Web Services

JAXB Fast and Convenient way to bind XML Schemas to Java Representations Provides methods for unmarshalling XML instance documents into Java Content Trees

WebServices – Business Definition So…What does that REALLY mean to technologists ? Web services are a powerful integration architecture that enables applications to dynamically interact across networks, through the use of open Internet technologies

Web Services – A Technical Definition Web services are software components described via WSDL which are capable of being accessed via standard network protocols such as SOAP over HTTP

Conceptual Foundation Service Service Description Service Description Bind

Conceptual Web Services Stack Service Flow Service Discovery Service Publication Service Description XML-based Messaging Network Security/Trust/Privacy Management Quality of Service

Definition of Stack Layers Network Internet-standards-based transport HTTP,HTTPS FTP SMTP Network choice should be based on Where service will be accessed from Existing network and messaging infrastructure Degree of reliability and security required Degree of interoperability required

Definition of Stack Layers XML-Based Messaging Messages are sent as XML documents conformant to well known or published XML Schemas The messaging infrastructure will use SOAP SOAP is the simple, standardized enveloping mechanism for communicating document centric messages and remote procedure calls using XML SOAP defines a standard mechanism to incorporate orthogonal extensions to the message using SOAP headers

Definition of Stack Layers Service Description Service Interface Definition Specification of logical interface and bindings WSDL provides all IDL capabilities Service Interface Definition Type Message PortType Binding Service Implementation Definition Service Port

Definition of Stack Layers Service Description Service Implementation Definition Defines network location, protocols, security requirements and other attributes specific to a particular instance of a service endpoint for a binding Service Interface Definition Type Message PortType Binding Service Implementation Definition Service Port

Definition of Stack Layers Service Publication Make the Service Description available Create the nonfunctional service description Taxonomy, ownership, business name, business type, various keywords for discovery easier Endpoint details and requirements Where the description is published can vary: Directed-email, diskette, ... Web Service Inspection Language (WSIL) UDDI—Private or Universal Business Registry

Definition of Stack Layers Service Discovery Static Services found and bound to at development time Found in file system, URL, or services directory Tools browse/search/generate skeletons proxies Dynamic Bind interface during development and Find service implementation endpoint at runtime Interface and Endpoint found and bound at runtime Found at URL or services directory UDDI defines a searchable services directory

Definition of Stack Layers Service Flows Services as activities in work flows Flows of services, potentially between partners Services as wrappers for exposed business processes Service composition

Definition of Stack Layers Quality of Service Network Level: reliable messaging Service Description Level: Implementation level Ex. Transactional, secure Interface level Ex. Tolerable response times Provided by WSDL and potentially other definitions (potentially based on ebXML Partner Agreements type of information) Publication/Discovery: highly available UDDI node

Definition of Stack Layers Security Requirements: Confidentiality Authorization Data Integrity Proof of Origin Non-Repudiation

Definition of Stack Layers Security Network HTTPS, SSL, current network technologies XML Messaging Basic Auth in SOAP header XML Digital Signature Support trusted third-party authentication Service Description Security capabilities and requirements Publication/Discovery Trusted registry, trusted access (same issues)

Definition of Stack Layers Management Means: Information: Identification, Configuration Metrics: Performance Control: Operations, Configuration By Management System for: Web Services Infrastructure Each enterprise responsible for managing own infrastructure Enterprises will need to expose management interfaces for use by business partners: status, query, cancel

WebServices - Distinguished Features Open Infrastructure Deployed using Industry standard Protocols HTTP, XML Language Transparency Web services and their clients can interoperate even if written in different programming languages Modular Design Ability to generate new services through integration

XML-RPC RPC protocol which uses XML to encode its calls and HTTP as transport mechanism Array <array> <data> <value><i4> 1404 </i4></value> <value><string> Something here </string></value> <value><i4> 1 </i4></value> </data> </array>

XML-RPC Base64 <base64> eW91IGNhbid0IHJlYWQgpcyE= </base64> Boolean <boolean> 1 </boolean> Double <double> -12.53 </double> Int < int >234</ int > <i4> -11 </i4>

XML-RPC Request/Response XML-RPC Method Request <methodCall> <methodName> examples.getStateName </methodName> <params> <param> <value><i4> 40 </i4></value></param> </params> </methodCall> XML-RPC Method Response <methodResponse> <params> <param> <value><string> South Dakota </string></value> </param> </params> </methodResponse>

JAX-RPC JAX-RPC defines standard Java APIs for XML-based RPC XML based protocol: SOAP 1.1 and 1.2 Representation of RPC requests, responses and related context information Services described using WSDL

What is SOAP ? A lightweight xml-based protocol for message exchange Supports message typing, strong typing, and structured data Styles RPC: formatted payload for method invocation Document: xml document payload Encodings Encoded Literal Headers: security, context Works over more than just HTTP!

