Académique Documents
Professionnel Documents
Culture Documents
WebSphere Version 5
Web Services Handbook
Web services overview and concepts
Ueli Wahli
Matija Drobnic
Christian Gerber
Gustavo Garcia Ochoa
Michael Schramm
ibm.com/redbooks
International Technical Support Organization
March 2003
SG24-6891-00
Note: Before using this information and the product it supports, read the information in
“Notices” on page xv.
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvii
The team that wrote this redbook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xviii
Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Comments welcome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xx
Contents v
Inspection document publishing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
WSIL examples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114
WS-Inspection API . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Outlook . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
More information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Contents vii
Types of client implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
More information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186
Contents ix
Setting breakpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Start debugger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274
Process debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 275
Using the debugger . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 276
Deployment to an application server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
Importing the process solution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Importing the projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Defining the server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Test the process sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
More information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
Contents xi
Setup phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358
Build phase of the client application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361
Deployment phase of the client application. . . . . . . . . . . . . . . . . . . . . . . . 363
Run phase of the client application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363
General concepts of the client application . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Application flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Frames . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 365
Abstract servlet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366
Secure proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Invocation result JSP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371
Preferences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372
UDDI lookup sample . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374
Sample 1: dynamic invocation using UDDI lookup . . . . . . . . . . . . . . . . . . 383
Sample 2: dynamic invocation using WSIL lookup . . . . . . . . . . . . . . . . . . 389
Installing the application in Application Developer . . . . . . . . . . . . . . . . . . . . . 395
Configure the HOSTS file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Import two enterprise applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Server project . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Configuring a server for testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Run the samples . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Deployment to WebSphere Application Server . . . . . . . . . . . . . . . . . . . . . . . 398
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Contents xiii
xiv WebSphere Version 5 Web Services Handbook
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult
your local IBM representative for information on the products and services currently available in your area.
Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such
provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer
of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s) described in this publication at
any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on
the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them
as completely as possible, the examples include the names of individuals, companies, brands, and products.
All of these names are fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrates programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs in
any form without payment to IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating platform for which the
sample programs are written. These examples have not been thoroughly tested under all conditions. IBM,
therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to IBM for the purposes of
developing, using, marketing, or distributing application programs conforming to IBM's application
programming interfaces.
ActionMedia, LANDesk, MMX, Pentium and ProShare are trademarks of Intel Corporation in the United
States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States, other countries, or both.
C-bus is a trademark of Corollary, Inc. in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
SET, SET Secure Electronic Transaction, and the SET Logo are trademarks owned by SET Secure
Electronic Transaction LLC.
Other company, product, and service names may be trademarks or service marks of others.
This IBM Redbook describes the new concept of Web services from various
perspectives. It presents the major building blocks Web services rely on. Here,
well-defined standards and new concepts are presented and discussed.
The IBM Redbook Web Services Wizardry with WebSphere Studio Application
Developer, SG24-6292, published in April 2002 has already covered the basics
of Web services and how they can be implemented using the corresponding IBM
tools. Thus, this new book goes beyond the scope of the 2002 release. Two
major focus areas are defined:
Description of the underlying concepts—While the 2002 book mainly
describes implementation aspects for J2EE, we concentrate more on the
underlying principles and new concepts that are about to emerge, and their
impact for the implementation of new application types.
Update of the information provided—Since the release of the first book,
roughly one year has passed that has brought a new generation, not only of
basically all WebSphere products, but also on all standards on Web services.
Thus, we update the provided information.
Although this book uses the 2002 book as a basis, it is written as a stand-alone
release. All relevant concepts are introduced in reasonable depth. Reading
SG24-6292 is thus not mandatory, but it deepens some aspects and is therefore
still a useful source of information.
Preface xix
Anton (Tony) Fricko is a member of IBM's jStart team and is responsible for
assisting customers and Business Partners with the introduction of emerging
technologies in Europe.
Bertrand Portier and Simon Nash of IBM Hursley for their input and help on
the WebSphere SDK for Web Services.
Your efforts will help increase product acceptance and customer satisfaction. As
a bonus, you'll develop a network of contacts in IBM development labs, and
increase your productivity and marketability.
Find out more about the residency program, browse the residency index, and
apply online at:
ibm.com/redbooks/residencies.html
Comments welcome
Your comments are important to us!
Thus, there is an increasing demand for technologies that support the connecting
or sharing of resources and data in a very flexible and standardized manner.
Because technologies and implementations vary across companies and even
within divisions or departments, unified business processes could not be
smoothly supported by technology. Integration has been developed only between
units that are already aware of each other and that use the same static
applications.
Companies and their sub-units should be able to easily provide services. Other
business units can use these services in order to implement their business
processes. This integration can be ideally performed during the runtime of the
system, not just at the design time.
Legacy
system
2
1
Service Service
Requestor Internet Provider
3
Service
Broker
These services can be new applications or just wrapped around existing legacy
systems to make them network-enabled. Services can rely on other services to
achieve their goals.
The following are the core technologies used for Web services. These
technologies are covered in detail in the subsequent chapters.
XML (eXtensible Markup Language) is the markup language that underlies
most of the specifications used for Web services. XML is a generic language
that can be used to describe any kind of content in a structured way,
separated from its presentation to a specific device.
SOAP (formerly referred to as Simple Object Access Protocol, or
Service-Oriented Architecture Protocol—in fact, similarly to JDBC, it is no
longer an acronym) is a network, transport, and programming
language-neutral protocol that allows a client to call a remote service. The
message format is XML.
WSDL (Web services description language) is an XML-based interface and
implementation description language. The service provider uses a WSDL
Figure 1-2 shows the relationship between the core elements of the SOA.
UDDI
(Broker)
HTTP
Runtime
transports
SOAP other
Requestor Provider
SOA Runtime
J2EE other
Implementation
Figure 1-2 Main building blocks in an SOA approach based on Web services
All elements use XML including XML namespaces and XML schemas.
Service requestor and provider communicate with each other.
WSDL is one alternative to make service interfaces and implementations
available in the UDDI registry.
WSDL is the base for SOAP server deployment and SOAP client generation.
For connecting to a large monolithic system that does not allow the
implementation of different flexible business processes, other approaches might
be better suited, for example to satisfy specialized features, such as
performance and security.
Example
In this section, we present a sample scenario that illustrates the use of Web
services in a service-oriented environment. This example is partially
over-simplified and thus does not claim completeness or overall soundness.
However, it gives an understanding of how to use this technology beyond
simplistic scenarios such as stock quote examples. The scenario covers the
Figure 1-3 shows the different units that run these processes. Note that some
parts of the first two processes are run through units within the company’s
intranet, while the last process integrates units from different companies over the
Internet.
Image
renderer Intranet
1 Dealer
locator
2
Client B2C Web
Application Production
system
3
Credit
history Banking ... Banking
checker system 1 system n
As Figure 1-3 shows, in this scenario the B2C Web application makes use of a
car configurator legacy system, which is wrapped by a Web service. The B2C
Web application passes control to that application. The car configurator in turn
uses another system, which is responsible for an online generation of images
that show the car in the selected configuration. After every user’s change in the
configuration, the car configurator requests a new image from the renderer. This
transaction is again performed with Web services.
Once the user has finished the configuration process, he can store the particular
configuration on the server side. Therefore, he first has to register for a login
account and then to actually log in (which we do not cover here in depth). In the
scenario, the component for storing the configuration is a system that serves
storing facilities to many other components. It offers Web services for storing,
retrieving, and deleting configurations of any kind, not restricted to a modeled
car. The B2C Web application contacts the storing component and makes use of
the store Web service.
The user might leave the portal and return another day. Then he can load the
configured car (the B2C Web application retrieves the data from the storing
module via Web service), modify it, and store it again.
Once all relevant data is inserted, the B2C Web application initiates the
production of the ordered car. The responsible system is also accessible through
a Web service.
The B2C Web application collects relevant data from the user, such as the
budget he wishes to spend per month. Furthermore, the B2C Web application
contacts an external credit history check institution via a Web service in order to
clarify the user’s credibility.
After having collected these pieces of data, the B2C Web application contacts
several banking systems through Web services and initiates an auction for this
case. All connected banking systems may release a bid. The B2C Web
application compares the offers, selects the best choice, grants the bid and
submits the relevant customer data to the according banking system. All other
banking systems are sent a rejection.
Discussion
This scenario is well suited to be implemented using Web services technology:
All components (except for the central B2C Web application) already existed
beforehand and were easily wrapped to work as Web services.
The components deliver small well-defined and independent pieces of
functionality, which could be used for many business processes, because the
components do not require any status data of a certain process as input.
Some of the integrated components run on the car manufacturer’s intranet,
while others are run by different enterprises and are accessed over the
Internet.
Summary
In this chapter we have presented the general business and programming
concepts that Web services are built on. A service-oriented architecture provides
a loose coupling between components that provide and use services. As
discussed, this flexible approach gives a wide range of advantages in business
scenarios, where reusable components are employed for different business
processes.
We have also sketched the core building blocks to run Web services. These
building blocks are presented in more detail in the next chapters.
Finally, we have outlined a scenario that is well suited to the use of Web services
in order to give a taste of how new business processes could be modeled using
the new technology.
The next three chapters introduce the main building blocks for Web services in
more detail: SOAP, WSDL, and UDDI. The remaining chapters of Part 1 describe
other concepts, which build on the base.
More information
General introductions to Web services can be found at:
http://www.ibm.com/developerworks/webservices/
http://xml.watson.ibm.com/
The following Web site provides a collection of IBM resources on the topic at
hand. For example, you can find an introduction to the SOA in a white paper titled
Web Services Conceptual Architecture (WSCA 1.0):
http://www.ibm.com/software/solutions/webservices/resources.html
We cover the SOAP 1.1 specification in detail and present a couple of examples
of SOAP messages. We cover the details of the SOAP architecture. We explore
SOAP implementations such as Apache SOAP 2.3 and Apache eXtensible
Interaction System (Axis).
We also briefly touch upon other SOAP implementations, such as the Microsoft
SOAP Toolkit. Finally, we outline recent development and future trends in this
field.
SOAP does not cover distributed garbage collection. SOAP clients also do not
hold any stateful references to remote objects, and without this, activation in a
Java RMI way is also impossible.
In this chapter, we discuss the W3C SOAP 1.1 specification and the SOAP 2.3
implementation from Apache. We also discuss Apache Axis, another Java
implementation. There are other Java implementations as well as non-Java
implementations, such as Microsoft SOAP Toolkit, which we only briefly touch
upon.
Encoding rules
Encoding rules define a serialization mechanism that can be used to
exchange instances of application-defined data types.
SOAP defines a programming language-independent data type schema
based on the XML schema descriptor (XSD), plus encoding rules for all data
types defined according to this model.
RPC representation
The remote procedure call (RPC) representation is a convention suited to
represent remote procedure calls and the related response messages. As
arguments in remote method invocation we normally use relatively simple
data structures, although, with conventions such as XML Literal, it is possible
to transfer more complex data. This convention, however, is only covered by
SOAP implementations and is not a part of a SOAP standard.
The usage of this convention is optional. If the RPC convention is not used,
the communication style is purely message-oriented. When working with the
message-oriented style, also called document-oriented communication,
almost any XML document can be exchanged.
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
<SOAP-ENV:Body>
<ns1:getMessage xmlns:ns1="urn:NextMessage"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<UserID xsi:type="xsd:string">JDoe</UserID>
<Password xsi:type="xsd:string">0JDOE0</Password>
</ns1:getMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
HTTP/1.1 200 OK
Content-Type: text/xml; charset="utf-8"
Content-Length: nnnn
<SOAP-ENV:Envelope>
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
<SOAP-ENV:Body>
<ns1:getMessage xmlns:ns1="urn:NextMessage"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<return xsi:type="xsd:string">Call mom!</return>
</ns1:getMessage>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Namespaces
SOAP defines the XML namespaces shown in Table 2-1.
Table 2-1 SOAP namespaces
Prefix Namespace URI Explanation
URN
A unified resource name (URN) uniquely identifies the service to clients. It must
be unique among all services deployed in a single SOAP server, which is
identified by a certain network address. A URN is encoded as a universal
resource identifier (URI). We commonly use the format: urn:UniqueServiceID.
urn:NextMessage is the URN of our message exchange Web service.
This namespace URI identifying the method name in SOAP is very similar to the
interface ID scoping a method name in distributed computing environments such
as DCOM or CORBA or the name and the associated remote interface of an
Enterprise JavaBean (EJB).
SOAP envelope
The envelope is the top element of the XML document representing the message
with the following structure:
<SOAP-ENV:Envelope .... >
<SOAP-ENV:Header name="nmtoken">
<SOAP-ENV:HeaderEntry.... />
</SOAP-ENV:Header>
<SOAP-ENV:Body name="nmtoken">
[message payload]
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Headers
Headers are a generic and flexible mechanism for extending a SOAP message in
a decentralized and modular way without prior agreement between the parties
involved. They allow control information to pass to the receiving SOAP server
and provide extensibility for message structures as well.
Headers are optional elements in the envelope. If present, the element must be
the first immediate child element of a SOAP envelope element. All immediate
child elements of the header element are called header entries.
If it is present in a header element and set to “1”, the service provider must
implement the semantics defined by the element:
<thens:qos xmlns:thens="someURI" SOAP-ENV:mustUnderstand="1">
1
</thens:qos>
In the example, the header element specifies that a service invocation must fail if
the service provider does not support the quality of service (qos) level 1
(whatever qos=1 stands for in the actual invocation context).
Headers can also carry client or project-specific controls and extensions to the
protocol; the definition of headers is not just up to standard bodies.
Body
The SOAP body element provides a mechanism for exchanging information
intended for the ultimate recipient of the message. The body element is encoded
as an immediate child element of the SOAP envelope element. If a header
element is present, then the body element must immediately follow the header
element. Otherwise it must be the first immediate child element of the envelope
element.
All immediate child elements of the body element are called body entries and
each body entry is encoded as an independent element within the SOAP body
element. In the most simple case, the body of a basic SOAP message
comprises:
A message name.
A reference to a service instance. In Apache SOAP, a service instance is
identified by its URN. This reference is encoded as the namespace attribute.
One or more parameters carrying values and optional type references.
Typical uses of the body element include invoking RPC calls with appropriate
parameters, returning results and error reporting. Fault elements are used in
communicating error situations. The messages can contain almost any XML
construct except document type definitions (DTDs) and processing instructions.
Error handling
SOAP itself predefines one body element, which is the fault element used for
reporting errors. If present, the fault element must appear as a body entry and
must not appear more than once within a body element. The fields of the fault
element are defined as follows:
Faultcode—is a code that indicates the type of the fault. SOAP defines a
small set of SOAP fault codes covering basic SOAP faults:
– SOAP-ENV:Client, indicating incorrectly formatted messages
– SOAP-ENV:Server, for delivery problems
– SOAP-ENV:VersionMismatch, which can report any invalid namespaces for
envelope element
– SOAP-ENV:MustUnderstand for errors regarding the processing of header
content
Advanced topics
In the following section, we discuss some more advanced SOAP concepts, such
as the different communication styles, SOAP data model, the available
encodings and the corresponding type mappings. Although these concepts are
rarely a concern in simple SOAP architectures, you will very quickly find them
useful once you try to implement a nontrivial Web service.
Communication styles
SOAP supports two different communication styles:
Document Also known as message-oriented style: This style provides a
lower layer of abstraction, and requires more programming work.
The in parameter is any XML document, the response can be
anything (or nothing). This is a very flexible but not yet frequently
used communication style.
RPC The remote procedure call is a synchronous invocation of
operation returning a result, conceptually similar to other RPCs.
This style is exploited by many Web service tools and featured in
many tutorials. The main focus of this redbook is on the RPC
style.
SOAP enables applications to encapsulate and exchange RPC calls using the
extensibility and flexibility of XML. To make a method call, the following
information is needed:
The URI of the target object
A method name
An optional method signature
The parameters of the method
Optional header data
Using SOAP for RPC does not imply any specific SOAP protocol binding; using
SOAP for RPC is not limited to the HTTP protocol binding. When using HTTP as
the protocol binding, however, an RPC call maps naturally to an HTTP request
and an RPC response maps to an HTTP response.
Figure 2-3 shows the interactions between the client and server as well as the
server-side processing of a service invocation in RPC communication.
Call 2
ServiceManager
- target object
- encoding style
5
- method name
- parameters RPC Router Servlet
- transport SOAP
Message
- invoke() 1
3 PluggableProvider
4 SOAP Service
It is worth noting that this is a very simple scenario. More sophisticated scenarios
would use additional steps, such as the ones related to security policy.
Data model
One of the promises of SOAP is interoperability between different programming
languages. That is the purpose of the SOAP data model, which provides a
language-independent abstraction for common programming language types. It
consists of:
Simple XSD types Basic data types found in most programming languages
such as int, String, Date, and so forth.
Compound types There are two kinds of compound types, structs and
arrays :
Structs Named aggregated types. Each element has a unique
name, its accessor. An accessor is an XML tag. Structs are
conceptually similar to records in languages such as
Pascal or methodless classes with public data members in
object-based programming languages.
Arrays Elements in an array are identified by position, not by
name. This is the same concept found in languages such
as C and Java. SOAP also supports partially transmitted
and sparse arrays. Array values may be structs or other
compound values. Also, nested arrays (which means
arrays of arrays) are allowed.
All elements and identifiers comprising the SOAP data model are defined in the
namespace SOAP-ENC. It is worth noting that the SOAP standard only defines the
rules of how data types can be constructed; a project-specific XML schema has
to define the actual data types.
<ns1:getMessage xmlns:ns1="urn:NextMessage"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<UserID xsi:type="xsd:string">JDoe</UserID>
<Password xsi:type="xsd:string">0JDOE0</Password>
</ns1:getMessage>
In the example in Figure 2-4, the accessors are UserID and Password. The
accessor names correspond to the names of the parameters, and the message
types to the programming language data types (xsd:string and
java.lang.String). The parameters must appear in the same order as in the
method signature. The prefixes xsd and xsi reference namespaces
http://www.w3.org/2001/XMLSchema and
http://www.w3.org/2001/XMLSchema-instance respectively.
In the example shown in Figure 2-5, the argument is an array whose values are
structs.
<ns1:getSubscribers xmlns:ns1="urn:SubscriberList"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENC:Array SOAP-ENC:arrayType="xxx:Subscribers[2]">
<Subscribers>
<UserID xsi:type="xsd:string">JDoe</UserID>
<Password xsi:type="xsd:string">0JDOE0</Password>
</Subscribers>
<Subscribers>
<UserID xsi:type="xsd:string">MDoe</UserID>
<Password xsi:type="xsd:string">0JMDOE0</Password>
</Subscribers>
</SOAP-ENC:Array>
</ns1:getSubscribers>
SOAP provides a preferred encoding for all data types defined according to this
model. We cover this subject in the next section.
Encodings
In distributed computing environments, encodings define how data values
defined in the application can be translated to and from a protocol format. We
refer to these translation steps as serialization and deserialization, or,
synonymously, marshalling and unmarshalling (even Apache SOAP uses both
pairs of terms).
When implementing a particular Web service, we have to choose one of the tools
and programming or scripting languages that support Web services model, for
example Java. On the other hand, the protocol format for Web services is XML,
which is independent of the programming language. Thus, SOAP encodings tell
the SOAP runtime environment how to translate from data structures constructed
in a specific programming language into SOAP XML, and vice versa.
The encoding to be used by the SOAP runtime can be specified at deploy time or
at runtime. If it is specified at deploy time, it appears in the WSDL specification of
the Web service. Tools can then analyze this specification and configure the
SOAP runtime to use the desired encoding.
At runtime, the SOAP client API allows the specification of the encoding for the
entire message and for each of its parameters. On the server side, the encoding
style is specified in the deployment descriptor of the Web service, an XML
document that provides information to the SOAP runtime about the services that
should be made available to clients. It contains information such as the URN for
the service and method and class details (in case the service is implemented in
Java) or the name of a script. The settings on the client and the server side have
to match.
Any SOAP runtime environment holds a table of such mapping entries, the
SOAPMappingRegistry. Standard Java-related mappings are shown in Table 2-2.
Table 2-2 SOAP Java-related mappings
Implementations
So far we discussed only SOAP specification. To build a Web services-based
solution, the standard should be implemented in one of the programming
languages. In the following sections, we discuss some of the most popular SOAP
implementations.
Transport Layer
(HTTP, HTTPS, SMTP, JMS, MQ, other)
On the provider side, RPC and message router servlets receive the incoming
requests. Providers route them to the Java service implementation. The server is
configured through deployment descriptor files.
Both on the requestor and on the provider side, there are mapping registries
providing access to serializer/deserializer classes implementing an encoding
scheme.
IBM SOAP4J
IBM’s SOAP for Java implementation became the basis of the Apache SOAP
project.
Let us investigate the details of SOAP server and then the SOAP client API.
SOAP server
Apache SOAP 2.3, which comes with WebSphere Application Server Version 5
and Application Developer Version 5, provides an implementation of a SOAP
server for deploying and invoking Web services.
For now, the important elements in this architecture are the rpcrouter and
messagerouter servlets, the deployment descriptor (explained below), and the
type mapping registry. These components implement the SOAP concepts
introduced so far.
The pluggable providers link a Web service and its implementation. The service
implementation is your Java code actually executing the invoked Web service.
We do not go into details about the configuration manager, and the administrative
GUI here. Refer to the Apache SOAP user documentation for more information.
Web Service
Deployment
Descriptor
DeployedServices.ds
Server deployment
Deployment stands for configuring a Web service implementation so that it
becomes available within a hosting SOAP server. The following steps have to be
performed when a Web service is deployed to the SOAP server:
Create a code artifact that is supported by one of the Apache SOAP
providers.
Ensure that parameters to the method/function are serializable by SOAP, and
exist within the SOAP type mapping registry. Otherwise, develop and register
custom mappings.
Create an entry in the Apache SOAP deployment descriptor for the service.
A Web service implementation Java class implementing the first step for the
Exchange Web service is shown in Figure 2-8.
<root>
<isd:service xmlns:isd="http://xml.apache.org/xml-soap/deployment"
id="urn:NextMessage" checkMustUnderstands="1">
<isd:provider type="java" scope="Request" methods="getMessage">
<isd:java class="NextMessage" static="false"/>
</isd:provider>
</isd:service>
</root>
This deployment descriptor defines the URN, urn:NextMessage, and the name of
the Java implementation class, NextMessage. There is one accessible method,
getMessage.
The Web service scope is request. This scope attribute can be set to application,
request, or session:
If the scope is application, a singleton instance of the service is created at
server startup time (like a servlet).
A service with request scope is instantiated whenever a message for it is
received.
If the scope is session, the lifetime of the service instance is bound to the
duration of the underlying transport session (for example, the HttpSession in
case HTTP is the transport protocol).
The actual deployment step can either be performed using the administrative
GUI that comes with Apache SOAP or programmatically.
As a SOAP developer, you might have to use the following classes as well:
QName Qualified name: combination of an XML namespace
and a local name. QName instances are used to identify
XML data types and other elements in an XML
document.
SOAPMappingRegistry Maps types and encoding styles to the available
serializer and deserializer classes.
SOAPHttpTransport Provides access to the HTTP transport layer. For
example, this class can be used to modify proxy and
authentication settings.
Let us take a look at an example (Figure 2-10). The message that travels if this
code is executed is the same message we inspected in Figure 2-1 on page 20.
You have to perform the following steps when developing a SOAP client:
Obtain the interface description of the SOAP service, so that you know what
the signatures of the methods that you want to invoke are. Either contact the
service provider directly, or use UDDI to do so (note that this step is not
shown in the example).
Make sure that there are serializers registered for all parameters that you will
be sending, and deserializers for all information that you will be receiving (this
holds true for the example). Otherwise, develop and register the custom
mapping.
Create and initialize the org.apache.soap.rpc.Call object.
– Set the target URI in the Call object using the setTargetObjectURI
method.
– Set the method name that you wish to invoke into the Call object using the
setMethodName method.
– Create any Parameter objects necessary for the RPC call, and add them to
the Call object using the setParams method.
call.setParams(params);
Response resp = null;
URL url = new URL ("http://www.messages.com/soap/servlet/rpcrouter");
resp = call.invoke (url, "urn:NextMessage"); // url, soapActionURI
// soapActionURI is URN for Apache, "" for most other servers
if (resp.generatedFault()) {
Fault fault=resp.getFault();
System.out.println(" Fault code: " + fault.getFaultCode());
System.out.println(" Fault string: " + fault.getFaultString());
} else {
Parameter result=resp.getReturnValue();
Object o = result.getValue();
System.out.println("Result: " + o);
}
}
}
Execute the Call object's invoke method and capture the Response object
that is returned from invoke.
Check the Response object to see if a fault was generated using the
generatedFault method.
If a fault was returned, retrieve it using the getFault method. Otherwise,
extract any result or returned parameters using the getReturnValue and
getParams methods, respectively.
The SOAP client API is a string-oriented, weakly typed interface. This is due to
the fact that it is a fixed API that is unaware of the signatures of the messages
that are exchanged over it.
Axis
The Apache eXtensible Interaction System (Axis) is basically a SOAP engine. It
represents a framework for constructing SOAP processors such as clients,
servers, or gateways. Axis is an Apache open-source project and is written in
Java. Axis Version 1.0 is available, and Version 1.1 is in beta.
Beside being a SOAP engine, Axis also includes the following features:
A server that plugs into servlet engines such as WebSphere Application
Server or Apache Tomcat.
Extensive support for the Web service description language (WSDL).
Tools that generates Java classes from WSDL and vice versa (WSDL2Java and
Java2WSDL).
A tool for monitoring TCP/IP packets.
TCP/IP monitoring is a very efficient tool for Web services debugging and
troubleshooting.
Axis represents the third generation of Apache SOAP, which began at IBM as
SOAP4J, and is often referred to as Apache SOAP 3.x. However, it does not
share the code of the Apache SOAP 2.x project, but has been redesigned from
scratch. It is based on the idea of configurable chains of message handlers,
which would implement small bits of functionality in a flexible manner.
Axis uses the event-based simple API for XML (SAX) instead of DOM parsing to
perform significantly better than earlier versions of Apache SOAP. The
extendable Axis architecture enables the developer to insert extensions into the
engine.
Axis defines a set of published interfaces that change relatively slowly compared
to the rest of Axis and therefore provide a higher level of stability from the
developer’s point of view.
The large cylinders represent chains and the small cylinders represent handlers
within a chain. The main flow elements are:
The transport listener puts the protocol-specific data into a Message object and
the message data into a MessageContext object.
The Axis engine looks up the transport, which may contain a request chain, a
response chain, or both. Each chain is a sequence of handlers that are
invoked in turn.
After the transport chain, the global chain of handlers is invoked.
One of the handlers sets the serviceHandler field in the MessageContext and
the Axis engine invokes that service (an instance of SOAPService).
The service invokes its request chain (if present) and finally the provider,
which is the handler responsible for invoking the back-end logic.
