Interoperable Web Services with JAX-WS

Metro: JAX-WS, WSIT and REST
Carol McDonald
Java Architect
Sun Microsystems

About the Speaker
Carol cDonald:
Java Architect at Sun Microsystems
Before Sun, worked on software development of:
Application to manage car Loans for Toyota (>10 million loans)
Pharmaceutical Intranet apps ( Roche Switzerland)
Telecom Network Mgmt ( Digital France)
X.400 Email Server ( IBM Germany)

Agenda
Metro
JAX-WS
WSIT
REST:
JAX-RS

Project Metro
Project Metro = Java.net project for GlassFish Web Services stack
http://metro.dev.java.net
Can also be used outside of Glassfish
key components of Metro:
JAX-WS and WSIT

http://glassfish.dev.java.net

JAX-WS
In addition to Glassfish,
JAX_WS can be used as WS stack with JBoss, WebLogic Server 10, Apache Tomcat , Jetty , and Java SE , TmaxSoft JEUS 6, Spring

Sun’s Web Services Stack Metro: JAX-WS , WSIT JAXB = Java Architecture for XML Binding | JAX-WS = Java APIs for XML Web Services NetBeans JAX-WS Tooling Transactions Reliable- Messaging Security Metadata WSDL Policy Core Web Services HTTP TCP SMTP JAXB, JAXP, StaX JAX-WS WSIT tools transport xml

Agenda
Metro
JAX-WS
WSIT
REST

JAX-WS
easy to use J ava A PI for X ML W eb S ervices
Replaces JAX-RPC
Just Add @ annotation to Plain Old Java Object (POJO)
XML Descriptor-free programming
Layered Architecture
SOAP 1.2 (document/literal)
Uses JAXB for data binding
Part of Java SE 6 and Java EE 5 platforms

JAX-WS Standards
JSR 224 Expert Group:
ATG BEA Capgemini Developmentor IBM Intalio IONA Motorola Nokia Novell NTT Oracle Pramati Red Hat SAP SeeBeyond Sonic Software Sun Tmax Trifork WebMethods

Developing a Web Service Starting with a Java class war or ear @WebService POJO Implementation class Servlet-based or Stateless Session EJB Optional handler classes Packaged application (war/ear file) You develop Service contract WSDL Deployment creates JAXB and JAX-WS files needed for the service

Example: Servlet-Based Endpoint @WebService public class CalculatorWS { public int add (int a, int b) { return a+b; } }
All public methods become web service operations
WSDL/Schema generated at deploy time automatically
Default values for WSDL service name, etc.

Service Description default mapping
Java mapping -> WSDL:
public class CalculatorWS { public int add ( int i , int j ){ } }
< portType name=" CalculatorWS ">
< operation name=" add ">
< input message=" tns:add " />
< output message=" tns:addResponse " />
< /operation >
< /portType >
PORT TYPE = ABSTRACT INTERFACE OPERATION = METHOD MESSAGE = PARAMETERS AND RETURN VALUES

Customizability via Annotations @WebService( name= "Calculator", portName= "CalculatorPort", serviceName= "CalculatorService", targetNamespace= "http://calculator.org" ) public class CalculatorWS { @WebMethod (operationName=”addCalc”) public int add ( @WebParam (name=”param1”) int a, int b) { return a+b; } }

Example: EJB 3.0-Based Endpoint
It's a regular EJB 3.0 component so it can use EJB features
Transactions, security, interceptors ...
@WebService @Stateless public class Calculator { public int add(int a, int b) { return a+b; } }

Developing a Web Service Starting with a WSDL wsimport tool @WebService SEI Interface @WebService( endpointInterface ="generated Service") Implementation class Servlet-based or Stateless Session EJB endpoint model Packaged application (war/ear file) Service contract WSDL Generates You develop

Generating an Interface from WSDL
WSDL->Java generation:
@WebService public interface BankService { @WebMethod public float getBalance (String acctID,String acctName) throws AccountException; }
< portType name=" BankService ">
< operation name=" getBalance ">
<input message="tns:getBalanceInput" />
<output message="tns:getBalanceOutput" />
<fault name="AccountException"
message="tns:AccountException"/>
</operation>
</portType>
PORT TYPE = INTERFACE OPERATION = METHOD MESSAGE = PARAMETERS

