Transcript Web service
Lecture 15 Introduction to Web Services Web Service Applications Introduction Web services are server-side programs that listen for messages from client applications and return specific information. There are several different types of Web services that carry out different functions: Some provide information specific to a particular industry such as manufacturing or healthcare; there are portal services that use services from different providers to offer information on a specific theme; there are services specific to single applications, and building block services that can be used by many different applications. Web services give you the capability to combine, share, exchange, or plug in separate services from various vendors and developers to form entirely new services or custom applications created on-the-fly to meet the requirements of the client. What was around before Web Services Programming with the sockets API, the client had to initiate a connection to the servers and then send and receivedata. To call some operations on the server to get results, additional protocols are needed to describe request and response codes. Example of such so-called application protocols are: TCP/IP - the original machine to machine communication protocol File Transfer Protocol (FTP) - used to move files to and from the server Telnet - originally designed to provide a terminal access to a computer Hypertext Transfer Protocol (HTTP).- supports file transfer and Web-based formats Later the Remote Procedure Call (RPC) protocol was developed to simplify the use of the sockets API and the TCP/IP protocol. One of the oldest and still most popular RPC protocols is DCE-RPC (Distributed Computing Environment Remote Procedure Call) from what is now called the Open Group (www.opengroup.org). Other Services Protocols and Communcations Architectures CORBA - Object Management Group (OMG) initiated CORBA (Common Object Request Broker Architecture) to provide object-orientation to network programming. DCOM - Microsot extened the DCE-RPC rptotcol with OOP features. The Distributed COM (DCOM) protocol made it possible to call COM components across the network and is used in COM+ applications. RMI - Sun Microsystems took a different route with its Java technologies. The Remote Method Invocation (RMI) protocol can be used to call objects remotely. SOAP - The Simple Object Access Protocol (SOAP) uses XML-based format to describe methods and parameters to make remote calls across the network. Client Application Types The client of a Web service can be a Windows application created using Windows Forms, or an ASP.NET applications using Web Forms. The client that uses the Web service can be running on a Windows PC, a UNIX/Linux system, or a pocket PC With the .NET Framework, Web services can be consumed in every applications typeWindows, Web, or console. Application Architecture Devices and browsers are connected through the Internet to an ASP.NET application developed with Web Forms. This ASP.NET application uses both local and remotely accessed Web services as shown. Portal Web Services: Offer services from different sources (e.g. diff. companies) Application-specific Web Services: created for a single specific application. Building block Web Services: can be used in multiple applications Internet Browsers Local Web Services Windows Applications Portal Services Internet ASP.NET Application Devices App Specific Web Services Building Block Web Services Web Services Definition Language (WSDL) WSDL is an XML format for describing network services as a set of endpoints operating on messages containing either document-oriented or procedure-oriented information. The operations and messages are described abstractly, and then bound to a concrete network protocol and message format to define an endpoint. Related concrete endpoints are combined into abstract endpoints (services). WSDL is extensible to allow description of endpoints and their messages regardless of what message formats or network protocols are used to communicate. http://servicemix.apache.org/5-jbi.html http://www.w3.org/TR/wsdl Web Services Architecture Web services make use of the platform-independent SOAP protocol. Typically a service description is created with a WSDL document that can be designed in a way to be independent of new versions of the Web service, and therefore the client needn't be changed. A WSDL document has the information about the methods a Web service supports and how they can be called, parameter types passed to the service, and parameter types returned from the service. Since the WSDL document can be generated dynamically, it is not necessary to deal with this information directly. The WSDL document, in turn, is used to create a client proxy with the same methods and arguments. With this proxy, the client application has the advantage that it only needs to call the methods as they are implemented in the server, because the proxy converts them to SOAP calls to make the call across the network. A SOAP message is the basic unit of communication between a client and a server. It includes an evelope, which wraps all the SOAP information in a single block. The SOAP evelope consists of a header and a body. The header is optional and tells how the client and server should process the body. The SOAP server sends back the return values in the body of a SOAP message. SOAP Message SOAP Envelope SOAP Header SOAP Body Example WSDL Generated from ASP.NET Runtime WROX Beginning Programming Microsoft Visual C# 2008 SOAP and Firewalls A common question is, "Does the SOAP protocol break the security boundaries of the firewalls?" Actually there are no more security issues with SOAP than there are with interaction with a Web browser connected to a remote server. In other words, there is a limited, but non-zero risk. An poorly designed or improperly implemented Web service could leak confidential data or even crash the server. Such problems are common to all server-side applications whether they are traditional Web pages, server-side business objects, or Web services. If security issues are paramount, the firewall's system administrator can filter the communication to remove or deny SOAP calls with an HTTP request. Summary Communication Protocols TCP/IP File Transfer Protocol (FTP) Telnet Hypertext Transfer Protocol (HTTP) Remote Procedure Call (RPC) Distributed Computing Environment RPC(DCE-RPC) Other Services CORBA DCOM RMI SOAP Web Services Definition Language (WSDL) Security Issues - SOAP and Firewalls