The response is processed by the respective response handlers in the
service, global, and transport chains.
Figure 2-12 shows the layering of subsystems. The lower layers are independent
of the higher layers. The stacked boxes represent mutually independent,
although not necessary mutually exclusive, alternatives. For example, the HTTP,
SMTP, and JMS transports are independent of each other but may be used
together.
MDB SMTP
XML-RPC EJB JMS
deployment Java
SOAP HTTP
descriptor RPC
message
admin service provider transport encoding
model
Implementations
Axis 1.0 is implemented in the Web Services Toolkit (see Chapter 16, “Web
Services Toolkit” on page 301) and in the WebSphere Web Services Technology
Preview (see Chapter 17, “WebSphere Web Services Technology Preview” on
page 317).
We implement our sample application using the Axis tool provided with the
WebSphere SDK for Web Services and the WebSphere Web Services
Technology Preview.
Outlook
At the time of writing this book, the SOAP 1.2 specification was in its final phase.
It introduces several changes to SOAP 1.1. It is beyond the scope of this book to
go into the details of differences between SOAP 1.1 and SOAP 1.2
specifications. Recent information on this subject is available at:
http://www.w3.org/TR/soap12-part0/#L4697
In October 2002, Apache Axis V1.0 was officially released. Among others, it
implements most of the SOAP 1.2 specification.
For information on Apache SOAP, check out the user and API documentation as
well as the FAQ list at:
http://www.apache.org/soap
For information on Apache Axis, check out the user and API documentation as
well as the FAQ list at:
http://xml.apache.org/axis/index.html
IBM’s developerWorks Web site provides many articles on SOAP (enter SOAP into
the search engine):
http://www.ibm.com/developerworks
For example, here are two articles about SOAP type mapping:
http://www.ibm.com/developerworks/library/ws-soapmap1/
http://www.ibm.com/developerworks/library/ws-soapmap2/
For information on Microsoft SOAP Toolkit, check out the user and API
documentation as well as the FAQ list at:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsoap/htm
l/soap_faq.asp?frame=true
WSDL 1.1 provides a notation serving these purposes. The WSDL specification
is a joint effort by Ariba, IBM, and Microsoft. It is not yet an official standard; at
the time of the writing of this book, its status was “submission acknowledged” by
the W3C.
The Web services description language specification 1.2 is a working draft at this
time. Therefore, we do not make any specific reference to WSDL 1.2, but we
include some information in “Outlook” on page 59.
A WSDL specification uses XML syntax; therefore, there is an XML schema for it.
A valid WSDL document consists of one or more files. If there is more than one
file, the use of the import element is required. This import element creates the
needed reference to locate the different files of the WSDL document. We
recommend this split to maintain a clearer service definition based on their level
of abstraction.
WSDL document
The WSDL document contains the following top-level elements:
Types A container for data type definitions using some type system,
such as XML schema.
Message An abstract, typed definition of the data being communicated. A
message can have one or more typed parts.
Port type An abstract set of one or more operations supported by one or
more ports. Each operation defines an input and an output
message as well as an optional fault message.
Operation An abstract description of an action supported by the service.
Binding A concrete protocol and data format specification for a particular
port type. The binding information contains the protocol name,
the invocation style, a service ID, and the encoding for each
operation.
Port A single endpoint, which is defined as an aggregation of a
binding and a network address.
Service A collection of related ports.
Note that WSDL does not introduce a new type definition language. WSDL
recognizes the need for rich type systems for describing message formats, and
supports the XML schema specification (XSD).
It is worth noting that WSDL does not define any mapping to programming
languages such as Java; rather the bindings deal with transport protocols. This is
a major difference from interface description languages, such as CORBA IDL,
which has language bindings.
1 n 1 n 1 1
WSDL Protocol
Service Port
Document Extensions
1 n
style/transport
1 Protocol
1 Extensions 1 Protocol action
1 style
Binding Extensions
n 1 Operation 1
n Binding
n 1
Message encoding
n 1..3 Binding
1 1
1 n
Port Type Operation
n
n Type
1..3
1 n
Binding
Message Part
n
0..1 n Instance
n
Type XML
n
1 contains
n XML 1 n
XSD Type points to
Schema
Figure 3-1 WSDL elements and relationships
The containment relationships shown in the diagram directly map to the XML
schema for WSDL.
In practice a WSDL document can be split into multiples documents using the
import element (see “Physical files” on page 46).
Example
Let us now give an example of a simple complete and valid WSDL file. As we will
see, even a simple WSDL document contains quite a few elements with various
relationships to each other. Figure 3-2 and Figure 3-3 contain the WSDL file
example. This example is analyzed in detail later in this chapter.
The example is provided as one unique file. We will see later on that it is possible
to fragment this WSDL document in more than one part. As an exercise, you can
try identifying the different elements in Figure 3-1 on page 43 while examining
the example.
Physical files
A WSDL document can be created in one or more physical files. If they are more
than one, we need to connect these files using an import element. This
separation of files can be convenient to hold the abstraction of concepts and to
allow better maintenance.
Figure 3-4 shows the same Web service described in one, two, or three files.
One file, typically used in Axis
Two files, typically used in Application Developer Version 4
Three files, typically used in Application Developer Version 5
All three examples stand for the same Web service. Therefore, it is important not
to be confused by the number of files used to define the WSDL document. There
is only one WSDL specification that defines the elements of a WSDL document;
how many files are used to store the document is up to the implementer.
types
message
One file
portType
binding
services
port
WSDL document
Two files
Service Service
Implementation Interface
import types
service message
port portType
Three files
binding
WSDL document
WSDL document
Figure 3-4 WSDL document structure as one, two, or three files
The first four namespaces are defined by the WSDL specification itself; the next
four definitions reference namespaces that are defined in the SOAP and XSD
standards. The last one is local to each specification. Note that in our example
we do not use real namespaces; the URIs contain localhost.
WSDL definition
The WSDL definition contains types, messages, operations, port types, bindings,
ports and services.
The XSD type system can be used to define the types in a message regardless
of whether or not the resulting wire format is actually XML.
In our example the type definition, shown in Figure 3-5, is where we specify that
there is a complex type called AddressBean, which is composed of two elements,
a street and a zipcode. We also specify that the type of the street is a string and
the type of the zipcode is a number (int).
<wsdl:types>
<schema targetNamespace="http://address.jaxrpc.samples"
xmlns="http://www.w3.org/2001/XMLSchema">
<import namespace="http://schemas.xmlsoap.org/soap/encoding/"/>
<complexType name="AddressBean">
<sequence>
<element name="street" nillable="true" type="xsd:string"/>
<element name="zipcode" type="xsd:int"/>
</sequence>
</complexType>
<element name="AddressBean" nillable="true" type="impl:AddressBean"/>
</schema>
<schema targetNamespace="http://www.w3.org/2001/XMLSchema"
xmlns="http://www.w3.org/2001/XMLSchema">
<import namespace="http://schemas.xmlsoap.org/soap/encoding/"/>
<element name="int" type="xsd:int"/>
<element name="string" type="xsd:string"/>
</schema>
</wsdl:types>
The abstract message definitions are used by the operation element. Multiple
operations can refer to the same message definition.
In our example the messages definition, shown in Figure 3-6, is where we specify
the different parts that compose each message. The request message
updateAddressRequest is composed of an AddressBean part and an int part. The
response message updateAddressResponse is composed of a string part.
<wsdl:message name="updateAddressRequest">
<wsdl:part name="in0" type="intf:AddressBean"/>
<wsdl:part name="in1" type="xsd:int"/>
</wsdl:message>
<wsdl:message name="updateAddressResponse">
<wsdl:part name="return" type="xsd:string"/>
</wsdl:message>
Port types
A port type is a named set of abstract operations and the abstract messages
involved:
<wsdl:definitions .... >
<wsdl:portType name="nmtoken">
<wsdl:operation name="nmtoken" .... /> (0 or more)
</wsdl:portType>
</wsdl:definitions>
Each of these operation types can be supported with variations of the following
syntax. Presence and order of the input, output, and fault messages
determine the type of message:
<wsdl:definitions .... >
<wsdl:portType .... > (0 or more)
<wsdl:operation name="nmtoken" parameterOrder="nmtokens">
<wsdl:input name="nmtoken"(0 or 1) message="qname"/> (0 or 1)
<wsdl:output name="nmtoken"(0 or 1) message="qname"/> (0 or 1)
<wsdl:fault name="nmtoken" message="qname"/> (0 or more)
</wsdl:operation>
</wsdl:portType >
</wsdl:definitions>
In our example the port type and operation definition, shown in Figure 3-7, are
where we specify the port type, called AddressService, and a set of operations.
In this case, there is only one operation, called updateAddress.
We also specify the interface that the Web services provides to its possible
clients, with the input message, updateAddressRequest, and the output message,
updateAddressResponse, that are used in the transaction.
Figure 3-7 Port type and operation definition in our WSDL document example
Bindings
A binding contains:
Protocol-specific general binding data, such as the underlying transport
protocol and the communication style for SOAP, for example
Protocol extensions for operations and their messages include the URN and
encoding information for SOAP, for example
Each binding references one port type; one port type can be used in multiple
bindings. All operations defined within the port type must be bound in the
binding. The pseudo XSD for the binding looks like this:
<wsdl:definitions .... >
<wsdl:binding name="nmtoken" type="qname"> (0 or more)
<-- extensibility element (1) --> (0 or more)
<wsdl:operation name="nmtoken"> (0 or more)
<-- extensibility element (2) --> (0 or more)
<wsdl:input name="nmtoken"(0 or 1) > (0 or 1)
<-- extensibility element (3) -->
</wsdl:input>
<wsdl:output name="nmtoken"(0 or 1) > (0 or 1)
<-- extensibility element (4) --> (0 or more)
</wsdl:output>
<wsdl:fault name="nmtoken"> (0 or more)
<-- extensibility element (5) --> (0 or more)
</wsdl:fault>
</wsdl:operation>
</wsdl:binding>
</wsdl:definitions>
As we have already seen, a port references a binding. Port and binding are
modeled as separate entities in order to support flexibility and location
transparency. Two ports that merely differ in their network address can share the
same protocol binding.
In our example the binding definition, shown in Figure 3-8, is where we specify
our binding name, AddressSoapBinding. The connection must be SOAP HTTP
and the style must be rpc. We provide a reference to our operation,
updateAddress, define the input message updateAddressRequest and the output
message updateAddressResponse, and define both to be SOAP encoded.
Service definition
A service definition merely bundles a set of ports together under a name, as the
following pseudo XSD definition of the service element shows. This pseudo XSD
notation is introduced by the WSDL specification:
<wsdl:definitions .... >
<wsdl:service name="nmtoken"> (0 or more)
<wsdl:port .... /> (0 or more)
</wsdl:service>
</wsdl:definitions>
The binding attribute is of type QName, which is a qualified name (equivalent to the
one used in SOAP). It refers to a binding. A port contains exactly one network
address; all other protocol-specific information is contained in the binding.
Any port in the implementation part must reference exactly one binding in the
interface part.
<-- extensibility element (1) --> is a placeholder for additional XML elements
that can hold protocol-specific information. This mechanism is required because
WSDL is designed to support multiple runtime protocols. For SOAP, the URL of
the RPC router servlet is specified as the SOAP address here.
In our example the service and port definition, shown in Figure 3-9, is where we
specify our service, called AddressServiceService, that contains a collection of
our ports. In this case, there is only one that uses the AddressSoapBinding and is
called Address. In this port, we specify our connection point as
http://localhost:8080/axis/services/Address.
<wsdl:service name="AddressServiceService">
<wsdl:port binding="intf:AddressSoapBinding" name="Address">
<wsdlsoap:address
location="http://localhost:8080/axis/services/Address"/>
</wsdl:port>
</wsdl:service>
Figure 3-9 Service and port definition in our WSDL document example
WSDL bindings
We now investigate the WSDL extensibility elements supporting SOAP, HTTP,
and MIME transport bindings. Other bindings such as EJB, JMS, and plain Java
are available as well.
soapAction="uri" URN
(0 or 1)
Note that the WSDL specification deals with encoding only. The mappings to be
used for a specific type under a certain encoding are beyond the scope of this
book. They are part of the SOAP client and server runtime configuration (client
API and deployment descriptor, respectively).
HTTP binding
WSDL includes a binding for HTTP 1.1 GET and POST verbs to describe the
interaction between a Web browser and a Web application. This allows
applications other than Web browsers to interact with the application (its
controller servlets, for example).
<http:address Extends the port definition and contains the base URL
location="uri"/>
<http:urlEncoded/> Message parts are encoded into the HTTP request URI
using the standard URI-encoding rules
<http:urlReplacement/> Message parts are encoded into the HTTP request URI
using a replacement algorithm
MIME extension elements might have to be used as well (see the next section).
MIME binding
The response message of a Web service might be formatted according to the
MIME format multipart/related, returning mixed content, such as images and
text documents. WSDL provides support for describing such messages.
Table 3-4 lists the extensions that are available to describe a Web service that
can be accessed via MIME.
WSDL API
There is a WSDL Java API called WSDL4J, exposing the WSDL object model. Its
capabilities include the parsing of the contents of a WSDL document and
programmatic creation of new WSDL documents. Note that it is always possible
to use XML parsers or XSL transformations. Currently, WSDL4J is an
open-source project available on the IBM developerWorks Web site (and also
pointed to from the Axis Web site):
http://www.ibm.com/developerworks/projects/wsdl4j/
Figure 3-10 is an example in which we provide a function to obtain all the port
addresses available for a specific SOAP binding in a specified WSDL document.
These addresses are returned in a vector element of strings with the URL
locations. This code is used in Chapter 17, “WebSphere Web Services
Technology Preview” on page 317 for the Web services client development.
Basic tool support for WSDL is already available, as covered in Part 2, “Web
services implementation and samples” on page 157.
Summary
This introduction has shown the power of WSDL. WSDL provides an abstract
part that is language and protocol independent, as well as bindings for the
runtime protocols used in the service-oriented architecture (SOA).
This chapter has also shown that even a simple Web service definition has to
cover many interrelated aspects yielding a rather complex specification file.
More information
As of today, few WSDL tutorials or other supporting information are available. As
WSDL becomes more widespread, this will change.
The best sources for more information are the IBM Web Services Toolkit (WSTK)
and the WSDL 1.1 specification. WSDL 1.1 is contained in the IBM WSTK and
can also be found at:
http://www.w3.org/TR/wsdl
In fact, UDDI is a search engine for application clients rather than human beings;
however, many implementations provide a browser interface for human users.
Dynamic Web services describe the fact that at design and development time the
client does not know the explicit server and business entity where it will invoke a
service. The client only knows an interface to call, and finds out one or more
concrete providers for that kind of service through exploring UDDI registries at
runtime.
The data to be stored can be divided into six types of information that build up the
data model of the registry:
Business entity—The list of business entities is similar to the white and
yellow pages. A business entity describes a company or organization. Those
entities provide information such as business name, contacts, descriptions,
identifiers, and categorization.
Business service—This is non-technical information about a service that is
provided. A business service is a descriptive container used to group a set of
Web services related to a business process or group of services. Also,
categorization is available on this level. A business service maps to a WSDL
service.
Binding template—This contains service access information. These are the
technical Web service descriptions relevant for application developers who
want to find and invoke a Web service. In many cases a binding template
points to an implementation address (for example, a URL) and maps to a
WSDL port. This entity is sometimes also called an access locator.
tModel—A tModel (technical model) is a technical fingerprint holding
metadata about type specifications as well as categorization information. Its
attributes are key, name, optional description, and URL. The simplest tModel
contains some text characterizing a service.
One type of tModel is sometimes referred to as a service type. In this case,
the tModel points to a service description document (for example, through a
URL). The type specification itself, which can be a WSDL document or any
other formal specification, is not part of the UDDI model.
Taxonomy—A taxonomy is a scheme for categorization. There is a set of
standard taxonomies, such as the North American Industry Classification
Figure 4-1 displays this data model with the entities introduced above. It also
shows their relationships and the link to the WSDL documents.
Business Taxonomy
Service (Categorization)
1
n
Binding n m tModel
1
Template find (ServiceType)
1 n
0..1 0..1
The business entity tops the containment hierarchy, containing one or more
business service entities. Those services in turn contain binding template
entities. The tModel instances (service types) are not contained by the business
entity, but referenced by the binding template entities.
A binding template points to an access point URL where the service can be
invoked. This is a common use of the binding template, but not required. The
binding template could point to a phone number as a contact point.
Businesses and services and tModels can contain zero to many references to
taxonomy entries to categorize their content.
There is an m:n relationship between the binding template and the tModel. Keep
in mind that a tModel is just a technical fingerprint containing quite abstract
metadata. Even if a service points to several tModels, it does not necessarily
have to implement multiple interfaces on a technical level.
The UDDI data model is designed to be flexible. Hence, there can be more than
one technical description for one service (a formal specification and a supporting
tutorial, for example). Vice versa, one tModel can be used to describe several
similar business services.
The possibility for the requestor to dynamically bind to a provided service through
a given tModel is a real benefit of the Web service architecture.
UDDI Registry
3
Services, Client applications
Business WSDL
bindings, WSDL
WSDL invoke remote
entities WSDL
tModels services using
WSDL information
2
Human users and Human users and
client applications client applications
search for search for
business entities services
Publishing information
There are the six types of information that can be published to UDDI registries:
Business entity information
Business service information
Binding templates
tModels
Taxonomy information
Publisher assertions (business relationships)
Finding information
After business entities have published their entity descriptions and services,
clients (service requestors) might try to find this information.
Important: The UDDI Version 2 API is not fully backward compatible to UDDI
Version 1; some programs accessing a UDDI registry may not run correctly.
The feature called service projection allows one business entity to reference a
service that another (related) business entity offers. So it is possible to define a
service that is offered by, for example, more than one department of a large
company. The creator of a projected service is not allowed to alter anything in
that service, but to the service requestor it looks as if the service is owned by that
business entity.
In Version 2 there is the possibility for companies to specify their own external
taxonomy, which is not checked internally by the UDDI server. The provider of the
taxonomy must also offer a standardized Web service to validate values against.
Enhanced inquiry
The inquiry API allows the dynamic exploration of the UDDI registry, especially
the search for services. This API was extended to support more powerful
features dealing with more complex query requirements.
Combining categories
The combineCategoryBags qualifier allows you to group all of the taxonomy data
associated with a business and all of its contained services (including any
service projections) into a single collection that the search is performed against.
This is useful because it reduces the steps in finding a business of interest by
looking in both the business and its constituent services at the same time. So you
could, for example, in one step look up services that are categorized both as
Construction, as per NAICS, and contain a geographic locator such as AT, stating
that it is an Austrian company.
Internationalization features
Services and entities can now have language-dependent names. There must be
at least one name in any language, but you can also provide different translations
for both entities and your services.
Peer-based replication
As the number of UDDI registries increases, a simple file-based replication
scheme is not appropriate anymore. The new peer-based replication features do
not require that each UDDI registry has to communicate with all the others for
replicating the information.
Table 4-1 specifies three URLs for each registry. The first is the URL for the Web
client that can be used by humans for exploring and publishing any information.
Typically you have unlimited access reading information and need some sort of
registration for publishing information.
Beside the Web client URL, you also find URLs for API access using a UDDI API
implementation, such as UDDI4J as described in “Java API for dynamic UDDI
interactions” on page 76. There are always two different URLs for inquiry
(reading information) and publishing (writing information). The latter one is using
HTTPS as a secure connection to ensure that the publishing information is not
corrupted or altered.
Publish https://uddi.ibm.com/ubr/publishapi
Publish https://uddi.ibm.com/testregistry/publishapi
Publish https://uddi.microsoft.com/publish
Publish https://test.uddi.microsoft.com/publish
Publish https://uddi.sap.com/uddi/api/publish
Publish https://udditest.sap.com/UDDI/api/publish
Publish https://www.uddi.ne.jp/ubr/publishapi
In general, all of the UDDI registry nodes have the same functionality, although
there are significant differences in user interface and usability. Functions that are
typically performed by users are:
Find businesses, services, and tModels
– By name
When accessing the site using http://uddi.ibm.com, you reach a page with
several links to articles regarding UDDI. You can choose between the business
registry and the test registry using the linked images on the right. After you have
chosen the UDDI registry, you will find the tasks on the left-side menu, for
example, Find and Register.
Finding information
If you want to find published UDDI information, you can choose between a set of
finders, depending on what you are searching on, as shown in Figure 4-3. The
simple approach is just to specify the type of entry you are looking for and a
string that is contained in the name of that entry.
After you have successfully submitted a search query, you can navigate through
the results, such as displaying services that were published by a specific
business, or showing services that implement a certain tModel specification, and
so on.
Note: The UDDI registry does not contain only Web services. For example,
IBM also publishes other services, such as phone numbers and URLs for Web
sites, where to order IBM products, and e-mail addresses.
Once you have identified a Web service you want to use, you can follow the
tModel link to download the WSDL file. This WSDL file includes all the necessary
interface descriptions that can be used by such tools as WebSphere Studio
Application Developer to develop client applications that call the Web service
statically. The binding template link provides the URL where you invoke the Web
service.
After you have selected the desired registry and have successfully logged in, you
will find an additional menu item on the left side called Publish. By clicking that,
you reach a window with all the items that you ever published into the registry
using this user name.
The typical order in which you publish your information is the following:
1. Define a business
Describe your company or organization, and optionally assign some
categorizations, describe your business domain, and add relationships to
other business entities.
2. Define tModel(s)
Define technical models, referencing WSDL files for Web services or simpler
tModels such as mailto or ftp. Note that a tModel does not always reference a
WSDL file on a provider’s site. tModels contain a unique key, a description,
and classification locators. If a business provides public access to a WSDL
file, it makes sense to specify that URL in the tModel description.
3. Define services and bindings
Finally define your services. They consist of a name, key, and some
descriptive information. You also immediately provide the binding information,
which in general is composed of an access point, where the service can be
activated, and binding details such as the protocols used to connect (for
example SOAP over HTTP). You also have to reference one or more tModels
to describe your interface.
The path through the different steps is quite straightforward and not described in
more detail here. There is only one interesting fact to point out:
When looking at the publishing window, you will immediately find your
business entities, relationships and tModels, including all the links to create
new ones. But you do not initially see the business services. This is because
a service (other than tModels) can only exist for a specific business entity. So
you have to first expand one business entry to see the definitions and links
regarding services (Figure 4-5).
When you have finished defining your entities, services and tModels, your
publishing window looks like Figure 4-6.
There are many implementations of that API. For example, Microsoft provides a
UDDI SDK that is a collection of client development components, sample code,
and reference documentation that enables developers to interact
programmatically with UDDI-compliant servers. This is available for Visual Studio
.NET and separately for Visual Studio 6.0 or any other COM-based development
environment.
Such companies as IBM, HP, and SAP officially support the UDDI4J
implementation, which we discuss in the following section.
UDDI4J overview
UDDI4J is a Java class library that provides an API that can be used to interact
with a UDDI registry. This class library generates and parses messages sent to
and received from a UDDI server.
Important packages
org.uddi4j.datatype
This package contains classes used to send or receive UDDI information.
org.uddi4j.request
This package contains messages sent to the server. These classes are
typically not used directly; rather the UDDIProxy class uses these classes.
org.uddi4j.response
This package represents response messages from a UDDI server.
If you not only want to explore a UDDI server but also want to publish
information, you need to activate the HTTPS transport protocol by adding an
implementation of JSSE to your class path. Refer to the documentation on the
UDDI4J Web site for detailed information.
Finding information
Once you have created a proxy object, you can easily find any kind of
information, such as business entities, services, bindings, or tModels.
Parameters:
names—A vector of names. You can use the % character as a wildcard.
discoveryURLs—This is a list of URLs to be matched against the data
associated with the discoveryURLs contents of registered business entity
information. The returned BusinessList contains BusinessInfo structures
matching any of the URLs passed (logical OR).
identifierBag—This is a list of business identifier references. The result
contains businesses matching any of the identifiers passed (logical OR).
categoryBag—This is a list of category references. The result contains
businesses matching all of the categories passed (logical AND).
tModelBag—The registered business entity data contains binding templates
that in turn contain specific tModel references. The tModelBag argument lets
you search for businesses that have bindings that are compatible with a
specific tModel pattern. The result contains businesses matching all of the
tModel keys passed (logical AND). tModel key values must be formatted as
URN qualified UUID values prefixed with "uuid:".
findQualifiers—Can be used to alter the default behavior of search
functionality.
maxRows—Allows the requesting program to limit the number of results
returned.
Parameters:
businessKey—This optional uuid_key is used to specify a particular business
entity instance. This argument may be used to specify an existing business
entity in the registry or may be specified as "" (empty string) to indicate that all
business entities are to be searched.
names—This optional vector of names represents one or more partial names
A wildcard character % may be used to signify any number of any characters.
Up to five name values may be specified. If multiple name values are passed,
the match occurs on a logical OR basis within any names supplied.
categoryBag—This is a list of category references. The returned ServiceList
contains BusinessService structures matching all of the categories passed
(logical AND by default).
tModelBag—This is a list of tModel uuid_key values that represent the
technical fingerprint of a BindingTemplate structure to find. If more than one
tModel key is specified in this structure, only BusinessService structures that
contain BindingTemplate structures with fingerprint information that matches
all of the tModel keys specified will be returned (logical AND only).
findQualifiers—Used to alter the default behavior of search functionality.
maxRows—Allows the requesting program to limit the number of results
returned.
Finding tModels
To find tModels, use the find_tModel method. This method is for locating a list of
tModel entries that match a set of specific criteria. The response will be a list of
abbreviated information about tModels that match the criteria (tModelList).
Parameters:
name—This string value represents a partial name. Because tModel data only
has a single name, only a single name may be passed. A wildcard character
% may be used. The returned tModelList contains tModelInfo elements for
tModels whose name matches the value passed.
categoryBag—This is a list of category references. The result contains
tModels matching all of the categories passed (logical AND by default).
FindQualifiers can be used to alter this logical AND behavior.
identifierBag—This is a list of business identifier references. The result
contains tModels matching any of the identifiers passed (logical OR).
findQualifiers—Used to alter the default behavior of search functionality.
maxRows—Allows the requesting program to limit the number of results
returned.
The three methods enable you to explore businesses, services, and tModels. As
a typical dynamic client, you are not really interested in the name of a business
or a service, but much more in the binding templates that tell you where you can
access a service. A typical scenario would be to search for a binding using a
tModel key, extract the access point, and invoke a service at that URL.
Finding bindings
You can find bindings using the find_binding method:
BindingDetail UDDIProxy.find_binding(
FindQualifiers findQualifiers,
java.lang.String serviceKey,
TModelBag tModelBag,
int maxRows)
Parameters:
findQualifiers—This collection can be used to alter the default behavior of
search functionality.
In all the find methods described above, you can set a parameter maxRows to
define the maximum number of results. There you can also specify 0 in order not
to limit the result. Keep in mind that, in the event of a large number of matches,
an operator site may truncate the result set. If this occurs, the response message
will contain the truncated attribute set to true.
