1 Metro & REST: Everyday Web Services Harold Carr Carol McDonald 1
1
Metro & REST:Everyday Web Services
Harold CarrCarol McDonald
1
2
Metrothe Web services Stack
in GlassFish
Harold CarrLead architect, Project MetroSun Microsystems, Inc.http://weblogs.java.net/blog/haroldcarr/
2
Metro: The Web services stack in GlassFish 3
Agenda
• What is Metro ?• Features• Community• Roadmap• Reference
Metro: The Web services stack in GlassFish 4
Agenda
• What is Metro ?• Features• Community• Roadmap• Reference
Metro: The Web services stack in GlassFish 5
What is Metro ?
• Web Services stack from GlassFish community• Metro = JAX-WS “RI” + WSIT/Tango• JAX-WS RI - Core Web services support> Extensible / pluggable architecture
• WSIT/Tango – supports> Interoperability with .NET 3.0> Security, Reliability, Transactions
• High-performance• Production-quality
Metro: The Web services stack in GlassFish 6
The Metro Stack
JAX-WS Tooling, NetBeans & Studio Support Software
TransactionsAtomic-
TransactionsCoordination
ReliabilityReliable-
Messaging
SecuritySecure Conv.
TrustXWSS
MetadataWSDLMEXPolicy
SOAP Based Messaging (WSA, MTOM)
HTTP TCP SMTP
JAXB Based XML Data Binding (XSD, XPATH)
Metro: The Web services stack in GlassFish 7
Agenda
• What is Metro ?• Features• Community• Roadmap• Reference
Metro: The Web services stack in GlassFish 8
Metro Features
• JAX-WS 2.1: Easy to use Web services API> Replaces JAX-RPC
• Embrace POJO concepts via annotations> Descriptor-free programming
• Encoding, Protocol and Transport Independence• Integrated data binding via Java API for XML
Binding (JAXB)> 100% XML Schema Support
Metro: The Web services stack in GlassFish 9
Client Proxy
WCF svcutilor JAX-WS wsimport
WCF orWSIT-based Service
Metro FeaturesBootstrapping Communication
Creates
WS-Transfer/MEX
WSDL
Metro: The Web services stack in GlassFish 10
Metro FeaturesProtocol-based Reliability
• Before RM> Reliable protocols based on TCP/IP> Point-to-point
• RM brings reliability to SOAP (protocol) layer• Recovery from lost or mis-ordered messages• Transparent to application• Enable use of multiple transports> Works on non TCP/IP transports
Metro: The Web services stack in GlassFish 11
RM Dest
Service
ApplicationRM Source
Client
Application
Reliable Messaging Operation
Client data CreateSequenceSeqId
Client data + SeqId + Msg IdSrv data + SeqAck
Client data Client data + SeqId + Msg IdSrv data + SeqAck
Client dataSrv dataSrv data
Client data + SeqId + Msg IdSrv data + SeqAck
close LastMsg + SeqId + Msg IdSeqAck
Terminate + SeqIdHTTP 202
Client dataSrv data
Client dataSrv data
Metro: The Web services stack in GlassFish 12
Metro FeaturesTransactional Web services
• Same as EJB RMI-IIOP Transactions• All operations in TX boundary succeed or rollback• Now available with web services
Metro: The Web services stack in GlassFish 13
Metro FeaturesEnd-to-End Security
Before WS-Security
WS-Security● Security at SOAP (protocol) layer● Fine granularity possible
● Only sign/encrypt credit card # (e.g., XML subtree)
● Works on non-TCP/IP transports● Integrity, Confidentiality, Auth● W3C XML Signature/Encryption
● SSL/HTTPS● Security at transport layer● All or nothing granularity● Point-to-point
SSL
XWSS XW
SS
Metro: The Web services stack in GlassFish 14
