Date post: | 04-Jun-2018 |
Category: |
Documents |
Upload: | vijaykumar015 |
View: | 216 times |
Download: | 0 times |
of 68
8/13/2019 Web Services Programming 1 Day 4
1/68
1
W e b Se r v i ce Pr o g r a m m i n g
u s i n g X M L a n d Ja v a TM Te c h n o l o g y
2
Sa n g Sh i n
s a n g . s h i n @ s u n . c o mw w w . j a v a p a s s i o n . c o m
Java Te c h n o l o g y Ev a n g e l i s tS u n M i c r o s y st e m s , I n c .
3
Co u r s e s I t e a c h
? XML (2001)
? Distributed programming using JiniTMandJavaSpacesTMt echnology (2002)
? Web services programming using XML andJava
TM
t echnology (on-going)
? www.javapassion.com/ webservices? Free " online" J2EETMprogramming (on-going)
? www.javapassion.com/ j2ee
? Free Advanced J2EE programming
? www.javapassion.com/ j2eeadvanced4
Pr e se n t a t i o n o f t h i s t a l k i sa v a i l a b l e f r o mw w w . j a v a p a s s i o n . c o m
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
2/68
5
A g e n d a? Part I
? Web Services Overview? Core Web Services Standards: SOAP, WSDL, UDDI
? Par II? Web Services Development using Java Technology
? Part III? Web Services Security? Web Services Interoperability and WS-I
? Part IV? ebXML & UBL? Ongoing Web Services Activities 6
Pa r t I :W e b Se r v i c e s O v e r v i e w &
Co r e W e b Se r v i c e s St a n d a r d s
7
W h a t i s & W h yW eb Se rv i c es?
8
W e b Se r v i ce s D ef i n i t i o n b y W 3 C
A Web service is a software application
identified by a URI,
whose int erfaces and bindingare capableof being defined, described and
discovered byXML arti factsand supports direct interactionswith other
software applications
using XML based messages
via internet-based protocols
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
3/68
10
Trad i t i on a l C/ S vs . Web Se rv i ces
Within enterprise
Tied to a set ofprogramming languages
Procedural Usually bound t o a
particular transport Tightly-coupled Effi cient processing
(space/ time)
Between ent erprises
Program languageindependent
Message-driven Easily bound to
different t ransports Loosely-coupled Relatively not efficient
processing
Traditional C/S Web Service
11
W e b A p p l i c a t i o n v s . W e b Se r v i c e s
User-to-programinteraction
Static integration ofcomponents
Monolit hic service
Program-to-programinteraction
Possibility of dynamicintegration ofcomponents (in thefuture)
Possibility of serviceaggregation (in thefuture)
Web Application Web Service
12
Web Services
SystemService
AppService
SystemService
AppService
SystemService
AppService
A Computer
System Software
Applicat ion
MonolithicSoftware
The Network
I m p a c t o f W e b S e r v ic e s o n S o f t w a r e : A p p l i c a t i o n D i s - I n t e g r a t i o n
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
4/68
13
I m p a c t o n I n t e g ra t i o n :Tr i g g e r t h e N e t w o r k Ef f e ct
Web Serv i ces
Cus tomI n t e g r a t i o n
M e t c a l f e s La w : Th e v a l u e o f t h e n e t w o r k i sp r o p o r t i o n al t o t h e s q u a r e o f t h e n u m b e r o f
14
W h e r e isW eb Se rv i c es?
15
St a t e o f W e b Se r v i ce s
Technology/ Standards are sti l l evolving SOAP, WSDL, UDDI are notenough
Business web servicesis the next bigthing, but more works are neededin Quali ty of Service, Management, Metering
Securit y, t ransaction, reliabil it y
Work flow, Identity management,
Provisioning, Accounting and billing
Performance, scalability, availability
Web services wil l be adopted in phases
16
W e b Se r v i c e s A d o p t i o n P h a s e s
? 1stPhase SimpleWeb Services (Now)? Consumer-focused, stat eless, SOAP over HTTP/ S
? 2ndPhase EAIWeb Services (Begun)? Deployed wit hin organizat ion boundaries to
enable internal integration
? 3rdPhase Business Web Services(2004?)? Deployed on extranets to enable business
transactions with trading partners, suppliers,and customers, ebXML & UBL
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
5/68
17
SOAP(Si m p l e O b j ec t
Access Pro toco l )
18
W h a t i s S OA P ?
Simple Object AccessProtocol
Wire protocol similar to IIOP for CORBA JRMP for RMI
XML is used fordata encoding text based protocol vs. binary protocol
Supports XML-based RPC
19
W h a t S O AP i s N o t
Nota component model
So it will notreplace objects and components,i.e. EJB, JavaBeans
Nota programming language
So it will notreplace Java
Nota solut ion for all
So it will notreplace other distributedcomputing t echnologies such as RMI
20
W h a t d o e s SO A P D e f i n e ?
Message Envelope
Encoding Rules
RPC Convent ion
Binding with underlying protocols
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
6/68
21
SO A P M e s sa g e Fo r m a t
SOAP Envelope
SOAP Header
SOAP Message
Primary MIME part(text/xml)
Attachment
Attachment
SOAP Body
Header Entry
Header Entry
Body Entry
Body Entry
Attachment
22
SO A P M e s sa g e En v e l o p e
Encoding information
Header Optional
Couldcontain context knowledge Security
Transaction
Body RPC methods and parameters
Containsapplication data
23
SO A P En c o d i n g
Rules of expressing application-defineddata types in XML
Based on W3C XML Schema
Simple values
Built-in types from XML Schema, Part 2 (simpletypes, enumerations, arrays of byt es)
Compound values
Structs, arrays, complex t ypes
24
SOAP RPC Requ es t Exam p l e
< S O A P - E N V : E n v e l o p e x m l n s : S O A P -E N V = " " S O A P - E N V : e n c o d i n g S t y l e = " " >
< S O A P - E N V : H e a d e r >
< / S O AP -E N V : H e a d e r > < S O A P - E N V : B o d y >
< m : G e t L as t T r a d eP r i ce x m l n s : m = s o m e _ U R I " >
< t i c k e r Sy m b o l > S U N W < / t i c k e r Sy m b o l >
< / m : G e t L a st T r a d e P r i c e >
< / S O AP -E N V : B o d y >
< / S O AP -E N V : En v e l o p e >
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
7/68
25
SOAP RPC Response Example
< S O A P - E N V : E n v e l o p e
x m l n s : S O A P -E N V = " " S O A P - E N V : e n c o d i n g S t y l e = " " >
< S O A P - E N V : H e a d e r >
< / S O AP -E N V : H e a d e r >
< S O A P - E N V : B o d y >
< m : G e t L a st T r a d e Pr i c e Re s p o n se x m l n s : m = s o m e _ U R I " >
< p r i c e >3 0 . 5
< / S O AP -E N V : B o d y >
< / S O AP -E N V : En v e l o p e >
26
SOAP RPC
Information needed for a method call:
The URI of the target object
< S O A P - E N V : B o d y >
< m : G e t L a s t T r a d e P r i c e
x m l n s : m = h t t p : / / s t o ck s. c o m / St o c k Qu o t e s" > SU N W < / t i c k e r S ym b o l > < / m : G e t L a st T r a d e Pr i c e >
< / S O AP -E N V : B o d y >
27
SOAP RPC
Information needed for a method call: The URI of the target object Method name
< S O A P - E NV :B o d y > < m : G e t L a s t T r a d e P r i c ex m l n s : m = h t t p : / / s t o ck s .c o m / St o c k Q u ot e s " >
< t i c k e r Sy m b o l > S U N W < / t i c k e r S ym b o l > < / m : G e t L a s t Tr a d e P r i c e> < / S O A P- EN V : B o d y >
28
SOAP RPC
Information needed for a method call: The URI of the target object Method name Parameters
< S O A P - E N V : B o d y > < m : G e t L a s t T r a d e P r i c e
x m l n s : m = h t t p : / / s t o ck s. c o m / St o c k Qu o t e s" > < t i c k e r Sy m b o l > SU N W < / t i c k e r S ym b o l > < / m : G e t L a st T r a d e Pr i c e > < / S O AP -E N V : B o d y >
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
8/68
29
Q u i c k W SD L Tu t o r i a l
30
W h a t i s W S D L?
XML language for describingweb services
Web service is described as
A set of communication endpoints (ports)
Endpoint is made of two parts
Abstract defini t ions of operations and messages
Concrete bindingto networking protocol (andcorresponding endpoint address) and messageformat
Why this separation?
Enhance reusability(as we will see in UDDIreference to WSDL document )
31
W h y W SD L?
Enablesautomationof communicat iondetails between communicating partners
Machines can read WSDL
Machines can invoke a service defined in WSDL
Discoverable through registry Arbitration
3rd party can verify if communication conformsto WSDL
32
W S DL D o c u m e n t Ex a m p l e
? Simple service providing stock quotes
? A single operation calledGetLastTradePrice
?
