Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Enterprise Java Web Services and SOAP v021012 Web Services 1 Topics Enterprise Java • SOAP Overview • Web Services – Deploying Web Services – Describing Web Services – Registering Web Services • Security • Web Services and J2EE v021012 Web Services 2 SOAP Overview Enterprise Java • Simple Object Access Protocol (SOAP) • Interoperable XML-based communication mechanism for distributed computing • Many vendor and language implementations available • Web Services are built using SOAP as a communication mechanism • W3C working on SOAP 1.2 • Alternatives – RMI – Java-centric – CORBA - Complicated v021012 Web Services 3 SOAP Goals Enterprise Java • Interoperability • Simple and lightweight • Not considered: – distributed garbage collection – batching of messages – objects-by-reference (which requires distributed garbage collection) – activation (which requires objects-by-reference) v021012 Web Services 4 The Big Picture Enterprise Java HTTP/S Browser Web Tier SOAP Client HTTP/S Client v021012 Business Logic (EJB, COM, Java) SOAP SOAP Service Data Sources Java/RMI/IIOP/COM Web Services 5 Web Service Protocol Stack Enterprise Java Workflow/Business Processes Web Service Discovery Web Service Description SOAP Transport v021012 HTTP Jabber JMS Web Services SMTP …. 6 SOAP Components Enterprise Java • Envelope – Describes message, processing requirements, and message contents. Routing, delivery, etc. – Encapsulates data being transferred • Encoding Mechanism – Standard representation for application data types • RPC Conventions – Mechanism to issue remote procedure calls and receive a response v021012 Web Services 7 Example SOAP Request Enterprise Java POST /StockQuote HTTP/1.1 Host: www.stockquoteserver.com Content-Type: text/xml; charset="utf-8" Content-Length: nnnn SOAPAction: "Some-URI" <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAPENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"> <SOAP-ENV:Body> <m:GetLastTradePrice xmlns:m=“urn:DB3Service"> <symbol>DIS</symbol> </m:GetLastTradePrice> </SOAP-ENV:Body> </SOAP-ENV:Envelope> v021012 Web Services 8 Example SOAP Response Enterprise Java HTTP/1.1 200 OK Content-Type: text/xml; charset="utf-8" Content-Length: nnnn <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/> <SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m=“urn:DB3Service"> <Price>34.5</Price> </m:GetLastTradePriceResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope> v021012 Web Services 9 Message Exchange Model Enterprise Java • Spec-wise – a one-way transmission between a sender and a receiver • Frequently, used in a request/response pattern – RPC – Document transmission v021012 Web Services 10 SOAP Message Enterprise Java Optional Mandatory Content intended For receiver From O’Reilly’s ‘Web Service Essentials’ v021012 Web Services 11 Envelope Enterprise Java • ‘Wrapper’ around the entire message • Namespace for envelope, header, and body <SOAP-ENV:Envelope xmlns:SOAP-ENV=http://schemas.xmlsoap.org/soap/envelope/ • Can contain an optional header • Contains exactly one body element v021012 Web Services 12 Header Enterprise Java • Contains header blocks – Contextual information (like IIOP Context) – Authentication credentials – Transaction ids • At most, one header element can be present. If present, must be first element in the envelope v021012 Web Services 13 Header Attributes Enterprise Java • mustUnderstand – Attribute on a header element – Recipient must understand the header element or must reject the message <s:header> <m:transaction xmlns:m=“soap-transaction” s:mustUnderstand=“true” <transactionId>505</transactionId> </m:transaction> </s:header> v021012 Web Services 14 Body Enterprise Java • Contains the actual message being transmitted between sender and receiver • Can contain any valid, well-formed XML <SOAP-ENV:Body> <m:GetLastTradePriceResponse xmlns:m=“urn:DB3Service"> <Price