as well as an one-way SequenceAcknowledgement operation to accept acknowledgements. The soap12.h header file enables SOAP 1.2 messaging.
For developers working on protocols: the WS-ReliableMessaging header blocks in wsrm.h were generated from the WS-ReliableMessaging schema with the wsdl2h tool and WS/WS-typemap.dat as follows:
wsdl2h -cgyex -o wsrm.h -t WS/WS-typemap.dat WS/WS-ReliableMessaging.xsd
This step is not needed to use the wsrm plugin.
SOAP_XML_TREE
flag or compile the source code with WITH_NOIDREF
.To associate WS-ReliableMessaging and WS-Addressing information headers with service operations, the SOAP Header struct SOAP_ENV__Header
must have been declared and contain the necessary header blocks to be transported with SOAP messages. The SOAP_ENV__Header
for WS-ReliableMessaging and WS-Addressing is predefined in wsrm.h and imported into the gSOAP service definitions header file (this is automatically generated by wsdl2h). For each service operation in the gSOAP service definitions header file that uses WS-ReliableMessaging and/or WS-Addressing method-header-part directives are used.
For example, the following gSOAP service definitions header file illustrates a typical import and service operation definition of operation 'example' in service namespace 'ns':
The wsa5 information headers are defined in wsa5.h and imported by wsrm.h (both are located in the 'import' directory). Here, all of the WS-Addressing and WS-ReliableMessaging information headers are bound to the ns__example operation request and response messages.
The method action directive is important for WS-Addressing, because WS-Addressing Action information headers must be included that are unique for each operation. The soapcpp2 option -a
ensures that WS-Addressing Action header blocks (and HTTP Action headers) are processed at the receiving side, which means that the service dispatcher uses the Action together with the operation name to invoke the service operation at the destination. This also means that Action headers must be properly set by the client.
Note: the SOAP_ENV__Header
struct can be declared in multiple files. The soapcpp2 tool gathers all members of the structs into the "final" SOAP_ENV__Header
struct used by the gSOAP engine and your application. This is convenient when service-specific header blocks are combined with WS-ReliableMessaging and WS-Addressing header blocks or when WS-Security header blocks are added by the WSSE plugin.
In this section a brief overview of WS-ReliableMessaging is given. For more details please refer to the WS-ReliableMessaging protocol or tutorials on the subject. The following introduces the basic concepts of WS-ReliableMessaging from a practical point of view.
WS-ReliableMessaging is useful to improve the reliability of one-way asynchronous messaging, for unreliable data gram messaging (SOAP-over-UDP), or to improve reliable delivery of responses relayed to other destinations, such as response messages that are relayed to destinations indicated by the WS-Addressing ReplyTo header. The protocol is also useful when multiple sources are sending messages that arrive out of order or must be flagged as an incomplete message collection when messages are missing as defined by the notion of a collection of related messages. Messages delivered out-of-order are not internally reordered automatically. The application logic should be designed to be robust to out-of-order delivery effects, for example by using a vector to collect the data elements received before the data is processed. Alternatively, the server-side soap_wsrm_check_and_wait
calls can be used to let the current thread wait until preceding messages have been received and processed (by other threads). For single-thread processing with keep-alive, this will cause a performance bottleneck unless the message queue plugin is used. The message queue plugin (mq.c) provides an approach to buffer inbound messages for in-order processing.
WS-ReliableMessaging is not essential to improve the reliability of request-response message exchanges between two parties over HTTP, since a successful delivery of a request message can be inferred from the fact that a response was received for the request sent.
WS-ReliableMessaging "protects" message sequences, i.e. a collection of related messages. A WS-ReliableMessaging message sequence is created after which the sequence of messages is sent. The sequence is closed and terminated by the client after the last message. Either the message sequence is complete or not, and the resulting action to discard the incomplete message sequence or not depends on the chosen behavior. Duplicate messages (e.g. resulting from resends) are always discarded.
To create a new sequence, a client (WS-RM source) requests from the server (WS-RM destination) a unique (new) message sequence identification. The server responds with the identification to be used as well as other details, such as the expiration time of the sequence and the behavior implemented when a sequence was received incomplete:
soap_wsrm_check
) or wait for out-of-order messages to arrive in a timeout window (when calling soap_wsrm_check_and_wait
).When the client terminates the sequence, it first sends a sequence close request (or a last message with the older WS-RM 1.0) and then a sequence termination request to the destination server. The sequence close informs the server how many messages should have been received. The client can still resend messages after the close, but no new messages are supposed to be send. After the optional resends, the client requests termination of the sequence. The termination will be successful depending on the behavior when messages went missing, as was listed above.