Deployed using SOAP 1.1 over HTTP? Request takes a ticker symbol of type
string
? Response returns price as afloat
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
9/68
33
Types
Message
Operation
Port Type
Binding
Port
Service
W SD L El e m e n t s
34
W SD L El e m e n t s
Types Data type definitions Used to describe exchanged messages
Uses W3C XML Schema as canonical typesystem
35
W SD L Ex a m p l e : Ty p e s
36
W SD L El e m e n t s
Messages Abstract , t yped defini ti ons of databeing
exchanged
Operations
Abstract description of an action Refers t o an input and/ oroutput messages
Port type Collectionof operations Abstract definit ionof a service
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
10/68
37
E x a m p l e :M e s sa g e s , O p e r a t i o n , Po r t t y p e
38
W SD L El e m e n t s
Binding
Concrete prot ocol and data formatfor apart icular Port type
Protocol example: SOAP 1.1 over HTTP or SOAP1.1 over SMTP
Port
Defines a single communication endpoint
Endpoint addressfor binding
URL for HTTP, email address for SMTP
Service Aggregate set of related ports
39
Ex a m p l e : B i n d i n g , P o r t , Se r v i ce
My first service
40
U D D I
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
11/68
41
Se r v i c e Ar c h i t e c t u r e
UDDIdefines a way to publish and find
information about Web services.
UDDI
Registry
1. Service Registers
PUBLISH
3. Client callsService
BIND
2. Client RequestService Location
FIND
WebService
ServiceClient
42
Bus i ness Reg i s t r y Com ponen ts :
Informationabout thebusiness (address,contacts,...)
Categorization of thebusiness and its services
Technical informationabout how to invoke a
service
White Pages
Yellow Pages
Green Pages
43
U D D I D a t a T y p e s
BusinessEntity
BusinessService
BindingTemplate
BindingTemplate
Tmodel
Business Ent it y White Pages informat ion
Business Services Yellow Pages information
Binding Templat es Green Pages information
Contains references totModels
tModels Service Type Definit ions
Contains references to WSDLdocuments
Tmodel
44
B u s i n e s s E n t i t y
businessEntity
businessKeynameURLdescriptioncontacts
businessServicesidentifierBagcategoryBag
PhoneAddressEmail
Contact
businessService
PhoneAddressE-mail
Contact
businessService
serviceKeyNameDescriptionBindingTemplates
keyedReference
tModelKeykeyNamekeyValue
keyedReference
tModelKeykeyNamekeyValue
keyedReference
tModelKeykeyNamekeyValue
keyedReference
tModelKeykeyNamekeyValue
Top-level datastructure that holds
descriptive informationabout a businessentity
Service descriptionsand technicalinformation are
expressed within abusinessEntity
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
12/68
45
B u s i n e s s S e r v i c e
StockQuoteService (...)
(...)
(...)
http://example.com/stockquote
Represents thebusiness services
provided by theb u s i n e s s E n t i t y
Unique key usedto represent aservice
Name of theservice
ContainsB i n d i n g T e m p l a t e structures
46
B i n d i n g T e m p l a t e
StockQuoteService (...)
(...)
(...)
http://example.com/stockquote
SpecifiesNetwork
endpointaddress
Contains areference to atModel
47
t M o d e l
Service type definition
Is expected to be created by industry
consortium Business entities create businessEntity's,
businessServices, and bindingTemplates
Shared by business entities Has a reference to WSDL document
Enables quick search of all businessentities which supports a particular service
Contains CategoryBag
48
t M o d e l Ex a m p l e
StockQuote Service
WSDL description of a standard stock quote service interface
WSDL source document.
http://stockquote-definitions/stq.wsdl
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
13/68
49
P u b l i s h i n g S e r v i ce s Publishers interface
Save things
save_business save_service save_binding save_tModel
Delete things delete_business delete_service delete_binding delete_tModel
security get_authToken discard_authToken
4 messages to saveeach of the 4structures
Each save message accepts asinput the authTokenand one ormore corresponding structures.
4 messages to deleteeach of the4 core structures
They all accept the correspondinguuidkey as the parameter.
Security:
request an authentication token
inform registry that the authTokenis no longer valid.
50
P ro g r a m m e r ' s A PI :Se rv i ce D i scove ry
Inquiry interface Find things
Find_business Find_service
find_binding
find_tModel
Get details Get_businessDetail
get_serviceDetail
get_bindingDetail Get_tModelDetail
Taxonomy interface validate_categorization
Browse 4 messages to find
each of the 4structures
Drill-down The get call can be
used to getinformation regardinga specific instance ofany of the 4 datatypes, given the key
51
U D D I Ru n s O v e r SO A P
User
UDDISOAP Request
UDDISOAP Response
UDDI Registry
Node
HTTPServe
r
SOAPProcesso
rUDDI
RegistryService
B2B DirectoryCreate, View,Update, and
Deleteregistration
sPlatform-neutral
52
SOAP M essage Exam p l e fo rg e t _ s e r v i c eD e t a i l r e q u e s t
6FD77EF6-E7D6-6FF6-1E41-EBC80107D7B5
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
14/68
53
SO A P M e s sa g e Ex a m p l e f o rge t_se rv i ceDe ta i l r esponse< E n v e l o p e > < B o d y > < s e r v i c e D e t a i l g e n e r i c = " 1 . 0 " o p e r a t o r = " X M e t h o d s " > < b u s i n e s s S e r v i c e s e r v i c e K e y = " 6 F D 7 7 E F 6 -E 7 D 6 - 6 F F6 - 1 E 4 1 - EB C 8 0 1 0 7 D 7 B 5 "
b u s i n e s s K e y = " D 1 3 8 7 D B 1 - C A 0 6 - 2 4 F 8 - 4 6 C 4 - 8 6 B 5 D 8 9 5 C A 2 6 " > < n a m e > C u r r e n c y E x c h a n g e R a t e < / n a m e > < d e s c r i p t i o n > E n d p o i n t f o r s e r v i c e < / d e s c r i p t i o n > < d e s c r i p t i o n > I M P L E M E N T A T IO N : g l u e < / d e s c r i p t i o n > < d e s c r i p t i o n > C O N T A C T E M A I L : s u p p o r t @ x m e t h o d s . n e t < / d e s c r i p t i o n > < b i n d i n g T e m p l a t e s > < b i n d i n g T e m p l a t e b i n d i n g K e y = " 0 0 3 6 D EB C -2 F 1 B -E B 8 4 -0 9 E 2 -3 A 4 3 3 2 C 3 E8 B 4 " s e r v i c e K e y = " 6 F D 7 7 E F 6 - E 7 D 6 - 6 F F 6 - 1 E 4 1 - E B C 8 0 1 0 7 D 7 B 5 " > < d e s c r i p t i o n > S O A P b i n d i n g < / d e s c r i p t i o n > < a c c e s s P o i n t
U R L Ty p e = " h t t p " > h t t p : / / s e r v i c e s .x m e t h o d s . n e t : 8 0 / s o a p < / a c c e s sP o i n t > < t M o d e l I n s t a n c e D e t a i l s > < t M o d e l I n s t a n c e I n f o t M o d e l K e y = " u u i d : D 7 8 4 C 1 8 4 -9 9 B 2 - D A2 5 - ED 4 5 -
3 6 6 5 D 1 1 A1 2 E 5 " / > < / t M o d e l I n s t a n ce D e t a i l s> < / b i n d i n g T e m p l a t e s > < / b u s i n e s sS e r v i ce > < / s e r v i c e D e t a i l > < / B o d y >< / E n v e l o p e >
54
U D DI Br o w se r i ns o a p c l i e n t . c o m
D e m o
55
U D D I B r o w s e r inw w w . s o a p c l i e n t . c o m
56
Se a r c h f o r a b u s i n e s s v i a B u s i n e s s N a m e
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
15/68
57
U D D I B r o w s e r inw w w . s o a p c l i e n t . c o m
58
Bus i ness En t i t y
59
Li s t o f Se rv i ces
60
A pa r t i cu l a r Se rv i ce
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
16/68
61
B in d i n g Te m p l a t e
62
t M o d e l
63
W S DL d o c u m e n t o f t h e s e r v i ce
64
UDDI ove r SOAP Requ est
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
17/68
65
UDDI ove r SOAP M essage
66
Ex e c u t e a s e r v i c e (D e l a y e d s t o c k q u o t e )
67
Ex e c u t e a s e r v i c e ( De l a y e d s t o c k q u o t e )
68
R e su l t o f d e l a y e d s t o c k q u o t e s e r v i ce Ex e c u t i o n
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
18/68
69
Acc essi ng Am azon . comt h r o u g h a W e b se r v ice
D e m o
70
D e m o Sc e n a r i o
Accessing Amazon.com Web service in