SOAP Flow Application Application Web Service Service Requestor Service Provider SOAP Network Protocol SOAP Network Protocol 1 2 4 3 Service Invocation Response

What is SOAP ? (Contd..) Consists of three parts An Envelope A set of encoding rules Conventions for RPC request & response

SOAP Message <?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope SOAP-ENV:encodingStyle= "http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV= "http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <SOAP-ENV:Header> <hd:Security xmlns:hd="http://www.e1.com"> <username>Wilner</username> <password>BigDeal</password> </hd:Security> </SOAP-ENV:Header> <SOAP-ENV:Body> <ns1:GetCustomer xmlns:ns1="http://www.e1.com"> <CustomerId xsi:type="xsd:int">6734</CustomerId> </ns1:GetCustomer> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

SOAP Message SOAP Envelope <Envelope> encloses message SOAP Body <Body> encloses body entries SOAP Header <Header> encloses headers (optional) Header Entry Header Entry … Headers entries contain extensions Body Entry Message name and data

SOAP Envelope Top Level XML Element of SOAP Message It MUST be present in a SOAP message It MAY contain namespace declarations as well as additional attributes

SOAP Envelope < SOAP-ENV:Envelope SOAP-ENV:encodingStyle= "http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV= "http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" > <SOAP-ENV:Body> … </SOAP-ENV:Body> </ SOAP-ENV:Envelope >

SOAP Body Body entry contains application-specific data Serialized based on encodingStyle May represent an RPC request or response message, a specific document, or whatever you want Only fault structure has been defined for SOAP Body.

SOAP Body <SOAP-ENV:Envelope … > <SOAP-ENV:Body> <ns1:GetCustomer xmlns:ns1="http://www.e1.com"> <CustomerId xsii:type="xsd:int"> 6734</CustomerId> </ns1:GetCustomer> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

SOAP Header Allows (optional) context information to be added to message independently of the payload Authentication and authorization information Transaction id Object id Intermediary specific information – chaining Routing information – to, from, via, etc… Security information Auditing

SOAP Header Attributes Should be used on immediate child elements ONLY SOAP actor attribute – Global attribute to indicate the recipient of the header element. SOAP mustUnderstand - Global attribute to indicate that that the recipient of the message must process the message.

SOAP Header <SOAP-ENV:Envelope … > <SOAP-ENV:Header> <hd:TID xmlns:hd="http://www.e1.com"> 673456:4439234:439439439349 </hd:TID> <hd:Security xmlns:hd="http://www.e1.com"> <username>Wilner</username> <password>BigDeal</password> </hd:Security> </SOAP-ENV:Header> <SOAP-ENV:Body> … </SOAP-ENV:Body> </SOAP-ENV:Envelope>

SOAP Faults Only Body entry defined by SOAP Carries error information back to originator of a SOAP message Elements Fault Code – VersionMismatch, mustUnderstand, Client, Server Extended Fault Codes Fault String Fault Actor Detail – error information related to BODY element only.

SOAP Fault HTTP/1.0 500 Internal Server Error Content-Type: text/xml; charset="utf-8" Content-Length: 595 <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode>SOAP-ENV:Client</faultcode> <faultstring>Client Error</faultstring> <faultactor>http://www.mindstrm.com/LocalWeather</faultactor> <detail> <m:weatherfaultdetails xmlns:m="WeatherStation"> <message>No such temperature scale: Calcium</message> <errorcode>1234</errorcode> </m:weatherfaultdetails> </detail> </SOAP-ENV:Fault> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

SOAP Encodings SOAP encoding offers the following rules to convert any data value defined in SOAP data model into XML format. Encompasses the organization of data structure Schemas are used as references to definition of data element Polymorphic Accessor MUST contain an xsi:type attribute Compound Types Arrays & Structs Directed-Labeled-Graph

SOAP Encoding Rules - Compound Types Array – ordinal position is the distinction Homogeneous Arrays xsi:type=“SOAP-ENC:Array” Attribute SOAP-ENC:arrayType used to declare type of objects Heterogeneous Arrays To encode – use xsd:ur-type Partial Arrays xsi:null is used to encode null elements SOAP-ENC:offset attribute represents ordinal position of first element. Sparse Arrays SOAP-ENC:position for each element of the array Struct – accessor name is distinction among members xsd:complexType

