Enterprise Java v021012Web Services1 Web Services and SOAP

v021012 Web Services 1

EnterpriseJava

Web Services and SOAP


EnterpriseJava

Topics

• SOAP Overview

• Web Services– Deploying Web Services

– Describing Web Services

– Registering Web Services

• Security

• Web Services and J2EE


EnterpriseJava

SOAP Overview

• Simple Object Access Protocol (SOAP)

• Interoperable XML-based communication mechanism for distributed computing

• Many vendor and language implementations available

• Web Services are built using SOAP as a communication mechanism

• W3C working on SOAP 1.2

• Alternatives– RMI – Java-centric

– CORBA - Complicated


EnterpriseJava

SOAP Goals

• Interoperability

• Simple and lightweight

• Not considered:– distributed garbage collection

– batching of messages

– objects-by-reference (which requires distributed garbage collection)

– activation (which requires objects-by-reference)


EnterpriseJava

The Big Picture

Business Logic(EJB, COM, Java)

DataSources

WebTier

SOAPService

Client

Browser

SOAPClient

Java/RMI/IIOP/COM

HTTP/S

HTTP/S

SOAP


EnterpriseJava

Web Service Protocol Stack

SOAP

HTTP Jabber JMS SMTP ….

Web Service Description

Web Service Discovery

Transport

Workflow/Business Processes


EnterpriseJava

SOAP Components

• Envelope– Describes message, processing requirements, and message

contents. Routing, delivery, etc.

– Encapsulates data being transferred

• Encoding Mechanism– Standard representation for application data types

• RPC Conventions– Mechanism to issue remote procedure calls and receive a response


EnterpriseJavaExample SOAP Request

POST /StockQuote HTTP/1.1Host: www.stockquoteserver.comContent-Type: text/xml; charset="utf-8"Content-Length: nnnnSOAPAction: "Some-URI"

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <m:GetLastTradePrice xmlns:m=“urn:DB3Service"> <symbol>DIS</symbol> </m:GetLastTradePrice> </SOAP-ENV:Body></SOAP-ENV:Envelope>


EnterpriseJavaExample SOAP Response

HTTP/1.1 200 OKContent-Type: text/xml; charset="utf-8"Content-Length: nnnn

<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> <SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m=“urn:DB3Service"> <Price>34.5</Price> </m:GetLastTradePriceResponse> </SOAP-ENV:Body></SOAP-ENV:Envelope>


EnterpriseJava

Message Exchange Model

• Spec-wise – a one-way transmission between a sender and a receiver

• Frequently, used in a request/response pattern– RPC

– Document transmission


EnterpriseJava

SOAP Message

From O’Reilly’s ‘Web Service Essentials’

Mandatory

Content intendedFor receiver

Optional


EnterpriseJava

Envelope

• ‘Wrapper’ around the entire message

• Namespace for envelope, header, and body

<SOAP-ENV:Envelopexmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/

• Can contain an optional header

• Contains exactly one body element


EnterpriseJava

Header

• Contains header blocks– Contextual information (like IIOP Context)

– Authentication credentials

– Transaction ids

• At most, one header element can be present. If present, must be first element in the envelope


EnterpriseJava

Header Attributes

• mustUnderstand– Attribute on a header element

– Recipient must understand the header element or must reject the message

<s:header><m:transaction xmlns:m=“soap-transaction” s:mustUnderstand=“true” <transactionId>505</transactionId></m:transaction></s:header>


EnterpriseJava

Body

• Contains the actual message being transmitted between sender and receiver

• Can contain any valid, well-formed XML

• Can not contain processing instructions or DTD references

<SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m=“urn:DB3Service"> <Price xsi:type=“xsd:float”>34.5</Price> </m:GetLastTradePriceResponse></SOAP-ENV:Body>


EnterpriseJava

When things go wrong

• FaultElement is returned in the Body

<SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode xsi:type="xsd:string">SOAP-ENV:Client</faultcode> <faultstring xsi:type="xsd:string">The client has sent an invalid request</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body>