The ensure reliable delivery, the WS-ReliableMessaging protocol allows the client to resend messages. Message resends are desirable when messages are lost in transit. Since the client has limited information on delivery success (message delivery acknowledgments can get lost as well), the client may resend more messages than necessary. This could lead to message duplication. However, messages that were already received by the server are discarded.
The client may request message delivery acknowledgements from the server. The server sends message receipt acknowledgements for all the messages it has received in the sequence back to the client, usually by piggy-backing them with the response of a subsequent message exchange. When the client is informed about successful delivery it reduces the number of resends the client will attempt.
Messages in a sequence are uniquely identified by their enumeration number in the sequence. Messages may be transmitted out of order. A missing message number indicates a gap in the message sequence. Message receipt acknowledgements consist of ranges of message numbers. Acknowledgements are normally sent to the source to help identify which messages should be resend.
With the WS-Addressing protocol, message responses and fault messages can be relayed to other destinations. The ReplyTo and FaultTo WS-Addressing header blocks are used for this purpose. The WS-ReliableMessaging protocol allows message acknowledgements to be relayed. The WS-ReliableMessaging AcksTo header block is used for this purpose.
In all, there are four types of communicating peers that are visible to the source (the client):
The destination service normally serves as ReplyTo, FaultTo, and AcksTo service, which is the default scenario with request-response message exchanges. Replies, faults, and acknowledgements can also be asynchroniously transmitted in duplex mode. In that case, the WS-RM source client acts as a callback service to accept messages on a port.
The practical aspects of message sequence creation, the message exchanges, the message relays, and sequence close/termination are presented for the client side first and then for each of the four types of destination servers.
A sequence is created, closed, terminated, and cleaned-up on the client side as follows, using a 'soap' context struct (use one 'soap' context per thread):
For duplex communication, the responses are sent to the WS-RM source's port, to which we need to listen via a callback service. There are two ways to do so, by polling or by running a separate callback server thread that accepts responses.
In the code below we use a polling approach to process responses sent asynchronously to the WS-RM source:
The polling operation can be implemented as follows:
In addition, callback service operations must be defined to handle faults and, when applicable, one-way message responses sent by the destination.
Fault messages are accepted by the callback and processed by the service operation that can be customized to your needs:
This cleanup of memory resources may be performed at any time in the sequence of message exchange or afterwards when desired. The sequence state is maintained independent of these cleanup operations.
A graceful sequence termination may fail when the delivery of a sequence of messages is incomplete or when the lifetime of the sequence expired (the hard limit on the lifetime is SOAP_WSRM_MAX_SEC_TO_EXPIRE
, this macro can be changed).
The WS-RM destination determines the failure based on the final sequence state and the sequence behavior. The behavior is set to NoDiscard by default, which means that the sequence is not discarded when transmission gaps appeared in the messages and the sequence is incomplete. The desired behavior can be specified with a sequence creation offer as explained in the next section.
If the source ReplyTo and AcksTo addresses differ in your project, then use the following:
Expiration times should not be infinite, because sequences are kept in memory until expired even when the sequences are closed and terminated. This permits the detection of duplicate sequences. The limit on the lifetime is SOAP_WSRM_MAX_SEC_TO_EXPIRE
. This macro can be changed.
Instead of polling, we can implement a callback server thread that accepts responses. This also permits keep-alive connections, because keep-alive connections are handled in soap_serve
which runs a loop to process all incoming messages until timeout or close. This would block the polling method and also blocks an iterative callback server. Therefore, we must use multiple threads to handle keep-alive connections in a callback server.
The callback server thread can be implemented as follows, in which we spawn more threads when keep-alive is enabled (optional in the code above):
To enable a destination server to produce a reliable message response sequence, you need to create a sequence with an offer. Otherwise, response messages are not tracked and delivery is not verified. A sequence of two-way message exchanges should use the offer mechanism. If all messages are one-way from source to destination then the sequence offer mechanism is not needed. A sequence can be created without an offer as follows:
Expiration times should not be infinite, because sequences are kept in memory until expired even when the sequences are closed and terminated. This permits the detection of duplicate sequences. The limit on the lifetime is SOAP_WSRM_MAX_SEC_TO_EXPIRE
. This macro can be changed.
Each message exchange with the WS-RM destination should be preceded with a soap_wsrm_request
or soap_wsrm_request_acks
call to set the required WS-RM information headers for the message send operation or request-response exchange.
