Important Concepts Of The Soap Web Services

19 May 2015

What is web services?

  • A Web service is a method of communication between two electronic devices over a network.
  • Web services are client and server applications that communicate over the World Wide Web’s (WWW) HyperText Transfer Protocol (HTTP).
  • Two applications on two different platforms can communicate via web services.
  • Webservices are broadly classified into RESTful and SOAP web services.
    • SOAP stands for Simple Object Access Protocol
    • REST stands for REpresentational State Transfer

SOAP (Simple Object Access Protocol)

Core components of SOAP

Core components of SOAP webservices are

  • UDDI - Universal Description, Discovery and Integration
  • WSDL - Web Services Description Language
  • XSD - XML Schema Definition

UDDI - Universal Description, Discovery and Integration

UDDI is a platform-independent framework for describing services, discovering businesses, and integrating business services by using the Internet.

  • UDDI stands for Universal Description, Discovery and Integration
  • UDDI is a directory for storing information about web services
  • UDDI is a directory of web service interfaces described by WSDL
  • UDDI communicates via SOAP
  • UDDI is built into the Microsoft .NET platform and supported by all major platform and software providers like Dell, Fujitsu, HP, Hitachi, IBM, Intel, Microsoft, Oracle, SAP etc.
How can UDDI be Used?

Airlines can register their services into an UDDI directory and Travel agencies can search UDDI to find airline’s reservation interfaces. If the interface found, the agency can communicate with the service over SOAP protocol.

WSDL - Web Services Description Language

WSDL stands for Web Services Description Language written in XML. WSDL:

  • describes the webservice
  • describes how to access them
  • is also used to locate Web services
  • is W3C recommendation
Sample WSDL Document

Below wsdl file provides a public function called sayHelloWorld. It takes string as input and string as output. For example, if you pass “This is my first webservices program” as input then the output will be “Hello World! This is my first webservices program”.

Go through the inline comments to understand WSDL components

Web Service Name: HelloWorldService



<definitions name="HelloWorldService"
	targetNamespace="http://www.examples.com/wsdl/HelloService.wsdl" xmlns="http://schemas.xmlsoap.org/wsdl/"
	xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:tns="http://www.examples.com/wsdl/HelloService.wsdl"
	xmlns:xsd="http://www.w3.org/2001/XMLSchema">

	<!-- Request takes text as input. The type of the text is built-in String -->
	<message name="Request">
		<part name="text" type="xsd:string" />
	</message>

	<!-- Response produces output in message variable. The type of the message is built-in String -->
	<message name="Response">
		<part name="message" type="xsd:string" />
	</message>

	<!-- portType is an abstract set of operations supported by one or more endpoints.
		 sayHelloWorld operation is a part HelloWorld_PortType portType and takes Request and produces Response 
		 HelloWorld_PortType portType is binding with HelloWorld_Binding
	 -->
	<portType name="HelloWorld_PortType">
		<operation name="sayHelloWorld">
			<input message="tns:Request" />
			<output message="tns:Response" />
		</operation>
	</portType>

	<!-- binding defines the transport protocol as HTTP and message style as RPC or DOCUMENT -->
	<!-- If the WSDL is RPC type then xsd file won't be imported but for DOCUMENT type, the xsd file will be imported in wsdl file -->
	<!-- RPC style message is tightly coupled where as DOCUMENT style message is loosely coupled and can be validated against schema -->
	<binding name="HelloWorld_Binding" type="tns:HelloWorld_PortType">
		<soap:binding style="rpc"
			transport="http://schemas.xmlsoap.org/soap/http" />
		<operation name="sayHelloWorld">
			<soap:operation soapAction="sayHelloWorld" />
			<input>
				<soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
					namespace="urn:examples:helloworldservice" use="encoded" />
			</input>

			<output>
				<soap:body encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
					namespace="urn:examples:helloworldservice" use="encoded" />
			</output>
		</operation>
	</binding>

	<!-- Service is a collection of related endpoints. It says the webservice is available at http://www.ashismo.github.com/sayHelloWorld/ -->
	<service name="HelloWorld_Service">
		<documentation>WSDL File for HelloWorldService</documentation>
		<port binding="tns:HelloWorld_Binding" name="HelloWorld_Port">
			<soap:address location="http://www.ashismo.github.com/sayHelloWorld/" />
		</port>
	</service>
</definitions>

What is the difference between JAX-WS, AXIS2 and CXF?

  • JAX-WS is Java specification for SOAP based web services.CXF or AXIS2 are the implementation of JAX-WS by Apache.
  • JAX-WS implementation comes by default with JDK. If you need WS-security, WS-Policy etc then you need to go for CXF or AXIS2 or Metro
  • CXF has better integration with Spring and other frameworks
  • AXIS2 supports multiple languages like Java, C, C++ etc.

What is endpoints?

What is stub and skeleton?

Skeleton belongs to service provider side and Stub belongs to client side. At lower level the Stub and Skeleton communicates with each other. In both the sides (server and client) we generate skeleton and Stub from the WSDL.

Webservice design approach (What is bottom up and top down approach?)

Bottom up approch: Service code is written code then we generate the WSDL from it. Top down approach: WSDL is created first then the service code will be written

Securities in SOAP webservices

In SOAP based webservice, the most common security scheme avaialable for today’s webservice is SSL (Secure Socket Layer) which is typically based with HTTP. However, SSL has some limitations. To overcome these limitations, XML-based security initiatives are used.

SSL Limitations

  • The SSL is designed for point-to-point security and webservice needs end-to-end security.
  • SSL secures communication at transport level rather than at message level. As a result messages are protected only when transit on the wire.

Message Level Security

To provide security at message level rather than at transit level, different XML based security schemes are used. These includes

  • XML digital signature
  • XML encryption: Encript the desiger data only (e.g. Credit card data)
  • XKMS (XML Key Management Specification)
  • WS-Security (Web services Security): It supports multiple security model such as user name/password based and certificate based models
blog comments powered by Disqus
J2EE,SOAP,RESTful,SVN,PMD,SONAR,JaCoCo,HTTP,API,MAVEN,AngularJS,GitHub,LDAP,AOP,ORM,JMS,MVC,AWS,SQL,PHP,H2DB,JDBC