Devon M. Simmonds Computer Science Department 1 Introduction to Web Services Devon M. Simmonds...

Devon M. Simmonds Computer Science Department 1

Introduction to Web Services

Devon M. SimmondsComputer Science Department

University of North Carolina, [email protected]

Web Services & SOAPSlides from various sources: Dr. Ghosh,

CSU; CERN link; Sun’s tutorial link; slides from this link;

http://ais.web.cern.ch/ais/presentations/webservices/index.html

http://java.sun.com/webservices/

http://64.233.169.104/search?q=cache:ZeTw8E4on0UJ:www.cs.rpi.edu/academics/courses/fall02/netprog/notes/webservices/webservices.ppt+ppt+wsdl+tutorial&hl=en&ct=clnk&cd=10&gl=us


What is a Web service?

• A Web service is a software system designed to support interoperable machine-to-machine interaction over a network. It has an interface described in a machine-processable format (specifically WSDL). Other systems interact with the Web service in a manner prescribed by its description using SOAP-messages, typically conveyed using HTTP with an XML serialization in conjunction with other Web-related standards.

Source: Web Services Glossaryhttp://www.w3.org/TR/ws-gloss/


What is a Web service (2)?

• A Web service is a software system designed to support interoperable machine-to-machine interaction over a network.

• It has an interface described in a WSDL machine-processable format.

• Other systems interact with the Web service in a manner prescribed by its description using SOAP-messages

• Web service is conveyed using HTTP – Identified by a URI

• Web service uses XML serialization • Web-related standards. (Internet Protocols)• Can be discovered by other systems

Source: Web Services Glossary


Web Service Examples

• A stock quote service.– An application requires the current value of a stock, the

web service returns it.

• A route finder for delivery of goods.– Given an initial and a final location, find the most cost-

effective delivery route.

• A weather service, a map service, a web search service… – any composition of Web services.


Why Web Services?

“The Web can grow significantly in power and scope if it is extended to support communication between applications, from one program to another.”

- From the W3C XML Protocol Working Group Charter



Sun RPC (1985) CORBA (1992) DCE / RPC (1993) Microsoft COM (1993) Microsoft DCOM (1996) Java RMI (1996)

Hype Check: Is this new?



What are Web Services?

XML

Application 2Application 1

Two applications communicating over the internet using an agreed message

format – encoded as XML.


Plateau ofproductivity

Slope of enlightenment

Trough of disillusionment

Peak of inflated

expectationsTechnology

trigger

Gartner’s ‘Hype’ CurveKey: Time to “plateau”

Less than two yearsTwo to five yearsFive to 10 yearsBeyond 10 years

Biometrics Grid Computing

Web Services

Nanocomputing

Personalfuel cells

Text-to-speech

WirelessLANs/802.11

Virtualprivatenetworks

Visibility

Maturity

Source: Gartner Group June 2002

Natural-language search

Identity services

Personal digitalassistant phones

E-tags

Speech recognition incall centers

Voice over IP

Bluetooth

Public key infrastructure

Speech recognition on desktopsLocationsensing

WAP/WirelessWeb

Peer-to-peercomputing


Gartner’s Hype Curve 2009

http://www.gartner.com/it/page.jsp?id=1124212

http://www.gartner.com/DisplayDocument?ref=g_search&id=1108412&subref=simplesearch







Gartner’s Hype Curve 2012

From This Source

http://www.forbes.com/sites/louiscolumbus/2012/07/27/gartner-hype-cycle-for-crm-sales-2012-sales-turns-to-the-cloud-for-quick-relief/


How are Web services Different?

