CS计算机代考程序代写 chain Java flex case study Excel SE457 Week 3

SE457 Week 3 – Overview Part 3, SOAP
Steven Engelhardt
DePaul University
Spring 2021
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 1 / 120

Table of Contents
1 Last Week
2 Microservices
3 Service-Orientation vs. Object-Orientation
4 Governance
5 SOAP
XML Foundations
Introduction to SOAP
Web Service Description Language (WSDL)
JAX-WS
Handlers Faults
Case Study: SAML
6 Wrap-Up
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
2 / 120

Last Week
• Abstraction is the principle that we design services to act as black boxes, that is their inner logic is hidden from the consumers.
• Autonomy is the ability of a service to make its own decisions without outside influence, control, or involvement. Achieving high levels of service autonomy, and thus developer productivity, is a frequent justification for service-oriented architecture (and, in particular, microservices)
• We try to design our service architecture to maximize composability, which is the ability to combine services into new and clever arrangements.
• Discoverability is the ability of users to discover and interpret services. It is distinct from discovery, which is the process by which a service client achieves a connection to a service instance.
• Reusability is often a goal of SOA initiatives, but it is not a requirement.
• Statelessness is about minimizing resource consumption by deferring the management of state information when necessary. Stateless services are frequently easier to scale, easier to deploy, simpler, and more reliable.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 3 / 120

Assignment Review
• Quiz 1 and HW1 review will be next week • Research presentation topics due today
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 4 / 120

Microservices
Watch The State of the Art in Microservices by Adrian Cockroft at https://www.youtube.com/watch?v=pwpxq9-uw_0. We will discuss this next week.
Content from this video may appear in quizzes, homework, or exams.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 6 / 120

Comparing Goals
Object-Orientation
• Increased business requirements fulfillment
• Increased robustness
• Increased extensibility
• Increased flexibility
• Increased reuse and productivity
Service-Orientation
• Increased intrinsic interoperability
• Increased federation
• Increased vendor diversification
options
• Increased business & IT alignment
• Increased ROI
• Increased organizational agility • Reduced IT burden
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 8 / 120

Comparing Concepts
Object-Orientation
• Class
• Interfaces
• Methods
• Fine-grained parameter data • Attributes
• Private members
Service-Orientation
• Technical service contract
• Technical service contract
• Operations
• Course-grained, document-centric messages
• (Discouraged)
• (Discouraged)
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP Spring 2021 9 / 120

Comparing Design Principles
Object-Orientation
• Encapsulation
• Inheritance
• Generalization / specialization • Abstraction
• Polymorphism
• Open-closed principle
• Don’t repeat yourself (DRY) • Single responsibility principle • Delegation
• Composition / aggregation
Service-Orientation
• Service abstraction
• (Discouraged)
• Service-level granularity
• Service abstraction
• Standardized service contract
• Service reusability
• Service normalization
• Service models
• Logic centralization
• Service composition (w/o ownership)
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 10 / 120

High-level governance involves
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 12 / 120

Governance is…
• Establishing chains of responsibility, authority and communication to empower people (decision rights).
• Establishing measurement, policy and control mechanisms to enable people to carry out their roles and responsibilities.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 13 / 120

IT and SOA governance are part of overall corporate governance
IT governance…
• Establishes decision-making rights associated with IT.
• Establishes mechanisms and policies used to measure and control the way IT decisions are made and carried out.
SOA governance…
• Is an extension of IT governance that focuses on the service lifecycle to ensure the business value of SOA.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 14 / 120

IT and SOA governance are different
IT Governance
• Covers all aspects of IT such as data governance and IT security.
• This makes it a broader set of concerns than SOA governance on its own.
SOA Governance
• Addresses the service lifecycle including: planning, publishing, discovery, versioning, management, and security.
• Covers business aspects of SOA that are not captured in IT governance such as the required coordination between business and IT.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 15 / 120

Governance models include…
• Principles
• Policies, guidelines, and standards
• Methods
• What and how to tailor the model to individual
projects or initiatives. • Governance processes
• Definition, compliance, vitality, and communication.
• Governance organization structure
• How governance ties into the overall organizational
model.
• Governance roles and responsibilities
• Who is responsible for what.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 16 / 120

