Enterprise Java

Web Services and SOAP

v021012

Web Services

Topics

1

Enterprise Java

• SOAP Overview • Web Services – Deploying Web Services – Describing Web Services – Registering Web Services

• Security • Web Services and J2EE

v021012

Web Services

2

1

SOAP Overview

Enterprise Java

• Simple Object Access Protocol (SOAP) • Interoperable XML-based communication mechanism for distributed computing • Many vendor and language implementations available • Web Services are built using SOAP as a communication mechanism • W3C working on SOAP 1.2 • Alternatives – RMI – Java-centric – CORBA - Complicated

v021012

Web Services

SOAP Goals

3

Enterprise Java

• Interoperability • Simple and lightweight • Not considered: – distributed garbage collection – batching of messages – objects-by-reference (which requires distributed garbage collection) – activation (which requires objects-by-reference)

v021012

Web Services

4

2

Enterprise Java

The Big Picture HTTP/S

Browser Web Tier SOAP Client

HTTP/S

Client

Data Sources

Business Logic (EJB, COM, Java)

SOAP

SOAP Service

Java/RMI/IIOP/COM

v021012

Web Services

5

Web Service Protocol Stack

Enterprise Java

Workflow/Business Processes Web Service Discovery Web Service Description SOAP Transport v021012

HTTP

Jabber

JMS Web Services

SMTP

…. 6

3

SOAP Components

Enterprise Java

• Envelope – Describes message, processing requirements, and message contents. Routing, delivery, etc. – Encapsulates data being transferred

• Encoding Mechanism – Standard representation for application data types

• RPC Conventions – Mechanism to issue remote procedure calls and receive a response

v021012

Web Services

Example SOAP Request

7

Enterprise Java

POST /StockQuote HTTP/1.1 Host: www.stockquoteserver.com Content-Type: text/xml; charset="utf-8" Content-Length: nnnn SOAPAction: "Some-URI" 34.5

v021012

Web Services

Message Exchange Model

9

Enterprise Java

• Spec-wise – a one-way transmission between a sender and a receiver • Frequently, used in a request/response pattern – RPC – Document transmission

v021012

Web Services

10

5

SOAP Message

Enterprise Java

Optional Mandatory

Content intended For receiver

From O’Reilly’s ‘Web Service Essentials’ v021012

Web Services

Envelope

11

Enterprise Java

• ‘Wrapper’ around the entire message • Namespace for envelope, header, and body ReportName Dan

v021012

Web Services

Security • •

23

Enterprise Java

Still evolving Confidentially – Can use transport mechanism (HTTPS) – XML Encryption standard for document contents

•

Authentication – SSL Certificate – Digitally Sign SOAP message

•

Authorization – Secure Authorization Markup Language (SAML) – http://www.oasis-open.org/committees/security/

v021012

Web Services

24

12

Certificate Authority

Corporate Authorization Service

Enterprise Java

Certificate Authentication

2. Retrieve user’s access permissions

Security Server

1. Authenticate (SOAP/HTTPS) 3. Signed security assertions (SOAP/HTTPS)

4. Invoke (SOAP/HTTPS) (Passes Assertions)

Application (Any Technology) v021012

5. Business operation

Web Service

Web Services

Security (Cont)

25

Enterprise Java

• Firewall filtering options – MIME type of text/xml-soap – SOAP-Action – Force M-POST requests • 510 Not Extended HTTP status code from server

– SOAPMethodName

v021012

Web Services

26

13

SOAP Implementations

Enterprise Java

• Apache SOAP – Basic SOAP implementation – See xml.apache.org/soap/

• Apache AXIS – Next generation SOAP implementation – See xml.apache.org/axis/

• SOAP::Lite – Perl implementation. See www.cpan.org

• .NET – See msdn.microsoft.com (.NET SDK) – Web services deployed to IIS v021012

Web Services

Interoperability

27

Enterprise Java

• Minor issues exist between these implementations – .NET requires parameters to be named and typed – Issue for default SOAP::Lite (PERL) behavior – Different ideas of the SOAPAction Header

