WSDL Basics


What and Why WSDL

WSDL is a descriptor for Web Service that is XML formatted. Like any J2EE descriptors, it basically describes the Web Service. Web Service is described as a set of endpoints (ports) which would have 2 parts – Abstract definition and Concrete binding (Will dive onto that later).

whatiswsdl

The WSDL is basically the contract between the client and implementation. Everything that are defined and exposed has a definition inside the WSDL file.

Why WSDL? – Enables automation of communication details between communicating partners. Machines can read XML/WSDL documents and able to invoke the defined service in WSDL. 3rd part can also verify if the communication conforms to WSDL standards.

WSDL Document Structure

 

<wsdl:definitions xmlns:wsdl="http://schemas.xmlsoap.org/wsdl"                   targetNamespace="your name space here"                   xmlns:tns="your name space here"                   xmlns:soapbind="http://schemas.xmlsoap.org/wsdl/soap">

    <wsdl:types>
        <xs:schema targetNamespace="your namespace here" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

        </xs:schema>
    </wsdl:types>
    <wsdl:message name="some operation input">
           <!--Parts here-->
    </wsdl:message>

    <wsdl:message name ="some operation output">
        <!--Parts here-->
    </wsdl:message>

    <wsdl:portType name="your type name">
        <!-- Define operations here-->
    </wsdl:portType>

    <wsdl:binding name="your binding name" type="tns:port type name above">
        <!-- define style of transport here-->
    </wsdl:binding>

    <wsdl:service>
    </wsdl:service>

</wsdl:definitions>

On the sample above, the XML file uses the wsdl namespace as highlighted.

Example of WSDL document

The WSDL service above has a simple service generating strings and returning them. It will have a single operation called getSystemMessageAndReturn. It will be deployed using SOAP 1.1 over HTTP. The service takes a “string” message and responds with a message that has the “string” in it.

Nothing is much more simpler than that.

7 Elements of WSDL:

  • Types – data type definition and used to describe exchanged messages.
  • Message – abstract, typed definitions of data being exchanged
  • Operation – abstract description of an action. Refers to an input and/or output messages.
  • Port Type – Collection of operations
  • Binding – Concrete protocol and data format (encoding) for a particular Port type.
  • Port  – Defines a single communication endpoint. Endpoint address for binding. URL for HTTP, email address for SMTP.
  • Service -Aggregate set of related ports.

WSDL View of a Web Service

wsdl_doc.jpg

Web Service Invocation

wsdl_invoc

Message Element

A message element can consist of one or more logical parts. It is basically the data unit of an WSDL definition.

<definitions ....>
   <message name="nmtoken">
      <part name="nmtoken" element="qname"? type="qname" ?/>
   </message>
</definitions>

Types of Operations

There are 2 types of operations that we can define on our WSDL. One way or Two way.

One-way

The endpoint receives a message only.

<operation name="submitPurchase">
   <input message="purchase"/>
</operation>

Request/Response

The endpoint receives a message and sends a correlated message.

<operation name="submitPurchase">
   <input message="purchase"/>
   <output message="confirmation"/>
</operation>
<operation name="submitPurchase">
   <input message="purchase"/>
   <output message="confirmation"/>
   <fault message="faultMessage"/>
</operation>

Importing and Authoring Style

  • When a developer creates a web service, it is important to consider reusability and maintainability.
  • It is important also to maintain a WSDL document in 3 separate parts.
    • Data Type definitions
    • Abstract definitions
    • Specific Service Bindings
  • Use import element to import necessary part of WSDL document. This makes the parts more isolated and thus, maintainable.=

Examples

You can download some WSDL examples here.

On the next blog post, we’ll be creating a Web Service from scratch and apply all what we learned from here. See you!

Secure the unsecured


A recent issue in my home country has surface this month regarding an information leak. Our “highly” trained officers says it managed to caught and apprehend the actual hacker but never give any resolution as to what they will do to ensure that it will never happen again.

Much like what they usually do, this doesn’t surprise me at all. A lot of catastrophes had come and go and they (and so as the majority of our people) only manages to react. Yes, just react – nobody seems to want to be pro-active, no one wants to stand up, everyone is just good at reacting and blaming.

I won’t dive in into the details of the past but I’d like to put a stamp of myself on the current issue since this is closer to my profession. I am a Software Application Developer with extensive experience in the field, I do have a background in IT systems, infrastructure and services. I believe at the very least, I am qualified to give a say and propose a solution.

Let’s dive into the details (details that I know)

Problem

Obviously, the information leak is the issue but that would be the cause of the actual problem. The actual problem is the non-secured systems that makes it vulnerable and easily penetrable by highly intelligent malware.

