Interoperable Web Services with JAX-WS

5,802 views

Published on

JAX-WS Java API for XML Web Services

Published in: Technology

Interoperable Web Services with JAX-WS

  1. 1. Metro: JAX-WS, WSIT and REST <ul><li>Carol McDonald </li></ul><ul><ul><li>Java Architect </li></ul></ul><ul><ul><ul><li>Sun Microsystems </li></ul></ul></ul>
  2. 2. About the Speaker <ul><li>Carol cDonald: </li></ul><ul><ul><li>Java Architect at Sun Microsystems </li></ul></ul><ul><ul><li>Before Sun, worked on software development of: </li></ul></ul><ul><ul><ul><li>Application to manage car Loans for Toyota (>10 million loans) </li></ul></ul></ul><ul><ul><ul><li>Pharmaceutical Intranet apps ( Roche Switzerland) </li></ul></ul></ul><ul><ul><ul><li>Telecom Network Mgmt ( Digital France) </li></ul></ul></ul><ul><ul><ul><li>X.400 Email Server ( IBM Germany) </li></ul></ul></ul>
  3. 3. Agenda <ul><li>Metro </li></ul><ul><ul><li>JAX-WS </li></ul></ul><ul><ul><li>WSIT </li></ul></ul><ul><li>REST: </li></ul><ul><ul><li>JAX-RS </li></ul></ul>
  4. 4. Project Metro <ul><li>Project Metro = Java.net project for GlassFish Web Services stack </li></ul><ul><ul><li>http://metro.dev.java.net </li></ul></ul><ul><ul><li>Can also be used outside of Glassfish </li></ul></ul><ul><li>key components of Metro: </li></ul><ul><ul><li>JAX-WS and WSIT </li></ul></ul>
  5. 5. http://metro.dev.java.net
  6. 6. http://glassfish.dev.java.net
  7. 7. JAX-WS <ul><li>In addition to Glassfish, </li></ul><ul><li>JAX_WS can be used as WS stack with JBoss, WebLogic Server 10, Apache Tomcat , Jetty , and Java SE , TmaxSoft JEUS 6, Spring </li></ul>
  8. 8. Sun’s Web Services Stack Metro: JAX-WS , WSIT JAXB = Java Architecture for XML Binding | JAX-WS = Java APIs for XML Web Services NetBeans JAX-WS Tooling Transactions Reliable- Messaging Security Metadata WSDL Policy Core Web Services HTTP TCP SMTP JAXB, JAXP, StaX JAX-WS WSIT tools transport xml
  9. 9. Agenda <ul><li>Metro </li></ul><ul><ul><li>JAX-WS </li></ul></ul><ul><ul><li>WSIT </li></ul></ul><ul><li>REST </li></ul>
  10. 10. JAX-WS <ul><li>easy to use J ava A PI for X ML W eb S ervices </li></ul><ul><ul><li>Replaces JAX-RPC </li></ul></ul><ul><li>Just Add @ annotation to Plain Old Java Object (POJO) </li></ul><ul><ul><li>XML Descriptor-free programming </li></ul></ul><ul><li>Layered Architecture </li></ul><ul><li>SOAP 1.2 (document/literal) </li></ul><ul><li>Uses JAXB for data binding </li></ul><ul><li>Part of Java SE 6 and Java EE 5 platforms </li></ul>
  11. 11. JAX-WS Standards <ul><li>JSR 224 Expert Group: </li></ul><ul><ul><li>ATG BEA Capgemini Developmentor IBM Intalio IONA Motorola Nokia Novell NTT Oracle Pramati Red Hat SAP SeeBeyond Sonic Software Sun Tmax Trifork WebMethods </li></ul></ul>
  12. 12. Developing a Web Service Starting with a Java class war or ear @WebService POJO Implementation class Servlet-based or Stateless Session EJB Optional handler classes Packaged application (war/ear file) You develop Service contract WSDL Deployment creates JAXB and JAX-WS files needed for the service
  13. 13. Example: Servlet-Based Endpoint @WebService public class CalculatorWS { public int add (int a, int b) { return a+b; } } <ul><li>All public methods become web service operations </li></ul><ul><li>WSDL/Schema generated at deploy time automatically </li></ul><ul><li>Default values for WSDL service name, etc. </li></ul>
  14. 14. Service Description default mapping <ul><li>Java mapping -> WSDL: </li></ul>public class CalculatorWS { public int add ( int i , int j ){ } } <ul><li>< portType name=&quot; CalculatorWS &quot;> </li></ul><ul><li>< operation name=&quot; add &quot;> </li></ul><ul><li>< input message=&quot; tns:add &quot; /> </li></ul><ul><li>< output message=&quot; tns:addResponse &quot; /> </li></ul><ul><li>< /operation > </li></ul><ul><li>< /portType > </li></ul>PORT TYPE = ABSTRACT INTERFACE OPERATION = METHOD MESSAGE = PARAMETERS AND RETURN VALUES
  15. 15. Customizability via Annotations @WebService( name= &quot;Calculator&quot;, portName= &quot;CalculatorPort&quot;, serviceName= &quot;CalculatorService&quot;, targetNamespace= &quot;http://calculator.org&quot; ) public class CalculatorWS { @WebMethod (operationName=”addCalc”) public int add ( @WebParam (name=”param1”) int a, int b) { return a+b; } }