Governance has value and a lack of governance has costs
Effective IT Governance is the single most important predictor of value an organization generates from IT. — MIT Sloan School of Management
Increasing Share Price
Professional investors are willing to pay premiums of 18-26% for stock in firms with high governance — McKinsey Quarterly
Increasing Profits
Top performing enterprises succeed where others fail by implementing effec- tive IT governance to support their strategies. For example, firms with above- average IT governance following a specific strategy (for example, customer intimacy) had more than 20 percent higher profits than firms with poor gov- ernance following the same strategy. — Peter Weill & Jeanne W. Ross
Increasing Market Value
On average, when moving from poorest to best on corporate governance, firms could expect an increase of 10 to 12 percent in market value.
— McKinsey Quarterly
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 17 / 120

Governance matters because…
• Business benefits of SOA can be realized. • Business process flexibility.
• Improved time to market.
• Business risks can be mitigated.
• Maintain or improve quality of service. • Ensure consistency of service.
• Team effectiveness can be improved.
• Measuring the right things.
• Clearer communication between the business and
IT.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 18 / 120

Certain prerequisites enable effective SOA governance
• Engagement and active participation of business stakeholders.
• Alignment of the SOA value proposition with business goals and objectives.
• Understanding of an commitment to the idea that governance is essential to realizing SOA’s value.
• Defined, communicated, and accepted SOA vision.
• An existing IT governance framework is very
useful, but not essential.
• Support and commitment from executive management.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 19 / 120

Service governance addresses practical issues of service development
• Funding and ownership.
• Services pay for themselves when they scale. For
instance, a reusable integrated service doesn’t pay off for the first consumer, but it does when more consumers begin using the service.
• Loose coupling might not pay off for the first solution, but it does when you have multiple solutions that must scale.
• Who pays for implementing a new service?
• The first consumer that requires the service?
• All consumers of the service?
• The provider invests in the new service and
charges back the consumers based on usage.
• A pool of resources used to fund new services.
• Who is the owner of the services and what is their role in driving/advertising services and their SLAs?
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 20 / 120

Repositories and registries help manage services
Repositories
• Manage business aspects of services: interfaces, contracts, SLAs, dependencies, etc.
• Contains information about the behavior and interface of a service.
• Independent of technical details. Registries
• Manage technical aspects of services.
• Often allows for service request routing and transformation.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 21 / 120

When considering a repository or registry…
• Is it provided for internal or external use?
• Does it manage all service data or just the technical data?
• Is it designed to help designers locate existing services at either design-time run-time or both?
• Does it provide support for designing and modeling a service or does it provide comparatively simple publishing capabilities?
• Is it centralized or decentralized?
• Is it possible to work with it without being online within the development environment?
• What versioning and configuration management does it provide?
These are often not needed during the early stages of SOA. Larger-scale SOA deployments tend to grow into them. Each organization is different.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 22 / 120

SOA policies
• The rules and guidelines needed to establish and live SOA.
• Policies define what’s right from an organizational and technical perspective.
• Policies may be laws or guidelines:
• Laws must be followed. • Guidelines are
recommendations.
• Policies evolve over time. Let them.
• Policies are only useful if they prove to be appropriate in the current business and technical context.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 23 / 120

Best Practice: SOA Center of Excellence
• A central team that is responsible for establishing and governing SOA.
• Generally directed by a steering committee that founds, controls, and decides on the SOA strategy as a whole.
• The team is virtual and is composed of members from different areas including the business, IT, development, etc.
• Requires a certain degree of expertise and vision tempered by pragmatism.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 24 / 120

Best Practice: SOA Center of Excellence
• The CoE is essentially a service provider for the organization.
• Collaboration within and across the organization is critical to its success.
• Should be involved at every stage of SOA adoption.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 25 / 120

Services are managed resources
They can be:
• Stopped and started.
• Secured.
• Deployed and configured.
• Versioned, deprecated, and retired.
• Monitored for changes in status, performance characteristics, and other KPIs.
• Evaluated against their SLAs.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 26 / 120

Service management encompasses different areas
• Performance and availability.
• Compliance with all SLAs.
• Security policies for internal and external access.
• Root cause analysis.
• Development lifecycle of web
service-based applications.
• Repeatable deployment and configuration changes.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 27 / 120

Managing the consumer layer…
• Monitor end-user response times to ensure SLA compliance. • Monitor synthetic transactions to help detect problems early. • Monitor availability and end-user response times.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 28 / 120

