Transcript Web service
Lecture 15
Introduction to Web Services
Web Service Applications
Introduction
Web services are server-side programs that listen for messages from client applications and
return specific information. There are several different types of Web services that carry out
different functions:
Some provide information specific to a particular industry such as manufacturing or
healthcare;
there are portal services that use services from different providers to offer
information on a specific theme;
there are services specific to single applications, and
building block services that can be used by many different applications.
Web services give you the capability to combine, share, exchange, or plug in separate
services from various vendors and developers to form entirely new services or custom
applications created on-the-fly to meet the requirements of the client.
What was around before Web Services
Programming with the sockets API, the client had to initiate a connection to the servers and
then send and receivedata. To call some operations on the server to get results, additional
protocols are needed to describe request and response codes. Example of such so-called
application protocols are:
TCP/IP - the original machine to machine communication protocol
File Transfer Protocol (FTP) - used to move files to and from the server
Telnet - originally designed to provide a terminal access to a computer
Hypertext Transfer Protocol (HTTP).- supports file transfer and Web-based formats
Later the Remote Procedure Call (RPC) protocol was developed to simplify the use of the
sockets API and the TCP/IP protocol. One of the oldest and still most popular RPC protocols
is DCE-RPC (Distributed Computing Environment Remote Procedure Call) from what is now
called the Open Group (www.opengroup.org).
Other Services
Protocols and Communcations Architectures
CORBA - Object Management Group (OMG) initiated CORBA (Common Object Request
Broker Architecture) to provide object-orientation to network programming.
DCOM - Microsot extened the DCE-RPC rptotcol with OOP features. The Distributed
COM (DCOM) protocol made it possible to call COM components across the network and
is used in COM+ applications.
RMI - Sun Microsystems took a different route with its Java technologies. The Remote
Method Invocation (RMI) protocol can be used to call objects remotely.
SOAP - The Simple Object Access Protocol (SOAP) uses XML-based format to describe
methods and parameters to make remote calls across the network.
Client Application Types
The client of a Web service can be
a Windows application created using Windows Forms, or
an ASP.NET applications using Web Forms.
The client that uses the Web service can be running on
a Windows PC,
a UNIX/Linux system, or
a pocket PC
With the .NET Framework, Web services can be consumed in every applications typeWindows,
Web, or
console.
Application Architecture
Devices and browsers are connected through the Internet to an ASP.NET application developed
with Web Forms. This ASP.NET application uses both local and remotely accessed Web services
as shown.
Portal Web Services: Offer services from different sources (e.g. diff. companies)
Application-specific Web Services: created for a single specific application.
Building block Web Services: can be used in multiple applications
Internet
Browsers
Local Web
Services
Windows
Applications
Portal
Services
Internet
ASP.NET
Application
Devices
App Specific
Web Services
Building Block
Web Services
Web Services Definition Language (WSDL)
WSDL is an XML format for describing network services as a set of endpoints operating on
messages containing either document-oriented or procedure-oriented information. The operations
and messages are described abstractly, and then bound to a concrete network protocol and message
format to define an endpoint. Related concrete endpoints are combined into abstract endpoints
(services). WSDL is extensible to allow description of endpoints and their messages regardless of
what message formats or network protocols are used to communicate.
http://servicemix.apache.org/5-jbi.html
http://www.w3.org/TR/wsdl
Web Services Architecture
Web services make use of the platform-independent SOAP protocol. Typically a service
description is created with a WSDL document that can be designed in a way to be independent
of new versions of the Web service, and therefore the client needn't be changed.
A WSDL document has the information about the methods a Web service supports and how they
can be called, parameter types passed to the service, and parameter types returned from the
service.
Since the WSDL document can be generated dynamically, it is not necessary to deal with this
information directly.
The WSDL document, in turn, is used to create a client proxy with the same methods and
arguments. With this proxy, the client application has the advantage that it only needs to call the
methods as they are implemented in the server, because the proxy converts them to SOAP calls
to make the call across the network.
A SOAP message is the basic unit of communication between a client
and a server. It includes an evelope, which wraps all the SOAP
information in a single block.
The SOAP evelope consists of a header and a body. The header is
optional and tells how the client and server should process the body.
The SOAP server sends back the return values in the body of a SOAP
message.
SOAP Message
SOAP Envelope
SOAP Header
SOAP Body
Example WSDL Generated from ASP.NET Runtime
WROX Beginning Programming Microsoft Visual C# 2008
SOAP and Firewalls
A common question is, "Does the SOAP protocol break the security boundaries of the firewalls?"
Actually there are no more security issues with SOAP than there are with interaction with a Web
browser connected to a remote server. In other words, there is a limited, but non-zero risk.
An poorly designed or improperly implemented Web service could leak confidential data or even
crash the server. Such problems are common to all server-side applications whether they are
traditional Web pages, server-side business objects, or Web services.
If security issues are paramount, the firewall's system administrator can filter the communication
to remove or deny SOAP calls with an HTTP request.
Summary
Communication Protocols
TCP/IP
File Transfer Protocol (FTP)
Telnet
Hypertext Transfer Protocol (HTTP)
Remote Procedure Call (RPC)
Distributed Computing Environment RPC(DCE-RPC)
Other Services
CORBA
DCOM
RMI
SOAP
Web Services Definition Language (WSDL)
Security Issues - SOAP and Firewalls