real-time through a browser Accessing Amazon.com Web service in
real-time using Swing applicat ion, whichuses Sun Java Studio generat ed stublibrary
71
D e m o Sc e n a r i o
Amazon.comBrowser
Web servicesclient
HTML/HTTP
XML/SOAP
72
P a r t I I :
W e b Se r v i c e s D e v el o p m e n tu s i n g Ja v a Te c h n o l o g y
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
19/68
73
Ja va API sf o r W e b Se r v i c e s
74
Jav a APIs fo r SOAP, W SDL, UD DI
SOAP Messaging JAXM (JSR 67), SAAJ, JAX-RPC (JSR 101), JMS
WSDL Java API for WSDL (JSR 110)
JAX-RPC (JSR 101)
UDDI JAXR (JSR 67)
75
J2 EE W e b Se r v i c e s Fr a m e w o r k
J2EE 1.4 (JSR 151)
Web services for J2EE (JSR 109)
JAX-RPC (JSR 101)
JAXR SAAJ
EJB 2.1
76
Java AP Is f o r XM LD ocu m e n t M a n a ge m e n t
JAXP (Java API for XML processing, JSR 05)
Assembly language for XML document processing
JAXB (Java API for XML data-binding, JSR 31)
Higher level language for XML document processing
Streaming API for XML (JSR 173)
Pull-parsing API based on Iterator
Gives parsing controlto programmers
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
20/68
77
Java AP Is f o r XM L Secu r i t y
XML Digital Signature (JSR 105)
XML Encrypt ion (JSR 106) XML Trust Service (JSR 104)
Secure Assertion Markup Language(SAML, JSR 155)
WS-Security (JSR 183)
78
M o r e Ja v a A P I s f o r W e b S e r v i c e s
XML Transactioning API for Java (JSR 156)
Java API for OASIS BTP Web Services for J2ME (JSR 172)
SOAP messaging for J2ME devices
Web Services Metadata for J2EE(JSR 181) Metadata based Web services
Java Business Integration (JSR 208) Foundation for Service-Oriented-Architecture (SOA)
79
W eb Se rv i c es
Su p p o r t in J2EE
80
W ha t I s a J2EE W eb Se rv i ce?? A set of endpoints (port s)operat ing on
messages
? Ports are operating wit hin a container Container provides runtime environment
Contract for runtime environment are specified inJAX-RPC, EJB 2.1, JSR 109
? Service is described abstractly in WSDLdocument and published to a registry
WSDL specifies a contract between service providerand client
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
21/68
81
W e b Se r v i ce Co m p o n e n t a n dC o n t a i n e r
Container vs. Component model Web services components get executed wi th in
a container
Container provides host executi onenvironment
Components are portable
Web service component is 1st-classJ2EEcomponent along wit h JSP, Servlet, EJBcomponents in J2EE 1.4
82
W e b S e r v ic e Co m p o n e n t s
Source: Web Services for J2EE (JSR 109), V1.0
W e b s e r v i c e sc o m p o n e n t s
83
W e b S e r v i c e C o n t a i n e r? Provides
? Life cyclemanagement of web servicecomponents
? Provides a listenerfor WSDP port address
? Listerner t hen dispatches client requeststo web
services components? Runtime services: Security services
? Wil l use existing containers? Web container for Servlet-based endpoint
? EJB container for EJB-based endpoint
84
W e b Se r v i ce s En d p o i n tA r c h i t e c t u r e
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
22/68
85
W eb Serv ices for th e J2EE 1.4 Plat for m
Client View
JAX-RPC Server View
Servlet based endpoint (port)
JAX-RPC
Runtime is provided by Web container
Stateless Session Bean based endpoint (port )
EJB 2.1
Runt ime is provided by EJB container
86
J2 EE 1 . 4 W e b Se r v i c e s Fr a m e w o r k
J2EE 1.4 is an umbrella framework
for Web services Web services for J2EE (JSR 109)
JAX-RPC
SAAJ
JAXR
EJB 2.1
Connector architecture 1.5
87
W eb Serv i ces fo r J2EE (JSR 10 9)
? Addresses overall Web services architectureover J2EE
Cli ent model
based on JAX-RPC
Server programming model based on JAX-RPCand EJB 2.1
Deployment descriptor and packaging
WSDL binding
Security
Incorporates JAX-RPC, EJB 2.1 88
JAX-RPC
Servlet-based Web service endpoint model
XML data types to/ from Java types mapping
WSDLto/ from Javamapping
JAX-RPC Client Programming Model s SOAP Message Handler framework
Extensible type mapping
We will talk about t he above in detail l ater on!
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
23/68
89
JAX-RPC Arch i t ec tu re D iag ram
Server -s ide JAX-RPCR u n t i m e S y s t e m
Co n ta in e r
JAX-RPC
Se r v i c e En d p o in tWSDLJava
W S D L D o cu m e n t
HTTP
Cl ient -s ide JAX-RPCR u n t i m e S ys t e m
S O A P
Co n ta in e r
JavaWSDLG e n e r a t e d C o d e
JAX-RPC
Cl i e n t
90
SAAJ
Handles l ow-level SOAP message handli ng
Contains t he API for creating and populating aSOAP messages conforming t o SOAP 1.1 and SOAPwith Attachment specifi cati ons
Used by high-level APIs (such as JAX-RPC runt ime)
Contains API necessary for sending request-response (non-provider-model)messages
Separated out from JAXM 1.0 into JAXM 1.1and SAAJ 1.1
91
W eb Serv i ces Sup po r t i n EJB 2 .1
Defines Stateless Session Bean-based Webservices endpoint model
Stateless session bean can be web servicesimplementation
Web services endpoint interface (servicedefinit ion interface) for Stateless session bean
Can implement SOAP Message Handlers forStateless session bean based endpoint
92
JAXR
Standard Java API for performing registryoperations over diverse setof registries
Web service publication & discovery
Aunified information model for describingbusiness registry content
Providesmulti-layered API abstractions
Level 0: for UDDI
Level 1: for ebXML registry/ reposit ory
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
24/68
93
M essage -Dr i ve n Bean s (EJB 2 .1 )
Message-driven bean (MDB) contracts are
extended to support additional messaging types(e.g., JAXM) in addition to JMS
JMS MDB implementsjavax.jms.MessageListener
JAXM MDB implements eitherjavax.xml.messaging.One-wayListenerorjavax.xml.messaging.ReqRespListener
94
W eb Se rv i ceD ev el o p m e n t St e p s
Ove r J2 EE
95
St e p s f o r De v e l o p m e n t a n dD e p l o y m e n t o f W e b S e r vi ce s:
I. Definea Web service
II. Implementt he Web service
III. Producedeployment ready package
IV. Deploypackage over J2EE platform
V. Publish the Web service and bindinginformation to aservice registry
VI. Serveservice requests from client96
I . De f i n i n g a W e b S e r v ic e Web service is defined in
WSDLor
Web service endpoint interface (Java interface)
Top-down
WSDL is created (or found) f irstbeforeit s implementation
Bottom-up
WSDL gets generated from existingJ2EE components
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
25/68
97
Se r v i c e En d p o i n t I n t e r f a c e
A Java interface type as specified in JAX-RPC
Extendsjava.rmi.Remote
Needed for both servlet-based andstateless session bean based endpoint
Could be generated from WSDL
Declared in Web service deploymentdescriptor
98
public interface StockQuoteProvider extends java.rmi.Remote {
public float getLastTradePrice(String tickerSymbol) throws java.rmi.RemoteException; ... }
E x a m p l e :S e r v i c e E n d p o i n t I n t e r f a c e
99
I I. I m p l e m e n t W e b Se r v i ce
1. Choose implementation form
Java class (for servlet-based endpoint )
Stateless session bean
2. Implement business logic for methods
Deployment tools generate needed art ifacts forruntime
Container delegates invocations on serviceendpoint to either Java class or session beaninstance
3. Create deployment descriptor100
public class StockQuoteProviderImpl
implements StockQuoteProvider{
public float getLastTradePrice(String tickerSymbol)
throws java.rmi.RemoteException{ // business logic for method
}}
Examp le Imp lemen ta t i on :Java Class for Servl et -ba sed En dp oi nt
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
26/68
101
Ex a m p l e I m p l e m e n t a t i o n :Sta te l ess Sess ion Bea n Class
public class StockQuoteProviderBean
implements javax.ejb.SessionBean{
.. .
public float getLastTradePrice(String tickerSymbol)
throws java.rmi.RemoteException{
// business logic for method
}
.. .
