• SOAP Overview • Web Services – Deploying Web Services – Describing Web Services – Registering Web Services
• Security • Web Services and J2EE
v021012
Web Services
2
1
SOAP Overview
Enterprise Java
• Simple Object Access Protocol (SOAP) • Interoperable XML-based communication mechanism for distributed computing • Many vendor and language implementations available • Web Services are built using SOAP as a communication mechanism • W3C working on SOAP 1.2 • Alternatives – RMI – Java-centric – CORBA - Complicated
v021012
Web Services
SOAP Goals
3
Enterprise Java
• Interoperability • Simple and lightweight • Not considered: – distributed garbage collection – batching of messages – objects-by-reference (which requires distributed garbage collection) – activation (which requires objects-by-reference)
v021012
Web Services
4
2
Enterprise Java
The Big Picture HTTP/S
Browser Web Tier SOAP Client
HTTP/S
Client
Data Sources
Business Logic (EJB, COM, Java)
SOAP
SOAP Service
Java/RMI/IIOP/COM
v021012
Web Services
5
Web Service Protocol Stack
Enterprise Java
Workflow/Business Processes Web Service Discovery Web Service Description SOAP Transport v021012
HTTP
Jabber
JMS Web Services
SMTP
…. 6
3
SOAP Components
Enterprise Java
• Envelope – Describes message, processing requirements, and message contents. Routing, delivery, etc. – Encapsulates data being transferred
• Encoding Mechanism – Standard representation for application data types
• RPC Conventions – Mechanism to issue remote procedure calls and receive a response
Authorization – Secure Authorization Markup Language (SAML) – http://www.oasis-open.org/committees/security/
v021012
Web Services
24
12
Certificate Authority
Corporate Authorization Service
Enterprise Java
Certificate Authentication
2. Retrieve user’s access permissions
Security Server
1. Authenticate (SOAP/HTTPS) 3. Signed security assertions (SOAP/HTTPS)
4. Invoke (SOAP/HTTPS) (Passes Assertions)
Application (Any Technology) v021012
5. Business operation
Web Service
Web Services
Security (Cont)
25
Enterprise Java
• Firewall filtering options – MIME type of text/xml-soap – SOAP-Action – Force M-POST requests • 510 Not Extended HTTP status code from server
– SOAPMethodName
v021012
Web Services
26
13
SOAP Implementations
Enterprise Java
• Apache SOAP – Basic SOAP implementation – See xml.apache.org/soap/
• Apache AXIS – Next generation SOAP implementation – See xml.apache.org/axis/
• SOAP::Lite – Perl implementation. See www.cpan.org
• .NET – See msdn.microsoft.com (.NET SDK) – Web services deployed to IIS v021012
Web Services
Interoperability
27
Enterprise Java
• Minor issues exist between these implementations – .NET requires parameters to be named and typed – Issue for default SOAP::Lite (PERL) behavior – Different ideas of the SOAPAction Header
• Not perfect but can be made to inter-operate • Interoperability labs and info – http://www.xmethods.net/ilab/ – http://www.mssoapinterop.org/
v021012
Web Services
28
14
Enterprise Java
Apache AXIS • Java-centric SOAP implementation • Runs as a J2EE web application – Receives SOAP request – Deserializes call parameters – Invokes method on your java class
v021012
Web Services
29
Enterprise Java
1. SOAP/HTTP
Web Server
Client 9. SOAP/HTTP
2. Forwards to Proxy
8. SOAP
7. Serializes java objects To SOAP encoding
SOAP Proxy (AXIS)
3. De-serializes SOAP Message to Java object(s) Calls Java class
4. Invoke registered service 6. response
Java Class File (Web Service) v021012
Web Services
5. Perform service
30
15
AXIS Installation
Enterprise Java
• Copy webapps\axis directory to Servlet container’s webapps directory • Copy xerces.jar (or JAXP jar files) to axis \lib directory • Copy your web service class files to the WEB-INF\classes subdirectory (.jar files can go into WEB-INF\lib
• Can specify other services that run when service is invoked
v021012
Web Services
Deployment (Cont)
37
Enterprise Java
• java org.apache.axis.client.AdminClient deploy. wsdd -lurl sets the AxisServlet URL -hhostName sets the AxisServlet host -pportNumber sets the AxisServlet port -sservletPath sets the path to the AxisServlet -ffileName specifies that a simple file protocol should be used -uusername sets the username -ppassword sets the password -d sets the debug flag (for instance, -ddd would set it to 3) -tname sets the transport chain touse list will list the currently deployed services quit will quit (???) passwd value changes the admin password xmlConfigFile deploys or undeploys Axis components and web services If -l or -h -p -s are not set, the AdminClient will invoke http://localhost:8080/axis/servlet/AxisServlet v021012
Web Services
38
19
Serializing Java Objects
Enterprise Java
• AXIS can automatically serialize simple Java object types to/from the standard SOAP encoding • Complex objects require developer input – BeanSerializer – Custom Serializers
v021012
Web Services
BeanSerializer
39
Enterprise Java
• When complex objects are passed, AXIS must be told how to convert the object to/from XML • If object is a Java Bean, the BeanSerializer class can be used – Have to specify mapping in deployment descriptor and the client