  16. 16. Example: EJB 3.0-Based Endpoint <ul><li>It's a regular EJB 3.0 component so it can use EJB features </li></ul><ul><ul><li>Transactions, security, interceptors ... </li></ul></ul>@WebService @Stateless public class Calculator { public int add(int a, int b) { return a+b; } }
  17. 17. Developing a Web Service Starting with a WSDL wsimport tool @WebService SEI Interface @WebService( endpointInterface =&quot;generated Service&quot;) Implementation class Servlet-based or Stateless Session EJB endpoint model Packaged application (war/ear file) Service contract WSDL Generates You develop
  18. 18. Generating an Interface from WSDL <ul><li>WSDL->Java generation: </li></ul>@WebService public interface BankService { @WebMethod public float getBalance (String acctID,String acctName) throws AccountException; } <ul><li>< portType name=&quot; BankService &quot;> </li></ul><ul><li>< operation name=&quot; getBalance &quot;> </li></ul><ul><li><input message=&quot;tns:getBalanceInput&quot; /> </li></ul><ul><li><output message=&quot;tns:getBalanceOutput&quot; /> </li></ul><ul><li><fault name=&quot;AccountException&quot; </li></ul><ul><li>message=&quot;tns:AccountException&quot;/> </li></ul><ul><li></operation> </li></ul><ul><li></portType> </li></ul>PORT TYPE = INTERFACE OPERATION = METHOD MESSAGE = PARAMETERS
  19. 19. Implementing a Web Service for a Generated Interface @WebService( endpointInterface =&quot; generated.BankService &quot;, serviceName =&quot; BankService &quot;) public class BankServiceImpl implements BankService { ... public float getBalance (String acctID, String acctName) throws AccountException { // code to get the account balance return theAccount.getBalance(); } }
  20. 20. Server Side CalculatorWS Web Service E ndpoint Listener Soap binding @Web Service Soap request publish 1 2 3 4 5 6 7 8
  21. 21. Runtime: <ul><ul><li>Java types WSDL, XML Schema </li></ul></ul>JAX-WS uses JAXB for data binding <ul><ul><ul><li>Runtime: JAXB un/marshalls the payload </li></ul></ul></ul>WSDL XML Schema XML Document unmarshal marshal Generate for development Java Objects follows
  22. 22. Add Parameter <ul><li>Next slide Look at schema and JAXB class for add parameter </li></ul>public class CalculatorWS { public int add ( int i , int j ){ } } <ul><li>< portType name=&quot; CalculatorWS &quot;> </li></ul><ul><li>< operation name=&quot; add &quot;> </li></ul><ul><li>< input message=&quot; tns:add &quot; /> </li></ul><ul><li>< output message=&quot; tns:addResponse &quot; /> </li></ul><ul><li>< /operation > </li></ul><ul><li>< /portType > </li></ul>PORT TYPE = ABSTRACT INTERFACE OPERATION = METHOD MESSAGE = PARAMETERS AND RETURN VALUES
  23. 23. JAXB XML schema to Java mapping <ul><li>package calculator.jaxws; </li></ul><ul><li>import javax.jws.WebService; </li></ul><ul><li>@XmlRootElement (name = &quot;add&quot; ) </li></ul><ul><li>public class add { </li></ul><ul><li>@XmlElement (name = &quot; i &quot;) </li></ul><ul><li>private int i ; </li></ul><ul><li>@XmlElement (name = &quot; j &quot;) </li></ul><ul><li>private int j ; </li></ul><ul><li>public int getI () { </li></ul><ul><li>return this.i; </li></ul><ul><li>} </li></ul><ul><li>public void setI (int i){ </li></ul><ul><li>this.i = i; </li></ul><ul><li>} </li></ul><ul><li>} </li></ul><ul><li><?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot; standalone=&quot;yes&quot;? > </li></ul><ul><li><xs: schema version=&quot;1.0&quot; > </li></ul><ul><li><xs: element name=&quot; add &quot; type=&quot;tns:add&quot;/> </li></ul><ul><li><xs: element name=&quot; addResponse &quot; type=&quot;tns:addResponse&quot;/> </li></ul><ul><li><xs: complexType name=&quot; add &quot;> </li></ul><ul><li><xs: sequence > </li></ul><ul><li><xs: element name=&quot; i &quot; </li></ul><ul><li>type=&quot;xs: int &quot;/> </li></ul><ul><li><xs: element name=&quot; j &quot; </li></ul><ul><li>type=&quot;xs: int &quot;/> </li></ul><ul><li></xs:sequence> </li></ul><ul><li></xs:complexType> </li></ul><ul><li></xs:schema> </li></ul>
  24. 24. demo
