View
220
Download
1
Category
Tags:
Preview:
Citation preview
Web Services
Overview and TrendsDavid Purcell
MnSCU OoC IT
Introduction - Purpose of Presentation
Introduce a Service Oriented Architecture Introduce Web Services Review/Explain Technical Details Discuss Different Types of Services Discuss Implementation Challenges with
Web Services
Web Services and SOA Service-Oriented Architecture - What is It?
Unit of work = ServiceCentralized data access/business logic
encapsulated by Service ProviderLoose couplings between systemsReusable services that can serve many needsApplications can be assembled, rather than
built
Web Services
Web Services A way to implement a SOA Mechanism for application-to-application
communication (integration!) Uses standard protocols and languages:
Typically HTTP and XML Independent of programming language Two main types: SOAP and REST
SOAP Web Services SOAP – an XML language for encapsulating messages
What service to invoke Message contents (input parameters and response info) Auxiliary information about the sender, errors, etc.
Programmers use tools to make SOAP calls (Don’t code SOAP by hand)
Self-Describing: Description of Service using wsdl* Many extensions to SOAP are proposed to cover
technical challenges (security, etc.) Two main types: RPC and Document
SOAP Service TypesRPC (Remote Procedural Call) Remote call – Programmer calls a
‘function’ Most Common MnSCU services are currently RPC style Advantages:
Easier to create, consume Disadvantages
Shouldn’t change once in place - Breaks the notion of loose coupling
SOAP Service TypesDocument Style
You define the XML returned in SOAP envelope
Advantages:You can define a schema for the xml – any
calling app can validate against the schemaLess fragile – you can change the XML without
changing the service definition Disadvantages:
More difficult to develop
Soap Services – WSDL
Web Service Description Language Describes the Service
The exposed functionsThe parameters expected in the
request/responseElements / datatypes for the parametersHow to access (bind to) the service
Doesn’t have to be SOAP service
WSDL Example RPC-style SOAP Service - WSDL
SOAP Message
XML format for encapsulating messages Important parts:
Header Faults
Body Request Response
SOAP Message Example –RPC-style SOAP Service Request
<?xml version="1.0" encoding="UTF-8"?> <SOAP-ENV:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:SOAP ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body> <ns1:echoString xmlns:ns1="http://soapinterop.org/">
<testParam xsi:type="xsd:string">Hello!</testParam> </ns1:echoString>
</SOAP-ENV:Body> </SOAP-ENV:Envelope>
SOAP Message Example –RPC-style SOAP Service Response
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<SOAP-ENV:Body>
<ns1:echoStringResponse xmlns:ns1="http://soapinterop.org/"> <result xsi:type="xsd:string">Hello!</result>
</ns1:echoStringResponse>
</SOAP-ENV:Body> </SOAP-ENV:Envelope>
REST-Style Web Services Representational State Transfer Applications define their own specs
Typically custom XML defined for the response Resource oriented HTTP protocols – typically using HTTP
GET requests for retrieving data, POST requests for modifying data
REST
http://somesite/a-service/a-resource
REST-Style Web Services, cont.
Advantages: Simpler Don’t need any special toolkits Like Document-style SOAP services, the XML can be
self-validating Disadvantages:
Don’t get underlying infrastructure provided by today’s web services tookits, or tomorow’s extensions
Your app needs to handle the http request and any communication problems
You need to extract the data from response XML
SOAP vs. REST SOAP Advantages
Because of the standard protocol, toolkits can handle SOAP layer for you
Many Standards being built on top of SOAP infrastructure (security, transactions, etc.)
REST AdvantagesSimple to useDoesn’t require any special tools
Web Services Challenges
Security Conversational state Transactions Reliable messaging Orchestrating a set of services
Web Services Challenges, cont. There are many web services specs and
protocols However..
Competing standards exist Implementations are not widely available
SOAP/WSDL are the most common standards that are widely agreed upon and implemented
Web Services Challenges - Security How do you…
Ensure that the message wasn’t altered?Ensure that the message can’t be observed?Determine the identity of the requestor?Determine that the requestor is authorized to
use the service?
Web Services Challenges - Security Specs and Activities XML Signature - provides data integrity and
authentication XML Encryption – data integrity via encryption WS-Security
specifies how to sign and encrypt SOAP messages Uses XML Signature and XML Encryption, among others
SAML a framework for exchanging identification information among
partners Foundation of Liberty Alliance single sign-on capabilities
eXtensible Access Control Markup Language (XACML) Define authorization / access control in XML
Web Services – Security, cont.
