Application upgrade to

abnormalobeisanceSecurity

Nov 3, 2013 (3 years and 10 months ago)

108 views

MGHSURG MOSAIC
Application upgrade to
Cache Web Services

MGH OR Group

Existing Application





MOSAIC

(
M
GH
O
R
S
chedule
A
nd
I
nformation
C
enter)
-

Intranet
-
based Web Schedule to
improve and streamline access to OR
scheduling
-
related information, and to eliminate
the inefficient photocopying and distribution
process saving the staff both time and money.

Application details



Implementation:


DHTML Application processing data provided by WebLink
XML Services.

Problems:


Security:
Existing HTML Application contains the actual
WebLink URL and Parameters visible to the end user.


Resources:
Limited resources to complete the work.


Dependencies:

The WebLink XML Service is used by
other applications within the hospital.

Design Approach




To hide WebLink Service URL and parameters from
end user.


Convert DHTML Application to ASP Application.


Hide WebLink Access in Server Side Script


Process only requests coming from a certain web page
(via shared secret).


Warning:

If you have web application running on PPD
Servers, converting DHTML Application to ASP
Application and accessing WebLink XML Services on
PPD via Server Side scripts will NOT WORK in
production. It works fine in QA and Development.


Design Approach (continued)




Convert WebLink XML Service to SOAP Web Service
using Cache objects, querying existing legacy
database.


Secure SOAP Web Service via ASG/Soap Station


Provide existing users with guidelines on how to
convert to the new SOAP Web Service.


After all users have switched to the new SOAP based
Web Service retire old WebLink XML Service.


Data Filtering by Account and/or Application (HIPPA
Compliance, Audit, etc.)

Our Approach to SOAP based Web Services using CACHE
Objects?




Create Web Service using CACHE Web Service
Wizard. Supports SOAP automatically.


Use Registered Objects with Support for XML to
represent legacy data.


This type of objects gave us more developer
-
friendly
representation of packed data, and did not require
conversion of existing legacy data.


Use/Alter existing routines to fill objects with data.

Code Samples and walkthrough






Create Web Service: From CACHE Studio using menu: File>New select Web Service


Enter Web Service Details


Click OK, and add methods to support required
functionality.


Create CACHE Object to represent XML Schema
using the New Class Wizard


You have the flexibility to separate different sets of data in packages by functionality,
areas or business rules.

Make sure that Registered is selected


Specify that class supports XML



When you click Finish, the new class is created and you
are ready to add properties:




In our design we used a Registered class to implement the IO routines. This
helps us to keep the XML objects abstracted from actual IO processing
code in case we need later to reuse objects, but use different data provider.


The process of updating existing routines is simple mapping
between object properties and existing xml tags in WebLink returned
code.



Web Services Performance
0
500
1000
1500
2000
2500
3000
3500
10
30
150
350
450
Data (KB)
Time (ms)
USING ASG
NOT USING ASG
WEBLINK
Performance Testing

Recommendations




Map Legacy Data record to Object(s).


Separate DB Reading objects/routines from
Data Objects. This will add flexibility when
changing DB source, but preserves the XML
Schema.


Apply additional filtering based on requirements
(HIPPA, Audit, etc.)



Web Service Process flow

Legacy DB

I/O Routines

DB Reader Object (s)


Web Service

Registered objects

with XML Support

representing single

Record in legacy DB

A

B

C

D

C

A

R

E

A

D

POPULATE

R

E

Q

U

E

S

t

O

B

J

E

C

T

SOAP HTTP

Request

Additional Services

HIPPA Filter

Audit

Statistics

Applications

WS Security
Gateway
(ASG/SOAP Station)

DHTML

ASP

ASP.NET

Cache

Java

Visual Basic
(SOAP TOOLKIT)

And any other
application
supporting
SOAP

Connect

Secure

Monitor

Manage

Authenticate


CACHE WEB SERVICES OBJECTS

Web Service Object extends
%SOAP.WebService

XML Object Extends
(%RegisteredObject,
%XML.Adaptor)

I/O Object Extends
(%RegisteredObject)

Summary

Resources:



Partners Service Developer


guidelines and
examples

http://share.partners.org/sites/phs/sd/Pages/Home.
aspx