  25. 25. Client-Side Programming wsimport tool @WebService Dynamic Proxy Service contract WSDL Generates You develop Client which calls proxy
  26. 26. Example: Java SE-Based Client <ul><li>code is fully portable </li></ul><ul><ul><li>CalculatorService is defined by the specification </li></ul></ul><ul><ul><li>Internally it uses a delegation model </li></ul></ul>CalculatorService svc = new CalculatorService() ; Calculator proxy = svc. getCalculatorPort(); int answer = proxy.add (35, 7); Factory Class Get Proxy Class Business Interface
  27. 27. WSDL Java mapping <ul><li>package calculator; </li></ul><ul><li>import javax.jws.WebService; </li></ul><ul><li>@WebService </li></ul><ul><li>public class CalculatorWS { </li></ul><ul><li>public int add ( int i, int j) { </li></ul><ul><li>return i + j; </li></ul><ul><li>} </li></ul><ul><li>} </li></ul><ul><li>< portType name=&quot; CalculatorWS &quot;> </li></ul><ul><li>< operation name=&quot; add &quot;> </li></ul><ul><li><input message=&quot;tns:add&quot;/> </li></ul><ul><li><output message=&quot;tns:addResponse&quot;/> </li></ul><ul><li></operation> </li></ul><ul><li></portType> </li></ul><ul><li>< binding name=&quot;CalculatorWSPortBinding&quot; type=&quot;tns: CalculatorWS &quot;> </li></ul><ul><li><soap:binding transport=&quot;soap/http&quot; style=&quot;document&quot;/> </li></ul><ul><li>< operation name=&quot; add &quot;> </li></ul><ul><li>.... </li></ul><ul><li></operation> </li></ul><ul><li></binding> </li></ul><ul><li>< service name=&quot; CalculatorWSService &quot;> </li></ul><ul><li>< port name=&quot; CalculatorWSPort &quot; binding=&quot;tns:CalculatorWSPortBinding&quot;> </li></ul><ul><li>< soap:address location = </li></ul><ul><li>&quot;http://CalculatorWSService&quot; /> </li></ul><ul><li></port> </li></ul><ul><li></service> </li></ul>Factory Class Proxy Class Business Interface
  28. 28. WSDL to Dynamic Proxy mapping Service Port PortType Binding 1..n 1 1 1..n 1..n <ul><ul><li>CalculatorWSPort </li></ul></ul><ul><ul><li>CalculatorWS </li></ul></ul><ul><li>Class </li></ul><ul><ul><li>CalculatorWSService </li></ul></ul>Add Method Parameters Business Interface Factory Class Proxy Class Operation Message
  29. 29. Example: Java EE Servlet Client No Java Naming and Directory Interface™ API ! public class ClientServlet extends HttpServlet { @WebServiceRef (wsdlLocation = &quot;http://.../CalculatorWSService?wsdl&quot;) private CalculatorWSService service; protected void processRequest( HttpServletRequest req, HttpServletResponse resp) { CalculatorWS proxy = service.getCalculatorWSPort(); int i = 3; j = 4; int result = proxy.add (i, j); . . . } } Get Proxy Class Business Interface Factory Class
  30. 30. demo
  31. 31. Client Side CalculatorWS Web Service extends Dynamic Proxy S ervice E ndpoint I nterface Invocation Handler JAXB JAXB return value parameters getPort 1 2 3 6 Soap request Soap response 4 5
  32. 32. SOAP Request <ul><li><?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> </li></ul><ul><li><S:Envelope xmlns:S=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot;> </li></ul><ul><li><S:Header/> </li></ul><ul><li><S:Body> </li></ul><ul><li><ns2: add xmlns:ns2=&quot;http://calculator.me.org/&quot;> </li></ul><ul><li><i>4</i> </li></ul><ul><li><j>3</j> </li></ul><ul><li></ns2:add> </li></ul><ul><li></S:Body> </li></ul><ul><li></S:Envelope> </li></ul>http://localhost:8080/CalculatorWSApplication/CalculatorWSService
  33. 33. SOAP Response <ul><li><?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?> </li></ul><ul><li><S:Envelope xmlns:S=&quot;http://schemas.xmlsoap.org/soap/envelope/&quot;> </li></ul><ul><li><S:Body> </li></ul><ul><li><ns2: addResponse xmlns:ns2=&quot;http://calculator.me.org/&quot;> </li></ul><ul><li><return>7</return> </li></ul><ul><li></ns2:addResponse> </li></ul><ul><li></S:Body> </li></ul><ul><li></S:Envelope> </li></ul>
  34. 34. JAX-WS Layered Architecture Calls Into Implemented on Top of Messaging Layer: Dispatch/Provider Application Code Strongly-Typed Layer: @ Annotated Classes <ul><ul><ul><li>Upper layer Easy to use with annotations </li></ul></ul></ul><ul><ul><ul><li>Lower layer, API-based, more control </li></ul></ul></ul><ul><ul><ul><ul><li>For advanced scenarios </li></ul></ul></ul></ul>