EnterpriseJava

Pre-defined fault codes

• SOAP-ENV:VersionMismatch– Invalid namespace in SOAP envelope

• SOAP-ENV:MustUnderstand– Could not process a header attribute with ‘mustUnderstand’ set to true

• SOAP-ENV:Client– Error in client request e.g. bad parameters, bad method name

• SOAP-ENV:Server– Server can not process request


EnterpriseJava

Message Encoding

• Specified rules for encoding application data types– Uses XMLSchema

– Defines arrays and references

• Optional

• SOAP-ENV:encodingStyle attribute– 1.1=http://schemas.xmlsoap.org/soap/encoding/

– 1.2=http://www.w3.org/2001/09/soap-encoding

<ns1:getPriceResponse xmlns:ns1="urn:DB3Service" SOAP-ENV:encodingStyle="http://www.w3.org/2001/09/soap-encoding"> <value xsi:type="xsd:double">2.71828</value> </ns1:getPriceResponse>


EnterpriseJava

How are types specified?

• Apache SOAP adds an explicit xsi:type attribute for each element

• .NET omits xsl:type – assumes external schema definition

• See upcoming interoperability slides


EnterpriseJava

Some basic xml schema types

• string– Some string data

• binary– 1000101110

• short– -7, 135

• date– 2002-03-22

• Boolean– 1,0,true,false


EnterpriseJava

Compound Types

• Arrays

• Structs

• Binary data should be transmitted as xsi:type=“SOAP-ENC:base64”


EnterpriseJava

Array Example

<?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2001/09/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <ns1:getAuthorsResponse xmlns:ns1="urn:DB2Service" SOAP-ENV:encodingStyle="http://www.w3.org/2001/09/soap-encoding"> <return xmlns:ns2="http://www.w3.org/2001/09/soap-encoding" xsi:type="ns2:Array" ns2:arrayType="xsd:string[2]"> <author xsi:type="xsd:string">Author 37</author> <author xsi:type="xsd:string">Author 99</author> </return> </ns1:getAuthorsResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>


EnterpriseJava

Custom encoding rules

• Embed an entire document in the body

<ns1:getReportResponse xmlns:ns1="urn:DB3Service" SOAP-ENV:encodingStyle= "http://xml.apache.org/xml-soap/literalxml"> <return> <report serial=“1945"> <name>ReportName</name> <analyst>Dan</analyst> </report> </return></ns1:getReportResponse>


EnterpriseJava

Security

• Still evolving• Confidentially

– Can use transport mechanism (HTTPS)– XML Encryption standard for document contents

• Authentication– SSL Certificate– Digitally Sign SOAP message

• Authorization– Secure Authorization Markup Language (SAML)– http://www.oasis-open.org/committees/security/


EnterpriseJava

CertificateAuthority

SecurityServer

WebService

CorporateAuthorization

ServiceCertificateAuthentication

2. Retrieve user’s access permissions

1. Authenticate (SOAP/HTTPS)

Application(Any Technology)

3. Signed security assertions (SOAP/HTTPS)

4. Invoke (SOAP/HTTPS)(Passes Assertions)

5. Business operation


EnterpriseJava

Security (Cont)

• Firewall filtering options– MIME type of text/xml-soap

– SOAP-Action

– Force M-POST requests• 510 Not Extended HTTP status code from server

– SOAPMethodName


EnterpriseJava

SOAP Implementations

• Apache SOAP– Basic SOAP implementation

– See xml.apache.org/soap/

• Apache AXIS– Next generation SOAP implementation

– See xml.apache.org/axis/

• SOAP::Lite– Perl implementation. See www.cpan.org

• .NET– See msdn.microsoft.com (.NET SDK)

– Web services deployed to IIS


EnterpriseJava

Interoperability

• Minor issues exist between these implementations– .NET requires parameters to be named and typed