• Platform neutral• Open Standards

– Interoperable

• Based on ubiquitous software– XML Parsers– HTTP Server


General rules for services

• Messages are descriptive, not instructive

• Messages are written in a format, structure, and vocabulary that is understood by all parties

• Extensibility – otherwise you lock the parties into a version of the service– Tradeoff: extensibility vs

understandability• Discover a service under a specific

context and not in a centralized fashion

12


Other constraints

• Why? – To improve scalability, performance

and, reliability

• How?– Stateless service– Stateful service– Idempotent request

13


Stateless service

• Message must contain all necessary information for the provider to process it– Service provider more scalable; no need to

store state information between requests. – Monitoring software can inspect one single

request and figure out its intention– More reliable: No intermediate states to worry

about, so recovery from partial failure is also relatively easy

14


Stateful service

• Need to maintain sessions for efficiency or customized service

• Reduces overall scalability; need to remember shared context for consumer

• More coupling between provider and consumer; harder to switch providers

15


Idempotent request

• Duplicate requests have the same effect as one request

• Helps in increasing fault tolerance; resend request if fault occurs

16


What is Software Architecture


What is Architecture Formal Definition

• IEEE 1471-2000– Software architecture is the fundamental organization of a

system, embodied in its components, their relationships to each other and the environment, and the principles governing its design and evolution

IEEE 1471-2000


Utility

Performance

ResponseUnder normal conditions - update of an entity in the

persistent storage <0.5 Second

Latency

Under normal or stress conditions, critical alert

generated by the system will be displayed in less than 1 seconds (for generation)

Data Lossunder all conditions, a

message acknowledged by the system will not

be lost

Availability Hardware IssuesUnder all conditions, when a server crash, the system will

resume operation in less than 30 seconds

Usability

ComplianceThe system should comply

with maritime data standards (e.g. Mercator

projection)

Operability

The system should handle user request without

impeding the user's ability to continue controlling the

system (e.g. initiate additional requests)

Security Unauthorized users

under normal conditions and connectivity the system

should alert an unauthorized login attempt (intrusion) within 1 minute

Adaptability More Users

When additional users need access to the system, add new /more hardware (to

support load) under 4 man weeks

Quality Attributes


How Architecture

Architecture

Quality Attributes

Technology

Patterns & Anti-patterns

Principles

Community experience

Stakeholders

Architect

people

A “deliverable”

Produce

Key

Is an input

Constraints


23

What is a Service?

• A service is a reusable component that can be used as a building block to form larger, more complex business-application functionality.

• A service may be as simple as “get me some person data,” or as complex as “process a disbursement.”


24

What is a Service?

• A service provides a discrete business function that operates on data. Its job is to ensure that the business functionality is applied consistently, returns predictable results, and operates within the quality of service required.


25

What is a Service?

• How the service is implemented, and how a user of the service accesses it, are limited only by the SOA infrastructure choices of the enterprise.

• From a theory point of view, it really doesn’t matter how a service is implemented.


26

Characteristics of a Service

• Supports open standards for integration: Although proprietary integration mechanisms may be offered by the SOA infrastructure, SOA’s should be based on open standards. Open standards ensure the broadest integration compatibility opportunities.


27


• Loose coupling: The consumer of the service is required to provide only the stated data on the interface definition, and to expect only the specified results on the interface definition. The service is capable of handling all processing (including exception processing).


28


• Stateless: The service does not maintain state between invocations. It takes the parameters provided, performs the defined function, and returns the expected result. If a transaction is involved, the transaction is committed and the data is saved to the database.


29


• Location agnostic: Users of the service do not need to worry about the implementation details for accessing the service. The SOA infrastructure will provide standardized access mechanisms with service-level agreements.


A Service edge is a natural boundary

Warning: Remoting and other RPCs trick us into thinking that there is no substantial difference

between a local and a remote object. In fact, they hide the presence of the network.


