Web Services and SOAP

1
Web Services and SOAP
2
Topics

• SOAP Overview
• Web Services
• Deploying Web Services
• Describing Web Services
• Registering Web Services
• Security
• Web Services and J2EE

3
SOAP Overview

• Simple Object Access Protocol (SOAP)
• Interoperable XML-based communication mechanism
  for distributed computing
• Many vendor and language implementations
  available
• Web Services are built using SOAP as a
  communication mechanism
• W3C working on SOAP 1.2
• Alternatives
• RMI Java-centric
• CORBA - Complicated

4
SOAP Goals

• Interoperability
• Simple and lightweight
• Not considered
• distributed garbage collection
• batching of messages
• objects-by-reference (which requires distributed
  garbage collection)
• activation (which requires objects-by-reference)

5
The Big Picture
HTTP/S
Browser
Data Sources
Web Tier
Business Logic (EJB, COM, Java)
SOAP Client
SOAP
SOAP Service
HTTP/S
Client
Java/RMI/IIOP/COM
6
Web Service Protocol Stack
Workflow/Business Processes
Web Service Discovery
Web Service Description
SOAP
HTTP
Jabber
JMS
SMTP
.
Transport
7
SOAP Components

• Envelope
• Describes message, processing requirements, and
  message contents. Routing, delivery, etc.
• Encapsulates data being transferred
• Encoding Mechanism
• Standard representation for application data
  types
• RPC Conventions
• Mechanism to issue remote procedure calls and
  receive a response

8
Example SOAP Request
POST /StockQuote HTTP/1.1Host
www.stockquoteserver.comContent-Type text/xml
charset"utf-8"Content-Length nnnnSOAPAction
"Some-URI"ltSOAP-ENVEnvelope  xmlnsSOAP-ENV"h
ttp//schemas.xmlsoap.org/soap/envelope/"  SOAP-E
NVencodingStyle"http//schemas.xmlsoap.org/soap/
encoding/"gt   ltSOAP-ENVBodygt       ltmGetLastTr
adePrice xmlnsmurnDB3Service"gt           ltsym
bolgtDISlt/symbolgt       lt/mGetLastTradePricegt   
lt/SOAP-ENVBodygtlt/SOAP-ENVEnvelopegt
9
Example SOAP Response
HTTP/1.1 200 OKContent-Type text/xml
charset"utf-8"Content-Length
nnnnltSOAP-ENVEnvelope  xmlnsSOAP-ENV"http//
schemas.xmlsoap.org/soap/envelope/"  SOAP-ENVenc
odingStyle"http//schemas.xmlsoap.org/soap/encodi
ng/"/gt   ltSOAP-ENVBodygt       ltmGetLastTradePr
iceResponse xmlnsmurnDB3Service"gt           lt
Pricegt34.5lt/Pricegt       lt/mGetLastTradePriceRes
ponsegt   lt/SOAP-ENVBodygtlt/SOAP-ENVEnvelopegt
10
Message Exchange Model

• Spec-wise a one-way transmission between a
  sender and a receiver
• Frequently, used in a request/response pattern
• RPC
• Document transmission

11
SOAP Message
Optional
Mandatory
Content intended For receiver
From OReillys Web Service Essentials
12
Envelope

• Wrapper around the entire message
• Namespace for envelope, header, and body
• ltSOAP-ENVEnvelopexmlnsSOAP-ENVhttp//schemas.x
  mlsoap.org/soap/envelope/
• Can contain an optional header
• Contains exactly one body element

13
Header

• Contains header blocks
• Contextual information (like IIOP Context)
• Authentication credentials
• Transaction ids
• At most, one header element can be present. If
  present, must be first element in the envelope

14
Header Attributes

• mustUnderstand
• Attribute on a header element
• Recipient must understand the header element or
  must reject the message

ltsheadergt ltmtransaction xmlnsmsoap-transactio
n smustUnderstandtrue
lttransactionIdgt505lt/transactionIdgt lt/mtransaction
gt lt/sheadergt
15
Body