Publishing information
If you want to register some information on a UDDI server, you have to use the
authorization token obtained when creating the proxy. Figure 4-8 shows how to
publish a business entity. This example only fills the required name field. Of
course in real scenarios you might also consider adding categorization
information and descriptions.
The BusinessDetail object returned by the save method holds the unique
identifiers (UUID) that were given to the new entities by the UDDI registry.
For more details and examples, refer to the UDDI4J documentation and to
several articles published at the library section of the developerWorks site:
http://www.ibm.com/developerworks
But in fact there are other usage scenarios that seem to gain even more
importance than the public registry, namely totally or partly private UDDI
registries. There are a number of possible requirements that encourage
companies and organizations to establish those UDDI registries outside the
cloud.
Internal registry
A company or organization might want to consider a totally private registry, which
resides inside the firewall and can only be accessed from inside the intranet,
both programmatically and Web-based.
This scenario helps large organizations to provide internal services for other
departments and divisions. It is very easy to mandate guidelines and restrictions,
because no other company interacts with your registry.
Another advantage would be to restrict the usage to some special set of tModels.
In order not to allow every company to publish their own service interfaces, the
organization hosting the registry might want to consider defining standardized
tModels and WSDLs that are supported by this registry.
Using those specialized registries would very much increase the possibility of
automatically discovering and invoking Web services by application clients.
This enables a good compromise between the privacy of a company and the
ability to communicate easily with its partners. All the advantages of private
registries apply, keeping the registry clean and uniform.
Another important point about private registries is that the success rate for
dynamic exploration performed by application clients increases dramatically.
Replication
Hosting a private registry does not necessarily mean that there is no replication
with the business registry. There might be scenarios where it makes sense to do
one-way replication from the private registry into the cloud. Especially in the
e-marketplace scenario, this could make a lot of sense.
Securing APIs
In each case you might consider enabling or disabling the inquiry and publishing
APIs. So, in the partner scenario it could be required that everyone is allowed to
explore the Web services, but nobody should be able to publish a service except
the hosting company itself.
Note that some of the features in the UDDI Version 3 specification are optional
and an implementor can choose not to implement them.
Version 3 of UDDI enables you to copy entries using the same key, because the
key generation feature is extended. The behavior of copying entities is known as
entity promotion. The solution to the problem is that the generation of a key is no
longer the private business of the registry, but a publisher can make a suggestion
for the key, and if it is not already given or other rules apply against that key, the
registry will accept it instead of generating a new one.
These human-friendly keys allow organizations to manage their own key space
using internally established conventions and structures.
Policies
There are many different scenarios in which a UDDI registry can be used:
Public in the internet
Partly public in the extranet
Private inside the intranet
Small ones for development
Stable ones for test areas
Scalable ones for production environments
Subscription API
The new subscription API includes robust support for notification of changes in
the registry. Users can establish a subscription based on a specific query or set
of entities that the user is interested in. This makes it possible to be notified of
new businesses or services that are registered, as well as to monitor existing
businesses or services.
Registry management
To be more independent of the external taxonomy provider’s server availability
and to improve performance, the UDDI registry contains some caching
mechanisms for external taxonomies. Also, replication between UDDI registries
is improved.
There are three major points that are often not considered or misunderstood
when talking about UDDI registries:
In such a registry there are not only Web services with directly accessible
WSDL files published, but also any other kind of service, which cannot be
used programmatically.
Second, there is an increasing need for specialized and partly private
registries that are hosted by standards bodies or industries. In addition,
internal intranet registries without any contact to other business partners or
clients are gaining more and more importance.
When publishing or finding tModels, you never publish or store WSDL
interface files. The tModel is just a logical link to a concrete interface. When a
service references a tModel, you cannot directly find out the real interface.
More information
For more information on UDDI, consult the IBM Web Services Toolkit or the IBM
UDDI Web site at:
http://uddi.ibm.com
Furthermore, WSIF allows late binding, where a new provider and description
are made available at runtime, and the existing client can then utilize the new
implementation.
Having a flexible WSDL description of the service that offers multiple bindings,
you need a framework that allows you to incorporate the service in any way that
the requestor prefers and the provider offers. Thus the following requirements
have to be fulfilled by such a framework:
Provide an API that frees code from the complexities of any particular
protocol used to access a Web service.
Provide a binding-independent mechanism for Web service invocation.
Support dynamic invocation of services by choosing between multiple
bindings to a Web service during runtime.
General concept
The Web service invocation framework (WSIF) is a toolkit that provides all the
features we have identified in the previous discussion:
It provides an API to bind to and invoke any Web service.
J2SE 1.3 dynamic proxy support is used to generate stubs for the invocation.
WSIF supports the stub-less (completely dynamic) invocation of Web
services.
An updated implementation of a binding can be plugged into WSIF at runtime.
The decision of which binding to use need only be made at runtime.
WSIF provides a WSDL-driven API to invoke Web services.
WSIF enables easy encapsulation of back-end systems connected through
the J2EE Connector Architecture (JCA) as Web services.
Provider class
A WSIFProvider is an implementation of a WSDL binding. It can run a WSDL
operation through a protocol that depends on a specific binding. WSIF providers
implement the bridge between the WSIF API and the actual implementation of a
service.
WSIF providers are currently available for SOAP over HTTP, SOAP over JMS,
Java, EJB, and native JMS. New providers can easily be added to the WSIF
framework.
The SOAP provider allows WSIF stubs and dynamic clients to invoke SOAP
services.
JMS is a messaging technology. The mapping to a JMS destination is defined
during deployment and maintained by the container.
The WSIF Java provider allows WSIF to invoke Java classes and JavaBeans.
Local Java code running on a JVM can be incorporated easily.
The EJB provider allows WSIF clients to invoke Enterprise JavaBeans. The
EJB client JAR must be available in the client runtime with the current
provider.
Operation class
The WSIFOperation is the runtime representation of an operation. Based on a
specific binding, it invokes the corresponding service.
Service
The task of WSIFService is to generate an instance of WSIFOperation that is used
for a specific invocation of a service operation.
WSDL documents
The WSDL document specifies the location of the Web service, possible binding
protocols and formats for operations and messages. Figure 5-1 shows a
fragment of a WSDL document for a fictious service. This fragment offers not just
that SOAP binding, but also a Java binding, and ports for both bindings.
More concepts
WSIFPort—The task of this class is to perform the actual invocation,
depending on a given binding. For instance, a WSIFSOAPPort has been
designed to use the SOAP binding as it is specified in the WSDL.
WSIFMessage—In WSDL, messages are composed of named parts tied to
some type system, normally an XML schema. To invoke such services, this
Interaction flow
Figure 5-2 shows the main components of WSIF and their interaction. A Web
service is invoked through the following steps:
1. A WSDL document is loaded.
2. A WSIF service is generated.
3. The new WSIFService is used to get the operation.
4. The message is created.
5. The service is invoked by supplying the port with the name of the operation to
be invoked, along with an input and/or output message as required by the
operation.
WSDL
document
1
2 3
WSIF WSIF WSIF Service
service service operation
factory
4
5 WSIF
provider
For stub invocations, WSIF uses Java's dynamic proxy mechanism. The dynamic
proxy must be supplied with a Java interface reflecting the port type that is
invoked. The Java interface corresponding to a WSDL port type is defined by
JAX-RPC, a J2EE standard. Thus, WSIF can be used to invoke services through
the standard stub interface defined by JAX-RPC.
WSIFService sq = WSIFServiceFactory.newInstance()
.getService("http://my.com/forecast.wsdl",null,null,null,null);
WSIFPort defPort = sq.getPort();
WSIFOperation getQ = defPort.createOperation("getTemperature");
WSIFMessage inMessage = getQ.createInputMessage();
inMessage.setStringPart("symbol", "Saarbruecken");
...
getQ.executeRequestResponse(inMessage, outMsg, fltMsg);
outMessage.getFloatPart("value");
WSIFService sq = WSIFServiceFactory.newInstance()
.getService("http://my.com/forecast.wsdl",null,null,null,null);
MyService mySvcStub = sq.getStub("soap", MyService.class);
mySvcStub.myMethod();
WSIF uses the J2SE 1.3 dynamic proxy support that generates a client stub for
each port type depending on the given WSDL document. To use the generated
stubs, applications use the abstract service interface. Therefore, they are more
isolated from the protocol and the WSIF client API.
A major advantage of the stub architecture is that the same stub can be used,
while the managed environment may change in the plumbing without having to
recompile anything. Furthermore, the stub-based model allows using the normal
programming model to call business methods on Web services.
In large projects, the technique of rapid prototyping is often used, where the first
system has limited functionality, but can already serve as a proof of concept.
Later, the prototype can be continuously enhanced. Web services in such a
project will also be continuously redeveloped and possibly redeployed. If WSIF is
used, the same API calls are used; however the underlying technologies differ.
Still, client code does not have to be rewritten.
Furthermore, WSIF development can be done remotely, but system test and
maintenance is done in-house. Using WSIF, the same API can be used for
development, testing, and maintenance.
Current status
WSIF was initially released on the alphaWorks Web site
(http://www.alphaworks.ibm.com) in October 2001. WSIF is now an Apache
open-source project and is supported by the open-source community. For links
see “More information” on page 99.
WSIF has not been standardized so far. Enhancement of the Apache WSIF
project is continuing in 2003. It is practical to employ a standard API to access
Web services as well as back-end legacy applications through WSDL and WSIF.
Therefore, it will be used in IBM products wherever appropriate, mostly as a
behind-the-scenes middleware piece.
At the time this book was written (November 2002), the first Apache WSIF
release candidate was being worked on. The first release became available in
January 2003, including documentation of the WSIF Java and EJB bindings. The
WSIF documentation is being compiled with descriptions of the WSIF Java and
EJB bindings.
Future versions
Besides the first Apache release, there are some other areas of further
development on WSIF. A mechanism is envisaged to separate the transport from
message formatting. Furthermore, some work has been done to implement an
abstract tree representation of the data in a message. Also, there will be support
for better providers for the many types of transports and object systems that
exist. Finally, implementations of WSIF in C or C++ are considered.
More information
The developerWorks Web site provides updated information on many activities
concerning Web services, including WSIF:
http://www.ibm.com/developerworks/webservices/
Between these two extremes, there is a need for a distributed service discovery
method that provides references to service descriptions at the service provider's
point-of-offering. The Web services inspection language provides this type of
distributed discovery method by specifying how to inspect a Web site for
available Web services. The WS-Inspection specification defines the locations on
a Web site where you may find Web service descriptions.
find
WS-Inspection Service
Document
Service Service
WS-Inspection
Provider Requestor
Document http://itso.com/inspection.wsil
Web Services
Service
Description
WS-Inspection document
The most important objectives of the inspection language are simplicity and
extensibility. A WS-Inspection document is an aggregation of pointers to service
description documents. Examples of service description are WSDL files, UDDI
entries, or simple plain text, for example an HTML page. The WS-Inspection
document is usually available at the point-of-offering (service provider) and
allows the consumer to pick and choose from the available service descriptions
using the access method that is most useful.
WS-Inspection
Document
1
inspection
If links = 0 If services = 0
then services > 0 1 then links> 0
n n n
1 1
n n n n
The containment relationship shown in the diagram directly maps to the XML
schema for WS-Inspection.
As an exercise, you can try identifying the different elements in Figure 6-2 while
examining this example.
<?xml version="1.0"?>
<inspection xmlns="http://schemas.xmlsoap.org/ws/2001/10/inspection/"
<service>
<abstract>A simple service with two descriptions</abstract>
<description referencedNamespace="http://schemas.xmlsoap.org/wsdl/"
location="http://itso.com/train.wsdl"/>
<description referencedNamespace="urn:uddi-org:api_v2">
<wsiluddi:serviceDescription
location="http://itso.com/uddi/inquiryapi">
<wsiluddi:serviceKey>
4FA23580-5C39-14D5-9FCF-BB3200303F79
</wsiluddi:serviceKey>
</wsiluddi:serviceDescription>
</description>
</service>
<service>
<description referencedNamespace="http://schemas.xmlsoap.org/wsdl/"
location="ftp://itso.com/tools/plane.wsdl"/>
</service>
<link
referencedNamespace="http://schemas.xmlsoap.org/ws/2001/10/inspection/"
location="http://itso.com/others/moreservices.wsil"/>
</inspection>
Namespaces
The namespaces used in a WS-Inspection document are shown in Table 6-1.
Table 6-1 WS-Inspection namespaces
Prefix Namespace URI Definition
The information can be extracted either straight from the source of information,
WS-Inspection, or from a third-party UDDI registry. The two possibilities have
some characteristic features.
WS-Inspection
Retrieving the information directly from the source increases the possibilities
of obtaining accurate information.
The use of a distributed model allows the service descriptions to be stored at
any location.
They are very lightweight, easy to create, and easy to maintain.
They allow the provider to present its services in a proactive fashion.
They do not stipulate any particular format for the service and rely on other
standards, including UDDI.
They do not provide a rich mechanism to execute any focus discovery.
Both systems address different sets of issues in the discovery problem space.
Whereas the UDDI provides a high degree of functionality, the WS-Inspection
document adopts it at a lower level. Therefore, both specifications should be
understood as complementary technologies to be used either together or
separately, depending upon the situation.
WS-Inspection definition
The WS-Inspection definition contains a detailed explanation of the core
elements of the WS-Inspection language. The document contains an inspection
element at the root, and references to individual service descriptions or links as
descendants. The grammar of a WS-Inspection document is as follows:
<wsil:inspection>
<wsil:abstract xml:lang=""(0 or 1)... /> (0 or more)
<wsil:service> (0 or more)
<wsil:abstract xml:lang=""(0 or 1) ... /> (0 or more)
<wsil:name xml:lang=""(0 or 1) ... /> (0 or more)
<wsil:description referencedNamespace="uri" location="uri"(0 or 1)>
(0 or more)
<wsil:abstract xml:lang=""(0 or 1) ... /> (0 or more)
<-- extensibility element --> (0 or 1)
</wsil:description>
</wsil:service>
<wsil:link referencedNamespace="uri" location="uri"(0 or 1)/>
(0 or more)
<wsil:abstract xml:lang=""(0 or 1) ... /> (0 or more)
<-- extensibility element --> (0 or more)
</wsil:link>
</wsil:inspection>
Services
The service element provides the mechanisms to include a collection of
description references for services. An inspection element may contain any
number of service elements within it. Each service element may have one or
more abstract elements and one or more name elements, and must have at least
one description element, but may have more.
Service name
The name is used to associate the service with a particular name. The reason for
this element is only for human consumption as the abstract element. In the same
way used in the abstract element, an optional element xml:lang can be used to
specify the language in which the name has been written.
In our example, the service definition is shown in Figure 6-4, where we specify
two services, the first one about trains and the second one about planes.
Links
The link element allows WS-Inspection documents to reference additional
aggregations of service descriptions, such as other WS-Inspection documents or
UDDI repositories. Therefore, we can create a hierarchy of documents (see
Figure 6-1 on page 103).
The link element helps service providers to create inspection documents with a
large number of services elements pointing to the same location in the
In our example the link definition, shown in Figure 6-5, is where we specify one
link to another WS-Inspection document providing the namespace
http://schemas.xmlsoap.org/ws/2001/10/inspection/ and the location of the
document http://itso.com/others/moreservices.wsil.
<link
referencedNamespace="http://schemas.xmlsoap.org/ws/2001/10/inspection/"
location="http://itso.com/others/moreservices.wsil"/>
WS-Inspection bindings
We now introduce the characteristics of the extension elements related to the
different bindings.
WSDL binding
The WS-Inspection language includes a binding for WSDL 1.1 providing the
following capabilities:
Indication of the type(s) of WSDL bindings that appear in the referenced
WSDL document
Specification of which WSDL service is being referenced if several services
exist within the same document
Indication of whether or not a particular referenced WSDL document provided
endpoint information
The use of the WSDL binding is optional if the referenced WSDL document has
one service element or none. In these cases, a reference to a WSDL document
may be made with only one description element. In cases where the WSDL
document has more than one service, the binding must be used to indicate which
service element is being referenced.
<inspection
xmlns:wsilwsdl="http://schemas.xmlsoap.org/ws/2001/10/inspection/wsdl/ ...>
<service ...>
<description referencedNamespace="http://schemas.xmlsoap.org/wsdl/"
location="uri">
<wsilwsdl:reference endpointPresent="boolean"(0 or 1)>
<wsilwsdl:referencedService>
QName
</wsilwsdl:referencedService> (0 or 1)
<wsilwsdl:implementedBinding>
QName
</wsilwsdl:implementedBinding> (0 or more)
</wsilwsdl:reference>
</description>
</service>
</inspection>
The extension elements included in the link can only reference a UDDI business
entity. Meanwhile, the extension elements included in the description may only
reference a single UDDI business service.
The grammar for the binding extension elements is shown in Figure 6-7 and the
description of its element in Table 6-3.
<inspection
(xmlns:wsiluddi://schemas.xmlsoap.org/ws/2001/10/inspection/uddi/ |
xmlns:wsiluddi://schemas.xmlsoap.org/ws/2001/10/inspection/uddiv2/) ... >
<service ... >
<description ... >
<wsiluddi:serviceDescription location="uri"> (0 or 1)
<wsiluddi:discoveryURL useType="nmtoken"> (0 or 1)
<wsiluddi:serviceKey> (0 or 1)
</wsiluddi:serviceDescription>
</description>
</service>
<link ... >
<wsiluddi:businessDescription location="uri"(0 or 1)>
<wsiluddi:discoveryURL useType="nmtoken"> (0 or 1)
<wsiluddi:businessKey> (0 or 1)
</wsiluddi:businessDescription>
</link>
</inspection>
<?xml version="1.0"?>
<inspection
targetNamespace="http://schemas.xmlsoap.org/ws/2001/10/inspection/"
xmlns:wsiluddi="http://schemas.xmlsoap.org/ws/2001/10/inspection/uddi/"
xmlns:wsilwsdl="http://schemas.xmlsoap.org/ws/2001/10/inspection/wsdl/"
xmlns="http://schemas.xmlsoap.org/ws/2001/10/inspection/">
<service>
<abstract>The Flash Weather forecast service description</abstract>
<name xml:lang="en-US">ITSO WS Flash Weather Service</name>
<description referencedNamespace="http://schemas.xmlsoap.org/wsdl/"
location="http://www.flashandthunder.com/ItsoFlashWeb/wsdl/
itso/wsoj/WeatherForecastService.wsdl">
<wsilwsdl:reference endpointPresent="true">
<wsilwsdl:implementedBinding xmlns:binding=
"http://wsoj.itso.wsdl/weatherforecastbinding">
binding:WeatherForecastBinding
</wsilwsdl:implementedBinding>
</wsilwsdl:reference>
</description>
</service>
<service>
<abstract>The Thunder Weather forecast service description</abstract>
<name xml:lang="en-US">ITSO WS Thunder Weather Service</name>
<description referencedNamespace="http://schemas.xmlsoap.org/wsdl/"
location="http://www.flashandthunder.com/ItsoThunderWeb/wsdl/
itso/wsoj/WeatherForecastService.wsdl">
......
</description>
</service>
</inspection>
In this example the WSIL document refers to two services by pointing to the
WSDL files on two provider servers using URLs.
......
<service>
<name xml:lang="en-US">ITSO WS Thunder Weather Service</name>
<description referencedNamespace="urn:uddi-org:api_v2">
<wsiluddi:serviceDescription location=
"http://uddi.ibm.com/testregistry/inquiryapi">
<wsiluddi:serviceKey>F3362720-0C6D-11D7-AB70-000629DC0A53
</wsiluddi:serviceKey>
<wsiluddi:discoveryURL useType="businessEntity">
http://uddi.ibm.com/testregistry/inquiryapi
?businessKey=F5082FA0-0BCB-11D7-AB70-000629DC0A53
</wsiluddi:discoveryURL>
</wsiluddi:serviceDescription>
</description>
</service>
<link referencedNamespace="urn:uddi-org:api_v2">
<wsiluddi:businessDescription
location="http://uddi.ibm.com/testregistry/inquiryapi">
<wsiluddi:businessKey>F5082FA0-0BCB-11D7-AB70-000629DC0A53
</wsiluddi:businessKey>
<wsiluddi:discoveryURL useType="businessEntity">
http://uddi.ibm.com/testregistry/inquiryapi
?businessKey=F5082FA0-0BCB-11D7-AB70-000629DC0A53
</wsiluddi:discoveryURL>
</wsiluddi:businessDescription>
</link>
......
In this example the <service> tag points to a single business service in the UDDI
registry, whereas the <link> tag points to a business entity. The location
attribute points to the address and API of the registry that is accessed.
Note that both entries are over-specified: the discoveryURL is optional in the
<service> tag, and only the discoveryURL or the businesskey are required in the
<link> tag.
Figure 6-10 contains an example of how to use this API. In this sample code, a
WS-Inspection document is read and the service elements are searched for
references to WSDL service descriptions. When a WSDL service description is
found, its location is saved in a list.
...
// Create a new instance of a WS-Inspection document
WSILDocument document = WSILDocument.newInstance();
// Read and parse the WS-Inspection document
document.read(wsinspectionURL);
// Get the inspection element from the document
Inspection inspection = document.getInspection();
// Obtain a list of all service elements
Service[] services = inspection.getServices();
// Process each service element to find all WSDL document references
for (int serviceCount = 0; serviceCount < services.length; serviceCount++) {
// Get the next set of description elements
descriptions = services[serviceCount].getDescriptions();
// Process each description to find the WSDL references
for (int descCount = 0; descCount < descriptions.length; descCount++) {
//If the referenced is WSDL, then save the location reference
if(descriptions[descCount].
getReferencedNamespace().equals(WSDLConstants.NS_URI_WSDL)) {
// Add WSDL location to the list
wsdlList.add(descriptions[descCount].getLocation());
}
}
...
Consequently, and based on the current and future applications of the Web
services inspection language, the WS-Inspection documents will play a
fundamental role in the overall development of the Web services technology.
Summary
In this chapter we have described the Web services inspection language and
how this specification provides a simple method to discover any type of Web
service description document. We analyzed its grammar and how these
WS-Inspection documents can be found. We also saw that this technology does
not try to replace present technologies regarding service discovery, but is a
complementary discovery method that can be integrated to work together with
UDDI repositories, for example.
Finally, we briefly reviewed the ways that the open-source WSIL4J API can
facilitate the reading, parsing, and generation of WS-Inspection documents.
More information
At present, this technology is not widespread and real examples may be found in
no more than a few documents.
The best sources for more information are the IBM Web Services Toolkit (WSTK)
and the Web services inspection language (WS-Inspection) 1.0 specification that
can be found at:
http://www.ibm.com/developerworks/webservices/library/ws-wsilspec.html
A WSFL flow model defines the structure of the business process. Activities
describe the processing steps, and data and control links represent the
sequencing rules and information flows between these activities. For each
activity, they would identify the WSFL service provider responsible for the
execution of the process step and define the association between activities in the
flow model and operations offered by the service provider using WSFL export
and plug link elements.
Activity
An activity is one atomic step in a workflow. This can be a simple Java method,
an EJB call, the invocation of another Web services, or even a complex business
process itself.
Business process
A business process is any collection of activities that when combined accomplish
a given business objective. For example, processing a credit card number, hiring
a new employee, and submitting a patent are all examples of business
processes.
Recursive composition
Recursive composition is the possibility that once you have defined both the
global and flow models for a given business process, it is then possible to define
the whole business process as a single Web service that may be used by other
business processes. In other words, you can recursively compose business
processes within existing business processes. This provides a great deal of
flexibility and fine granularity in the models that you define.
Service provider
A service provider is the party responsible for performing a particular activity
within a business process. In WSFL, every activity is a Web service. Therefore,
every service provider is a Web service provider. To maintain a clear separation
between the definition of the business process and its implementation, WSFL's
flow and global models define each activity as being implemented by specific
types of service providers rather than by the specific service providers
themselves.
The service provider type is defined by a Web service interface document using
WSDL. Service providers must properly implement the appropriate Web service
interface in order to be classified as the appropriate type of service provider to
handle a particular activity in the business process.
Control link
A control link is a connection between two activities. It is the mechanism by
which the workflow processor walks through each of the activities in the business
process.
Transition condition
As a business process is being run, the workflow processor must be able to
recognize when a particular activity is finished and when the next activity can be
determined and invoked. A transition condition is a true or false statement that
the processor may use to determine the current state of any particular activity.
Sample WSFL
The essential entities are the activities and control links. Figure 7-1 shows how
they are specified in WSFL.
<activity name="getDayForecast">
<performedBy serviceProvider="MyWeatherGuru"/>
<implement>
<export>
<target portType="WeatherForecast" operation="getDayForecast"/>
</export>
</implement>
</activity>
<activity name="convertCelsiusToFahrenheit">
<performedBy serviceProvider="MyMathGuru"/>
<implement>
<export>
<target portType="TemperatureCalculator"
operation="convertCelsiusToFahrenheit"/>
</export>
</implement>
</activity>
This markup language is based on WSFL, but also introduces some extensions.
Read Chapter 14, “Application Developer Integration Edition” on page 241 for
further information on how to develop workflow and business processes using
the IBM tools.
For a more detailed description of the process elements, see “Business process”
on page 247.
Integration Edition stores the process flow in an FDML file. Extracts of the FDML
file are described in “Flow definition markup language” on page 268.
BPEL4WS allows specifying business processes and how they relate to Web
services. This includes specifying how a business process makes use of Web
services to achieve its goal, as well as specifying Web services that are provided
by a business process. Business processes specified in BPEL are fully
executable and portable between BPEL-conforming environments. A BPEL
business process interoperates with the Web services of its partners, whether or
not these Web services are implemented based on BPEL. Finally, BPEL
supports the specification of business protocols between partners and views on
complex internal business processes.
Containers
The <containers> section defines the data containers used by the process,
providing their definitions in terms of WSDL message types. Containers allow
processes to maintain state data and process history based on messages
exchanged.
Activities
Activities are the actions that are being carried out within a business process. An
important action in a business process is to simply wait for a message to be
received from a partner. This kind of action is specified using a <receive> activity.
It specifies the partner from which the message is to be received, as well as the
port and operation provided by the process and used by the partner to pass the
message. The <reply> activity is used to specify a synchronous response to the
request corresponding to a <receive> activity.
A more powerful mechanism is the usage of a <pick> activity. This kind of activity
specifies a whole set of messages that can be received from the same or
different partners. Whenever one of the specified messages is received, the
<pick> activity is completed, and processing of the business process continues.
Additionally, one may specify that processing should continue if no message is
received in a given time.
Fault handler
The <faultHandlers> section contains fault handlers defining the activities that
must be executed in response to faults resulting from the invocation of the
services. In BPEL4WS, all faults, whether internal or resulting from a service
invocation, are identified by a qualified name. There is a uniform naming model
for faults, in the expectation that future versions of WSDL will provide a better
fault-naming model.
