Web services are contemplated as self-documenting because they provide entire information regarding the available methods and parameters used for XML based standard, known as WSDL. One can also provide more information to explain web services via their own WebService and WebMethod attributes.
JAXB schema binding compiler is placed in the <JWSDP_Home>/jaxb/bin directory. In this directory, there are two scripts, xjc.sh (Solaris/Linux) and xjc.bat (Windows).
* Using the default event handler
* Register and Implement a custom event handler
* Use the ValidationEventCollector utility
There are two types of JAXB client validation that a JAXB can perform
* Unmarshal Time Validation
* On-Demand Validation
By default, the Marshaller will use “UTF-8†if jaxb.encoding property is not declared.
Marshalling is the process of converting XML document into Java readable form while UnMarshalling is the reverse process of Marshalling. Let see how Java unmarshals an XML document and then marshals it back
JAXBContext jc= JAXBContext.newInstance (“com.acme.fooâ€);
// unmarshal from foo.xml
Unmarshaller u = jc.createUnmarshaller () ;
FooObject fooObj=
(FooObject)u.unmarshal (new File (“foo.xmlâ€) );
// marshal to sytem.out
Marshaller m = jc.createMarshaller ();
m.marshal (fooObj, System.out);
As the name suggests Web Service Provider provides the web services to the various application irrespective of their background, and Web Service Requestor/ Consumer as the name suggests is the requestor for the web services.
The role of Web Service Requestor / Consumer is to utilize the pre-existing web service provided by the Web Service Provider/ Publisher. Web Service Requestor/ Consumer request the Web Service provider for the information by sending a SOAP message to the Web Service provider. Then in-Turn Web Service Publisher sends the requested information back to the requestor in the form of a SOAP message.
Java webservices is developed to build and deploy basic web service on JAVA platform.
To create a web services, there are two approaches that are adopted
* Top-down approach
* Top-up approach
The terms "Platform independent" and "Diverse Application" were related to each other because XML-RPC uses HTTP for transporting SOAP messages over the web. The HTTP is a universal standard protocol for exchanging information on the Web. Hence, it leads to Cross Platform support/ Platform independent. So because it is Platform independent, it leads to the diverse application capable of accessing the web services.
Communication protocol refers to the protocols which were used to transmit information over the web. By using Transport protocols, applications from the different background can quickly communicate with each other without knowing the inside functioning of the various systems. HTTP (Hyper-Text Transfer Protocol) can be used to implement a SOAP message whereas FTP (File Transfer Protocol) can be used as the reliable transport mechanism. SMTP and BEEP can also be used for transport mechanism.
SOAP message is not tied to any protocol. It can use any of the open Transport protocol.
There are two types of web services in total i.e. SOAP based web service and RESTful web service.
This question is already mentioned earlier.
The requirement for accessing web services from any application is that should support XML-based request and response. Hence there is no need to install any app for accessing web services.
WSDL allows extensibility elements that are used to specify binding information. Below are a few important points that should be kept into consideration while binding.
A port must not
<> Specify more than one address.
<> Specify any binding information other than address information.
Definition element is described as the root of WSDL document which defines the name of the web service as well as act as a container for all the other elements.
Yes, it is possible to bind WSDL to SOAP. The binding is possible by basically two attributes:
* Name: Defines the name of the binding.
* Type: Defines the port for the binding.
For SOAP binding, two attributes need to be declared
* Transport: Defines the SOAP protocol to be used i.e. HTTP.
* Style: This attribute can be ‘rpc’ or ‘document’.
<> Top-down SOAP Web services include creating WSDL document to create a contract between the web service and the client, with a required code as an option. This is also known as the Contract-first approach. The top-down approach is difficult to implement because classes must be written to confirm the contract defined in WSDL. One of the benefits of this method is that both the client and server code can be written in parallel.
<> Bottom-up SOAP web services require the code to be written first and then WSDL is generated. It is also known as the Contract-last approach. Since WSDL is created based on the code, the bottom-up approach is easy to implement and client codes must wait for WSDL from the server side to start working.
The security model includes the given security tokens. These tokens comprise digital signatures for protection and authentication of SOAP messages. Security tokens can be used to provide the bond between authentication secrets or keys and security identities. Security token uses the authentication protocols and an X.509 certificate to define the relationship between the public key and identity key. The signatures are used to verify the messages and their origin, generate knowledge to confirm the security tokens to bind the identity of a person to the identity of the originator. Security model prevents different attacks and can be used to protect the SOAP architecture.