SOAP Over HTTP Request POST / HTTP/1.1 SOAPAction: "http://www.e1.com/GetCustomer" Content-Type: text/xml; charset=utf-8 Host: localhost:8081 Content-length: 706 <SOAP-ENV:Envelope … > <SOAP-ENV:Body> <ns1:GetCustomer xmlns:ns1="http://www.e1.com"> <CustomerId xsi:type="xsd:int"> 6734 </CustomerId> </ns1:GetCustomer> </SOAP-ENV:Body> </SOAP-ENV:Envelope> HTTPHeader SOAP Request

SOAP over HTTP Response HTTP/1.1 200 OK Content-Type: text/xml; charset=utf-8 Content-Length: 226 <SOAP-ENV:Envelope … > <SOAP-ENV:Body> <ns1:GetCustomerResponse xmlns:ns1="http://www.e1.com"> <Name xsi:type="xsd:string"> Fred Flintstone </Name> <Balance xsi:type="xsd:decimal"> 2349.27 </Balance> </ns1:GetCustomerResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope> HTTP Response Header SOAP Response

Service Activation Models Request-level Service Activation A new instance of the object is created for each request Application-level Service Activation The class is treated as a singleton Session-level Service Activation An object for each session

SOAP – Alternative Techniques SOAP Messaging Different Format than RPC Services No Concept of a method signature, method parameters, or return values in the messaging model Messaging Requirements Name of the first child must correspond to the name of the service xmlns namespace attribute on that element specifies the name of the service. SOAP Document/Wrapped SOAP With Attachments

SOAP Messaging - Example <SOAP_ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"> <SOAP-ENV:Body> < recordTemperature xmlns=" urn:WeatherDiary "/> <temperature>75.5</temperature> <zipcode>50328</zipcode> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

SOAP Document/Wrapped Neither use SOAP encoding for Data ; Just Plain old Schema Binding is still done to XML

Document/Wrapped Example <soap:Envelope xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <soap:Body> <myNS:PurchaseOrder xmlns:myNS="http://commerce.com/PO"> <item>SK001</item> <quantity>1</quantity> <description>Sushi Knife</description> </myNS:PurchaseOrder> </soap:Body> </soap:Envelope> Document public void method(PurchaseOrder po) Wrapped public void purchaseOrder(String item, int quantity, String description)

SOAP Features Message Transport Service Contract Type System

SOAP based Service Request/Response Message Exchange Pattern Example HTTP request/response

Patterns in Web Service Message Exchange Pattern Publish/Subscribe Solicit/Response

WSDL - Overview WSDL is a simple XML grammar for describing how to communicate with a Web service It defines the messages (both abstract and concrete) that are sent to and from a service It defines logical collections of messages (“port type”, “interface”) It defines how a given “port type” is bound to particular wire protocols It defines where the service is located

WSDL Overview (Contd..) Service interface What can it do? Service implementation How do I invoke it? Service location Where does it reside?

WSDL Elements <definitions…> <types>…</types> <messages…>…</messages> … <messages…>…</messages> <portType…>…</portType> <portType…>…</portType> <binding…>…</binding> <service…>…</service> </definitions>

WSDL Document Structure <definitions> <types>  </types> <message name=“getQuote_In” /> <message name=“getQuote_Out” /> <portType name=“StockQuoteServiceInterface”> <operation name=“getQuote”> <input message=“getQuote_In” /> <output message=“getQuote_Out” /> </operation> </portType> <binding name=“StockQuoteServiceBinding” type=“StockQuoteServiceInterface”> <soap:binding transport=“http://schemas.xmlsoap.org/soap/http” /> </binding> <service name=“StockQuoteService”> <port name=“StockQuoteServicePort” binding=“StockQuoteServiceBinding”> <soap:address location=“http://www.acme.com/services/stockquote” /> </port> </service> </definitions> Definition of data types Definition of messages Definition of port type Definition of the bindings Definition of the service

WSDL Elements -Definitions < definitions name="CustomerAdmin" targetNamespace= "http://www.example.com/customer" xmlns:tns="http://www.example.com/customer" xmlns: soap = "http://schemas.xmlsoap.org/wsdl/soap/" xmlns: xs ="http://www.w3.org/2001/XMLSchema" xmlns: xsi = "http://www.w3.org/2001/XMLSchema-instance"> xmlns ="http://schemas.xmlsoap.org/wsdl/" … </ definitions >