  35. 35. Lower Level <ul><li>Lower layer, API-based, more control: </li></ul><ul><li>Client XML API: Dispatch Interface </li></ul><ul><ul><li>one-way and asynch calls available </li></ul></ul><ul><li>Server XML API: Provider Interface: </li></ul><ul><ul><li>Can use JAXB, JAXP, SAAJ to get message contents </li></ul></ul><ul><li>Message or Payload access </li></ul><ul><li>May be used to create RESTful clients/services </li></ul>
  36. 36. Client-side Messaging API: Dispatch Interface one-way and asynch calls available: // T is the type of the message public interface Dispatch < T > { // synchronous request-response T invoke(T msg); // async request-response ( polled for completion) Response<T> invokeAsync(T msg); Future<?> invokeAsync(T msg, AsyncHandler<T> h); // one-way void invokeOneWay(T msg); }
  37. 37. Client-side Example: Dispatch Using PAYLOAD import javax.xml. transform.Source ; import javax.xml. ws.Dispatch ; private void invokeAddNumbers(int a,int b) { Dispatch <Source> sourceDispatch = service.createDispatch (portQName, Source.class, Service.Mode.PAYLOAD ); StreamSource request =new StringReader(xmlString); Source result = sourceDispatch.invoke (request)); String xmlResult = sourceToXMLString(result); }
  38. 38. Server-side Messaging API: Provider // T is the type of the message public interface Provider< T > { T invoke(T msg, Map<String,Object> context); } <ul><li>Message or Payload access </li></ul><ul><li>Use @ServiceMode to select a mode for the message type </li></ul>
  39. 39. Server-sideExample: Payload Mode, No JAXB @ServiceMode(Service.Mode. PAYLOAD ) public class MyProvider implements Provider < Source > { public Source invoke( Source request, Map<String,Object> context) { // process the request using XML APIs, e.g. DOM Source response = ... // return the response message payload return response; } }
  40. 40. JAX-WS Commons https://jax-ws-commons.dev.java.net/ <ul><li>Convenient Extensions, utility code , useful Plugins : </li></ul><ul><li>Spring support </li></ul><ul><li>Stateful Web Service </li></ul><ul><li>Multiple Service Instances </li></ul><ul><ul><li>HTTP Session-scope service </li></ul></ul><ul><ul><li>Thread scope service (thread local) </li></ul></ul><ul><li>JSON Encoding </li></ul><ul><li>Server-Side Asynchrony </li></ul>
  41. 41. JAX-WS 2.1 Performance vs Axis 2.1
  42. 42. Agenda <ul><li>Metro </li></ul><ul><li>JAX-WS Standards </li></ul><ul><li>WSIT </li></ul><ul><li>REST </li></ul>
  43. 43. WSIT: Web Services Interoperability Technology Complete WS-* stack Enables interoperability with Microsoft .NET 3.0 WCF
  44. 44. Sun’s Web Services Stack Metro: JAX-WS , WSIT JAXB = Java Architecture for XML Binding | JAX-WS = Java APIs for XML Web Services NetBeans JAX-WS Tooling Transactions Reliable- Messaging Security Metadata WSDL Policy Core Web Services HTTP TCP SMTP JAXB, JAXP, StaX JAX-WS WSIT tools transport xml
  45. 45. WSIT (Web Services Interoperability Technology) Project Tango Features <ul><li>Enables interoperability with Microsoft .NET 3.0 </li></ul><ul><li>Bootstrapping communication </li></ul><ul><li>End-to-end reliability </li></ul><ul><li>Atomic transactions </li></ul><ul><li>End-to-end security </li></ul><ul><li>Trust </li></ul><ul><li>Optimized security </li></ul>
  46. 46. Metro WSIT Reliable Messaging
  47. 47. WS-ReliableMessaging JAX-WS/WCF Server Runtime JAX-WS/WCF Client Runtime Application Message Ack Protocol Message buffer buffer <ul><ul><ul><li>RMSource handles sending and re-sending </li></ul></ul></ul><ul><ul><ul><li>RMDestination handles reconstructing the stream of messages </li></ul></ul></ul>
  48. 48. <ul><li>Brings reliability to SOAP (protocol) layer </li></ul><ul><li>Transparent to application </li></ul><ul><li>Delivery assurance </li></ul><ul><ul><li>At least once </li></ul></ul><ul><ul><li>At most once </li></ul></ul><ul><ul><li>In order </li></ul></ul>End-to-End Reliability WS-ReliableMessaging
  49. 49. Configuration with NetBeans