<> HTTPUtils: This provides the functionality of the POST method to safely meet the requirements.
Parameter: It is an argument for a RPC call used by both the client and the server.
<> Response: It is an object that represents an RPC reply from both client and server, but the result will not be displayed until after the method call.
<> TCPTunnel: It is an object that provides the ability to listen on a specific port and to forward all the host and port names.
<> TypeConverter: It helps to convert an object of one type into another type and this is called using the class in the form object.
Synchronicity generally refers to the binding of the client to the function’s execution and it can be done in two ways i.e., synchronous and asynchronous. In Synchronous invocations, the client blocks and waits until the service complete its operation before continuing its work. In Asynchronous invocations, clients are allowed to invoke a service and execute other functions.
The web service registry is basically like a ‘phone book’ for web services. It allows client applications to be able to publish new services or can locate the already existing ones. Two widely-used registry standards are generally supported by application servers i.e., ebXML (Electronic Business using XML) and UDDI (Universal Description, Discovery, and Integration).
To ensure reliable transactions and secure confidential information, web services require a very high level of security which can be only achieved through the Entrust Secure Transaction Platform. Security issues for web services are broadly divided into three sections as described below:
<> Confidentiality: A single web service can have multiple applications and their service path contains a potential weak link at its nodes. Whenever messages or say XML requests are sent by the client along with the service path to the server, they must be encrypted. Thus, maintaining the confidentiality of communication is a must.
<> Authentication: Authentication is basically performed to verify the identity of the users as well as ensuring that the user using the web service has the right to use or not? Authentication is also done to track the user’s activity. There are several options that can be considered for this purpose
Application-level authentication
HTTP digest and HTTP basic authentication
Client certificates
<> Network Security: This is a serious issue that requires tools to filter web service traffic.
These methods are less secure and inhibit users to pass structures and objects as arguments. Also, it doesn’t allow users to pass ByRef arguments.
One can use Data Caching (System.Web.Caching.Cach) instead of Response Caching.
Response Caching is useless or incompetent when method accepts extensive amount of values because caching means to store lot of information. Also, if the method depends on external source of information, and that are not provided within the parameters then such methods are bypassed.
* Safe methods are those that do not change any resources internally. These methods can be cached and can be retrieved without any effects on the resource.
* Idempotent methods are those methods that do not change the responses to the resources externally. They can be called multiple times without any change in the responses.
Every framework requires some type of architecture to ensure that the entire framework works perfectly as desired, the same goes for web services. Web service architecture is used to assist the developer with steps and procedures that are essential to complete the creation. Web service architecture includes three distinct roles i.e., service provider, service requester, and service registry. It also includes three different operations that include:
Publish (Publication of Service Descriptions): A service description needs to be published so that the service requestor can locate and have access to it. It can be published anywhere depending upon the requirements of the application.
Find (Finding of Services Descriptions): A service description is retrieved directly by a service requestor. The requestor consults the broker to locate a web service that is already published.
Bind (Invoking of Service based on Service Description): Every service needs to be invoked. To locate, contact, and invoke the service, the service requestor initiates the interaction with the service at runtime using details of binding in the service description.
The language commonly used by UDDI is WSDL (Web Service Description Language).
While implementing Basic Authentication as part of APIs, the user must provide the username and password which is then concatenated by the browser in the form of “username: password†and then perform base64 encoding on it. The encoded value is then sent as the value for the “Authorization†header on every HTTP request from the browser. Since the credentials are only encoded, it is advised to use this form when requests are sent over HTTPS as they are not secure and can be intercepted by anyone if secure protocols are not used.
Theoretically, there is no restriction on the size of the payload that can be sent. But one must remember that the greater the size of the payload, the larger would be the bandwidth consumption and time taken to process the request that can impact the server performance.
To implement web services in .NET, HTTP handlers are used that interrupt requests to .asmx files.
First of all a web reference to the web service is created by the client in his application. Then a proxy class is generated. After that an object of the proxy class is created and at last, the web service is accessed via that proxy object.
The components that need to be published during a web service deployment are Web Application Directory, Webservice.asmx File, Webservice.Disco File, Web.Config File and Bin Directory.
As far as protocol is concerned, .NET Web Service uses HTTP, while, .NET Remoting uses any protocol i.e. TCP/HTTP/SMTP. When it comes to performance, .NET Remoting is comparatively, faster than.NET Web Service. Also, as .NET Web Services are hosted via IIS, therefore, it is far more reliable than the .NET Remoting.