• Contains the actual message being transmitted
  between sender and receiver
• Can contain any valid, well-formed XML
• Can not contain processing instructions or DTD
  references

ltSOAP-ENVBodygt ltmGetLastTradePriceResponse
xmlnsmurnDB3Service"gt    ltPrice
xsitypexsdfloatgt34.5lt/Pricegt lt/mGetLastTrad
ePriceResponsegt lt/SOAP-ENVBodygt
16
When things go wrong

• FaultElement is returned in the Body

ltSOAP-ENVBodygt ltSOAP-ENVFaultgt ltfaultcode
xsitype"xsdstring"gtSOAP-ENVClientlt/faultcodegt
ltfaultstring xsitype"xsdstring"gtThe client
has sent an invalid requestlt/faultstringgt
lt/SOAP-ENVFaultgt lt/SOAP-ENVBodygt
17
Pre-defined fault codes

• SOAP-ENVVersionMismatch
• Invalid namespace in SOAP envelope
• SOAP-ENVMustUnderstand
• Could not process a header attribute with
  mustUnderstand set to true
• SOAP-ENVClient
• Error in client request e.g. bad parameters, bad
  method name
• SOAP-ENVServer
• Server can not process request

18
Message Encoding

• Specified rules for encoding application data
  types
• Uses XMLSchema
• Defines arrays and references
• Optional
• SOAP-ENVencodingStyle attribute
• 1.1http//schemas.xmlsoap.org/soap/encoding/
• 1.2http//www.w3.org/2001/09/soap-encoding

ltns1getPriceResponse xmlnsns1"urnDB3Service"
SOAP-ENVencodingStyle"http//www.w3.org/2001/
09/soap-encoding"gt ltvalue
xsitype"xsddouble"gt2.71828lt/valuegt
lt/ns1getPriceResponsegt
19
How are types specified?

• Apache SOAP adds an explicit xsitype attribute
  for each element
• .NET omits xsltype assumes external schema
  definition
• See upcoming interoperability slides

20
Some basic xml schema types

• string
• Some string data
• binary
• 1000101110
• short
• -7, 135
• date
• 2002-03-22
• Boolean
• 1,0,true,false

21
Compound Types

• Arrays
• Structs
• Binary data should be transmitted as
  xsitypeSOAP-ENCbase64

22
Array Example
lt?xml version'1.0' encoding'UTF-8'?gt
ltSOAP-ENVEnvelope xmlnsSOAP-ENV"http//www.w3.
org/2001/09/soap-envelope"
xmlnsxsi"http//www.w3.org/2001/XMLSchema-instan
ce" xmlnsxsd"http//www.w3.org/2001/XMLSc
hema"gt ltSOAP-ENVBodygt ltns1getAuthorsRespon
se xmlnsns1"urnDB2Service"
SOAP-ENVencodingStyle"http//www.w3.org/2001/09/
soap-encoding"gt ltreturn xmlnsns2"http//w
ww.w3.org/2001/09/soap-encoding"
xsitype"ns2Array" ns2arrayType"xsdstring2"
gt ltauthor xsitype"xsdstring"gtAut
hor 37lt/authorgt ltauthor
xsitype"xsdstring"gtAuthor 99lt/authorgt
lt/returngt lt/ns1getAuthorsResponsegt
lt/SOAP-ENVBodygt lt/SOAP-ENVEnvelopegt
23
Custom encoding rules

• Embed an entire document in the body

ltns1getReportResponse xmlnsns1"urnDB3Servi
ce" SOAP-ENVencodingStyle
"http//xml.apache.org/xml-soap/literalxml"gt
ltreturngt ltreport serial1945"gt
ltnamegtReportNamelt/namegt
ltanalystgtDanlt/analystgt lt/reportgt
lt/returngt lt/ns1getReportResponsegt
24
Security

• Still evolving
• Confidentially
• Can use transport mechanism (HTTPS)
• XML Encryption standard for document contents
• Authentication
• SSL Certificate
• Digitally Sign SOAP message
• Authorization
• Secure Authorization Markup Language (SAML)
• http//www.oasis-open.org/committees/security/

25
Certificate Authority
Corporate Authorization Service
Certificate Authentication
2. Retrieve users access permissions
Security Server
1. Authenticate (SOAP/HTTPS)
3. Signed security assertions (SOAP/HTTPS)
4. Invoke (SOAP/HTTPS) (Passes Assertions)
Web Service
5. Business operation
Application (Any Technology)
26
Security (Cont)

