Transcript Web Services
Web Services
Overview and Trends
David Purcell MnSCU OoC IT
Introduction Purpose of Presentation Introduce a Service Oriented Architecture Introduce Web Services Review/Explain Technical Details Discuss Different Types of Services Discuss Implementation Challenges with Web Services
Web Services and SOA
Service-Oriented Architecture - What is It?
Unit of work = Service Centralized data access/business logic encapsulated by Service Provider Loose couplings between systems Reusable services that can serve many needs Applications can be assembled, rather than built
Web Services
Web Services
A way to implement a SOA Mechanism for application-to-application communication (integration!) Uses standard protocols and languages: Typically HTTP and XML Independent of programming language Two main types: SOAP and REST
SOAP Web Services
SOAP – an XML language for encapsulating messages What service to invoke Message contents (input parameters and response info) Auxiliary information about the sender, errors, etc.
Programmers use tools to make SOAP calls (Don’t code SOAP by hand) Self-Describing: Description of Service using wsdl* Many extensions to SOAP are proposed to cover technical challenges (security, etc.) Two main types: RPC and Document
SOAP Service Types RPC (Remote Procedural Call) Remote call – Programmer calls a ‘function’ Most Common MnSCU services are currently RPC style Advantages: Easier to create, consume Disadvantages Shouldn’t change once in place - Breaks the notion of loose coupling
SOAP Service Types Document Style You define the XML returned in SOAP envelope Advantages: You can define a schema for the xml – any calling app can validate against the schema Less fragile – you can change the XML without changing the service definition Disadvantages: More difficult to develop
Soap Services – WSDL
Web Service Description Language Describes the Service The exposed functions The parameters expected in the request/response Elements / datatypes for the parameters How to access (bind to) the service Doesn’t have to be SOAP service
WSDL Example
RPC-style SOAP Service - WSDL
SOAP Message
XML format for encapsulating messages Important parts: Header Faults Body Request Response
SOAP Message Example –
RPC-style SOAP Service Request Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www. w3.org/2001/XMLSchema-instance"> Body > echoString xmlns:ns1="http://soapinterop.org/"> < testParam xsi:type="xsd:string ">Hello! RPC-style SOAP Service Response Envelope xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> Body > echoStringResponse xmlns:ns1="http://soapinterop.org/"> < result xsi:type="xsd:string ">Hello! Representational State Transfer Applications define their own specs Typically custom XML defined for the response Resource oriented HTTP protocols – typically using HTTP GET requests for retrieving data, POST requests for modifying data http://somesite/a-service/a-resource REST-Style Web Services, cont. Advantages: Simpler Don’t need any special toolkits Like Document-style SOAP services, the XML can be self-validating Disadvantages: Don’t get underlying infrastructure provided by today’s web services tookits, or tomorow’s extensions Your app needs to handle the http request and any communication problems You need to extract the data from response XML SOAP Advantages Because of the standard protocol, toolkits can handle SOAP layer for you Many Standards being built on top of SOAP infrastructure (security, transactions, etc.) REST Advantages Simple to use Doesn’t require any special tools Security Conversational state Transactions Reliable messaging Orchestrating a set of services There are many web services specs and protocols However.. Competing standards exist Implementations are not widely available SOAP/WSDL are the most common standards that are widely agreed upon and implemented Web Services Challenges Security How do you… Ensure that the message wasn’t altered? Ensure that the message can’t be observed? Determine the identity of the requestor? Determine that the requestor is authorized to use the service? Web Services Challenges Security Specs and Activities XML Signature - provides data integrity and authentication XML Encryption – data integrity via encryption WS-Security specifies how to sign and encrypt SOAP messages Uses XML Signature and XML Encryption, among others SAML a framework for exchanging identification information among partners Foundation of Liberty Alliance single sign-on capabilities eXtensible Access Control Markup Language (XACML) Define authorization / access control in XML Other competing specs and standards As security issues get resolved through standards/specs, web service security can be handled with less application programming Security infrastructure would be more declarative, consistent WS-Security – vendors starting to provide implementations We can’t wait for all specs to solidify We need to implement today Technical Implementation Considerations Security Authentication Encryption Authorization Basic Web App Security Practices Error Handling SOAP Fault Specifying a mechanism to return errors Technical Implementation Considerations, cont. Service Inputs/Outputs for RPC services Flat ‘arrays’ of data Less fragile (you can add a new, optional parameter without altering the WSDL) Simpler Can’t handle relationships among data Complex data elements (relationships among data) Used for complex data types More fragile architecture Technical Implementation Considerations - Transactions What if your app does the following? 