Sunday, July 22, 2012

Changes Between SOAP 1.1 and SOAP 1.2



SOAP Version 1.2 has a number of changes in syntax and provides additional (or clarified) semantics from those described in [SOAP 1.1]. The following is a list of features where the two specifications differ. The purpose of this list is to provide the reader with a quick and easily accessible summary of the differences between the two specifications. The features have been put in categories purely for ease of reference, and in some cases, an item might equally well have been placed in another category.
Document structure
  • The SOAP 1.2 specifications have been provided in two parts. [SOAP Part1] provides an abstract Infoset-based definition of the SOAP message structure, a processing model and an underlying protocol binding framework, while [SOAP Part2] provides serialization rules for conveying that infoset as well as a particular HTTP binding.
  • SOAP 1.2 will not spell out the acronym.
  • SOAP 1.2 has been rewritten in terms of XML infosets, and not as serializations of the form <?xml....?> required by SOAP 1.1.
Additional or changed syntax
  • SOAP 1.2 does not permit any element after the body. The SOAP 1.1 schema definition allowed for such a possibility, but the textual description is silent about it.
  • SOAP 1.2 does not allow the env:encodingStyle attribute to appear on the SOAP env:Envelope, whereas SOAP 1.1 allows it to appear on any element. SOAP 1.2 specifies specific elements where this attribute may be used.
  • SOAP 1.2 defines the new env:NotUnderstood header element for conveying information on a mandatory header block which could not be processed, as indicated by the presence of an env:MustUnderstand fault code. SOAP 1.1 provided the fault code, but no details on its use.
  • In the SOAP 1.2 infoset-based description, the env:mustUnderstand attribute in header elements takes the (logical) value "true" or "false", whereas in SOAP 1.1 they are the literal value "1" or "0" respectively.
  • SOAP 1.2 provides a new fault code DataEncodingUnknown.
  • The various namespaces defined by the two protocols are of course different.
  • SOAP 1.2 replaces the attribute env:actor with env:role but with essentially the same semantics.
  • SOAP 1.2 defines a new attribute, env:relay, for header blocks to indicate if unprocessed header blocks should be forwarded.
  • SOAP 1.2 defines two new roles, "none" and "ultimateReceiver", together with a more detailed processing model on how these behave.
  • SOAP 1.2 has removed the "dot" notation for fault codes, which are now simply an XML Qualified Name, where the namespace prefix is the SOAP envelope namespace.
  • SOAP 1.2 replaces "client" and "server" fault codes with "Sender" and "Receiver".
  • SOAP 1.2 uses the element names env:Code and env:Reason, respectively, for what used to be calledfaultcode and faultstring in SOAP 1.1. SOAP 1.2 also allows multiple env:Text child elements ofenv:Reason qualified by xml:lang to allow multiple language versions of the fault reason.
  • SOAP 1.2 provides a hierarchical structure for the mandatory SOAP env:Code sub-element in the env:Faultelement, and introduces two new optional subelements, env:Node and env:Role.
  • SOAP 1.2 removes the distinction that was present in SOAP 1.1 between header and body faults as indicated by the presence of the env:Details element in env:Fault. In SOAP 1.2, the presence of the env:Detailselement has no significance as to which part of the fault SOAP message was processed.
  • SOAP 1.2 uses XML Base [XML Base] for determining a base URI for relative URI references whereas SOAP 1.1 is silent about the matter.
SOAP HTTP binding
  • In the SOAP 1.2 HTTP binding, the SOAPAction HTTP header defined in SOAP 1.1 has been removed, and a new HTTP status code 427 has been sought from IANA for indicating (at the discretion of the HTTP origin server) that its presence is required by the server application. The contents of the former SOAPAction HTTP header are now expressed as a value of an (optional) "action" parameter of the "application/soap+xml" media type that is signaled in the HTTP binding.
  • In the SOAP 1.2 HTTP binding, the Content-type header should be "application/soap+xml" instead of "text/xml" as in SOAP 1.1. The IETF registration for this new media type is [RFC 3902].
  • SOAP 1.2 provides a finer grained description of use of the various 2xx, 3xx, 4xx HTTP status codes.
  • Support of the HTTP extensions framework has been removed from SOAP 1.2.
  • SOAP 1.2 provides an additional message exchange pattern which may be used as a part of the HTTP binding that allows the use of HTTP GET for safe and idempotent information retrievals.
RPC
  • SOAP 1.2 provides a rpc:result element accessor for RPCs.
  • SOAP 1.2 provides several additional fault codes in the RPC namespace.
  • SOAP 1.2 offers guidance on a Web-friendly approach to defining RPCs where the procedure's purpose is purely "safe" informational retrieval.
SOAP encodings
  • An abstract data model based on a directed edge labeled graph has been formulated for SOAP 1.2. The SOAP 1.2 encodings are dependent on this data model. The SOAP RPC conventions are dependent on this data model, but have no dependencies on the SOAP encoding. Support of the SOAP 1.2 encodings and SOAP 1.2 RPC conventions are optional.
  • The syntax for the serialization of an array has been changed in SOAP 1.2 from that in SOAP 1.1.
  • The support provided in SOAP 1.1 for partially transmitted and sparse arrays is not available in SOAP 1.2.
  • SOAP 1.2 allows the inline (embedded) serialization of multiref values.
  • The href attribute in SOAP 1.1 (of type xs:anyURI) is called enc:ref in SOAP 1.2 and is of type IDREF.
  • In SOAP 1.2, omitted accessors of compound types are made equal to NILs.
  • SOAP 1.2 provides several fault sub-codes for indicating encoding errors.
  • Types on nodes are made optional in SOAP 1.2.
  • SOAP 1.2 has removed generic compound values from the SOAP Data Model.
  • SOAP 1.2 has added an optional attribute enc:nodeType to elements encoded using SOAP encoding that identifies its structure (i.e., a simple value, a struct or an array).

