Enterprise Java v021012Web Services1 Web Services and SOAP.
Post on 30-Dec-2015
218 Views
Preview:
Transcript
v021012 Web Services 1
EnterpriseJava
Web Services and SOAP
v021012 Web Services 2
EnterpriseJava
Topics
• SOAP Overview
• Web Services– Deploying Web Services
– Describing Web Services
– Registering Web Services
• Security
• Web Services and J2EE
v021012 Web Services 3
EnterpriseJava
SOAP Overview
• Simple Object Access Protocol (SOAP)
• Interoperable XML-based communication mechanism for distributed computing
• Many vendor and language implementations available
• Web Services are built using SOAP as a communication mechanism
• W3C working on SOAP 1.2
• Alternatives– RMI – Java-centric
– CORBA - Complicated
v021012 Web Services 4
EnterpriseJava
SOAP Goals
• Interoperability
• Simple and lightweight
• Not considered:– distributed garbage collection
– batching of messages
– objects-by-reference (which requires distributed garbage collection)
– activation (which requires objects-by-reference)
v021012 Web Services 5
EnterpriseJava
The Big Picture
Business Logic(EJB, COM, Java)
DataSources
WebTier
SOAPService
Client
Browser
SOAPClient
Java/RMI/IIOP/COM
HTTP/S
HTTP/S
SOAP
v021012 Web Services 6
EnterpriseJava
Web Service Protocol Stack
SOAP
HTTP Jabber JMS SMTP ….
Web Service Description
Web Service Discovery
Transport
Workflow/Business Processes
v021012 Web Services 7
EnterpriseJava
SOAP Components
• Envelope– Describes message, processing requirements, and message
contents. Routing, delivery, etc.
– Encapsulates data being transferred
• Encoding Mechanism– Standard representation for application data types
• RPC Conventions– Mechanism to issue remote procedure calls and receive a response
v021012 Web Services 8
EnterpriseJavaExample SOAP Request
POST /StockQuote HTTP/1.1Host: www.stockquoteserver.comContent-Type: text/xml; charset="utf-8"Content-Length: nnnnSOAPAction: "Some-URI"
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <m:GetLastTradePrice xmlns:m=“urn:DB3Service"> <symbol>DIS</symbol> </m:GetLastTradePrice> </SOAP-ENV:Body></SOAP-ENV:Envelope>
v021012 Web Services 9
EnterpriseJavaExample SOAP Response
HTTP/1.1 200 OKContent-Type: text/xml; charset="utf-8"Content-Length: nnnn
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> <SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m=“urn:DB3Service"> <Price>34.5</Price> </m:GetLastTradePriceResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>
v021012 Web Services 10
EnterpriseJava
Message Exchange Model
• Spec-wise – a one-way transmission between a sender and a receiver
• Frequently, used in a request/response pattern– RPC
– Document transmission
v021012 Web Services 11
EnterpriseJava
SOAP Message
From O’Reilly’s ‘Web Service Essentials’
Mandatory
Content intendedFor receiver
Optional
v021012 Web Services 12
EnterpriseJava
Envelope
• ‘Wrapper’ around the entire message
• Namespace for envelope, header, and body
<SOAP-ENV:Envelopexmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/
• Can contain an optional header
• Contains exactly one body element
v021012 Web Services 13
EnterpriseJava
Header
• Contains header blocks– Contextual information (like IIOP Context)
– Authentication credentials
– Transaction ids
• At most, one header element can be present. If present, must be first element in the envelope
v021012 Web Services 14
EnterpriseJava
Header Attributes
• mustUnderstand– Attribute on a header element
– Recipient must understand the header element or must reject the message
<s:header><m:transaction xmlns:m=“soap-transaction” s:mustUnderstand=“true” <transactionId>505</transactionId></m:transaction></s:header>
v021012 Web Services 15
EnterpriseJava
Body
• Contains the actual message being transmitted between sender and receiver
• Can contain any valid, well-formed XML
• Can not contain processing instructions or DTD references
<SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m=“urn:DB3Service"> <Price xsi:type=“xsd:float”>34.5</Price> </m:GetLastTradePriceResponse></SOAP-ENV:Body>
v021012 Web Services 16
EnterpriseJava
When things go wrong
• FaultElement is returned in the Body
<SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode xsi:type="xsd:string">SOAP-ENV:Client</faultcode> <faultstring xsi:type="xsd:string">The client has sent an invalid request</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body>
v021012 Web Services 17
EnterpriseJava
Pre-defined fault codes
• SOAP-ENV:VersionMismatch– Invalid namespace in SOAP envelope
• SOAP-ENV:MustUnderstand– Could not process a header attribute with ‘mustUnderstand’ set to true
• SOAP-ENV:Client– Error in client request e.g. bad parameters, bad method name
• SOAP-ENV:Server– Server can not process request
v021012 Web Services 18
EnterpriseJava
Message Encoding
• Specified rules for encoding application data types– Uses XMLSchema
– Defines arrays and references
• Optional
• SOAP-ENV:encodingStyle attribute– 1.1=http://schemas.xmlsoap.org/soap/encoding/
– 1.2=http://www.w3.org/2001/09/soap-encoding
<ns1:getPriceResponse xmlns:ns1="urn:DB3Service" SOAP-ENV:encodingStyle="http://www.w3.org/2001/09/soap-encoding"> <value xsi:type="xsd:double">2.71828</value> </ns1:getPriceResponse>
v021012 Web Services 19
EnterpriseJava
How are types specified?
• Apache SOAP adds an explicit xsi:type attribute for each element
• .NET omits xsl:type – assumes external schema definition
• See upcoming interoperability slides
v021012 Web Services 20
EnterpriseJava
Some basic xml schema types
• string– Some string data
• binary– 1000101110
• short– -7, 135
• date– 2002-03-22
• Boolean– 1,0,true,false
v021012 Web Services 21
EnterpriseJava
Compound Types
• Arrays
• Structs
• Binary data should be transmitted as xsi:type=“SOAP-ENC:base64”
v021012 Web Services 22
EnterpriseJava
Array Example
<?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2001/09/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <ns1:getAuthorsResponse xmlns:ns1="urn:DB2Service" SOAP-ENV:encodingStyle="http://www.w3.org/2001/09/soap-encoding"> <return xmlns:ns2="http://www.w3.org/2001/09/soap-encoding" xsi:type="ns2:Array" ns2:arrayType="xsd:string[2]"> <author xsi:type="xsd:string">Author 37</author> <author xsi:type="xsd:string">Author 99</author> </return> </ns1:getAuthorsResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
v021012 Web Services 23
EnterpriseJava
Custom encoding rules
• Embed an entire document in the body
<ns1:getReportResponse xmlns:ns1="urn:DB3Service" SOAP-ENV:encodingStyle= "http://xml.apache.org/xml-soap/literalxml"> <return> <report serial=“1945"> <name>ReportName</name> <analyst>Dan</analyst> </report> </return></ns1:getReportResponse>
v021012 Web Services 24
EnterpriseJava
Security
• Still evolving• Confidentially
– Can use transport mechanism (HTTPS)– XML Encryption standard for document contents
• Authentication– SSL Certificate– Digitally Sign SOAP message
• Authorization– Secure Authorization Markup Language (SAML)– http://www.oasis-open.org/committees/security/
v021012 Web Services 25
EnterpriseJava
CertificateAuthority
SecurityServer
WebService
CorporateAuthorization
ServiceCertificateAuthentication
2. Retrieve user’s access permissions
1. Authenticate (SOAP/HTTPS)
Application(Any Technology)
3. Signed security assertions (SOAP/HTTPS)
4. Invoke (SOAP/HTTPS)(Passes Assertions)
5. Business operation
v021012 Web Services 26
EnterpriseJava
Security (Cont)
• Firewall filtering options– MIME type of text/xml-soap
– SOAP-Action
– Force M-POST requests• 510 Not Extended HTTP status code from server
– SOAPMethodName
v021012 Web Services 27
EnterpriseJava
SOAP Implementations
• Apache SOAP– Basic SOAP implementation
– See xml.apache.org/soap/
• Apache AXIS– Next generation SOAP implementation
– See xml.apache.org/axis/
• SOAP::Lite– Perl implementation. See www.cpan.org