WSDL Elements - Types <definitions .... > <types> <xsd:schema .... />* </types> </definitions> Optional Element Holds, points to, or imports an XSD Encloses data type definitions relevant for the exchanged messages WSDL 2.0 allows for alternatives to XML-Schema Relax NG DTD

WSDL Elements - Messages Defines the messages that implement the service Constructed from data types defined in the types section or available as defaults The part name attribute provides a unique name among all the parts of the enclosing message. The message name attribute provides a unique name among all messages defined within the enclosing WSDL document <definitions…> <message name=“nmtoken”> * <part name=“nmtoken” element=“qname”? type=“qname”?/>* </message> </definitions>

WSDL Elements – Port Types Presents the service as named operations Similar to Java Interface Four Transmission primitives One-Way Request-Response Solicit-Response Notification Specify directional properties in and out from service’s perspective in message is to a service out message is from the service in/out indicate request/response pattern out/in indicate solicit/response pattern <wsdl:definitions…> <wsdl:portType name=“nmtoken”> <wsdl:operation name=“nmtoken”…/>* </wsdl:portType> </wsdl:definitions>

One-way Operation <wsdl:definitions .... > <wsdl:portType .... > * <wsdl:operation name="nmtoken"> <wsdl:input name="nmtoken"? message="qname"/> </wsdl:operation> </wsdl:portType > </wsdl:definitions>

Request-Response Operation <wsdl:definitions .... > <wsdl:portType .... > * <wsdl:operation name="nmtoken" parameterOrder="nmtokens"> <wsdl:input name="nmtoken"? message="qname"/> <wsdl:output name="nmtoken"? message="qname"/> <wsdl:fault name="nmtoken"? message="qname"/> </wsdl:operation> </wsdl:portType > </wsdl:definitions>

Solicit-response Operation <wsdl:definitions .... > <wsdl:portType .... > * <wsdl:operation name="nmtoken" parameterOrder="nmtokens"> <wsdl:output name="nmtoken"? message="qname"/> <wsdl:input name="nmtoken"? message="qname"/> <wsdl:fault name="nmtoken"? message="qname"/> </wsdl:operation> </wsdl:portType > </wsdl:definitions>

Notification <wsdl:definitions .... > <wsdl:portType .... > * <wsdl:operation name="nmtoken"> <wsdl:output name="nmtoken"? message="qname"/> </wsdl:operation> </wsdl:portType > </wsdl:definitions>

WSDL Elements - Bindings A <binding> element is a concrete protocol and data format specification for a <portType> element. Similar to Java implementation of an interface (wsdl porttype ) Provides implementation details of service defined abstractly Transport Protocol to be used in sending and receiving SOAP messages HTTP or SMTP or anything else <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http "> Style of the service Style attribute takes either “rpc” or “document” as the value @SOAPBinding(style = Style.RPC) Data Format to be used in the SOAP messages Use attribute has two choices - Literal and encoded

Bindings <wsdl:definitions…> <wsdl:binding name="nmtoken" type="qname"> * <-- extensibility element (1) --> * <wsdl:operation name="nmtoken"> * <-- extensibility element (2) --> * <wsdl:input name="nmtoken"?> ? <-- extensibility element (3) --> </wsdl:input> <wsdl:output name="nmtoken"?> ? <-- extensibility element (4) --> * </wsdl:output> <wsdl:fault name="nmtoken"> * <-- extensibility element (5) --> * </wsdl:fault> </wsdl:operation> </wsdl:binding> </wsdl:definitions>

SOAP binding of one-way operation over SMTP using a SOAP Header <binding name="StockQuoteSoap“ type="tns:StockQuotePortType"> <soap:binding style="document" transport="http://example.com/smtp"/> <operation name="SubscribeToQuotes"> <input message="tns:SubscribeToQuotes"> <soap:header element="xsd1:SubscriptionHeader"/> </input> </operation> </binding>

SOAP binding of request-response RPC operation over HTTP <binding name="StockQuoteSoapBinding" type="tns:StockQuotePortType"> <soap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> <operation name="GetLastTradePrice"> <soap:operation soapAction="http://example.com/GetLastTradePrice"/> <input> <soap:body use="encoded" namespace="http://example.com/stockquote" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </input> <output> <soap:body use="encoded" namespace="http://example.com/stockquote" encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> </output> </operation>> </binding>

