580 likes | 707 Views
COMS E6125 Web-enHanced Information Management (WHIM). Prof. Gail Kaiser Spring 2011. Topics covered in this lecture. Introduction to Web Services SOAP and WSDL Web Services Component Model WS-* Specifications. What Are Web Services?.
E N D
COMS E6125 Web-enHanced Information Management (WHIM) Prof. Gail Kaiser Spring 2011 COMS 6125
Topics covered in this lecture • Introduction to Web Services • SOAP and WSDL • Web Services Component Model • WS-* Specifications COMS 6125
What Are Web Services? • The Web infrastructure is increasingly used for application to application interaction (as opposed to human/browser to application interaction) • Any application that programmatically invokes computations via the Web infrastructure could be said to be using “web services” • Includes REST, particularly when using POST forms or when GET includes query (both supplying computational parameters and often implicitly executing computations beyond webpage return) • But here the term is used to mean more explicit remote procedure calls (RPC) and messaging • Can vary from simple requests (e.g., currency conversion or a weather report) to complex business systems COMS 6125
RPC vs. Messaging • Messaging has no notion of client and server - since a messaging framework concentrates on delivering a message, all nodes that accept and emit messages are considered equal in status and termed peers. RPC always has the concepts of client (caller) and server (callee). • Messaging is time-independent – peers are not expected to accept the message in real time, the middleware takes care of delivering a message to the relevant peer when it is available. RPC, however, fails instantly when one party goes down. • Messages can be duplicated and delivered to multiple peers quite easily. While RPC is essentially a one-with-one communication strategy, messaging is far more flexible and can deliver copies of the same message without any effort from the emitter. COMS 6125
Web Services Standards • Enable building Web-based applications using any platform, object model and programming language • Or add an Internet-capable interface to a legacy system • Allow any piece of software to communicate using a standardized XML messaging system (SOAP) • Once a Web Service is deployed with a machine readable interface (WSDL), other applications and Web Services can invoke that service COMS 6125
Example Web Service http://www.webservicex.net/WS/WSDetails.aspx?WSID=68&CATID=12 COMS 6125
Steps to Creating and Using a Web Service • Service provider creates a service or application • Service provider defines a corresponding Web Service Description • Service requester writes the code to access the Web Service, using the protocol, input/output parameters and message exchange pattern specified in its Web Service Description COMS 6125
Simple Object Access Protocol (SOAP) • Written in XML • Initially conceived as the minimal possible infrastructure necessary to perform RPC over the Web (predecessor XML-RPC), also supports messaging • Defines a mechanism to pass commands and parameters between requesters and providers • Independent of the platform, object model and programming language • SOAP messages transported over HTTP are firewall-friendly and relatively easy to debug (XML text rather than binary stream) • But verbose and inefficient (i.e., slow) compared to alternative distributed computing infrastructures (e.g., CORBA, DCOM) COMS 6125
SOAP Message Structure • A message is seen as an envelope that contains the data to be sent (+ control) • The envelope has two parts, header (optional) and body (mandatory) • The header is for infrastructure level data and control • The body is for application level data SOAP Envelope SOAP Header Header subelements SOAP Body Body subelements COMS 6125
SOAP Header • The header contains administrative and control information • Typical uses: transaction identifiers, security certificates, processing instructions for intermediaries • Target of most WS-* specifications COMS 6125
SOAP Body • The applications (sender and receiver) agree upon operation signatures • The body of the SOAP message contains the actual call: the procedure name and its input parameters • The body of a response message contains the output parameters and optional “result” (analogous to return value) COMS 6125
SOAP Envelope Structure <env:Envelope xmlns:env=“http://schemas.xmlsoap.org/soap/envelope/”> <env:Header> <!-- content of header goes here (optional) --> </env:Header> <env:Body> <!-- content of body goes here (mandatory) --> </env:Body> </env:Envelope> XML namespace that defines SOAP tags <env:Envelope xmlns:env=“http://schemas.xmlsoap.org/soap/envelope/”> <env:Body> <et:eTicket xmlns:et=“http://www.acme-travel.com/eticket/schema”> <et:passengerName first=“Gail” last=“Kaiser”/> <et:flightInfo airlineName=“ZZ” flightNumber=“9999” departureDate=“2011-02-15” departureTime=“1234”/> </et:eTicket> </env:Body> </env:Envelope> The XML schema that defines the travel application types COMS 6125