}
102
I II . Cr e a t e D e p l o y ' a b l e p a c k a g e? Ready-to-deploy' ablepackage
WAR fil e (servlet-based) EJB-JAR file (stateless session bean based)
? Standardizationfor portabil it y
Package structure
Web Services Deployment descriptor
103
Des ign Goa l s J2EE 1 .4 W ebSe r v i ce s Fr a m e w o r k? Portabilityof Web services component
Over different vendor plat form
Over different operat ional environment
? Leveraging existing J2EEprogrammingmodelsfor service implementation
? Easyto program and deploy
High-level Java APIs
Use existing deployment model
104
P a ck a g e Co n t a i n s? WSDL document
? Service endpoint interface
? Service implementation
? Web Services Deployment descriptor
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
27/68
105
Web Serv ices Dep loyment Descr ip to r
webservices.xml
< w e b s e r v i c e s > < w e b s e r v i c e - d e s c r i p t i o n > < w e b s e r v i c e - d e s c r i p t i o n - n a m e > J o e s S e r v i c e s < / w e b s e r v i c e -d e s c r i p t i o n - n a m e > < w s d l - f il e > M E TA -I N F / j o e . w s d l < / w s d l - f i l e > < j a x r p c -m a p p i n g - f il e > M E TA -I N F / j o e s _ m a p p i n g s . x m l < / j a x r p c -m a p p i n g - f i l e> < p o r t - c o m p o n e n t > < p o r t - c o m p o n e n t - n a m e > Jo e P o r t < / p o r t - c o m p o n e n t -n a m e > < s e r v i c e - i m p l - b e a n > < e j b - l i n k > Jo e E JB < / e j b - l i n k > < / s e r v i c e -i m p l - b e a n > < / p o r t - co m p o n e n t >< / w e b s e r v i c e -d e s c r i p t i o n >< / w e b s e r v i c e s >
106
I V . De p l o y P a c k a g e
Responsibility of Container (or deployment
tool) Validation of t he package
Creation of runti me arti facts
Configurat ion of t he server s SOAP requestlisteners for each port (binding to a port)
Generation of concrete WSDL document
Publication of Web services
107
W SD L t o / f r o m Ja v aM a p p i n g
108
Ex a m p l e : M a p p i n g o f W S DL p o r t T y p e t oSe r v i c e D e f i n i t i o n I n t e r f a c e
8/13/2019 Web Services Programming 1 Day 4
28/68
109
JAX-RPC Rela t ionsh ip to WSDL
Toolsare used to convert between
WSDL documents and sets of Javaremote interfaces
JAX-RPCdescribes a Web Service as acollection of remote interfacesand
methods
WSDLdescribes a Web Service as acollection of portsand operations
110
B u i l d i n g a W e b Se r v i ceus i ng Sun Jav a St u d i o
IDE
D e m o
111
D e m o S ce n a r i o
Exposing methods of a Java class as aWeb servi ce using Sun ONE Studio 5(Bottom-up approach)
Packaging and deploying a Web serviceat Web-ti er over Sun ONE App server
using Sun ONE Studio 5 Test ing the Web service through a
browser using automatically generatedJSP pages and custom t ags
112
SOAP
M e ssa g e H a n d l e r
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
29/68
113
SO A P M e ss a g e H a n d l e r s
Handlers let you access/ modify SOAPrequest and response messages Typical ly used to process service context s in SOAP
header blocks
Can be used to extend functionalit y of Webservices runtime system
? J2EE containers (which provide Web servicesruntime) are likely to use them internally toprovide session/ tr ansacti on propagation
Example handlers: encryption, decryption, authenti cati on,
authorization, logging, auditi ng, caching 114
SO A P M e s sa g e H a n d l e r s
Pluggable and chainable Through standardized programming API
Portable across implementat ions
Has its own li fe-cycle JAX-RPC runt ime system cal ls init (), destroy()of a
handler
Handler instances can be pooled
MessageCont ext is used to shareproperties among handlers in a handlerchain
115
SO A P M e s sa g e H a n d l e r s
Se r v i c e
E n d p o i n t ( P o r t )
H a n d l e r
#1
H a n d l e r
#2
S O A P M e s s a g e< Re q u e s t>
S O A P M e s s a g e< Re s p o n s e >
H a n d l e r Ch a i n
116
Ex a m p l e S OA P M e s sa g e H a n d l e rpackage com.example;public class MySOAPMessageHandler implementsjavax.xml.rpc.handler.Handler{ public MySOAPMessageHandler() { ... } public booleanhandleRequest(MessageContext context, HandlerChain chain){ try { SOAPMessageContext smc = (SOAPMessageContext)context; SOAPMessage msg = smc.getMessage(); SOAPPart sp = msg.getSOAPPart(); SOAPEnvelope se = sp.getEnvelope(); SOAPHeader sh = se.getHeader();
// Process one or more header blocks // ... // Next step based on the processing model for this handler } catch(Exception ex) { // throw exception } } // Other methods: handleResponse(), handleFault(), init(), destroy()}
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
30/68
117
B u i l d & D ep l o y a c h a i no f Ser ver s id e SOAPM e ssa g e H a n d l e r s
D e m o
118
D e m o Sc e n a r i o
Write SOAP message handler codes Dump intercept ed SOAP messages
Using Sun ONE Studio 5, conf igure andredeploy a Web service wit h a chain ofSOAP message handlers
Run any client to access the redeployedWeb service and see the dumped SOAPmessages
119
Sess ionM a n a g e m e n t
120
Se ssi o n M a n a g e m e n t JAX-RPC runt ime systemmanages session
Service client or service developer do not have todeal with session management
Supported Session management schemesover HTTP Cookie-based URL rewriting
SOAP Header-based session managementscheme in the future
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
31/68
121
Sess ionM a n a g e m e n t
D e m o
122
D e m o Sc e n a r i o
Perform a series of Web services callsthrough which a session state ismaintained
123
W eb Se rv i c e Cl i en t
D ev e l o p m e n t St e p sOver J2EE
124
W e b S e r v i c e s Cl i e n t V i e w
Independent of how an XML based RPCservice (service endpoint ) is implemented onthe server side
Generates a Java based cl ient siderepresentation for a service from WSDL
document Must notbe exposed or tied to a specific
XML based protocol, transport or anyimplementation specific mechanism
Can be standalone app, Web-tiercomponent s, EJB beans
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
32/68
125
WSDL Document
W S D L V i e w o f a W e b S e r v ic e
Service A Binding "FooB"
SOAP/ HTTP
Port Type "FooPT"
Operation "Op1"
Operation "Op2"Service B
Port "Bar"
Port "Xyz"
Port ...
Http:// .../ foo
Port "Foo"
126
W e b S e r v i c e s Cl i e n t V i e w Abstract part of WSDL document (PortType) is
represented by Service Endpoint Interface
Container provides actual implementations ofService Endpoint Interface Stub or dynamic proxy
Concrete part of WSDL document (Service, Port)is represented by Service Interface Container provides actual implementation of
Service interface Service object
Service object is a factory class for stub or dynamicproxy
127
W e b Se r v i c e s Cl i e n t A r c h i t e c t u r e
Service
EndpointInterface
ServiceInterface
ClientPort
Container
128
D e v . St e p s f o r W e b S e r v i c e Cl i e n t
1.Discover WSDLdescript ion of service
2.Identify service provider endpoint address
3.Get client-side Web services code artifacts(i.e. stub or dynamic proxy)
Code artifacts are generated by container (ordeployment tool)
4.Send messages to endpoint s that provideservice implementation (through stub ordynamic proxy)
5.Receive back messages that contain results
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
33/68
129
Public class InvestmentBean implements SessionBean{ public void checkPortfolio(...) {
// Get Service object through JNDI
InitialContext ctx = new InitialContext(); StockQuoteService sqs =
(StockQuoteService) ctx.lookup( "java:comp/env/service/StockQuoteService");
// Get stub or dynamic proxy object from // Service object which functions as a factory StockQuoteProvider sqp= sqs.getStockQuoteProviderPort();
// Invoke a method to Web service float quotePrice = sqp.getLastTradePrice(...); ... }
Ex a m p l e : W e b s er v i c e Cl i e n t
130
JAX-RPC Cl i e n tP r o g r a m m i n g
M o d e l s
131
Cl i en t P r o g r a m m i n g M o d e l s
Stub-based (l east dynamic) Both interface (WSDL) and implementaion
(stub) created at compile time
Dynamic proxy Interface (WSDL) created at compile t ime
Implementation (dynamic proxy) created atruntime
Dynamic invocation interface (DII) Both interface (WSDL) and implementaion
created at runtime
132
St u b -b a s ed I n v o ca t i o n M o d e l
Stub class gets generated at compile time
All needed value classes are also generated
Instantiated using vendor-generated Serviceimplementation class
Stub class is bound to a specific XML protocol(i.e. SOAP) and transport (i.e. HTTP)
Best performance
Stub class implements
javax.xml.rpc.Stub interface Web service definition interface
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
34/68
133
St u b Cl a s s H i e r a r c h y
javax.xml .rpc.Stub
com.example.stockQuoteProvider
com.example.StockServiceSoapBinding_Stub
javax.xml .rpc
com..xml.rpc
134