Managing the business process layer…
• Monitor processes from a business perspective to identify potential pain points and areas for optimization.
• Monitor processes from an IT perspective to detect problems early. Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 29 / 120

Managing the services layer…
• Reconcile operational services against those in the inventory.
• Identify service dependencies.
• Provide for centralized service management policies to support SLA compliance and the setting of IT goals.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 30 / 120

Managing the service components layer…
• Understand the health and performance of the applications and their supporting technology.
• Correlate service problems to issues in the infrastructure such as queues filling up or exhausted thread pools.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 31 / 120

Managing the operational systems layer…
• Understand the health of the infrastructure.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 32 / 120

Managing the back plane…
• Each management discipline spans the entire solution through things like event correlation, transaction performance, and SLAs.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 33 / 120

Best Practice: Services
• Recognize services as a higher level of abstraction than traditional system resources.
• Measure services against KPIs and SLAs.
• Track relationships and interactions among business processes, services and IT infrastructure.
• Look to automation to avoid violations of SLAs.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 34 / 120

Best Practice: Instrumentation
• Plan for performance instrumentation.
• Instrumentation should be lightweight and dynamic.
• Several vendors for this kind of technology:
• AppDynamics • DynaTrace
• New Relic
• Many others.
• Type of instrumentation depends on the layer being instrumented.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 35 / 120

XML documents consist of containers and content
• Declaration. Declares the version of XML used to define the document.
• Elements. A structural, textual unit.

DePaul University 2014-02-02

243 S. Wabash Ave. Chicago IL

60604

•
Attributes. A single name-value pair associated with an element.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 38 / 120

All XML documents follow the same basic rules
• • •
•
There is a single root element. Elements may be nested.
Elements must be closed in the reverse order in which they were opened.
XML documents that follow these rules of syntax are considered well-formed.

DePaul University 2014-02-02

243 S. Wabash Ave. Chicago IL

60604

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 39 / 120

XML namespaces address element collisions…
• XML namespaces are used to distinguish between elements that have the same local name, but that are semantically different.
This example has elements in common with the example from the prior slide, but they could mean different things.

243 S. Wabash Ave. Chicago IL

60604

•
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 40 / 120

…so that we can indicate which rules should be used to validate the content
• Namespaces map XML content to schemas that describe that legal content.

DePaul University 2014-02-02

243 S. Wabash Ave. Chicago IL

60604

•
To reference a namespace, we use the xmlns declaration along with a unique URI.
• A QName, or qualified name, is the combination of the namespace and local part.
• In this example the namespace applies to billing-information and everything it contains.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 41 / 120

URIs can get messy, so we usually use a shorthand
•
•
If we’re using elements from different namespaces, then using URIs as identifiers gets unwieldy.
In those cases we’ll use a shorthand where we map a prefix to the namespace’s URI.

DePaul University 2014-02-02
243 S. Wabash Ave. Chicago IL 60604

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 42 / 120

Schemas are used to describe XML documents
• Schemas define which elements and attributes are used, how they are ordered and nested, and their data types.
• Think of schemas as the classes of the XML world.
• XML documents that adhere to the rules of one or more schemas are valid.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 43 / 120

To check for validity a document must be associated with a schema
•
Each namespace URI referenced in the XML document should be associated with the actual URL of the corresponding schema document.

DePaul University 2014-02-02
243 S. Wabash Ave. Chicago IL 60604

Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP Spring 2021 44 / 120

Schemas define the legal structure of valid XML documents
• It defines which elements and attributes are used, how they are ordered and nested, their data types, and any restrictions on their values or usage.

…
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 45 / 120

Simple data types extend the built-in types
•
XML Schema Documents (XSD) provide a large number of built-in types: integers, decimals, date and times, boolean, string and IDs.
Each built-in type can be extended and restricted based on different facets and using different techniques.

•
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 46 / 120

Complex data types are composite types that aggregate other types…
• •
Only complex types can have attributes and children.
Complex types define child element sequencing, multiplicity, and whether any attributes are optional or required.

• xsd:sequence indicates that the element must appear in the order specified.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 47 / 120

Which allows for reuse within and across different schemas
• Complex types can be reused or defined anonymously inline.
• Reuse can be accomplished through either an include or an import.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 48 / 120

An include loads one schema into another
•
•
•

An include does not change the
namespace of the imported elements.
Any document built with this data will have to reference both schemas.
That might not be as convenient as you might want.