Data containers
Note that information is passed between the different activities in an implicit way
through the sharing of globally visible data containers. This is one of the main
conceptual differences from WSFL, where data links explicitly describe how the
data flows from one point to another.
Usage of BPEL4WS
At the time of publication of this redbook in March 2003, the BPEL4WS
specification was still not a standard, but only a draft and therefore subject to
change. It is included in the Web Services Toolkit and it is possible that future
releases of business process model tools, such as Application Developer
Integration Edition, will use BPEL4WS to internally describe the workflows.
Summary
There are a number of running workflow systems on the market. The current
specifications for XML-based workflow languages are in an early stage and
subject to be consolidated between different tool and runtime providers. The
significant advantage of new XML-based workflow languages is that they support
the usage of Web services in their processes and therefore provide a standard
means of combining the services of different systems, programming languages,
and protocols.
More information
The WSFL specification:
http://www.ibm.com/software/solutions/webservices/pdf/WSFL.pdf
“The Web services insider: Introducing the Web Services Flow Language”:
http://www.ibm.com/developerworks/library/was-ref4
This gateway can be seen as a kind of proxy that acts as an additional layer
between a Web service client and Web service provider. The gateway is useful
for enabling a flexible way to call Web services located in an intranet from the
Internet, as well calling Internet Web services from the intranet. Another function
of the gateway is the possibility for protocol switching and security for Web
Service calls.
Protocol transformation
The service requestor might use one particular communication protocol to invoke
Web services, while partners use some other protocol. Using the Web services
gateway, it is possible to trap the request from the client and transform it to
another messaging protocol. For example, a service provider might have
implemented a service using SOAP/JMS because of the existing infrastructure,
but it should also be possible to offer the service to clients that only understand
SOAP/HTTP.
If you have deployed Web services on a server inside the intranet, you might
want to allow access to clients from outside. You might also consider applying
Web
Services
Gateway
Of course, every client could access external Web services by traditional means,
but if you add the gateway as an additional layer in between, clients do not have
to change anything if the service implementor changes. This scenario is very
similar to the illustration in Figure 8-1, with the difference that the client resides in
the intranet and the Web service implementation is located at a site on the
Internet.
Managing channels
A request for a service may originate in one protocol, but the service may be
invoked in some other protocol by using the transformation function. Let us
consider the case that an internal service is available on SOAP over JMS, but it
should be invoked using SOAP over HTTP. To handle such cases you need to
Managing filters
You can develop and use one or more filters for your Web services, which means
that some specific task is done using the input and/or output messages to and
from your Web service. There are standard filters as well as the possibility of
creating your own. An illustration of filters, especially prefilters that manipulate
requests and postfilters that work on responses, is shown in Figure 8-1 on
page 132. Refer to “Managing filters” on page 133 for more information.
Where host and port are the host name and port number that your HTTP server
is listening on. You should reach a menu that allows you to configure the
gateway and to administer (list, deploy and remove) the artifacts:
Channels
Filters
UDDI references
Web services
Note: If you change your gateway URI, you have to redefine all services. If you
want a Web service to use any channel, filter or UDDI reference, define them
before adding them to the service. However, you may update the list of
channels, filters, and/or UDDI references for a service at any time.
Managing channels
Channels are the entry points to the Web Services Gateway and transport
requests and responses between Web services and the Web Services Gateway.
A request to the Web Services Gateway arrives through a channel, is translated
into a WSIF message, then passed through filters that are registered for the
requested service, and finally forwarded to the actual service implementation.
Before you can use a channel, you must install the channel application in
WebSphere Application Server, then deploy the channel to the Web Services
Gateway.
Two versions of each type of channel are supplied with the gateway, so you can
set up separate channels for inbound and outbound requests. This also provides
a simple mechanism for giving different access rights to users from outside your
organization from the rights you give to users within your organization:
To ensure that users outside your organization can only access those internal
services that you choose to publish externally, you deploy those services on
the inbound channel.
To give users inside your organization access to the full range of internal and
external services, you deploy those services on the outbound channel.
The only channel that is shipped with the gateway is the SOAP channel, as
SOAPChannel 1 and SOAPChannel 2, one for inbound and one for outbound
messages.
Once you have successfully installed your channels (or are satisfied with the
existing ones) you can use them when specifying Web services.
Filters are in fact session beans that reside in a separate enterprise application.
To use a filter for a Web service, do the following steps:
Install the EAR file of the filter application
Deploy that filter to the gateway using the admin tool
Add this filter to the Web service definition in the gateway
When deploying a filter to the gateway, specify a name and a home. This home is
the home interface of the session bean implementing the filter functionality.
The bean class must implement the filter interface and is therefore provided with
callback functions for initialization, destroy, and—more important— intercepting
(filtering) requests and responses. After implementing the bean, you must do the
following:
Install the application on the application server
Deploy the filter to the gateway
Specify the filter as pre- or postfilter in your Web service definition
If you want any Web service to use a UDDI reference, define the reference first.
When specifying the reference, enter the information needed for accessing the
UDDI registry, such as inquiry API, user ID, and password.
Important: Before you start to define any Web service, be sure that you have
correctly set up the gateway definition, which is the first menu item in the
admin portal. Any change to the Namespace URI there will mean that existing
Web services can no longer be found.
When you configure a Web service, you choose the following resources:
The channels on which the service is available
Any filters that apply to the service
Any UDDI references to UDDI registries in which the service is published
Each of these choices is made from a list of resources that have already been
deployed to the Web Services Gateway. So you should deploy your channels,
filters, and UDDI references before you deploy the Web services that use those
resources. However, you can go later update the channels, filters, and UDDI
references for the service if necessary.
Note: When the Web Services Gateway deploys the Web service, it
generates a matching external WSDL file that is made available to
gateway users. This external WSDL file also describes the service, but
is located at a new URL and is generated and maintained by the Web
Services Gateway itself.
– Target service name and namespace—If the Web service WSDL contains
more than one service, type the name and namespace of the target
service.
– Target service identity information—Type the identity by which the target
service is known within the Web Services Gateway. This identity does not
have to be unique. This field is intended to be used within a routing filter to
select a target service by its identity value.
UDDI publication properties—You only need to fill out these fields if you use
UDDI references to automatically publish and update a registry:
– Service provider name
– Service provider description
– tModel
– tModel key name
– tModel key value (for update only)
Channels—Add or remove channels from the list of deployed channels
through which this service is available.
Pre-filters—Add or remove filters from the list of deployed filters that are
applied to the request. Note: The filters are executed in the order shown.
Post-filters—Add or remove filters from the list of deployed filters that are
applied to the response. Note: The filters are executed in the order shown.
UDDI references—Add or remove UDDI references from the list of deployed
UDDI references to UDDI registries in which this service is registered. Note:
After you add or remove UDDI references, the gateway publishes this service
to (or removes it from) the UDDI registries that correspond to the added or
removed references.
Security features
The Web Services Gateway provides a basic authentication and authorization
mechanism based upon the security features of WebSphere Application Server.
Security can be applied at two levels:
Gateway-level authentication
Operation-level authorization
Gateway-level authentication
For gateway-level authentication, you set up a role and realm for the gateway on
WebSphere Application Server’s Web server and servlet container, and define
the user ID and password that is used by the gateway to access the role and
realm. You also modify the gateway’s channel applications so that they only give
access to the gateway to service requestors that supply the correct user ID and
password for that role and realm.
Operation-level authentication
For operation-level authorization, you apply security to individual methods in a
Web service. To do this, you create an enterprise bean with methods matching
the Web service operations. These EJB methods perform no operation and are
just dummy entities for applying security. Existing WebSphere Application Server
authentication mechanisms can be applied to the enterprise bean. Before any
Web service operation is invoked, a call is made to the EJB method. If
authorization is granted, the Web service is invoked.
Implementation details
The gateway was first introduced on the alphaWorks Web site as Version 1.0 in
December 2001 (http://www.alphaworks.ibm.com) and later became part of the
IBM WebSphere Business Connection.
The programming model extensions for writing filters are included in Application
Server Version 5 Enterprise Edition.
Note that the recent version of the gateway is rewritten using EJBs. Therefore, it
is no longer possible to use it on pure Web containers such as Tomcat; rather,
you need a complete J2EE server providing Web and EJB containers.
When installing and configuring the Web Services Gateway be sure to pay
attention to the following tips:
WSDL definitions for target services must use XML Schema Version 2001.
The gateway application (wsgw.ear) must be installed before channel and filter
applications. If the gateway application needs to be reinstalled, all channels
and filters must be uninstalled first, then reinstalled after the gateway
application.
The gateway does not support WSDL service definitions that contain
soap:header elements within their wsdl:definition element.
The gateway also automates the publishing and updating of your services in
UDDI registries and incorporate possibilities to apply security on Web services
and/or its methods.
More information
An introduction to Web Services Gateway:
http://www.ibm.com/developerworks/library/ws-gateway/
WebSphere Business Connection - Web Services Gateway:
http://www.ibm.com/software/integration/busconn/gateway.html
Download the Web Services Gateway:
http://www7b.boulder.ibm.com/wsdd/downloads/wsgw/wsgw.html
In this chapter, we first address the main security requirements. We briefly cover
the transport channel security solutions as well as the current status of XML
document security. We also inspect the standardized Web services security
methods, as well as the current status of the work in progress in this field.
Networks must be designed to provide a high level of security for information that
travels across the Internet or privately managed intranets or extranets.
Algorithms such as third-party authentication, public key encryption, and digital
signature can provide a sufficient level of security. However, security not only
depends on algorithms, standards and products, but companies must also follow
security best-practice recommendations.
SECURITY MANAGEMENT
Service Management
Policy Management
Mechanism Management
Audit & Alert Management
Object Management
Most of the systems involved in Web services today only partially fulfill these
requirements. In the following sections we cover different security approaches
and their limitations.
HTTP transport
HTTP (Hyper Text Transfer Protocol), the most commonly used protocol for
information exchange on the Internet, is an inherently insecure protocol, since all
information is sent in clear text between unauthenticated peers over an insecure
network. It belongs to the group of protocols, such as SMTP, telnet, and FTP, that
were designed in the earlier stages of the Internet when security seemed not to
be an issue and will eventually be replaced by transfer protocols that allow
authentication and encryption.
Its successor is HTTPS, which stands for HTTP via SSL (Secure Sockets Layer).
HTTPS allows client and server-side authentication through certificates, which
have been either self-signed or signed by a certification agency. The client must
support SSL. Upon establishing a secure connection, the server and the client
negotiate the SSL protocol version to use, and a unique session-ID is
established. If the certificate presented by the server is unknown to the client, the
client is free to accept or reject the certificate. In turn, the server can also
demand a certificate from the client. During a secure session, server and client
share a common key pair that allows them to encrypt and decrypt messages they
exchange.
Although HTTPS does not cover all the aspects of general security framework, it
provides a sufficient security level regarding party identification and
authentication, message integrity, and confidentiality. However, authorization,
auditing, and non-repudiation are not provided. Also, it is protocol-based and
therefore all the security disappears once the message has passed the HTTP
server. In addition, the encryption is message-wise and not element-wise; to
access the routing information, we have to decrypt the entire message.
JMS transport
Message exchange between different applications and systems is a powerful
mechanism often used in different solution designs. However, different vendors of
messaging middleware could not standardize their APIs and therefore the
designers were often restricted to one of them. JMS (Java Messaging System),
introduced by Sun in 1999, represented the first platform-independent message
WebSphere MQ transport
IBM WebSphere MQ (formerly IBM MQSeries) is one of the most widely used
middleware solutions for message queuing. It is available on a wide range of
platforms. Its main component is queue manager, a server that manages the
queues and messages in them and takes care of message exchange with remote
queue managers. As we discuss in this section, several, though not all, of the
security requirements are addressed when using WebSphere MQ in SOAP
message transport, either directly or indirectly through JMS.
A queue manager by itself does not provide services such as message integrity,
confidentiality and non-repudiation. However, the queue manager enables
channel encryption using SSL, thus providing message integrity and
confidentiality service. Also, it is possible to implement services such as remote
authentication, message integrity, confidentiality, and non-repudiation using
additional middleware, IBM Tivoli Access Manager for Business Integration
(formerly Tivoli SecureWay Policy Director for MQSeries).
XML encryption
XML encryption is still a work in progress. Its aim is to allow encryption of digital
content, such as GIF images or XML fragments. XML encryption allows the parts
of an XML document to be encrypted while leaving other parts open, encryption
WS-Security
Now that we have discussed Web services security provided either by the
underlying communication channel middleware or at the XML document level, in
this section we give an overview of WS-Security, a standard proposition that
covers security requirements at the Web services level.
The specification is proposed by IBM, Microsoft, and VeriSign for review and
evaluation. In the future, it will replace existing Web services security
specifications from IBM and Microsoft including SOAP Security Extensions
(SOAP-SEC), Microsoft's WS-Security and WS-License, as well as IBM's
security token and encryption documents.
WS-Security terminology
The following is some basic WS-Security terminology used in this section:
Claim Statement that a client makes (for example, name,
identity, key, group, privilege, capability).
Security token A representation of a collection of claims.
Signed security token A security token that is asserted and cryptographically
endorsed by a specific authority (for example, an
X.509 certificate or a Kerberos ticket).
Proof-of-possession Data that is used in a proof process to demonstrate the
sender's knowledge of information that should only be
known to the claiming sender of a security token.
Integrity Process by which it is guaranteed that information is
not modified in transit.
Confidentiality Process by which data is protected such that only
authorized actors or security token owners can view
the data.
Digest A cryptographic checksum of an octet stream.
Signature A cryptographic binding of a proof-of-possession and a
digest. This covers both symmetric key-based and
public key-based signatures. Consequently,
non-repudiation is not always achieved.
Attachment A generic term referring to additional data that travels
with a SOAP message, but is not part of the SOAP
envelope.
Security tokens assert claims, and signatures represent a mechanism for proving
the sender's knowledge of the key. The signature can also be used to bind or
associate the signature with the claims in the security token (assuming the token
is trusted). Note that such a binding is limited to those elements covered by the
signature. Furthermore note that this security model does not specify a particular
method for authentication, but simply indicates that security tokens may be
bound to messages.
Message integrity is provided by using the XML digital signature together with
security tokens to ensure that messages are transmitted without modifications.
The integrity mechanisms are designed to support multiple signatures,
potentially by multiple actors, and to be extensible to support additional signature
formats.
WS-Security: an example
We demonstrate the main aspects of WS-Security in the example in Figure 9-2.
After the SOAP <Envelope> tag comes the list of headers of this SOAP message.
First comes routing information based on the SOAP routing protocol
namespace from Table 9-1 on page 147:
<m:path xmlns:m="http://schemas.xmlsoap.org/rp/">
<m:action>http://fabrikam123.com/getQuote</m:action>
<m:to>http://fabrikam123.com/stocks</m:to>
<m:id>uuid:84b9f5d0-33fb-4a81-b02b-5b760641c1d6</m:id>
</m:path>
Next comes the <Security> header block, which provides a mechanism for
attaching security-related information targeted at a specific receiver (SOAP
actor). This may be either the ultimate receiver of the message or an
WS-Security extensions
Because the WS-Security standard addresses only a subset of security services,
a more general security model was needed to cover other security aspects such
as logging and non-repudiation. This resulted in a common Web services
security model framework, a proposition developed by IBM and Microsoft, which
we describe in the following section.
WS-Authentication
Policies
Privileges WS-Policy
Encryption Keys
WS-Trust
Audit Logs
WS-Privacy
The combination of these security specifications enable many scenarios that are
difficult or impossible to implement with today's more basic security mechanisms
such as transport securing or XML document encryption. At the time this book
was written, the above specification was a proposal under review.
Status
An implementation of WS-Security is available in the Web Services Toolkit
Version 3.2.2. See Chapter 16, “Web Services Toolkit” on page 301 for more
information.
Summary
Web services technology enables a loosely coupled, language-neutral,
platform-independent way of linking applications within organizations, across
enterprises, and across the Internet. In order to achieve the target, however, it is
essential for Web services to provide a sufficient level of security to support
business transactions. Ensuring the integrity, confidentiality and security of Web
services through the application of a comprehensive security model is critical,
both for organizations and their customers.
More information
Because Web services security is a quickly evolving field, it is essential for
developers and designers to regularly check for recent updates. In this section,
we provide some of the most important entry points for your exploration.
For information on IBM Tivoli Access Manager for Business Integration, refer to
this Web site:
http://www.tivoli.com/products/index/access-mgr-bus-integration/
We introduce the products and a simple Web service example that we then
implement in various stages using the products.
In general, the WebSphere family of products are in one of the following groups:
Foundation and tools—This group contains products that represent the
basic functional infrastructure for other products, such as WebSphere
Application Server and WebSphere MQ. It also contains WebSphere Studio, a
development tool for enterprise Web-based applications.
Reach and user experience—In this group we find the products that help the
applications extend their range and reach new customers, such as
WebSphere Portal and WebSphere Everyplace. WebSphere Commerce, on
the other hand, enables customers to create online stores and move their
business from traditional channels to the Internet.
Business integration—Products such as WebSphere MQ Integrator Broker
and its extension, WebSphere Business Integration, help customer to
interconnect their islands of information and make full use of the
message-based architecture.
Packaging
WebSphere Application Server is available in several different configurations
tailored to cover different levels of user requirements.
It supports such core Web services standards as XML, Simple Object Access
Protocol (SOAP), and Web services description language (WSDL). It also
extends the Java 2 Enterprise Edition (J2EE) 1.3 programming model by
providing an infrastructure to support production-ready deployment of Web
services-based applications. This makes it possible to deploy Web services with
the communication mechanism of your choice, including SOAP and HTTP, Java
Message Service (JMS), or Remote Method Invocation Internet Inter-ORB
Protocol (RMI-IIOP).
More information
For more information on IBM WebSphere Application Server, refer to:
http://www-3.ibm.com/software/webservers/
WebSphere Studio
The WebSphere Studio family of products is a set of development tools for
enterprise e-business Java-based applications. Beside programming tools it also
enable the developers to test and deploy their application from the common
environment. The rich set of utilities and wizards help developers to simplify
common tasks so that they can concentrate on more creative parts of their job
and be more productive.
The new WebSphere family of the products combines the functionality of the two
former lines of IBM development tools, VisualAge for Java and WebSphere
Studio (classic). The entire family is based on the WebSphere Studio
Workbench, which contains a released level of the Eclipse Workbench. The
Eclipse Workbench is an open-source project (IBM contributed the initial
Workbench to Eclipse) that provides a general platform for different tools that will
enable them to share the same look-and-feel and to integrate more smoothly.
Enterprise Connectors
(CCF and J2C)
Enterprise Generation Web service flow
Language (EGL) modeling
COBOL and PL/I WSDL Editor
z/OS Development Integrated WebSphere
Environment App Server Enterprise
The Web services tools include those for creating services from Java
components and publishing their descriptions to a UDDI registry. It is also
The Common Versions System (CVS) repository interface is a part of the Studio
Workbench. In addition, Site Developer provides an interface to Rational's
ClearCase LT and includes a ClearCase LT repository. A WebSphere test
environment is also part of the package.
More information
For more information on IBM WebSphere Studio Site Developer, refer to:
http://www.ibm.com/software/ad/studiositedev/
For more information on IBM WebSphere Studio Application Developer, refer to:
http://www.ibm.com/software/ad/studioappdev/
More information
For more information on IBM WebSphere MQ refer to:
http://www.ibm.com/software/ts/mqseries/
Packaging
WebSphere Portal provides three different configurations. The Portal Enable
package is the base offering. Portal Extend and Portal Experience provide
additional functionality for advanced customers.
Portal Enable
WebSphere Portal Enable represents an entry level portal technology that
simplify and speed your access to personalized information and application.
Portal Extend
WebSphere Portal Extend extends the functionality of the Portal Enable by
adding collaborative components and Web usage analysis tools together with
tools to access, organize, and share information. Features include:
Parallel, distributed searching capability
Individual and shared team workspaces with built-in collaborative capabilities
Portal Experience
WebSphere Portal Experience provides new tools and functionality in addition to
all the tools and capabilities contained in Portal Extend. This includes:
Advanced collaboration features for e-meetings, application sharing and white
boarding
Data storage for a broad spectrum of digital information including Facsimiles,
images, PC files, XML, and multimedia.
Content infrastructure for applications such as call centers.
Folder management and document workflow.
Sample Java applications as well as advanced application development tools.
Current status
The most recent version of the WebSphere Portal offerings is Version 2.1.
More information
For more information on IBM WebSphere Portal refer to:
http://www.ibm.com/software/webservers/portal/
WebSphere Everyplace
IBM WebSphere Everyplace products are part of the larger pervasive computing
products which enable users to interchange any information over any network
using any device, not only the traditional desktop.
Products
WebSphere Everyplace group contains three different configurations.
DB2 Everyplace and Lotus Domino Everyplace Enterprise Server are also part of
the package.
Current status
WebSphere Everyplace Access Version 4.2 provides several new features which
include notification services, device management support, additional client
devices support and enhanced offline access to Web content.
More information
For more information on IBM WebSphere Everyplace and other pervasive
computing technologies and products refer to:
http://www.ibm.com/software/pervasive/
WebSphere Commerce
IBM WebSphere Commerce software helps you sell goods and services online. It
supports B2C, B2B, or private exchange business models.
Packaging
WebSphere Commerce comes in three different configurations.
The product provides enhanced features and functions including advanced order
management capabilities to optimize movement of products through the supply
chain, dynamic collaborative technology through Lotus Sametime, portal add-on
capability to provide customers with a personalized single point-of-access and
localization to meed the demands of the customers from different locations.
The bundled product list includes WebSphere Catalog Manager and WebSphere
Payment Manager. The product supports industry standards like Java, JSP, EJB
and XML, therefore providing the connectivity with other middleware and
systems including IBM CICS, IBM MQSeries, and SAP R/3.
Current status
The latest product version is IBM WebSphere Commerce Version 5.4 which
introduced several improvements including better access control based on a
hierarchical policy and roles, advanced user, member, and organization
management, new security and collaboration features, and enhanced catalog
management.
More information
For more information on IBM WebSphere Commerce refer to:
http://www.ibm.com/software/webservers/commerce/
More information
For more information on IBM WebSphere MQ Integrator Broker refer to:
http://www.ibm.com/software/ts/mqseries/integrator/broker/
Current status
At the time of writing of this book, the recent version of the product is IBM
WebSphere Business Integration Version 4.1.
More information
For more information on IBM WebSphere Business Integration refer to:
http://www.ibm.com/software/ts/wbi/
Summary
In this chapter we covered the IBM WebSphere product family, which represents
the basis of the IBM e-business strategy.
The foundation and tools group covers the basic plumbing of the complex
Web-based enterprise applications: Java-based application servers and
message queuing middleware. It also contains tools for rapid application
development.
In the reach and user experience group we find the products that extend
enterprise applications to portals, where they can be reached by the growing
Internet population. They can also extend the reach to users of handheld devices
and cellular phones. Other products help customer moving their traditional selling
operations to the Internet in a controlled scalable manner.
The WebSphere family products are available for a wide range of software and
hardware platforms and they are regularly enhanced to meet the growing and
quickly changing demands of e-business.
More information
The WebSphere family products are regularly updated to cope with the
e-business environment that changes at a high pace. Therefore Internet
represents one of the best sources of up-to-date information.
1 Service
build or definition assemble
have WSDL
WebSphere
Web deploy Web run Web manage Web
Initial build service service service service
build deploy run manage
build Java
or have code assemble publish invoke
1
Client
Service
registry find
Build phase
The first phase is the build phase, when we create a Web service. There are two
possible paths:
The red path (solid)— from the initial state we build or already have Java
code. Using this Java code we build the service definition, WSDL document,
Deployment phase
The second phase of a Web service is deployment. In this phase we deploy the
Web service to an application server. After that, we publish the Web service to be
found by the clients. The publication can be done using a UDDI registry, using a
WSIL document, or by directly providing the information about the new service to
future consumers, for example with e-mail. A combination of all these publishing
methods is also possible.
Run phase
The third phase is the runtime. In this phase the Web service is operative and is
invoked by several clients that require the functionality offered by this service.
Management phase
The final phase is the management phase where we cover all the management
and administration tasks of the Web service application.
Bottom-up
The bottom-up approach is the most common way to build a Web service. We
start with a business application that is already developed, tested and is running
on the company systems. In Figure 11-2 we can see this path.
Service
definition
Generate
WSDL
Service
Application Web Service
We start with the service application and generate the WSDL document for it,
providing all the functionality that we desire to externally expose as a Web
service.
Top-down
The top-down approach is commonly used when we have a standard service
definition and we want to implement this definition to provide the requested
service.
The service definition may, for instance, come from an industry-sector agreement
and may be implemented by any number of providers, for example, when a
group of airlines agree how to provide their plane schedules. In that case, there
is a strict definition of what the providers receive and how they have to respond.
Service
Generate definition
WSDL
Service
Skeleton
Web
Application
Service
Code
The process of creating a Web service using this path can be divided into the
following steps:
Find the service interface
We localize the service definition to use it as the entry point for the
implementation. We obtain the WSDL document through a proprietary
channel from the service provider (e-mail, for example) or through a WSIL
document or by searching a UDDI registry.
Generate the implementation skeleton
Using the service definition, we generate a skeleton with the methods and
parameters that we have to fill in to implement the Web service.
Develop the new Web service
Using the skeleton, we complete all the methods with the appropriate logic.
Depending upon the amount of code that we can reuse from other
applications and the complexity of the service definition, we develop more or
less new code. Finally, we test the new Web service to check that it is
compliant to the specification.
Service
definition
WSDL
WS 3
WS 1 WS 4 WS 5
WS 2
Web Service
The individual Web services, WS n, are linked sequentially. Therefore, the output
of one service is the input for the following service. We can also create different
outputs at runtime depending on the flow characteristics and the input data.
The multiple services path can have both previous approaches, bottom-up and
top-down, in its implementation. The most common is the bottom-up alone or
combined with the generation of one or more top-down services to complete the
sequence. On the other hand, we can consider the creation of a top-down Web
service dividing the resulting service into multiple sub-services that can be useful
for other applications.
Static client
The static client has a static binding created in the build time. This is made
possible because in the development phase we know the interface, the binding
method, and the service endpoint of the Web service that we are going to invoke.
We also decide that we only use this client for that specific service and nothing
else. Therefore, in these cases, the best solution is to use a static client.
e mail WSIL
UDDI
Service registry
1 definition
Find
WSDL
build time
2
Service Generate
definition 3 Bind
WSDL Web
Proxy Service
WS or
client Stub
The use of a public, private, or shared UDDI registry is involved in the process to
dynamically provide to the client a range of entry points available at a specific
time. In Figure 11-6 we can see the process to generate this dynamic client.
UDDI
Service definition
Registry
WSDL
1 Service Service
Find interface implementation
build time
Find
Generate 3
Service runtime
interface
2 Web
Proxy Bind Service
WS or 4
client Stub
Note. Instead of a UDDI registry, Web services inspection language (WSIL) can
also be used to create dynamic clients.