D y n a m i c Pr o x y -b a s e d I n v o c a t i o nM o d e l Dynamic proxy is generated on the fly
by JAX-RPC client runtime
Applicat ion provides the Web servicedefinition interfacethe dynamic proxyconforms to during runtime
Easiest to program but slower thanstub-based
- implementation object created and casted
135
Ex a m p l e : D y n a m i c Pr o x y Cl i e n t package proxy; import java.net.URL; import javax.xml.rpc.Service; import javax.xml.rpc.JAXRPCException; import javax.xml.namespace.QName; import javax.xml.rpc.ServiceFactory; public class HelloClient {
public static void main(String[] args) { try { String UrlString = "http://localhost:8080/ProxyHelloWorld.wsdl"; String nameSpaceUri = "http://proxy.org/wsdl"; String serviceName = "HelloWorld"; String portName = "HelloIFPort";
URL helloWsdlUrl = new URL(UrlString);
ServiceFactory serviceFactory = ServiceFactory.newInstance();
Service helloService = serviceFactory.createService(helloWsdlUrl, new QName(nameSpaceUri, serviceName));
HelloIF myProxy = (HelloIF) helloService.getPort(new QName(nameSpaceUri, portName),proxy.HelloIF.class);
System.out.println(myProxy.sayHello("Buzz")); } catch (Exception ex) { ex.printStackTrace(); }
}} 136
D II In v o c a t i o n M o d e l Gives complete control to client
programmer
Most dynamic but complex programming
Enables brokermodel Client finds (through some search criteria) and
invokes a service during runtime through a
broker
Used when service definition interface is notknown until runtime
You set operation and parameters during runtime
Has to create Callobject first
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
35/68
137
Ex a m p l e : D I I Cl i e n t package dynamic;
import javax.xml.rpc.Call; import javax.xml.rpc.Service; import javax.xml.rpc.JAXRPCException; import javax.xml.namesp ace.QName;
import javax.xml.rpc.S erviceFactory; import javax.xml.rpc.ParameterMode;
public class HelloClient {
private static String endpoint = "http://localhost:8080/dynamic-jaxrpc/dynamic"; private static String qnameService = "Hello"; private static String qnamePort = "HelloIF";
private static String BODY_NAMESPACE_VAL UE ="http://dynamic.org/wsdl";
private static String ENCODING_ST YLE_PROPER TY = "javax.xml.rpc.encodingstyle.namespace.uri";
private static String NS_XSD ="http://www.w3.org/2001/XMLSchema";
private static String URI_ENCODING =
"http://schemas.xmlsoap.org/soap/encoding/";
138
Ex a m p l e : D I I Cl i e n tpublic static void main(String[] args) { try { ServiceFactory factory = ServiceFactory.newInstance(); Service service = factory.createService(new QName(qnameService)); QName port = new QName(qnamePo rt);
Call call = service.createCall(port); call.setTargetEndpointAddress(endpoint);
call.setProperty(Call.SOAPACTION_USE_PROPERTY, new Boolean(true)); call.setProperty(Call.SOAPACTION_URI_PROPERTY,""); call.setProperty(ENCODING_STYLE_PROPERTY, URI_ENCODING); QName QNAME_TYPE _STRING = new QName(NS_XSD, "string"); call.setReturnType(QNAME_TYPE_STRING); call.setOperation Name(new QName(BODY_NA MESPACE_VA LUE "sayHello")); call.addParameter("String_1", QNAME_TYPE_STRING, ParameterMode.IN); String[] params = { "Duke!" };
String result = (String)call.in voke(params); System.out.println(result);
} catch (Exception ex) { ex.printStackTrace(); } } }
139
Bu i l d i n g a n d Ru n n i n g
Th ree Cl i en tP r o g r a m m i n g
M o d e l s
D e m o
140
D e m o Sc e n a r i o
Build and run client programs usingthree cli ent programming models Stub-based
Dynamic proxy
DII Compare the duration of call among the
three cli ent programming models
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
36/68
141
P a r t I I I :W e b S e r v i c e s Se c u r i t y &
W e b Se r v i ce s In t e r o p e r a b i l i t y
142
W eb Se rv i c e Sec u r i t yo ve r J2 EE
143
W e b Se r v i c e s Se c u r i t y I s su e s
? Authentication
? Authorization
? Integrity and confidentiality
?
Audit? Non-repudiation
144
W eb Serv i ce s Secu r i t y ove r J2EE
? Current? Leverages the existing transport-level securit y
models of J2EE
? Future? Foll ow XML and Web services securi ty standards
work? Message-level securi ty? Informati on about t he authentication policy
wil l be included in or available through theservice defini t ion (WSDL)
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
37/68
145
A u t h e n t i ca t i o n (a t Tr a n s p o r tl e v e l )
? Basic-authentication (with or withoutSSL)
? Symmetric HTTPS (Mutualauthentication)
146
StockQuoteService sqs = getStockQuoteService(..);
// Get the instance of stub object setting username &password
StockQuoteProvider sqp =sqs.getStockQuoteProviderPort(
"",
"");
float quote =
sqp.getLastTradePrice("ACME");
Ex a m p l e : B a si c A u t h e n t i c a t i o n
147
A u t h o r i z a t i o n
? Gets performed after authent ication Identityof a user is associated wit h t he request
after authentication
? Leverages the existing J2EE authorizationmodel? Servlet based endpoint
? who can access what web resources? Stateless session bean based endpoint
? who can perform what EJB methods
148
I n t e g r i t y & Co n f i d e n t i a l i t y
? Leverages HTTPS? SSL supports encrypt ion
? WSDL document ' s port address may specifyhttps:
? J2EE 1.4 vendors are recommended to
support? XML digit al signature for data integrity
? XML encryption for confidentiality
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
38/68
149
A u d i t i n g
? J2EE 1.4 vendors are recommended tosupport audit ing
? Future? Standard format for record format and
programming API sti ll need to be defined
150
N o n - r e p u d i a t i o n
? HTTPS falls short on non-repudiation? J2EE 1.4 vendors are recommended to
support non-repudiation logging? Future
? Standard mechanism for non-repudiati on l ogging
151
Ac ces si ng W eb se r v i c ev i a Ba si c A u t h e n t i c a t i o n(an d SSL en c r y p t i on )
D e m o
152
D e m o Sc en a r i o
Redeploying a Web service with Basicauthentication enabled through SunONE Studio 5
Running client application withoutpassing username and password - itshould fail with authorizati on failure
Running client application withusername and password
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
39/68
153
W e b Se r v i c e sSe c u r i t y St a n d a r d s
154
Point of int eract ion is more over the
internet(as opposed to within an intranet) Interaction between partners wit h no
previously established relationship
Program to programinteraction (as opposedto human to program interaction)
More dynamicinteraction (as opposed tostatic interaction)
Largernumber of services providers and users
W h y M o r e St r i n g e n t Se cu r i t y f o rW e b Se r v i c e s?
155
I ssu e s w i t h Cu r r e n t W e bSe c u r i t y Sc h e m e s SSL/ TLS/ HTTPS
Transport level security (as opposed to messagelevel securit y)
Point -to-point securit y only,does not handleend-to-end multi-hopped messaging security
Security only when data is on the wire, does notsecure data off the wire
HTTPS does not support non-repudiation
HTTP might not be the only transport used
No element-wisesigning and encryption156
XML Digital Signature
XML Encrypt ion
XKMS (XML Key Management Specification)
XACML (eXtensible Access Cont rol MarkupLanguage)
SAML (Secure Assertion Markup Language)
ebXML Message Service Security
WS-Security
Identity Management & Liberty Project
XM L & W e b S e r v i ce s Se c u r i t yS c h e m e s
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
40/68
157
XM L Si g n a t u r e
158
W h a t i s XM L D i g i t a l Si g n a t u r e ? Authentication, data integrity (tamper-
proofing), non-repudiat ion
Joint W3C/ IETF effort XML syntax for representing signature of web
resourcesand portions thereof
Procedures for computing and verifyingsuchsignatures
Canonicalizationof XML data
Trust in key is out-of-scope
Specs: W3C Recommendat ion, RFC 3075
JSR-105
159
W h y XM L D i g i t a l Si g n a t u r e ?
Very flexible, thus can support diverse setof internet transaction models Can sign individual items of a XML document
Can sign multiple items
Can sign both local and remote objects?
All ows detached signature that apply to remote,URI-referenced cont ent
Can sign both XML and non-XML content
Allows multiple levels of signing (different signingsemantics)to same content
? Sign, co-sign, wi tness, notarize, etc.
160
XM L En c ry p t i on
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
41/68
161
W h a t i s XM L En c r y p t i o n ?
Data privacy(Confidentiality) Defines
XML syntax for encrypted data
Encrypting/ decrypti ng such data
Can encrypt only certain parts of document
W3C Recommendat ion now
JSR 106
162
Ex a m p l e o f En c r y p t i o n ( O n l y c r e d i tc a r d e l e m e n t i s e n c r yp t e d ) Alice Smith ...
ABCD SharedKey A23B45C56
8a32gh19908 1
163
XKM S (XM L KeyM a n a g e m e n t Sp e c.)