Implementing a Web Service for a Generated Interface @WebService( endpointInterface =" generated.BankService ", serviceName =" BankService ") public class BankServiceImpl implements BankService { ... public float getBalance (String acctID, String acctName) throws AccountException { // code to get the account balance return theAccount.getBalance(); } }

Server Side CalculatorWS Web Service E ndpoint Listener Soap binding @Web Service Soap request publish 1 2 3 4 5 6 7 8

Runtime:
Java types WSDL, XML Schema
JAX-WS uses JAXB for data binding
Runtime: JAXB un/marshalls the payload
WSDL XML Schema XML Document unmarshal marshal Generate for development Java Objects follows

Add Parameter
Next slide Look at schema and JAXB class for add parameter
public class CalculatorWS { public int add ( int i , int j ){ } }
< input message=" tns:add " />
< output message=" tns:addResponse " />
< /operation >
< /portType >
PORT TYPE = ABSTRACT INTERFACE OPERATION = METHOD MESSAGE = PARAMETERS AND RETURN VALUES

JAXB XML schema to Java mapping
package calculator.jaxws;
import javax.jws.WebService;
@XmlRootElement (name = "add" )
public class add {
@XmlElement (name = " i ")
private int i ;
@XmlElement (name = " j ")
private int j ;
public int getI () {
return this.i;
}
public void setI (int i){
this.i = i;
}
}
<?xml version="1.0" encoding="UTF-8" standalone="yes"? >
<xs: schema version="1.0" >
<xs: element name=" add " type="tns:add"/>
<xs: element name=" addResponse " type="tns:addResponse"/>
<xs: complexType name=" add ">
<xs: sequence >
<xs: element name=" i "
type="xs: int "/>
<xs: element name=" j "
type="xs: int "/>
</xs:sequence>
</xs:complexType>
</xs:schema>

Client-Side Programming wsimport tool @WebService Dynamic Proxy Service contract WSDL Generates You develop Client which calls proxy

Example: Java SE-Based Client
code is fully portable
CalculatorService is defined by the specification
Internally it uses a delegation model
CalculatorService svc = new CalculatorService() ; Calculator proxy = svc. getCalculatorPort(); int answer = proxy.add (35, 7); Factory Class Get Proxy Class Business Interface

WSDL Java mapping
package calculator;
import javax.jws.WebService;
@WebService
public class CalculatorWS {
public int add ( int i, int j) {
return i + j;
}
}
<input message="tns:add"/>
<output message="tns:addResponse"/>
</operation>
</portType>
< binding name="CalculatorWSPortBinding" type="tns: CalculatorWS ">
<soap:binding transport="soap/http" style="document"/>
....
</operation>
</binding>
< service name=" CalculatorWSService ">
< port name=" CalculatorWSPort " binding="tns:CalculatorWSPortBinding">
< soap:address location =
"http://CalculatorWSService" />
</port>
</service>
Factory Class Proxy Class Business Interface

WSDL to Dynamic Proxy mapping Service Port PortType Binding 1..n 1 1 1..n 1..n
CalculatorWSPort
CalculatorWS
Class
CalculatorWSService
Add Method Parameters Business Interface Factory Class Proxy Class Operation Message

Example: Java EE Servlet Client No Java Naming and Directory Interface™ API ! public class ClientServlet extends HttpServlet { @WebServiceRef (wsdlLocation = "http://.../CalculatorWSService?wsdl") private CalculatorWSService service; protected void processRequest( HttpServletRequest req, HttpServletResponse resp) { CalculatorWS proxy = service.getCalculatorWSPort(); int i = 3; j = 4; int result = proxy.add (i, j); . . . } } Get Proxy Class Business Interface Factory Class

Client Side CalculatorWS Web Service extends Dynamic Proxy S ervice E ndpoint I nterface Invocation Handler JAXB JAXB return value parameters getPort 1 2 3 6 Soap request Soap response 4 5

SOAP Request
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Header/>
<S:Body>
<ns2: add xmlns:ns2="http://calculator.me.org/">
<i>4</i>
<j>3</j>
</ns2:add>
</S:Body>
</S:Envelope>
http://localhost:8080/CalculatorWSApplication/CalculatorWSService