  50. 50. Reliable Transport Alternatives <ul><li>SOAP messages are transport agnostic </li></ul><ul><ul><li>Change the transport, change the binding </li></ul></ul><ul><li>Metro Transports (Htttp standard): </li></ul><ul><ul><li>JMS </li></ul></ul><ul><ul><li>SMTP </li></ul></ul><ul><ul><li>SOAP over TCP </li></ul></ul><ul><ul><li>For more information </li></ul></ul><ul><ul><li>https://jax-ws.dev.java.net/transport.html </li></ul></ul>
  51. 51. Metro WSIT Transactions
  52. 52. Java™ Transaction Service Application Server Transaction Service Application UserTransaction interface Resource Manager XAResource interface Transactional operation TransactionManager Interface Resource EJB Transaction context
  53. 53. <ul><li>WS-AtomicTransaction defines set of transaction coordination protocols </li></ul><ul><ul><li>Supports two phase commit for web service operations: </li></ul></ul><ul><ul><ul><li>all operations invoked within an atomic transaction succeed or are all rolled back . </li></ul></ul></ul><ul><li>WS-Coordination protocols coordinate the actions of distributed web services </li></ul><ul><ul><li>For Commit: Coordinator asks if each system is ready to complete </li></ul></ul><ul><ul><ul><li>If all concur, coordinator tells systems to complete </li></ul></ul></ul><ul><ul><ul><li>Otherwise, coordinator tells systems to rollback </li></ul></ul></ul>WSIT Transaction coordination
  54. 54. WSIT and WCF Co-ordinated transaction 4a: WS-AT Protocol 3: TxnCommit 2c: WS-Coor Protocol 2b: Register 4b: XA Protocol 4b: XA Protocol 2a: Invoke 1: TxnBegin
  55. 55. <ul><li>an Atomic Transaction Context is created the first time a transacted Web service operation is invoked within a JTA transaction scope </li></ul><ul><ul><li>01 @Resource </li></ul></ul><ul><ul><li>02 javax.transaction.UserTransaction ut; </li></ul></ul><ul><ul><li>03 </li></ul></ul><ul><ul><li>04 ut.begin(); </li></ul></ul><ul><ul><li>05 bankWebService.makeWithdrawl(); </li></ul></ul><ul><ul><li>06 ... </li></ul></ul><ul><ul><li>07 ut.commit();. </li></ul></ul>WSIT Support on Transaction <ul><ul><li>Transaction </li></ul></ul><ul><ul><li>Context </li></ul></ul><ul><ul><li>created </li></ul></ul>
  56. 56. Transactions in Action @WebService @Stateless public class Wirerer { @TransactionAttribute(REQUIRED) void wireFunds(...) throws ... { websrvc1.withdrawFromBankX(...); websrvc2.depositIntoBankY(...); } }
  57. 57. Metro WSIT Security
  58. 58. Digital Certificate <ul><li>Identity data signed by a Certification Authority. Provides a Trusted source of identification. </li></ul>Version # Serial # Signature Algorithm Issuer Name Validity Period Subject Name Subject Public Key Issuer Unique ID Subject Unique ID Extensions Digital Signature X.509 Certificate <ul><li>Digital ID </li></ul><ul><li>Electronic Proof of Identity </li></ul><ul><li>Issued and signed by Certifying Authority </li></ul><ul><li>Public, Private keys </li></ul><ul><li>Makes security protocols work </li></ul><ul><ul><li>SSL </li></ul></ul>CA Authorized
  59. 59. Encryption Receiver Public Key Receiver Private Key <ul><ul><li>XML Encryption (data confidentiality) </li></ul></ul><ul><ul><ul><li>Only the private key can decrypt </li></ul></ul></ul>Asymmetric keys Public Encryption Original Document Encrypted Document Private Decryption Original Document Sender Receiver
  60. 60. Digital Signature Transform Transform Sender Sender's Private Key Sender's Public Key <ul><ul><li>XML Signature (data integrity) </li></ul></ul><ul><ul><li>Bind the sender’s identity to an XML document </li></ul></ul>Private Encryption XML data Signature Public Decryption XML data Receiver
  61. 61. SSL Key Exchange Server Client connects Browser generates symetric session key Use session key to Encrypt data <ul><li>Browser and Server use Session Key B to encrypt all data exchanged over the Internet </li></ul>
  62. 62. Security <ul><ul><li>Before WS-Security </li></ul></ul><ul><ul><li>Only SSL: </li></ul></ul><ul><ul><li>WS-Security </li></ul></ul><ul><li>Security at SOAP (protocol) layer </li></ul><ul><li>Fine granularity possible </li></ul><ul><ul><li>Only sign/encrypt credit card # (e.g., XML subtree) </li></ul></ul><ul><li>Works on non-TCP/IP transports </li></ul><ul><li>Integrity, Confidentiality, Auth </li></ul><ul><li>W3C XML Signature/Encryption </li></ul><ul><li>SSL/HTTPS </li></ul><ul><li>Security at transport layer </li></ul><ul><li>Point-to-point </li></ul><ul><li>Encrypts session </li></ul>