Sunday, July 8, 2012

Developing Bottom-Up JAX-WS (Client)

Create a new Java project and copy the Service Endpoint Interface (SEI) Java class file from the server implementation.
Then create the following Client implementation:
package com.jadobo.ws;

import java.net.URL;

import javax.xml.namespace.QName;
import javax.xml.ws.Service;

public class TestMain {

    private static final QName SERVICE_NAME 
        = new QName("http://ws.jadobo.com/", "HelloWorldService");

    public static void main(String args[]) throws Exception {
     
     URL wsdl = new URL("http://localhost:9000/helloWorld?wsdl");
        Service service = Service.create(wsdl, SERVICE_NAME);
        
        HelloWorld hw = service.getPort(HelloWorld.class);
        System.out.println(hw.sayHi("World"));
    }
}

Sample console output after Client execution:
INFO: Dynamically creating request wrapper Class com.jadobo.ws.jaxws.SayHi
INFO: Dynamically creating response wrapper bean Class com.jadobo.ws.jaxws.SayHiResponse
Hello: World

Developing Bottom-Up JAX-WS

General steps in creating bottom-up JAX-WS server, using CXF and Maven, in Java:
  1. Create java (maven) project
    - if you are not using Maven, then you have to manually configure to include the required JAR dependencies.
    - see Maven POM file below about required CXF libraries.
  2. Define Service Endpoint Interface (SEI)
  3. Define SEI Implementation (service layer)
  4. Create web service implementation (interaction layer)
  5. Deploy/execute
You should be able to see the generated WSDL file after deployment by enter the following URL in your browser:
http://localhost:9000/helloWorld?wsdl


The Service End Point Interface (SEI)
package com.jadobo.ws;

import javax.jws.WebParam;
import javax.jws.WebService;


@WebService
public interface HelloWorld {

    String sayHi(@WebParam(name="text")String text);
    
}


The Service End Point Implementation
package com.jadobo.ws;

import javax.jws.WebService;
@WebService(endpointInterface = "com.jadobo.ws.HelloWorld",
            serviceName = "HelloWorldService",
            portName="HelloWorldPort")
public class HelloWorldImpl implements HelloWorld {

    @Resource private WebServiceContext wsCtxt;

    public String sayHi(String text) {

        System.out.println("sayHi called");
        return "Hello: " + text;
    }
    
}


The Server Implementation
package com.jadobo.ws;

import javax.xml.ws.Endpoint;

public class Server {

    protected Server() throws Exception {
        // START SNIPPET: publish
        System.out.println("Starting Server");
        HelloWorldImpl implementor = new HelloWorldImpl();
        String address = "http://localhost:9000/helloWorld";
        Endpoint.publish(address, implementor);
        // END SNIPPET: publish
    }

    public static void main(String args[]) throws Exception {
        new Server();
        System.out.println("Server ready...");

        Thread.sleep(5 * 60 * 1000);
        System.out.println("Server exiting");
        System.exit(0);
    }
}


The Project's Maven POM
<project xmlns="http://maven.apache.org/POM/4.0.0" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 
http://maven.apache.org/xsd/maven-4.0.0.xsd">
   <modelVersion>4.0.0</modelVersion>
   <groupId>com.jadobo.ws</groupId>
   <artifactId>bottomup</artifactId>
   <version>0.0.1-SNAPSHOT</version>
  
    <repositories>
        <repository>
            <id>default</id>
            <name>Maven Repository</name>
            <layout>default</layout>
            <url>http://repo1.maven.org/maven2</url>
        </repository>
    </repositories>

    <dependencies>
    
        <!-- CXF Web Service -->
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-core</artifactId>
            <version>2.4.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-api</artifactId>
            <version>2.4.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-frontend-jaxws</artifactId>
            <version>2.4.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-bundle</artifactId>
            <version>2.4.1</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-common-schemas</artifactId>
            <version>2.3.5</version>
        </dependency>
        <dependency>
            <groupId>org.apache.cxf</groupId>
            <artifactId>cxf-rt-transports-http-jetty</artifactId>
            <version>2.4.1</version>
        </dependency>
    
    </dependencies>
  
</project>

Monday, July 2, 2012

Message Encryption/Decryption Mechanism


  1. Web service invocation 
  2. Retrieve client's X.509 certificate and private key 
  3. Digitally sign message (e.g SOAP body) using private key 
  4. Include client application's X.509 certificate in SOAP header as binary security token. 
  5. Encrypt message with symmetrical algorithm using a shared key. 
  6. Retrieve public key of the service provider's X.509 certificate 
  7. Encrypt shared key with asymmetric algorithm using service provider's public key. 
  8. Include encrypted shared key in SOAP header 
  9. Include reference to Service Provider's certificate in SOAP header.

  1. SP SOAP runtime recieves request
  2. Identify Service Provider's X.509 certification from reference in SOAP header
  3. Retrieve Service Provider's X.509 certificate and keys
  4. Decrypt shared key with asymmetric algorithms using private key of certificate
  5. Decrypt message with sysmmetric algorithm using shared key
  6. Retrieve sender's X.509 public key from binary security token in SOAP header
  7. Validate digital signature of message that also authenticate sender
  8. Call web service implmentation
  9. Process request