SOAP
Simple Object Access Protocol (SOAP) is a standard protocol specification for message exchange based on XML. Communication between the web service and client happens using XML messages.
A simple web service architecture have two components
In order to communicate client must know some information for e.g.
Service provider will create a standard XML file which will have all above information.So If this file is given to client then client will be able to access web service. This XML file is called WSDL.
All details related to webservices available here:
http://docs.oracle.com/cd/E40938_01/doc.74/e40142/dev_secure_web_srvcs.htm
http://www.journaldev.com/9193/web-services-interview-questions-soap-restful#types-of-web-services
Note-:
What is the use of Accept and Content-Type Headers in HTTP Request?
These are important headers in Restful web services. Accept headers tells web service what kind of response client is accepting, so if a web service is capable of sending response in XML and JSON format and client sends Accept header as “application/xml” then XML response will be sent. For Accept header “application/json”, server will send the JSON response. Content-Type header is used to tell server what is the format of data being sent in the request. If Content-Type header is “application/xml” then server will try to parse it as XML data. This header is useful in HTTP Post and Put requests.
JAX RS
Java API for RESTful Web Services (JAX-RS) is the Java API for creating REST web services. JAX-RS uses annotations to simplify the development and deployment of web services. JAX-RS is part of JDK, so you don’t need to include anything to use it’s annotations.
There are two major implementations of JAX-RS API-:
1. Jersey: Jersey is the reference implementation provided by Sun. For using Jersey as our JAX-RS implementation, all we need to configure its servlet in web.xml and add required dependencies. Note that JAX-RS API is part of JDK not Jersey, so we have to add its dependency jars in our application.
2. RESTEasy: RESTEasy is the JBoss project that provides JAX-RS implementation.
In the web services terms, REpresentational State Transfer (REST) is a stateless client-server architecture in which the web services are viewed as resources and can be identified by their URIs. Web service clients that want to use these resources access via globally defined set of remote methods that describe the action to be performed on the resource.
It consists of two components, REST server which provides access to the resources and a REST client which accesses and modify the REST resources.
In the REST architecture style, clients and servers exchange representations of resources by using a standardized interface and protocol. REST isn't protocol specific, but when people talk about REST they usually mean REST over HTTP.
The response from server is considered as the representation of the resources. This representation can be generated from one resource or more number of resources.
Representational State Transfer refers to transferring "representations". You are using a "representation" of a resource to transfer resource state which lives on the server into application state on the client.
Why called rest?
A RESTful web service (also called a RESTful web API) is a web service implemented using HTTP and the principles of REST. It is a collection of resources, with four defined aspects:
Basic Annotations:
@Path, @Pathparam,@GET, @PUT, @POST, @Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
Two best resource for JAX RS-:
http://javapapers.com/web-service/restful-services-crud-with-java-jax-rs-jersey/
http://www.mkyong.com/tutorials/jax-rs-tutorials/
Security in WEB services
During the past few years, the technology industry has been working on various XML-based security schemes to provide comprehensive and unified security schemes for Web services. These schemes include:
http://www.javaworld.com/article/2073287/soa/secure-web-services.html
http://javaranch.com/journal/200603/WSSecurity.html
http://www.journaldev.com/9131/soap-webservices-in-java-example-eclipse
http://www.java2blog.com/2013/03/soap-web-service-tutorial.html
Simple Object Access Protocol (SOAP) is a standard protocol specification for message exchange based on XML. Communication between the web service and client happens using XML messages.
A simple web service architecture have two components
- Client
- Service provider
In order to communicate client must know some information for e.g.
- Location of webservices server
- Functions available,signature and return types of function.
- Communication protocol
- Input output formats
Service provider will create a standard XML file which will have all above information.So If this file is given to client then client will be able to access web service. This XML file is called WSDL.
What is WSDL?