  63. 63. WS-Security: SOAP Message Security <ul><li>WS-Security defines: </li></ul><ul><ul><li>Encrypting and signing message parts: </li></ul></ul><ul><ul><ul><li>XML Signature and XML Encryption in SOAP Header </li></ul></ul></ul><ul><ul><li>How to pass security tokens </li></ul></ul><ul><ul><li>(token=security information identifies the msg sender ) </li></ul></ul><ul><ul><ul><li>UserName/Password token </li></ul></ul></ul><ul><ul><ul><li>X.509 certificates </li></ul></ul></ul><ul><ul><ul><li>SAML </li></ul></ul></ul><ul><ul><ul><li>Kerberos tickets </li></ul></ul></ul>SOAP Envelope SOAP Envelope Header SOAP Envelope Body WS-Security Header Security Token Business Payload
  64. 64. request data response data authentication data SAML assertions https/ssl (optional) digital certificate Security Architecture Message Level Security (signature and encryption) web services client SOAP client signed & encrypted data web services server SOAP server SOAP service security server authentication authorization signature validation data encryption digital certificate request data data decryption/ encryption signature validation
  65. 65. Security <ul><ul><li>Before WS-Security </li></ul></ul><ul><ul><li>WS-Security </li></ul></ul><ul><li>Security at SOAP message layer </li></ul><ul><li>XML Signature/Encryption </li></ul><ul><li>Only sign/encrypt part of msg </li></ul><ul><li>Works on different transports </li></ul><ul><li>Work with intermediaries </li></ul><ul><li>SSL/HTTPS </li></ul><ul><li>Security at transport layer </li></ul><ul><li>All or nothing granularity </li></ul><ul><li>Point-to-point </li></ul>
  66. 66. <ul><li>WS-Trust framework for: </li></ul><ul><ul><li>Issue, Validate, Exchange security tokens used by WS-Security </li></ul></ul><ul><ul><li>Establish and broker trust relationships </li></ul></ul>Trust
  67. 67. <ul><li>WS-Trust </li></ul><ul><ul><li>Issue </li></ul></ul>Trust Trust Relation Identity Store WS Client WS Service Security Token Service 1) WS-Trust Issue() 2) token returned <S11:Envelope xmlns:S11=&quot;...&quot; xmlns:wsse=&quot;...&quot;> <S11:Header> <wsse:Security> .Security Token = AuthN+AuthZ+signatures </wsse:Security> </S11:Header> <S11:Body wsu:Id=&quot;MsgBody&quot;> .. App data </S11:Body> </S11:Envelope>
  68. 68. <ul><li>WS-Trust </li></ul><ul><ul><li>Exchange </li></ul></ul>Trust
  69. 69. <ul><li>WS-Trust </li></ul><ul><ul><li>Validate </li></ul></ul><ul><ul><li>Establish and broker trust relationships </li></ul></ul>Trust .NET service Java client
  70. 70. .NET Trust Authority Trust Authority Sun Managed Microsoft Managed Project GlassFish ™ Retail Quote Service Project GlassFish Wholesale Quote Service .Net Wholesale Service Java EE Platform With Project Tango WCF Client Java Client WS-Trust WS-T Trust QOS Security Interop.
  71. 71. <ul><li>How to Establish a Secure SESSION </li></ul><ul><ul><li>For multiple message exchanges </li></ul></ul><ul><ul><li>Create shared symmetric session key </li></ul></ul><ul><ul><li>Optimizes processing </li></ul></ul>WS-SecureConversation Optimized Security security context token Use generated symmetric session key
  72. 72. WS-Policy <wsdl…> <policy…> … </policy> … </wsdl> <wsdl…> <policy…> <security-policy> … </security-policy> <transaction-policy> … </transaction-policy> <reliability-policy> … </reliability-policy> … </policy> … </wsdl>
  73. 73. Metro: Bootstrapping
  74. 74. WS-Metadata Exchange Bootstrapping Communication <ul><li>< mex > </li></ul><ul><ul><li>… </li></ul></ul><ul><li>< /mex > </li></ul><ul><li>< wsdl …> </li></ul><ul><li>< policy …> </li></ul><ul><li>… </li></ul><ul><li></policy> </li></ul><ul><li>… </li></ul><ul><li></wsdl> </li></ul><ul><li>WS-MetadataExchange supports: </li></ul><ul><ul><ul><ul><li>discovery of WSDL documents </li></ul></ul></ul></ul><ul><ul><ul><ul><li>WS-Policy settings </li></ul></ul></ul></ul>WS-MetadataExchange WS-Transfer/MEX WSDL