For example, consider the 'example' operation defined previously and suppose we invoke the 'example' operation in a sequence (after creation and before closing):
To generate WS-Addressing message IDs, use soap_wsa_rand_uuid
, for example:
The soap_wsrm_request
takes the sequence handle and optional WS-Addressing message ID and mandatory WS-Addressing action string (this string must match the method-action defined in the gSOAP service definition header file). It produces a WS-RM header block with the message number incremented by one for the invocation. Messages are enumerated from one and included in the WS-RM header to allow the destination to determine which messages were received in the sequence (for acknowledgements) and to ignore duplicate messages.
The remote invocation soap_call_ns__example
uses the endpoint provided by soap_wsrm_to(seq)
for the WS-RM destination address, which was set by soap_wsrm_create
or by soap_wsrm_create_offer
. Because the address may change due to a redirect, we encourage the use of soap_wsrm_to
for the WS-RM destination address. When used at the server side, soap_wsrm_to(seq)
is the ReplyTo address provided by the client's request message, which may be none (NULL) for a one-way call. Therefore, it is wise to check the return value of soap_wsrm_to(seq)
.
A C++ proxy object (generated by soapcpp2 option -j
) that invokes a service operation should reset the destination address explicitly by setting the soap_endpoint
member string before each operation invocation.
Before sending a message, a WS-RM request should be issued using soap_wsrm_request_acks
. This informs the WS-RM destination to return message delivery acknowledgements back to the sender (piggy-backed in the header of the response message), unless the AcksTo is set to target an acknowledgement service endpoint in which case the acknowledgements are sent to.
When duplex messaging is used via a callback, a polling operation will be needed afterwards:
The soap_wsrm_close
returns acknowledgements automatically, so requesting intermediate acknowledgements is not required to issue a final soap_wsrm_resend
to resend all non-acknowledged messages, e.g. after soap_wsrm_close
. See also futher below.
All non-acknowledged messages in a sequence that were previously sent can be resend (from the internal sender-side cache of sent messages in a sequence) as follows:
To resend a range of non-acknowledged messages, say between 3 and 7, use:
Or all messages after message number 3:
Resends should be used with care, since in the worst case when no acknowledgements have been received all messages up to the last will be resend (and ignored by the WS-RM destination when a message is received more than once).
Note that when an AcksTo destination service address was set with soap_wsrm_create
or soap_wsrm_create_offer
, then the acknowledgements will not be returned to the sender (client). In this case message resends are performed for all messages sent, since these have not been acknowledged.
It is permitted to issue resends between creation and termination of a sequence, including after a sequence close (as long as no new messages are sent after close). The sequence close provides acknowledgement information to limit the number of messages that need to be resend.
To find out if none, some, or all messages have been acknowledged, use:
WS-ReliableMessaging is important when messages are relayed, and especially when relayed over UDP.
The ReplyTo and FaultTo destination service endpoints can be specified for each message as follows:
An optional source address information header can be added with soap_wsa_add_From
:
Adding a From address is optional and usually not required with WS-ReliableMessaging.
A potential problem with reliable message delivery with resends can fail when the initial send was not successful and message ordering is relevant. Resending will lead to an unordered message delivery.
Also, the wsrm plugin records all sent messages when the send operation was not interrupted. A problem occurs when the message cache contains incomplete messages and these messages cannot be resend. This section presents an additional mechanism to ensure messages are cached properly for automatic retransmission.
Besides network failues, a request-response message exchange can also appear to fail due to a non SOAP_OK
returned, such as a benign "HTTP 202 Accept" To distinguish fatal send errors from errors returned by the peer, the soap_wsrm_check_retry
function can be used as follows to only retry the message exchange (or send) when needed:
Note that the soap_wsrm_request
is only invoked once in the above to increment the message enumeration.
The loop retries transmissions a maximum of SOAP_WSRM_MAX_RETRIES
iterations before giving up.
Note that this mechanism does not replace acknowledgements for delivery. Delivery acknowledgements are verified with soap_wsrm_nack
.
The following code shows an example WS-RM client fragment that combines the concepts introduced in the previous sections for a request-response scenario:
A duplex mode client that accepts responses via a callback:
To set up a WS-ReliableMessaging compliant server, register the wsa and wsrm plugins with the soap context (or with the C++ proxy object generated by soapcpp2 option -j
):
The following subsections detail the differences between the types of WS-RM destination services.