Fallacies of distributed Computing

The Network is reliable

Latency is zero

Bandwidth is infinite

The Network is Secure

Topology doesn’t change

There is one administrator

Transport cost is zero

The Network is

homogenous


Services are Autonomous


Service

describes

End Point Exposes

Messages Sends/Receives

Contracts

Binds to

Service Consumer

implements

Policy governed by

Sends/Receives

Adheres to

Component

Relation

Key

Understands

Serves


© attachmate 2004

SOA

ServiceRequestor

ServiceProvider

ServiceRegistry

• Uses open standards to integrate software assets as services

• Standardizes interactions of services

• Services become building blocks that form business flows

• Services can be reused by other applications

Find

Bind

Publish


© attachmate 2004

Shift To A Service-Oriented Architecture

• Function oriented• Build to last• Prolonged development

cycles

From To

• Coordination oriented • Build to change• Incrementally built and

deployed

Application silos Tightly coupled Object oriented

Known implementation

Enterprise solutions Loosely coupled

Message oriented Abstraction

Source: Microsoft (Modified)


Benefits of SOA

• Services can be provided locally or outsourced to external providers

• Services are language-independent• Investment in legacy systems can be preserved• Inter-organisational computing is facilitated

through simplified information exchange


SOA & Web Services: The Components

To discover where you can get web services and what businesses have to offer – UDDI

To describe a web service and how to interact with it – WSDL

To package your interaction with the Web Service – SOAP

To carry the data envelope across the internet – HTTP Post

To fragment and deliver the http post request to the end point – TCP/IP


Web Services Interoperability Stack

Network

Transport HTTP, HTTPS, SMTP,…

Packaging/Messaging XML, SOAP, WS-Addressing

Description WSDL, WS-Policy, WS-ResourceProperties…

Discovery UDDI, WS-Inspection, …

Quality of Experience WS-Security, WS-Transactions, WS-ReliableMessaging, …

Compositional BPEL4WS, WS-Notification, …


Transport

• HTTP POST is most common• But other protocols such as

– FTP– SMTP– HTTP GET

• And other exotic ones:– Jabber– BEEP


Packaging – Soap

• Used to mean – Simple– Object– Access– Protocol

• From SOAP 1.2 > SOAP is no longer an acronym

• Two Types of SOAP


Types of SOAP Web services

• SOAP-RPC web services– Encodes remote procedure calls in

messages– Prescribes both system behaviors and

application semantics– Generally not interoperable– Breaks constraint of SOA (thus, not

SOA)

• Document-oriented web services

41


Packaging – Soap

• SOAP RPC:– encode and bind data structures into

xml.– encode an RPC call


Serialization

class PurchaseOrder {String item = “socks”;int amount = 1;}

<PurchaseOrder><item type=“xsd:string”>

socks</item><amount type=“xsd:int”>

1</amount></PurchaseOrder>

Serializer


Packaging - SOAP

• SOAP ‘document style’– packages xml in an envelope


Packaging – SoapHTTP Post

SOAP Envelope

SOAP Body

SOAP Head


Packaging – Soap

<s:Envelope xmlns:s=“URN”><s:header>

<s:transaction xmlns:m=“soap-transaction”>

<m:transactionID>1234

</m:transactionID >

</s:transaction></s:header>


Packaging – Soap

<s:Body><n:purchaseOrder xmlns:n=“URN”>

<n:item>socks</n:item><n:amount>1</n:amount>

</n:purchaseOrder></s:Body>

</s:Envelope>


Description – WSDL

• Web Services Description Language– “Web Services Description Language (WSDL)

provides a model and an XML format for describing Web services.” w3c.org

• WSDL is written in XML • WSDL is an XML document • WSDL is used to describe Web services

– What operations does the service expose?

• WSDL is also used to locate Web services – Where is the web service located?


WSDL Major Elements

Element Defines

<portType> The operations performed by the web service

<message> The messages used by the web service

<types> The data types used by the web service

<binding> The communication protocols used by the web service


WSDL Structure

<definitions> <types> definition of types... </types> <message> definition of a message. </message> <portType> definition of a port... </portType> <binding> definition of a binding </binding></definitions>


WSDL Sample Fragment

<message name="getTermRequest"> <part name="term" type="xs:string"/> </message> <message name="getTermResponse"> <part name="value" type="xs:string"/> </message><portType name="glossaryTerms">

<operation name="getTerm"><input message="getTermRequest"/><output message="getTermResponse"/></operation>

</portType>


WSDL Ports

• The <portType> element is the most important WSDL element.

