ΗΛΕΚΤΡΟΝΙΚΟ ΕΜΠΟΡΙΟΗΛΕΚΤΡΟΝΙΚΟ ΕΜΠΟΡΙΟ
Web Services OverviewWeb Services Overview
Mary Grammatikou
www.netmode.ntua.gr
9/06/2009
What are Web Services?
• Identified by a URI• Interfaces defined using XML• Can be discovered by other systems• Interact using XML based messages• conveyed by Internet protocols
The components
• DISCOVERING– To discover where you can get web services and what
businesses have to offer – UDDI
• DESCRIPTION– To describe a web service and how to interact with it WSDL
• PACKAGING– To package your interaction with the Web Service – SOAP
• TRANSPORT– To carry the data envelope across the internet – HTTP Post– To fragment and deliver the http post request to the end point =
TCP/IP
Transport
• HTTP – HTTP POST– HTTP GET
Packaging – Soap
• Used to mean– Simple– Object– Access– Protocol
• From SOAP 1.2 > SOAP is no longer an acronym
• Two Types of SOAP
Packaging – Soap
• SOAP RPC (Remote Procedure Call):– encode and bind data structures into xml– encode an RPC call
• SOAP ‘document style’– packages xml in an envelope
Packaging – Soap
<s:Envelope xmlns:s=“URN”><s:header><s:transaction xmlns:m=“soaptransaction”><m:transactionID>1234</m:transactionID ></s:transaction></s:header>
Packaging – Soap
<s:Body>
<n:purchaseOrder xmlns:n=“URN”>
<n:item>socks</n:item>
<n:amount>1</n:amount>
</n:purchaseOrder>
</s:Body>
</s:Envelope>
Description –WSDL
• Web Services Description Language
• “Web Services Description Language (WSDL) provides a model and an XML format for describing Web services.” w3c.org
Types
• XML schema can be used to represent constraints on the content model of the elements in an XML document
• Elements that contain child elements and / or attributes are defined in a schema document using complex types
• Elements that don’t contain child elements and attributes are defined using simple types
<types><schema targetNamespace=" IMessageService.xsd"xmlns="…/XMLSchema" xmlns:SOAPENC="…/soap/encoding/"/>
</types>
Messages
• The message element gives information about the data that travels from one endpoint to another
• The message element depicts an one way message
<message name=“purchase"><part name=“item" type="xsd:string"/><part name=“quantity" type="xsd:integer"/>
</message>
Operations
• The operation element is the action that we call in a WSDL file
• It can be used instead of a method
<operation name="setMessage">
<input name="setMessageRequest“
message="tns:setMessageRequest"/>
<output name="setMessageResponse“
message="tns:setMessageResponse"/>
</operation>
Encoding
• Encoding in the web services is based on SOAP
<soap:operation soapAction="" style="rpc"/>
<input name="setMessage0Request">
<soap:body use="encoded"
namespace="MessageService"
encodingStyle="…/soap/encoding/"/>
</input>
Endpoint
• Endpoint is the final URL of any web service
<service name="MessageService">
<port name="MessageServicePort"
binding="tns:MessageServiceBinding">
<soap:address location="http://localhost:8080/setMessage/"/>
</port>
</service>
Discovery – UDDI
• Universal Description, Discovery and Integration
• A UDDI Server acts as a registry for Web Services and makes them searchable
• Demonstration:https://uddi.ibm.com/ubr/registry.html
Design Recommendations
• Create a local class
• Create a method with the same name
Examples (Java Client)
URL endpointURL = new URL(endpoint);
Call call = new Call();
call.setSOAPTransport(m_httpconn);
call.setTargetObjectURI("MessageService");
call.setMethodName("setMessage");
call.setEncodingStyleURI(Constants.NS_URI_SOAP_ENC);
Examples (Java Server)
• A Web service Server is simple:– New class with method
• Then:– Register class with soap engine (e.g. axis
server)
Security WS Security Standardisation
• W3C - http://www.w3c.org– XML Encryption– XML Digital Signatures
• WS-I - http://www.ws-i.org– WS Security Profile
• OASIS - http://www.oasis-open.org– WS-Security– SAML - Security Assertion Markup Language– XACML - Extensible Access Control Markup
Language– XKMS - XML Key Management Specification
Security
• Firewall ‘transparency’
• Double-edged sword– Simplifies deployment
– Opens up potential holes in enterprise security
• Similar to CGI, etc.
Real Examples
• Amazon Web Services API– Infrastructure Services– Payments and Billing – On demand Work force– Merchant Services
• Google Web API– …
• Ebay Web services– …
• HP & IBM online stores– …
GoogleAPI
• Search Requests– Search requests submit a query string and a set of
parameters to the Google Web APIs service and receive in return a set of search results
• Cache Requests– Cache requests submit a URL to the Google Web
APIs service and receive in return the contents of the URL when Google's crawlers last visited the page (if available)
• Spelling Requests– Spelling requests submit a query to the Google Web
APIs service and receive in return a suggested spell correction for the query (if available)
Top Related