• .NET– See msdn.microsoft.com (.NET SDK)
– Web services deployed to IIS
v021012 Web Services 28
EnterpriseJava
Interoperability
• Minor issues exist between these implementations– .NET requires parameters to be named and typed
– Issue for default SOAP::Lite (PERL) behavior
– Different ideas of the SOAPAction Header
• Not perfect but can be made to inter-operate
• Interoperability labs and info– http://www.xmethods.net/ilab/
– http://www.mssoapinterop.org/
v021012 Web Services 29
EnterpriseJava
Apache AXIS
• Java-centric SOAP implementation
• Runs as a J2EE web application– Receives SOAP request
– Deserializes call parameters
– Invokes method on your java class
v021012 Web Services 30
EnterpriseJava
Web Server
SOAP Proxy (AXIS)
Client
Java Class File(Web Service)
1. SOAP/HTTP
2. Forwards to Proxy
3. De-serializes SOAPMessage to Java object(s)Calls Java class
4. Invoke registered service
5. Performservice
6. response
7. Serializes java objectsTo SOAP encoding
8. SOAP
9. SOAP/HTTP
v021012 Web Services 31
EnterpriseJava
AXIS Installation
• Copy webapps\axis directory to Servlet container’s webapps directory
• Copy xerces.jar (or JAXP jar files) to axis\lib directory
• Copy your web service class files to the WEB-INF\classes subdirectory (.jar files can go into WEB-INF\lib
v021012 Web Services 32
EnterpriseJava
Basic Deployment
• Simple– cp someclass.java webapps\axis\someclass.jws
• Better– Write a Web Services Deployment Descriptor(WSDD)
v021012 Web Services 33
EnterpriseJava
Hello Service
package corej2ee.exercise.webservice;
public class HelloService {
public String getHelloMessage() {
return "Web Service Hello";
}
}
• cp HelloService.java $TOMCAT_HOME/webapps/axis/HelloService.jws
v021012 Web Services 34
EnterpriseJava
v021012 Web Services 35
EnterpriseJava
Client Applicationpackage corej2ee.exercise.webservice;
import org.apache.axis.client.Call;
import org.apache.axis.client.Service;
import javax.xml.rpc.namespace.QName;
public class TestHelloService {
public static void main(String [] args) {
try {
String endpoint="http://localhost:9090/axis/HelloService.jws";
String method="getHelloMessage";
Service service = new Service();
Call call = (Call) service.createCall();
v021012 Web Services 36
EnterpriseJava
Client Application
call.setTargetEndpointAddress( new java.net.URL(endpoint) );
call.setOperationName( method );
call.setReturnType( org.apache.axis.encoding.XMLType.XSD_STRING );
String ret = (String) call.invoke(new Object[0]);
System.out.println("Got " + ret);
}
catch (Exception e) {
System.err.println(e.toString());
}
}
}
v021012 Web Services 37
EnterpriseJava
Production Deployment
• Deployment descriptor
• Can specify other services that run when service is invoked
<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <service name=“HelloService" provider="java:RPC"> <parameter name="className" value=“corej2ee.exercise.webservice.HelloService"/> <parameter name="allowedMethods" value="*"/> </service></deployment>
v021012 Web Services 38
EnterpriseJava
Deployment (Cont)
• java org.apache.axis.client.AdminClient deploy.wsdd
-lurl sets the AxisServlet URL -hhostName sets the AxisServlet host -pportNumber sets the AxisServlet port -sservletPath sets the path to the AxisServlet -ffileName specifies that a simple file protocol should be used -uusername sets the username -ppassword sets the password -d sets the debug flag (for instance, -ddd would set it to 3) -tname sets the transport chain touse list will list the currently deployed services quit will quit (???) passwd value changes the admin password xmlConfigFile deploys or undeploys Axis components and web services
If -l or -h -p -s are not set, the AdminClient will invoke http://localhost:8080/axis/servlet/AxisServlet
v021012 Web Services 39
EnterpriseJava
Serializing Java Objects
• AXIS can automatically serialize simple Java object types to/from the standard SOAP encoding