SOAP Response
<?xml version="1.0" encoding="UTF-8"?>
<S:Envelope xmlns:S="http://schemas.xmlsoap.org/soap/envelope/">
<S:Body>
<ns2: addResponse xmlns:ns2="http://calculator.me.org/">
<return>7</return>
</ns2:addResponse>
</S:Body>
</S:Envelope>

JAX-WS Layered Architecture Calls Into Implemented on Top of Messaging Layer: Dispatch/Provider Application Code Strongly-Typed Layer: @ Annotated Classes
Upper layer Easy to use with annotations
Lower layer, API-based, more control
For advanced scenarios

Lower Level
Lower layer, API-based, more control:
Client XML API: Dispatch Interface
one-way and asynch calls available
Server XML API: Provider Interface:
Can use JAXB, JAXP, SAAJ to get message contents
Message or Payload access
May be used to create RESTful clients/services

Client-side Messaging API: Dispatch Interface one-way and asynch calls available: // T is the type of the message public interface Dispatch < T > { // synchronous request-response T invoke(T msg); // async request-response ( polled for completion) Response<T> invokeAsync(T msg); Future<?> invokeAsync(T msg, AsyncHandler<T> h); // one-way void invokeOneWay(T msg); }

Client-side Example: Dispatch Using PAYLOAD import javax.xml. transform.Source ; import javax.xml. ws.Dispatch ; private void invokeAddNumbers(int a,int b) { Dispatch <Source> sourceDispatch = service.createDispatch (portQName, Source.class, Service.Mode.PAYLOAD ); StreamSource request =new StringReader(xmlString); Source result = sourceDispatch.invoke (request)); String xmlResult = sourceToXMLString(result); }

Server-side Messaging API: Provider // T is the type of the message public interface Provider< T > { T invoke(T msg, Map<String,Object> context); }
Message or Payload access
Use @ServiceMode to select a mode for the message type

Server-sideExample: Payload Mode, No JAXB @ServiceMode(Service.Mode. PAYLOAD ) public class MyProvider implements Provider < Source > { public Source invoke( Source request, Map<String,Object> context) { // process the request using XML APIs, e.g. DOM Source response = ... // return the response message payload return response; } }

JAX-WS Commons https://jax-ws-commons.dev.java.net/
Convenient Extensions, utility code , useful Plugins :
Spring support
Stateful Web Service
Multiple Service Instances
HTTP Session-scope service
Thread scope service (thread local)
JSON Encoding
Server-Side Asynchrony

JAX-WS 2.1 Performance vs Axis 2.1

Agenda
Metro
JAX-WS Standards
WSIT
REST

WSIT: Web Services Interoperability Technology Complete WS-* stack Enables interoperability with Microsoft .NET 3.0 WCF

Sun’s Web Services Stack Metro: JAX-WS , WSIT JAXB = Java Architecture for XML Binding | JAX-WS = Java APIs for XML Web Services NetBeans JAX-WS Tooling Transactions Reliable- Messaging Security Metadata WSDL Policy Core Web Services HTTP TCP SMTP JAXB, JAXP, StaX JAX-WS WSIT tools transport xml

WSIT (Web Services Interoperability Technology) Project Tango Features
Enables interoperability with Microsoft .NET 3.0
Bootstrapping communication
End-to-end reliability
Atomic transactions
End-to-end security
Trust
Optimized security

Metro WSIT Reliable Messaging

WS-ReliableMessaging JAX-WS/WCF Server Runtime JAX-WS/WCF Client Runtime Application Message Ack Protocol Message buffer buffer
RMSource handles sending and re-sending
RMDestination handles reconstructing the stream of messages

Brings reliability to SOAP (protocol) layer
Transparent to application
Delivery assurance
At least once
At most once
In order
End-to-End Reliability WS-ReliableMessaging

Configuration with NetBeans

Reliable Transport Alternatives
SOAP messages are transport agnostic
Change the transport, change the binding
Metro Transports (Htttp standard):
JMS
SMTP
SOAP over TCP
For more information
https://jax-ws.dev.java.net/transport.html