WSDL Elements - Service <service name="Oxford University Libraries"> <documentation> Z39.50 Server for Oxford University Libraries </documentation> <port name="OLIS" binding="ez:ez3950SOAPBinding"> <soap:address location="http://jafer.las.ox.ac.uk/ez3950"/> </port> </service> A web service is a grouping of one or more <port> elements. A <port> element consists of porttype (interface) together with a corresponding binding (implementation)

SOAP Binding in WSDL soap:binding soap:operation soap:body soap:fault soap:header soap:address

HTTP Bindings <binding name="b1" type="pt1"> <http:binding verb="GET"/> <operation name="o1"> <http:operation location="o1/A(part1)B(part2)/(part3)"/> <input> <http:urlReplacement/> </input> <output> <mime:content type="image/gif"/> <mime:content type="image/jpeg"/> </output> </operation> </binding>

HTTP Bindings in WSDL http:address http:binding http:operation http:urlEncoded http:urlReplacement

WSDL Elements Service Implementation Service Interface Service Location operation porttype message types operation binding message port service wsdl part part part XML Schema XML Schema XML Schema XML Schema operation binding message

Bindings – Style/use Default is document/literal Style Use document literal Document encoded rpc literal rpc encoded

RPC – style WSDL <types></types> <message name="getTimeAsString"></message> <message name="getTimeAsStringResponse"> <part name="time_response" type="xsd:string"></part> </message> <message name="getTimeAsElapsed"></message> <message name="getTimeAsElapsedResponse"> <part name="time_response" type="xsd:long"></part> </message>

Document style WSDL <types> <xsd:schema> <xsd:import schemaLocation="http://localhost:9876/ts?xsd=1" namespace="http://ts.ch02/"> </xsd:import> </xsd:schema> </types> <message name="getTimeAsString"> <part element="tns:getTimeAsString" name="parameters"></part> </message> <message name="getTimeAsStringResponse"> <part element="tns:getTimeAsStringResponse" name="parameters“></part> </message> <message name="getTimeAsElapsed"> <part element="tns:getTimeAsElapsed" name="parameters"></part> </message> <message name="getTimeAsElapsedResponse"> <part element="tns:getTimeAsElapsedResponse" name="parameters"></part> </message>

‘ use’ attribute literal encoded

rpc/encoded public void myMethod(int x,float y); <soap:envelope> <soap:body> <myMethod> <x xsi:type="xsd:int">5</x> <y xsi:type="xsd:float">5.0</y> </myMethod> </soap:body> </soap:envelope>

rpc/literal public void myMethod(int x,float y); <soap:envelope> <soap:body> <myMethod> <x>5</x> <y>5.0</y> </myMethod> </soap:body> </soap:envelope>

document/literal public void myMethod(int x,float y); <types> <schema> <element name="xElement" type="xsd:int"/> <element name="yElement" type="xsd:float"/> </schema> </types> <message name="myMethodRequest"> <part name="x" element="xElement" /> <part name="y" element="yElement" /> </message> <message name="empty"/>

document/literal public void myMethod(int x,float y); <soap:envelope> <soap:body> <xElement>5</xElement> <yElement>5.0</yElement> </soap:body> </soap:envelope>

document/encoded Hardly supported/used. JAX-WS does not support this

Wrapped and Unwrapped Document Styles Unwrapped Document Style <?xml version="1.0" ?>  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soapenv:Body> <num1 xmlns:ans="http://example.ws.org/">27</num1> <num2 xmlns:ans="http://example.ws.org/">94</num2> </soapenv:Body> </soapenv:Envelope> Wrapped Document Style <?xml version="1.0" ?>  <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <soapenv:Body> <addNums xmlns:ans="http://example.ws.org/"> <num1>27</num1> <num2>94</num1> </addNums> </soapenv:Body> </soapenv:Envelope>

Guidelines for Wrapped Document The SOAP envelope's body should have only one part The relationship between the WSDL's XSD and the single XML element in the SOAP body is well defined The XML elements in the XSD serve as the wrappers for the SOAP message body The request wrapper has the same name as the service operation The WSDL portType section now has named operations (e.g., getTimeAsString) whose messages are typed

JAX-WS Customizations Customizations for WSDL to Java Mapping They can customize almost all WSDL components that can be mapped to Java Service Endpoint Interface Method Name Parameter Name Exception class Asynchrony Wrapper Style Handler chains