Solution

SSL (Secure Socket Layers) and SSH (Secure Socket Shell)

In the context of someone who is not familiar with the tech, SSL is a technology that encrypts a clients data over the web. When a user tries to log on to a website, an SSL secures what you entered by encrypting it. The encrypted data will then pass through layers of network until it reaches the actual host. Only the host can decrypt this data (which is what we wanted). What this ultimately means is that your data is like “compressed” in a secured way and passed over the wire. Only the host (the owner of the site or application) can “decompressed” it.

This approach ensures that no one in between will copy your information and even if they got hold of your information over the wire and transfer, they won’t be able to read it since it’s encrypted.

For administrators, this is a simple installation on the host. Sure an additional cost, but it won’t be as much as the cost of someone’s privacy. With today’s tools for developers, installation of SSL is not that complicated. Sure you need to study and still comprehend, but if you know the fundamentals of networking, it’s not impossible to understand.

SSH – Secure Socket Shell is a way for any person (usually the admin) to access the server via a secure port and protocol. The concept is like a key and a padlock. A padlock (public key) is installed on your server and a counterpart key (private key) is the only way to access it. This key will be the sole access key to that padlock.

Data Server, DNS gateway, Site Selector / Gateway

This leak could’ve been avoided if they isolated the data sensitive services to a more secured environment. They would’ve invested on a RAID server (RAID3) and control the incoming and outgoing connects to be constantly via SSL. This ensures that whomever goes in and also goes out goes through a secured socket virtual layers.

In addition, the company could’ve invested on a DNS technology that can filter out and redirect request to any of their sites. This will allow them to evaluate all of the clients that tries to access their site. A good technology would be a Cisco Global Site Selector. This is one of the most globally used routing hardware that allows filtering of wire request. You can also disallow multiple and concurrent request to the server using this device.

Competent IT personnel

No questions on this one, get someone who is knowledgable. Get someone who can set up everything and is competent enough to do the maintenance and monitoring. Don’t just get someone who knows to setup a Web Server. Infrastructure security is far more complex than just decompressing a standalone source/binary to create a virtual web server.

The personnel should take care of managing the infrastructure, creating smurf/notification if there are warning treats to the server, potential DDOS attacks or brute force attacks. Enable security features such as SSL, Ip deny, traffic routing, filtering and identification.

There are a lot of ways to monitor the network for potential intrusion.

Quick take aways

A few take aways. Hackers have a million ways to hack. In all honesty, nothing is 100% secured over the wire. Virtually, everything is hackable, but we can minimize the probability of being a victim if we practice and apply even the most fundamental way of security practice. Secure the infrastructure, secure the protocols your services uses, secure incoming and outgoing and always be cautious of threats – understand how hackers can hack and you can get ahead of them.

For the non-tech savvy individual, you can always do the following the protect yourself

  • First line of defence is yourself. Don’t put too much of your details on social media. 60 to 70% of hacks comes from Social Engineering. Hackers uses any details it can find from you and they’ll try to get as much gains from that information as possible. Minimize your details in Social Media.
  • Install and Invest on Anti-virus/Malware programs. Always update your Virus Dictionary. There are millions and millions of malware, spywares and virus programs that can penetrate one’s computer. Installing an anti-virus,malware and spyware minimize the risk of penetration and even more important is updating them to keep it up to date with the newest treat available.
  • Be cautious on emails and the websites you visit. A single CLICK to a link can cost you. Hackers only need you to click a specific button or link to get information from you.

I’ll be tackling more on IT security approach on the next couple of blog posts.

SOAP Web Services


What is SOAP according to W3C Definition

“SOAP is a lightweight protocol intended for exchanging structured information in a decentralised, distributed environment. It uses XML technologies to define and extensible messaging framework providing a message construct that can be exchanged over a variety of underlying protocols. The framework has been design to be independent of any particular programming model and other implementation specific semantics.”

Simple Object Access Protocol

  • Wire protocol similar to IIOP for CORBA and JRMP for RMI
  • XML is used for data encoding – text and binary based protocol
  • Supports XML-based RPC (Remote Procedure Call) to ease the migration of existing RPC distribution schemes to SOAP based system (note that this approach is not being used anymore because of the introduction of RMI.

It is extremely important that any Java/J2EE developers understand the concept of how SOAP works as this will allow them to build better application that communicates and integrates with other systems. Like any other fundamentals, it is better to understand the underlying concepts.

Most of the time though, developers will be using a high-level API (JAX-WS) implementations to build these services thus the actual mechanism of SOAP is hidden.

