Service Orientation: Exception handling pattern


I am a great fan of the service orientation principles described by Thomas Erl: http://www.soaprinciples.com/
And also of its patterns: http://www.soapatterns.org/
This will not be a sucking up story about Thomas, but the need for a pattern on error handling.


One of the patterns is that of Service Layering, in which the Services can be categorized in the following layers:

The Utility Service Layer consists of Services that are of agnostic functional nature and are not functional related to a business entity or business process.
The Entity Service Layer contains Services that are related to business entities and are usually also agnostic.
The Task Service Layer is more related to Services that are specific to a particular task or process.
Usually you also have a Orchestrated Task Service layer contains Services that orchestrates Services to fulfill a business process.

My question is how to deal with errors in the separate layers?

Error Types

Let me first describe the type of errors we can have:
  • Technical Errors
    Those are errors of technical nature, like database can not be reached, wrong message format. Mostly internal service errors that occur.
  • Capability Errors
    Those are the errors due to the fact that a capability of a service can not be executed. These errors are more of a functional nature.
  • Business Process Errors
    Those are errors that occur within the logic of a business process.

The next item you have to think about, is which errors you want to expose.

Expose errors?

The first option that comes to mind is that all errors remain internal, using the Abstraction Principle.
However if you think deeper then:
  • Technical errors may kick off other processes that will deal with service errors, by sending mails to maintenance for example. Then technical errors are part of the service contract.
  • A composite controller may handle a capability error by trying it again or using an alternative path.
    A service does (generally) does not know in which activity it participates, so the service can not decide what to do when something happens. Then the error is also part of the service contract.

How to expose errors?

When you decided to expose errors then you have to think about how to expose the errors.
When looking at webservice services you have several options:
  1. Return an error within the output message
  2. Generate a soap fault
  3. Generate a business event that something happend
I am more in favorite of the last two, because the first option always blurs your goodweather logic and this way the maintenance of your code can be more complex.


Hope this gives you some stuff to think about when designing your service contract.
Other suggestions are welcome !


Cordys: Connectors open source

Taken from Cordys Wiki:

Cordys has always had two types of connectors. The first group of connectors are developed and supported by the Cordys platform engineers. Examples include the E-mail and the FTP connector. The second group of the connectors are developed and supported by the former Cordys professional services group (a.k.a. COE). Examples include the JMS connector and Command Connector.

Some time ago the professional services group moved to CSC, leaving the status of the professional services connectors a bit unclear. People were still maintaining professional services connectors, but it became more difficult because they needed to focus on CSC projects. Not on maintaining the connectors.

Another development is the creation of alternatives for platform connectors. The development of platform alternative takes a lot of time and blocks the possibility of including the enhancements into the product since they were on a different code base. So Cordys had to revise its strategy. One particular idea that kept showing up, both within as outside of Cordys: make the platform and professional services connectors open source. External developers will then be able to customize and enhance a connector instead of rebuilding it from scratch and Cordys will have the option to include a snapshot of the open source connector into the platform. Connectors shipped with Cordys will have support, which makes the customers happy.

The last two weeks this idea was validated with customers, partners and colleagues. All parties were positive about the overall idea. Thus Cordys decided to go forward with it.

The next step is creating a concrete proposal which includes details like timing, a definition of what Cordys support means, the location sources and a list of connectors to start with. 

This is a good idea and will hopefully increase the number of connectors and also the quality. Looking forward to it.


Cordial 2010


The 14th and 15th September I visited the Cordial 2010 event with 5 of my CIBER colleagues. This is a small overview of the event and my findings.


The subtitle of the event was Accelerate Time To Value.
The whole message of the event was that the Cordys offerings will shorten your time to value, a promise of all BPM vendors, but I think Cordys can actually achieve it.

The majority of the presentations were about Cloud computing, so the terms IaaS, SaaS, PaaS and  BPaaS were mentioned a lot.
Cordys also has launched a new product in 2009 called Cordys Process Factory (CPF).
This new product was built on top of BOP4 and will nicely integrate with BOP4. The product is meant to build dynamic MashUps in the Cloud with little effort.
It abstracts the more complex features of BOP4, to make it simple to use. Cordys now can offer services on premise, in the cloud and both.

Per Jonsson was presenting on his first month as the new CEO of Cordys. Quiet, calm, smart Scandinavian gentleman, something different as oppose to the more energetic Jan Baan.
Jan Baan launched his book on BPM.
Theodoor van Donge, the CTO of Cordys, gave us a nice preview of the most important new features in Cordys FP1.