– Issue for default SOAP::Lite (PERL) behavior

– Different ideas of the SOAPAction Header

• Not perfect but can be made to inter-operate

• Interoperability labs and info– http://www.xmethods.net/ilab/

– http://www.mssoapinterop.org/


EnterpriseJava

Apache AXIS

• Java-centric SOAP implementation

• Runs as a J2EE web application– Receives SOAP request

– Deserializes call parameters

– Invokes method on your java class


EnterpriseJava

Web Server

SOAP Proxy (AXIS)

Client

Java Class File(Web Service)

1. SOAP/HTTP

2. Forwards to Proxy

3. De-serializes SOAPMessage to Java object(s)Calls Java class

4. Invoke registered service

5. Performservice

6. response

7. Serializes java objectsTo SOAP encoding

8. SOAP

9. SOAP/HTTP


EnterpriseJava

AXIS Installation

• Copy webapps\axis directory to Servlet container’s webapps directory

• Copy xerces.jar (or JAXP jar files) to axis\lib directory

• Copy your web service class files to the WEB-INF\classes subdirectory (.jar files can go into WEB-INF\lib


EnterpriseJava

Basic Deployment

• Simple– cp someclass.java webapps\axis\someclass.jws

• Better– Write a Web Services Deployment Descriptor(WSDD)


EnterpriseJava

Hello Service

package corej2ee.exercise.webservice;

public class HelloService {

public String getHelloMessage() {

return "Web Service Hello";

}

}

• cp HelloService.java $TOMCAT_HOME/webapps/axis/HelloService.jws


EnterpriseJava


EnterpriseJava

Client Applicationpackage corej2ee.exercise.webservice;

import org.apache.axis.client.Call;

import org.apache.axis.client.Service;

import javax.xml.rpc.namespace.QName;

public class TestHelloService {

public static void main(String [] args) {

try {

String endpoint="http://localhost:9090/axis/HelloService.jws";

String method="getHelloMessage";

Service service = new Service();

Call call = (Call) service.createCall();


EnterpriseJava

Client Application

call.setTargetEndpointAddress( new java.net.URL(endpoint) );

call.setOperationName( method );

call.setReturnType( org.apache.axis.encoding.XMLType.XSD_STRING );

String ret = (String) call.invoke(new Object[0]);

System.out.println("Got " + ret);

}

catch (Exception e) {

System.err.println(e.toString());

}

}

}


EnterpriseJava

Production Deployment

• Deployment descriptor

• Can specify other services that run when service is invoked

<deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <service name=“HelloService" provider="java:RPC"> <parameter name="className" value=“corej2ee.exercise.webservice.HelloService"/> <parameter name="allowedMethods" value="*"/> </service></deployment>


EnterpriseJava

Deployment (Cont)

• java org.apache.axis.client.AdminClient deploy.wsdd

-lurl sets the AxisServlet URL -hhostName sets the AxisServlet host -pportNumber sets the AxisServlet port -sservletPath sets the path to the AxisServlet -ffileName specifies that a simple file protocol should be used -uusername sets the username -ppassword sets the password -d sets the debug flag (for instance, -ddd would set it to 3) -tname sets the transport chain touse list will list the currently deployed services quit will quit (???) passwd value changes the admin password xmlConfigFile deploys or undeploys Axis components and web services

If -l or -h -p -s are not set, the AdminClient will invoke http://localhost:8080/axis/servlet/AxisServlet


EnterpriseJava

Serializing Java Objects

• AXIS can automatically serialize simple Java object types to/from the standard SOAP encoding

• Complex objects require developer input– BeanSerializer

– Custom Serializers


EnterpriseJava

BeanSerializer

• When complex objects are passed, AXIS must be told how to convert the object to/from XML

• If object is a Java Bean, the BeanSerializer class can be used– Have to specify mapping in deployment descriptor and the client