164
W h a t i s XK M S?? XKISS: XML Key Informat ion Service Spec.
Aprotocolfor a trust service for resolving(validating) public keysused in XML Signatureand Encryption
Uses SOAP over HTTP
? XKRSS: XML Key Registrat ion Service Spec
Aprotocolfor a web service that acceptsregistrat ion, revocation, recovery of public keys
? XKMS defines protocolsbetween a client andXKMS server
10/23/2004
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
42/68
165
W h y XK M S? PKI i s important to Web service
PKI is too complexto deal with in many
applications XKMSeases the integration of PKIby moving the
complexity of PKI operation to a XKMS server
PKI is too heavy for small devices XKMSreduces the processing burdenby moving it
to a XKMS server
So a XKMS server provides a Trust service(PKI Service) to XKMS clients in a form ofWeb service
166
XACM L( e Xt e n s i b l e A c ce s s Co n t r o l
M a r k u p La n g u a g e )
167
W h a t i s XA CM L?
Define core schema and namespace forauthorization policiesin XML: Used against XML elements in XML document
Extensible
Closely al igned wi th SAML effort Policy Decision Points (PDPs)involved in SAML
might consult policies encoded in XACML todetermine whether access will be granted to aresource
168
W h y XA CM L? Standardize access control language in XML
Extensible language wit h flexible semantics
Lower costs No need to develop app-specific languages
No need to wri te policy in several l anguages
Simpler Admins only need to understand one language
Policy composition Policies written by different parties can be
combined
0/ 3/ 00
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
43/68
169
A patient has patient record includingpsychiatric notes
The pat ient grantsaccessright topsychiatric notesonly to primary caredoctor
The primary care doctor grants access topatient record to covering doctor, withaccess restriction foll owing thetransmit ted documents so that coveringdoctor has no access to psychiatric notes
XACM L Use Case
170
SAM L (Secur i t yA sse r t i o n M a r k u p
L a n g u a g e )
171
W h a t i s SA M L?
? Define an XML framework for exchangingauthentication and authorizationinformation Various XML security assertions: credentials,
authentication, attribute, authorization, etc...
Request & response prot ocol? EnablesSingle Sign-On (SSO)? OASIS Standard? JSR-155
172
W h y SA M L?? Standards are emerging for many
facets of collaborative e-commerce,such as: Business transactions (e.g., ebXML) Software interactions (e.g., SOAP)
? But communicating securitypropertiesof these interactions isntwell standardized Low interoperability between PMI solutions Tight coupling wit hin components
/ /
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
44/68
173
U s e c a se s f o r s h a r i n g s e c u r i t yi n f o r m a t i o n t h r u SA M L
SAML developed three use cases to
drive its requirements and design: Single sign-on (SSO)
Distributed transaction
Authori zati on service
174
# 1 S i n g l e S i g n O n ( SSO )? Logged-in (authenticated) users of Smith.comare
allowed to access to sister site Johns.comwithoutrelogin
Smith.com
Johns.com
Authenticate
S AM LA s s e r t i o nR e s p o n s e
Use securedresource without re-login
S AM LA s s e r t i o nR e q u e s t
175
# 2 D i st r i b u t e d Tr a n s a c t i o n? A car buyer also purchases an auto insurance from
insurance.comwhich is affil iated withcars.com
cars.com
insurance.com
S A M LA s s e r t i o nR e s p o n s e
Buy a car
Buy insurance
S AM LA s s e r t i o nR e q u e s t
176
# 3 A u t h o r i za t i o n Se r v i ce? An employ ofWorks.comorders offi ce supplies
directl y from Office.com, which performs its ownauthorization
Works.com
Office.com
S A M LA s s e r t i o nR e s p o n s e
Employee ofWorks.com
S AM LA s s e r t i o nR e q u e s t
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
45/68
177
SA M L A ss e r t i o n s Assertions are declarationsof fact, according
to someone
SAML assert ions are compounds of one ormore of three kinds of statementaboutsubject (human or program) Authentication
Attribute
Authorization
178
A u t h e n t i c a t i o n st a t e m e n t
? An issuing authority asserts that
subject Swasauthenticated bymeans M
at time T
? Targeted t owards Single Sign Onuses
179
Ex a m p l e a sse r t i o n w i t ha u t h e n t i ca t i o n st a t e m e n t
(At time T) (Subject S)
http://core-25/sender-vouches
180
A t t r i b u t e st a t e m e n t
? An issuing authority asserts that
Subject Sis associated with
attributesA, B, with valuesa, b, c
? Useful for distributed t ransact ions and
authorization services
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
46/68
181
Ex a m p l e a s se r t io n w i t h t w oa t t r i b u t e st a t e m e n t s
..Sang..
(with value a) PaidUp (with value b) 500.00
182
A u t h o r i za t i o n s t a t e m e n t? An issuing authorit y decides
whether to grantthe request bysubject S
foraccess type A toresource R
givenevidence E
? The subject could be a human or aprogram
? The resource could be a web page or aweb service, for example
183
Ex a m p l e a s se r t i o n w i t ha u t h o r i z a t i o n s t a t e m e n t
(for res. R) (by Subject S) Read (for access type A)
184
Pr o t o c o l f o r Re q u e s t i n g &R e ce i v i n g A s se r t i o n s
Asserting Party (Issuing Party)
Relying Party (Requesting Party)
SAML AssertionRequest
SAML AssertionResponse
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
47/68
185
WS-Secur i t y
186
WS-Secu r i t y Spec i f i ca t i on
Set of SOAP extensions for end-to-end SOAPmessagingsecurity
Security schemes at message level
Signing and encrypting SOAP messages byattaching securi ty t okensto SOAP messages
Any combination of message parts: Header blocks,body, att achments
187
W S-Se c u r i t y Si g n a t u r e M o d e l
Securi ty Token- Collection of (authority certified) claims
Signature- Establishes signer identi ty, content int egrity
- Dependent on key binding claim
Securi ty Token Reference- Identif ies securit y tokens to satisfy key
binding dependencies
- May encapsulate securit y t oken
Data Reference- Identif ies input to digest algorithm
188
XM L D i g i t a l Si g n a t u r eB o u n d t o S O AP
Key Binding
Security TokenReference
SOAP Envelope
WS-Security Header
Security Token
Signature
KeyInfo
SignedInfo
Data Reference
Data Reference
SignatureValue
Security TokenReference
Security Token
Claims
SOAPBody
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
48/68
189
W S -Se c u r i t y En c r y p t i o n M o d e l
Reference List- Identifies encrypted content
Encrypted Data- Encapsulates encrypted content
- May depend on key binding claim toidentify encryption key
Encrypted Key
- Conveys encrypted key and Reference List
- Dependent on key binding claim
190
XM L En c r y p t i o n B o u n d t o SO A P(Us ing Re fe rence L i s t )
SOAP Envelope
WS-Security
Header
DataReference
Reference List
Encrypted Data
Cipher Data
MessageContent
SOAPBody
Security TokenReference
KeyInfo
Key Binding
Security Token
191
XM L En c r y p t i o n B o u n d t o S OA P( U si n g En c r y p t e d K e y )SOAP Envelope
WS-SecurityHeader
Key Binding
Security TokenSecurity Token
Reference
KeyInfo
EncryptedKey
Data ReferenceData Reference
ReferenceList
Cipher Data
Key
Encrypted Data
Cipher Data
Security TokenReference
Security Token
Claims EncryptedData
Cipher Data
MessageContent
SOAPBody
192
H o w Th e y W o r kT o g e t h e r
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
49/68
193
SA M L a n d O t h e r St a n d a r d s
SAML and XML DSigXML DSig is used for digitally signing and
canonicalizingSAML assert ions
Authenticating, tamper-proofing (integrity),non-repudiat ing SAML assert ions
SAML and XML Encrypt ionXML Encrypt ion is used for encrypting and
decryptingSMAL assertions
Enforcing privacy (confidentiality) of SAMLassertions
194
SA M L a n d O t h e r St a n d a r d s
SAML and XKMSSAML traffi c could be secured by XKMS-based
PKI(or by other PKI implementation, or byother means entirely)
SAML and XACMLXACML could be used to define access
control/ policy as a basis for handl ing SAMLassertion request
195
SA M L a n d O t h e r St a n d a r d s
SAML and WS-SecuritySAML Assertions can be carried as security
tokensdefined in WS-Security
SAML and Libert y Project
SAML is used as security informationexchange protocol among Liberty participants
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
50/68
197
Id e n t i t y M a n a g e m e n t &Li be r t y P ro j ec t
198
P o ss ib l e I d e n t i t y S o l u t i o n s
S i n g l e I d e n t i t yO p e r a t o r
C e n t r a l i z e dM o d e l
F i n a n c i a l S v c sC u s t o m e r
C o m m u n i t y
O n l i n eC o m m u n i t y
T e l e c o m m u n i c a t i o n sC o m m u n i t y
T ravelC o m m u n i t yE n t e r t a i n m e n t
C o m m u n i t y
R e t a i lC o m m u n i t y
W i r e l e s sC o m m u n i t y
O p e n F e d e r a t e dM o d e l
199
P l a y e r s i n Fe d e r a t e d I d e n t i t y M o d e l
Pr o v id e r s t h a ta r e e q u a l a n di n t e r o p e r a b l e
C o n t r o l o v e ro w n e r s h i p
a n d d i s c l o s u r e
M a n a g e p r i v a c ya n d p r e f e r e n c es
MultipleIdentity
Providers
MultipleService
Providers
Individualswith
MultipleProfiles
200
Ci r c l e s o f T rus t
PrimaryTrust
Authority( m y c o m p a n y )
AcctsPayable
App
PrimaryTrust
Authority(e.g. , my bank)
Calendar
NIEnabled
Merchants
NIEnabledServices
SupplyChain
Aggregator
NIService
Aggregator
Name:
ID
Preferences:
.