Product Update

Cordys Process Factory

  • New: MashApps on Mobile
  • New: Connection On-Premise
  • SSO
  • SAML2.0 to access On-Premise services
  • OAuth to access Cloud services


  • Multi Browser support in CWS (Chrome, Safari, IE, Firefox)
  • Improved Internationalization
  • Context based help in modeling (showing the next possible steps possible)
  • BAM further aligned
  • Advanced task management features to handle a case
  • MDM modeller included in BOP4
  • Change tracking of Models
  • KPI in Processes in Activities
  • Less navigation needed during modelling

Cloud Provisioning

The Cordys Business Operations Platform complements the Business Operations Platform with automated provisioning and metering of applications for the Cloud.
  • New: Admins can maintain environments of customers and their applications offerings
  • New: External application can be partitioned over different clusters
  • New: Multi Browser support

Collaborative Engineering

Strategic Update

The mission of Cordys was mentioned by Hans de Visser (CMO):
We help our customers to improve their business operations with world-class, process oriented software which allows them to change and innovate the way they do business with greater speed and flexibility.

So What's Cordys?
  1. Cordys is one single platform
  2. Two propositions: 1-Business Operating Platform 2-Cordys Process Factory
  3. Three domains: 1-Integration 2-BPM 3-Composite Application Development
  4. Cloud
  5. Focus on vertical markets: Communications & Media, Banking, Financial Services & Insurance, Energy & Utilities, Manufacturing & Logistics, Government

Produkt Oriented --> Marketing Oriented
Development of the platform but implementations are done by Partners (like CIBER).

Multiple Deployment Models
On-Premise (BOP4)
Cloud (CPF)
Hybrid (BOP4/CPF)

Social Contextual Collaboration
Integration with Google Wave to collaborate
Integration with other social network tools (Facebook, Twitter, ..)


It is now possible to certify yourself in Cordys. First you need Fundamentals and then you have the option to specialize in BPMS Developer, UI Developer and Backend Developer.
In case you have all, you can name yourself Solution/Product architect.


Not all presentations were useful, but the time of the parallel sessions was also very limited (only 30 min for a presentation). This makes it difficult to tell the story.
Hopefully next year these sessions take more time.

I am very excited on the number of people that visited the event and met a lot of interesting people.
I am curious to see if the Process Factory product will gain momentum and I can't wait to use it for customers.
For the moment a SOA and use of BPM is already a big step for most customers, but BOP4 is a very good solution.
Its now time for Cordys to harvest after almost 10 years of development.

More can be read on http://cordial.cordys.com


Cordys BOP4 and SSL be aware


In one of my previous Blog item about Cordys BOP4, I described how Apache WebServer and Cordys BOP must be configured for using secure two-way-SSL.
I discovered some behavior of this set-up which i want to share in this blog.


When you configure two-way-SSL in Apache Webserver, the client certificate is used by the Apache WebServer to check whether this client may access the WebServer.
However this certificate is also used by Cordys BOP4 for the identification of the User within BOP4.
For this you have to configure a User that has the client certificate attached to it.

* Goto User Manager > Users Roles
* Select a User, Right click Edit
* Select as Authentication Type: Certificate
* Click Use Certificate and import the public certificate of the client (X.501 compliant)

When you sent a soap message to the platform you must NOT use wsse:Security tags in the soap header anymore


When you do this you will get the following error:

         Not a valid user.
            com.eibus.security.identity.InvalidIdentityException: Failed to determine identity: Could not determine identity, found multiple identities in the SOAP message
    at com.eibus.security.identity.UserIdentityFactory.determineIdentity(UserIdentityFactory.java:80)
    at com.eibus.soap.Processor._determineIdentity(Processor.java:1608)
    at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:312)
    at com.eibus.soap.SOAPTransaction.<init>(SOAPTransaction.java:175)
    at com.eibus.soap.Processor.onReceive(Processor.java:956)
    at com.eibus.soap.Processor.onReceive(Processor.java:929)
    at com.eibus.connector.nom.Connector.onReceive(Connector.java:417)
    at com.eibus.transport.Middleware$NonTransactionalWorkerThreadBody.run(Middleware.java:1722)
    at com.eibus.util.threadpool.WorkerThread.run(WorkerThread.java:64)
Caused by: com.eibus.security.identity.IdentityCreationException: Could not determine identity, found multiple identities in the SOAP message
    at com.eibus.security.identity.UserIdentityFactory.determineIdentity(UserIdentityFactory.java:66)
    ... 8 more


A client certificate with two-way-SSL is also used by Cordys for identifying the logical User within BOP4.
This means that if you want a client server to have several different users, with different roles, use Cordys, the server must also have different client certificates.

I would expect that the client certificate was only used for server authentication and that the WS-Security tags were used to authenticate the logical user.


Cordys in the Cloud


Cloud is one of the buzzwords today and Cordys also has a Cloud platform: The Cordys Process Factory (CPF).

So what is it?
It is a webbased integrated cloud environment for rapid Cloud Application Development. You can build forms, business processes, integration with other webservices and reporting.

