1. Stateful Web ServicesStateful Web Services
By:By:
Muhammad Jawaid ShamshadMuhammad Jawaid Shamshad
MS/PhD (CS)MS/PhD (CS)
052210052210
Advisor:Advisor:
Aslam Parvez MemonAslam Parvez Memon
2. AgendaAgenda
► IntroductionIntroduction
► Terms and ConceptsTerms and Concepts
Web ServicesWeb Services
WSDLWSDL
Discovering Web Services (UDDI, ebXML)Discovering Web Services (UDDI, ebXML)
► Introduction to StateIntroduction to State
► Need for State ManagementNeed for State Management
► State Management TechniquesState Management Techniques
In-MemoryIn-Memory
DatabaseDatabase
► Generalized ModelGeneralized Model
► ConclusionConclusion
► Literature SourcesLiterature Sources
► Q & AQ & A
3. IntroductionIntroduction
►Web services are by nature statelessWeb services are by nature stateless
►Situations where state management isSituations where state management is
difficult to avoiddifficult to avoid
Example: User SessionsExample: User Sessions
►How to manage state in web services?How to manage state in web services?
4. Terms and ConceptsTerms and Concepts
►Web ServiceWeb Service
►SOAPSOAP
►WSDLWSDL
►Discovering Web ServiceDiscovering Web Service
UDDIUDDI
ebXMLebXML
5. Web ServiceWeb Service
►DefinitionDefinition
"Web services are software applications that"Web services are software applications that
can be discovered, described, and accessedcan be discovered, described, and accessed
based on XML and standard Web protocolsbased on XML and standard Web protocols
over intranets, extranets, and the Internet“over intranets, extranets, and the Internet“
►Main focus is interoperabilityMain focus is interoperability
►Uses SOAP protocol as syntax of messageUses SOAP protocol as syntax of message
and uses HTTP to transfer that messageand uses HTTP to transfer that message
6. SOAPSOAP
►DefinitionDefinition
““Lightweight protocol for exchange ofLightweight protocol for exchange of
information in a decentralized, distributedinformation in a decentralized, distributed
environment“environment“
►Created by Microsoft, DevelopMentor, IBM,Created by Microsoft, DevelopMentor, IBM,
Lotus, and Userland in 1999Lotus, and Userland in 1999
►XML-based protocolXML-based protocol
►Web services transfers XML messages inWeb services transfers XML messages in
SOAP format encapsulated in SOAPSOAP format encapsulated in SOAP
envelopenvelop
7. SOAPSOAP
►SOAP header contains the meta informationSOAP header contains the meta information
and the body contains the actual messageand the body contains the actual message
in XML syntaxin XML syntax
8. WSDLWSDL
► DefinitionDefinition
““An XML format for describing network services as a setAn XML format for describing network services as a set
of endpoints operating on messages containing eitherof endpoints operating on messages containing either
document-oriented or procedure-oriented information“document-oriented or procedure-oriented information“
► Developed by IBM and Microsoft in 2000Developed by IBM and Microsoft in 2000
► Contains information where the service is located,Contains information where the service is located,
what the service does, and how to invoke thewhat the service does, and how to invoke the
serviceservice
► Application can look at the WSDL and dynamicallyApplication can look at the WSDL and dynamically
construct SOAP messagesconstruct SOAP messages
9. Discovering Web ServicesDiscovering Web Services
►How to search desired web service andHow to search desired web service and
communicate with itcommunicate with it
Universal Description, Discovery, andUniversal Description, Discovery, and
Integration (UDDI)Integration (UDDI)
ebXML RegistriesebXML Registries
10. UDDIUDDI
► Introduced by Ariba, Microsoft, and IBM in 2000Introduced by Ariba, Microsoft, and IBM in 2000
► Not yet a standard but implemented by majorNot yet a standard but implemented by major
vendors like Microsoft and IBMvendors like Microsoft and IBM
► Information availableInformation available
white pageswhite pages of company contact information,of company contact information,
yellow pagesyellow pages that categorize businesses by standardthat categorize businesses by standard
categorization, andcategorization, and
green pagesgreen pages that document the technical informationthat document the technical information
about web services, like WSDLabout web services, like WSDL
11. ebXMLebXML
► A standard created by OASIS in 2001A standard created by OASIS in 2001
► Provide a common way for businesses to quicklyProvide a common way for businesses to quickly
and dynamically perform business transactionsand dynamically perform business transactions
based on common business practicesbased on common business practices
► Information availableInformation available
Business processes and components described in XMLBusiness processes and components described in XML
Capabilities of a trading partnerCapabilities of a trading partner
Trading partner agreements between companiesTrading partner agreements between companies
12. Introduction to StateIntroduction to State
►State allows services to be brought downState allows services to be brought down
without loss of contextwithout loss of context
►When they are brought up again, theWhen they are brought up again, the
durable state is still there and they candurable state is still there and they can
continue as if nothing had happenedcontinue as if nothing had happened
13. Need for state managementNeed for state management
► Web services provide stateless client-serverWeb services provide stateless client-server
interactionsinteractions
► Stateless means client requests are independentStateless means client requests are independent
and no memory of previous requests is requiredand no memory of previous requests is required
► State management is difficult to avoid in a numberState management is difficult to avoid in a number
of situationsof situations
► Establish a session between a consumer and aEstablish a session between a consumer and a
provider, for efficiency reasonsprovider, for efficiency reasons
► Sending a security certificate with each request isSending a security certificate with each request is
a serious burden for both consumer and providera serious burden for both consumer and provider
14. State Management TechniquesState Management Techniques