Even more dynamic is when we do not know anything about the service in
advance. In these cases, the service client obtains the service definition WSDL
document from a UDDI registry or WSIL document at runtime. There is no proxy
code generation at build time; it is generated at runtime to bind and invoke the
Web service. This kind of binding requires the presence of a user interface that
can provide the input data and understand the meaning of the output. Therefore,
this last path, totally dynamic, hardly has any real business application.
From the point of view of where the client can reside, the possibilities are:
As a stand-alone Java J2SE application client
As a J2EE application on some middleware container
The different tools and products used in this book offer varying facilities to
automatically generate some of the required code to create a client. Usually
some manual coding is required for most of the cases and is inevitable with a
dynamic client. In Table 11-2 we can see the facilities provided by the different
tools.
Application Developer Generates a proxy, the mapping parameters, and JSPs to test
(SOAP 2.3) the client visually.
Application Developer Generates a proxy, the mapping parameters, and JSPs to test
Integration Edition the client visually. Includes WSIF for dynamic invocation.
(SOAP 2.3) Includes business process flow modeling. Generates Web
services from EIS using connectors.
WebSphere SDK for Generates all the stubs needed to connect with the Web
Web Services service, including the mapping parameters and a service
(Axis) locator (XML file and Java code to locate the service).
For further information about these tools or products and client generation,
please refer to the respective chapters.
More information
For a more comprehensive discussion of the topic, see the document “Web
Services Development Concepts 1.0" from the Web Services Toolkit. It is also
available at the following URL:
http://www.ibm.com/software/solutions/webservices/pdf/WSDC.pdf
Business module
The business module is implemented by the WeatherForecast class. This class
offers the business logic of our example providing three principal functions:
Provide the weather forecast prediction for one specific day
Provide the weather forecast prediction for a whole week
Provide the temperatures prediction for a whole week
Data module
The data module is implemented by the Weather class. This class provides the
content information of a weather prediction. The information contained in a
weather prediction is:
The wind direction in an eight-point compass
The wind speed in kilometers per hour
The temperature in degrees Celsius
The weather condition: sunny, partly cloudy, cloudy, rainy, stormy
The date of the prediction
Back-end module
The back-end module is implemented by the WeatherPredictor class. This class
is responsible for making the simulated prediction about the weather conditions
using random values.
create the
Weather elements
2
populate the
Weather elements
Weather
Weather
Weather
Weather 4
Weather
request weather
information
Weather
Client 1 3 Weather
Forecast
Weather
Weather
request the Predictor
Weather
Weather weather prediction
Weather class
The Weather class is shown in Example 12-1.
/**
* class Weather
* This class encapsulate some weather artifacts for a specific day
*/
public class Weather implements Serializable {
/**
* Default Constructor for Weather.
* initialize with today's date
*/
public Weather() {
super();
date = new Date();
}
/**
* Constructor for Weather.
* Initialize with a given date
* @param theDate
*/
public Weather(Date theDate) {
super();
date = theDate;
}
/**
* @see java.lang.Object#toString()
/**
* Returns the condition.
* @return String
*/
public String getCondition() {
return condition;
}
/**
* Returns the date.
* @return Date
*/
public Date getDate() {
return date;
}
/**
* Returns the windDirection.
* @return String
*/
public String getWindDirection() {
return windDirection;
}
/**
* Returns the windSpeed.
* @return int
*/
public int getWindSpeed() {
return windSpeed;
}
/**
* Sets the date.
* @param date The date to set
*/
public void setDate(Date date) {
this.date = date;
}
/**
* Sets the windDirection.
* @param windDirection The windDirection to set
*/
public void setWindDirection(String windDirection) {
this.windDirection = windDirection;
}
/**
* Sets the windSpeed.
* @param windSpeed The windSpeed to set
*/
public void setWindSpeed(int windSpeed) {
this.windSpeed = windSpeed;
}
/**
* Returns the temperatureCelsius.
* @return int
*/
public int getTemperatureCelsius() {
return temperatureCelsius;
}
/**
* Sets the temperatureCelsius.
* @param temperatureCelsius The temperatureCelsius to set
*/
public void setTemperatureCelsius(int temperatureCelsius) {
this.temperatureCelsius = temperatureCelsius;
}
}
import java.io.Serializable;
import java.util.*;
import java.util.Date;
/**
* class WeatherForecast
* This class is the main entry point into this service.
* It offers three different methods to query the weather.
* The three signatures represent three different "challenges" for the Web
* service, which are:
* - a complex type
* - an array
* - the combination of both
*/
public class WeatherForecast {
/**
* Constructor for WeatherForecast.
*/
public WeatherForecast() {
super();
}
/**
* Method getDayForecast returns one complex weather object for a day
* @param theDate
* @return Weather
*/
public Weather getDayForecast(Date theDate) {
// create a weather object and initialize with concrete day
Weather w = new Weather(theDate);
// fill with values from the predictor
WeatherPredictor.calculateWeatherValues(w);
return w;
}
/**
* Method getWeekTemperatures returns an array with 7 temperatures
* for the week following the start date.
* @param startDate
* @return int[]
/**
* Method getWeekForecast returns an array with 7 complex objects
* describing the weather conditions for the week after the start date
* @param startDate
* @return Weather[]
*/
public Weather[] getWeekForecast(Date startDate) {
// if nothing is passed then use today's date
if (startDate == null)
startDate = new Date();
Calendar theDate = Calendar.getInstance();
theDate.setTime(startDate);
/**
* Method main is just used for testing and debugging purposes
* @param args
*/
public static void main(String[] args) {
System.out.println("Testing weekly weather forecast for next week...");
WeatherForecast fc = new WeatherForecast();
Weather[] theForecast = fc.getWeekForecast(new Date());
for (int i = 0; i < theForecast.length; i++) {
System.out.println(theForecast[i]);
}
}
}
import java.util.Date;
import java.util.Random;
/**
* class WeatherPredictor
* This class predicts several weather artifacts
* for a given date on a daily or weekly base.
* Random values are used for the simulation.
*/
public class WeatherPredictor {
// possible conditions for weather in general and wind directions
private static final String[] possibleConditions =
new String[] { "sunny", "partly cloudy", "cloudy", "rainy", "stormy" };
private static final String[] possibleWinds =
new String[] { "N", "NE", "E", "SE", "S", "SW", "W", "NW" };
/**
* Method calculateTemperatureValues.
* This method takes a startdate and returns an array of temperatures for
* the following week
* @param startDate
* @return int[]
*/
public static int[] calculateTemperatureValues(Date startDate) {
// ignore startDate because this is only simulation !
int[] values = new int[7];
for (int i = 0; i < 7; i++) {
values[i] = random.nextInt(50) + 10;
}
return values;
}
/**
* Method calculateWeatherValues.
* This method takes a weather object and fills it with predicted values
* @param w Weather object to fill with calculated values
*/
Summary
In this chapter, we covered the weather forecast example used in the following
chapters to show how to create a Web service using the different tools or
products. We discussed the different components and how they interact to
provide the weather forecast functionality.
If you are not familiar with the basic steps of how to create Web applications
using Application Developer, refer to the redbooks WebSphere Studio
Application Developer Programming Guide, SG24-6585 (although this redbook is
about Version 4) and EJB 2.0 Development with WebSphere Studio Application
Developer, SG24-6819.
The development path that you would typically follow to create and publish a Web
service is as follows:
1. Create a Web project
2. Create or import an artifact to be turned into a Web service
3. Create a Web service
4. Create a proxy and a test client
5. Publish a business entity and a Web service
Web tools assist you in developing Web applications that you can configure as a
Web service. Web applications are developed in a Web project, and server tools
enable you to use the unit test environment to test and deploy your Web services.
Bottom-up
For bottom-up development, (the most common case) the following data
structures can be used to build a Web service:
JavaBean—The Web service wizard assists you in creating a new Web
service, configuring it for deployment, and deploying the Web service to a
server (which can be the test environment that comes with Application
Developer, or an external application server).
Top-down
For top-down development, Application Developer provides these functions:
JavaBean from WSDL—The Web service wizard assists you in creating a
skeleton JavaBean from an existing WSDL document. The skeleton bean
contains a set of methods that correspond to the operations described in the
WSDL document. When the bean is created, each method has a trivial
implementation that you replace by editing the bean.
JavaBean from XSD—The Web services tools support the generation of
JavaBeans from an XML schema. Using these beans, you can create a
JavaBean Web service.
Client development
To assist in the development of Web service clients, Application Developer
provides this function:
Java client proxy and sample application from WSDL—The Web service
client wizard assists you in generating a proxy JavaBean and a sample
application. The sample Web application demonstrates how to use the proxy
bean in a client program.
Note that the proxy and sample can also be generated in bottom-up and
top-down approaches for testing of the generated Web service.
In summary, the tool offers many opportunities to create Web services from
bottom-up (starting from server-side code to generated the WSDL document and
the proxy code), but only limited opportunities to generate a service from
On the client side, the invocation can be implemented in a static or dynamic way.
Both options can be implemented using Application Developer.
Selected scenarios
In the next four sections we focus on the following scenarios:
Bottom-up development by generating a Web service from a JavaBean
Top-down development by generating a JavaBean from an existing WSDL
Bottom-up generation of a Web service from a URL
Bottom-up Web service generation from DADX
We describe how to use WebSphere Studio wizard to create a Web service that
returns information from the weather forecast service. The wizard guides us
through generating the WSDL document from the JavaBean, creating a proxy
bean, and testing the Web service in a Web browser using the generated test
JSPs, the universal test client, and the built-in WebSphere test environment.
To import the WAR file, follow these steps in the Web perspective:
Select File -> Import to open the Import wizard, then select WAR file and click
Next to open the import window (Figure 13-1).
Enter the file name in the WAR file field. You can click Browse to locate and
select the file ItsoWebServADWEB.war file from the downloaded sample code
(d:\sg246891\sampcode\wsad\bottom-up\ItsoWebServADWEB.war).
For the Web project select New and enter ItsoWebServADWEB as the project
name.
For the enterprise application select New and enter ItsoWebServEAR as the
project name.
Click Finish and the Web and EAR projects are created.
..code\wsad\bottom-up\ItsoWebServADWEB.war
Next we create the weather forecast Web service using the Web service wizard.
Select File -> New -> Other. Select Web Services to display the various Web
service wizards. Select Web Service and click Next to start the Web Service
wizard.
We go through all the pages of the wizard. Click Next on each page to get to the
next window.
From the Client proxy type drop-down menu, ensure that Java proxy is selected.
Figure 13-2 shows the window after making these selections.
Deployment Settings
The Web Service Deployment Settings page allows you to select from supported
runtime protocols and deployment servers. Make sure that ItsoWebServADWEB is
selected as the Web project.
When you select a method, the input and output encoding are displayed. The
encoding style defines how the Java types in the client and server are mapped to
the XML types in the SOAP message:
For all three methods, SOAP encoding is selected by default. SOAP encoding
covers all basic data types as well as JavaBeans containing basic data types.
The current page of the wizard shows the language mapping from Java types to
XML types (Figure 13-5).
Note that the proxy is generated into a separate Web project named
ItsoWebServADWEBClient. You could overtype the default project name. The
name of the proxy defaults to proxy.soap.WeatherForecastProxy. Select the
Show mappings check box.
Test
In the Web Service Test page (Figure 13-7) you decide which facility to use to
test the Web service. The choices are:
Web service sample JSPs—Generates a set of four JSPs into the folder
sample/WeatherForecast in the client Web project (default).
Web tools Java bean JSPs—Generates an HTML page, a result JSP, and a
ViewBean class into the client Web project. Note that not all data types are
supported in this option.
Universal Test Client—The universal test client is started and the proxy bean
is instantiated. In “Testing the Web service” on page 213, we describe in
detail the functionality of that test client.
The Web service is deployed in the Web project and the Web project is deployed
to a WebSphere test server:
A server is created: WebSphere v5.0 Test Environment.
The enterprise application is added to the configuration.
The sample JSP test client is launched to test the Web service.
The Web Service Explorer is launched in an external Web browser to publish
the Web service (only if you select publishing in the last step of the wizard).
If you have problems creating the Web service, consult the online documentation
and the d:\workspace\.metadata\.log file.
Generated files
Before we test the Web service, let’s look at the generated files (Figure 13-8).
JavaBean
Proxy
Admin
application
ISD
file test
sample
WSDL
and
XSD
files
deployment
descriptor
Server project Client project
Figure 13-8 J2EE Navigator view after the generation of the Web service
...
public class Weather extends AnyType
{
public Weather()
{
addElement("date", java.util.Date.class);
addElement("temperatureCelsius", java.lang.Integer.class);
addElement("windSpeed", java.lang.Integer.class);
addElement("windDirection", java.lang.String.class);
addElement("condition", java.lang.String.class);
}
A Call object is filled with the method name, encoding style, target URI, and
parameters. The Web service is invoked and the result examined. A good result
is converted into the required return type.
Figure 13-11 shows the sample test client in the internal browser. You can also
type the URL into an external browser.
By selecting Universal Test Client in the Web services wizard (Figure 13-7 on
page 208), the universal test client is started in a browser pane with this URL:
http://localhost:9080/UTC/preload?object=proxy.soap.WeatherForecastProxy
To start the universal test client manually to test the Web service, select the
WeatherForecastProxy in Java Source/proxy/soap and Launch Universal Test
Client (context). This starts the program and instantiates the proxy object.
To see the full result, click Work with Object. Expand the Weather object and
select Inspect Fields (Figure 13-15).
Writing a client
In this section we develop a small Java client application that invokes the three
methods of the Web service using the proxy.
To incorporate client code you have to create or use a suitable project in which
you develop the client code; in our case we use the ItsoWebServADWEBClient
project. Figure 13-17 shows the client program:
The main method invokes the three Web services.
The niceFormat method is used to format a Weather object.
Run a client
Run any of the clients, for example the sample test client. When you select Run
on Server you are prompted to select to run the browser with or without the
TCP/IP Monitor.
Note that this affects only the HTTP traffic from HTML pages and JSPs; the
SOAP traffic from the proxy is already routed to port 9081. If we only want to
watch the SOAP traffic, we can select the normal Web browser.
For each request you can see the input message in the left pane and the output
message in the right pane. The SOAP input message for the getDayForecast
operation is:
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<SOAP-ENV:Body>
<ns1:getDayForecast
xmlns:ns1="http://tempuri.org/itso.wsoj.WeatherForecast"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<theDate xsi:type="xsd:dateTime">2003-01-07T08:00:00.000Z</theDate>
</ns1:getDayForecast>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
Target URL
Do not forget to reset the target URL in the WeatherForecastProxy class. Note
that you can change the target URL dynamically by invoking the setEndpoint
method of the proxy object. This eliminates the change in the source code.
Note: The service file contains the location where the service runs. This is
not required to create the skeleton JavaBean. All that is required is the
binding and the interface. The service file is generated for us.
In the Web Service Skeleton Java Bean Configuration page, change the
skeleton class name to itso.service.WeatherForecast. Note that the WSDL
service document is generated into its own folder:
/ItsoWebServADWEBBean/Web Content/wsdl/service/WeatherForecastService.wsdl
In the Web Service Building proxy Generation page, change the project name
to ItsoWebServADWEBBean (we don’t want an extra test project).
In the Web Service Test page, select Web service sample JSPs. Leave the
other defaults.
In the Web Service Publication page, click Finish.
Generated files
The generated files include:
itso.service.WeatherForecast—The skeleton JavaBean
itso.wsoj.Weather—The weather bean (same as in the bottom-up approach)
proxy.soap.WeatherForecastProxy—The proxy bean
The admin folder with the SOAP administrative application
The WEB-INF/isd folder with the WeatherForecast.isd file
The wsdl/service folder with the WeatherForecastService.wsdl file
If you started with an existing service file, then this file is the new service file
for your installation.
The sample/WeatherForecast folder with the sample test client.
The dds.xml deployment descriptor.
import org.w3c.dom.*;
To implement a real server, replace the skeleton code with the implementation
that we provide in the sample code (WeatherForecast and WeatherPredictor):
Select the itso.service package and Import (context). Select File system
and locate the \sg246891\sampcode\wsad\top-down\bean folder.
Select the WeatherForecast and WeatherPredictor files. Be sure to select
Overwrite existing resources without warning.
These two files are basically the same as in the bottom-up solution. The minor
differences are:
The package name is itso.service (instead of itso.wsoj).
An import for the generated itso.wsoj.Weather class is added.
The WeatherForecast code to instantiate a Weather object is changed:
old: Weather w = new Weather(theDate);
new: Weather w = new Weather(); w.setDate(theDate);
The generated Weather class does not have the Weather(Date) constructor.
Tip: If you have to regenerate the client proxy, start the Web service wizard
with File -> New -> Other -> Web Services -> Web Service Client and select
the wsdl/service/WeatherForecastService.wsdl file.
The servlet accepts one parameter called method, with values day, week, or
weektemp, to invoke the three functions of the weather forecast application.
You can also invoke one of the methods directly with the URL:
http://localhost:9080/ItsoWebServADWEB/WeatherForecastServlet?method=day
Select the WeatherForecastServlet and Add Port, expand the service, and a
NewPort is displayed.
Select the NewPort and Properties. Change the name to WeatherPort, the
HTTP address to http://localhost:9080/, and click OK.
Two WSDL files are generated into the wsdl folder. Note that there is no separate
file for the service interface; the binding file includes the definition of the interface.
Open the files and study the content:
WeatherForecastServletBinding.wsdl <=== binding and interface
WeatherForecastServletService.wsdl <=== implementation
When you open the proxy class, you can see that the servlet is invoked directly
using HTTP-GET; SOAP is not involved.
In the Methods pane select the forecast method. Enter day, week, or weektemp
and select Invoke. Figure 13-25 shows the generated HTML markup as the result
of the invocation of the servlet with day as the parameter.
DADX group
DADX supports two types of Web service operations: XML collection operations
(in conjunction with DB2 XML Extender) and SQL operations.
A DADX group contains connection (JDBC and JNDI) and other information that
is shared between DADX files. To use DADX files as Web services, the Web
services object runtime framework (WORF) provides the runtime support. WORF
supports the specification of storage and retrieval operations on XML data.
WORF is shipped as part of Application Developer.
The following steps have to be performed (for the latter three steps, Application
Developer offers wizards):
1. Create (or identify) the SQL statement to be used for the Web service.
2. Create a DADX Group (by selecting File -> New -> Web Services -> Web
Services DADX Group Configuration ).
3. Create the DADX file from the SQL statement (by selecting File -> New ->
Web Services -> DADX File).
4. Generate the Web service from the DADX file (by selecting File -> New ->
Web Services -> Web Service and then choosing DADX Web Service as the
Web Service type).
Application Developer provides the IBM Web Services Explorer tool—also called
the UDDI Explorer—that enables you to publish and maintain your business
entity, business services, and service interfaces. We do not describe UDDI
basics here, because they are presented in detail in Chapter 4, “Introduction to
UDDI” on page 61.
Before you work with a UDDI registry, you must get an ID and password for that
registry. To register with the IBM test registry, use a Web browser and enter:
http://www.ibm.com/services/uddi
Click the icon for the UDDI V2 Business Test Registry and follow the link Get an
IBM user ID and password.
Figure 13-26 Web Services Explorer ready to enter the business entity
For distributed scenarios, the host name can be changed here, but it
can also be changed easily after publication in the registry.
– Back in the Web Services Explorer window, in the Name field of the
Actions pane, type WeatherForecast.
– In the Description field of the Actions pane, type a description that helps
you identify the service more easily, because there is a chance that some
other forecasts have been published before. Figure 13-28 shows the
completed Actions pane.
– When you have finished entering the service information, click Go.
The Web Services Explorer is automatically updated with your published Web
service. If your update is successful, the Status pane displays:
Service interface http://wsoj.itso.wsdl/weatherforecastbinding/ was
successfully published.
Service WeatherForecast was successfully published.
There are several ways to search for Web service. You can discover a Web
service by searching for a business entity, business service, or service interface.
Here is how to search directly for the name of the service:
Start the Web Services Explorer icon on the main toolbar.
In the Web Services Explorer toolbar, select the Favorites icon .
Expand Favorite UDDI Registries. Here you can choose any registry you want
to browse. Because we have published our Web service on the IBM UDDI test
registry, click IBM UDDI Test Registry.
In the Actions toolbar, click the Add to UDDI Page icon .
Once you have accessed the WSDL document, you can start to build a Web
service from the top down as described in “Creating a Web service top-down
from WSDL” on page 224.
Click Browse to locate the target directory. By default the output file is named
ItsoWebServEAR.ear. For WebSphere, the target location is usually the
installableApps directory:
D:\WebSphere\AppServer\installableApps\ItsoWebServEAR.ear
Second, we took a WSDL document and generated the server-side code for a
new Web service.
More Information
The IBM redbook Web Services Wizardry with WebSphere Studio Application
Developer, SG24-6292, also provides an insight into the tools provided by
Application Developer. However, that book refers to Application Developer
Version 4, where minor changes apply.
Also, the online help that come with WebSphere Studio Application Developer
provides information and tutorials for creating and using Web services.
Like Web services, enterprise services offer access over the Internet to
applications in a platform-neutral and language-neutral fashion. In addition, they
offer access to enterprise information systems (EIS) and message queues, and
can be used in a client/server configuration without the Internet. Enterprise
services can access applications and data on a variety of EIS systems and in a
variety of formats. And these services can be combined to form a new service.
Assuming that you have a WSDL file that contains the service interface
definitions (port types, operations, and messages), you can follow these steps to
add bindings and port definitions for the service and generate either a Java or
EJB skeleton for the implementation of the service:
Create a service project.
Import the interface files (WSDL).
Create an EJB project if an EJB skeleton is to be generated (this step is not
necessary when creating a simple Java skeleton).
Generate the service skeleton using the New Service Skeleton wizard, found
by clicking New- > Other -> Business Integration -> Build from service.
Implement the business logic in the skeleton.
Deploy the service as an EAR file to an application server.
Resource adapters
The J2EE Connector Architecture (JCA) is a standard way for a Java component
to connect to any enterprise system. It is part of the J2EE standard, introduced in
the J2EE 1.3 specification. WebSphere Application Server 5 is J2EE 1.3
compliant and therefore supports the connector architecture. The JCA states that
the way an application server communicates with an enterprise system (such as
CICS) is through a resource adapter.
A Java client that interacts with an EIS uses a resource adapter specific for that
EIS. For example, a client connecting to IMS requires an IMS resource adapter.
Figure 14-1 illustrates how resource adapters are used by services to access
legacy systems.
Enterprise
Front Service
end
CCI
Legacy
Resource application
adapter and data
native
IBM provides JCA adapters for CICS, IMS, and Host On-Demand (HOD). Other
companies provides JCA adapters for a range of products, such as SAP,
PeopleSoft, Siebel, and Oracle ERP. A list of JCA adapters is provided at:
http://java.sun.com/j2ee/connector/products.html
Services view
The Services view displays the service resources. The view presents two folders:
Service Projects—Contain service definitions, as well as other supporting
resources, such as Java, COBOL, and C source files.
Deployable Services—Contain the resources that can be deployed, which are
the generated EJBs or Web services that wrap the actual implementation.
There are several ways to launch the tool components from the perspective. The
quickest path is to launch them through the tool bar that the perspective offers.
Another way is through pop-up menu choices and a resource creation window.
The name of the WSDL file that is open is shown in the tab at the top of the
WSDL editor view. You can have more than one WSDL file opened in the editor.
Each file shows up as a separate tab at the top of the Editor pane. Often you split
a WSDL document into two or three files to separate service, binding, and
interface information. The linkage between these corresponding WSDLs is
maintained by the editor, and whenever you access some information that is
provided in another file, that file is opened automatically.
Business process
There are a number of artifacts and components that can be exposed as
services. Web services, JavaBeans, and enterprise beans can all be used to
implement certain pieces of your business. The combination of more than one of
such services is called a business process. A business process is the outcome of
choreographing and combining services together.
A business process is also often a single activity from a client point of view. The
client is not aware of all the internal actions (services) that are required to
perform the function.
Integration Edition allows you to model such business processes in an easy way.
These business processes themselves can then be deployed and exposed as
new enterprise services for clients.
Process editor
The process editor is a graphical modeling environment used to design
processes that execute individual activities in a predetermined sequence to fulfill
an overall business goal. The process execution begins at an input activity and
Compare the lists of element with the description in “Business process execution
language for Web services” on page 125.
The example takes a week number as input and returns the temperature in
degrees Fahrenheit of the first day in that week. The example uses the weather
forecast service described in earlier chapters.
In our example, the external services for weather forecast and temperature
calculation are placed in a separate Web module within the same enterprise
application project to make testing and starting of servers simpler.
If you import the EAR without the Preserve project names option, you get errors
after import. In this case, select each Web project and Properties, and on the
Libraries page click Add Variable and add the SOAPJAR variable. This action
should remove the error messages from the Tasks view.
Before continuing, it is a good idea to test that the services are up and running,
either with the universal test client or a sample client. The Web modules also
include the WSDL files, which are located inside the Web projects. To test, you
would have to define a server, but you can wait to test until you define a server
for the testing of the sample process.
Copied from
ItsoWebServWFWeb
Copied from
ItsoWebServTCWeb
Figure 14-5 Services view with the WSDL files that will be used in the process
Every business process must have an input and an output operation. The input
operation is called to start the process. If the service is synchronous, the input
operation can return the result. If the service is asynchronous, the result of the
business process can be sent to another operation that can act upon the result.
If you had defined operations for the business process, you could specify them at
this time in a top-down design. Because we do not have defined operations that
our process must implement, we accept the default on the next wizard page and
select Define business process interface later. Click Finish.
The graphical business processor editor opens and displays an Input and Output
node as shown in Figure 14-7.
Note that there are three WSDL files for each service. The most interesting is the
file that typically contains the word Service in it, because it is the root document
and imports the others.
When we drop a service WSDL file on the white area, a window pops up (as
shown in Figure 14-8), where you can define which of the services, port types,
and operations you want to use at this point.
In general we want to pass the weather information from the weather forecast
service to the temperature calculator service, and the calculator result to the
output.
After connecting all the services and the input and output nodes, the first draft of
our process is shown in Figure 14-9.
input terminal
output terminal
However, the process is not finished yet. We just connected the two services by a
control link, but we totally ignored the fact that these two services require their
input parameters in a specific data type:
Our business process has an integer (week number) as input, but the
WeatherForecast requires a date.
Also, the WeatherForecast returns a Weather object as result and the
TemperatureCalculator requires an integer (the temperature value inside the
Weather object).
In the Properties window of a service that can be reached using the context
menu, there is a section called Implementation that specifies the messages and
variables associated with the in- and outbound terminals of that service. The
concrete message that is used is defined in the WSDL document of the service
and cannot be changed.
In the case where one operation has defined the same output message as the
next service input message, you would not have to specify anything. Of course
this is not the case in general and we have to implement converters:
We define a variable for the output message of the first activity.