EnterpriseJava

SerializersIn deployment descriptor:

<beanMapping qname="myNS:HelloStruct" xmlns:myNS="urn:HelloService" languageSpecificType=“model.HelloMessage"/>

In client program:

call.registerTypeMapping(HelloMessage.class, qn, new org.apache.axis.encoding.ser.BeanSerializerFactory(HelloMessage.class, qn), new org.apache.axis.encoding.ser.BeanDeserializerFactory(HelloMessage.class, qn));

• Uses reflection to invoke all get() methods and serialize

• Can write your own serializers and register them– non Java Bean classes

– efficiency


EnterpriseJava

Describing Web Services

• Web Services Description Language (WSDL)– Grammar for defining web services

– Describes service• Input/output

• Message encoding

• Transport required

• Address information

– Initially developed by IBM, Ariba, Microsoft

• Given a WSDL description, automated tools can generate stubs to call the service


EnterpriseJava

<?xml version="1.0" encoding="UTF-8"?>

<wsdl:definitions targetNamespace=http://localhost:9090/axis/HelloService.jws

xmlns="http://schemas.xmlsoap.org/wsdl/"

xmlns:SOAP-ENC=http://schemas.xmlsoap.org/soap/encoding/

xmlns:impl="http://localhost:9090/axis/HelloService.jws-impl"

xmlns:intf=http://localhost:9090/axis/HelloService.jws

xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"

xmlns:wsdlsoap=http://schemas.xmlsoap.org/wsdl/soap/

xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<wsdl:message name="getHelloMessageResponse">

<wsdl:part name="return" type="xsd:string"/>

</wsdl:message>

<wsdl:message name="getHelloMessageRequest">

</wsdl:message>


EnterpriseJava

<wsdl:portType name="HelloService">

<wsdl:operation name="getHelloMessage">

<wsdl:input message="intf:getHelloMessageRequest"/>

<wsdl:output message="intf:getHelloMessageResponse"/>

</wsdl:operation>

</wsdl:portType>


EnterpriseJava

<wsdl:binding name="HelloServiceSoapBinding" type="intf:HelloService">

<wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/>

<wsdl:operation name="getHelloMessage">

<wsdlsoap:operation soapAction=""/>

<wsdl:input>

<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://localhost:9090/axis/HelloService.jws" use="encoded"/>

</wsdl:input>

<wsdl:output>

<wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://localhost:9090/axis/HelloService.jws" use="encoded"/>

</wsdl:output>

</wsdl:operation>

</wsdl:binding>


EnterpriseJava

<wsdl:service name="HelloServiceService">

<wsdl:port binding="intf:HelloServiceSoapBinding" name="HelloService">

<wsdlsoap:address location="http://localhost:9090/axis/HelloService.jws"/>

</wsdl:port>

</wsdl:service>

</wsdl:definitions>


EnterpriseJava

Auto-Generated client stubs

• Invoke– java org.apache.axis.wsdl.WSDL2Java (WSDL-file-URL)

– http://localhost:9090/axis/HelloService.jws?WSDL

• Generated04/07/2002 03:29 PM 285 HelloService.java

04/07/2002 03:29 PM 482 HelloServiceService.java

04/07/2002 03:29 PM 1,262 HelloServiceServiceLocator.java

04/07/2002 03:29 PM 4,580 HelloServiceSoapBindingStub.java

• Follows JAX-RPC spec for generated client bindings


EnterpriseJava

Client Programpackage corej2ee.exercise.webservice;

public class WSDLHelloClient {

public static void main(String[] args) {

localhost.HelloServiceServiceLocator service = new localhost.HelloServiceServiceLocator();

// Get the stub

localhost.HelloService port=null;

try {

port = service.getHelloService();

}

catch(javax.xml.rpc.ServiceException se2) {

se2.printStackTrace(); System.exit(-2);

}


EnterpriseJava // Make the actual call

String msg="Nothing";

try {

msg=port.getHelloMessage();

