EIC-MPID Mapper service

This microservice is used to map EIC-Codes to MPIDs. It can import and store the mapping. It can be integrated into the AS4-Schedule workflows.

Run the Application

You can execute the application with docker.

By default, the application can be accessed locally via: http://localhost:8080

To change the server port, configure the server port in application.properties.

server.port=8080

Actuator

This root url for actuator is: http://localhost:8080/aep-b2b-eic-mpid-mapper/actuator

Swagger

For API documentation, Swagger is used.

The url for swagger is: http://localhost:8080/aep-b2b-eic-mpid-mapper/swagger-ui.html

Keycloak security

Securing the resource server (EIC Mpid Service)

Set the following property to secure the service using keycloak. If this property is missing, the security is switched off by default.

Switch on security:

b2b.security.auth-method=keycloak-enriched

Switch off security:

b2b.security.auth-method=no-keycloak-enriched

Additional required configuration for keycloak if the security is switched on:

spring.security.oauth2.resourceserver.jwt.issuer-uri=https://<keycloak-url>/auth/realms/<realmName>
spring.security.oauth2.resourceserver.jwt.jwk-set-uri=https://<keycloak-url>/auth/realms/<realmName>/protocol/openid-connect/certs

Securing the rest calls to other services

The EIC service connects to other backend services such as B2B backend using rest api. To enable keycloak protection for the rest call, set the following properties. If this property is missing, the rest call protection is switched off by default.

Switch on:

b2b.security.secured-rest-client=true

Switch off:

b2b.security.secured-rest-client=false

Set the following keycloak properties for authenticating the rest API calls to other services. These properties are required if the b2b.security.secured-rest-client is set to true

spring.security.oauth2.client.provider.keycloak.issuer-uri=<keycloak-url>/auth/realms/<realmName>
spring.security.oauth2.client.registration.keycloak.provider=keycloak
spring.security.oauth2.client.registration.keycloak.client-id=eic-mpid-mapper
spring.security.oauth2.client.registration.keycloak.client-secret=123456790
spring.security.oauth2.client.registration.keycloak.authorization-grant-type=client_credentials
spring.security.oauth2.client.registration.keycloak.scope=openid

Keycloak Client Setup

Create Client:

Go to keycloak admin UI Go to Clients Create new client with Client ID: eic-mpid-mapper Switch on Client authentication and Service account roles. Leaeve the remaining setting to default and click save

Configure Client:

  • Go to Clients.
  • Select the client: eic-mpid-mapper.
  • Go to the Credentials tab and get the secret key. Update the application.properties with the secret key.
  • Go to Service account roles and add the required roles.

Other configuration required for tenant separation while calling other rest services.

  • Go to Client scopes:
    • Select the dedicated scope.
    • Click Add Mapper.
    • Select by configuration.
    • Select Hardcoded claim.
    • Set the Name: Tenant Mapper.
    • Set the Token Claim Name: tenants.
    • Set the Claim value for this service account. Set all to allow all tenants.
    • Click save.

B2B Rest

b2b.url=http://localhost:18001/b2bbp-engine/api
b2b.response-body-max-size=20
b2b.connect-timeout=10000
b2b.read-timeout=10000

Value of b2b.response-body-max-size is in mb - represents max data size that can be transferred. Timeout values are in milliseconds.

MSSQL Database

The application needs to be connected to a mssql database instance to run. It uses the database to store the EIC-MPID mappings.

Configure these properties:

datasource.url=jdbc:sqlserver://localhost:1433;DatabaseName=eic_mpid_mapper;trustServerCertificate=true;
datasource.username=AdminEicMpidMapper
datasource.password=pass

Provide a database with empty schema. The application will create the tables on startup.

Sftp Crawling

The application can connect to a sftp-server to import xml-mapping-files periodically. (Internal hint: the files must match the following XSD.)

Following properties need to be configured

sftp.server=localhost
sftp.port=2222
sftp.user=foo
sftp.password=pass
sftp.crawl-folder=upload
sftp.ignore-file-ending=tmp

# Poll interval in milliseconds
sftp.poll-interval=5000

in the above example config: all files ending with .tmp will be ignored.

The sftp.crawl-folder is relative to the home directory of the sftp user.

RabbitMQ

Die Anwendung benötigt den Host und Port des Message Brokers sowie die Zugangsdaten:

rabbitmq.host=localhost
rabbitmq.port=5672
rabbitmq.username=guest
rabbitmq.password=*****

Die Anwendung empfängt ein ScheduleEvent vom B2B Message Service, das das Fahrplan-Dokument über AMQP enthält. Die zu konsumierende Queue muss konfiguriert werden und wird aus dem Namen des Exchange und dem Gruppennamen zusammengesetzt.

outbound-schedule.consumer-exchange=b2b.outbox
outbound-schedule.consumer-group=default
outbound-schedule.consumer-routing-key=https://www.bdew.de/as4/communication/services/FP

Der Exchange, das Binding und die Queue werden automatisch angelegt. Das Binding wird durch den RoutingKey der Property outbound-schedule.consumer-routing-key konfiguriert.

Nach der Bestimmung der MPID wird die Nachricht an die Queue des AS4-Outbound-Market-Message-Service versendet und weiterverarbeitet. Dafür werden folgende Properties konfiguriert:

outbound-schedule.producer-exchange=as4.outbound.request
outbound-schedule.producer-header-name='default'

Durch den Wert der Property outbound-schedule.producer-header-name wird nach dem RoutingKey default geroutet. Es ist möglich, das Routing anhand der Service-Id, des Partners oder des System (Tenants) durchzuführen. Dafür müsste die Property wie folgt konfiguriert sein:

# Beispiel für Routing nach Service-ID
outbound-schedule.producer-header-name=headers.serviceId

# Beispiel für Routing nach Partner
outbound-schedule.producer-header-name=headers.partner

# Beispiel für Routing nach System
outbound-schedule.producer-header-name=headers.tenant

Sollte keine MPID gefunden werden (Fehlerfall), so wird zum B2B-Message-Service ein Receipt-Objekt zurückgeleitet, welches Informationen zum Fehler beinhaltet. Im B2B-Message-Monitor wird der VS Status ERR angezeigt und die genaueren Infos zum Fehlerfall befinden sich in den jeweiligen Reports unter den technischen Details.

outbound-schedule.receipt-producer-exchange=as4.receipt.outbound
outbound-schedule.receipt-producer-header-name=serviceId

Die Property outbound-schedule.receipt-producer-header-name gibt hierbei an, dass nach der Service-ID geroutet wird.

Determining partner mpid in outbound ack message (B2B)

Following properties need to be configured:

b2b.url=http://localhost:18001/b2bbp-engine/api
correlation-time-range=P30D

correlation-time-range decides how much time from the current time do we want to go back to search for the correlated SCHEDULE/SRQ message

Default value is: P30D

acceptable values for correlation-time-range: P30D, P10H, P1Y, P2M, P2M10D

D: days, H: hours, Y: years, M: months

View Me   Edit Me