• Complex objects require developer input– BeanSerializer
– Custom Serializers
v021012 Web Services 40
EnterpriseJava
BeanSerializer
• When complex objects are passed, AXIS must be told how to convert the object to/from XML
• If object is a Java Bean, the BeanSerializer class can be used– Have to specify mapping in deployment descriptor and the client
v021012 Web Services 41
EnterpriseJava
SerializersIn deployment descriptor:
<beanMapping qname="myNS:HelloStruct" xmlns:myNS="urn:HelloService" languageSpecificType=“model.HelloMessage"/>
In client program:
call.registerTypeMapping(HelloMessage.class, qn, new org.apache.axis.encoding.ser.BeanSerializerFactory(HelloMessage.class, qn), new org.apache.axis.encoding.ser.BeanDeserializerFactory(HelloMessage.class, qn));
• Uses reflection to invoke all get() methods and serialize
• Can write your own serializers and register them– non Java Bean classes
– efficiency
v021012 Web Services 42
EnterpriseJava
Describing Web Services
• Web Services Description Language (WSDL)– Grammar for defining web services
– Describes service• Input/output
• Message encoding
• Transport required
• Address information
– Initially developed by IBM, Ariba, Microsoft
• Given a WSDL description, automated tools can generate stubs to call the service
v021012 Web Services 43
EnterpriseJava
<?xml version="1.0" encoding="UTF-8"?>
<wsdl:definitions targetNamespace=http://localhost:9090/axis/HelloService.jws
xmlns="http://schemas.xmlsoap.org/wsdl/"
xmlns:SOAP-ENC=http://schemas.xmlsoap.org/soap/encoding/
xmlns:impl="http://localhost:9090/axis/HelloService.jws-impl"
xmlns:intf=http://localhost:9090/axis/HelloService.jws
xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"
xmlns:wsdlsoap=http://schemas.xmlsoap.org/wsdl/soap/
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<wsdl:message name="getHelloMessageResponse">
<wsdl:part name="return" type="xsd:string"/>
</wsdl:message>
<wsdl:message name="getHelloMessageRequest">
</wsdl:message>
v021012 Web Services 44
EnterpriseJava
<wsdl:portType name="HelloService">
<wsdl:operation name="getHelloMessage">
<wsdl:input message="intf:getHelloMessageRequest"/>
<wsdl:output message="intf:getHelloMessageResponse"/>
</wsdl:operation>
</wsdl:portType>
v021012 Web Services 45
EnterpriseJava
<wsdl:binding name="HelloServiceSoapBinding" type="intf:HelloService">
<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="getHelloMessage">
<wsdlsoap:operation soapAction=""/>
<wsdl:input>
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://localhost:9090/axis/HelloService.jws" use="encoded"/>
</wsdl:input>
<wsdl:output>
<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://localhost:9090/axis/HelloService.jws" use="encoded"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
v021012 Web Services 46
EnterpriseJava
<wsdl:service name="HelloServiceService">
<wsdl:port binding="intf:HelloServiceSoapBinding" name="HelloService">
<wsdlsoap:address location="http://localhost:9090/axis/HelloService.jws"/>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
v021012 Web Services 47
EnterpriseJava
Auto-Generated client stubs
• Invoke– java org.apache.axis.wsdl.WSDL2Java (WSDL-file-URL)
– http://localhost:9090/axis/HelloService.jws?WSDL
• Generated04/07/2002 03:29 PM 285 HelloService.java
04/07/2002 03:29 PM 482 HelloServiceService.java
04/07/2002 03:29 PM 1,262 HelloServiceServiceLocator.java
04/07/2002 03:29 PM 4,580 HelloServiceSoapBindingStub.java
• Follows JAX-RPC spec for generated client bindings
v021012 Web Services 48
EnterpriseJava
Client Programpackage corej2ee.exercise.webservice;
public class WSDLHelloClient {
public static void main(String[] args) {
localhost.HelloServiceServiceLocator service = new localhost.HelloServiceServiceLocator();
// Get the stub
localhost.HelloService port=null;
try {
port = service.getHelloService();
}
catch(javax.xml.rpc.ServiceException se2) {