Trust (getting security tokens)
.NET 3.0or
JavaEE
STS (e.g., Access Manager)3. Request to
ken
1. wsimport (MEX or ?wsdl)
.NET 3.0or
Java
2. WSDL + Policy with STS address
4. token
5. client msg signed/encrypted with token
6. server response signed/encrypted with token
Metro: The Web services stack in GlassFish 15
Secure Conversation (optimization)
.NET 3.0or
JavaEE
STS (e.g., Access Manager)2. token A for msg 1
1. get WSDL
.NET 3.0or
Java
4. token B for msg 2
3. msg 1 signed/encrypted with token A
5. msg 2 signed/encrypted with token B
WITHOUT Secure Conversation: Get key from STS for each msg
Metro: The Web services stack in GlassFish 16
Secure Conversation (optimization)
.NET 3.0or
JavaEE
STS (e.g., Access Manager)2. token A for msg 1
1. get WSDL
.NET 3.0or
Java
3. msg 1 signed/encrypted with token A
4. msg 2 signed/encrypted with derived key
WITH Secure Conversation Derive keys from initial STS key
Metro: The Web services stack in GlassFish 17
Before Project Metro
Only WS-I BP 1.1 Interop
.NETTrustAuthority
Trust
Authority
Sun Managed
Microsoft Managed
Project GlassFish™
Retail Quote ServiceBP 1.1
Project GlassFishWholesale
Quote Service
.Net WholesaleService
BP 1.1
Java EE Platform
WCFClient
JavaClient
Metro: The Web services stack in GlassFish 18
.NETTrustAuthority
Trust
Authority
Sun Managed
Microsoft Managed
Project GlassFish™
Retail Quote Service
Project GlassFishWholesale
Quote Service
.Net WholesaleService
Java EE Platform
With Project Metro
WCFClient
JavaClient
TrustWS-Trust
QOS SecurityInterop.
STSSTS
WS-T
Metro: The Web services stack in GlassFish 19
Server-side Programming Model
WSIT NetBeansModule
By Hand
Other IDEs
109 DeploymentMETA-INF/wsit-*.xml
Service ServletDeployment
WEB-INF/wsit-*.xml
WSIT Config Filewsit-*.xml
Metro: The Web services stack in GlassFish 20
Demo
Ease-of-use with NetBeans 6 IDE
http://blogs.sun.com/arungupta/entry/screncast_ws7_secure_and_reliable
Metro: The Web services stack in GlassFish 21
Metro Runtime & Tools
• Containers (runtime)> Integrated in GlassFish V2 and V3> Light-weight HTTP server (Java SE 6)> JBoss WS 2.1.0, BEA WLS 10, IBM JDK Version 6,
TmaxSoft JEUS, Tomcat, Jetty> Any Servlet-2.4 container
• Development Tools> Command-line: wsimport, wsgen> NetBeans IDE> Maven plugins> Eclipse (SOAP UI plugin)
Metro: The Web services stack in GlassFish 22
Metro Interoperability
• Standards Compliant> JAX-WS 2.1 & JAXB 2.1> W3C SOAP 1.1/1.2, WSDL 1.1, WS-Addressing, MTOM> WS-I Basic Profile 1.x, SSBP 1.0, AP 1.0, BSP 1.0
• .NET 3.0 interoperable> WS-* specs used by .NET 3.0
– Reliable Messaging, Secure Conversation, Trust, Security, SecurityPolicy, MetadataExchange, Atomic Transaction, Coordination, Policy, Addressing
> Secure, Reliable, Transactional
Metro: The Web services stack in GlassFish 23
Metro Interoperability
Client
Endpoint
Client
Endpoint
Metro .NET 3.0
Metro: The Web services stack in GlassFish 24
Demo Scenario: Health Care System
WCF-basedAccounting
Client
WSIT-basedMRI, X-Ray
Client
WCF-basedMedical Care
Client
Image Storage Record Storage
Access Manager(Security
Token Service)
.NET-basedMedical Care
Client
Metro-basedRecord Service
.NET-basedImage Service
Metro-basedMRI, X-Ray
Client
Image Storage
Metro-basedBilling Service