…
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 49 / 120

An import loads one schema into another but changes the namespace
namespace=”http://my.com/address” />

• An import changes the namespace of the imported elements.
• Any document built with this schema can treat all of the imported elements as though they are a part of the base schema.

…

•
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP Spring 2021 51 / 120

SOAP-based web services
• SOAP was the original protocol for accessing web services.
• SOAP originally stood for Simple Object Access Protocol. It is no longer an acronym.
• SOAP provides for additional extensions to support more complex capabilities.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 53 / 120

The basic SOAP interaction is like most RPC mechanisms
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 54 / 120

SOAP must be transformed to and from a common representation
• The unifying representation is XML.
• Schemas are used to define the translation from one set of data types to another.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 55 / 120

SOAP messages are sent using an envelope

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 56 / 120

SOAP headers typically describe the message itself

29r1d9f471wae:c4bc5fv:j3mfnc3acvc9:-9221

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 57 / 120

SOAP messages may be processed by more than the receiver
• The SOAP messaging architecture defines the sender and the receiver.
• The message may also be processed by any number of intermediaries.
• Intermediaries manipulate the header blocks.
• Intermediaries may not modify the body of the message.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 58 / 120

The SOAP body contains the message payload

29r1d9f471wae:c4bc5fv:j3mfnc3acvc9:-9221

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 59 / 120

The SOAP body can follow either the unwrapped or wrapped style
Document/Unwrapped Style
@WebService
@SOAPBinding(style = Style.DOCUMENT) public class RandService { … }

RPC/Wrapped Style
@WebService
@SOAPBinding(style = Style.RPC) public class RandService { … }

xmlns:xsd=”http://www.w3.org/2001/XMLSchema”>
27
94

27
94

Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
60 / 120
e

Each SOAP-based web service has three components
• Interface. The interface against which clients will be developed.
• Implementation. The implementation of the service’s logic.
• Publisher. Code that binds the service to a URL endpoint so that it can be invoked.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 61 / 120

SOAP has pros and cons
Pros
Cons
• Complexity. There are a lot of specifications and it is hard to stay current on them all.
• Significant overhead because of XML.
• Commercial interests are involved, which can lead to standards bloat.
• Core concepts are relatively simple.
• Significant tool support.
• Ubiquitous technologies: XML
and HTTP.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 62 / 120

There are alternatives to SOAP
• There are alternatives to SOAP that attempt to alleviate some of its most common criticisms.
• REST
• GraphQL
• XML-RPC • JSON-RPC • gRPC
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 63 / 120

Each SOAP-based web service must have a WSDL that defines it
• The Web Service Description Language (WSDL) file describes the web service.
• The abstract section defines protocol-neutral aspects of the service.
• The concrete section describes how the abstract section will be bound to SOAP.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 65 / 120

JAX-WS splits the WSDL into two components
• The abstract elements of the
WSDL are defined in a separate
Abstract elements and use them to Concrete
construct the concrete elements, http://localhost:8888/rs?wsdl thus providing a complete
definition to consumers.
schema.
• The WSDL imports the abstract http://localhost:8888/rs?wsdl=1
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 66 / 120

The major sections of a WSDL
Section types
message portType
binding service
Purpose
Defines the data types that are used within the WSDL. This is often a link to another schema to allow some degree of schema reuse.
The types of messages that will be sent to or received from the web service. Combined with the types section is WSDL 2.0. Defines the operations that are available on the service along with the messages that those operations use. This section has been renamed to interface in WSDL 2.0.
Indicates the transport protocol that will be used when calling the operations. Also indicates the message mode to be used. Associates a binding with the URL that will be used to access the service.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 67 / 120

definitions
• The definitions element is the document root of the WSDL.

…
It declares the namespaces used within the rest of the document.
•
• In WSDL 2.0, this element has
been renamed to description.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 68 / 120

types
• The types element declares or links to a schema that defines the data types required to form the messages used by the service.

external XSD, but types may be
• This is often a reference to an declared inline as well.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 69 / 120

message
• The message elements declare the data types required to form the messages used by the service.

Each part describes the payload of the message.
•
• In WSDL 2.0, this element was
rolled into the types element since it’s basically just more types.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 70 / 120

portType
•
• •
The portType elements describe the web service operations and their messages.
Each operation requires at least one input or output message.
The kinds and sequence of the messages define different message modes.