WSDL stands for Web Service Description Language. It is an XML file that describes the technical details of how to implement a web service, more specifically the URI, port, method names, arguments, and data types. Since WSDL is XML, it is both human-readable and machine-consumable, which aids in the ability to call and bind to services dynamically.using this WSDL file we can understand things like,
There are two ways to access web service.
1. If Service provider knows client:If service provider knows its client then it will provide its wsdl to client and client will be able to access web service.
2. Service provider register its WSDL to UDDI and client can access it from UDDI:UDDI stands for Universal Description, Discovery and Integration.It is a directory service. Web services can register with a UDDI and make themselves available through it for discovery.So following steps are involved.
WSDL stands for Web Service Description Language. It is an XML file that describes the technical details of how to implement a web service, more specifically the URI, port, method names, arguments, and data types. Since WSDL is XML, it is both human-readable and machine-consumable, which aids in the ability to call and bind to services dynamically.using this WSDL file we can understand things like,
- Port / Endpoint – URL of the web service
- Input message format
- Output message format
- Security protocol that needs to be followed
- Which protocol the web service uses
- Ways to access web service:
There are two ways to access web service.
1. If Service provider knows client:If service provider knows its client then it will provide its wsdl to client and client will be able to access web service.
2. Service provider register its WSDL to UDDI and client can access it from UDDI:UDDI stands for Universal Description, Discovery and Integration.It is a directory service. Web services can register with a UDDI and make themselves available through it for discovery.So following steps are involved.
- Service provider registers with UDDI.
- Client searches for service in UDDI.
- UDDI returns all service providers offering that service.
- Client chooses service provider
- UDDI returns WSDL of chosen service provider.
- Using WSDL of service provider,client accesses web service.
All details related to webservices available here:
http://docs.oracle.com/cd/E40938_01/doc.74/e40142/dev_secure_web_srvcs.htm
http://www.journaldev.com/9193/web-services-interview-questions-soap-restful#types-of-web-services
Note-:
What is the use of Accept and Content-Type Headers in HTTP Request?
These are important headers in Restful web services. Accept headers tells web service what kind of response client is accepting, so if a web service is capable of sending response in XML and JSON format and client sends Accept header as “application/xml” then XML response will be sent. For Accept header “application/json”, server will send the JSON response. Content-Type header is used to tell server what is the format of data being sent in the request. If Content-Type header is “application/xml” then server will try to parse it as XML data. This header is useful in HTTP Post and Put requests.
JAX RS
Java API for RESTful Web Services (JAX-RS) is the Java API for creating REST web services. JAX-RS uses annotations to simplify the development and deployment of web services. JAX-RS is part of JDK, so you don’t need to include anything to use it’s annotations.
There are two major implementations of JAX-RS API-:
1. Jersey: Jersey is the reference implementation provided by Sun. For using Jersey as our JAX-RS implementation, all we need to configure its servlet in web.xml and add required dependencies. Note that JAX-RS API is part of JDK not Jersey, so we have to add its dependency jars in our application.
2. RESTEasy: RESTEasy is the JBoss project that provides JAX-RS implementation.
In the web services terms, REpresentational State Transfer (REST) is a stateless client-server architecture in which the web services are viewed as resources and can be identified by their URIs. Web service clients that want to use these resources access via globally defined set of remote methods that describe the action to be performed on the resource.
It consists of two components, REST server which provides access to the resources and a REST client which accesses and modify the REST resources.
In the REST architecture style, clients and servers exchange representations of resources by using a standardized interface and protocol. REST isn't protocol specific, but when people talk about REST they usually mean REST over HTTP.
The response from server is considered as the representation of the resources. This representation can be generated from one resource or more number of resources.
Representational State Transfer refers to transferring "representations". You are using a "representation" of a resource to transfer resource state which lives on the server into application state on the client.
Why called rest?
A RESTful web service (also called a RESTful web API) is a web service implemented using HTTP and the principles of REST. It is a collection of resources, with four defined aspects:
- the base URI for the web service, such as http://example.com/resources/
- the Internet media type of the data supported by the web service. This is often XML but can be any other valid Internet media type providing that it is a valid hypertext standard.