Metro WSIT Transactions

Java™ Transaction Service Application Server Transaction Service Application UserTransaction interface Resource Manager XAResource interface Transactional operation TransactionManager Interface Resource EJB Transaction context

WS-AtomicTransaction defines set of transaction coordination protocols
Supports two phase commit for web service operations:
all operations invoked within an atomic transaction succeed or are all rolled back .
WS-Coordination protocols coordinate the actions of distributed web services
For Commit: Coordinator asks if each system is ready to complete
If all concur, coordinator tells systems to complete
Otherwise, coordinator tells systems to rollback
WSIT Transaction coordination

WSIT and WCF Co-ordinated transaction 4a: WS-AT Protocol 3: TxnCommit 2c: WS-Coor Protocol 2b: Register 4b: XA Protocol 4b: XA Protocol 2a: Invoke 1: TxnBegin

an Atomic Transaction Context is created the first time a transacted Web service operation is invoked within a JTA transaction scope
01 @Resource
02 javax.transaction.UserTransaction ut;
03
04 ut.begin();
05 bankWebService.makeWithdrawl();
06 ...
07 ut.commit();.
WSIT Support on Transaction
Transaction
Context
created

Transactions in Action @WebService @Stateless public class Wirerer { @TransactionAttribute(REQUIRED) void wireFunds(...) throws ... { websrvc1.withdrawFromBankX(...); websrvc2.depositIntoBankY(...); } }

Metro WSIT Security

Digital Certificate
Identity data signed by a Certification Authority. Provides a Trusted source of identification.
Version # Serial # Signature Algorithm Issuer Name Validity Period Subject Name Subject Public Key Issuer Unique ID Subject Unique ID Extensions Digital Signature X.509 Certificate
Digital ID
Electronic Proof of Identity
Issued and signed by Certifying Authority
Public, Private keys
Makes security protocols work
SSL
CA Authorized

Encryption Receiver Public Key Receiver Private Key
XML Encryption (data confidentiality)
Only the private key can decrypt
Asymmetric keys Public Encryption Original Document Encrypted Document Private Decryption Original Document Sender Receiver

Digital Signature Transform Transform Sender Sender's Private Key Sender's Public Key
XML Signature (data integrity)
Bind the sender’s identity to an XML document
Private Encryption XML data Signature Public Decryption XML data Receiver

SSL Key Exchange Server Client connects Browser generates symetric session key Use session key to Encrypt data
Browser and Server use Session Key B to encrypt all data exchanged over the Internet

Security
Before WS-Security
Only SSL:
WS-Security
Security at SOAP (protocol) layer
Fine granularity possible
Only sign/encrypt credit card # (e.g., XML subtree)
Works on non-TCP/IP transports
Integrity, Confidentiality, Auth
W3C XML Signature/Encryption
SSL/HTTPS
Security at transport layer
Point-to-point
Encrypts session

WS-Security: SOAP Message Security
WS-Security defines:
Encrypting and signing message parts:
XML Signature and XML Encryption in SOAP Header
How to pass security tokens
(token=security information identifies the msg sender )
UserName/Password token
X.509 certificates
SAML
Kerberos tickets
SOAP Envelope SOAP Envelope Header SOAP Envelope Body WS-Security Header Security Token Business Payload

request data response data authentication data SAML assertions https/ssl (optional) digital certificate Security Architecture Message Level Security (signature and encryption) web services client SOAP client signed & encrypted data web services server SOAP server SOAP service security server authentication authorization signature validation data encryption digital certificate request data data decryption/ encryption signature validation

Security
Before WS-Security
WS-Security
Security at SOAP message layer
XML Signature/Encryption
Only sign/encrypt part of msg
Works on different transports
Work with intermediaries
SSL/HTTPS
Security at transport layer
All or nothing granularity
Point-to-point

WS-Trust framework for:
Issue, Validate, Exchange security tokens used by WS-Security
Establish and broker trust relationships
Trust