}

catch(java.rmi.RemoteException re) {

re.printStackTrace();

System.exit(-3);

}

System.out.println("Client got: " + msg);

}

}


EnterpriseJava

Discovering Web Services

• Universal Description, Discovery, and Integration (UDDI)– Lists description of a business and services offered

– Can federate registries

– Find service in registry, automatically create proxies, and invoke

• Web Services Inspection Language (WSIL)– IBM and Microsoft proposal

– Simpler. More of a white pages paradigm


EnterpriseJava

UDDI (Cont)

• Software packages– UDDI4j

• http://oss.software.ibm.com/developerworks/projects/uddi4j

• Register and find businesses

– IBM Web Services Toolkit• Locate services in UDDI and invoke service with a generated WSDL-

based proxy

– Web Services Invocation Framework (WSIF)• Given WSDL, call SOAP service

• www.alphaworks.ibm.com/tech/wsif


EnterpriseJava

Composable Web Services

• Possible to graphically compose web services into a distributed workflow

• Area of current research


EnterpriseJava

System OneSOAP Adapter

System TwoSOAP Adapter

Data MiningSOAP Adapter

UDDIRegistry

UDDIRegistry

ProprietaryTechnology

EJB-BasedSystem

.NET-BasedSystem

Create Business ProcessFind and Invoke System1 queryFind and Invoke System2 queryPass results to Data Mining system

On errorInvoke monitor process with fault code


EnterpriseJava

Web Services and J2EE


EnterpriseJava

J2EE 1.4 and Web Services

• JSR-109 Web Services for J2EE– http://jcp.org/jsr/detail/109.jsp– Client and Server requirements next 2 slides– Registries

• JAXR registry provider and implementation must be provided by app server


EnterpriseJava

J2EE 1.4 Web Service Clients

• Clients– JAX-RPC

• Web service calls using SOAP/HTTP

• Mapping between java objects and XML

– SOAP with Attachments for Java (SAAJ)• Low-level SOAP message manipulation

– JAXR• Client access to registries


EnterpriseJava

J2EE and Web Services (Cont)

• Server– Deploy Stateless Session Beans as web service endpoints

– Additional deployment descriptors• WSDL generated that defines web service the EJB implements

– Container generates JAX-RPC runtime to:• Process SOAP request

• Invoke exposed session bean method

• Return results (if any)


EnterpriseJava

Security Requirements

• Web Client authentication– BASIC authentication

• Passwords sent base64 encoded

– HTTPS Client authentication

– Form-based authentication

• Server maintains login context and acts as proxy for client requests


EnterpriseJava

Summary

• SOAP is a very effective, interoperable protocol– Have to be careful with performance, though

• WSDL is used to describe web services

• UDDI serves as a registry for SOAP services

• Security approach is still immature

• Workflow of web services immature with competing approaches


EnterpriseJava

References

• SOAP 1.2 Proposal– http://www.w3.org/TR/2001/WD-soap12-part1-20011217/

• Programming Web Services With Soap, James Snell. O’Reilly

• Web Service Essentials, Ethan Cerami, O’Reilly


EnterpriseJava

Resources

• SOAP 1.1 Specification– http://www.w3.org/TR/SOAP/

• SOAP 1.2 – http://www.w3.org/TR/2001/WD-soap12-part1-20011217/

• Apache AXIS– http://xml.apache.org/axis/index.html

• IBM Web Services Toolkit– http://alphaworks.ibm.com/tech/webservicestoolkit

• XML Schema Primer– http://www.w3.org/2001/09/soap-encoding


EnterpriseJava

Resources (Cont)

• UDDI – http://www.uddi.org

• Oasis (SAML, other XML initiatives)– www.oasis-open.org

• W3C WSDL– http://www.w3.org/TR/wsdl/

Documents

Enterprise Java v021012Web Services1 Web Services and SOAP