.NET-basedAccounting
Client
Record Storage
Metro: The Web services stack in GlassFish 25
Demo Scenario: Health Care System
WCF-basedAccounting
Client
WSIT-basedMRI, X-Ray
Client
WCF-basedMedical Care
Client
Image Storage Record Storage
Access Manager(Security
Token Service)
.NET-basedMedical Care
Client
Metro-basedRecord Service
.NET-basedImage Service
Metro-basedMRI, X-Ray
Client
Image Storage
Metro-basedBilling Service
Excel 2007Accounting
Client
Java DB
Metro: The Web services stack in GlassFish 26
Demo
Excel to Sun Storage using Metro
http://blogs.sun.com/arungupta/entry/excel_using_wsit_javaone_2007
http://blogs.sun.com/arungupta/entry/excel_using_wsit_metro_and
Metro: The Web services stack in GlassFish 27
Performance
• Compare: > JAX-WS 2.1 RI> Axis2 1.1.1
• JAX-WS RI is > 30% - 100% faster> Depending on data sizes
• Details> http://weblogs.java.net/blog/kohsuke/archive/2007/02/jaxws_ri_21_ben.html
Metro: The Web services stack in GlassFish 28
Performance
Metro: The Web services stack in GlassFish 29
Agenda
• What is Metro ?• Features• Community• Roadmap• Reference
Metro: The Web services stack in GlassFish 30
Community
• Visible development at java.net> metro, jax-ws, wsit, jax-ws-commons> Continuous testing using Hudson
• Fully Open-source> CDDL and GPL v2 license> Source code, Emails, Forums
• Light-weight committer process > to encourage external contributions
• Features driven by users and community> Spring, SMTP, JSON, Stateful Web service, etc.
Metro: The Web services stack in GlassFish 31
Adoption
• BEA Web Logic Server 10• JBoss WS 2.1.0• IBM JDK Version 6• Salesforce.com for APEX 8.0 toolkit• Many others ...> TmaxSoft, Worldspan, MailVision Ltd., MyUniPortal,
Nortrop Grumman Corporation, Cordys, SLIB, Expeditors International, Cast Iron Systems, Covergence, National Science Foundation, etc.
Metro: The Web services stack in GlassFish 32
Agenda
• What is Metro ?• Features• Community• Roadmap• Reference
Metro: The Web services stack in GlassFish 33
Roadmap
• Metro 1.0> Released with GlassFish V2> Standalone download bundle
• Future plans> Better REST support through JAX-RS (JSR 311)> JMX agent for server (metrics, health of the system etc)> XMPP Transport> Very large attachment support> Align with .NET 3.5
– Update to standard version of WS-* specs
Metro: The Web services stack in GlassFish 34
Agenda
• What is Metro ?• Features• Community• Roadmap• Reference
Metro: The Web services stack in GlassFish 35
Reference & Questions
• Metro> metro.dev.java.net> [email protected]> https://forums.java.net/jive/forum.jspa?forumID=46> http://feeds.feedburner.com/MetroBlogs
• GlassFish (glassfish.java.net)• TheAquarium (blogs.sun.com/theaquarium)
Metro: The Web services stack in GlassFish 36
Extra Slides
Metro: The Web services stack in GlassFish 37
Metro Overview
Security
Metro – GlassFish Web Services Stackmetro.dev.java.net
JAXB JAXP SAAJ
TransactionsReliability
Commons
SOAP
XML Processing
Web Services Core
SMTP
Spring
JSON
HTTP
. . .
. . .
Metro: The Web services stack in GlassFish 38
Metro FeaturesComposite Service (Brokered Trust)
TrustAuthority
ServiceProvider
Managed Environment
Unmanaged Environment
ServiceConsumer
TrustAuthority
ServiceProvider
ServiceProvider
Trust