xsi:type=“xsd:float”>34.5</Price> </m:GetLastTradePriceResponse> </SOAP-ENV:Body> • Can not contain processing instructions or DTD references v021012 Web Services 15 When things go wrong Enterprise Java • FaultElement is returned in the Body <SOAP-ENV:Body> <SOAP-ENV:Fault> <faultcode xsi:type="xsd:string">SOAP-ENV:Client</faultcode> <faultstring xsi:type="xsd:string">The client has sent an invalid request</faultstring> </SOAP-ENV:Fault> </SOAP-ENV:Body> v021012 Web Services 16 Pre-defined fault codes Enterprise Java • SOAP-ENV:VersionMismatch – Invalid namespace in SOAP envelope • SOAP-ENV:MustUnderstand – Could not process a header attribute with ‘mustUnderstand’ set to true • SOAP-ENV:Client – Error in client request e.g. bad parameters, bad method name • SOAP-ENV:Server – Server can not process request v021012 Web Services 17 Message Encoding Enterprise Java • Specified rules for encoding application data types – Uses XMLSchema – Defines arrays and references • Optional • SOAP-ENV:encodingStyle attribute – 1.1=http://schemas.xmlsoap.org/soap/encoding/ – 1.2=http://www.w3.org/2001/09/soap-encoding <ns1:getPriceResponse xmlns:ns1="urn:DB3Service" SOAP-ENV:encodingStyle="http://www.w3.org/2001/09/soap-encoding"> <value xsi:type="xsd:double">2.71828</value> </ns1:getPriceResponse> v021012 Web Services 18 How are types specified? Enterprise Java • Apache SOAP adds an explicit xsi:type attribute for each element • .NET omits xsl:type – assumes external schema definition • See upcoming interoperability slides v021012 Web Services 19 Some basic xml schema types Enterprise Java • string – Some string data • binary – 1000101110 • short – -7, 135 • date – 2002-03-22 • Boolean – 1,0,true,false v021012 Web Services 20 Compound Types Enterprise Java • Arrays • Structs • Binary data should be transmitted as xsi:type=“SOAPENC:base64” v021012 Web Services 21 Array Example Enterprise Java <?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://www.w3.org/2001/09/soap-envelope" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <SOAP-ENV:Body> <ns1:getAuthorsResponse xmlns:ns1="urn:DB2Service" SOAP-ENV:encodingStyle="http://www.w3.org/2001/09/soap-encoding"> <return xmlns:ns2="http://www.w3.org/2001/09/soap-encoding" xsi:type="ns2:Array" ns2:arrayType="xsd:string[2]"> <author xsi:type="xsd:string">Author 37</author> <author xsi:type="xsd:string">Author 99</author> </return> </ns1:getAuthorsResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope> v021012 Web Services 22 Custom encoding rules Enterprise Java • Embed an entire document in the body <ns1:getReportResponse xmlns:ns1="urn:DB3Service" SOAP-ENV:encodingStyle= "http://xml.apache.org/xml-soap/literalxml"> <return> <report serial=“1945"> <name>ReportName</name> <analyst>Dan</analyst> </report> </return> </ns1:getReportResponse> v021012 Web Services 23 Security Enterprise Java • Still evolving • Confidentially – Can use transport mechanism (HTTPS) – XML Encryption standard for document contents • Authentication – SSL Certificate – Digitally Sign SOAP message • Authorization – Secure Authorization Markup Language (SAML) – http://www.oasis-open.org/committees/security/ v021012 Web Services 24 Corporate Authorization Service Certificate Authority Enterprise Java Certificate Authentication 2. Retrieve user’s access permissions Security Server 1. Authenticate (SOAP/HTTPS) 3. Signed security assertions (SOAP/HTTPS) 4. Invoke (SOAP/HTTPS) (Passes Assertions) Application (Any Technology) v021012 5. Business operation Web Services Web Service 25 Security (Cont) Enterprise Java • Firewall filtering options – MIME type of text/xml-soap – SOAP-Action – Force M-POST requests • 510 Not Extended HTTP status code from server – SOAPMethodName v021012 Web Services 26 SOAP Implementations Enterprise Java • Apache SOAP – Basic SOAP implementation – See xml.apache.org/soap/ • Apache AXIS – Next generation SOAP implementation – See xml.apache.org/axis/ • SOAP::Lite – Perl implementation. See www.cpan.org • .NET – See msdn.microsoft.com (.NET SDK) – Web services deployed to IIS v021012 Web Services 27 Interoperability Enterprise Java • Minor issues exist between these implementations – .NET requires parameters to be named and typed – Issue for default SOAP::Lite (PERL) behavior – Different ideas of the SOAPAction Header • Not perfect but can be made to inter-operate • Interoperability labs and info – http://www.xmethods.net/ilab/ – http://www.mssoapinterop.org/ v021012 Web Services 28 Apache AXIS Enterprise Java • Java-centric SOAP implementation • Runs as a J2EE web application – Receives SOAP request – Deserializes call parameters – Invokes method on your java class v021012 Web Services 29 Enterprise Java 1. SOAP/HTTP Web Server Client 9. SOAP/HTTP 2. Forwards to Proxy 8. SOAP 7. Serializes java objects To SOAP encoding SOAP Proxy (AXIS) 3. De-serializes SOAP Message to Java object(s) Calls Java class 4. Invoke registered service 6. response Java Class File (Web Service) v021012 Web Services 5. Perform service 30 AXIS Installation Enterprise Java • Copy webapps\axis directory to Servlet container’s webapps directory • Copy xerces.jar (or JAXP jar files) to axis\lib directory • Copy your web service class files to the WEB-INF\classes subdirectory (.jar files can go into WEB-INF\lib v021012 Web Services 31 Basic Deployment Enterprise Java • Simple – cp someclass.java webapps\axis\someclass.jws • Better – Write a Web Services Deployment Descriptor(WSDD) v021012 Web Services 32 Hello Service Enterprise Java package corej2ee.exercise.webservice; public class HelloService { public String getHelloMessage() { return "Web Service Hello"; } } • cp HelloService.java $TOMCAT_HOME/webapps/axis/HelloService.jws v021012 Web Services 33 Enterprise Java v021012 Web Services 34 Client Application Enterprise Java package corej2ee.exercise.webservice; import org.apache.axis.client.Call; import org.apache.axis.client.Service; import javax.xml.rpc.namespace.QName; public class TestHelloService { public static void main(String [] args) { try { String endpoint="http://localhost:9090/axis/HelloService.jws"; String method="getHelloMessage"; Service service = new Service(); Call v021012 call = (Call) service.createCall(); Web Services 35 Client Application Enterprise Java call.setTargetEndpointAddress( new java.net.URL(endpoint) ); call.setOperationName( method ); call.setReturnType( org.apache.axis.encoding.XMLType.XSD_STRING ); String ret = (String) call.invoke(new Object[0]); System.out.println("Got " + ret); } catch (Exception e) { System.err.println(e.toString()); } } } v021012 Web Services 36 Production Deployment Enterprise Java • Deployment descriptor <deployment xmlns="http://xml.apache.org/axis/wsdd/" xmlns:java="http://xml.apache.org/axis/wsdd/providers/java"> <service name=“HelloService" provider="java:RPC"> <parameter name="className" value=“corej2ee.exercise.webservice.HelloService"/> <parameter name="allowedMethods" value="*"/> </service> </deployment> • Can specify other services that run when service is invoked v021012 Web Services 37 Deployment (Cont) Enterprise Java • java org.apache.axis.client.AdminClient deploy.wsdd -lurl sets the AxisServlet URL -hhostName sets the AxisServlet host -pportNumber sets the AxisServlet port -sservletPath sets the path to the AxisServlet -ffileName specifies that a simple file protocol should be used -uusername sets the username -ppassword sets the password -d sets the debug flag (for instance, -ddd would set it to 3) -tname sets the transport chain touse list will list the currently deployed services quit will quit (???) passwd value changes the admin password xmlConfigFile deploys or undeploys Axis components and web services If -l or -h -p -s are not set, the AdminClient will invoke http://localhost:8080/axis/servlet/AxisServlet v021012 Web Services 38 Serializing Java Objects Enterprise Java • AXIS can automatically serialize simple Java object types to/from the standard SOAP