WS-Trust
Issue
Trust Trust Relation Identity Store WS Client WS Service Security Token Service 1) WS-Trust Issue() 2) token returned <S11:Envelope xmlns:S11="..." xmlns:wsse="..."> <S11:Header> <wsse:Security> .Security Token = AuthN+AuthZ+signatures </wsse:Security> </S11:Header> <S11:Body wsu:Id="MsgBody"> .. App data </S11:Body> </S11:Envelope>

WS-Trust
Exchange
Trust

WS-Trust
Validate
Establish and broker trust relationships
Trust .NET service Java client

.NET Trust Authority Trust Authority Sun Managed Microsoft Managed Project GlassFish ™ Retail Quote Service Project GlassFish Wholesale Quote Service .Net Wholesale Service Java EE Platform With Project Tango WCF Client Java Client WS-Trust WS-T Trust QOS Security Interop.

How to Establish a Secure SESSION
For multiple message exchanges
Create shared symmetric session key
Optimizes processing
WS-SecureConversation Optimized Security security context token Use generated symmetric session key

WS-Policy <wsdl…> <policy…> … </policy> … </wsdl> <wsdl…> <policy…> <security-policy> … </security-policy> <transaction-policy> … </transaction-policy> <reliability-policy> … </reliability-policy> … </policy> … </wsdl>

Metro: Bootstrapping

WS-Metadata Exchange Bootstrapping Communication
< mex >
…
< /mex >
< wsdl …>
< policy …>
…
</policy>
…
</wsdl>
WS-MetadataExchange supports:
discovery of WSDL documents
WS-Policy settings
WS-MetadataExchange WS-Transfer/MEX WSDL

Bootstrapping Communication JAX-WS wsimport WCF or WSIT-based Service Creates Client Proxy WS-Transfer/MEX WSDL WS-MetadataExchange
WS-MetadataExchange protocol supports:
discovery of WSDL documents
metadata exchange is handled by wsimport utility of WSIT and is transparent to developers

Proxy Generation Bootstrapping Communication <wsdl…> <policy…> < security-policy > … </security-policy> < transaction-policy > … </transaction-policy> < reliability-policy > … </reliability-policy> … </policy> … </wsdl>

End-to-End Messaging

No runtime APIs for WSIT
Use JAX-WS and EJB APIs
Developer/deployer supplies config file to enable/control Project Tango components
Config file written by hand or produced by Project Tango NetBeans software module
WSIT (Project Tango) Programming Model

WSIT NetBeans Module By Hand Other IDEs 109 Deployment META-INF/wsit-*.xml Service Servlet Deployment WEB-INF/wsit-*.xml WSIT Server-Side Programming Model WSIT Config File wsit-*.xml
No runtime APIs for WSIT
Use JAX-WS and EJB APIs
Config file written by hand or produced by NetBeans enable/control WSIT

WSIT Client Programming Model 109 Service Wsimport Client Artifacts WSIT Config File wsit-*.xml WSIT NetBean Module By Hand Other IDEs MEX/ GET WDSL MEX/ GET

Agenda
Metro
JAX-WS Standards
WSIT
REST with JAX-RS

API: JAX-RS
Standardized in the JSR 311
Will be included in Java EE 6
EG members
Alcatel-Lucent, BEA, Day Software, Fujitsu, innoQ, Nortel, Red Hat
Experts in Atom, AtomPub, WebDAV, HTTP, REST, Restlet
Group started in April 2007

REpresentational State Transfer Get URI Response XML data = RE presentational S tate T ransfer

REST Tenets
RE presentational S tate T ransfer
Resources (nouns)
Identified by a URI , For example:
http://www.parts-depot.com/parts
Methods (verbs)
Small fixed set:
Create, Read, Update, Delete
State Representations
data and state transferred between client and server
XML, JSON...

HTTP Example Request GET /customers HTTP/1.1 Host: media.example.com Accept : application/ xml Response HTTP/1.1 200 OK Date: Tue, 08 May 2007 16:41:58 GMT Server: Apache/1.3.6 Content-Type : application/xml; charset=UTF-8 <?xml version="1.0"?> <customers xmlns="…"> <customer>…</customer> … </customers>
Resource
Method
Representation

Verb Noun Create POST Collection URI Read GET Collection URI Read GET Entry URI Update PUT Entry URI Delete DELETE Entry URI CRUD to HTTP method mapping 4 main HTTP methods CRUD methods

Example
Customers
/customers/
/customers/{id}/
URI Templates are URIs with variables within the URI syntax.