We define a variable for the input message of the second activity.
We write a converter that fills the second variable with data of the first
variable.
Service:
Service: getDayForecast int tempC = convertCelsiusTo TemperatureCalculator
WeatherForecast
Operation:
Response Weather object weather. int FahrenheitRequest Operation:
(Weather object) getTemperature() (int) convertCelsius..
getDayForecast
ToFahrenheit
The services (activities) have been added to the process and the messages are
defined in the WSDL file of each service. We now have to specify the variables
for the input and output messages and implement a converter.
Using the second approach you define variables for input and output terminals
for both Web service calls:
getDayForecastRequest—input of weather forecast
getDayForecastResponse—output of weather forecast
convertCelsiusToFahrenheitRequest—input of calculator
convertCelsiusToFahrenheitResponse—output of calculator
(2)
Figure 14-11 Defining variables for in- and outbound messages of operations
The input parameter for the business process is the week number. We use the
predefined variable input for this, and its default type of Int is what we require
for the process. Figure 14-13 shows the complete set of variables in the
Variables tab.
Note: You can also grab the endpoint of a link and move it to another terminal.
To edit the Java code, select the Java snippet icon and Show Java (context) or
click Show Java in the selection bar. In the source code pane underneath the
process flow, you can see and update the code that is executed in that process
step.
In the snippets we use short names for the Java classes. To remove error
messages, we have to add import statements to the class:
Select the empty canvas to see the Java import statements.
Add these statements:
import wsdl.itso.wsoj.WeatherForecast_msg.*;
import wsdl.itso.wstc.TemperatureCalculator_msg.*;
import java.util.Calendar;
import java.util.Date;
import itso.wsoj.Weather;
Save the process. Only one warning remains in the Tasks view, indicating that
the input node requires an operation.
Important: Whenever you add custom code into a Java snippet or another
method in the process class, be sure to add your code only within the
comments user code begin and user code end. Code in other places is
removed without any notice whenever the process class is regenerated.
The context menu of the Input node provides the Generate WSDL interface
selection:
This window offers options for the interface definition, for example whether it
is a synchronous or asynchronous service:
– For synchronous service, the process is called and right after execution it
returns a result message to the caller.
– For asynchronous service, the call returns nothing, and the client is
responsible for querying the result later on. The asynchronous model
offers a large amount of flexibility but also requires a more complex
programming model on the client side.
On the second wizard page you can choose the interface definitions, such as
port type and operation, which should be used for this process.
In our example all the defaults are fine. You will have to regenerate this interface
whenever the interface of the process has changed, but not if the internals of the
process have changed.
Within the wizard you can first choose to create a new port or use an existing
port. The choice depends on whether this is a brand new service (our case),
or if you already deployed the service before.
Another option is to choose the binding for this service. Remember that
Application Developer (not Integration Edition) only supports Web services
The wizard creates an EJB as implementation for the business process and
defines the binding as chosen. Therefore new projects are created, such as an
EJB (ItsoWebServBPServiceEJB) and a Web (ItsoWebServBPServiceWeb) project.
The Services view in the Business Integration perspective now displays a second
section called Deployed Services, where you can find these generated projects
with the appropriate EJB that implements the process behavior (Figure 14-17).
Process
WSDL
interface
binding
service
For our sample business process, the FDML file is named temperature.fdml. In
this section we look at extracts of the FDML file.
Start
The file starts with:
<?xml version="1.0" encoding="UTF-8"?>
<fdml xmlns="http://www.ibm.com/schemas/workflow/wswf"
..............">
<wf:flowModel autoDelete="true" canRunInterrupted="false"
canRunSynchronous="true" name="temperature"
requiresCompensationSphere="false"
validFrom="2003-01-01T12:00:00">
<wf:description>microflow file</wf:description>
<wf:documentation>This is a long description.</wf:documentation>
..... activities, messages, links
</wf:flowModel>
</fdml>
Service activity
This code extract shows the service activity that invokes the weather forecast
Web service. The activity refers to the WSDL file of the Web service and to two
messages, in and out, that are defined elsewhere.
<wf:activity name="getDayForecast">
<wf:input messageType="MessageType_3" name="in"/>
<wf:output messageType="MessageType_4" name="out"/>
<wf:operation invocationType="WSDL2">
<service:wsdlOperation input="getDayForecastRequest"
operation="getDayForecast"
output="getDayForecastResponse"
portType="WeatherForecast"
portTypeNS="http://wsoj.itso.wsdl/WeatherForecast/"
service="WeatherForecastService"
serviceNS="http://wsoj.itso.wsdl/WeatherForecastService/">
<wf:wsdl
location="file:itso/wsoj/WeatherForecastService.wsdl"
resolutionTime="deployment"/>
</service:wsdlOperation>
</wf:operation>
</wf:activity>
Data map
A data map refers to the internal method that prepares the message content.
<wf:dataMap name="DataMap0_4" target="getDayForecast" targetTerminal="in">
<wf:output messageType="MessageType_3" name="out"/>
<wf:mapping type="WSDL2">
<service:mapping>
<service:mappingjava className="itso.wsie.temperature"
methodName="mappingOutputGetDayForecastRequest"/>
</service:mapping>
</wf:mapping>
</wf:dataMap>
Control link
The control link between the Java snippet and the Web service activities refers to
the output and input terminals of the two activities the link connects.
<wf:controlLink name="_wConditionalControlConnection_4"
source="prepareDate" sourceTerminal="out"
target="getDayForecast" targetTerminal="in">
<wf:transitionCondition type="Built-in">
<wf:true/>
</wf:transitionCondition>
</wf:controlLink>
Create a server project named Servers. Then create a server and configuration
named ProcessServer and select WebSphere version 5.0 -> EE Test
Environment. This process adds two enterprise applications to the workspace:
BPEContainer, with three modules (one is a Web client Web project)
BPERemoteDeploy, with two modules (one is a SOAP client Web project)
Add the two EAR files of our process and Web services to the server:
ItsoWebServBaseEAR—which runs the weather forecast and temperature
conversion services (ItsoWebServWFWEB and ItsoWebServTCWEB)
ItsoWebServBPEAR—which holds the business process
Every time the process is changed, you have to redeploy it. In the Servers view,
select Deploy Process in the context menu of the EE Server (Figure 14-18).
Start the server. You should not get any exceptions and stack traces in the
console.
Select Run Process Web client in the context menu of the server (Figure 14-18),
or by just calling the URL http://localhost:8080/bpe/webclient.
A welcome page appears where you can select Open the work item manager, or
if you wait the work item manager opens automatically (Figure 14-19).
Enter a value for the week number and click Start Process. A result page should
present the result object or an exception if something went wrong.
Note: Although the business process Web client can be used to start business
process instances, its primary function is for viewing and interacting with work
items created for a staff activity. Asynchronous business processes started in
the Web client will not invoke their one-way operations specified for the output
and fault activities. Interaction with events is also something that is not
possible from within the Web client. Support for these two items is available
through a proxy test client.
Figure 14-20 Using the business process Web client to test processes
Server configuration
When defining a WebSphere version 5.0 EE Test Environment server, the
configuration automatically includes two EAR projects: BPEContainer and
BPERemoteDeploy.
If you open the server configuration on the Data source page, you find that a
Cloudscape JDBC provider (BPEJdbcDriverCloudscape) and a data source
(BPEDataSourceCloudScape) have been defined. This data source is used by the
On the JMS page, you find a set of queues registered and that the JMS server is
started. These queues are also used by the process container.
Do not forget to invoke Deploy Process (Figure 14-18 on page 270) before
testing business processes.
First you have to start the server and install all the necessary EAR projects of
your application. If you want to use the server for debugging, you have to
configure the debug mode for the application server:
Start the Administrative Console and navigate to Servers -> Application
Servers.
In the Configuration tab select Debugging Service and make sure that Startup
is selected.
For the JVM debug port enter 7777, and for the JVM debug arguments make
sure that the address entry shows 7777 (Figure 14-21).
Because you normally step quite slowly through the code, it is necessary to
turn off the transaction time-outs. Therefore, select Additional Properties ->
Transaction Services and change the Total transaction lifetime time-out to 0.
Save the configuration and restart the server to make the changes effective.
In the debugger you can then attach to the server process as described
below.
The architecture for the process debugger is the same as for debugging or
profiling Java application. You can easily debug applications that run within the
Integration Edition.
Furthermore you can use the IBM Agent Controller to debug applications that run
on a remote WebSphere Application Server Enterprise.
Setting breakpoints
To stop somewhere in the process, you have to set breakpoints. You can set
breakpoints anywhere in your Java code, and you can also set them in your
process:
Select Add Breakpoint in the context menu of a control link.
Select Add Breakpoint Before/After Activity in the context menu of an activity.
Start debugger
Start the server in debug mode and the Debug perspective opens.
After the server is started in debug mode, it is started in the step-by-step mode,
which means that the execution is paused as different objects or components
within the server are called. Whenever a new step is started, a window prompts
you for further execution. You can decide to step into or skip a certain step. There
is also the possibility to select Disable step-by-step mode and stop at
breakpoints only.
Start the process Web client and start the process. Execution stops at
breakpoints. Figure 14-22 shows the Debug perspective with execution stopped.
Note: The regular Debug perspective does not honor breakpoints set in the
process; only breakpoints set in the Java code of the process are honored. To
debug at the process level, you have to use the Process Debug perspective.
Process debugging
There is a new Process Debug perspective that can be used for high-level
debugging of the business processes.
Open the Debug Process perspective (after the server has been started in debug
mode). Then click the Attach to Process Engine icon ( ) and a window opens.
Select the host to which to connect; for debugging in your own machine select
localhost. Select the server process and click Finish.
You can start a business process by starting an appropriate action in the Web
client. You can also start a business process from the Process Debug view.
There you find Create Process Instance in the context menu of all processes.
Since your process in general requires input parameters, you will be prompted in
the Web browser.
Stopped here
If you want to do more detailed debugging, you can step into the Java code and
debug at that level. You can then switch between the Process Debug perspective
and the Debug perspective (Java code).
You can also watch any variables that are defined in the process. Figure 14-24
shows the Variables view at two breakpoints, just after beginning the process and
before ending.
In the Process Debug view, you can detach the process using the context menu.
Afterwards you can stop the server.
Note that you can only deploy and run business processes on WebSphere
Application Server Enterprise Edition.
You will see many errors in the Tasks view because the Java build path is not
imported correctly and the service project is not recognized either.
Web project
Select the ItsoWebServBPServiceWeb project and Import -> File system.
Locate the directory:
\sg246891\sampcode\wsadie\zSolution\Web
Import the .classpath file (select Overwrite existing resources without
warning).
Delete the itso folder under Java Source.
Select the project and Rebuild Project.
EJB project
Select the ItsoWebServBPServiceEJB project and Import. -> File system.
Locate the directory:
\sg246891\sampcode\wsadie\zSolution\EJB
Import the .classpath file (select Overwrite existing resources without
warning).
EAR project
Open the deployment descriptor (application.xml) of the
ItsoWebServBPServiceEAR project.
Make sure that the ItsoWebServBPService.jar file is listed under Project
Utility JARs on the Module page.
Start the server, then select Run Process Web client (context) and run the
application.
The Business Integration perspective with all its views and editors enables a
graphical modeling of complex workflows that combine other services and/or
Java code into a business process. The business processes can be exposed
again as enterprise services that are used by clients or other business processes
as a single activity.
The enhanced WSDL editor provides for easy manipulation of WSDL documents
that are stored in multiple files.
More information
Refer to the online help in WebSphere Studio Application Developer Integration
Edition for further information about those topics. There are many concepts
described and well-documented examples show you how to implement and test
enterprise services and workflows.
The WSDK is based on open specifications for Web services such as SOAP,
WSDL, and UDDI, and runs on Windows and Linux operating systems.
There is some confusion about the different packages for developing Web
services on top of WebSphere Application Server and in this chapter we explain
the differences between the three packages:
IBM WebSphere SDK for Web Services (WSDK)
IBM Web Services Toolkit (WSTK)
See Chapter 16, “Web Services Toolkit” on page 301.
IBM WebSphere Web Services for J2EE Technology Preview
See Chapter 17, “WebSphere Web Services Technology Preview” on
page 317.
The Web Services Toolkit (WSTK) delivers early implementations of new Web
services technology to developers, and acts as a consolidator of Web services
technologies from various IBM development and research labs. Unlike WSDK,
the WSTK does not have an embedded application server or private UDDI
registry. The WSDK is therefore ideal for running services developed with WSTK.
WSTK exposes the Axis programming model.
The WebSphere Web Services for J2EE Technology Preview does not come
with an application server and must be installed on top of WebSphere Application
Server Version 5. The technology preview is based on Axis but does not expose
the Axis programming model (same as for WSDK).
You can use WSDK without WSTK to develop industry-standard Web services
applications, or you can use it with WSTK if you want to explore the latest
emerging technology developments in Web services.
Application server
The application server includes a private UDDI server, used for publishing and
discovery of Web services using the UDDI protocols. The UDDI server itself runs
as an enterprise application (EAR) within the application server.
Documentation
WSDK documentation is divided into five sections:
Learning paths—This section provides tailored learning paths with different
learning objectives, from Web services basics to an architectural view.
Concepts—This section talks about the Web services technologies, such as
XML, SOAP, WSDL and UDDI. It also explains WS-Security, the Web services
architecture and the J2EE specifications for Web services.
Tasks—This section explains how to Web service-enable your J2EE
applications, or implement an existing Web service from its WSDL document.
It also tells how to secure your Web services applications and develop several
types of Web services clients.
To access the documentation for WSDK, use the wsdkHelp command, located in
the <WSDK-install-dir>/bin directory, or click the WSDK Help icon.
Sample applications
There are eight sample applications located in<WSDK-install-dir>/apps. These
sample applications cover a range of scenarios for Web services, include code
for both provider (server side) and requestors (client side), and also have
examples of publishing and finding Web services using UDDI. They are:
Sample 1—A request-response Web service created from a JavaBean and a
Web service requestor using the JAX-RPC service locator.
Sample 2—A request-response Web service created from a session
enterprise bean and three Web service requestors for it:
– A J2EE client running in the WebSphere client container and using JNDI.
– A J2EE EJB client running in the EJB container and using JNDI.
– A J2SE client running as a stand-alone application and using the
JAX-RPC ServiceFactory.
Sample 3—Publishes and then unpublishes sample 1's Web service using
the UDDI registry publish API.
Sample 4—Demonstrates dynamic discovery and invocation of Web services
using the UDDI registry inquiry API.
Sample 5—Demonstrates the use of complex types in Web services.
Sample 6—A one-way Web service implemented as a JavaBean from a
WSDL document.
Sample 7—Demonstrates how headers and faults are handled by SOAP and
WSDL.
Sample 8—Demonstrate WS-Security digital signature, encryption,
authentication and ID assertion.
The sample applications are already built and deployed to the application server,
so that you can run them as soon as you have installed WSDK.
<Timestamp>
With WSDK, SOAP messages that include these security elements can be
exchanged by providing XML configuration files at both client and server sides.
Bean2WebService
The Bean2WebService tool generates a fully deployable Web service from a Java
class, and optionally deploys it onto the application server.
EJB2WebService
The EJB2WebService tool generates a fully deployable Web service from a
stateless session EJB contained in an EAR file, and optionally deploys it to the
application server. Note that only Version 2.0 of the EJB architecture is
supported.
The main output of this tool is a modified version of the original EAR file, which
contains a fully deployable Web service. If you do not specify the
-server-side-only option, a client-side directory that contains some extra .java
files is also created.
Note that you can perform stage 1 several times to create related Web services
in the same project directory. In stage 3 you can then create a separate module
for each of these Web services and add them to the same EAR file.
After you have written the implementation code, compiled it, and run the tool
again with the -createEar <File.ear> option, the output will be either a new or
updated EAR file containing a Web service module for each of the Web service
names specified with the -add argument. You will also notice that the server-side
classes that implement the Web service have been moved to the
WEB-INF/classes directory, which is the normal location.
UDDIPublish
The UDDIPublish tool publishes either a business entity or a business service to
a public or private UDDI registry. When publishing a service, the tool creates the
necessary binding template and tModel elements in the UDDI hierarchy and
associates the service with an existing business. By default, the tool publishes to
the private WSDK registry.
Additional properties
With the -uddiprops argument of UDDIPublish, you can specify the location of a
Java properties file that contains additional input information. Businesses and
services can have this additional classification information associated with them
in the registry to assist in the discovery process. This information can be added
in the form of a keyed reference to the published item's category bag structure. A
category bag can contain numerous keyed references, each one containing the
name and the value of a category to which the published item belongs.
You can use the provided speedstart.properties file with UDDIPublish to create
and categorize businesses and services in the public IBM UDDI V2 Business
Test Registry as being part of the IBM Speed Start program (Figure 15-2):
<WSDK-install-dir>\appserver\properties\speedstart.properties
UDDIUnpublish
The UDDIUnpublish tool removes, that is unpublishes, either a business entity or
a business service from a public or private UDDI registry. By default, the tool
unpublishes from the private WSDK registry.
Security
Because the application server is running with security on, default credentials
(user ID: admin, password: adminpwd) are flowed by the tool to the UDDI registry
when an unpublish operation is attempted. These credentials can be overridden
by the -username and -password arguments, which can be entered when
unpublishing either a service or a business:
Additional properties
With the -uddiprops argument of UDDIUnpublish, you can specify the location of
a Java properties file that contains additional input information.
Usage
First, start the application server by invoking this command:
<WSDK-install-dir>\bin\appserver start
The output from running this sample is shown below, where Bertrand is the value
of the <name> parameter passed with the command:
***************************************************
This is a J2SE client for Sample1.
It will make a call to the getGreeting method of
Sample1's service through a ServiceLocator.
***************************************************
Hello Bertrand!
Rebuilding sample 1
If you want to rebuild the samples, WSDK provides detailed step-by-step
instructions on how to do so. This section describes how to rebuild sample 1.
Compile the service provider source code (in this case a very simple Java
bean called Hello):
cd <WSDK-install-dir>\apps\Sample1\src\provider
<WSDK-install-dir>\appserver\java\bin\javac
-d <WSDK-install-dir>\apps\Sample1\classes\provider
com\ibm\wsdk\Sample1\Hello.java
Use the Bean2WebService tool to create a Web service from the compiled Java
bean. Run the following commands:
cd <WSDK-install-dir>\apps\Sample1
<WSDK-install-dir>\bin\Bean2WebService.bat -project Sample1WebService
-methods "getGreeting" -servicePortName Sample1 -style DOC
-sei .\src\provider\com\ibm\wsdk\Sample1\Sample1Interface.java
-deploy -cp .\classes\provider com.ibm.wsdk.Sample1.Hello
This first removes any old versions of the classes, and then creates a new
Sample1WebService project, rebuilds the archive, and finally deploys it to the
application server. Note that during this last stage you are prompted for
confirmation before overwriting the existing Sample1WebService application
javac itso\wsoj\*.java
set PATH=d:\WSDK_v5\bin;%PATH%;
call Bean2WebService.bat -verbose -cp e:\sg246891\sampcode\wsdk\bean
-deploy -use encoded -project ItsoWebServWsdk1
itso.wsoj.WeatherForecast
The tool displays this output with the -verbose option (abbreviated):
Creating new project: ItsoWebServWsdk1....
Removed all existing classes from directories under
E:\SG246891\sampcode\wsdk\bean\ItsoWebServWsdk1\WEB-INF\classes\
Generating the service endpoint interface...
Generating WSDL:
com.ibm.ws.webservices.axis.ext.wsdl.Java2WSDL
-output E:\SG246891\sampcode\wsdk\bean\ItsoWebServWsdk1\WEB-INF
\WeatherForecast_SEI.wsdl
-location http://localhost:6080/ItsoWebServWsdk1/services/WeatherForecast
-style RPC -use ENCODED -implClass itso.wsoj.WeatherForecast
itso.wsoj.WeatherForecast_SEI
Generating server side classes:
com.ibm.ws.webservices.axis.ext.wsdl.WSDL2Java
-output E:\SG246891\sampcode\wsdk\bean\ItsoWebServWsdk1
-META-INF-Only -server-side Bean E:\SG246891\sampcode\wsdk\bean
\ItsoWebServWsdk1\WEB-INF\WeatherForecast_SEI.wsdl
Configuring webservices.xml...
Added web module with context root: ItsoWebServWsdk1
Web Service archive
"E:\SG246891\sampcode\wsdk\bean\ItsoWebServWsdk1\ItsoWebServWsdk1.ear"
has been successfully generated.
Checking server for existing application...
Deploying Web Service....
Deploy command:
D:\WSDK_v5\appserver\..\bin\appserver.bat install
\"E:/SG246891/sampcode/wsdk/bean/ItsoWebServWsdk1/ItsoWebServWsdk1.ear\"
{-usedefaultbindings -nodeployejb -appname \"ItsoWebServWsdk1\" }
......
ADMA5013I: Application ItsoWebServWsdk1 installed successfully.
Web service application was successfully deployed to application server.
Generating client side classes:
com.ibm.ws.webservices.axis.ext.wsdl.WSDL2Java
-output E:\SG246891\sampcode\wsdk\bean\ItsoWebServWsdk1\client-side
E:\SG246891\sampcode\wsdk\bean\ItsoWebServWsdk1\WEB-INF
\WeatherForecast_SEI.wsdl
All done.
package itso.wsoj;
import java.text.SimpleDateFormat;
import java.util.Calendar;
Figure 15-4 Stand-alone client for weather forecast using service locator
Sample output
Today weather forecast...
Weather: Wed. Feb 19, 2003 'stormy' wind: SW 15km/h 31 Celsius
Weekly temperatures forecast for next week...
Day 1: 58 Celsius
Day 2: 49 Celsius
Day 3: 37 Celsius
......
Day 7: 11 Celsius
Weekly weather forecast for next week...
Weather: Wed. Feb 19, 2003 'cloudy' wind: SE 8km/h 36 Celsius
Weather: Thu. Feb 20, 2003 'cloudy' wind: W 28km/h -8 Celsius
Weather: Fri. Feb 21, 2003 'cloudy' wind: E 34km/h 12 Celsius
......
Weather: Tue. Feb 25, 2003 'rainy' wind: S 35km/h 15 Celsius
import javax.xml.namespace.QName;
import javax.xml.rpc.Service;
import javax.xml.rpc.ServiceFactory;
String wsdlURL =
"http://localhost:6080/ItsoWebServWsdk1/services/WeatherForecast?wsdl";
String namespace = "http://wsoj.itso";
String serviceName = "WeatherForecast_SEIService";
String portName = "WeatherForecast";
......
try {
ServiceFactory factory = ServiceFactory.newInstance();
Service myService = factory.createService(
new java.net.URL(wsdlURL),
new QName(namespace, serviceName) );
WeatherForecast_SEI port = (WeatherForecast_SEI)myService.getPort
( new QName(namespace, portName), WeatherForecast_SEI.class);
......
// rest identical to Client.java
Figure 15-5 Stand-alone client for weather forecast using service factory
Conclusion
This simple weather forecast example shows the power of the WebSphere SDK,
especially when compared to the WebSphere Web Services Technology Preview,
where a number of manual steps are involved to accomplish the same task.
More information
The WSDK Web site contains additional information, FAQ list, a forum and
downloads. Check it out at:
http://www.ibm.com/developerworks/webservices/wsdk/
After installing the product you can find more information about the WSDK in the
InfoCenter. Use the wsdkHelp command, located in the <WSDK-install-dir>/bin
directory, or click the WSDK Help icon from the program group.
In this chapter we discuss the content of the Web Services Toolkit. We describe
the prerequisites for the installation, the installation procedure, and the
configuration tasks. We also present an outlook of future additions to the
package.
Interoperability is one of the Web services’ key issues. IBM is actively working
with standards communities (such as the W3C) and open-source projects to
ensure Web services interoperability. Several technologies such as the UDDI for
Java API (UDDI4J), which was first developed and shipped as part of the WSTK,
have been open-sourced. WSTK functionality is based on open specifications
such as SOAP, WSDL, WS-Inspection, and UDDI, and runs on both Linux and
Windows operating systems. The SOAP engine is based on the open-source
Apache SOAP project and the WSDL object model uses the open-source Web
services description language for Java (WSDL4J) project.
WSTK prerequisites
WSTK does not represent a stand-alone Web services environment. The WSTK
prerequisites include installation of other packages or products, such as
WebSphere SDK for Web services, WebSphere Application Server 4.02 (AE or
AEs), or Jakarta Tomcat.
See Chapter 15, “WebSphere SDK for Web Services” on page 281 for detailed
information about the WSDK and the differences between WSDK and WSTK.
Jakarta Tomcat
Tomcat is a servlet engine developed as a part of the Apache Jakarta
open-source project. It is used in the official Reference Implementation for the
Java servlet and JavaServer Pages technologies. Latest release is Version
4.1.12 with Version 5.0.x in preparation. You can read more about Tomcat at:
http://jakarta.apache.org/tomcat/index.html
Once we select the server, we have to enter the related information, such as the
listening port and location.
In the Configure Services tab, we decide which services we want to run on the
specified server. The preconfigured services fall into one of the following three
groups: utilities, applications, and demonstrations.
Here we enter the server host name and the listening port. It is this address and
port the generated service client will try to contact.
Here we enter the address and port where the client is looking for WS-Inspection
services, a WSIL description of services.
When using the toolkit, there are times when we have to access servers that are
protected by a firewall. For example, some of the demonstration Web services
access servers behind the firewall, and the public UDDI registries may have to be
accessed through a firewall. To access servers through a firewall, your system
must be configured to use a SOCKS client, or a SOCKS or HTTP proxy must be
specified when running the Toolkit demonstrations. This configuration is entered
in the Configure Proxies tab.
In the Configure UDDI tab, we enter the information related to the public UDDI
we intend to use. To use a public UDDI registry such as the IBM UDDI V2
Business Test Registry, we must first register to use the site. After registration,
we are sent an activation key by e-mail.
We have to first manually log on using the provided user ID and password and
then use the activation key to activate the account prior to running the
demonstrations. Once registered, we start the wstkconfig tool to set the user ID
and password that will be used with the UDDI registry.
If the Web Services Toolkit was deployed on WebSphere Application Server 4.01
or 4.02, we have to use the WebSphere Application Server administrative
console to remove the WSTK:
Using the topology view on the server node where the Web Services Toolkit
was installed, there should be one or more Application Server engines that
were installed with the Web Services Toolkit.
The WebServicesServer and some demonstrations also install Application
Server engines such as the G2GServer.
Select these Application Server engines and click Stop. When the servers are
stopped, select them again and click Remove.
Finally we have to manually delete all of the files and directories in the wstk-3.2
directory, and then remove the wstk-3.2 directory.
Examples
We started to implement examples with the WSTK, but we realized that the
examples were basically the same examples implemented using the WebSphere
Web Services Technology Preview.
Current status
In August 2002, WSTK Version 3.2.2 was released. New features include:
Demonstrations for Web services coordination (WS-C), transaction (WS-Tx),
and business process execution language for Web services (BPEL4WS).