se2.printStackTrace(); System.exit(-2);
}
v021012 Web Services 49
EnterpriseJava // Make the actual call
String msg="Nothing";
try {
msg=port.getHelloMessage();
}
catch(java.rmi.RemoteException re) {
re.printStackTrace();
System.exit(-3);
}
System.out.println("Client got: " + msg);
}
}
v021012 Web Services 50
EnterpriseJava
Discovering Web Services
• Universal Description, Discovery, and Integration (UDDI)– Lists description of a business and services offered
– Can federate registries
– Find service in registry, automatically create proxies, and invoke
• Web Services Inspection Language (WSIL)– IBM and Microsoft proposal
– Simpler. More of a white pages paradigm
v021012 Web Services 51
EnterpriseJava
UDDI (Cont)
• Software packages– UDDI4j
• http://oss.software.ibm.com/developerworks/projects/uddi4j
• Register and find businesses
– IBM Web Services Toolkit• Locate services in UDDI and invoke service with a generated WSDL-
based proxy
– Web Services Invocation Framework (WSIF)• Given WSDL, call SOAP service
• www.alphaworks.ibm.com/tech/wsif
v021012 Web Services 52
EnterpriseJava
Composable Web Services
• Possible to graphically compose web services into a distributed workflow
• Area of current research
v021012 Web Services 53
EnterpriseJava
System OneSOAP Adapter
System TwoSOAP Adapter
Data MiningSOAP Adapter
UDDIRegistry
UDDIRegistry
ProprietaryTechnology
EJB-BasedSystem
.NET-BasedSystem
Create Business ProcessFind and Invoke System1 queryFind and Invoke System2 queryPass results to Data Mining system
On errorInvoke monitor process with fault code
v021012 Web Services 54
EnterpriseJava
Web Services and J2EE
v021012 Web Services 55
EnterpriseJava
J2EE 1.4 and Web Services
• JSR-109 Web Services for J2EE– http://jcp.org/jsr/detail/109.jsp– Client and Server requirements next 2 slides– Registries
• JAXR registry provider and implementation must be provided by app server
v021012 Web Services 56
EnterpriseJava
J2EE 1.4 Web Service Clients
• Clients– JAX-RPC
• Web service calls using SOAP/HTTP
• Mapping between java objects and XML
– SOAP with Attachments for Java (SAAJ)• Low-level SOAP message manipulation
– JAXR• Client access to registries
v021012 Web Services 57
EnterpriseJava
J2EE and Web Services (Cont)
• Server– Deploy Stateless Session Beans as web service endpoints
– Additional deployment descriptors• WSDL generated that defines web service the EJB implements
– Container generates JAX-RPC runtime to:• Process SOAP request
• Invoke exposed session bean method
• Return results (if any)
v021012 Web Services 58
EnterpriseJava
Security Requirements
• Web Client authentication– BASIC authentication
• Passwords sent base64 encoded
– HTTPS Client authentication
– Form-based authentication
• Server maintains login context and acts as proxy for client requests
v021012 Web Services 59
EnterpriseJava
Summary
• SOAP is a very effective, interoperable protocol– Have to be careful with performance, though
• WSDL is used to describe web services
• UDDI serves as a registry for SOAP services
• Security approach is still immature
• Workflow of web services immature with competing approaches
v021012 Web Services 60
EnterpriseJava
References
• SOAP 1.2 Proposal– http://www.w3.org/TR/2001/WD-soap12-part1-20011217/
• Programming Web Services With Soap, James Snell. O’Reilly
• Web Service Essentials, Ethan Cerami, O’Reilly
v021012 Web Services 61
EnterpriseJava
Resources
• SOAP 1.1 Specification– http://www.w3.org/TR/SOAP/
• SOAP 1.2 – http://www.w3.org/TR/2001/WD-soap12-part1-20011217/
• Apache AXIS– http://xml.apache.org/axis/index.html
• IBM Web Services Toolkit– http://alphaworks.ibm.com/tech/webservicestoolkit
• XML Schema Primer– http://www.w3.org/2001/09/soap-encoding
v021012 Web Services 62
EnterpriseJava
Resources (Cont)
• UDDI – http://www.uddi.org
• Oasis (SAML, other XML initiatives)– www.oasis-open.org
• W3C WSDL– http://www.w3.org/TR/wsdl/
top related