• Firewall filtering options
• MIME type of text/xml-soap
• SOAP-Action
• Force M-POST requests
• 510 Not Extended HTTP status code from server
• SOAPMethodName

27
SOAP Implementations

• Apache SOAP
• Basic SOAP implementation
• See xml.apache.org/soap/
• Apache AXIS
• Next generation SOAP implementation
• See xml.apache.org/axis/
• SOAPLite
• Perl implementation. See www.cpan.org
• .NET
• See msdn.microsoft.com (.NET SDK)
• Web services deployed to IIS

28
Interoperability

• Minor issues exist between these implementations
• .NET requires parameters to be named and typed
• Issue for default SOAPLite (PERL) behavior
• Different ideas of the SOAPAction Header
• Not perfect but can be made to inter-operate
• Interoperability labs and info
• http//www.xmethods.net/ilab/
• http//www.mssoapinterop.org/

29
Apache AXIS

• Java-centric SOAP implementation
• Runs as a J2EE web application
• Receives SOAP request
• Deserializes call parameters
• Invokes method on your java class

30
Web Server
Client
1. SOAP/HTTP
9. SOAP/HTTP
2. Forwards to Proxy
8. SOAP
SOAP Proxy (AXIS)
3. De-serializes SOAP Message to Java
object(s) Calls Java class
7. Serializes java objects To SOAP encoding
4. Invoke registered service
6. response
5. Perform service
Java Class File (Web Service)
31
AXIS Installation

• Copy webapps\axis directory to Servlet
  containers webapps directory
• Copy xerces.jar (or JAXP jar files) to axis\lib
  directory
• Copy your web service class files to the
  WEB-INF\classes subdirectory (.jar files can go
  into WEB-INF\lib

32
Basic Deployment

• Simple
• cp someclass.java webapps\axis\someclass.jws
• Better
• Write a Web Services Deployment Descriptor(WSDD)

33
Hello Service

• package corej2ee.exercise.webservice
• public class HelloService
• public String getHelloMessage()
• return "Web Service Hello"
• cp HelloService.java TOMCAT_HOME/webapps/axis/He
  lloService.jws

34
(No Transcript)
35
Client Application
package corej2ee.exercise.webservice import
org.apache.axis.client.Call import
org.apache.axis.client.Service import
javax.xml.rpc.namespace.QName public class
TestHelloService public static void
main(String args) try
String endpoint"http//localhost9090/axis/HelloS
ervice.jws" String method"getHelloMessa
ge" Service service new Service()
Call call (Call)
service.createCall()
36
Client Application
call.setTargetEndpointAddress( new
java.net.URL(endpoint) )
call.setOperationName( method )
call.setReturnType( org.apache.axis.encoding.XMLTy
pe.XSD_STRING ) String ret (String)
call.invoke(new Object0)
System.out.println("Got " ret)
catch (Exception e)
System.err.println(e.toString())
37
Production Deployment

• Deployment descriptor
• Can specify other services that run when service
  is invoked

ltdeployment xmlns"http//xml.apache.org/axis/wsdd
/"             xmlnsjava"http//xml.apache.o
rg/axis/wsdd/providers/java"gt   ltservice
nameHelloService" provider"javaRPC"gt  
ltparameter name"className"
valuecorej2ee.exercise.webservice.HelloService"/
gt   ltparameter name"allowedMethods"
value""/gt   lt/servicegt lt/deploymentgt
38
Deployment (Cont)

• java org.apache.axis.client.AdminClient
  deploy.wsdd

-lurl sets the AxisServlet URL
-hhostName sets the AxisServlet host
-pportNumber sets the AxisServlet port
-sservletPath sets the path to the AxisServlet
-ffileName specifies that a simple file protocol
should be used -uusername sets the username
-ppassword sets the password -d sets the debug
flag (for instance, -ddd would set it to 3)
-tname sets the transport chain touse list will
list the currently deployed services quit will
quit (???) passwd value changes the admin
password xmlConfigFile deploys or undeploys Axis
components and web services If -l or -h -p -s
are not set, the AdminClient will invoke
http//localhost8080/axis/servlet/AxisServlet
39
Serializing Java Objects