Characteristic of SOAP

  • By default, SOAP is stateless but ultimately can be used to do stateful transactions (pass the state data to the object).
  • One way message exchange paradigm: Applications can create more complex interaction patterns by combining such one way exchange with features provided by underlying protocol (http), application specific information and higher level standard (such as “WS-Addressing”).
  • SOAP is silent on the semantics of any application-specific data it conveys. It doesn’t really care what kind of data (XML is only a recommendation as it’s a universal format – meaning any platform understands and can parse this kind of structure).

Design Goals of SOAP

  • Simplicity
  • Extensibility
  • Although it does offer the above, it doesn’t support advance support distributing features such as distributed GC, object by reference, activation and message batching.

SOAP Message Structure

soapmessagestructure

SOAP Message Envelope

  • Embedded information includes the namespace and encoding information
  • Header (Optional)
  • Body (Mandatory) – handled by the receiver

SOAP Header (<env:header>)

  • Used for extension (context, authentication, transaction, management)
  • Made of header blocks (composition of header blocks)
  • Most Web Service standard activities are basically defining standard header entries for a particular domain.

SOAP Header Blocks (Entries)

  • Child Elements of SOAP Header
  • Designed in anticpation of arious uses for SOAP
  • Inspected, inserted, deleted or forwarded by SOAP nodes encountered on the SOAP Message Path.

SOAP Body (<env:Body>)

  • Composition of body blocks
  • consumed by SOAP receiver
  • Carry end to end information (XML, RPC Methods and Parameters, SOAP Fault – exceptions)
  • SOAP Fault Messages

Fault Messages

If there are any errors encountered during the communication or any exceptions, a fault message will be thrown back to the client to allow it to handle the issue gracefully. There are pre-defined SOAP fault code values.

  • VersionMisMatch (invalid namespace in SOAP envelope of version mismatch)
  • MustUnderstand (Receiver does not understand and therefore cannot handle the mustUnderstand SOAP header block)
  • Client (client side communication error)
  • Server (server side communication error)

This can be used to return any readable exceptions to the client. This is extremely useful and a must do for anyone who creates web services.

Code Example

Concepts aside, let’s deep dive on the code example. I used NetBeans to create the example.

Tech Stack: NetBeans IDE with Java/Java EE, Glassfish Application Server
These are all bundled with NetBeans IDE if you download it from their site.
Project: Download it here.

The Web Service

Create a new Web Application Project.
samplewebservice_project

Create a simple Java Class and #Annotate

@WebService
public class SampleWebService {
    
    /**
     * Show Message
     * @param message
     * @return 
     */
    @WebMethod
    public String showMessage(String message){
        return message;
    }
}

Deploy the Web Service Application to Glassfish
deploywebservice

Test the Web Service using the “Test Web Service” option

After clicking the test below, a web page will be launched that will allow you to test the actual WebService method.
webservice_test
You can test the actual service by passing a value and clicking on the “showMessage” button.
webservice_test_actual
You can also access the WSDL file from the link provided. You can see the SOAP definitions, namespaces and entries.
webservice_wsdl

The Client

Not that hard to expose a service but what will it be without any clients using it? Let’s build a client that will actually call the Web Service. Once again, NetBeans provides us with a facility to create stubs and objects given a WSDL URL. Allowing use to focus on consuming the service.

Create a new Java Project

webservice_client_pro

Create a new Web Service Client within the Java Project

NetBeans IDE has a great feature to create Web Service Client. Beautifully and Gracefully creates the necessary objects given your WSDL.

webservice_client

Provide the WSDL URL and your set.

webservice_cl_provide_wsdl_url

Generated Source Code that your client can use

webservice_cl_gen_code

 

Call Web Service from the Client

After the stubs are generated, you can now call it from your project

/**
 *
 * @author alvinreyes
 */
public class SampleWebServiceClient {

    /**
     * @param args the command line arguments
     */
    public static void main(String[] args) {
        System.out.println(showMessage("Hello"));
    }

    private static String showMessage(java.lang.String arg0) {
        com.areyes.soap.sample.SampleWebServiceService service = new com.areyes.soap.sample.SampleWebServiceService();
        com.areyes.soap.sample.SampleWebService port = service.getSampleWebServicePort();
        return port.showMessage(arg0);
    }
    
}

Build your project before running the client. This will allow your project to recognize the new Java classes and packages.
webservice_cl_new_run

wsimport-client-SampleWebServiceService:
files are up to date
wsimport-client-generate:
Compiling 1 source file to /Users/alvinreyes/NetBeansProjects/SampleWebServiceClient/build/classes
compile-single:
run-single:
Hello
BUILD SUCCESSFUL (total time: 3 seconds)

You can download the actual project here

Web Services Overview


Introduction

Hello All! From this point forward, I’ll be doing series of posts related to Web Services. This is part of my on going certification study for the Web Services Expert exam. I’ll go from the fundamental questions of what Web Services are up to the deeper depths of it’s anatomy.