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 71 / 120

Consumer and service can interact using different message modes
Mode
Request- Response
Description
The operation receives a mes- sage and provides a response. We’ll focus on this mode.
sage but does not provide a re- sponse.
and waits for a response.
The operation sends a message but does not wait for a response
Operation Elements
Response Notification

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 72 / 120

One Way The operation receives a mes- Solicit- The operation sends a request

binding
• The binding element binds the operations from the portType to the SOAP protocol.

•
The transport attribute indicates the protocol that will be used with the service.
• The style attribute defines whether document or rpc style is used for the messages.
• The use attribute indicates that the service’s types follow the schema literally.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 73 / 120

service
• The service element describes how each binding will be exposed.
• The port element associates a binding with an address, also called an endpoint.
• There will be one port element for each binding in the WSDL.

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 74 / 120

JAX-WS
• A popular platform for implementing SOAP APIs is JAX-WS, an API that can be used for both REST-style and SOAP-style web services.
• JAX-WS services can be compiled and deployed using only core Java or through web containers like Tomcat or Jetty.
• JAX-WS is part of JEE, was bundled in JDK 1.6+, and was unbundled from Java 11 and turned into an external addon.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 76 / 120

JAX-WS is extensive and provides much flexibility
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 77 / 120

Interface
package rand;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService
public interface RandService {
@WebMethod
public int next1();
@WebMethod
public int[] nextN(final int n); }
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
78 / 120

Implementation
package rand.impl; import rand.RandService;
import javax.jws.WebService;
@WebService(endpointInterface=”rand.RandService”) public class RandServiceImpl
implements RandService {
public int next1() {
… }
public int[] nextN(final int n) {
… }
}
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 79 / 120

Publisher
package rand;
import rand.impl.RandServiceImpl;
import javax.xml.ws.Endpoint;
public class RandPublisher {
public static void main(String[] args) {
final String url = “http://localhost:8888/rs”; System.out.println(“Publishing RandServiceImpl at endpoint ” + url); Endpoint.publish(url, new RandServiceImpl());
} }
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 80 / 120

Interface combined with implementation
package rand;
import rand.RandService; import javax.jws.WebService; import javax.jws.WebMethod;
@WebService
public class RandService {
@WebMethod
public int next1() { … }
@WebMethod
public int[] nextN(final int n) { … } }
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 81 / 120

…and then we need to change the publisher as well
package rand;
import rand.RandService;
import javax.xml.ws.Endpoint;
public class RandPublisher {
public static void main(String[] args) {
final String url = “http://localhost:8888/rs”; System.out.println(“Publishing RandService at endpoint ” + url); Endpoint.publish(url, new RandService());
} }
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 82 / 120

Schemas and WSDLs
• The Endpoint class will automatically provide a dynamically generated schema and WSDL.
• These can be seen by sending HTTP requests to the endpoint used by the publisher.
http://localhost:8888/rs?wsdl
http://localhost:8888/rs?xsd=1
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 83 / 120

We can import the WSDL to facilitate building the client code
• JDK 1.6+ comes with the wsimport utility that consumes a WSDL and generates the classes that transform Java types to and from the schema types.
• The utility creates JAX-B artifacts to perform the actual mappings.
• Apache Axis2 and CXF are alternatives.
In General:
wsimport -p -keep http://localhost:8888/rs?wsdl
For Example:
wsimport -p client
-keep http://localhost:8888/rs?wsdl
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 84 / 120

The generated schema is simple

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 85 / 120

RandClient
import client.RandServiceService; import client.RandService;
import java.util.List;
public class RandClient {
public static void main(String[] args) {
RandServiceService service = new RandServiceService(); RandService port = service.getRandServicePort();
// sample calls
System.out.println(port.next1());
List nums = port.nextN(4); for (Integer num : nums) {
System.out.println(num); }
} }
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
86 / 120

@WebService annotations
Service-Endpoint Interface (SEI)
package rand;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService(name=”RandomNumberPortType”, targetNamespace=”http://edu.depaul.cdm.se457″)
public interface RandService {
… }
Service-Implementation Bean (SIB)
package rand;
import javax.jws.WebMethod;
import javax.jws.WebService;
@WebService(endpointInterface = “rand.RandService”, portName=”RandomNumberServicePort”, serviceName=”RandomNumberService”)
public class RandServiceImpl implements RandService {
… }
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP Spring 2021 87 / 120