Comparison of Styles/Use (Contd..) Document/Literal Advantages No type encoding information in SOAP Message Easier to validate since everything within the SOAP body is defined in a schema Better suited for asynchronous processing Disadvantages WSDL is getting a bit more complicated The operation name in the SOAP message is lost Document/Literal Wrapped Advantages Contains all advantages of Document/Literal Method name appears in the SOAP message Disadvantages WSDL is still more complicated Cannot use this style with overloaded functions

Comparison of styles/use RPC/Encoded Advantages Flexibility to receiver while dispatching requests to Service Only possible style when you are using polymorphism Disadvantages Harder to validate with too much type information Causes a tight coupling between service provider & client RPC/Literal Advantages Everything is not indicated by the schema, you must still know the RPC rules The type encoding is eliminated from the messages and hence increases throughput performance Disadvantages Same as RPC/Encoded

Pros & Cons of RPC Advantages There is no types section, so wsdl is simple Messages in the WSDL carry the names of the underlying web service operations, which are @WebMethods in a Java-based service Message throughput may improve because the messages do not carry any type-encoding information Disadvantages The WSDL, with its empty types section, does not provide an XSD against which the body of a SOAP message can be validated. The service cannot use arbitrarily rich data types because there is no XSD to define such types. The service is thus restricted to relatively simple types such as integers, strings, dates, and arrays of such. This style, with its obvious link to the request/response pattern, encourages tight coupling between the service and the client Java services written in this style may not be consumable in other frameworks, thus undermining interoperability

Pros and Cons of Document Advantages The body of a SOAP message can be validated against the XSD in the types section of the WSDL. A service in this style can use arbitrarily rich data types, as the XML Schema language supports not only simple types such as integers, strings, and dates, but also arbitrarily rich complex types. There is great flexibility in how the body of a SOAP message is structured so long as the structure is clearly defined in an XSD. The wrapped convention provides a way to enjoy a key upside of the rpc style—naming the body of a SOAP message after the corresponding service operation—without enduring the downsides of the rpc style. Disadvantages In the unwrapped variant, the SOAP message does not carry the name of the service operation, which can complicate the dispatching of messages to the appropriate program code. The wrapped variant adds a level of complexity, in particular at the API level. Writing a client against a wrapped-document service can be challenging. The wrapped variant does not support overloaded service operations because the XML wrapper element in the body of a SOAP message must have the name of the service operation. In effect, then, there can be only one operation for a given element name.

Code first versus Contract First If the service changes, the WSDL automatically changes The code-first approach usually results in a service contract that provides few, if any, provisions for handling tricky but common problems in distributed systems such as partial failure of the service. If the service implementation is complicated or even messy, these features carry over into a WSDL that may be difficult to understand and to use in the generation of client artifacts. In short, the code-first approach is clearly not consumer-oriented The code-first approach seems to go against the language-neutral theme of SOAP-based web services. If the contract is done first, then the implementation language remains open.

Annotations to WSDL Section @WebService( name = "AnnotatedTimeServer", serviceName = “NewTimeServer", targetNamespace = "http://org.ws.example/") @SOAPBinding( style = SOAPBinding.Style.DOCUMENT, use = SOAPBinding.Use.LITERAL, parameterStyle = SOAPBinding.ParameterStyle.WRAPPED)

Annotations to WSDL Sections @WebMethod(operationName = "time_string") @WebResult(name = "ts_out", targetNamespace = "http://org.ws.example") @Oneway @WebParam( name = "client_message", targetNamespace = "http://org.ws.example", mode = WebParam.Mode.IN)

Day 2 Agenda SOAP Handlers Webservices and Binary data RestFul WebServices

SOAP Handlers Handlers are programmer written classes that contain callbacks A client-side handler has access to the outgoing request message as well as incoming response message Handlers encourage Chain of Responsibility pattern Can be Logical or SOAP Handler

SOAP Messaging Architecture <S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"> <S:Header> <uuid xmlns="http://org.ws" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP- ENV:actor="http://schemas.xmlsoap.org/soap/actor/next"> ca12fd33-16e1-4a95-b17e-3ef6744babdc </uuid> </S:Header> <S:Body> <ns2:countBooks xmlns:ns2="http://org.ws"> <arg0>45</arg0> </ns2:countBooks> </S:Body> </S:Envelope> Sender Receiver Intermediary 1 Intermediary 2

Handler Configuration Declarative <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <javaee:handler-chains xmlns:javaee="http://java.sun.com/xml/ns/javaee" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <javaee:handler-chain> <javaee:handler> <javaee:handler-class> UUIDHandler </javaee:handler-class> </javaee:handler> </javaee:handler-chain> </javaee:handler-chains> Programmatic Using APIs – HandlerResolver class setHandlerResolver