  75. 75. Bootstrapping Communication JAX-WS wsimport WCF or WSIT-based Service Creates Client Proxy WS-Transfer/MEX WSDL WS-MetadataExchange <ul><li>WS-MetadataExchange protocol supports: </li></ul><ul><ul><ul><ul><li>discovery of WSDL documents </li></ul></ul></ul></ul><ul><ul><ul><ul><li>metadata exchange is handled by wsimport utility of WSIT and is transparent to developers </li></ul></ul></ul></ul>
  76. 76. Proxy Generation Bootstrapping Communication <wsdl…> <policy…> < security-policy > … </security-policy> < transaction-policy > … </transaction-policy> < reliability-policy > … </reliability-policy> … </policy> … </wsdl>
  77. 77. End-to-End Messaging
  78. 78. <ul><li>No runtime APIs for WSIT </li></ul><ul><li>Use JAX-WS and EJB APIs </li></ul><ul><li>Developer/deployer supplies config file to enable/control Project Tango components </li></ul><ul><li>Config file written by hand or produced by Project Tango NetBeans software module </li></ul>WSIT (Project Tango) Programming Model
  79. 79. WSIT NetBeans Module By Hand Other IDEs 109 Deployment META-INF/wsit-*.xml Service Servlet Deployment WEB-INF/wsit-*.xml WSIT Server-Side Programming Model WSIT Config File wsit-*.xml <ul><li>No runtime APIs for WSIT </li></ul><ul><li>Use JAX-WS and EJB APIs </li></ul><ul><li>Config file written by hand or produced by NetBeans enable/control WSIT </li></ul>
  80. 80. WSIT Client Programming Model 109 Service Wsimport Client Artifacts WSIT Config File wsit-*.xml WSIT NetBean Module By Hand Other IDEs MEX/ GET WDSL MEX/ GET
  81. 82. Agenda <ul><li>Metro </li></ul><ul><li>JAX-WS Standards </li></ul><ul><li>WSIT </li></ul><ul><li>REST with JAX-RS </li></ul>
  82. 83. API: JAX-RS <ul><li>Standardized in the JSR 311 </li></ul><ul><ul><li>Will be included in Java EE 6 </li></ul></ul><ul><li>EG members </li></ul><ul><ul><li>Alcatel-Lucent, BEA, Day Software, Fujitsu, innoQ, Nortel, Red Hat </li></ul></ul><ul><ul><li>Experts in Atom, AtomPub, WebDAV, HTTP, REST, Restlet </li></ul></ul><ul><li>Group started in April 2007 </li></ul>
  83. 84. REpresentational State Transfer Get URI Response XML data = RE presentational S tate T ransfer
  84. 85. REST Tenets <ul><li>RE presentational S tate T ransfer </li></ul><ul><li>Resources (nouns) </li></ul><ul><ul><li>Identified by a URI , For example: </li></ul></ul><ul><ul><ul><li>http://www.parts-depot.com/parts </li></ul></ul></ul><ul><li>Methods (verbs) </li></ul><ul><ul><li>Small fixed set: </li></ul></ul><ul><ul><ul><li>Create, Read, Update, Delete </li></ul></ul></ul><ul><li>State Representations </li></ul><ul><ul><li>data and state transferred between client and server </li></ul></ul><ul><ul><li>XML, JSON... </li></ul></ul>
  85. 86. HTTP Example Request GET /customers HTTP/1.1 Host: media.example.com Accept : application/ xml Response HTTP/1.1 200 OK Date: Tue, 08 May 2007 16:41:58 GMT Server: Apache/1.3.6 Content-Type : application/xml; charset=UTF-8 <?xml version=&quot;1.0&quot;?> <customers xmlns=&quot;…&quot;> <customer>…</customer> … </customers> <ul><ul><li>Resource </li></ul></ul><ul><ul><li>Method </li></ul></ul><ul><ul><li>Representation </li></ul></ul>
  86. 87. Verb Noun Create POST Collection URI Read GET Collection URI Read GET Entry URI Update PUT Entry URI Delete DELETE Entry URI CRUD to HTTP method mapping 4 main HTTP methods CRUD methods
  87. 88. Example <ul><li>Customers </li></ul><ul><ul><ul><li>/customers/ </li></ul></ul></ul><ul><ul><ul><li>/customers/{id}/ </li></ul></ul></ul><ul><li>URI Templates are URIs with variables within the URI syntax. </li></ul>
  88. 89. Customer Resource Using Servlet API public class Artist extends HttpServlet { public enum SupportedOutputFormat {XML, JSON}; protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String accept = request.getHeader(&quot;accept&quot;).toLowerCase(); String acceptableTypes[] = accept.split(&quot;,&quot;); SupportedOutputFormat outputType = null; for (String acceptableType: acceptableTypes) { if (acceptableType.contains(&quot;*/*&quot;) || acceptableType.contains(&quot;application/*&quot;) || acceptableType.contains(&quot;application/xml&quot;)) { outputType=SupportedOutputFormat.XML; break; } else if (acceptableType.contains(&quot;application/json&quot;)) { outputType=SupportedOutputFormat.JSON; break; } } if (outputType==null) response.sendError(415); String path = request.getPathInfo(); String pathSegments[] = path.split(&quot;/&quot;); String artist = pathSegments[1]; if (pathSegments.length < 2 && pathSegments.length > 3) response.sendError(404); else if (pathSegments.length == 3 && pathSegments[2].equals(&quot;recordings&quot;)) { if (outputType == SupportedOutputFormat.XML) writeRecordingsForArtistAsXml(response, artist); else writeRecordingsForArtistAsJson(response, artist); } else { if (outputType == SupportedOutputFormat.XML) writeArtistAsXml(response, artist); else writeArtistAsJson(response, artist); } } private void writeRecordingsForArtistAsXml(HttpServletResponse response, String artist) { ... } private void writeRecordingsForArtistAsJson(HttpServletResponse response, String artist) { ... } private void writeArtistAsXml(HttpServletResponse response, String artist) { ... } private void writeArtistAsJson(HttpServletResponse response, String artist) { ... } } Don't try to read this, this is just to show the complexity :)
  89. 90. Server-side API Wish List JAX-RS = Easier REST Way <ul><li>High level, Declarative </li></ul><ul><ul><li>Uses @ annotation in POJOs </li></ul></ul>
  90. 91. Clear mapping to REST concepts <ul><li>Resources : what are the URIs ? </li></ul><ul><ul><li>@Path(&quot;/customers/&quot;) </li></ul></ul><ul><ul><li>@Path(&quot;{id}/&quot;) </li></ul></ul><ul><li>Methods : what are the HTTP methods ? </li></ul><ul><ul><ul><li>@GET </li></ul></ul></ul><ul><ul><ul><li>public XXX find() </li></ul></ul></ul><ul><li>Representations : what are the formats ? </li></ul><ul><ul><li>@ConsumeMime(&quot;application/xml&quot;) </li></ul></ul><ul><ul><li>@ProduceMime(&quot;application/json&quot;) </li></ul></ul><ul><ul><li>(New types can be defined) </li></ul></ul>
  91. 92. POJO @Path(&quot;/customers/&quot;) public class Customers { @ProduceMime(&quot;application/xml&quot;) @GET Customers get() { // return list of artists } @Path(&quot;{id}/&quot;) @GET public Customer getCustomer(@PathParam(&quot;id&quot;) Integer id) { // return artist } } responds to the URI http://host/customers/ responds with XML responds to HTTP GET URI http://host/customers/id
  92. 93. Customer Service Overview Customer Database Web container (GlassFish™) + REST API Browser (Firefox) HTTP
  93. 94. Summary <ul><li>Metro Integrated with GlassFish Application Server </li></ul><ul><ul><li>JAX-WS </li></ul></ul><ul><ul><ul><li>easier to use and more powerful than JAX-RPC </li></ul></ul></ul><ul><ul><ul><li>part of the Java EE 5 and Java SE 6 platforms </li></ul></ul></ul><ul><ul><ul><li>Layered design hides the complexity </li></ul></ul></ul><ul><ul><ul><ul><li>Extensible at the protocol and transport level </li></ul></ul></ul></ul><ul><ul><li>WSIT </li></ul></ul><ul><ul><ul><li>Makes Metro interoperable with other WS-* stacks </li></ul></ul></ul><ul><ul><ul><li>No new APIs , easy with NetBeans plugin </li></ul></ul></ul><ul><li>JAX-RS </li></ul><ul><ul><li>High-level declarative programming model for REST </li></ul></ul>
  94. 95. <ul><ul><li>Building a Java EE 5 Open Source </li></ul></ul><ul><ul><li>Application Server </li></ul></ul>Source: Sun 2/06—See website for latest stats Project GlassFish Simplifying Java application Development with Java EE 5 technologies Includes JWSDP, EJB 3.0, JSF 1.2, JAX-WS and JAX-B 2.0 Supports > 20 frameworks and apps Basis for the Sun Java System Application Server PE 9 Free to download and free to deploy Over 1200 members and 200,000 downloads Over 1200 members and 200,000 downloads Integrated with NetBeans java.sun.com/javaee/GlassFish
  95. 96. http://blogs.sun.com/theaquarium
  96. 97. For More Information <ul><li>METRO </li></ul><ul><ul><li>http://metro.dev.java.net </li></ul></ul><ul><li>JAX-WS </li></ul><ul><ul><li>http://jax-ws.dev.java.net </li></ul></ul><ul><li>WSIT </li></ul><ul><ul><li>http://wsit.dev.java.net </li></ul></ul><ul><li>REST </li></ul><ul><ul><li>http://jersey.dev.java.net </li></ul></ul><ul><li>Glassfish </li></ul><ul><ul><li>http://glassfish.dev.java.net </li></ul></ul>
  97. 98. <ul><li>Carol McDonald </li></ul><ul><ul><li>[email_address] </li></ul></ul>Metro: JAX-WS, WSIT and REST

×