• It defines a web service, the operations that can be performed, and the messages that are involved.

• The <portType> element can be compared to a function library (or a module, or a class) in a traditional programming language.


WSDL Messages

• The <message> element defines the data elements of an operation.

• Each messages can consist of one or more parts. The parts can be compared to the parameters of a function call in a traditional programming language.


Messages

<message name=“purchase"><part name=“item" type="xsd:string"/><part name=“quantity" type="xsd:integer"/>

</message>


WSDL Types

• The <types> element defines the data type that are used by the web service.

• For maximum platform neutrality, WSDL uses XML Schema syntax to define data types.


Types

<types><schema targetNamespace=" IMessageService.xsd" xmlns="…/XMLSchema"

xmlns:SOAPENC="…/soap/encoding/"/></types>


WSDL Bindings

• The <binding> element defines the message format and protocol details for each port.


WSDL Operation Types

Type Definition

One-way The operation can receive a message but will not return a response

Request-response The operation can receive a request and will return a response

Solicit-response The operation can send a request and will wait for a response

Notification The operation can send a message but will not wait for a response


Operations

<operation name="setMessage"><input name="setMessageRequest“

message="tns:setMessageRequest"/><output name="setMessageResponse“

message="tns:setMessageResponse"/></operation>


WSDL Sample Binding

<binding type="glossaryTerms" name="b1"><soap:binding style="document“ transport= "http://schemas.xmlsoap.org/soap/http" /> <operation> <soap:operation

soapAction="http://example.com/getTerm"/> <input> <soap:body use="literal"/> </input>

<output> <soap:body use="literal"/> </output> </operation></binding>


Java APIs for XML

• JAXP -- Java API for XML Processing– processes XML documents using various

parsers • JAX-RPC -- Java API for XML-based RPC

– sends SOAP method calls to remote parties over the Internet and receives the results

• JAXM -- Java API for XML Messaging – sends SOAP messages over the Internet

• JAXR -- Java API for XML Registries– provides a standard way to access business

registries and share information


JAX-RPC and SOAP

• JAX-RPC -- Java API for XML-based RPC.• SOAP – Simple Object Access Protocol• In JAX-RPC, a remote procedure call is

represented by an XML-based protocol such as SOAP.

• The SOAP specification defines envelope structure, encoding rules, and a convention for representing remote procedure calls and responses.

• These calls and responses are transmitted as SOAP messages over HTTP.


JAX-RPC -- SOAP

• JAX-RPC hides this complexity from the application developer.

• On the server side, the developer specifies the remote procedures by defining methods in an interface.

• The developer also codes one or more classes that implement those methods.

• Client programs create a proxy, a local object representing the service, and then simply invokes methods on the proxy.


JAX-RPC -- Java API for XML-based RPC

• A JAX-RPC client can access a Web service that is not running on the Java platform and vice versa.

• This flexibility is possible because JAX-RPC uses technologies defined by the World Wide Web Consortium (W3C): HTTP, SOAP, and WSDL.


Description – WSDL

Messages

Types

Operations

Encoding

Endpoint


Encoding

<soap:operation soapAction="" style="rpc"/><input name="setMessage0Request">

<soap:body use="encoded" namespace="MessageService"

encodingStyle="…/soap/encoding/"/></input>


Endpoint

<service name="MessageService"><port name="MessageServicePort" binding="tns:MessageServiceBinding"><soap:address location="http://localhost:8080/setMessage/"/></port></service>


Discovery – UDDI

• Universal Description, Discovery and Integration

• A UDDI Server acts as a registry for Web Services and makes them searchable.