Example – SOAP with one Intermediary (Declarative)

Example – SOAP with one Intermediary (Programmatic)

Sequence of Handler Execution Outbound Message Logical handler execute before SOAPHandler Inbound Message SOAPHandler execute before Logical Handler

WebServices and Binary Data Encode data using base64 Results in large payload Overhead of Encode/Decode Transmit as attachments to a SOAP message Using DIME (Direct Internet Mail Extension) Using MTOM (Message Transmission Optimization Mechanism) Based on XOP (XML-Binary Optimized Packaging)

Example – Using Base64Encoding (Part1)

Example – Using Base64Encoding (Part2)

SOAP with Attachments and DIME MIME-Version: 1.0 Content-Type: Multipart/Related; boundary=MIME_boundary; type=application/soap+xml;start="<claim@insurance.com>" --MIME_boundary Content-Type: application/soap+xml; charset=UTF-8 Content-Transfer-Encoding: 8bit Content-ID: <claim@insurance.com> <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope"> <soap:Body> <submitClaim> <accountNumber>5XJ45-3B2</accountNumber> <eventType>accident</eventType> <image href="cid:image@insurance.com"/> </submitClaim> </soap:Body> </soap:Envelope> --MIME_boundary Content-Type: image/jpeg Content-Transfer-Encoding: binary Content-ID: <image@insurance.com> ...binary JPG image... --MIME_boundary--

MTOM A W3C Message Transmission Optimization Mechanism A method of efficiently sending binary data to and from Web Service Uses XOP to transmit binary data Allows more efficient sending of binary data in SOAP Request or Response

REST Stands for Representational State Transfer Style of software architecture for distributed hypermedia systems Systems in which text, graphics, audio, and other media are stored across a network and interconnected through hyperlinks

The REST Approach Resource Anything that has a URI Resource itself remains on the service machine Requestor receives a representation of the resource

Resource in REST Resource: GetStockPrice Restful Client HTTP Requests GET: Read POST: Create PUT: Update DELETE: Delete HTTP Responses MIME-TYPED Responses of Resource HTTP Verb Meaning in CRUD Terms POST Create a new resource from request data GET Read a resource PUT Update a resource DELETE Delete a resource

HTTP Verb and Opaque Names A URI is meant to be opaque A URI has no intrinsic hierarchical structure A URI is a logical proper name that denotes exactly one resource URIs act as identifying nouns and HTTP methods act as verbs that specify operations on resources HTTP verb/URI Intended CRUD Meaning POST emps Create a new employee from the request data GET emps Read a list of all employees Get emps?id=27 Read a singleton list of employee 27

REST Implementation @WebService Message exchanged between service & clients will be SOAP @WebServiceProvider Exchanged messages will be XML documents of some type

Resource Oriented Architectures Guidelines for implementation of a REST based architecture Based upon the concept of a resource Each resource is a directly accessible distributed component that is handled using a standard

Resource Oriented Architecture Concepts Resources URIs Representation Links Properties Addressability Statelessness Connectedness A uniform interface

ROA Concepts Resource Anything that’s important enough to be referenced as a thing itself Resource name Unique identification of the resource Resource representation Useful information about the current state of a resource Resource link Link to another representation of the same or another resource Resource interface Uniform interface for accessing the resource and manipulating its state

ROA vs SOA Advantage of SOAP-based SOA More mature tool support Includes type safety of XML Requests Advantages of ROA Ease of Implementation Agility in Design Lightweight Requests Easier Response parsing

Provider and Dispatcher Provider implements the method public Source invoke(Source request) Dispatch Dynamic Service Proxy Process The client invokes the Dispatch method invoke, with an XML document as the Source argument. If the request does not require an XML document, then the Source argument can be null. The service-side runtime dispatches the client request to the Provider method invoke whose Source argument corresponds to the client-side Source. The service transforms the Source into some appropriate Result (for instance, a DOM tree), processes this Result in an application-appropriate way, and returns an XML source to the client. If no response is needed, null can be returned. The Dispatch method invoke returns a Source, sent from the service, that the client then transforms into an appropriate Result and processes as needed

Example – Provider & Dispatcher

Day 3 Web Services Security HTTPS Authentication Authorization UDDI

What is Security ? Access control Identity management—Who are your users? Authentication—verifying user identity Authorization—what a user can do Auditing—keep track of what a user does Secure communication Keeping the conversation between two parties private