1. 2. Call Service – Update Info Update your local database 2.a – Problem occurs 2.b – Rollback your database input Technical Implementation Considerations - Transactions You need to consider order 1. Update your local database 1.a – Problem occurs 1.b – Rollback your database input 2. Don’t call the Service Technical Implementation Considerations - Interoperability Be sure you are using the same version of specs on client/server XML mapping – data types Exceptions/Errors Java Collections Get to know your web services toolkits Understand the services you need Web Services Resource Site: http://its.mnscu.edu/isrs/webservices/ Generate Web Service Code with Axis: set mypath = C:/my-axis libraries/libraries… java org.apache.axis.wsdl.WSDL2Java http://some-host/someservice/services/my service?wsdl Example – Client call to Query Service IsrsQueryServiceLocator locator = new IsrsQueryServiceLocator(); locator.setIsrsQueryEndpointAddress("http://some-host/ws isrsquery/services/IsrsQuery"); IsrsQuery query = locator.getIsrsQuery(); Response result = query.executeQuery( “queryname", “id", "password",new String[]{“rcid", "20055"}) ; Web Services – Moving Forward Web Services and Portals WSRP Web Services and Business Assembly BPEL - a language for orchestrating services to make a business process Discovering Web Services UDDI - a means of discovering a service Notion of a registry where you would find a service – hasn’t really caught on WSRP Spec (Web Services for Remote Portlets) Most web services require an intermediate app to display data Portlets are a good candidate for consuming web services Why not provide user interface code with a service? WSRP! – A generic portlet can consume and display many different web services. WSRP Support by major portal vendors Might be good alternative to a portlet code library For example: Provide a summary of a student’s course schedule Provide a listing of messages for a student Business Process Execution and Web Services BPEL – Business Process Execution Language An XML spec for coordinating web services Combine web services into a business process Specify order to call the services: conditionals, looping, parallel paths BPEL servers provided by many vendors A Service-Oriented Architecture has advantages for a system like MnSCU Web Services is becoming part of application development environment We need to implement services properly: SOAP/RPC/Doc type/REST We need to keep an eye on future trends – take advantage of them as they solidify Doc style services: http://www 106.ibm.com/developerworks/webservices/library/ws-docstyle.html Apache web services: http://ws.apache.org/ OASIS WSRP Spec: specification-1.0.pdf http://www.oasis open.org/committees/download.php/3343/oasis-200304-wsrp WSRP overview from IBM 106.ibm.com/developerworks/webservices/library/ws wsrp/?Open&ca=daw-ws-dr http://www http://www-128.ibm.com/developerworks/xml/library/ws-wsrp/ W3C SOAP spec: http://www.w3.org/TR/soap/ SAML http://www.xml.com/pub/a/2005/01/12/saml2.html http://www.oasis open.org/committees/tc_home.php?wg_abbrev=security Web Services Security http://webservices.xml.com/pub/a/ws/2003/03/04/security.html http://webservices.xml.com/pub/a/ws/2003/01/15/ends.html REST services http://www.xml.com/pub/a/2004/08/11/rest.html?page=1 http://www.xfront.com/REST-Web-Services.html BPEL http://www.theserverside.com/articles/article.tss?l=BPELJava Hello World – Creating a Service using Java 1. 2. 3. 4. Create a Function public class TestService { public String helloWorld(String name){ return "Hello " + name; } } Download Apache Axis Library – add to your app Modify Config Files (axis config file and web app config file) You have a service! Technical Examples – Hello World – Consuming a Service using Java 1. Get the web service description (WSDL file) 2. 3. Use a Utility to Generate Helper Code 1. Apache Axis has wsdl2java Create Code to call the service, using the 1. helper code Lets tool handle all the ‘plumbing’SOAP Message Example –
REST-Style Web Services
REST
SOAP vs. REST
Web Services Challenges
Web Services Challenges, cont.
Web Services – Security, cont.
In the Mean Time…
Getting Started
Tools Example
Portals
Web Services and Portals
Web Services and Portals, cont.
Conclusion
Questions?
References
References, cont.
Technical Examples –