• AXIS can automatically serialize simple Java
  object types to/from the standard SOAP encoding
• Complex objects require developer input
• BeanSerializer
• Custom Serializers

40
BeanSerializer

• When complex objects are passed, AXIS must be
  told how to convert the object to/from XML
• If object is a Java Bean, the BeanSerializer
  class can be used
• Have to specify mapping in deployment descriptor
  and the client

41
Serializers
In deployment descriptor ltbeanMapping
qname"myNSHelloStruct" xmlnsmyNS"urnHelloServ
ice" languageSpecificTypemodel.HelloMessage
"/gt In client program call.registerTypeMapping(
HelloMessage.class, qn, new
org.apache.axis.encoding.ser.BeanSerializerFactory
(HelloMessage.class, qn), new
org.apache.axis.encoding.ser.BeanDeserializerFacto
ry(HelloMessage.class, qn))

• Uses reflection to invoke all get() methods and
  serialize
• Can write your own serializers and register them
• non Java Bean classes
• efficiency

42
Describing Web Services

• Web Services Description Language (WSDL)
• Grammar for defining web services
• Describes service
• Input/output
• Message encoding
• Transport required
• Address information
• Initially developed by IBM, Ariba, Microsoft
• Given a WSDL description, automated tools can
  generate stubs to call the service

43
lt?xml version"1.0" encoding"UTF-8"?gt ltwsdldefin
itions targetNamespacehttp//localhost9090/axis/
HelloService.jws xmlns"http//schemas.xmlsoap
.org/wsdl/" xmlnsSOAP-ENChttp//schemas.xml
soap.org/soap/encoding/ xmlnsimpl"http//loc
alhost9090/axis/HelloService.jws-impl"
xmlnsintfhttp//localhost9090/axis/HelloService
.jws xmlnswsdl"http//schemas.xmlsoap.org/ws
dl/" xmlnswsdlsoaphttp//schemas.xmlsoap.or
g/wsdl/soap/ xmlnsxsd"http//www.w3.org/2001
/XMLSchema"gt ltwsdlmessage name"getHelloMessag
eResponse"gt ltwsdlpart name"return"
type"xsdstring"/gt lt/wsdlmessagegt
ltwsdlmessage name"getHelloMessageRequest"gt
lt/wsdlmessagegt
44
ltwsdlportType name"HelloService"gt
ltwsdloperation name"getHelloMessage"gt
ltwsdlinput message"intfgetHelloMessageRequest"/
gt ltwsdloutput message"intfgetHelloMessage
Response"/gt lt/wsdloperationgt
lt/wsdlportTypegt
45
ltwsdlbinding name"HelloServiceSoapBinding"
type"intfHelloService"gt ltwsdlsoapbinding
style"rpc" transport"http//schemas.xmlsoap.org/
soap/http"/gt ltwsdloperation
name"getHelloMessage"gt ltwsdlsoapoperation
soapAction""/gt ltwsdlinputgt
ltwsdlsoapbody encodingStyle"http//schemas.xmlso
ap.org/soap/encoding/" namespace"http//localhost
9090/axis/HelloService.jws" use"encoded"/gt
lt/wsdlinputgt ltwsdloutputgt
ltwsdlsoapbody encodingStyle"http//schemas.xmlso
ap.org/soap/encoding/" namespace"http//localhost
9090/axis/HelloService.jws" use"encoded"/gt
lt/wsdloutputgt lt/wsdloperationgt
lt/wsdlbindinggt
46
ltwsdlservice name"HelloServiceService"gt
ltwsdlport binding"intfHelloServiceSoapBinding"
name"HelloService"gt ltwsdlsoapaddress
location"http//localhost9090/axis/HelloService.
jws"/gt lt/wsdlportgt lt/wsdlservicegt lt/wsdld
efinitionsgt
47
Auto-Generated client stubs

• Invoke
• java org.apache.axis.wsdl.WSDL2Java
  (WSDL-file-URL)
• http//localhost9090/axis/HelloService.jws?WSDL
• Generated
• 04/07/2002 0329 PM 285
  HelloService.java
• 04/07/2002 0329 PM 482
  HelloServiceService.java
• 04/07/2002 0329 PM 1,262
  HelloServiceServiceLocator.java
• 04/07/2002 0329 PM 4,580
  HelloServiceSoapBindingStub.java
• Follows JAX-RPC spec for generated client bindings