@WebMethod annotation attributes
Attribute action
exclude
SEI/SIB SEI/SIB
SIB
Description
The name of the action for the method. For SOAP bindings, this will be the value of the soapAction attribute on the soap:operation el- ement for the operation.
Marks the method so that it will not appear in the web service interface. If this value is used, the other attributes may not be used. This may only be used on SIBs without a separate SEI.
The name of the operation as it will be exposed to consumers of the web service.
operationName SEI/SIB
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 88 / 120

@WebMethod annotations
SEI
import javax.jws.WebMethod; import javax.jws.WebService;
@WebService(name=”RandomNumberPortType”, targetNamespace=”http://edu.depaul.cdm.se457″)
public interface RandService { @WebMethod(action=”next1″,
operationName=”nextOneNumber”) public int next1();
@WebMethod(action=”nextN”, operationName=”nextBunchOfNumbers”)
public int[] nextN(final int n); }
SIB
import javax.jws.WebMethod; import javax.jws.WebService;
@WebService(name=”RandomNumberPortType”, targetNamespace=”http://edu.depaul.cdm.se457″)
public interface RandService { …
@WebMethod(exclude=true)
public int[] nextN(final int n) {…} }
• The SIB can exclude methods. This can’t be done when using an SEI.
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP Spring 2021 89 / 120

@WebParam annotation attributes
Attribute header
mode name
partName targetNamespace
Description
If true then the value of the parameter will be pulled from the header rather than the body.
The direction in which the parameter is flowing (IN, OUT, INOUT).
The name of the parameter as it will appear in the WSDL.
The name of the part of the message in the WSDL. The XML namespace for the parameter.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 90 / 120

@WebParam annotations
SEI
import javax.jws.WebMethod; import javax.jws.WebService;
@WebService(name=”RandomNumberPortType”,
targetNamespace=”http://edu.depaul.cdm.se457″ SIB
)
public interface RandService { •
@WebMethod(action=”next1″, operationName=”nextOneNumber”)
public int next1();
@WebMethod(action=”nextN”, operationName=”nextBunchOfNumbers”)
public int[] nextN( @WebParam(name=”numberOfInts”) int n);
}
There’s no difference when using this annotation on the SIB from using it on the SEI.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 91 / 120

@WebResult annotation attributes
Attribute header
name
partName targetNamespace
Description
If true then the value of the result will be pulled from the header rather than the body.
The name of the result as it will appear in the XSD. The name of the part of the message in the WSDL. The XML namespace for the result.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 92 / 120

@WebResult annotations
SEI
import javax.jws.WebMethod; import javax.jws.WebService;
@WebService(name=”RandomNumberPortType”, targetNamespace=”http://edu.depaul.cdm.se457″) SIB
public interface RandService {
@WebMethod(action=”next1″, •
operationName=”nextOneNumber”) @WebResult(name=”result”)
public int next1();
@WebMethod(action=”nextN”, operationName=”nextBunchOfNumbers”)
public int[] nextN( @WebParam(name=”numberOfInts”) int n);
}
There’s no difference when using this annotation on the SIB from using it on the SEI.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 93 / 120

Table of Contents
1 Last Week
2 Microservices
3 Service-Orientation vs. Object-Orientation
4 Governance
5 SOAP
XML Foundations
Introduction to SOAP
Web Service Description Language (WSDL)
JAX-WS
Handlers
Faults
Case Study: SAML
6 Wrap-Up
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
94 / 120

We sometimes want to modify a SOAP message en route
• We may want to perform operations to add or process header blocks before a SOAP message arrives at it’s ultimate destination.
• A common example includes adding security information to the header.
• We use handlers to perform such tasks. Think of them as being like Filters from JEE web technologies.
package javax.xml.ws.handler;
public interface Hander { void close(MessageContext context);
boolean handleFault(C context);
boolean handleMessage(C context);
}
public interface HanderResolver { java.util.List
getHandlerChain(PortInfo portInfo); package javax.xml.ws.handler.soap;
public interface
SoapHander {
java.util.Set
getHeaders(); }
}
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 95 / 120

