B2B Application Integration Using Web Services

insidiousbehaviorSecurity

Nov 3, 2013 (3 years and 11 months ago)

67 views

B2B Application Integration
Using Web Services

Nagarjuna Nagulapati


Under the guidance of


Dr. Daniel Andresen (Major Professor)

Dr. Torben Amtoft

Dr. William J. Hankley

Outline


Problem Statement


Solution


Application Integration Technologies


B2B Application Integration & Web
Services


SOAP


SOAP Style & Encoding


Implementation


Performance Evaluation

Problem Statement


Market Globalization



Need to stay ahead of competitors



Solutions from multiple vendors



Unable to share information and isolated
functionality




Solution


Application Integration(AI)



Application integration is the real
-
time
controlled sharing of data and business
processes among any connected applications
and data sources within inter and intra
organizations.


Advantages



Increased productivity


Controlled procurement processes


Interoperability with partners


Reuse of existing systems

Types of AI


Enterprise Application Integration


Integrating applications within an enterprise


EDI


based on ANSI standards


Point
-
to
-
point integration



B2B Application Integration


Integrating applications across enterprises


Middlewares


facilitate communication
between two or more software systems


Point
-
to
-
point NOT feasible

Why Web Services?


Java Middleware Technologies


RMI, JMS
-

Language dependent


Distributed objects


CORBA, DCOM
-

Platform dependent


Message Brokers


Require sweeping changes in participating
applications and hence expensive


Open standards, platform and language
independent, loosely
-
coupled integration

B2B AI and Web Services


Organizations favoring open standard
protocols



XML becoming
lingua franca

for data
formatting and interpretation



Web Services are XML
-
based
middleware built on open standards


Web Services


Web services are middleware components that
implement business logic via services and expose
these services programmatically over the web,
which could be invoked by service clients using
SOAP over HTTP



Based on open standards like UDDI, WSDL,
SOAP, XML, HTTP


Separation of specification from implementation

Web Services Stack


Transport protocol


HTTP, SMTP


Data encoding


XML


Standard Message Structure


SOAP


Service Description


WSDL


Service Discovery
-

UDDI

Web Services Framework



UDDI

WSDL

Client

Web


Service

Points to service

description


Describes service

SOAP

HTTP


Finds service

Publishes


service

proxy

SOAP


Simple Object Access Protocol, a lightweight,
message
-
based protocol built on XML and
standard Internet protocols, such as HTTP and
SMTP for information exchange in a decentralized
environment



Defines specification for message structure and
data encoding



Facilitates structured and typed messages to be
exchanged



SOAP


SOAP message must contain a SOAP envelope, a
SOAP body and optional SOAP header



Encoding
-

serialization of data inside a SOAP
message



SOAP encoding is based on XML Schemas and
relies on the XML Schema data types, namespace
and the type attribute

SOAP



<soap:envelope>


<soap:header>




…………………



</soap:header>



<soap:body>




<add>




<num1 xsi:type="xsd:int">5</num1>




<num2 xsi:type="xsd:int">10</num2>




</add>



</soap:body>

</soap:envelope>

SOAP envelope

SOAP payload

SOAP header

Container to hold the

SOAP message

Sequence numbers,

authentication credentials

Method calls, parameters,

Application
-
specific data

WSDL


Describes Web Service methods to
heterogeneous clients in a platform and
language independent manner



SOAP toolkits generate proxy classes using
WSDL



Service contract which specifies the
methods available and type information
needed to properly compose SOAP requests

WSDL

public int add(int num1, int num2)