Name:
ID
Preferences:
.
WorkProfile
HomeProfile
SupplierA
SupplierB
SupplierC
NewsSource
NewsSource
NewsSource
Employee Circle of Trust
Consumer Circles ofTrust
ExternalServices
ExternalServices
ExternalServices
ExternalServices
ExternalServices
ExternalServices
Secondary
TrustAuth ori ty
(e.g., my airline)
Friends &
FamilyNoti f ication
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
51/68
201
Ev o l u t i o n o f I d e n t i t y N e t w o r k s
Separate loginfor each site
Separate loginfor each network
Seamless loginacross networks
202
W S-I & W eb Ser v i ceI n t e r o p e r a b i l i t y
203
W S-I I s
An open industry effort chartered to promoteWeb Services interoperabilityacross platforms,applications, and programming languages.
The organization brings together a diverse
community of Web services leaders to respond to
customer needs by providing guidance,recommended practices, and supportingresources for developing interoperable Webservices.
204
W S-I I s N o t
? Is nota source of WS-* specs? These have typically been proprietary
specifications from single or small groups of
companies, though a few have beensubmitted to recognized standards
organizations? Is not a standards organization
? Doesnt produce specs for new technology
? Profiles existing specifications
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
52/68
205
B a s i c P r o f i l e 1 . 0
? Profiling SOAP 1.1, WSDL 1.1 and UDDI 2.0
? Consists of 156 conformancerequirement
48 related to SOAP
84 related to WSDL
8 related to UDDI
6 related to security
206
W S-I S u p p o r t i n J2 EE 1 . 4
? Package WS-I BP 1.0-conforming WSDLdocuments in your J2EE1.4 application
? Containers will take care of all thedetails:? HTTP 1.1 requirements
? SOAP 1.1 requirement s
? WSDL 1.1 requirements
? UDDI 2.0 requirements (if supported)
207
Su p p l y Ch a i n M a n a g e m e n tSa m p l e A p p l i c a t i o n
UDDI
Configurator Warehouse A
RetailerWeb Page
Warehouse B
Warehouse C
Manufacture A
Manufacture B
Manufacture C
Retailer
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
53/68
209
W SD L D e s cr i p t i o n s
210
Te s t i n g To o l s
Monitor
AnalyzerLog File Results
WebServiceClient
WebService
211
A n a l y z e r
XSLT
TestAssertionDocument
WSDLDocument
UDDIDocument
ConformanceReport
Analyzer
AnalyzerConfg File
MessageLog
212
W S-I Sam p leA p p l i c a t i o n ,M o n i t o r , A n a l y ze r
D e m o
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
54/68
213
D e m o S c e n a r i o
Running WS-I Supply Chain Managementsample appli cat ion over serviceendpoints from various companies overthe int ernet
? Sun, IBM, BEA, Oracle
Running Monitor and Analyzer
214
P a r t I V :e b X M L & U B L,
O n g o i n g W e b Se r v i ce s St a n d a r d s
215
B u s i n e s s
W e b S e r v i c e s
216
Fa c t A b o u t e -Co m m e r c e
E - c o m m e r c e m e a n s B 2 B .A n d E D I a c co u n t s f o ra b o u t t h r e e -f o u r t h s o f i t
U.S. E-commercein 2000
U.S. E-commercein 2006
Source: U.S. Census Bureau Source: U.S. Forrester
B2B $12,275.5bn (95.6%)
B2B $990bn (93.8%)
B2C $66bn (6.2%) B2C $561.8bn (4.4%)
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
55/68
217
Th e n e x t b i g t h i n g i s B u s i n e s s W e bServ i ces? J2EETM
? Service implementation platform standard? ebXML and UBL
? Business web services standards
? Liberty Project? Identity system standard
? Java and XML? Programming language and data
representati on standards218
Bus i ness W eb Se rv i ces (B2B)A r ch i t e c t u r a l Co m p o n e n t s ( e b XM L)
B2B coll aborat ion
Secure and reliable message delivery Non-repudiation
Partner profile
Repository for business data objects
Standard and commonly agreed uponbusiness documents
219
B2B Collaboration
Sim p l e We b S e rv ices (W US ) vs .B 2 B Co l l a b o r a t i o n ( e b XM L)
l Simple interactionl Consumer orientedl Short-living processl No business
collaborationl
No partner profilel Not secure, not
reliablel Does not support
non-repudiationl No repository
supportl Synchronous
l Complex interactionl Business orient edl Long-running processl Supports business
collaborationl
Supports partnerprofilel Secure and reliablel Supports non-
repudiationl Registry and
repositoryl Asynchronous
Simple WebServices
220
B2B Collaborati on
EA I vs . B 2B Co l l abo ra t ion (ebXM L)
l Within a businessorganization
l Centralizedcontrol
l Implicit contractl Small number of
businessprocesses andparticipants
l Between businessorganizations
l Distributedcontrol
l Explicit contractl Potentially l arge
number ofbusinessprocesses andparticipants
EAI
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
56/68
221
Universal Business
Language (UBL)
Defines a library of standard electronic
business documents Plugs directly into existing traditional
business and legal practices
Eliminates re-keying of data in existingfax-based supply chains
Fills the payload slot in B2B frameworkssuch as the UN/OASIS ebXML initiative(http://ebxml.org) and various WS schemes
222
EDI , ebXM L, UBL
Business Agreements
Business Processes
Packaging/Transport
Standard Messages
Message Conceptualization
ad hoc TPA
CASE tool
VAN
X12, EDIFACT
ImplementationGuidelines
ebXML CPA
ebXML BPSS
ebXML SOAP
UBLSchemas
UBL ContextMethodology
ebXML Infrastructure(+ Registry/Repository)
UBL Payload
EDI B2B Web B2B
223
W e b Se r v i c e s
St a n d a r d s A c t i v i t i e s
224
W 3 C
XML, XML Schema, XSL, XQuery SOAP WSDL Web Services Addressing Web Services Choreography
Semantic Web Services SOAP Message Transmission Optimization
Mechanism (MTOM) XML Key Management Specif icat ion (XKMS) XML Signature XML Encrypt ion
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
57/68
225
OASIS
Asynchronous Service Access Protocol (ASAP)
Business Transact ion Prot ocol (BTP) *
Electronic Business XML (ebXML) * Framework for Web Services Implementation
Translat ion Web Services Web Services Business Process Execution Language
(WS-BPEL)
Web Services Composition Application Framwork(WS-CAF)
Web Services Distributed Management (WSDM)
Web Services Interacti ve Appli cation (WSIA)
226
O A SI S ( Co n t i n u e d )
Web Services Notification (WSN)
Web Services Reliable Messaging (WSRM)
Web Services Resource Framework (WSRF) Web Services for Remote Port lets (WSRP)
Web Services Securi ty (WSS) * Universal Descript ion, Discovery and Integration
(UDDI) *
Universal Business Language (UBL) * Security Asserti on Markup Language (SAML) * Extensible Access Control Markup Language
(XACML) *
227
Jav a Bu si n es s I n t eg r a t i on
(JBI)
228
W h a t i s SO A ?
P r i n c i p l e s a n d p r a c t i c e s f o r d e s i g n i n gs h a r e d , r e u s a b l e , d i s t r i b u t e d s e r v i c e s
SOA Attributes: Separat ion of service int erface from
underlying implementat ion (loose
coupling) Promotes service reuse through
discoverable and self-describing services
Services are course-grained, composable,and rely on a standards basedinfrastructure
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
58/68
229
Web Se rv i ces Ena b l es SOA
You can practice SOA without Webservices... but..