This handler adds a timestamp to each message…
class ClientTimestampHandler implements SOAPHandler { public boolean handleMessage(SOAPMessageContext mCtx) {
Boolean outbound = (Boolean) mCtx.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY); if (outbound) {
try {
SOAPMessage soapMessage = mCtx.getMessage();
SOAPEnvelope envelope = soapMessage.getSOAPPart().getEnvelope(); // Ensure there is a header and add a ‘wrapper’ element.
if (envelope.getHeader() == null) { envelope.addHeader(); } SOAPHeader header = envelope.getHeader();
QName qn = new QName(“http://edu.depaul.cdm.se457”, “SE457”); header.addHeaderElement(qn);
// Now insert timestamp into the header.
String timeStamp = getTimestamp();
Node firstChild = header.getFirstChild();
append(firstChild, “Timestamp”, timeStamp); soapMessage.saveChanges();
} catch (Exception e) {
throw new RuntimeException(“SOAPException thrown.”, e); }
}
return true; // continue down the handler chain }
}
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 96 / 120

Handlers are exposed by resolvers, which are attached to the service
Resolver
public class ClientHandlerResolver implements HandlerResolver {
public List getHandlerChain(PortInfo portInfo) {
List handlerChain = new ArrayList();
handlerChain.add(
new ClientTimestampHandler()
);
return handlerChain; }
}
Client
RandomNumberService service = new RandomNumberService();
service.setHandlerResolver(
new ClientHandlerResolver());
RandomNumberPortType port = service.getRandomNumberServicePort();
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP Spring 2021 97 / 120

Table of Contents
1 Last Week
2 Microservices
3 Service-Orientation vs. Object-Orientation
4 Governance
5 SOAP
XML Foundations
Introduction to SOAP
Web Service Description Language (WSDL)
JAX-WS
Handlers
Faults
Case Study: SAML
6 Wrap-Up
Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
98 / 120

Things can always go wrong…
• Faults report errors upstream to nodes encountered earlier in the message path.
• Faults can be generated by the receiver or by intermediaries.
• Receivers are only required to return faults when request-response messaging is used.
• Faults are returned to the receiver’s immediate sender. Similar to Java exceptions.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 99 / 120

Suppose we create a new method in the SEI and SIB…
SEI
import javax.jws.WebMethod; import javax.jws.WebService;
@WebService( name=”RandomNumberPortType”,
SIB
import javax.jws.WebMethod; import javax.jws.WebService;
@WebService(
name=”RandomNumberPortType”, targetNamespace=”http://edu.depaul.cdm.se457″ )
public interface RandService {
….
public void nextFailure() throws Exception {
throw new Exception(“Deliberate Failure”); }
}
targetNamespace=”http://edu.depaul.cdm.se457″ )
public interface RandService { …
@WebMethod
public void nextFailure() throws Exception; }
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 100 / 120

Then we can see the new method and exception defined in the XSD…

…

…

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 101 / 120

And in the WSDL…

…
….

…

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 102 / 120

wsimport generates a new exception class…
import javax.xml.ws.WebFault;
@WebFault(name=”Exception”, targetNamespace=”http://edu.depaul.cdm.se457″) public class Exception_Exception extends java.lang.Exception {
private client.Exception faultInfo; // THIS IS A FAULT BEAN – NEXT SLIDE
public Exception_Exception(String message, client.Exception faultInfo) {
super(message); this.faultInfo = faultInfo; }
public Exception_Exception(String message, client.Exception faultInfo, Throwable cause) {
super(message, cause); this.faultInfo = faultInfo; }
public client.Exception getFaultInfo() { return faultInfo; } }
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 103 / 120

As well as a fault bean class…
• The fault bean carries the payload of the fault message from the SOAP response.
• It’s not an Exception, but it contains data that the Exception might want to provide.
public class Exception { protected String message;
public String getMessage() {
return message; }
public void setMessage(String value) { } this.message = value;
}
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 104 / 120

Now we can update the client
• The client is catching the Exception_Exception class, which was generated.
• The output of the call getFaultInfo() will be the fault bean.
• The output of the call to getMessage() will be the exception message provided by the service.
package client;
public class RandClient {
public static void main(String[ ] args) {
// get the service and port
RandomNumberService service = new RandomNumberService();
RandomNumberPortType port = service.getRandomNumberServicePort();
// failure calls
try {
port.nextFailure(); }
catch (Exception_Exception e) { System.out.println(e.getFaultInfo());
System.out.println(e.getMessage()); }
} }
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 105 / 120