encoding • Complex objects require developer input – BeanSerializer – Custom Serializers v021012 Web Services 39 BeanSerializer Enterprise Java • When complex objects are passed, AXIS must be told how to convert the object to/from XML • If object is a Java Bean, the BeanSerializer class can be used – Have to specify mapping in deployment descriptor and the client v021012 Web Services 40 Serializers Enterprise Java In deployment descriptor: <beanMapping qname="myNS:HelloStruct" xmlns:myNS="urn:HelloService" languageSpecificType=“model.HelloMessage"/> In client program: call.registerTypeMapping(HelloMessage.class, qn, new org.apache.axis.encoding.ser.BeanSerializerFactory(HelloMessage.class, qn), new org.apache.axis.encoding.ser.BeanDeserializerFactory(HelloMessage.class, qn)); • Uses reflection to invoke all get() methods and serialize • Can write your own serializers and register them – non Java Bean classes – efficiency v021012 Web Services 41 Describing Web Services Enterprise Java • Web Services Description Language (WSDL) – Grammar for defining web services – Describes service • • • • Input/output Message encoding Transport required Address information – Initially developed by IBM, Ariba, Microsoft • Given a WSDL description, automated tools can generate stubs to call the service v021012 Web Services 42 Enterprise Java <?xml version="1.0" encoding="UTF-8"?> <wsdl:definitions targetNamespace=http://localhost:9090/axis/HelloService.jws xmlns="http://schemas.xmlsoap.org/wsdl/" xmlns:SOAP-ENC=http://schemas.xmlsoap.org/soap/encoding/ xmlns:impl="http://localhost:9090/axis/HelloService.jws-impl" xmlns:intf=http://localhost:9090/axis/HelloService.jws xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:wsdlsoap=http://schemas.xmlsoap.org/wsdl/soap/ xmlns:xsd="http://www.w3.org/2001/XMLSchema"> <wsdl:message name="getHelloMessageResponse"> <wsdl:part name="return" type="xsd:string"/> </wsdl:message> <wsdl:message name="getHelloMessageRequest"> </wsdl:message> v021012 Web Services 43 Enterprise Java <wsdl:portType name="HelloService"> <wsdl:operation name="getHelloMessage"> <wsdl:input message="intf:getHelloMessageRequest"/> <wsdl:output message="intf:getHelloMessageResponse"/> </wsdl:operation> </wsdl:portType> v021012 Web Services 44 Enterprise Java <wsdl:binding name="HelloServiceSoapBinding" type="intf:HelloService"> <wsdlsoap:binding style="rpc" transport="http://schemas.xmlsoap.org/soap/http"/> <wsdl:operation name="getHelloMessage"> <wsdlsoap:operation soapAction=""/> <wsdl:input> <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://localhost:9090/axis/HelloService.jws" use="encoded"/> </wsdl:input> <wsdl:output> <wsdlsoap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" namespace="http://localhost:9090/axis/HelloService.jws" use="encoded"/> </wsdl:output> </wsdl:operation> </wsdl:binding> v021012 Web Services 45 Enterprise Java <wsdl:service name="HelloServiceService"> <wsdl:port binding="intf:HelloServiceSoapBinding" name="HelloService"> <wsdlsoap:address location="http://localhost:9090/axis/HelloService.jws"/> </wsdl:port> </wsdl:service> </wsdl:definitions> v021012 Web Services 46 Auto-Generated client stubs Enterprise Java • Invoke – java org.apache.axis.wsdl.WSDL2Java (WSDL-file-URL) – http://localhost:9090/axis/HelloService.jws?WSDL • Generated 04/07/2002 03:29 PM 04/07/2002 03:29 PM 04/07/2002 03:29 PM 285 HelloService.java 482 HelloServiceService.java 1,262 HelloServiceServiceLocator.java 04/07/2002 03:29 PM 4,580 HelloServiceSoapBindingStub.java • Follows JAX-RPC spec for generated client bindings v021012 Web Services 47 Client Program Enterprise Java package corej2ee.exercise.webservice; public class WSDLHelloClient { public static void main(String[] args) { localhost.HelloServiceServiceLocator service = new localhost.HelloServiceServiceLocator(); // Get the stub localhost.HelloService port=null; try { port = service.getHelloService(); } catch(javax.xml.rpc.ServiceException