For duplex communications, it is advisable to send acknowledgements to the peer, which are normally piggy-backed on messages to the peer. If no messages are sent to the peer, explicit acknowledgements can be sent:
To sent acknowledgements to all peers with open sequences, use:
where timeout is in seconds (pos value) or microseconds (neg value). Depending on the message exchange scenarios, it may be advisable to have the server send periodic acknowledgement updates as follows:
Each service operation that supports WS-ReliableMessaging and WS-Addressing should use the soap_wsrm_check
, soap_wsrm_sender_fault
, soap_wsrm_receiver_fault
, and soap_wsrm_reply
functions as follows:
An error produced by soap_wsrm_sender_fault
or soap_wsrm_receiver_fault
before soap_wsrm_check
is considered fatal, it will terminate the sequence and the sender (client) will not be able to continue the sequence transmissions. While the faults preduced after soap_wsrm_check
allow the sequence to continue.
To set up a callback to accept responses in a duplex scenario, we set up the server in the same way as the destination server. Service opertions should not use soap_wsrm_reply
. Because response messages are sent (as if these were request messages), the service must define the appropriate one-way operations and gSOAP service definitions bindings.
For example, the one-way response message of the ns__example operation is defined as follows in the gSOAP service definitions header file:
The one-way response service operations are automatically generated with wsdl2h option -b
.
Note that when these definitions are combined with the previous definition for ns__example
, there is no need to define the ns__ExampleResponse
struct any longer as this is implied by the ns__exampleResponse
function content.
The server operation implementation is for example:
The HTTPS client and server are set up as shown in the gSOAP documentation and examples. There are no additional API calls needed to support WS-RM with HTTPS.
Note that the WS-RM destination service may also relay messages to other HTTPS services, thus the WS-RM destination acts as a receiver (server) and sender (client). Therefore, the WS-RM destination server's SSL context should be set to authenticate the other servers:
Here, the cacert.pem file contains certificates to authenticate the ReplyTo, FaultTo, and AcksTo services when HTTPS is used.
The client side sets up the SSL context with the soap_ssl_client_context
as instructed in the documentation and by the examples. Multi-threaded HTTPS clients and servers must register mutex locks with OpenSSL
To use Basic Authentication at the client side, set the userid and passwd values:
At the server side add the authentication check to the service operation before soap_wsrm_check
to terminate the sequence when an authentication failure occurs. For example:
Here, we check only one userid-passwd pair though normally we could search for valid credentials in an authentication store.
Note: never use Basic Authentication over HTTP because the password is sent in the clear. You must use HTTPS to encrypt the HTTP authentication information and message content. HTTP Digest Auth is preferred for this reason, because Digest Auth verifies the digest of a userid-passwd rather than require the password to be exchanged or stored in cleartext.
The use of UDP is automatic at the client side using the "soap.udp://" protocol. Therefore, endpoints should use a "soap.udp://" URL to connect. (when using an already opened socket, the SOAP_IO_UDP
flag must be used, see the documentation.)
Note that UDP datagram messages should not exceed 8K, which is usually a size that UDP datagrams can support. To reduce the message size, we recommend compression (-DWITH_GZIP
compile flag to enable ZLIB and use libgsoapssl.a or libgsoapssl++.a for OpenSSL and ZLIB compression combined).
The code of an UDP-enabled server is identical to an HTTP/TCP server except that the soap_accept
call is disabled and unnecessary.
When message responses are not returned to the client, the client may block indefinitely when it expects a response. Therefore we recommend the use of send and receive timeouts:
Note that the WS-Addressing ReplyTo and the use of NoReply do not return response message from the server. However, acknowledgements will be returned when acknowledgements were requested (unless acknowledgements are relayed with AcksTo).
In this case an acknowledgement will be returned and the timeout reflects a possible network packet loss.
WS-Security can be combined with WS-ReliableMessaging using the WS-Security plugin.
Both plugins must be registered at the client and server side. These APIs are independent.
The WS-ReliableMessaging plugin is developed to support C and C++. To support C++ server objects generated with soapcpp2 option -j
(or -i
), run soapcpp2 again:
soapcpp2 -A -pwsrx import/wsrx.h
This generates wsrxClient.cpp and wsrxServer.cpp that are also needed with the WS-ReliableMessaging plugin and code.
To dispatch the wsrm service operations when received: Suppose we have a myService server class generated by soapcpp2 option -j
, which is used to process requests with the serve() member function (also generated):
Compile wsrmapi.c with -DSOAP_WSRM_FAST_LOOKUP
to speed up sequence lookups for a large number of concurrent message sequences or sequences with a long time to live. An internal hash table is used, which will grow to accommodate the total number of concurrent sequences. The hash table entries are reused but (temporary) empty entries are never deallocated to avoid allocation overhead, which means that leak detectors may complain about space not being freed.