Web Service Security Wire-Level Security Transport-Level Data Encryption Message Integrity Authentication and Authorization WS-Security Collection of Protocols that enforce different levels of security on SOAP messages

Wire-Level Security HMAC (Hash Message Authentication Code) Generate Input String Compute Hash/Message Digest Add Digest to Request in Authorization header Future requests validate this digest

Security Terminology Principal An entity capable of being authenticated Credentials Piece of knowledge that provides access Something you know/have Subject The entities that can perform action in the system KeyStore Collection of keys & Certificates

HTTPS Peer Authentication (Mutual Challenge) Confidentiality Integrity eavesDropper Sender Receiver

Symmetric Encryption/Decryption Encryption Engine Decryption Engine Encryption Key Plain text (Unencrypted) Cipher bits (Encrypted) Decryption Key Original Plain bits Encryption Engine Decryption Engine Single Key Plain text (Unencrypted) Cipher bits (Encrypted) Original Plain bits

Asymmetric Encryption/Decryption Encryption Engine Decryption Engine Key Pair Plain text (Unencrypted) Cipher bits (Encrypted) Original Plain bits Public Key Private Key

HTTPS Support Integrity Uses Message Digest Peer Authentication & Confidentiality Digital Certificates Key Exchange (Symmetric) PKI (Assymetric)

Example – Application Authentication

SOAP vs Distributed Objects Distributed Objects Programmer defined types loaded remotely Client and Server communicate through binary streams rather than text Structure of binary streams is specific to Java SOAP Client and Server exchange XML Text can be inspected, validated, transformed, persisted, etc. Client and Server need not be coded in the same language

What is UDDI Universal Description, Discovery, and Integration A project to encourage interoperability and adoption of web services Standards-based specifications for service description and discovery A set of internet-based implementations UDDI business registry Interoperating to share registrations Partnership among industry and business leaders Initiated by Ariba, IBM, and Microsoft Now over 300 UDDI community members

White Pages Information about a business: Business name Text description(s) List of multi-language text strings Contact info Names, addresses, phone numbers, fax numbers, web sites… Identifiers List of identifiers that a business may be known by DUNS, Thomas Register, etc.

Yellow Pages Business categories 3 standard taxonomies in V1 Industry: NAICS (industry codes—US govt.) Product/services: UN/SPSC (ECMA) Location: Geographical taxonomy (ISO 3166) Implemented as name-value pairs Allows any valid taxonomy data to be attached to the business white page

Green pages Specify how to bind to a service provider Technical info about how to invoke a businesses services References to specifications for web services Support for pointers to various file and URL-based discovery mechanisms if required Nested model Business processes Service descriptions Binding information Programming/platform/implementation agnostic

How UDDI v1 works SW companies, standards bodies, and programmers populate the registry with descriptions of different types of services 1 . UDDI Business Registry Segrvice Type Reistrations Business Registrations Businesses populate the registry with descriptions of the services they support 2 . 3 . UBR assigns a programmatically unique identifier to each service and business registration Marketplaces, search engines, and business apps query the registry to discover services at other companies 4 . Business uses this data to facilitate easier integration with each other over the Web 5 .

tModels TModels Categories & Identifiers Categorization and Identification taxonomies are TModels Categories and Identifiers are TModel Instances Keyed Referenced Name + Value + TModel WSDL Port Types WSDL Port Types are TModels WSDL Services that are bound to a Port Type are TModel Instances

Registry APIs (SOAP Messages) Inquiry API Find things find_business find_service find_binding find_tModel Get Details about things get_businessDetail get_serviceDetail get_bindingDetail get_tModelDetail Publishers API Save things save_business save_service save_binding save_tModel Delete things delete_business delete_service delete_binding delete_tModel security… get_authToken discard_authToken

Application Development Scenarios Green Field —Create a new Web Service and new interface Top Down —Create new Web Service implementing existing interface Bottom Up —Create a new interface for an existing application Meet in the Middle —Map an existing application to an existing interface

Summary Web services is a standards-based way to make applications discoverable and usable on the Internet (intranet) The industry is focusing on UDDI, SOAP, and WSDL as the foundations of the Web services approach Web services are gateways into enterprise applications

Summary Midas Touch—allows re-use and leveraging of existing Java and non Java platform-based assets… making more gold Great Communicator—the canonical form for integration inside and outside the enterprise First Step—on the road to dynamic e-business

Web Services

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Web Services (20)

Web Services

Editor's Notes