The two Microsoft solutions for distributed applications are .NET Web Services and .NET Remoting.
Since we know that web services are constructed on XML standards. Therefore, clients need to have complete understanding of XML-based messages to interchange messages. Clients can communicate with web services through .NET framework that offers proxy mechanisms. These proxy mechanisms have detailed information regarding data sharing within web services that can be easily used by the clients.
ASP.NET uses a test page routinely, when one calls for the URL of .asmx file in any browser. This page shows complete information regarding web services.
.Net web services uses XML-based standards to transfer/receive information. Thus, .NET web services can only works with data types known by XML schema standard. Like FileSteam, Eventlog etc. are not recognized by the XML schema standards and hence, not supported in web services.
HTTP URL paths are used as a part of the RESTful web service, so they need to be secured. Some of the best practices are:
* Perform validation of all inputs on the server from SQL injection attacks.
* Perform user’s session-based authentication whenever a request is made.
* Never use sensitive data like username, session token password, etc through URL. These should be passed via the POST method.
Methods like GET, POST, PUT, DELETE, etc should be executed with proper restrictions.
HTTP generic error message should be invoked wherever required.
DISCO means discovery. It groups the list of interrelated web services. The organization that provides web services, issues a DISCO file on its server and that file contains the links of all the provided web services. This standard is good when client knows the company already. Also it can be used within a local network as well.
The advantages of statelessness include
* Each and every method requests are treated independently.
* Application design is simplified as it does not maintain the client’s previous interaction.
* Works with HTTP protocol as it shares the feature of being statelessness.
The disadvantage of statelessness includes
Every time client interaction takes place, web services are to be provided with extra information about each request so that they can interpret the client’s state.
There are two major implementations of JAX-RS API.
1> Jersey: Jersey is the reference implementation provided by Sun. For using Jersey as our JAX-RS implementation, all we need to configure its servlet in web.xml and add required dependencies. Note that JAX-RS API is part of JDK not Jersey, so we have to add its dependency jars in our application.
2> RESTEasy: RESTEasy is the JBoss project that provides JAX-RS implementation.
WSDL document can be accessed by appending ?wsdl to the SOAP endoint URL. In above example, we can access it at https://localhost:8888/testWS?wsdl location.
Endpoint class provides useful methods to create endpoint and publish existing implementation as web service. This comes handy in testing web services before making further changes to deploy it on actual server.
<> SOAP message has a root Envelope element
<> Envelope is an obligatory part of the SOAP message.
<> If an envelope includes a header element, it should not contain more than one.
<> Envelop version will change if the SOAP version changes.
<> The SOAP envelope is indicated by the prefix ENV and the envelope element.
<> The optional SOAP encoding is also specified using a namespace and the optional encoding style element.
Application layer and transport layers of a network are used by SOAP; HTTP and SMTP are the valid protocol of the application layer used as the transport for SOAP. HTTP is more preferable, since it works well with the current Internet infrastructure, in particular with firewalls.
The SOAP requests can be sent using an HTTP GET method while the specification only contains details about HTTP POST.
* Must use encoded XML
* Envelope namespace must be used
* Encoding namespace must be used
* Must not consist of a DTD reference
* Must not have XML processing instruction
It is a common XML document that contains the elements as a SOAP message
1. Envelope: It is an obligatory root element that translates the XML document and defines the beginning and end of the message.
2. Header: It is an optional item which contains information about the message being sent.
3. Body: It contains the XML data comprising the message being sent.
4. Fault: It provides the information on errors that occurred while during message processing.
JAX-WS stands for Java API for XML Web Services. JAX-WS is XML based Java API to build web services server and client application. It’s part of standard Java API, so we don’t need to include anything else which working with it.
Web Services work on client-server model and when it comes to choose between SOAP and REST, it all depends on project requirements. Let’s look at some of the conditions affecting our choice:
* Do you know your web service clients beforehand? If Yes, then you can define a contract before implementation and SOAP seems better choice. But if you don’t then REST seems better choice because you can provide sample request/response and test cases easily for client applications to use later on.
* How much time you have? For quick implementation REST is the best choice. You can create web service easily, test it through browser/curl and get ready for your clients.
* What kind of data format are supported? If only XML then you can go with SOAP but if you think about supporting JSON also in future then go with REST.