Customer Resource Using Servlet API public class Artist extends HttpServlet { public enum SupportedOutputFormat {XML, JSON}; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String accept = request.getHeader("accept").toLowerCase(); String acceptableTypes[] = accept.split(","); SupportedOutputFormat outputType = null; for (String acceptableType: acceptableTypes) { if (acceptableType.contains("*/*") || acceptableType.contains("application/*") || acceptableType.contains("application/xml")) { outputType=SupportedOutputFormat.XML; break; } else if (acceptableType.contains("application/json")) { outputType=SupportedOutputFormat.JSON; break; } } if (outputType==null) response.sendError(415); String path = request.getPathInfo(); String pathSegments[] = path.split("/"); String artist = pathSegments[1]; if (pathSegments.length < 2 && pathSegments.length > 3) response.sendError(404); else if (pathSegments.length == 3 && pathSegments[2].equals("recordings")) { if (outputType == SupportedOutputFormat.XML) writeRecordingsForArtistAsXml(response, artist); else writeRecordingsForArtistAsJson(response, artist); } else { if (outputType == SupportedOutputFormat.XML) writeArtistAsXml(response, artist); else writeArtistAsJson(response, artist); } } private void writeRecordingsForArtistAsXml(HttpServletResponse response, String artist) { ... } private void writeRecordingsForArtistAsJson(HttpServletResponse response, String artist) { ... } private void writeArtistAsXml(HttpServletResponse response, String artist) { ... } private void writeArtistAsJson(HttpServletResponse response, String artist) { ... } } Don't try to read this, this is just to show the complexity :)

Server-side API Wish List JAX-RS = Easier REST Way
High level, Declarative
Uses @ annotation in POJOs

Clear mapping to REST concepts
Resources : what are the URIs ?
@Path("/customers/")
@Path("{id}/")
Methods : what are the HTTP methods ?
@GET
public XXX find()
Representations : what are the formats ?
@ConsumeMime("application/xml")
@ProduceMime("application/json")
(New types can be defined)

POJO @Path("/customers/") public class Customers { @ProduceMime("application/xml") @GET Customers get() { // return list of artists } @Path("{id}/") @GET public Customer getCustomer(@PathParam("id") Integer id) { // return artist } } responds to the URI http://host/customers/ responds with XML responds to HTTP GET URI http://host/customers/id

Customer Service Overview Customer Database Web container (GlassFish™) + REST API Browser (Firefox) HTTP

Summary
Metro Integrated with GlassFish Application Server
JAX-WS
easier to use and more powerful than JAX-RPC
part of the Java EE 5 and Java SE 6 platforms
Layered design hides the complexity
Extensible at the protocol and transport level
WSIT
Makes Metro interoperable with other WS-* stacks
No new APIs , easy with NetBeans plugin
JAX-RS
High-level declarative programming model for REST

Building a Java EE 5 Open Source
Application Server
Source: Sun 2/06—See website for latest stats Project GlassFish Simplifying Java application Development with Java EE 5 technologies Includes JWSDP, EJB 3.0, JSF 1.2, JAX-WS and JAX-B 2.0 Supports > 20 frameworks and apps Basis for the Sun Java System Application Server PE 9 Free to download and free to deploy Over 1200 members and 200,000 downloads Over 1200 members and 200,000 downloads Integrated with NetBeans java.sun.com/javaee/GlassFish

http://blogs.sun.com/theaquarium

For More Information
METRO
JAX-WS
http://jax-ws.dev.java.net
WSIT
http://wsit.dev.java.net
REST
http://jersey.dev.java.net
Glassfish
http://glassfish.dev.java.net

Carol McDonald
[email_address]
Metro: JAX-WS, WSIT and REST

Interoperable Web Services with JAX-WS

by Carol McDonald on May 19, 2009

Accessibility

Categories

Tags

Upload Details

Usage Rights

2 Embeds 16

Statistics

Interoperable Web Services with JAX-WS — Presentation Transcript

http://arunhub.blogspot.com	8
http://www.slideshare.net	8