<?xml version="1.0" encoding="utf8" ?>




<
definitions

>



<
types

/>




<
message name
="
addSoapIn
">





<
part

name
="
num1
"

type
="
s:int
" />






<
part

name
="
num2
"

type
="
s:int
" />




</
message
>



<
message name
="
addSoapOut
">





<
part

name
="
addResult
"

type
="
s:int
" />




</
message
>



<
portType name
="
sampleSoap
">




<
operation name
="
add
">






<
input

message
="
tns:addSoapIn
" />







<
output

message
="
tns:addSoapOut
" />






</
operation
>



</
portType
>



<
binding name
="
sampleSoap
"

type
="
tns:sampleSoap
">







<
soap:binding

transport
="
http://schemas.xmlsoap.org/soap/http
"

style
="
rpc
" />





<
operation name
="
add
">






<
soap:operation

soapAction
="
http://tempuri.org/add
"

style
="
rpc
" />







<
input
>




<
soap:body

use
="
encoded
"

namespace
="
http://tempuri.org/
"

encodingStyle
="
http://schemas.xmlsoap.org/soap/encoding/
"
/>





</
input
>



<
output
>




<
soap:body

use
="
encoded
"

namespace
="
http://tempuri.org/
"

encodingStyle
="
http://schemas.xmlsoap.org/soap/encoding/
"
/>





</
output
>




</
operation
>



</
binding
>



<
service name
=“
Sample
">




<
port name
="
sampleSoap
"

binding
="
tns:sampleSoap
">





<
soap:address

location
="
http://agena.cis.ksu.edu:8080/axis/services/Sample
" />






</
port
>


</
service
>




</
definitions
>


Describes entry points to web service

HTTP
-
POST, HTTP
-
GET, SOAP

Describes style and encoding of the SOAP messages

for each operation

Methods available along with input

and output messages

Number and type of input and output

parameters

Describes custom or complex

Data types

Implementation


Web Services feasibility in integrating
heterogeneous applications


B2B application modeling online
trading system’s supply chain
management


Web Services integrate the business
processes of participating
applications in a real
-
time fashion


System Architecture

Purchaser

(.NET)

Publisher

(.NET)

VENDOR

(J2EE)

SOAP OVER HTTP


Web Service




Web Service


Web Service

Technologies used


ASP.NET, ADO.NET, C#


ASP.NET WebMethod Framework


J2EE 1.3.1, EJB


AXIS 1.1 Framework


JBOSS 3.2.1


XDoclet


IIS 5.0


Microsoft ACT



Message Flow

Purchaser

Vendor

Publisher

orderAvailability()

orderAvailabilityResponse

confirmRequest()


orderInvoice

orderInvoice

invoiceConfirmation

Delegates request to EJB

which processes the request

Inserts order into

database

Detailed System Architecture

Purchaser

(.NET)

proxy

IIS Server

Vendor

(J2EE)

EJB

EJB

.NET web service

J2EE web service

.NET web service

Publisher

(.NET)

IIS Server

JBOSS Application Server

Database

Database

Business tier

SOAP/HTTP

Marshalls native .NET method

calls to XML

Unmarshalls SOAP message to

native Java method calls

Unmarshalls SOAP message to

native .NET method calls

Class Diagram

Purchaser Module

12 classes

Publisher Module

2 classes

Vendor Module

8 classes

Web Services

RPC
-
Style
~1200

LOC

Document
-
Style
~1350

LOC

SOAP processing in .NET

HTTP

Handler


ASP.NET

Engine

HTTP modules

XmlSerializer


ASP.NET

Web Service


Handler

IIS SERVER

Service

Object


SOAP

Request


SOAP

Response

SOAP processing in AXIS

HTTP

Handler


Handlers

Handlers

Serialization

Framework

SOAP MESSAGE PROCESSOR

WS CONTAINER

Axis engine

Web service

JBOSS APPLICATION SERVER


JETTY

WEB SERVER

EJB’S


SOAP

Request


SOAP

Response


SERVICE


provider

Demo

SOAP style & encoding


RPC/Encoded


One
-
to
-
one mapping between SOAP
payload elements and service method


Encoding is based on Section 5, SOAP
specification


SOAP framework handles (de)serializing
of method calls to/from XML


Application developer deals with native
objects

SOAP style & encoding


Document/Literal


No one
-
to
-
one mapping between SOAP
payload and service method


SOAP payload can contain arbitrary XML


Encoding is based on the XML schema
agreed upon by both parties


Application developer deals with raw
SOAP payload



RPC (Vs) Document
-
style


public int add(int num1, int num2)