I don’t expect any of this to be published anywhere, but feel free to use my content for the right intentions and purposes.

For this post, I’ll be answering these few questions.

  • What is a Web Service
  • Why do we need Web Services
  • Where are & where are Web Services going?
  • Types of Web Services
  • Web Services on Java Platform

What are Web Services

Web services by definition are client and server applications that communicate over the WWW HTTP. It provides a standardisation of exposing services to multiple platforms, creating cross platform interoperability and extensibility. In a nutshell, it’s just a service exposed via the web which means accessible by HTTP/HTTPS.

Why do we need Web Services

There is always a growing demand for integrating systems that were built differently. The WEB has put a standard for all these systems to communicate with each other via it’s protocols. All platforms understand http and is able to parse XML format.

Where are & where are Web Services going?

It’s going bananas actually. Within the next couple of years, I can see that Web Services will be the main defacto approach in integrating many different applications and platforms. Tools will be available so that developers will easily integrate and create Web Services almost instantly and most of the what can be virtualize, will be soon be available as a service (and accessible via Web Service).

Types of Web Services

Big Web Services

Big Web Services uses XML as payloads and use the Simple Object Access Protocol to send and receive messages. We use JAX-WS and JAXB/JAXP implementation to read/write XML format file (structure data) and process them to our applications. Big Web Services are normally for large data that are mission critical to it’s purpose.

SOAP Web Services are also used to create stateful/session based service. This means that it can retain a specific client (thread) session and store its state on it’s entire lifespan.

REST Web Services

REST Web Services are much simpler mechanism. By default, stateless in nature, this is a type of Web Services we want to developer if we just want to expose a specific data structure. It’s simplicity has been the core point of it’s attractiveness to the developers and it’s lightweight approach makes it the primary choice for creating/integrating web services on micro / mobile devices.

It is important to understand the basic fundamentals/concepts of these 2 types as it will help you understand on how to effectively and efficiently design bullet proof Web Services for your customers.

On the next set of POST. I’ll be going on a deep dive adventure on creating our first BIG and REST Web Services.

iOS Swift – Playground


I started learning Swift (via https://www.udemy.com/complete-ios-developer-course) a few months ago. I was planning to create an application that will give me alerts for specific stock data price changes. Although this app hasn’t materialize yet, I find from developing that app, that learning Swift seems to be very straight forward and easy. The language itself is not that complicated to learn – as long as you are familiar with the C-style syntax. The XCode application is remarkable in its development tools. The IDE has a wide range of features that can help an app developer initiate and finally upload their apps on the app store.

Of course, for the likes of me, I haven’t really uploaded an app yet since I’m still learning the language, but I’m really impresses with the wide variety of channels that can be used to learn the language. One I wanted to be specific about is the Playground.

The playground is just a project within xcode that a student can use to code Swift. It can be use as a running ground to write code and see the results instantly.

//: Playground - noun: a place where people can play

import UIKit

var str = "Hello, playground"
var name:String = "String"

var number:Int = 1;
var numberD:Double = 10/42;
var numberF:Float = 10/21;
var newString:String = "111";

print("Hello world!!!");

print(newString);

//var numberX = "90";
var numberX:Double = 0.0;
print("\(numberX)");

var array = ["as0","as1"];
array.removeAtIndex(0);

var dict = ["name":"Alvin","Description":"Description of Alvin"];

dict["name"]
var nameStr:String = "name";

var textSample:String = "My name is \(dict[nameStr]!)";

var dict1 = [["name":"name1","desc":"desc1"],["name":"name2","desc":"desc2"]];

dict1[0]["name"];


if dict1[0]["name"] == "name1" {
    print("Hello World!");
}


var random = arc4random_uniform(10)
print("The random number is \(random) ");


for var i = 1;i<10;i++ {
    print("This is \(i)");
}

var arr = ["aa","aa1","aa2"]

for x in arr {
    print(x);
}

print("hello");

let arr1 = ["1","2","3"]
for x in arr1 {
    print(x);

}

var g = 0;
while g < 5 { print(g); g++; } var str1:String = "1"; func polymorphMe(inout name1:String, name2:String) { name1 += "Hello"; } polymorphMe(&str1,name2: ""); print(str1); func getEverything(name1 name2:String, description1 desc:String) -> (Int,Int) {
    
    return (1,1);
    
}

That’s a direct copy and paste of my playground code. It has all the basics syntax and powerful features of Swift. I just hope I can finish an app with it before 2016.🙂

I would certainly recommend anyone who’s learning Swift to use this tool and follow Rob Percievals Udemy course! (I highly recommend it!)

Happy coding!