WS-C/WS-Tx defines an infrastructure for transaction flows between various
business components. Building on this, BPEL4WS simplifies the modeling of
business interactions through the definition of flows, which describe the
manner in which these interactions take place and the relationships among
the involved partners.
The WSTK uses Version 2 UDDI registries for all its demonstrations and makes
use of the UDDI4J 2.0 code. The WSTK no longer ships WebSphere Micro
Edition as part of its base installation package because the Micro Edition is now
available in the WebSphere SDK for Web Services package.
Outlook
Web services technology is evolving at a very fast pace and many people at IBM
are working on new technologies to enhance the Web services technology.
Although many aspects of Web services infrastructure are now solid and these
functions are provided in several products from IBM and other companies, there
are currently unresolved Web services standardization issues, such as security
(encryption, authorization, authentication), reliability, metering, accounting, and
systems management, which are getting more and more important now that Web
services are becoming more widely used.
There are various draft specifications available that are trying to solve these
problems. Security, reliability, metering, notification, accounting, and systems
management are some of the issues that the WSTK team plans to prototype in
future releases. Also, full compliance with WebSphere Application Server Version
5 has to be achieved.
Summary
The IBM Web Services ToolKit for dynamic e-business (WSTK) represents a
consolidated IBM offering in the field of Web services. Its aim is to help the
developers to start working with Web services. It provides technologies from
various IBM development and research labs together with a set of tutorials,
examples, and useful tools.
Many of the technologies that are present in WSTK will be incorporated into IBM
software packages in the future, when they reach the stability and maturity
required for the production environment.
More information
For information on IBM WSTK, check out the user and API documentation,
downloads, and the FAQ list:
http://www.alphaworks.ibm.com/tech/webservicestoolkit
JAX-RPC provides the core programming model and bindings for developing and
deploying Web services on the Java platform. JAX-RPC is a required part of the
J2EE 1.4 platform, but can also be developed and deployed on J2EE 1.3, as in
this technology preview.
Web services for J2EE provides the use of JAX-RPC in a J2EE environment
defining the runtime architecture, as well as the implementation and deployment
of Web services in a generic J2EE server.
We will use technology preview as the short name for the IBM WebSphere Web
Services for J2EE Technology Preview in this chapter.
See Chapter 15, “WebSphere SDK for Web Services” on page 281 for detailed
information about the WSDK and the differences between WSDK and the
technology preview.
JAX-RPC
Some of the fundamental features of the JAX-RPC are:
Defines a Java API that is XML-based, but maintains the extensible and
modular mechanisms to support future version of various XML specifications.
This API is designed for Web service and client development in which the use
of remote procedure calls (RPC) is presented. This remote procedure call is
represented by an XML-based protocol, as for example SOAP.
Defines the needed support for translating WSDL into Java mapping and vice
versa.
Defines APIs that are simple to use for Java developers, hiding the complexity
of the complex protocols. On the server side, developers specify the remote
procedures by defining methods in a Java interface. On the client side,
developers provide the service endpoint by specifying a URL and invoking the
methods on a local object that represent the remote object.
Supports interoperability across heterogeneous platforms and environments,
allowing interaction between client and server in a synchronous
request-response mode or in a one-way mode.
Technology preview
One of the most important advantages of using the technology preview is that the
applications created are fully portable to other J2EE platforms. Therefore, we do
not have to worry about the J2EE platform that we are using if the platform
conforms to the J2EE specifications. The standard J2EE deployment files for
Web services are:
Server side:
– webservices.xml—deployment descriptor
– ibm-webservices-bnd.xml—WebSphere-specific information
Client side:
– webserviceclient.xml—deployment descriptor
– ibm-webservicesclient-bnd.xml—WebSphere-specific information
The technology preview is based on Apache Axis as a runtime engine, but also
incorporates some modifications to enhance its engine. Among these
enhancements it includes specialized serializers/deserializers for complex
objects to obtain better performance. Axis is SAX-based, which makes it faster
than other implementations that are based on DOM parsers (such as SOAP 2.3).
However, we have to work with a command-line tool, which is harder than using a
graphical tool such as WebSphere Studio Application Developer.
Installation
The code is available through developerWorks:
http://www7b.software.ibm.com/wsdd/downloads/web_services.html
The installation process for this tool can be found in Appendix A, “Installation and
setup” on page 427. Once the tool is installed we are ready to implement Web
services.
Therefore, we have one implementation bottom-up, starting with Java code and
generating the corresponding WSDL file, and one implementation top-down,
starting with a WSDL file and generating the corresponding Java code.
Configuration
The first thing to do is to configure the environment. We set the PATH and
include some JAR files in the class path of our machine to complete this task.
The command scripts used with the technology preview are located in the bin
subdirectory of the WebSphere Application Server Version 5 home directory.
A batch file as shown in Figure 17-1 can be used to configure this environment.
The TPsetup.bat and TPSetupClient.bat files are provided in the sample code:
\sg246891\sampcode\techprev\TPsetup.bat
\sg246891\sampcode\techprev\TPsetupClient.bat
The TPsetup.bat file is used for Web service implementation compiles and the
TPSetupClient.bat file is used for Web service client compile and run.
@rem TP TechPreview
set TP=%WAS_INSTALL_ROOT%\lib\j2ee.jar
// these additions are only required for client compile and run
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\jaxrpc.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\xerces.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\axis.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\commons-logging-api.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\ws-commons-logging.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\commons-discovery.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\qname.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\wsdl4j.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\webservices.jar
set TP=%TP%;%WAS_INSTALL_ROOT%\lib\saaj.jar
set PATH=%WAS_INSTALL_ROOT%\bin;%WAS_INSTALL_ROOT%\java\bin;%PATH%;
The starting point is a WAR file that contains the Java code:
\sg246891\sampcode\techprev\bean\ItsoWebServTechPrevWebStarter.war
We use the WebSphere Application Assembly Tool (AAT) to edit the WAR file.
SEI class
Package WAR in
7 EAR
Javabean added
as part of web.xml
Add SEI, WSDL,
J2EE WAR file 6 WS-DD to WAR
J2EE WAR file
JavaBean JavaBean
<web-app id="WebApp">
<display-name>ItsoWebServTechPrevWeb</display-name>
<servlet id="Servlet_1042069331785">
<servlet-name>WeatherForecastServlet</servlet-name>
<servlet-class>itso.wsoj.WeatherForecast</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
</web-app>
The WeatherForecast class methods that we want to turn into Web services are:
public itso.wsoj.Weather getDayForecast(java.util.Calendar theDate)
public itso.wsoj.Weather[] getWeekForecast(java.util.Calendar startDate)
public int[] getWeekTemperatures(java.util.Calendar startDate)
package itso.wsoj;
Tip: We provide skeleton .bat files in the techprev\xxxx directories for each
step that requires commands to be executed. Tailor the files with your drive
letter to make them work.
Here is the sequence of commands to perform this step (you can find the
commands in the Runjava2wsdl.bat file in the bean directory, but you must
tailor it before running):
e:
cd \sg246891\sampcode\techprev\bean
javac itso\wsoj\*.java
e:\sg246891\sampcode\techprev\TPsetup.bat
set classpath=e:\sg246891\sampcode\techprev\bean;%CLASSPATH%
java2wsdl.bat itso.wsoj.WeatherForecast_SEI
You will receive this message:
WSWS3006W: Warning: The -location was not set, the value
"file:undefined_location" is used instead.
This is because we do not specify the location point, the URL where our Web
service is available. This is automatically modified later when we install the
application in WebSphere Application Server Version 5.
A WSDL file with the name WeatherForecast_SEI.wsdl is generated in the
directory \sg246891\sampcode\techprev\bean.
Edit the WSDL to replace names such as in0 or out0 to the real Java name
values. This step can be avoided if we run the command Java2WSDL
-implClass itso.wsoj.WeatherForecast. The bean has to be compiled with
the debugger information on, in order to know the Java names. The
implementation class must contain methods having the same signatures as
those in the SEI (we created the SEI with the same signatures).
Note: Because the SEI is derived from the implementation class, the
implementation class is not required to list the SEI interface in the implements
clause of its class definition.
Figure 17-6 shows how to make these changes in our example.
The output files are the Web service deployment descriptors. Refer to
“Technology preview” on page 319 for further explanations about these files.
To generate the WAR file, use the tool that is most convenient for it, for example:
WebSphere Application Assembly Tool
Application Developer
JAR command (jar.exe) from <WAS-ROOT>\java\bin
The steps to create an EAR file with the Application Assembly Tool are:
1. Start the tool.
2. Open a new enterprise application.
3. Set the name to ItsoWebServTechPrev1.ear (click Apply).
4. Select Web Modules -> Import.
5. Locate the ItsoWebServTechPrevWeb.war file.
6. Set the context root to ItsoWebServTechPrevWeb.
7. Save the application as ItsoWebServTechPrev1.ear.
8. Close the tool (Figure 17-8).
SEI class
in EAR
WSDL
SEI class
EJB Jar
4 EJB
WS DD
WSDL CONFIGURED
SEI class WebServices DD
IBM binding
3
1
*SEI Stateless
Implement Web
WSDL WSDL2Java *Web service implementation service from template
Session
EJB template EJB
*WS DD + Binding
Options "-server-side EJB" 2
Figure 17-10 Process to create an EJB Web service from a WSDL (top-down)
We are going to follow these steps in order to create our EJB Web service from
the WSDL generated previously.
In Figure 17-11, we see the original binding implementation and in Figure 17-12,
the modifications that we did to the methods to support our weather forecast
sample.
package itso.wsoj;
You can safely delete the two client deployment descriptors. They are not
required inside the EJB JAR file:
webservicesclient.xml
ibm-webservicesclient-bnd.xml
e:
cd \sg246891\sampcode\techprev\ejb
javac itso\wsoj\*.java
The steps to create an EAR file with the Application Assembly Tool are:
1. Start the tool.
2. Open a new enterprise application.
3. Set the name to ItsoWebServTechPrev2.ear (click Apply).
4. Select EJB Modules -> Import.
5. Locate the ItsoWebServTechEJB.jar file.
6. Save the application as ItsoWebServTechPrev2.ear.
7. Close the tool.
We create one WAR file for each Web services-enabled EJB JAR. This WAR file
contains the Web services router servlet, which is responsible for receiving the
Web services request, making all the intermediate treatments of the information,
and returning the response.
The endptEnabler command can run in prompt mode or you can provide all the
parameters to the command. The three parameters are the EAR file, the name of
the generated Web model, and the context root of the Web module.
endptEnabler.bat e:\sg246891\sampcode\techprev\ejb\ItsoWebServTechPrev2.ear
ItsoWebServTechPrevWeb2.war /ItsoWebServTechPrevWeb2
A sample output is shown here:
IBM WebSphere Application Server Release 5
Web Services Enterprise Archive Enabler Tool.
Copyright IBM Corp., 1997-2002
Note: The endptEnabler command cannot be run on the same EAR file more
than once.
WSDL
SEI class
J2EE WAR
4 JavaBean
WS DD
WSDL CONFIGURED
SEI class WebServices DD
IBM binding
3
1
*SEI
Implement Web
WSDL WSDL2Java *Web service implementation service from template JavaBean
Java Bean template
*WS DD + Binding
Options "-server-side Bean" 2
Figure 17-14 Process to create a JavaBean Web service from a WSDL (top-down)
d:\WebSphere\AppServer\bin\wsadmin
$AdminApp installInteractive
e:/sg246891/sampcode/techprev/bean/ItsoWebServTechPrev1.ear
"-usedefaultbindings"
$AdminApp installInteractive
e:/sg246891/sampcode/techprev/ejb/ItsoWebServTechPrev2.ear
"-usedefaultbindings -deployejb"
$AdminConfig save
During execution of this command, you are prompted for input at each step, but
you can just press Enter to accept the default.
The only prompt where you may want to change the default is when asked about
a directory for a modified WSDL file that includes the endpoint address. The
default is no output; only if you enter a directory name—which must exist— is the
WSDL file published.
Example 17-1 shows the prompt window for the installation of the EJB example.
Task[15]: Selecting Method Protections for Unprotected Methods for 1.x EJB ...
EJB Module: ItsoWebServTechPrevEJB
URI: ItsoWebServTechPrevEJB.jar,META-INF/ejb-jar.xml
Deny All Access: []:
Task[21]: Get the protocol, host, and port for the Web Services server
Get the protocol, host, and port for the Web Services server
Module: ItsoWebServTechPrevEJB
URI: ItsoWebServTechPrevEJB.jar,META-INF/ejb-jar.xml
Protocol (http or https): [http]:
host name: [FUNDY]:
port : [9080]:
Retrieving document at 'file:C:\DOCUME~1\FUNDY\LOCALS~1\Temp\
DeployUtilsTmpDir1042912697562/META-INF/WeatherForecast_EJB.wsdl'.
ADMA5016I: Installation of ItsoWebServtechPrev2.ear started.
ADMA5018I: Starting EJBDeploy on ear C:\Documents and Settings\FUNDY\
Local Settings\Temp\app2649.ear..
Starting workbench.
Creating the project.
Building: /ItsoWebServTechPrevEJB.
Deploying jar ItsoWebServTechPrevEJB
Generating deployment code
Building: /ItsoWebServTechPrevEJB.
Invoking RMIC.
Writing output file
Shutting down workbench.
EJBDeploy complete.
0 Errors, 0 Warnings, 0 Informational Messages
ADMA5007I: EJBDeploy completed on C:\DOCUME~1\FUNDY\LOCALS~1\Temp\
app_f2d270e069\dpl\dpl_ItsoWebServtechPrev2_ear.ear
ADMA5005I: Application ItsoWebServtechPrev2.ear configured in WebSphere
repository
ADMA5001I: Application binaries saved in
D:\WebSphere\AppServer\wstemp\Scriptf2cd8d08ac\workspace\cells\FUNDY\
applications\ItsoWebServtechPrev2.ear.ear\ItsoWebServtechPrev2.ear.ear
ADMA5011I: Cleanup of temp dir for app ItsoWebServtechPrev2.ear done.
ADMA5013I: Application ItsoWebServtechPrev2.ear installed successfully.
The other installation steps are the same as without the technology preview.
The client programming model follows the Web services for J2EE specification.
In this model, there is a remote interface or stub that is used by the client to
interact with the Web service. Therefore, the client cannot distinguish whether
the methods are being performed locally or remotely. It only accesses using a
service endpoint interface as defined by the JAX-RPC specification. When the
client runs inside a J2EE application, the service is located using a JNDI lookup.
There are four places where a Java Web services client can reside:
As an unmanaged stand-alone Java (J2SE) application.
In an application client container (J2EE).
A JavaBean or servlet running in a J2EE Web container acting as a client.
An EJB or JavaBean running in a J2EE EJB container acting as a client.
Except for minor differences, all of them use similar techniques in their
development.
Stand-alone client
We provide a stand-alone client example that can run with both Web services
developed in this chapter: the bean Web service created in “Web service from
JavaBean (bottom-up)” on page 321 and the EJB Web service created in “Web
service from EJB (top-down)” on page 331.
Note: We develop the client using the WSDL file of the EJB example.
However, because the interface of both Web service examples is the same,
we can use the generated client to access either of the two deployed Web
services by using the appropriate WSDL file as input at runtime.
Figure 17-16 provides a summary of the steps necessary to create the client.
WebSphere 5
2
Java client SOAP request and
respose Web Service Enabled
J2EE EAR
Client
supporting
classes
3
Web services
WSDL support
1
WS Client DD
WSDL2Java WS Client IBM Binding DD
WSDL
Java code for Client SEI,
ServiceLocator, etc
To create the skeleton code we use the WSDL2Java command (you can use the
RunWsdl2java.bat file). As input we use the WSDL file from the EJB example:
e:\sg246891\sampcode\techprev\TPsetupClient.bat
....
public class Client {
public static void main(String[] args) {
....
try {
....
Vector endPoint =
getWSDLPort(args[0],"WeatherForecast_SEIService");
//get the first address connection
URL serviceEndPoint = new URL((String)endPoint.get(0));
System.out.println("Endpoint "+serviceEndPoint.toString());
//create the stub to connect to the Web service
service = new WeatherForecast_SEIServiceLocator();
soap = service.getWeatherForecast_SEI(serviceEndPoint);
//gets the weekly weather forecast
week = soap.getWeekForecast(Calendar.getInstance());
....
//gets today weather forecast
today = soap.getDayForecast(Calendar.getInstance());
....
//gets weekly temperatures
temp = soap.getWeekTemperatures(Calendar.getInstance());
....
}
....
To run the client use these commands (use the command files RunClientWeb.bat
and RunClientEJB.bat):
e:\sg246891\sampcode\techprev\TPsetup.bat
e:
cd \sg246891\sampcode\techprev\client
java itso.wsoj.Client
e:\sg246891\sampcode\techprev\client\WeatherForecast_SEI.wsdl
java itso.wsoj.Client
e:\sg246891\sampcode\techprev\client\WeatherForecast_EJB.wsdl
Using these methods the client code can be simplified as shown in Figure 17-18.
...............
}
catch (Exception e) {
e.printStackTrace();
}
}
Outlook
In the future releases of the Web Services Technology Preview, more features
will be added, including the update of the protocols related to Web services.
Some of these upgrade features are:
Technology preview incorporated into WebSphere Application Server
Update to latest specifications:
– SOAP 1.2
– WSDL 1.2
– WS-Security, WS-Transactions, WS-Coordination, WS-*
– Web services metadata for the Java platform (JSR 181)
Additional transport/protocol support
Tighter integration with WebSphere Application Server, for example
Application Assembly Tool (AAT) and enhanced systems management
Performance enhancements
Protocol/transport autonomy
Registry publication (UDDI, WSIL, etc.)
Load management of Web services
Simplified deployment model
Additional caching support
We have discovered and used the command tools provided to assist us in the
generation process of these applications. These command tools reduce the time
required to create the clients and Web services applications.
More information
After installing the code you can find more information about the Web Services
Technology Preview in the online documentation at:
<was_install_root>\TechPreview\WebServices\docs\index.html
The scenario extends the weather forecast example presented in Chapter 12,
“Weather forecast application” on page 187. This example contains a Web
service to be created from a JavaBean. Now we extend this by introducing
several providers for that service and a requestor that integrates the services into
a local application. Furthermore, security features are applied.
Scenario situation
In this chapter we extend the weather forecast scenario. In previous chapters we
discussed different paths to build Web services. We have shown how to build the
service bottom-up and top-down, and how to create a static client. For this
scenario we take the existing Web service and discuss the challenges in creating
a client. (We do not cover the creation of the service.)
1
These names are invented and do not relate to existing companies or persons.
At the time of writing this book, neither was an existing Web site.
Requirements
In a real project environment, the customer defines the requirements, possibly
together with a technical consultant. Because this is only a sample application,
we have invented our requirements.
Functional requirements
To run the envisaged business, UnitedSuns and the providers must be able to
perform a number of processes. Not all of them are run totally automated. The
providers must be able to retrieve IWA’s service interface and publish their own
services to the registry. UnitedSuns must be able to perform the following
functionality:
Access the UDDI registry to find suitable providers and retrieve their service
description (manual and automated).
Access providers and read their WSIL to decide on their suitability and to find
their service (manual and automated).
Figure 18-1 provides an abstract overview of the interaction between the actors.
For the sake of readability, we have drawn arrows only from the SiliconWeather
provider. Of course, FlashAndThunder is treated in the same way.
IWA
Silicon FlashAnd
publish reference Weather Thunder
retrieve
to defined standard reference
publish
service
UDDI
invoke service
find services
United
Suns
Non-functional requirements
In a typical e-business application, non-functional requirements are often very
important. They include such issues as availability, security, performance,
maintainability, and portability. In our proof-of-concept scenario, most of these
issues will not be addressed. We focus only on security, where we identify the
following requirements:
Authentication and authorization for accessing a service
Secure transmission of requests and responses
These phases refer to the four phase model described in Chapter 11, “Web
services development overview” on page 175. For our example, we do not focus
on the management phase presented in that chapter.
In our scenario, the application retrieves the WSIL and WSDL documents at
runtime, although these documents have already been retrieved at build time.
This makes sense in situations in which the Web service bindings change quite
often. Otherwise, a static invocation only during build time is acceptable.
For a lookup in the UDDI registry, the requestor has to provide a description of
the requested service. As a result, the requestor gets m businesses that provide
n services (m and n do not necessarily have to be equal).
For a lookup using WSIL, the requestor must have the URL of a given service
provider. As a result, the requestor gets k services from this single business. The
lookup with WSIL is a less dynamic approach, because the provider can be
defined already during build time. This approach make sense in cases where the
provider is fixed and offers several implementations of the same service, or the
binding of the service changes frequently.
Setup phase
For the restricted scope of this chapter, in this phase actions are performed that
can be seen as preparation steps. In particular, the actions shown in Figure 18-2
are performed.
retrieve tModelKey
deploy
Web service
publish service
The IWA decides on a standard interface for weather forecast services and
describes it as an interface WSDL. This WSDL document cannot contain a
service part, because that part refers to a concrete implementation of the
service (which does not exist yet).
If Application Developer is used to generate this WSDL document, the
generated WeatherForecastBinding.wsdl and WeatherForecast.wsdl files
have to be provided. (The WeatherForecastService.wsdl file describes the
concrete implementation, which is not available yet.)
The IWA publishes a business entity describing the IWA as an entry point for
searches in the UDDI registry. The IWA also publishes a tModel. This tModel
contains a tModelKey, which is a logical link to the actual WSDL document
that describes the interface. Only the tModel is published to the UDDI. The
WSDL document resides on IWA’s server and is not published to the UDDI.
This publishing processes is done manually.
For both SiliconWeather and FlashAndThunder providers, a clerk enters the
UDDI registry with a regular Web browser and retrieves the tModelKey.
Figure 18-3 shows the entities and their relationship created during the setup
phase.
SW F&T
WSIL
Business Business
Service Service
Interface
WSDL
Binding Binding FlashAnd
Template Template Thunder
flash
tModel Service
WSDL
thunder
Service
link WSDL
WSDL URL
access point
WSIL
Figure 18-3 Relationship of entities provided by IWA and the two providers
Sample 1:
Lookup
over UDDI retrieve IWA tModel
retrieve WSIL
Sample 2:
Lookup
retrieve WSDL
over WSIL
Figure 18-4 Retrieving the WSDL implementation file in the build phase
For the lookup with UDDI option, we do not contact any provider. We
manually access the UDDI to find the business entry of IWA for contact
information. Also we find the tModel (for service lookups during runtime).
There might be a link to the corresponding WSDL document specified in a
field called Overview URL. If there is no WSDL referenced, we have to
manually find the WSDL document. In our case the IWA provides the WSDL
on their Web site.
For the lookup with WSIL option, we directly access the providers’ Web
server and download the WSIL files, which are by definition located at:
http://siliconweather.com/inspection.wsil
http://flashandthunder.com/inspection.wsil
The WSIL files specify the locations of the WSDL files, which in our case are
located on the Web servers of the providers. We manually browse to the
WSDL documents and retrieve them.
As described in Chapter 13, “WebSphere Studio Application Developer” on
page 197, we generate the client proxy.
2
It is good practice to run the lookup step only during the initialization of the application. In our
proof-of-concept implementation, however, it is performed for each request.
Sample 1:
Lookup
over UDDI extract service
access point
invoke service
retrieve WSIL
Sample 2:
parse WSIL
Lookup
over WSIL retrieve WSDL
parse WSDL
invoke service
After an Internet user has entered UnitedSuns (unitedsuns.com) and initiated the
integrated weather forecast, the client performs the following steps:
Using the gained endpoint information, the client applies the proxy’s
setEndPoint(URL) method for each of the WSDL documents.
The client uses the proxy’s getDayForecast, getWeekForecast, and
getWeekTemperatures methods to build its own content.
The markup is returned to the browser.
In the next two section we provide more details on the implementation of sample
1 and sample 2.
Application flow
The general flow in the application is that a JSP displays an HTML form asking
for some parameter. When this form is submitted, a servlet is called to process
the request and forward to a response JSP that presents the reply (Figure 18-6).
Start JSP
enter information
preferences.jsp Servlet
lookup.jsp
process
client1.jsp information
Menu JSP client2.jsp access
choose sample UDDI and
or preferences Web
services
menu.jsp
SavePreferencesServlet
Response JSP LookupServlet
display results StartClient1Servlet
StartClient2Servlet
preferences.jsp
lookupResponse.jsp
Home page client1Response.jsp
present menu client2Response.jsp
index.html
Included page
reusable results
weatherObjects.jsp
UDDIremark.html
Frames
When starting the application, a frame set displays a menu bar in the frame
called menu (at the top) and a welcome page in the frame called main, which is the
content area. Using the menu, the user can choose between the different
samples and the preferences window. The welcome window is shown in
Figure 18-7.
Abstract servlet
The itso.wsdc.AbstractServlet is the base class for all servlets and provides
features that are required in all subclasses.
The invokeAll method (Figure 18-9) retrieves a vector with many access URLs
that have to be invoked. For each access URL it calls the invokeService method.
The resulting Weather object is added to a vector. Exceptions are caught and
added to the vector instead of the Weather object.
Secure proxy
We create a WeatherForecastSSLSecureProxy class to support the user
authentication and the use of an HTTP secure connection, HTTPS. This class
extends from the proxy class (WeatherForecastProxy) generated by Application
Developer.
The proxy class has been slightly modified to allow the secure proxy the required
access to the Call object, so that attributes can be set to invoke the Web service.
The Call object is changed from private to protected.
The secure proxy mainly adds two important methods, one to authenticate the
user, and one to set the secure connection environment. The methods are:
GetSOAPConnection—this method uses a SOAPHTTPConnection object (from
org.apache.soap.transport.http) to set the user identification and password
to connect to the service (Figure 18-10).
Notes:
If you create your own self-signed certificate for the SiliconWeather HTTP
server, you have to include the server as a trusted authority in the
was_install_root/etc/DummyClientTrustFile.jks file for the server
where the SiliconWeather application is running.
On the other hand, if you use a certificate from a trusted authority you do
not have to make any changes. More information on managing security
and certificates can be found in the redbook IBM WebSphere V5.0
Security: WebSphere Handbook Series, SG24-6573.
This is done in a simple table with two columns, where the first column is the
access URL that was used, and the second column shows a string
representation of the resulting Weather object, as illustrated in Figure 18-12.
In our sample application this code is not in a specific response JSP, but in a
separate JSP fragment called weatherObjects.jsp, which is included by the
response JSPs of sample 1 and 2. The objects in the result vector can either be
Weather objects after a successful invocation, or strings with an exception
message text that was caught when trying to invoke the service.
Preferences
The preferences hold all settings that are used during runtime. The settings can
be changed by the user in an online window. These settings are:
UDDI registry—specifying which registry to be used for all UDDI interactions.
You can choose one of the list, and you can also specify the inquire URL of
another registry if it is not listed. Note that for the sample in the redbook, all
UDDI interactions were done with the IBM test registry.
