CS 483 Enterprise and Web
Application Programming
Week 7
Web Services
1
What are Web Services?

W3C (establishes standards for Web
services) defines Web services as:

“A Web service is a software system
identified by a URL whose public interfaces
and bindings are defined and described
using XML. Its definition can be discovered
by other software systems. These systems
may then interact with the Web service in a
manner prescribed by its definition, using
XML-based messages conveyed by Internet
protocols.”
2
What are Web Services?




Web services are a result of the natural
evolution of the Web
Initially – the Web consisted of sites that were
plain HTML pages
Later – Web pages became dynamically
generated
Now – Web services provide a standardized
way for applications to expose their
functionality over the Web or communicate
with other applications over a network –
regardless of the app’s implementation,
programming language, or computer platform
3
Why Implement a Web
Service?

Web services can provide a means for an
enterprise to:




Expand its business offerings
Increase the efficiency of it business
processing
Improve its customer experience
Automate business processing by
streamlining interactions with outside
services (e.g., credit card and shipping
services)
4
Why Implement a Web
Service?

Most important reason:

Promote interoperability across
different platforms, systems and
languages
5
Service-Oriented Architecture
(SOA)




A Web service enables a service-oriented
architecture
SOA is an architectural style that promotes
software reusability by creating reusable
services
Strategy where applications make use of
services available in a network (such as WWW)
SOA addresses complex enterprise
environments due to the user of a variety of
software and hardware platforms, Internetbased communication, and enterprise
application integration (EAI)
6
Service-Oriented Architecture
(SOA)

Considered the wave of the future.
Gartner reports that


“By 2008, SOA will be a prevailing software
engineering practice, ending the 40-year
domination of monolithic software
architecture”
“Through 2008, SOA and Web services will
be implemented together in more than 75%
of new SOA Web service projects”
7
Service


A service provides a specific function (usually
business)
Service can provide a single discrete function


Service can perform a set of related business
functions



such as converting one type of currency to another
such as airline reservation system
called “course-grained”
SOA is a way of sharing functions in a
widespread and flexible way
8
Service-Oriented Architecture
9
Service-Oriented Architecture

In SOA, you have the following:




Service that implements the business logic and
exposes this business logic through well-defined
interfaces.
Registry where the service publishes its interfaces
to enable clients to discover the service
Clients who discover the service using registries and
access the service directly through the exposed
interfaces
Loose coupling – means that the client of the
service is essentially independent of the service

Client does not have to know much about the service to
use it (i.e., implementation language, platform) it just
needs to know the interface
10
SOA
• SOA uses the find-bind-execute paradigm.
• In this paradigm, service providers register their service in a public registry.
• This registry is used by consumers to find services that match certain criteria.
• If the registry has such a service, it provides the consumer with a contract and
an endpoint address for that service.
11
Benefits of Web Services

Interoperability in a heterogeneous
environment


Business services through the Web


Allows distributed services to run on a variety of
software platforms and architectures, and use
different languages
Example – supply chain management
Integration with existing systems

Provide developers with standard ways to access
middle-tier and back-end services or legacy systems
and integrate them with other applications
12
Benefits of Web Services

Freedom of choice


Support multiple clients


Large number of choices for tools, products
and technologies to enhance developer
productivity
Java, Microsoft, wireless, etc
Programming productivity

Web services create a common
programming environment for faster
development
13
Web Services Infrastructure
and Components
Applications
Directory serviceSecurity Choreography
Web Services
Service descriptions (in WSDL)
SOAP
URIs (URLs or URNs)
XML
HTTP, SMTP or other transport
14
Challenges of Web Services
Development

Key challenge today is that Web services
are still in their infancy


Evolving technologies and products
Security



More important than ever!
Exchange and distribute data requires top
security
Key issues:

reliability, availability, and scalability
16
Web Services Protocols and
Technologies



Web services approach is based on a maturing
set of standards that are widely accepted and
used
This enables clients and services to
communicate and understand each other
across a wide variety of platforms and across
language boundaries
These are:




XML
SOAP
WSDL
Emerging standards
17
XML



eXtensible Markup Language (XML) has become the de
facto standard for describing data to be exchanged on the
Web
An XML tag identifies the information in a document and
the structure of a document
For example:
<bookshelf>
<book>
<title>My Life and Times</title>
<author>Felix Harrison</author>
<price>39.95</price>
</book?
</bookshelf>


XML document typically associated with a schema that
specifies what tags are allowed, their structure, and their
meaning
Adopted as the language of Web services
18
Simple Object Access Protocol
(SOAP)

Though agreeing on the meaning and
structure of XML tags makes the use of XML an
effective way to exchange data, it's not
sufficient for data interchange over the Web.