Other competing specs and standards As security issues get resolved through
standards/specs, web service security can be handled with less application programming Security infrastructure would be more declarative,
consistent WS-Security – vendors starting to provide
implementations
In the Mean Time…
We can’t wait for all specs to solidify
We need to implement today
Technical Implementation Considerations Security
Authentication Encryption Authorization Basic Web App Security Practices
Error Handling SOAP Fault Specifying a mechanism to return errors
Technical Implementation Considerations, cont. Service Inputs/Outputs for RPC services
Flat ‘arrays’ of data Less fragile (you can add a new, optional
parameter without altering the WSDL) Simpler Can’t handle relationships among data
Complex data elements (relationships among data)
Used for complex data types More fragile architecture
Technical Implementation Considerations - Transactions
What if your app does the following?
1. Call Service – Update Info
2. Update your local database- 2.a – Problem occurs- 2.b – Rollback your database input
Technical Implementation Considerations - Transactions
You need to consider order
1. Update your local database- 1.a – Problem occurs- 1.b – Rollback your database input
2. Don’t call the Service
Technical Implementation Considerations - Interoperability Be sure you are using the same version of
specs on client/server
XML mapping – data types
Exceptions/Errors
Java Collections
Getting Started
Get to know your web services toolkits
Understand the services you need Web Services Resource Site:
http://its.mnscu.edu/isrs/webservices/
Tools Example
Generate Web Service Code with Axis:
set mypath = C:/my-axis-libraries/libraries…java org.apache.axis.wsdl.WSDL2Java
http://some-host/someservice/services/my-service?wsdl
Example – Client call to Query ServiceIsrsQueryServiceLocator locator = new
IsrsQueryServiceLocator();
locator.setIsrsQueryEndpointAddress("http://some-host/ws-isrsquery/services/IsrsQuery");
IsrsQuery query = locator.getIsrsQuery();
Response result = query.executeQuery( “queryname", “id", "password",new String[]{“rcid", "20055"}) ;
Web Services – Moving Forward Web Services and Portals
WSRP Web Services and Business Assembly
BPEL - a language for orchestrating services to make a business process
Discovering Web ServicesUDDI - a means of discovering a serviceNotion of a registry where you would find a
service – hasn’t really caught on
Portals
Web Services and Portals
WSRP Spec (Web Services for Remote Portlets) Most web services require an intermediate app to
display data Portlets are a good candidate for consuming web
services Why not provide user interface code with a service? WSRP! – A generic portlet can consume and display
many different web services.
Web Services and Portals, cont.
WSRP Support by major portal vendorsMight be good alternative to a portlet code
library For example:
Provide a summary of a student’s course schedule Provide a listing of messages for a student
Business Process Execution and Web Services BPEL – Business Process Execution
LanguageAn XML spec for coordinating web servicesCombine web services into a business
processSpecify order to call the services:
conditionals, looping, parallel pathsBPEL servers provided by many vendors
Conclusion
A Service-Oriented Architecture has advantages for a system like MnSCU
Web Services is becoming part of application development environment
We need to implement services properly: SOAP/RPC/Doc type/REST
We need to keep an eye on future trends – take advantage of them as they solidify
Questions?
References
Doc style services: http://www-106.ibm.com/developerworks/webservices/library/ws-docstyle.html
Apache web services: http://ws.apache.org/ OASIS WSRP Spec:
http://www.oasis-open.org/committees/download.php/3343/oasis-200304-wsrp-specification-1.0.pdf
WSRP overview from IBM - http://www-106.ibm.com/developerworks/webservices/library/ws-wsrp/?Open&ca=daw-ws-dr
http://www-128.ibm.com/developerworks/xml/library/ws-wsrp/ W3C SOAP spec: http://www.w3.org/TR/soap/
References, cont.
SAML http://www.xml.com/pub/a/2005/01/12/saml2.html http://www.oasis-open.org/committees/tc_home.php?wg_abbrev
=security Web Services Security
http://webservices.xml.com/pub/a/ws/2003/03/04/security.html http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html
REST services http://www.xml.com/pub/a/2004/08/11/rest.html?page=1 http://www.xfront.com/REST-Web-Services.html
BPEL http://www.theserverside.com/articles/article.tss?l=BPELJava
Technical Examples – Hello World – Creating a Service using Java
1. Create a Functionpublic class TestService {
public String helloWorld(String name){
return "Hello " + name;
}
}
2. Download Apache Axis Library – add to your app
3. Modify Config Files (axis config file and web app config file)
4. You have a service!
Technical Examples – Hello World – Consuming a Service using Java
1. Get the web service description (WSDL file)
2. Use a Utility to Generate Helper Code1. Apache Axis has wsdl2java
3. Create Code to call the service, using the helper code
1. Lets tool handle all the ‘plumbing’
Recommended