se2) { se2.printStackTrace(); System.exit(-2); } v021012 Web Services 48 // Make the actual call Enterprise Java String msg="Nothing"; try { msg=port.getHelloMessage(); } catch(java.rmi.RemoteException re) { re.printStackTrace(); System.exit(-3); } System.out.println("Client got: " + msg); } } v021012 Web Services 49 Discovering Web Services Enterprise Java • Universal Description, Discovery, and Integration (UDDI) – Lists description of a business and services offered – Can federate registries – Find service in registry, automatically create proxies, and invoke • Web Services Inspection Language (WSIL) – IBM and Microsoft proposal – Simpler. More of a white pages paradigm v021012 Web Services 50 UDDI (Cont) Enterprise Java • Software packages – UDDI4j • http://oss.software.ibm.com/developerworks/projects/uddi4j • Register and find businesses – IBM Web Services Toolkit • Locate services in UDDI and invoke service with a generated WSDLbased proxy – Web Services Invocation Framework (WSIF) • Given WSDL, call SOAP service • www.alphaworks.ibm.com/tech/wsif v021012 Web Services 51 Composable Web Services Enterprise Java • Possible to graphically compose web services into a distributed workflow • Area of current research v021012 Web Services 52 Create Business Process Find and Invoke System1 query Find and Invoke System2 query Pass results to Data Mining system On error Invoke monitor process with fault code Enterprise Java System One SOAP Adapter UDDI Registry EJB-Based System UDDI Registry System Two SOAP Adapter Data Mining SOAP Adapter .NET-Based System Proprietary Technology v021012 Web Services 53 Enterprise Java Web Services and J2EE v021012 Web Services 54 J2EE 1.4 and Web Services Enterprise Java • JSR-109 Web Services for J2EE – http://jcp.org/jsr/detail/109.jsp – Client and Server requirements next 2 slides – Registries • JAXR registry provider and implementation must be provided by app server v021012 Web Services 55 J2EE 1.4 Web Service Clients Enterprise Java • Clients – JAX-RPC • Web service calls using SOAP/HTTP • Mapping between java objects and XML – SOAP with Attachments for Java (SAAJ) • Low-level SOAP message manipulation – JAXR • Client access to registries v021012 Web Services 56 J2EE and Web Services (Cont) Enterprise Java • Server – Deploy Stateless Session Beans as web service endpoints – Additional deployment descriptors • WSDL generated that defines web service the EJB implements – Container generates JAX-RPC runtime to: • Process SOAP request • Invoke exposed session bean method • Return results (if any) v021012 Web Services 57 Security Requirements Enterprise Java • Web Client authentication – BASIC authentication • Passwords sent base64 encoded – HTTPS Client authentication – Form-based authentication • Server maintains login context and acts as proxy for client requests v021012 Web Services 58 Summary Enterprise Java • SOAP is a very effective, interoperable protocol – Have to be careful with performance, though • • • • WSDL is used to describe web services UDDI serves as a registry for SOAP services Security approach is still immature Workflow of web services immature with competing approaches v021012 Web Services 59 References Enterprise Java • SOAP 1.2 Proposal – http://www.w3.org/TR/2001/WD-soap12-part1-20011217/ • Programming Web Services With Soap, James Snell. O’Reilly • Web Service Essentials, Ethan Cerami, O’Reilly v021012 Web Services 60 Resources Enterprise Java • SOAP 1.1 Specification – http://www.w3.org/TR/SOAP/ • SOAP 1.2 – http://www.w3.org/TR/2001/WD-soap12-part1-20011217/ • Apache AXIS – http://xml.apache.org/axis/index.html • IBM Web Services Toolkit – http://alphaworks.ibm.com/tech/webservicestoolkit • XML Schema Primer – http://www.w3.org/2001/09/soap-encoding v021012 Web Services 61 Resources (Cont) Enterprise Java • UDDI – http://www.uddi.org • Oasis (SAML, other XML initiatives) – www.oasis-open.org • W3C WSDL – http://www.w3.org/TR/wsdl/ v021012 Web Services 62