For instance, you still need some agreed-upon
protocol for formatting an XML document so that
the receiver understands what the main, "payload,"
part of the message is, and what part contains
additional instructions or supplemental content.
That's where Simple Object Access Protocol
(SOAP) comes in.
19
Simple Object Access Protocol
(SOAP)



SOAP is an XML-based protocol for exchanging
information in a distributed environment.
SOAP provides a common message format for
exchanging data between clients and services.
The basic item of transmission in SOAP is a
SOAP message, which consists of a mandatory
SOAP envelope, an optional SOAP header, and
a mandatory SOAP body.
20
SOAP Message

Soap Envelope

specifies XML namespace


encoding style –


data types recognized in
message
Header


names that can be used
in message
usually used to convey
security-related
information to be
processed
Body

Main part of message
21
SOAP Message Example –
Retrieve the Price of a Book
22
SOAP Messages

A related standard called SOAP Messages
with Attachments (SAAJ) specifies the
format of a SOAP message that includes
attachments



For example – images
SOAP messages are transported using
protocols such as HTTP or SMTP
SOAP messages are platform and
operating system independent
23
Web Service Description
Language (WSDL)


WSDL is an XML document that is a description of the
Web service’s interface
WSDL defines an XML schema for defining a Web
service




Describes the format client uses in making a request for a
service
Defines the request itself
To uncover the description of a Web service, a client
needs to find the service’s WSDL document
Most common way is for the client to find a pointer to
the WSDL document in the Web service’s registration

This is done in an UDDI registry or ebXML registry
24
Web Service Description
Language (WSDL)

Typical scenario




Business registers its service in a UDDI (Universal
Description, Discovery, and Integration) registry or
ebXML registry
Registry entry includes a pointer to the WSDL file
that contains the WSDL document for the service
Client searches the registry and finds the service
Programmer uses the interface information in the
WSDL document to construct the appropriate calls
to the service
25
UDDI

UDDI defines how to publish and discover
information about services in a UDDIconforming registry


Identifies the types of XML data structures that
comprise an entry in the registry for a service
Think of it as a “yellow pages” for Web services




Provides name of service
Brief description of what it does
Address where it can be accessed
Description of the interface for accessing the service
26
UDDI Example - BooksToGo
27
Emerging Standards

WS-Security


Standard released in March 2004
Describes security-related enhancements to SOAP
messaging that provide for message integrity and
confidentiality



Integrity means that the SOAP message is not tampered
with as it travels from a client to its final destination
Confidentiality means that a SOAP message is only seen by
intended recipients
Quite flexible and can be used with security models
and encryption technologies


Public-key infrastructure (PKI)
Secure Sockets Layer (SSL)
28
Emerging Standards

SAML



Security Markup Assertion Language
XML-based framework for exchanging
security information
Through SAML, multiple services can
exchange security information

Can do things like single sign-on for accessing
multiple, related services
29
Emerging Standards

WS-BPEL




Web Services Business Process Execution
Language
XML-based language for coordinating Web
services
Example – processing a purchase order –
involves multiple steps performed in a
specific sequence that need to act like a unit
WS-BPEL uses WSDL to describe Web
services that participate in a process and
how the services interact
30
Realizing SOA with Web
Services with Sun




Sun's Java Web Services Developer Pack 1.5 (Java WSDP 1.5) and
Java 2 Platform, Enterprise Edition (J2EE) 1.4 can be used to
develop state-of-the-art web services to implement SOA.
The J2EE 1.4 platform enables you to build and deploy web
services in your IT infrastructure on the application server
platform.
It provides the tools you need to quickly build, test, and deploy
web services and clients that interoperate with other web services
and clients running on Java-based or non-Java-based platforms.
It enables businesses to expose their existing J2EE applications as
web services.


Servlets and Enterprise JavaBeans components (EJBs) can be
exposed as web services that can be accessed by Java-based or nonJava-based web service clients.
J2EE applications can act as web service clients themselves, and
they can communicate with other web services, regardless of how
they are implemented.
31
Sun Web Service APIs
Java API for XML Processing
(JAXP)
This API lets you process XML
documents by invoking a SAX or
DOM parser in your application. JAXP
1.2 supports W3C XML Schema.
Java API for XML-based RPC
(JAX-RPC)
This is an API for building and
deploying SOAP+WSDL web services
clients and endpoints.
Java APIs for XML
Registries (JAXR)
This is a Java API for accessing
different kinds of XML registries. It
provides you with a single set of APIs
to access a variety of XML registries,
including UDDI and the ebXML
Registry. You don't need to worry
about the nitty-gritty details of each
registry's information model.
32
Sun Web Service APIs
SOAP with Attachments API
for Java (SAAJ)
This API lets you produce and
consume messages conforming to
the SOAP 1.1 specification and SOAP
with Attachments note.
JSR 109: Web services for
J2EE
JSR 109 defines deployment
requirements for web services clients
and endpoints by leveraging the JAXRPC programming model. In
addition, it defines standard
deployment descriptors using the
XML Schema, thereby providing a
uniform method of deploying web
services onto application servers
through a wide range of tools.
33
Sun Web Service APIs




With these APIs, you can focus on high-level
programming tasks, rather than low-level
issues of XML and web services.
You can start developing and using Java WSDP
1.5 and J2EE 1.4 web services without
knowing much about XML and web services
standards.
You only need to deal with Java semantics,
such as method invocation and data types.
The dirty work is done behind the scenes, as
discussed further in the next section.
34
Web Services
Publish-Discover-Invoke Model
35
Java Client Calling a
J2EE Web Service
36
J2EE 1.4 Platform Architecture
37