Examples (Java Server)

• A Web service Server is simple:– New class with method

• Then:– Register class with soap router– Or– Place the source code in a jws file


Examples (VB Client)

• High Level API (After adding a Web Service Reference)

Dim serv As clsws_MessageService

Set serv = New clsws_MessageService

serv.wsm_setMessage txtName.Text, txtColor.Text



Serializer.Init Connector.InputStreamSerializer.startEnvelope , ENC

Serializer.SoapNamespace "xsi", XSISerializer.SoapNamespace "SOAP-ENC", ENCSerializer.SoapNamespace "xsd", XSDSerializer.startBody

Serializer.startElement Method, URI, , "method"

Serializer.startElement “parameter“Serializer.SoapAttribute "type", ,

"xsd:string", "xsi"Serializer.writeString usernameSerializer.endElement

Serializer.endBodySerializer.endEnvelope

Connector.EndMessage



Name

Colour

Call Web Service


Examples (C# Client)• Add a Web References to a

project

Localhost.MessageService serv = new Localhost.MessageService();

serv.setMessage(x, y);


Examples (C# Server)public class Demo :

System.Web.Services.WebService {

public Demo() { InitializeComponent();

}

[Web Method]public string HelloWorld() {

return “Hello World”;}

}


Let’s Compare


Service-orientation vs object-orientation [1]

– (Ref: Thomas Erl’s book)

• Service reusability, object reusability• Service contract (WSDL first), object

contract (interfaces)• Service loose coupling, OO high

coupling (inheritance, other OO mechanisms)

• Service abstraction, OO encapsulation

76


Service-orientation vs object-orientation [2]

• Service composability, aggregation & composition

• Service statelessness, objects stateful

• Service discoverability

77


Service-orientation/web services vs distributed object systems

(Refs: Vogels’ viewpoint, CDK text 19.2.2)

Remote object references and URIs may seem to be similar, but aren’t

Rem obj refs cannot be returned or passed as arguments in web services

Remote object instances cannot be created in web services

No constructors or main methods in web services

No garbage collection of “remote objects”; there is only one

78


Web ServicesFuture


Security

Bookstore

Client Application


Security

Client Application

Bookstore

Bank

Warehouse


WS Security Standardisation W3C - http://www.w3c.org

XML EncryptionXML Digital Signatures

WS-I - http://www.ws-i.orgWS Security Profile

OASIS - http://www.oasis-open.orgWS-Security SAML - Security Assertion Markup

LanguageXACML - Extensible Access Control Markup

LanguageXKMS - XML Key Management

Specification

http://www.oasis-open.org/


Fire Wall

Security – Fire Walls

Bookstore

Client Application


WS-I

• Web Services Interoperability Organization

http://www.ws-i.org

R1017 A RECEIVER MUST NOT mandate the use of the xsi:type attribute in messages except as required in order to indicate a derived typeWS-I Basic Profile Version 1.0


Missing Pieces

• Security– Single Sign-on, credentials

• Transactions• Quality of service

– Timeliness guarantees

• Asynchronous operations– Co-ordination, workflow


Real Examples

• Amazon Web Services API• Google Web API• HP & IBM online stores

http://www.amazon.com/exec/obidos/subst/home/redirect.html/ref=nh_gateway/104-4032966-6886335

http://www.microsoft.com/isapi/gomscom.asp?target=/


Plateau ofproductivity

Slope of enlightenment

Trough of disillusionment

Peak of inflated

expectationsTechnology

trigger

Gartner’s ‘Hype’ CurveKey: Time to “plateau”

Less than two yearsTwo to five yearsFive to 10 yearsBeyond 10 years

Web Services

Visibility

Maturity

Source: Gartner Group June 2002


Tutorials

• Demo source code, etc.:– http://java.sun.com/webservices/docs/1.6/

tutorial/doc/ – http://ais.cern.ch/presentations

http://ais.cern.ch/presentations


Q u e s t i o n s ?

The End

Devon M. Simmonds, Computer Science Department, University of North Carolina Wilmington

Devon M. Simmonds Computer Science Department 1 Introduction to Web Services Devon M. Simmonds...

Documents

Transcript of Devon M. Simmonds Computer Science Department 1 Introduction to Web Services Devon M. Simmonds...