<soapenv:body>





<ns:add>





<num1 xsi:type=“xsd:int”>10</num1>




<num2 xsi:type=“xsd:int”>8</num2>


</ns:add>

</soapenv:body>

---------------------------------------------------------------------------------------


public Document add(Document operation)

<soapenv:body>





<ns:operation>






<add>10</add>




<add>8</add>





<multiply>1</multiply>



<multiply>2</multiply>


</ns:operation>

</soapenv:body>

Method name

parameter

parameter

Arbitrary XML

Performance Evaluation


SOAP payload (Vs) Processing time

2.35
2.4
2.45
2.5
2.55
2.6
2.65
5
10
15
20
SOAP Payload
Processing Time (log)
RPC-Style
Doc-Style
ASPWEB

Windows Box

Dual processor

292 MHz, 512MB


Agena

Solaris Box

360 MHz, 128MB


Performance Evaluation


SOAP payload (Vs) Requests/Sec

0
0.5
1
1.5
2
2.5
3
3.5
4
5
10
15
20
SOAP Payload
Req/Sec
RPC-Style
Doc-Style
Results analysis


Results


RPC/Encoded solution performed better than
Document/Literal solution


Theoretically Document/Literal should perform
better


Analysis


Implementation was limited to simple data
types in RPC/Encoded


Document/Literal solutions perform better for complex
data types


Axis serialization (vs) Custom serialization


SAX (Vs) DOM


Lessons learned


Service
-
oriented application development
in both .NET and J2EE



Better understanding of SOAP protocol,
message structure, encoding and SOAP
message processing in .NET and Apache
AXIS frameworks


Application integration technologies
currently being used in enterprises and
how they work.

Implementation issues


Insufficient reference resources on the
Document
-
styled Web services




Interoperability between .NET and J2EE
technologies still in its nascent stages



Working simultaneously with both .NET
based API’s and Java based API’s


Conclusion


SOAP is text
-
based, Web Service calls
may be too slow for applications that
require frequent and fast
communications


Web Services are not suitable for
applications which need to access
wide variety of objects and classes

Future work


Security is utmost concern


Authentication credentials in SOAP headers


User/Passwd, Security tokens and SSL


Encoded NOT encrypted


Consortia and organizations working
towards the interoperability and
security of Web Services : WS
-
I & WS
-
Security


References


www.msdn.com


http://ws.apache.org/axis


http://java.sun.com/blueprints/webservices/using/webservbp3.html


http://nagoya.apache.org/wiki/apachewiki.cgi?AxisProjectPages/DotNetInterop


http://www.gotdotnet.com/team/XMLwebservices/gxa_overview.aspx


http://www.aei.on.ca/index.php/aei/notes/edi


http://ecommerce.about.com/cs/b2bresources/a/aa080108a.htm


http://www.topxml.com/b2b/articles/ts4b2b/default.asp


http://msdn.microsoft.com/library/default.asp?url=/library/en
-
us/dnpag/html/eappint
-
ch01.asp


http://www.darc.com/software/2ndLevelArt/News/Application_Integration_for_E
-
Business.pdf


http://www
-
900.ibm.com/developerWorks/cn/xml/developerConf/


http://www
-
106.ibm.com/developerworks/webservices/library/ws
-
whichwsdl/


http://www.jboss.org/index.html?module=bb


www.msdn.com/newsgroups


Acknowledgements


Dr. Daniel Andresen


Dr. Torben Amtoft


Dr. William J. Hankley


Sterling Hanenkamp


Travis Bradshaw






Questions?