(Apache Tomcat) SOAP ENGINE - Programming Systems ...

righteousgaggleΔιαχείριση Δεδομένων

31 Ιαν 2013 (πριν από 4 χρόνια και 9 μήνες)

177 εμφανίσεις

Web Services

VINAY AHUJA

Columbia University

E6125: Web Enhanced Info Mgmt

Spring 2008

va2199@columbia.edu


Software Implementation

About Web Services


Another client / server technology



but different


Platform Independent


Heavily XML based


Overrides client / server paradigm mismatch


Different Programming Languages


Different Operating Systems


HTTP Communication


Promotes internet scale applications


Aligns well with Internet proxies

APPLICATION SERVER (Apache Tomcat)

SOAP ENGINE (Apache Axis)



Server Side

Web Services

Web Services

Intermediate Processes


Deploy with a descriptor


Generate the WSDL


Java2WSDL


Generate the Server / Client Stubs


WSDL2Java


Modify stubs to match business logic


Redeploy


Use stubs to invoke web services

Client & Server

P
R
O
G
R
A
M
S

CLIENT

INTERNET

SERVER

W
E
B

S
E
R
V
I
C
E
S

S
T
U
B
S

S
T
U
B
S

<?xml version…

<soapenv:Envelope …

<soapenv:Body>







</soapenv:Body>

</soapenv:Envelope …


HTTP Request

HTTP Response

Complex Types


string, int, long vs. ‘Student’ object


WSDL includes what ‘Student’ represents

-

<
wsdl:types
>

-

<schema
targetNamespace
="
urn:StudentService
"
xmlns
="http://www.w3.org/2001/XMLSchema">


<import namespace="http://schemas.xmlsoap.org/soap/encoding/" />

-

<
complexType

name="Student"
>

-

<sequence>


<element name="active"
nillable
="true" type="
xsd:string
" />


<element name="city"
nillable
="true" type="
xsd:string
" />


<element name="department"
nillable
="true" type="
xsd:string
" />


<element name="email"
nillable
="true" type="
xsd:string
" />


<element name="
firstName
"
nillable
="true" type="
xsd:string
" />


<element name="
lastName
"
nillable
="true" type="
xsd:string
" />


<element name="
middleName
"
nillable
="true" type="
xsd:string
" />


<element name="phone"
nillable
="true" type="
xsd:string
" />


<element name="state"
nillable
="true" type="
xsd:string
" />


<element name="
streetAddress
"
nillable
="true" type="
xsd:string
" />


<element name="
studentId
" type="
xsd:long
" />


<element name="zip"
nillable
="true" type="
xsd:string
" />


</sequence>


</
complexType
>


</schema>


</
wsdl:types
>

Student Services Modules

Bank

Account

Student

Mgmt

Course

Mgmt

Schedule

Bursars

Student ‘Web’ Services Architecture

BROWSER

S
E
R
V
L
E
T
S


Apache Tomcat


Apache Axis



H

I

B
E
R
N
A
T
E

DB

PostgreSQL

Student WS

Course WS

Bursars WS*

Bank Account WS*

* WS
-
Security

SOAP Envelope (Unsecure)

<?xml version="1.0" encoding="utf
-
8"?>

<
soapenv:Envelope

xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd
="http://www.w3.org/2001/XMLSchema"

xmlns:xsi="http://www.w3.org/2001/XMLSchema
-
instance">

<
soapenv:Body
>

<ns1:
addStudent

soapenv:encodingStyle
="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="
http://ws.student.columbia.edu
">

</ns1:
addStudent
>

<
multiRef

id="id0"
soapenc:root
="0"

soapenv:encodingStyle
="http://schemas.xmlsoap.org/soap/encoding/"

xsi:type
="ns2:Student"

xmlns:soapenc
="http://schemas.xmlsoap.org/soap/encoding/"

xmlns:ns2="
urn:StudentService
">

<email
xsi:type
="
xsd:string
">
va2199@columbia.edu
</email>

<
firstName

xsi:type
="
xsd:string
">
Vinay
</
firstName
> <
lastName

xsi:type
="
xsd:string
">
Ahuja
</
lastName
>

</
multiRef
>

</
soapenv:Body
>

</
soapenv:Envelope
>


Security


WS Specification


WS Security


OASIS Standard Specification


UsernameToken Extensions

<wsse:UsernameToken>

<wsse:Password>


PasswordText and PasswordDigest


Replay Attacks:

»
Nonce

»
Created


WSS4J API (Apache)




Secure Financial Transactions


PasswordDigest must be known by both
client and server


Implement
javax.security.auth.callback.CallbackHandler




SOAP Envelope (Secure)

<S11:Envelope xmlns:S11="..."
xmlns:wsse
="..."
xmlns:wsu
= "...">

<S11:Header>


...

<
wsse:Security
>

<
wsse:UsernameToken
>

<
wsse:Username
>
va2199
</
wsse:Username
>

<
wsse:Password

Type="...#
PasswordDigest
">
zwgIY4jvDd5ksWgkThjFE3fHhf3gHLw==99
</
wsse:Password
>

<
wsse:Nonce
>
WSRbwjfbDWHg3nWMOt3SHB==
</
wsse:Nonce
>

<
wsu:Created
>
2008
-
04
-
06T05:
-
6:23Z
</
wsu:Created
>

</
wsse:UsernameToken
>

</
wsse:Security
>

...

</S11:Header>

...

</S11:Envelope>