• Not perfect but can be made to inter-operate • Interoperability labs and info – http://www.xmethods.net/ilab/ – http://www.mssoapinterop.org/

v021012

Web Services

28

14

Enterprise Java

Apache AXIS • Java-centric SOAP implementation • Runs as a J2EE web application – Receives SOAP request – Deserializes call parameters – Invokes method on your java class

v021012

Web Services

29

Enterprise Java

1. SOAP/HTTP

Web Server

Client 9. SOAP/HTTP

2. Forwards to Proxy

8. SOAP

7. Serializes java objects To SOAP encoding

SOAP Proxy (AXIS)

3. De-serializes SOAP Message to Java object(s) Calls Java class

4. Invoke registered service 6. response

Java Class File (Web Service) v021012

Web Services

5. Perform service

30

15

AXIS Installation

Enterprise Java

• Copy webapps\axis directory to Servlet container’s webapps directory • Copy xerces.jar (or JAXP jar files) to axis \lib directory • Copy your web service class files to the WEB-INF\classes subdirectory (.jar files can go into WEB-INF\lib

v021012

Web Services

Basic Deployment

31

Enterprise Java

• Simple – cp someclass.java webapps\axis\someclass.jws

• Better – Write a Web Services Deployment Descriptor(WSDD)

v021012

Web Services

32

16

Hello Service

Enterprise Java

package corej2ee.exercise.webservice; public class HelloService { public String getHelloMessage() { return "Web Service Hello"; } } • cp HelloService.java $TOMCAT_HOME/webapps/axis/HelloService.jws v021012

Web Services

33

Enterprise Java

v021012

Web Services

34

17

Client Application

Enterprise Java

package corej2ee.exercise.webservice; import org.apache.axis.client.Call; import org.apache.axis.client.Service; import javax.xml.rpc.namespace.QName; public class TestHelloService { public static void main(String [] args) { try { String endpoint="http://localhost:9090/axis/HelloService.jws"; String method="getHelloMessage"; Service service = new Service(); Call

call = (Call) service.createCall();

v021012

Web Services

Client Application

35

Enterprise Java

call.setTargetEndpointAddress( new java.net.URL(endpoint) ); call.setOperationName( method ); call.setReturnType( org.apache.axis.encoding.XMLType.XSD_STRING ); String ret = (String) call.invoke(new Object[0]); System.out.println ("Got " + ret); } catch (Exception e) { System.err.println(e.toString()); } } } v021012

Web Services

36

18

Production Deployment

Enterprise Java

• Deployment descriptor

• Can specify other services that run when service is invoked

v021012

Web Services

Deployment (Cont)

37

Enterprise Java

• java org.apache.axis.client.AdminClient deploy. wsdd -lurl sets the AxisServlet URL -hhostName sets the AxisServlet host -pportNumber sets the AxisServlet port -sservletPath sets the path to the AxisServlet -ffileName specifies that a simple file protocol should be used -uusername sets the username -ppassword sets the password -d sets the debug flag (for instance, -ddd would set it to 3) -tname sets the transport chain touse list will list the currently deployed services quit will quit (???) passwd value changes the admin password xmlConfigFile deploys or undeploys Axis components and web services If -l or -h -p -s are not set, the AdminClient will invoke http://localhost:8080/axis/servlet/AxisServlet v021012

Web Services

38

19

Serializing Java Objects

Enterprise Java

• AXIS can automatically serialize simple Java object types to/from the standard SOAP encoding • Complex objects require developer input – BeanSerializer – Custom Serializers

v021012

Web Services

BeanSerializer

39

Enterprise Java

• When complex objects are passed, AXIS must be told how to convert the object to/from XML • If object is a Java Bean, the BeanSerializer class can be used – Have to specify mapping in deployment descriptor and the client

v021012

Web Services

40

20

Serializers

Enterprise Java

In deployment descriptor: