II Enterprise Web Services Web Services and J2EE Web Services and Stateful Resources Securing Web Services 10 Web Services Reliable Messaging 11 Web Services Transactions 12 Orchestrating Web Services Web Services and J2EE T HIS CHAPTER INTRODUCES THE CONCEPTS of using SOAP,WSDL, and the Web services stack with Java Enterprise Edition (J2EE) g Although a single chapter can’t justice to a wide-ranging development platform, we’ll show you how to enable Enterprise JavaBean g components as Web services using Axis and the JSR109 g JCP proposal Continuing our example scenario, the SkatesTown technical team has been working in Java for a while and recently has been looking at moving some of the Java applications that run on their server into the J2EE platform.They’ve heard that it’s secure, transactional, managed, scalable, and robust—all the things they want for their business applications But they’re also interested in Web services, and they want to be able to create services easily So, they’ve decided to build a sample application called SkatesEJB, which will be a pilot project to determine the value in using J2EE to implement their Web services J2EE Overview Java Enterprise Edition (J2EE) is the platform for building enterprise applications in Java J2EE standardizes the services, programming model, and deployment for applications so that developers can build solutions that can be used on a variety of application servers J2EE has a number of application models: Thin-client/browser-based applications use servlets and JavaServer Pages g (JSPs) Thick/managed application clients use RMI-IIOP g to communicate with server-based Enterprise JavaBeans (EJB) components Messaging applications use the Java Message Service to act on messages in queues or from subscriptions n n n To this list we can now add service-based applications, which offer services over SOAP/HTTP to clients J2EE provides a framework that supports high quality of service (QoS) In other words, J2EE lets you build transactional, secure, reliable applications that are available 348 Chapter Web Services and J2EE across a cluster of highly available servers A J2EE application server provides a wide variety of capabilities including the following: Workload and performance management—Thread management, pooling, caching, and cluster support n n n n n Security management—Password and certificate management and validation, authentication, and access control Resource management—Access to relational databases, transactional management systems, connectors to Enterprise Resource Planning (ERP) systems, and messaging systems Transaction management—Two-phase commit support, transactional access to databases, and distributed transactions Management, configuration, and administration—Deployment, configuration, and administration tools These services are provided through the concept of a container Containers A container is a logical entity in a J2EE server Containers are entities that have contracts with the components that are deployed into a server—but they also help you understand the way a J2EE system works Components are deployed to a container, and the container manages the execution of those components as needed.The container provides isolation by intercepting calls to the EJBs, allowing the container to manage aspects such as threads, security, and transactions between components.The container also provides a useful abstraction between components and the resources they use For example, when one component uses a database, the programmer uses a resource reference g (resource ref) to link to the database.Then the deployment engineer can configure the actual database that maps to the reference So, the code that is written and compiled isn’t hard-coded to a specific database This approach is also used for JMS destinations, URLs and URIs, and other EJB components in the same or different applications Later in the chapter, you’ll see an example of an ejb-ref g that virtualizes access to another EJB Enterprise JavaBeans The core of J2EE is the EJB component.This is the programming model for writing and deploying business logic into an application server EJBs provide a component model for creating business applications EJB components are mainly focused on aspects such business logic, as well as database and legacy server access, transactions, security, and threading—in other words, how you build core business services in a Java environment EJBs initially look complex because they were designed to layer over ordinary Java For each component, there are multiple java files Ideally, the user has an Integrated Development Environment (IDE) that shows each component as a whole as well as the J2EE Overview individual class files for that component However, in the examples later in this book, we simply use a text editor and basic tools for portability The EJB component model allows you to structure the business logic into discrete connected components EJB applications are loosely coupled, with well-defined interfaces EJBs come in a variety of styles: n n n Session beans g are business logic components that are instantiated on behalf of a user and last no longer than the time the client program remains active and running (a session) Entity beans g are components that are mapped into an underlying database or persistent store (for example, a bank account, purchase order, telephone number, or email address) Each instance must have a unique key under which it is stored and retrieved Message-driven beans (MDBs) g are executed in response to a message at the server, usually a one-way, asynchronous JMS g message, but also including messages from other systems such as SAP R/3 or PeopleSoft coming through a connector There is another distinction: between local and remote EJBs Local EJBs can only be called from within the same container, whereas remote EJBs are callable across a network over distributed networking protocols (such as RMI-IIOP) An application can be thought of as having distinct parts—for example: The part that deals with the long-term storage of data in a database or other persistent backend (local entity beans) The part that provides business logic (stateless local session beans) The part that provides the interface with thick clients or a graphical interface layer (stateless or stateful remote session beans) The graphical Web interface (servlets and JSPs) n n n n n The part that deals with messaging—sending and receiving messages from other systems (message-driven beans) As you can see, the J2EE application model is a component model that provides the right component types to support solid business applications EJB Lifecycle Another aspect of J2EE that’s very important to Web services is the lifecycle of an EJB Components have well-defined lifecycles—they’re instantiated, persisted, and destroyed EJBs define a “home” factory for creating and managing the lifecycle of components EJBs can be divided into those with no real lifecycle and those with a lifecycle Note The Open Grid Services Infrastructure (OGSI) offers a model of services that have lifecycles This is a point of debate around Service-Oriented Architecture—whether services have lifecycles like objects or whether they’re stateless 349 350 Chapter Web Services and J2EE Stateless session beans are session beans with no real lifecycle—the container instantiates a pool of these as needed Although there are multiple instances of the component, each instance is interchangeable with any other, because they have no state that differs from method call to method call Message-driven beans (MDBs) have no lifecycle either.They are instantiated and pooled by the container—so they are always available Stateful session beans (SFSBs) are explicitly created by an application, with parameters in the create() method (part of the home interface).The instance of an SFSB contains state information specific to that client, and therefore it must either be explicitly destroyed or timed out by the container (otherwise the number would grow until the system’s capacity was used up) Entity beans are stateful and have attributes that are stored in a database, file system, or other persistent storage.They must be either created or found using a key Because they’re kept in a persistent datastore, the objects have a very extended lifetime—unlike SFSBs, which last as long as the client code is running, these object instances remain available until they’re explicitly deleted, surviving reboots, crashes, system migrations, and so on Another difference with SFSBs is that many clients can talk to one entity bean instance The lifecycle-free model of services matches the model of stateless session beans and MDBs In fact, a common design pattern in EJB programming involves all distributed interaction with the EJB application taking place through a faỗade of stateless session beans and MDBs.This model most closely fits today’s services infrastructure Initiatives such as WS-Addressing (http://www-106.ibm.com/developerworks/ library/specification/ws-add/) and the WS-Resource Framework (WSRF; http://www.globus.org/wsrf/default.asp) allow stateful components to be addressed as services.There are ways of doing it without these technologies (such as adding a key to the end of the address URL), but they aren’t standardized Apache Axis has recently added support for WS-Addressing, but it isn’t supported in Apache Axis or in the J2EE specification at the time of this writing Note Apache SOAP supports this approach See http://ws.apache.org/soap/ As you’ll see when we dive deeper into J2EE support for Web services, the only supported components that can be accessed as Web services are servlets, stateless session beans, and MDBs For more information about stateful services, see Chapter 8, “Web Services and Stateful Resources.” Roles: Development, Assembly, and Deployment One of the most useful aspects of J2EE is the way the architecture was designed from the start with ordinary people in mind Early Web systems were often created from many different technologies, so the developer had to be good at programming in multiple J2EE Overview languages and systems as well as understand the network, the database connections, system administration, and so on For example, many of the early dynamic Web technologies mixed HTML with the programming language in a single file.This meant that a graphic designer couldn’t modify the look and feel without risking breaking the logic— with the result the programmer frequently did the layout and HTML/Web design, or spent valuable time cutting and pasting HTML into their code The J2EE model clearly separates roles such as Web programmer, business logic programmer, deployment engineer, and administrator.To achieve this separation, there are clear contracts between the components and the infrastructure For example, JSPs allow the HTML and page design to be separate from the business logic There are two important roles: the assembler and the deployment engineer Both are like systems integrators Like a brick layer, the assembler pulls together a set of components to create an application.Then the deployment engineer comes and wires and connects everything, like an electrician and plumber rolled into one.The mortar, solder, and cabling that keep it all together are called deployment descriptors Deployment descriptors (DDs) are XML files that capture information about components and applications.They help resolve aspects left undefined by the programmer, such as resolving references, setting policies, and linking to other components The following snippet shows a sample DD for an EJB: Simple Application Simple StockQuote com.skatestown.StockQHome com.skatestown.StockQ com.skatestown.StockQHome Stateless Bean As you’ll see later, the same approach has been applied to the Web services support in J2EE 1.4, where a new DD—webservices.xml—has been added.This file is effectively the Java Standards version of the Axis WSDD file Benefits of Using Web Services with J2EE J2EE is a high-quality, reliable, secure infrastructure for building complex Web and business applications.Web services started more simply with no inherent security, reliability, 351 352 Chapter Web Services and J2EE or transactions, but these are now being added using the open and flexible model that SOAP and Web services offer Many businesses are using Web services with J2EE to provide simple interoperable access to existing J2EE applications—for example, creating a C/C++/C# or VB.NET client to an EJB application Before SOAP and Web services, this was possible but very complex J2EE uses a distributed object model called RMI-IIOP, which bridges the Java object model and the CORBA (IIOP) protocol Accessing J2EE components from outside Java used to require either bridge technology or complicated logic to access the components using IIOP from C or C++.This was typically a painful process SOAP and Web services make this scenario much more appealing, and a number of companies are using the SOAP approach in their systems today Why use J2EE with Web services? In other words, why would you write a J2EE application and EJBs if you could simply deploy Java classes into an Axis server to create Web services? The answer, as usual, depends on the individual circumstances Many small applications will work fine with the Java Axis approach As the complexity and requirements on the application scale up, having a managed J2EE environment in which to run components becomes more appropriate In particular, the benefits increase as you start to connect to databases, messaging systems, and other enterprise systems Security The first benefit that a J2EE application server brings is security Because the individual methods (operations) of an EJB can be secured, and because J2EE has end-to-end security, you can use either HTTPS or WS-Security to authenticate users and then offer them services and/or operations with fine-grained access control For example, a single service may have bid and cancel operations, and a J2EE application server can be configured with one group of ordinary users who can bid, and then another group of superusers who can cancel Because security in J2EE is tightly integrated into the Java runtime, these security models extend to the Web services space, and so the access controls are applied to incoming SOAP requests as well, based on the configuration and administration of the EJBs (For more details, see Chapter 9, “Securing Web Services.”) Transaction Control Across Distributed Resources The second benefit a J2EE application server offers is transaction control across distributed resources Even if you aren’t using WS-AtomicTransaction and WS-Coordination (see Chapter 11, “Web Services Transactions”), you may wish to ensure that the backend resources you’re communicating with are kept in sync with each other and are transactional For example, you may wish to have a database log of Web service transactions held in an Oracle or DB2 RDB and then use a JMS system to send messages internally to a legacy system.The J2EE server can make the database log entry and send the message in the same unit of work.That way, even if the HTTP connection fails and the SOAP response message sent to the client fails, your server has a log of what happened Although it doesn’t offer full end-to-end transactionality, this type of architecture has J2EE Overview been used extensively in Web-based systems to provide a higher level of robustness at the application level Container Managed Persistence J2EE offers both a programming model for building business applications—including the tools and technology to map your objects into databases (entity beans)—and a reliable, scalable infrastructure for running those applications As soon as the application moves beyond the simplicity of a sample or first proof of concept, users find that the learning curve and extra complexity of a J2EE solution is repaid in the savings in time and effort that the model offers For example, in our sample application, the J2EE application server will automatically save the state of the objects we create using a feature called Container Managed Persistence (CMP).This means that instead of having to write database logic and SQL statements, we can write fairly straightforward Java objects and have the container generate the SQL and take care of all the database reads, writes, and updates.This approach makes it quick and easy to build a Web service application with a database at its heart And, this support is