SOAP Request Example POST /travelservice HTTP/1.1 Content-Type: application/soap+xml; charset=“utf-8” Content-Length: nnnn <env:Envelope xmlns:env=“http://schemas.xmlsoap.org/soap/envelope/”> <env:Body> <m:GetFlightInfo xmlns:m=“http://www.acme-travel.com/flightinfo” env:encodingStyle=“http://schemas.xmlsoap.org/soap/encoding/” xmlns:xsd=“http://www.w3.org/2001/XMLSchema” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”> <airlineName xsi:type=“xsd:string”>ZZ</airlineName> <flightNumber xsi:type=“xsd:int”>9999</flightNumber> </m:GetFlightInfo> </env:Body> </env:Envelope> COMS 6125
SOAP Response Example HTTP/1.1 200 OK Content-Type: application/soap+xml; charset=“utf-8” Content-Length: nnnn <env:Envelope xmlns:env=“http://schemas.xmlsoap.org/soap/envelope/”> <env:Body> <m:GetFlightInfoResponse xmlns:m=“http://www.acme-travel.com/flightinfo” env:encodingStyle=“http://schemas.xmlsoap.org/soap/encoding/” xmlns:xsd=“http://www.w3.org/2001/XMLSchema” xmlns:xsi=“http://www.w3.org/2001/XMLSchema-instance”> <flightInfo> <gate xsi:type=“xsd:int”>1337</gate> <status xsi:type=“xsd:string”>ON TIME</status> </flightInfo> </m:GetFlightInfoResponse> </env:Body> </env:Envelope> COMS 6125
SOAP Fault Message • In the case of failure, the contents of the SOAP response envelope will generally be a Fault message, along the lines of: <env:Body> <env:Fault> <env:Code> <env:Value>env:Sender</env:Value> <env:Subcode> <env:Value>rpc:BadArguments</env:Value> </env:Subcode> </env:Code> <env:Reason> <env:Text xml:lang="en-US">Processing error</env:Text> </env:Reason> <env:Detail> … </env:Detail> </env:Fault> </env:Body> COMS 6125
Web Services Description Language (WSDL) • Written in XML • Used to define an individual Web service • The operations offered by the service (what) • The mechanisms to access the service (how) • The location of the service provider (where) • Analogous to interfaces • Often used to generate parts of the client (requester) and server (provider) code COMS 6125
WSDL Structure • Abstract part: port types (operations), messages (operation request/response parameters), data types • Concrete part: transport and wire format, network endpoint WSDL specification abstract part types messages port types concrete part <definitions name=“ServiceName”> <types> data types used... </types> <message> parameters used... </message> <portType> set of operations performed... </portType> <binding> communication protocols and formats used... </binding> <service> set of ports to service provider endpoints </service> </definitions> bindings services & ports COMS 6125
WSDL Types • <types> element defines the data types that are used by the web service and exchanged in messages • Uses XML Schema syntax to define data types <types> <complexType name="CompanyInfo"/> <element name="CompanyName" type="xsd:string"/> <element name="Address" type="xsd:string"/> </complexType> <complexType name="ReimbursementRequest"/> <element name="amount" type="xsd:float"/> <element name="date" type="xsd:string"/> </complexType> ... </types> COMS 6125
WSDL Messages • <message> element defines the operation signatures • Each message can consist of one or more parts and zero or more attachments • Each part must have a name and a type • The parts and attachments are analogous to the parameters of a function call in a traditional programming language <types> ... </types> <message name="ReimbursementRequestInput"> <part name="employeeId" type="xsd:string"/> <part name="info" type="ReimbursementRequest"/> <attachment name="hotelReceipt" uri="uri to image of hotel receipt"/> <attachment name="carRentalReceipt" uri="uri to image of rental car receipt"/> </message> COMS 6125
WSDL Port Types • <portType> element defines the actual operations that can be performed and the messages that are involved • Can be compared to a function library (or a module or a class) in a traditional programming language <portType name=“anyname”> <operation name="Reimburse"> <input message="ReimbursementRequestInput"/> </operation> <operation> ... </operation> <operation> ... </operation> <operation> ... </operation> ... </portType> COMS 6125
Types of Port Operations • Syntactically, an operation is a combination of input and output (and fault) messages indicating what role a message plays in the interaction • Each operation represents a message exchange pattern supported by the Web Service • A service requester's behavior in the transient period between two related messages defines the synchronous/asynchronous behavior in the client API. • In the synchronous case, invocation at the client API would block, and wait until the related message arrives at the destination. • In the asynchronous case, the client invocation continues without blocking, and when a related message arrives, it is correlated with earlier messages. COMS 6125
Message Exchange Patterns • One-way (in-only, fire and forget): The operation can receive a message but will not return a response (asynchronous) • Notification: The operation can send a message but will not wait for a response (asynchronous) • Request-response (in-out, rpc): The operation can receive a request and will return a response (synchronous) • Solicit-response: The operation can send a request and will wait for a response (synchronous) COMS 6125
WSDL Concrete Elements • Binding the interface to a transport protocol - What communication protocol to use to transport service requests and responses (e.g., SOAP over HTTP, HTTPS, SMTP, JMS) • The collection of operations provided by each binding - How to accomplish individual service interactions over this protocol • The endpoint or network address of the binding - Where to terminate communication (i.e., the network address of the service provider) COMS 6125
Example SOAP Binding <binding name=“AirportServiceSoapBinding” type=“tns:AirportServicePortType”> <soap:binding transport=“http://schemas.xmlsoap.org/soap/http”/> <operation name=“GetFlightInfo”> <soap:operation style=“rpc” soapAction=“http://acme-travel/getflightinfo”/> <input> <soap:body use=“encoded” namespace=“http://acme-travel.com/flightinfo” encodingStyle=“http://schemas.xmlsoap.org/soap/encoding/”/> </input> <output> <soap:body use=“encoded” namespace=“http://acme-travel.com/flightinfo” encodingStyle=“http://schemas.xmlsoap.org/soap/encoding/”/> </output> </operation> <operation name=“CheckIn”> <soap:operation style=“document” soapAction=“http://acme-travel.com/checkin”/> <input> <soap:body use=“literal”/> </input> </operation> </binding> <service name=“travelservice”> <port name=“travelservicePort” binding=“tns:AirportServiceSoapBinding”> <soap:address location=“http://acmetravel.com/travelservice”/> </port> </service>
So Now We Have Web Services • Web Services = distributed applications, services and components, described using XML-encoded WSDL interfaces, that process XML-encoded SOAP messages • XML, SOAP and WSDL constitute baseline specifications that provide a foundation for application integration • Analogous to CORBA, COM or Java RMI, but using web infrastructure COMS 6125
Example Web Service http://www.webservicex.net/WS/WSDetails.aspx?WSID=68&CATID=12 COMS 6125
So Now We Have Web Services • Web Services = distributed applications, services and components, described using XML-encoded WSDL interfaces, that process XML-encoded SOAP messages • XML, SOAP and WSDL constitute baseline specifications that provide a foundation for application integration • Analogous to CORBA, COM or Java RMI, but using web infrastructure COMS 6125
But… • Additional standards beyond this baseline become necessary as WS applications become more complex, integrating multiple components across multiple organizations • Otherwise, WS developers are compelled to implement higher-level functionality in proprietary and often non-interoperable ways COMS 6125
Composable Services • Specialized Web Service specifications that are independent but can be combined • For example, it is possible to independently add transaction identifiers and reliable messaging sequence numbers • The two extensions do not conflict with each other and are compatible with pre-existing message structures • Developers and providers can integrate selected specifications that fulfill the requirements of their communicating processes COMS 6125
SOAP Inherently Supports Composition • SOAP uses a regular, multi-part message structure: New message elements supporting new services may be added to message headers in a manner that does not alter the processing of existing functionality • SOAP body is for the ultimate recipient, SOAP header blocks may be targeted at any entity along the message path COMS 6125
Addressing • Messages and responses both go somewhere and come from somewhere (and errors also need to be reported somewhere) • By default, SOAP encodes the destination for a message with a URL placed in the HTTP transport • The destination for the response is determined by the HTTP return address • Builds on the basic browser-server model COMS 6125
Addressing • The source and destination information are not part of the message itself • But information can be lost if a transport connection terminates (e.g., if the response takes a long time and the connection times out) • Or if the message is forwarded by an intermediary, perhaps routed over multiple transports • Also does not allow for directing a response to a third party (e.g., request sent over HTTP but returned via SMTP) COMS 6125
WS-Addressing • Provides a mechanism to place the target, source and other addressing information directly within the message • Decouples address information from any specific transport model • Supports asynchronous communication patterns, both short and extended duration • Across multiple endpoint references • Does not match very well the request/response model over a single HTTP connection (see blog entry), more applicable to other transports • That is, messaging rather than RPC COMS 6125
Message Addressing Properties • To -- message destination • Action -- an action value indicating the semantics of the message, corresponds to WSDL porttype • From -- the endpoint of the service that dispatched this message (may be Anonymous, for two-way transport) • ReplyTo -- the endpoint to which reply messages should be dispatched • FaultTo -- the endpoint to which fault messages should be dispatched • Unique MessageId, required if there will be any response • RelatesTo previous messages (indicating previous From and MessageId) COMS 6125
Security Requirements • A sends a message to service B • B partially processes the message and forwards it to service C • HTTPS allows authentication, integrity and confidentiality between A-B and B-C • However, C and A cannot authenticate each other, or hide information from B • For A, B and C to use userid/password for authentication, they must share the same replicated user and password information • Instead need “end to end” security COMS 6125
WS-Security • Defines mechanisms for associating security related claims with a message • Signed, encrypted security tokens • Username/password (BASIC-Auth) • x509 certificates (public key infrastructure) • Kerberos tickets (secret key) • XrML eXtensible rights Markup Language (digital property rights) • SAML Security Assertion Markup Language (single sign-on) COMS 6125
WS-Security • A can generate a token that C can verify as having come from A, B cannot forge the token • A can sign selected elements or the entire message, this allows B and C to confirm that the message has not changed since A sent it • A can seal the message or selected elements, this ensures that only the intended service for those elements can use the information - prevents B from seeing information intended for C and vice versa COMS 6125
Reliable Messaging • In an Internet world, almost all communication channels are unreliable - messages disappear or are duplicated, connections break • Without a reliable messaging standard, WS application developers must build these functions into their applications • The basic approaches and techniques are well understood, e.g., many middleware systems ensure messages have unique identifiers, provide sequence numbers, and retransmit when messages are lost • If WS developers implement these models in their applications, they may make incompatible assumptions or design choices, resulting in little if any reliable messaging COMS 6125
WS-ReliableMessaging • Defines mechanisms that enable Web Services to ensure delivery of messages over unreliable communication networks • Supports bridging multiple different infrastructures into a single, logically complete, end-to-end model COMS 6125
WS-ReliableMessaging • The RM Source MUST assign each reliable message a sequence number beginning at 1 and increasing by exactly 1 for each subsequent reliable message • Every acknowledgement issued by the RM Destination MUST include within that acknowledgement the range or ranges of the sequence numbers of every message successfully received and MUST exclude sequence numbers of any messages not yet received COMS 6125
WS-ReliableMessaging • Delivery Assurances – AtMostOnce, AtLeastOnce, ExactlyOnce, InOrder • Protocol Elements – Sequence, Sequence Acknowledgement, Request Acknowledgement, Sequence Creation, Sequence Termination • Policy Assertions – SequenceCreation, SequenceExpiration, InactivityTimeout, RetransmissionInterval, AcknowledgementInterval COMS 6125
Another Component Service: Transactions • A complex business scenario may require multiple parties to exchange multiple sets of messages • The multiple messages exchanged between participants constitute a logical "task" or "objective" • The parties must be able to: • Start new coordinated tasks. • Associate operations with their logical task - the parties may be performing multiple such tasks at the same time • Agree on the outcome of the computation COMS 6125
WS-Coordination • General mechanism for starting and agreeing on the outcome of multi-party, multi-message WS tasks • Coordination context is a message element that flows on all messages that Web Services exchange during the computation • The coordination context contains the WS-Addressing endpoint reference to the coordination service and the endpoint contains information to identify the specific task being coordinated COMS 6125
Coordination Service • Starts a coordinated task, terminates a coordinated task, allows a participant to register in a task, and produces a coordination context that is part of all messages within a group • Includes an interface that participating services use in order to be informed of the outcome of the coordinated task COMS 6125
WS-AtomicTransaction • Defines a specific set of protocols that plug into WS-Coordination to implement traditional atomic transactions • For activities that require the traditional atomic, consistent, isolated and durable (ACID) properties • Usually short-lived COMS 6125