Custom exceptions can be used, but we need to craft them carefully
•
•
In order to conform to the JAX-WS specification, we’ve got to provide our own exception.
It must conform to the same structure as the generated code or else a new exception will be generated.
wsimport will more or less make an exact copy of this class.
import javax.xml.ws.WebFault;
@WebFault(name=”RandException”, targetNamespace=”http://edu.depaul.cdm.se457″)
public class RandException extends Exception {
private final RandFaultBean faultInfo;
public RandException(String message, RandFaultBean faultInfo) {
super(message);
this.faultInfo = faultInfo; }
public RandException(String message, RandFaultBean faultInfo, Throwable cause) {
super(message, cause);
this.faultInfo = faultInfo; }
public RandFaultBean getFaultInfo() {
return this.faultInfo; }
}
•
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 106 / 120

Since the real exception data is in the bean, we’ve got to craft that as well…
•
Since the bean is just a carrier, we can add whatever other information we want. In this case we’re including a faultCode.
package rand;
public class RandFaultBean { private String message; private String faultCode;
• The bean must also have a no-argument constructor.
• wsimport will more or less make an exact copy of this class.
public String getMessage() { } return this.message;
public String getFaultCode() { } return this.faultCode;
public void setMessage(String message) {
this.message = message; }
public void setFaultCode(String faultCode) {
this.faultCode = faultCode; }
}
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 107 / 120

And now the XSD looks like…

…

…

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 108 / 120

And the WSDL looks like…

…
….

…

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 109 / 120

SAML
• Security Assertion Markup Language (SAML) is an XML standard for exchanging authentication and authorization data between security domains.1
• SAML is often used to implement web-based, cross-domain single sign-on (SSO) between two trusted sites.
• SAML 1.1 was exclusively SOAP-based. SAML 2.0 retained SOAP bindings but added additional bindings, such as representing SAML 2 messages directly in the URL query string of a HTTP GET request.
1Wikipedia contributors. SAML 1.1. [Online; accessed 3-May-2020]. 2020. url: https://en.wikipedia.org/wiki/SAML_1.1.
2Wikipedia contributors. SAML 2.0. [Online; accessed 3-May-2020]. 2020. url: https://en.wikipedia.org/wiki/SAML_2.0.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 111 / 120

SAML Assertions
• SAML assertions contain statements that service providers use to make access control decisions.3
• For instance, authentication statements assert to the service provider that the principal did indeed authenticate with the identity provider at a particular time using a particular method of authentication.
• Assertions can be quite complex; we are only covering the basics in this presentation.
3Wikipedia contributors. SAML 1.1. [Online; accessed 3-May-2020]. 2020. url: https://en.wikipedia.org/wiki/SAML_1.1.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 112 / 120

Example SAML Assertion

user@idp.example.org

urn:oasis:names:tc:SAML:1.0:cm:bearer

Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
113 / 120

SAML Protocols – Requester
• A SAML protocol is a simple request-response protocol.
• A SAML requester sends a SAML Request element to a responder.

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 114 / 120

SAML Protocols – Responder
• Similarly, a SAML responder returns a SAML Response element to the requester:

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 115 / 120

SAML Binding
• A SAML protocol binding is how requests and responses are sent over the network.
• SAML 1.1 formally defines just one protocol binding, the SAML SOAP binding. SAML 2.0 added additional bindings.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 116 / 120

Example SAML Request
POST /ArtifactResolutionService HTTP/1.1 Host: idp.example.org
Content-Type: text/xml
Content-Length: nnn
SOAPAction: http://www.oasis-open.org/committees/security

artifact

Steven Engelhardt (DePaul University)
SE457 Week 3 – Overview Part 3, SOAP
Spring 2021
117 / 120

Example SAML Response
HTTP/1.1 200 OK Content-Type: text/xml Content-Length: nnnn

user@idp.example.org

urn:oasis:names:tc:SAML:1.0:cm: artifact

Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 118 / 120

Next Steps
• Watch the video The State of the Art in Microservices by Adrian Cockroft at https://www.youtube.com/ watch?v=pwpxq9-uw_0. We will discuss it next week.
• Quiz 2 is available on D2L. It is due Tuesday, April 20 at 5:30 PM.
• Homework 2 is available on D2L. It is due Tuesday, April 27 at 5:30PM.
Steven Engelhardt (DePaul University) SE457 Week 3 – Overview Part 3, SOAP Spring 2021 120 / 120

Related Posts