How does it work?
A CPF Composer is used to design forms, business processes, business rules, using external webservices, reports and charts (PDF, HTML, MS Word, or MS Excel).

There is a CPF marketplace where you can sell your cloud application as a SaaS product and where you can buy other products as well.

A Simple example

When you fill in you credentials the Cordys Explorer or MashupComposer is shown.

* Select "Create a new application" and fill in the application information, click Save and go to Composer

* The Composer is shown

* Select Build Forms > New Form and fill in the following details

* The Forms composer is shown. Drag-and-Drop a Number field and fill in the properties

* Add Another Number2 field

* Add another Sum (Number field) with the following properties:

* Click Save
* Click Check In. This way other users can use it.

Create Application Tab and Add Form to it

* Click Configure Application > Application Tabs
* Click Check Out (in order to make changes to it)

* Click New Tab and fill in Properties and click OK

The Tab is added to the existing Tabs

* Click Save and click Check In

Publish the Application

Now we are ready to Publish the application

* Click Publish Applications on the Composer Assistant

Use the Calculator Application

Now we can use the calculator application
* Click Change Application and you can select the Calculator App

* Click the Calculator Tab and fill in some numbers

Notice that the numbers are automatically added.


This blog item showed the possibilities of the Cordys Process Factory Cloud Platform with which you can develop Cloud Mashup Applications.
More information can be found here and you can register here to start developing cloud applications.


Book review: SOA: An Integration Blueprint


This describes a review of the book: Service-Oriented Architecture: An Integration Blueprint. The book is written by Guido Schmutz, Daniel Liebhart and Peter Welkenbach.
The book is about successfully implementing your own enterprise integration architecture using the Trivadis Integration Architecture Blueprint (TIAB). The authors try to set a standard for integration problems that organisation face.


The book contains 5 chapters, but unfortunately the subchapters are not numbered and sometimes it is difficult to see what belongs to what.
Chapter 1: Basic Principles
Chapter 2: Base Technologies
Chapter 3: Integration Architecture Blueprint
Chapter 4: Implementation scenarios
Chapter 5: Vendor Products for Implementing the Trivadis Blueprint
I will dive deeper into the chapters later on, but first some general remarks about the book.

General remarks

  • As sais before I missed the subchapter numbering.
  • The book describes an integration blueprint, so the term Service-Oriented Architecture as title is misleading. The book does not even mention Thomas Erl's books.
  • I miss the description of the WS-* standards, commonly used within integration- and service oriented architectures.
  • I miss the description of XML, XML Schema, XSLT, XQuery, commonly used within integration- and service oriented architectures.
  • The layering described within the book, of the integration solution is clear, but not totally new. There are a lot books already describing the 5-layering model used within a SOA.
  • On a scal of 1-5 stars, I would rate the book as 2.

Ch1 - Basic Principles

This chapter describes the basic principles of EAI, SOA, Grid Computing and XTP. Because of the missing subchapter numbering, this chapter looks chaotic.
All common terms are described like ESB, Hub-and-Spoke, Middleware, Communication methods, SOA, Broker, Router, EDA.
Some of the concepts are used within the blueprint, but most are not.

Ch2 - Base Technologies

This chapter describes a selection of the base solutions related to the implementation of solutions based on the Blueprint.
It covers OGSi, JCA, JBI, ESB, SCA and SDO.
Most of the technologies are not further described within the Blueprint exampels, so this chapters is a little bit confusing and misses a lot of other common technologies like XML Schema, XSLT, XQuery, WSDL, SOAP, etc.
At least the technologies could be mentioned.

Ch3 - Integration Architecture Blueprint

This chapter covers the Blueprint and is actually well worth reading. The authors make a distinction between the Applications and Data View and the Integration View.
The Integration View is divided in three levels: Application, Integration Domain and Transport level.
Within the integration there are 5 layers: Communication-, Collection-, Mediation- and Distribution layer. Each layer has its reponsibilities. In the next chapters all the layers are described in more detail.

The nice thing about the Blueprint is that it gives you a "standard" way to describe, design and implement a integration solution. It comes with a small set of notation elements too.

Ch4 - Implementation scenarios

This chapter describes some integration scenarios using the Blueprint. There is also an example that claims to be SOA but that remains to be seen. The approach taken is just the "old" integration using new technology.

Ch5 - Vendor Products for Implementing the Trivadis Blueprint

This chapter maps some product lines to the Blueprint. It covers: Oracle Fusion Middleware, IBM WebSphere, Microsoft Biztalk and Spring Framework.


I liked the layering approach of the Integration Blueprint but I miss the WS-* and XML standards in the book. Furthermore I think the Blueprint can get very complex when you also want to describe handling errors and other bad weather scenarios.
I missed the purpose of chapter2 mainly because it is not addressed further in the next chapters and how it is used within the Blueprint.