Web services is the best enabler ofSOA Service interface hides service implementation
Reusable
Discoverable
Compose'able
Standard-based
Industry momentum230
SOA Support in J2EE Platform
Begins with J2EE 1.4 platform-based
Web services Continues with J2EE 5.0 platform
enhanced Web services
J2EE 5.0 platform extended with JSR208 (Java Business Integration) SOA Core
Extensible Service Engines
Extensible Binding Components
231
J2EE Platform+Java Business
Integration = Integration Server
232
SOA Platform
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
59/68
233
A Service
234
D o c u m e n t - S t y l eW eb Ser v ice s (vs . RPC)
235
Document-style
R PC v s . D o c u m e n t -s t y l e
l Procedure cal l
l Method signature
l Marshaling
l Tightly-coupled
l Point to point
l Synchronous
l Typically withinIntranet
l Business documents
l Schema
l Parsing & Validat ing
l Loosely coupled
l End t o end
l Asynchronous
l Typically overinternet
RPC
236
Document-style
W h e n t o u se W h i c h m o d e l ?
l Within Enterpri se
l Simple, point-to-point
l Short runningbusiness processl Reliable and high
bandwidthl Trusted
environment
l Between enterpri seand enterprise
l Complex, end to endwith int ermediaries
l Long runningbusiness process
l Unpredictablebandwidth
l Blind trust
RPC
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
60/68
237
? Use of document/literalSOAP
message (instead of RPC/encoding)? SOAP body contains XML document, i.e.
Purchase order
? Specified via style and use attribute in
WSDL document
? Use of Attachments? Attachment contains XML document
? Specified via MIME binding in WSDL document
D o c u m e n t - S t y l e W e b s e r v i c e sSuppo r t i n JAX-RPC
238
Fas t W eb Ser v i ce
239
Cu r r e n t Pe r f o r m a n c e D a t aLoopback request/response latency
JAX-RPCencoded
JAX-RPCliteral
RMI/IIOP RMI0
2.55
7.510
12.5
15
17.520
22.5
25
Protocol vs. Time (ms)
20 elements
Protocol
Time(ms)
240
JAX-RPCencoded
JAX-RPCliteral
RMI/IIOP RMI0
5001000150020002500
300035004000450050005500
Protocol vs. Size (bytes)
20 elements
Protocol
Size
(bytes)
Cu r r e n t P e r f o r m a n c e Da t aMessage size
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
61/68
241
M a i n Go a l s
Provide much bett er performance
Standards for Fast Web Services
- Interoperability
Take advantage of JavaWebServices stack
- Fast implementat ion in stack
Minimize impact to Web Servicedevelopers- Stack will hide the details
242
Application
Protocol andData Binding
Transport
Th e B i g P i ct u r e
Application
Protocol andData Binding
Transport
Unchanged
Can Change
WSDL
243
Te c h n i c a l Go a l s Cut overhead of XML processing
- SOAP message size
- Marshaling to programmatic types
Maximize use of APIs, tools and standards- JAX-* APIs, WSDL
Support for J2ME, J2SEand J2EEtechnologies- JSR-172, Web Servi ces for J2ME
- End-to-end support
Platform and programming languageindependent
244
Use Cases
Web Services within the enterprise
Time- and resource-sensitive systems
- Mobile phones
- Satellites
High-performance computing- Grid computing
- Scientif ic computing
Example: Auto-ID
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
62/68
245
Technological Requirements
Optimized encoding technology
- Fast infoset, Fast schema and Fast SOAP
- Not specific to application
Proven use in network communications
- Large-scale deployment
Platform and programming languageindependent
Existing standards
- Royalty-free and open
246
V a n i l l a XM L En c o d i n g
SOAP and XML have limitations
- Larger message size- Inefficient data representation
- Marshaling requires more CPUprocessing
XML is highly self-describing, butthere is a price for this:performance
247
Th r e e La y e r s o f O p t i m i za t i o nO p p o r t u n i t y
Transport layer- Mechanism: compression
- Unit: bytes
XML information setlayer
- Mechanism:binary XMLrepresentation- Unit : DOM, SAX or Pul l API
Schema bindinglayer
- Mechanism:binary datarepresentation
- Unit: programmatic types248
V a n i l l a X M L P ip e l i n e
CompressibleBytes
Infoset
Binding
Transport
XML 1.0 Bytes
SAX/DOM/Pull
Types
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
63/68
249
Fa s t I n f o s e t P i p e l i n e
CompressibleBytes
Infoset
Binding
Transport
XML Infoset Binary Bytes
SAX/DOM/Pull
Types
250
Fa s t Sc h e m a P i p e l i n e
CompressibleBytes
Binding
Transport
Types
Schema-optimized BinaryBytes
Schema
Knowledge
251
Ex a m p l e : Sc h e m a Fr a g m e n t
252
XM L a n d Fa s t Sc h e m a En c o d i n g
string
12345678
true
string
12345678
true
XML Fast Schema
7B
4B
1b
25B
29B
25B
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
64/68
253
Fa s t P e r f o r m a n c e D a t a
JAX-RPCencoded
JAX-RPCencodedFast infoset
JAX-RPCliteral
RMI/I IOP JAX-RPCFastschema
RMI0
2.55
7.5
1012.5
1517.5
2022.5
25
Protocol vs. Time (ms)20 elements
Protocol
Time(ms)
Loopback request/response latency
254
Fa s t P e r f o r m a n c e D a t a
JAX-RPCencoded
JAX-RPCencodedFast infoset
JAX-RPCliteral
RMI/I IOP JAX-RPCFastschema
RMI0
5001000150020002500300035004000450050005500
Protocol vs. Size (bytes)20 elements
Protocol
Size(bytes)
Message size
255
Schema language for abstract type system
Multiple encoding rules
? Types are independent of encoding
Royalty-free set of standards at ITU-T/ISO
In development for nearly 20 years
Extensively used in telecom industry
Implementations in Java, C and C++programming languages
ASN.1
256
Fast Encoding and ASN.1
Fast infoset encoding
- ASN.1 Schema for XML infoset
Fast schema encoding
- W3C XML Schema to ASN.1 mapping
Fast SOAP encoding- ASN.1 Schema for SOAP
Packed Encoding Rules (PER)
- Most compact and CPU efficient
- Other rules could be used (e.g., DER)
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
65/68
257
Fast W eb Ser v ice
D e m o
258
D e m o Sc e n a r i o
Comparing regular Web service and fastWeb service performance in real time
using different size of the messages
259
M e t a d a t a -d r i v e n
W eb Ser v ice (JSR 18 1)
260
Goals
? Simplify Web services development anddeployment dramatically
? Leverage Java Language Metadatatechnol ogy (JSR 175)? provide an easy to use syntax for describing web
services at the source-code level
? Use standard Java compi ler (J2SE 1.5)? Validate Web services metadata
? Produce class fil es containing metadata
? Allow Web services metadata to bemanipulated by tools
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
66/68
261
Goals? Enable auto-deployment
? Like JSP deployment
? Abstract away details of Web Serviceimplementation and deployment? Prot ocols, WSDL, service endpoint s, XML/ Java
mapping, message format s, deployment descriptors,packaging
? Built over existing Web services APIs andtechnologies? Hide low-level programming APIs for Web services
components and J2EE
? Like JSP hides compl exit y of Servl et262
JSR 181
? JavaWeb Service (JSR 181 WS) file is central? Both source and compiled form
? Web Service metadata annot ates 181 WS fi le
? 181 WS fi le is a standard Javasource file
? JSR 175 used to represent metadata (J2SE 1.5)? A Javalanguage extension with compiler support
? Define Metadata vocabulary for application area? Web Services (JSR 181 defines vocabulary)
? Metadata in class file and available at run-time
263
An Example (Part of a 181
WS File)@Protocol (httpSoap=true, soapStyle=documentLiteral)@TargetNamespace
(namespace=http://schemas.myDomain.com/ws/)
public class MyWebService{ @Operation public double zipDistance (String fromZip, String
toZip){ . . .
return distance.getDistance(fromZip, toZip); } . . .}
264
W e b Se r v i c e s
T r a n s a c t i o n
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
67/68
265
Tr a n s a c t i o n f o r W e b s er v i ce s
Web services have dif ferent characterist ics Long running business process
Mult i enterprise and distr ibuted (no singleTransaction manager is present)
ACID properties need to be loosened up forWeb services Traditional locking cannot be used for long
running process
BTP (Business Transaction Protocol) fromOASIS
266
J2 M E &W e b Se r v i c e s
267
JSR-172
Parsing
J2ME Web services client
J2ME device
Configuration
Profile
JSR 172
xml/http
Web Services
268
JAX-RPC Sub se t Ove rv i e w
Subset of JAX-RPC 1.0
Additionally specifies runtimeSPI-portable stubs
No support for the service endpointmodel. The subset only provides support
for clients to access web serviceendpoints.
Ali gnment with WS-I Basic Profi le
Prot ocol encoding: SOAP 1.1 using XMLbased protocol
10/23/2004
8/13/2019 Web Services Programming 1 Day 4
68/68
269
J2M E W eb Ser v ice
D e m o
270
D e m o Sc e n a r i o
Building and running J2ME Web serviceclient application (through an emulator)
using Sun ONE Studio 5
271
Th a n k Yo u !