- the set of operations supported by the web service using HTTP methods (e.g., GET, PUT, POST, or DELETE).
- The API must be hypertext driven
<servlet> <servlet-name>RESTful Jersey CRUD Service</servlet-name> <servlet-class>org.glassfish.jersey.servlet.ServletContainer</servlet-class> <init-param> <param-name>jersey.config.server.provider.packages</param-name> <param-value>com.javapapers.webservices.rest.jersey</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>RESTful Jersey CRUD Service</servlet-name> <url-pattern>/rest/*</url-pattern> </servlet-mapping>
In short, JAX RS has to declare resource in particular format and then client can access it using set pattern.
Basic Annotations:
@Path, @Pathparam,@GET, @PUT, @POST, @Consumes(MediaType.APPLICATION_JSON)
@Produces(MediaType.APPLICATION_JSON)
Two best resource for JAX RS-:
http://javapapers.com/web-service/restful-services-crud-with-java-jax-rs-jersey/
http://www.mkyong.com/tutorials/jax-rs-tutorials/
Security in WEB services
During the past few years, the technology industry has been working on various XML-based security schemes to provide comprehensive and unified security schemes for Web services. These schemes include:
- XML digital signature
- XML Encryption
- XKMS (XML Key Management Specification)
- XACML (Extensible Access Control Markup Language)
- SAML (Secure Assertion Markup Language)
- WS-Security (Web Services Security)
- ebXML Message Service
- The Liberty Alliance Project
http://www.javaworld.com/article/2073287/soa/secure-web-services.html
http://javaranch.com/journal/200603/WSSecurity.html
SOAP vs REST web services
Parameter
|
SOAP
|
REST
|
|---|---|---|
Acronym
|
SOAP stands for simple object access protocol
|
REST stands for REpresentational State Transfer
|
Protocol vs Architectural style
|
SOAP is a standard protocol to create web services
|
Rest is architectural style to create web services.
|
Contract
|
Client and Server are bind with WSDL contract
|
There is no contract between client and Server.
|
Format Support
|
SOAP supports only XML format
|
REST web services supports XML, json and plain text etc.
|
Maintainability
|
SOAP web services are hard to maintain as if we do any changes in WSDL , we need to create client stub again
|
REST web services are generally easy to maintain.
|
Service interfaces vs URI
|
SOAP uses Service interfaces to expose business logic
|
Rest uses URI to expose business logic
|
Security
|
SOAP has its own security : WS-security
|
Rest inherits its security from underlying transport layer.
|
Bandwidth
|
SOAP requires more bandwidth and resources as it uses XML messages to exchange information
|
REST requires less bandwith and resources. It can use JSON also.
|
Learning curve
|
SOAP web services are hard to learn as you need to understand WSDL , client stub
|
REST web services are easy to understand as you need to annotate plain java class with JAX-RS annotations to use various HTTP methods.
|
When to use JAX WS and JAX RS
- JAX-WS is meant for XML based web services such as SOAP. JAX-RS does not have the same restriction.
- JAX-WS is generally geared towards server to server interactions with well defined contracts (WSDLs) and usually when the service and client side are from separate groups. It is very resource intensive so it isn't feasible for client-to-server interactions where the network or client device capability is less than optimal.
- JAX-RS is geared towards client to server interactions, although server-to-server is okay. As it has little service obligations, it can be tuned to whatever the client needs are.
- However, using RESTful service APIs is akin to doing meta-programming like Ruby and Python which delays problems to run-time as there is no defined schema agreed and technically enforced upon by the two sides. As such I don't recommend RESTful services everywhere, but I would recommend it if I had control of the two sides which normally happens when you do build a web application that uses static HTML/CSS/JS and talks with a RESTful server for the data.
Other link:
http://www.journaldev.com/9131/soap-webservices-in-java-example-eclipse
http://www.java2blog.com/2013/03/soap-web-service-tutorial.html