►Require session state information to beRequire session state information to be
explicitly passed, which can be a uniqueexplicitly passed, which can be a unique
identifier of the session like session Ididentifier of the session like session Id
►Session Id can be stored on the client-sideSession Id can be stored on the client-side
►Rest of the data, such as user information,Rest of the data, such as user information,
can be stored on the server-sidecan be stored on the server-side
15. In-MemoryIn-Memory
► Keeps a reference of session in its memoryKeeps a reference of session in its memory
► Works well in a single server environment but notWorks well in a single server environment but not
very useful in a farm or clustervery useful in a farm or cluster
► Session is tied to a single server and is not sharedSession is tied to a single server and is not shared
among servers in the farm, resulting in loss ofamong servers in the farm, resulting in loss of
session informationsession information
► Dedicate a single server to handle all requestsDedicate a single server to handle all requests
from a user for the lifetime of the sessionfrom a user for the lifetime of the session
► Compromise scalability as the distribution of loadCompromise scalability as the distribution of load
among multiple servers is not fairly balancedamong multiple servers is not fairly balanced
16. DatabaseDatabase
►Store session in database server accessibleStore session in database server accessible
to all other servers in the farmto all other servers in the farm
►Each user will be given a unique identifierEach user will be given a unique identifier
that will serve as a key to the user'sthat will serve as a key to the user's
information in the databaseinformation in the database
►Advantage: state information is durableAdvantage: state information is durable
►Disadvantage: puts a greater load on theDisadvantage: puts a greater load on the
server, requires more time-consumingserver, requires more time-consuming
database transactionsdatabase transactions
17. DatabaseDatabase
►Client stores only the unique identifier, otherClient stores only the unique identifier, other
sensitive data is stored in the database,sensitive data is stored in the database,
thus session information is securethus session information is secure
►Always better to put greater load on theAlways better to put greater load on the
server than to risk securityserver than to risk security
18. Generalized ModelGeneralized Model
►Requirements:Requirements:
Token generator generates a unique token orToken generator generates a unique token or
identifier for each client, like GUID or UUIDidentifier for each client, like GUID or UUID
Repository required in which session state canRepository required in which session state can
be storedbe stored
Session initiating and terminating web serviceSession initiating and terminating web service
required like a login/logout web servicesrequired like a login/logout web services
19. Generalized ModelGeneralized Model
► Flow:Flow:
Client calls the login web service to initiate the sessionClient calls the login web service to initiate the session
Server authenticates the clientServer authenticates the client
If authenticated generates a unique tokenIf authenticated generates a unique token
Store session info against that token in repositoryStore session info against that token in repository
Session information can be user id, contact information,Session information can be user id, contact information,
previous requests etc.previous requests etc.
Return that token to the clientReturn that token to the client
Client will then call further web services providing theClient will then call further web services providing the
tokentoken
Finally client will call the logout web service to terminateFinally client will call the logout web service to terminate
the sessionthe session
21. ConclusionConclusion
► It is recommended that web services be designedIt is recommended that web services be designed
according to the principles of a service-orientedaccording to the principles of a service-oriented
architecture.architecture.
► However, it is sometimes desirable to buildHowever, it is sometimes desirable to build
services capable of referencing each other, whichservices capable of referencing each other, which
may lead to a finer-grained, session-orientedmay lead to a finer-grained, session-oriented
services design.services design.
► When building a new service, it is worthWhen building a new service, it is worth
considering carefully the pros and cons of allconsidering carefully the pros and cons of all
design styles, which can result in a betterdesign styles, which can result in a better
integration solution for a targeted domainintegration solution for a targeted domain
Web services are by nature stateless. There are certain situations where state management of resources is difficult to avoid, like user sessions. Another situation is to establish a session between a consumer and a provider. In web services this is normally required when applications like business and ecommerce applications based on user sign on needs to maintain state of clients connected while applications are built on web services which does not provide an implicit state management facility. This study presents the logical model for maintaining state of resources in web services.
Before we can define the means by which Web services manage state, we need to explain a few terms and concepts
“Web services are software applications that can be discovered, described, and accessed based on XML and standard Web protocols over intranets, extranets, and the Internet.”
The definition expresses the main point that web services are software applications like other usual software applications which performs some specific tasks depending on their implementation. The main focus of web services is interoperability. Web services use XML [2] as the syntax of their message and use HTTP [3] to transfer that message. The message is basically a Simple Object Access Protocol (SOAP [4]) envelop which is in XML format.
“a lightweight protocol for exchange of information in a decentralized, distributed environment.”
created by Microsoft, Developmentor, IBM, Lotus, and UserLand.