48
Client Program
package corej2ee.exercise.webservice public
class WSDLHelloClient public static void
main(String args) localhost.HelloService
ServiceLocator service new
localhost.HelloServiceServiceLocator() //
Get the stub localhost.HelloService
portnull try port
service.getHelloService()
catch(javax.xml.rpc.ServiceException se2)
se2.printStackTrace() System.exit(-2)
49
// Make the actual call String
msg"Nothing" try
msgport.getHelloMessage()
catch(java.rmi.RemoteException re)
re.printStackTrace() System.exit(-3)
System.out.println("Client got " msg)

50
Discovering Web Services

• Universal Description, Discovery, and Integration
  (UDDI)
• Lists description of a business and services
  offered
• Can federate registries
• Find service in registry, automatically create
  proxies, and invoke
• Web Services Inspection Language (WSIL)
• IBM and Microsoft proposal
• Simpler. More of a white pages paradigm

51
UDDI (Cont)

• Software packages
• UDDI4j
• http//oss.software.ibm.com/developerworks/project
  s/uddi4j
• Register and find businesses
• IBM Web Services Toolkit
• Locate services in UDDI and invoke service with a
  generated WSDL-based proxy
• Web Services Invocation Framework (WSIF)
• Given WSDL, call SOAP service
• www.alphaworks.ibm.com/tech/wsif

52
Composable Web Services

• Possible to graphically compose web services into
  a distributed workflow
• Area of current research

53
Create Business Process Find and Invoke System1
query Find and Invoke System2 query Pass
results to Data Mining system On error Invoke
monitor process with fault code
System One SOAP Adapter
UDDI Registry
EJB-Based System
UDDI Registry
System Two SOAP Adapter
Data Mining SOAP Adapter
.NET-Based System
Proprietary Technology
54
Web Services and J2EE
55
J2EE 1.4 and Web Services

• JSR-109 Web Services for J2EE
• http//jcp.org/jsr/detail/109.jsp
• Client and Server requirements next 2 slides
• Registries
• JAXR registry provider and implementation must be
  provided by app server

56
J2EE 1.4 Web Service Clients

• Clients
• JAX-RPC
• Web service calls using SOAP/HTTP
• Mapping between java objects and XML
• SOAP with Attachments for Java (SAAJ)
• Low-level SOAP message manipulation
• JAXR
• Client access to registries

57
J2EE and Web Services (Cont)

• Server
• Deploy Stateless Session Beans as web service
  endpoints
• Additional deployment descriptors
• WSDL generated that defines web service the EJB
  implements
• Container generates JAX-RPC runtime to
• Process SOAP request
• Invoke exposed session bean method
• Return results (if any)

58
Security Requirements

• Web Client authentication
• BASIC authentication
• Passwords sent base64 encoded
• HTTPS Client authentication
• Form-based authentication
• Server maintains login context and acts as proxy
  for client requests

59
Summary

• SOAP is a very effective, interoperable protocol
• Have to be careful with performance, though
• WSDL is used to describe web services
• UDDI serves as a registry for SOAP services
• Security approach is still immature
• Workflow of web services immature with competing
  approaches

60
References

• SOAP 1.2 Proposal
• http//www.w3.org/TR/2001/WD-soap12-part1-20011217
  /
• Programming Web Services With Soap, James Snell.
  OReilly
• Web Service Essentials, Ethan Cerami, OReilly

61
Resources

• SOAP 1.1 Specification
• http//www.w3.org/TR/SOAP/
• SOAP 1.2
• http//www.w3.org/TR/2001/WD-soap12-part1-20011217
  /
• Apache AXIS
• http//xml.apache.org/axis/index.html
• IBM Web Services Toolkit
• http//alphaworks.ibm.com/tech/webservicestoolkit
• XML Schema Primer
• http//www.w3.org/2001/09/soap-encoding

62
Resources (Cont)

• UDDI
• http//www.uddi.org
• Oasis (SAML, other XML initiatives)
• www.oasis-open.org
• W3C WSDL
• http//www.w3.org/TR/wsdl/