Security—specifying if security features on client side will be used. This
affects the way the client connects to the Web Services. In our scenario one
server secures its Web service using HTTPS and authentication; therefore a
user ID and password have to be provided to access the implementer’s site.
The Preferences instances are stored in the HTTP session. Whenever a servlet
is called, it checks if there is a preferences object in the HTTP session. If not, a
preferences object is created with default values. Whenever a user changes
some preferences, they are stored again in the HTTP session, but not persisted
permanently.
Preferences JSP
There is a JSP called preferences.jsp. This page displays the current options
and also allows you to change them. It takes the preferences out of the HTTP
session for display. It holds an HTML form that submits all fields to the
SavePreferencesServlet. Figure 18-14 shows the JSP.
However, the tool shows the usage of UDDI4J in a dynamic client. The UDDI
registry location can be specified in the preferences page (as described above).
After retrieving the URL parameters and getting the UDDI proxy, the servlet calls
several finder methods to perform the search. Each finder method takes some
search criteria and returns a list of result objects. These methods are described
in Chapter 4, “Introduction to UDDI” on page 61.
Look up businesses
To look up a business entity, the find_business method of the UDDI4J API is
used. Figure 18-16 shows the code of the lookUpBusiness method in the
LookupServlet, which shows how to:
Extract the parameters
Access the UDDI proxy object
Call the find_business method
Retrieve the vector with business information (getBusinessInfoVector)
Pass the vector together with the message to the JSP by placing the two
objects into the request block (setAttribute)
Note that there are many null parameters in the find_business call. This is
because we only have the name as search criteria for the lookup. In the other
parameters we could provide further search criteria such as categorizations,
referenced tModels, and so forth. We could also specify special find qualifiers
specifying if the search string must fit exactly, or if the case within the name
should be ignored.
Lookup tModels
When searching for a tModel entity, the find_tmodel method is used.
Figure 18-18 shows an extract of the code of the lookUpTModel method in the
LookupServlet, which shows how to:
Extract the parameters
Access the UDDI proxy object
Call the find_tmodel method
Retrieve the vector with tModel information (gettModelInfoVector)
Pass the vector together with the message to the JSP
Lookup bindings
A binding can only exist for the combination of a service and one or more
tModels. The most interesting attribute that a binding provides is the access point
information. This is the URL where a service can be invoked.
When searching for a binding, the find_binding method is used. Figure 18-19
shows an extract of the code of the lookUpBinding method in the LookupServlet,
which shows how to:
Extract the parameters
Access the UDDI proxy object
Call the find_binding method
Retrieve the vector with binding information (getBindingTemplateVector)
Pass the vector together with the message to the JSP
Response JSP
After the servlet has made all lookups, it presents the results using the
lookupResponse.jsp. This result page is used in several cases; either it has
found some entries, or nothing was found, or it even encountered an exception
because the UDDI was not accessible.
The JSP is called and it retrieves the two objects that were added by the servlet.
For each lookup, there is a vector and a message.
The JSP iterates through the vector returned by the servlet and shows
businesses and services. Both are shown with names and keys (UUIDs).
Figure 18-21 shows a code snippet of the JSP.
<%
for (int i=0; i<resultBusiness.size(); i++) {
BusinessInfo bi = (BusinessInfo) resultBusiness.elementAt(i);
%>
<TR class="business">
<TD colspan="2"><%= bi.getNameString() %></TD>
<TD nowrap><%= bi.getBusinessKey() %></TD>
<%
Vector serviceInfos = bi.getServiceInfos().getServiceInfoVector();
for (int j=0; j<serviceInfos.size(); j++) {
ServiceInfo si = (ServiceInfo) serviceInfos.elementAt(j);
%>
</TR><TR class="service">
<TD align="right">--Service--></TD>
<TD><%= si.getNameString() %></TD>
<TD nowrap><%= si.getServiceKey() %></TD>
<% } %>
</TR>
<% } %>
The JSP code that is used to display the services and tModels is shown in
Figure 18-23.
<%
for (int j = 0; j < resultService.size(); j++) {
ServiceInfo serviceInfo = (ServiceInfo) resultService.elementAt(j);
%>
<TR class="service">
<TD nowrap><%= serviceInfo.getNameString()%></TD>
<TD nowrap><%= serviceInfo.getServiceKey()%></TD>
<TD nowrap><%= serviceInfo.getBusinessKey()%></TD>
</TR>
<% } %>
(...)
<%
for (int i=0; i<resultTModel.size(); i++) {
TModelInfo ti = (TModelInfo) resultTModel.elementAt(i);
%>
<TR class="tmodel">
<TD nowrap><%= ti.getNameString() %></TD>
<TD nowrap><%= ti.getTModelKey() %></TD>
</TR>
<% } %>
Figure 18-23 JSP code that extracts and displays services and tModels
Figure 18-24 Displaying the bindings for a given service and tModel
The JSP code that iterates through the binding vector to display the result is
shown in Figure 18-25.
<%
for (int i=0; i<resultBinding.size(); i++) {
BindingTemplate bt = (BindingTemplate) resultBinding.elementAt(i);
%>
<TR class="binding">
<TD><%= bt.getDefaultDescriptionString() %></TD>
<TD><%= bt.getBindingKey() %></TD>
<TD><%= bt.getAccessPoint().getURLType() %></TD>
<TD><%= bt.getAccessPoint().getText() %></TD>
<TD><%= bt.getServiceKey() %></TD>
<TD><%= bt.getHostingRedirector() %></TD>
</TR>
<% } %>
The last two fields on the start page require a valid service and tModelKey. You
can retrieve valid keys by first looking up services and tModels by name and
using the keys you found for further requests.
This client application already knows the interface WSDL and has a proxy object,
which was created in the build phase. At runtime the client looks up the access
point such a service is invoked.
Start JSP
The client1.jsp is the entry point for this sample (Figure 18-26). It asks for the
key (UUID) of a tModel. There is already a default for the key. This is the key of
the ITSO Weather Forecast tModel, which was published in the IBM test registry
for this sample.
Servlet
The servlet (StartClient1Servlet) retrieves the tModelKey from the form and
ensures that it starts with a UUID: prefix. It then does the lookup for bindings, and
calls each of them.
Figure 18-29 Search for bindings and extract URLs from the result
Invoke services
The last action within the performTask method before forwarding to the response
JSP is to invoke the service. This is done using the invokeAll method of the
base class. This method was shown in Figure 18-9 on page 368.
Response JSP
The client1response.jsp presents the results, which are in two parts:
A list of businesses and services where bindings were found
The results of the invocation
The bottom part shows the invocation of the services, which is identical to
Figure 18-12 on page 371.
Figure 18-30 Presenting the businesses, services, and bindings for the tModelKey
Figure 18-31 JSP code for displaying the businesses, services and bindings
The businesses and services are stored in a vector with BusinessInfo objects.
These objects contain a collection of the services. The bindings, however, are
not contained in these UDDI4J objects. They are stored in a separate vector after
lookup. A helper method, Util.extractBindingTemplateWithServiceKey, fetches
all bindings with a certain service key and puts them in a separate vector. This is
useful to easily display the bindings right after their corresponding service.
public static Vector extractBindingTemplatesWithServiceKey
(Vector allBindingTemplates, String serviceKey) {
Vector result = new Vector();
The second part of the response JSP shows the results of the actual invocation.
This is not part of this JSP, but implemented in a separate JSP fragment that is
included by the response JSP. This part was described in “Invocation result JSP”
on page 371.
In this client, we provide an example of how we can use these APIs to retrieve
the WSDL locations presented in a WSIL document and use those locations to
also retrieve the different service endpoints presented in each of them.
Start JSP
The client2.jsp is the entry point for this sample. It asks for the URL location of
an inspection language document and also for a service name to look up in the
WSIL document provided. The URL location is required and the service name is
optional. There is already a default value for the URL location. This is the value of
the WSIL document of the FlashAndThunder server.
The start JSP is shown in Figure 18-32. The JSP simply contains some
information text and an HTML form with one text field and a Submit button. When
this button is clicked, the StartClient2Servlet ist called.
Servlet
The class responsible for these operations is the StartClient2Servlet. The
central method is the performTask method:
Call the WSDL lookup—get the URL locations of the WSDL document
presented in the WSIL document
Call the service endpoint lookup—using the URL locations of the WSDL
document, get the access points
Call invokeAll—using the access points, retrieve the results of all services
Response JSP
The client2Response.jsp presents the results, which are in fact two parts:
A list of WSIL service names with the URL location of their WSDL documents
and the access points presented in each WSDL document
The results of the invocation
Figure 18-36 Presenting the service names, WSDL locations and access points
The second part of the response JSP shows the results of the actual invocation.
This is not part of this JSP, but implemented in a separate JSP fragment that is
included in this response JSP. This part was described in “Invocation result JSP”
on page 371.
In Figure 18-37 we can see the difference between the two results.
Figure 18-37 Weather result without and with the service name
Server project
To configure a server for testing, we require a server project. If you followed
Chapter 13, “WebSphere Studio Application Developer” on page 197, then you
already have a server project named Servers. If not, define a server project
named Servers:
Select File -> New -> Project -> Server -> Server Project.
Enter Servers as the name and click Finish.
By default, the internal HTTP server listens to port 9080 only. We have to
configure the default port 80 as well:
Select the ItsoWebServServer and open the server configuration
(double-click).
On the Ports page, under Server Settings, click Add and define a new port
with an empty hostname and 80 as port. Deselect Enable SSL and deselect
External.
Save and close the configuration.
Preferences
Select Preferences and set the Username field to an empty string. Click Save
preferences.
Sample 2
Click Start Sample 2.
For the URL location enter:
http://www.flashandthunder.com/ItsoFlashWeb/inspection.wsil
http://www.siliconweather.com/ItsoWebServADWEB/inspection.wsil
Click Start lookup & invocation and you should see the results of the Web
services.
See “Installing the scenario application” on page 410 for detailed instructions.
It is not the intention of this chapter to cover the application server details beyond
the scope necessary to understand Web service deployment. However, we
provide links to additional resources. In addition, the product overview is
provided in Chapter 10, “IBM WebSphere product family” on page 159 and the
product installation is covered in Appendix A, “Installation and setup” on
page 427.
Administration basics
In WebSphere 3.5 and WebSphere 4.0 Advanced Edition, the configuration was
saved in a relational database. The Admin Server had to be installed and started
on all the nodes in the domain to start and stop an application. In WebSphere
V3.0, V3.5 and V4.0 Advanced Edition, the administrative console was a thick
Java client. In addition, command-line tools such as XMLConfig and WSCP were
available to automate the administration tasks.
The administrative console Web application enables you to edit the configuration.
The WSADMIN scripting facility can be used in interactive or batch mode to
perform administrative console operations. The XMLConfig tool and the WSCP
scripting tool are not available in Version 5.
Managed application
Process server
XML
config
application
node
server
agent XML
Cell config
application
deployment server
manager XML
config
application
node server
Managed agent XML
config
Process
Each process keeps all the data necessary to start itself. The configuration data
is in XML files, and the application data in EARs. In the Network Deployment
environment, you can attach an administrative client to any managed process to
make changes to the configuration. The deployment manager contains the
master repository of XML files. Individual nodes and servers synchronize the files
with the master configuration data and all the changes applied to them directly
are lost after synchronization. It is best to change configuration data only through
the deployment manager.
In the following sections we cover the main functions of the Web administrative
console.
Administrative console
The WebSphere administrative console is a graphical, Web-based tool designed
to manage the WebSphere Application Server administrative server. The
administrative console builds upon the Admin Web application architecture and
functions that were introduced in WebSphere Version 4.0 AEs.
Taskbar
The taskbar helps a user to return to the console home page, to access product
information, to save changes made to administrative configurations, and to log
out of the console.
Workspace
The console workspace is the main area to make changes to the configuration. It
provides links to pages with instructions for installing application, updating
applications, and creating application servers. The console also provides a
Summary panel
On the Summary panel we verify the cell, node, and server where the application
modules will be installed. Then we start the deployment by clicking Finish.
The status is remembered over stop and restart of the server. A call to a stopped
Web service results in an error that is sent back to the client.
For example, you have to use this tool when you create a Web service with
WebSphere Studio Version 4.0. Typically, with WebSphere Studio Version 4.0,
you export the Web application in a WAR file. Then you assemble the WAR file
into an EAR file using the Application Assembly Tool. Then you run the
soapearenabler tool, which adds a Web module containing the SOAP router
servlets to the EAR file. If desired, the tool can add the SOAP admin Web
application as well.
Figure 19-3 shows the list of Web services in the GUI tool.
For a test environment, we run the Web service client and servers on one
machine, although logically we have three servers:
www.siliconweather.com and www.flashandthunder.com, where the Web
services run
www.unitedsuns.com, where the dynamic client runs
After configuring SSL and the virtual hosts, the httpd.conf file should have a
number of lines attached:
LoadModule ibm_ssl_module modules/IBMModuleSSL128.dll
Listen 443
FileETag none
<VirtualHost your.server.name:443>
ServerName www.siliconweather.com
ServerPath d:/ibmhttpserver/htdocs
SSLEnable
</VirtualHost>
<VirtualHost your.server.name>
ServerName www.unitedsuns.com
ServerPath d:/ibmhttpserver/htdocs
</VirtualHost>
<VirtualHost your.server.name>
ServerName www.flashandthunder.com
ServerPath d:/ibmhttpserver/htdocs
</VirtualHost>
<VirtualHost your.server.name>
ServerName www.siliconweather.com
ServerPath d:/ibmhttpserver/htdocs
</VirtualHost>
SSLDisable
SSLClientAuth none
Keyfile d:/ibmhttpserver/conf/keys/webservKeyring.kdb
SSLV2Timeout 100
SSLV3Timeout 1000
If SSL does not work for www.siliconweather.com you can always use the
Preferences page and set the user ID to empty (see “Preferences” on page 397).
The call is then made without SSL.
For sample 2, you have to add the Web context root to look for the
inspection.wsil files, because we cannot easily install multiple files with the
same name in the HTTP server root.
http://www.flashandthunder.com/ItsoFlashWeb/inspection.wsil
http://www.siliconweather.com/ItsoWebServADWEB/inspection.wsil
Note that the user ID and password of the preferences are not checked.
The client code is based on the proxy class generated by Application Developer.
We therefore only show an extract of the code that illustrates one of the services
and the main method calling the services (Figure 19-4).
Figure 19-4 Stand-alone Java SOAP client accessing the weather forecast service
Publishing information
To add a business use the Publish tab (left side), enter a business name in the
Quick Publish field, and click Publish now (Figure 19-6).
Note that the business radio button is selected. This operation will publish a
business with the specified name using the Quick Publish option. With this
option, no other information about the entity is provided.
.To locate and edit the entries you own, click Show owned entities (Figure 19-7).
You can edit the business and add a description, locators (classifications), and
contacts.
Edit the technical model from the owned entities panel (Figure 19-10). Notice the
Overview URL field that can point to a WSDL file on a provider server. Click
Update Technical Model when done. You could alternatively provide the extra
information about the technical model at the same time as you create it by using
the Advanced Publish option.
Finally you update the service to point to the technical model (Figure 19-11 and
Figure 19-12).
The owned entities panel now shows the service and the technical model
(Figure 19-13).
Show services
Start the UDDI Explorer by clicking Run -> Launch the Web services explorer.
In the home panel, click UDDI Main, assign a name to the private registry, and
define the inquiry API (Figure 19-14):
http://<yournode>:9080/uddisoap/inquiryapi
Publishing
Click the Publish icon and fill in the form. You must provide the publishing API
URL and a user ID and password (Figure 19-15).
For more information on the UDDI Explorer, refer to “Publishing and exploring a
UDDI registry” on page 233.
Summary
In this chapter, we covered IBM WebSphere Application Server as the basis for
deployment of enterprise applications and Web services.
The WebSphere InfoCenter is one of the most valuable and up-to-date online
resources:
http://www.ibm.com/software/webservers/appserv/infocenter.html
Part 3 Appendixes
Hardware
Hardware requirements include:
Any Intel-based PC running Windows NT Server V4.0, SP 6a or later,
Windows 2000 Server, or Advanced Server SP 2
Intel Pentium processor at 500 MHz, or faster
Support for a communications adapter
Minimum 180 MB free disk space for installation (includes SDK)
CD-ROM drive
Minimum 384 MB memory; 512 MB recommended
Software
The installation requires the following software to be installed:
Windows NT Server or Windows 2000 Server
Netscape Communicator 4.7.9 or Microsoft Internet Explorer 5.5 SP 2 and 6.0
Web browser that supports HTML 4 and CSS
For the WebSphere installation, the database does not have to be configured.
Cloudscape can be used in test environment, but other databases are required
for the production environment. The following databases are supported with
WebSphere Application Server V5 and WebSphere Network Deployment V5 on
Windows platforms:
Cloudscape 5.06
DB2 UDB V7.2 Fixpack 7
Informix Dynamic Server Versions 7.31 and 9.3
Oracle Enterprise Edition 8i Release 3 (8.1.7)
Oracle Enterprise Edition 9i Release 2 (9.2)
SQL Server Enterprise 7.0 SP 4 and 2000 SP 2
IBM HTTP Server is bundled with base WebSphere Application Server V5.
These HTTP servers can also be installed and configured:
Apache Server 1.3.26
HTTP Server 1.3.26 AIX, Linux/390, Linux/Intel, Windows NT
Internet Information Server 4.0
Sun ONE Web Server, Enterprise Edition (formerly iPlanet) 6.0 SP 4
Lotus Domino Enterprise Server (as HTTP Server) 5.0.9a
The administrative database of WebSphere Version 4 does not exist any longer.
All of the configuration information for the WebSphere Application Server Version
5 is now contained in XML files in the ${WAS_ROOT}\config directory. There are
many files that contain all the configuration information.
Installation process
First we start the LaunchPad (launchpad.bat) to access the product overview,
the ReadMe file, and installation guides.
Select Install the product to launch the installation wizard (Figure A-1).
If the install was successful, you should see messages similar to the following:
OS: Windows 2000
locale: en_US
hostname: NODENAME
cmd.exe /c "D:\WebSphere\AppServer\bin\ivt" NODENAME 9080
C:\WebSphere\AppServer
IVT0006I: Connecting to the WebSphere Server NODENAME on Port:9080
IVT0007I:WebSphere Server NODENAME is running on Port:9080
IVT0060I: Servlet Engine Verification: Passed
IVT0065I: JSP Verification: Passed
IVT0066I: EJB Verification: Passed
IVT00100I: IVT Verification Succeeded
IVT0015I: Scanning the file
D:\WebSphere\AppServer\logs\server1\SystemOut.log for
errors and warnings
IVT0020I: 0 Errors/Warnings were detected in the file
D:\WebSphere\AppServer\logs\server1\SystemOut.log
IVT0110I: Installation Verification is complete.
The Web services components (UDDI registry and Web Services Gateway) are
bundled and shipped with the Network Deployment version. The EAR files for
these components are placed into the installableApps subdirectory. The scripts
and additional details on how to install these components are located in the
UDDIReg and WSGW subdirectories respectively.
1. Install Application
Developer
2. Install embedded
messaging
Restart the installation launcher window and select Install embedded messaging
client and server. This component is required for JMS messaging to feed a
message-driven bean.
If you installed WebSphere Application Server, installing the embedded
messaging locates the existing WebSphere MQ installation and only tailors
the Application Developer to use the existing code.
If WebSphere MQ is not installed on this machine, then it will be installed now
You can create icons to start Application Developer with multiple workspaces. In
the Properties window of the icon, enter the target with the -data flag to indicate
the workspace location:
D:\<WSAD-HOME>\wsappdev.exe -data E:\WSAD5sg246891
Deselect the option Use this workspace as the default and do not show this
window box again.
You are then prompted for the workspace location every time you start the
product, which enables you to use multiple workspaces.
Optionally install the embedded messaging client and server and ClearCase LT.
Agent Controller
The IBM Agent Controller is also installed automatically for you.
Start the executable (wsdkSetup.exe) and follow the prompts. The only selection
is for the target location, for example, d:\WSDK_v5.
A program folder with three icon is created: Start Server, Stop Server, and WSDK
Help. Start the help facility and familiarize yourself with the concepts and tools.
You can find the installed technology preview in the WebSphere home directory
in the subdirectories:
<WAS-HOME>\TechPreview\WebServices
<WAS-HOME>\installedApps\<node>\TechnologySamples.ear
<WAS-HOME>\bin: additional commands (java2wsdl, wsdl2java, endptEnabler
<WAS-HOME>\lib: additional JAR files (axis.jar, webservices.jar, ...)
Documentation
Read the documentation at:
<WAS-HOME>\TechPreview\WebServices\docs\index.html
Select the Additional materials and open the directory that corresponds with
the redbook form number, SG246891.
The publications listed in this section are considered particularly suitable for a
more detailed discussion of the topics covered in this redbook.
IBM Redbooks
For information on ordering these publications, see “How to get IBM Redbooks”
on page 444.
EJB 2.0 Development with WebSphere Studio Application Developer,
SG24-6819
IBM WebSphere Application Server Version 5.0 Handbook, SG24-6195
IBM WebSphere V5.0 Security: WebSphere Handbook Series, SG24-6573
Legacy Modernization with WebSphere Studio Enterprise Developer,
SG24-6806
WebSphere Studio Application Developer Programming Guide, SG24-6585
Web Services Wizardry with WebSphere Studio Application Developer,
SG24-6292
Self-Study Guide: WebSphere Studio Application Developer and Web
Services, SG24-6407
WebSphere Version 4 Application Development Handbook, SG24-6134
Programming J2EE APIs with WebSphere Advanced, SG24-6124
CICS Transaction Gateway V5 The WebSphere Connector for CICS,
SG24-6133
Enterprise JavaBeans for z/OS and OS/390 CICS Transaction Server V2.1,
SG24-6284
Design and Implement Servlets, JSPs, and EJBs for IBM WebSphere
Application Server, SG24-5754
Integrating your Information, Getting stated with DB2 UDB, WebSphere MQ,
XML and Web Services, SG24-6892
Index 447
O RMI 18
OASIS 62 RPC 19, 24, 31
Oracle Enterprise Edition 428 style 55
Oracle ERP 244
S
P SAAJ 314
palette 254 SAML 146
partner 126 Web site 155
PeopleSoft 244 SAX 36, 319
plug-in 413 scenario 353
POP 144 scope 33, 204
port type secure proxy 368
WSDL 50 security 141
private UDDI registry 82, 416 token 147
process WSGW 138
breakpoint 276 security assertion markup language
business 120 see SAML
debugger 274 SEI 324
editor 247 self-signed certificate 411
files 262 serialization 28
flow 255 serializer 29, 31, 34
interface 265 service
proof-of-possession 147 compensation 124
protocol 143, 153 project 250
provider 92, 121 projection 67
proxy 210, 212 WSDL 53
secure 368 WS-Inspection 108
UDDI 77, 377 service broker 5–6
WSIF 95 service endpoint interface 324
publisher service provider 5–6
assertions 64 service requestor 5–6, 50, 59, 62, 65–66, 88, 130,
publishing 66 181, 285, 294, 355
service-oriented architecture 3, 17
concepts 5
Q sg246891code.zip 438
quality of service 90
Siebel 244
SiliconWeather 354
R simple API for XML 36
Red Hat 282 Simple Object Access Protocol
Redbooks Web site 444 see SOAP
Contact us xx SMTP 144
registry SOAP 7
UDDI 62 1.1 specification 40
relationships 67 administration 210
remote procedure call 19 architecture 17
replication 84 binding 55
requirements 4 body 23
resource adapter 243 Call object 34
Index 449
see UDDI see WSDL
universal resource identifier Web services flow language
see URI see WSFL
universal test client 208, 216 Web Services Gateway
unmarshalling 28 see WSGW
unpublish 291 Web services inspection language
UNSPSC 64 see WSIL
URI 21 Web services invocation framework
URN 21, 34 see WSIF
WebSphere
Application Assembly Tool 328
V Application Server 31, 161
virtual host 413
Enterprise Edition 135, 162, 277
VisualAge for Java 163
Express 162
installation 428
W Network Deployment 67, 85, 162, 404
W3C 18 Business Connection 139
Weather class 190 Web Services Gateway 140
weather forecast 187 Business Integration 172
WeatherForecast class 193 Commerce 170
WeatherPredictor class 195 Everyplace 168
Web service MQ 145, 166
deployment descriptor templates 327 Integrator Broker 172
from DADX 232 Portal for Multiplatforms 167
from JavaBean 200 product family 160
from URL 227 Studio 163
from WSDL 224 Application Developer 165, 197
Web services installation 431
administration 409 Integration Edition 165, 241, 432
build 176 Enterprise Developer 165
client 181 Site Developer 164
deployment 177, 401 Workflow 98
development 175 WebSphere SDK for Web Services
enabling 409 see WSDK
experience language (WSXL) 313 WebSphere Web Services for J2EE Technology
Explorer 233 Preview
for J2EE 318 see technology preview
gateway 130 WORF 232
interactive applications (WSIA) 313 workflow 119
management 177 wsadmin 340
matchmaking engine 313 WS-Authentication 153
protocol stack 143 WSDK 281, 303
runtime 177, 401 binding 52
scenario 353 documentation 284
scope 33 samples 285
security 141 tools 284
security model 152–153 Web site 300
wizard 198, 202 WS-Security 286
Web services description language WSDL 7
Index 451
452 WebSphere Version 5 Web Services Handbook
WebSphere Version 5
Web Services Handbook
(1.0” spine)
0.875”<->1.498”
460 <-> 788 pages
Back cover ®
WebSphere Version 5
Web Services Handbook
Web services This IBM Redbook describes the new concept of Web services from
overview and various perspectives. It presents the major building blocks Web
INTERNATIONAL
concepts services rely on. Here, well-defined standards and new concepts TECHNICAL
are presented and discussed. SUPPORT
Web services tools ORGANIZATION
Whereas these concepts are described vendor-independent, the
and development
book also presents IBM’s view and illustrates with suitable
demonstration applications how Web services can be implemented
Web services using IBM’s product portfolio, especially WebSphere Application BUILDING TECHNICAL
runtime environment Server Version 5 and WebSphere Studio Application Developer INFORMATION BASED ON
PRACTICAL EXPERIENCE
Version 5.
This book is a major update to the IBM Redbook Web Services IBM Redbooks are developed by
Wizardry with WebSphere Studio Application Developer, the IBM International Technical
SG24-6292, published in 2002. Support Organization. Experts
from IBM, Customers and
Partners from around the world
This book is structured in two parts: create timely technical
Part 1 presents the underlying concepts for the use of Web information based on realistic
scenarios. Specific
services. It presents the basic programming model, recommendations are provided
well-known basics in an updated way, and new concepts that to help you implement IT
go beyond the scope of the 2002 book. solutions more effectively in
your environment.
Part 2 shows how Web services can be implemented using the
latest IBM tools. Here, we introduce a sample application that
is demonstrated in various different ways.
For more information:
ibm.com/redbooks