independent of which database server is used J2EE Versions A word about versions: While J2EE 1.4 has just been released, J2EE 1.3 is still the more commonly used version in real systems at the time of this writing J2EE 1.4 includes significant Web services support, especially the standards JAX-RPC, JAX-R, and JSR 109 (“Implementing Enterprise Web Services”), as well as improvements specifically targeted at producing WS-I Basic Profile g compliance (http://ws-i.org/Profiles/Basic/ 2003-08/BasicProfile-1.0a.html) As a result, every J2EE application server will support the following: A UDDI registry Calling out to external Web services through JAX-RPC Hosting Web services using EJBs and servlets Calling out to UDDI servers n n n n The rest of this chapter is split into three parts First, we create the EJBs that form the core of the application.This isn’t a full tutorial on EJBs, but just a simple EJB application that allows SkatesTown to get going Next, we investigate using Web services with an existing J2EE server by using the Apache Axis toolkit In this section, we assume that there is a running J2EE server such as BEA WebLogic, JBOSS, or IBM WebSphere, and we look at using the Apache Axis framework to connect to EJBs.We’re doing this because the SkatesTown developers are familiar with Axis and would like to understand how EJBs fit into the model they already have; and although this is more difficult than the approach in the last part of the chapter, not all application servers support that approach yet Finally, we look at how this model is simplified and updated when we utilize new support from J2EE 1.4 to deploy a service directly into an enabled J2EE container.This 353 778 performance correlation, 565-568 data handling, 572-575 design, 553-554 empty/wait activities, 575 event handling, 587 external interface processes, 554-557 fault handling, 582-585 flow, 576-579 invoking Web services, 568-571 language extensibility, 604 partnerLinks, 563-565 process structures, 558-560 structured activities, 580-581 handlers chain definitions, 260-261 declarations, 259-260 transport declarations, 261-262 WSDD, 258-259 JAXB, 100-102 logging, 302 SOAP styles, 151-152 stateful/stateless, 550 strings defining, 58 transports, 300 two-level programming models, 550 Web services, 722-723 WS-Policy, 218 WSDL documents, 195-201 XML associating schemas, 54-55 complex types (schemas), 59-62 DOM, 91-96 global attributes/elements, 63 instances, 35-42, 44 JAXB, 96-104 namespaces, 44-51 processing, 78-85 reusability (schemas), 64-78 SAX, 85-91 schemas, 51-54, 62-63 simple types (schemas), 55-59 testing, 105-107 permissions, methods, 497 persistence (J2EE), 353 persistent stores, 349, 510 phases of evolution (Web services), 717-720 physical structure (XML schemas), 51 piggy-backing messages, 510 PIs (processing instructions), 35, 640 pivots, 237 PKI (Public Key Infrastructure), 453-454 WS-SecureConversation specification, 482 WS-Trust specification, 474-475 plaintext, 447 platforms, 696-697 deployment, 699 SOA, 697-698 pointers (WS-Addressing), 388-391 policies management, 690 SOA, 682-683 UDDI, 335 WS-RM policy assertions, 518-521 WSDL, 214-215 policy-based interoperability, 725 PolicyReference element, 219 POPortType operations, 399, 412 port elements (WSDL), 190 portals, role of, 727 portType element referencing, 627 WSDL, 179-180, 554-556 POSubmission service, modifying, 393 poSubmission service interface definition, 193-195 predefined XML schema types, 56 See also schemas, XML preferences Axis, 275, 367-374 document, 277-278 message, 278-279 RPC, 275 wrapped, 276-277 binding, 84-85 BPEL, 550-553, 588-597, 599-601 abstract processes, 601-603 activities, 561-562 compensation handling, 585-586 correlation, 565-568 data handling, 572-575 design, 553-554 empty/wait activities, 575 event handling, 587 external interface processes, 554-557 profiles fault handling, 582-585 flow, 576-579 invoking Web services, 568-571 language extensibility, 604 partnerLinks, 563-565 process structures, 558-560 structured activities, 580-581 handlers chain definitions, 260-261 declarations, 259-260 transport declarations, 261-262 WSDD, 258-259 JAXB, 100-102 logging, 302 SOAP styles, 151-152 stateful/stateless, 550 strings defining, 58 transports, 300 two-level programming models, 550 Web services, 722-723 WS-Policy, 218 WSDL documents, 195-201 XML associating schemas, 54-55 complex types (schemas), 59-62 DOM, 91-96 global attributes/elements, 63 instances, 35-42 JAXB, 96-104 namespaces, 44-51 processing, 78-85 reusability (schemas), 64-78 SAX, 85-91 schemas, 51-54, 62-63 simple types (schemas), 55-59 testing, 105-107 prefixes (XML namespaces), 47-51 PriceCheck Web service, 613 priority, adding items, 50 processes binding, 553 BPA, 700-708 BPEL, 550-553, 588-597, 599-601 abstract, 601-603 activities, 561-562 compensation handling, 585-586 correlation, 565-568 data handling, 572-575 design, 553-554 empty/wait activities, 575 event handling, 587 external interface, 554-557 external interface processes, 554-557 fault handling, 582-585 flow, 576-579 invoking Web services, 568-571 language extensibility, 604 partnerLinks, 563-565 structure of, 558-560 structured activities, 580-581 deployment, 553 instances, 562 long-running, 550 SOA, 682-683 processing, 695 attachments, 659 batches, 701 client-side messages (Axis), 240-241 MessageContext (Axis), 242-243 server-side messages (Axis), 238-240 SOAP, 113, 132-134 transactions, 528 See also transactions WS-RM, 510-511 clients, 511-513 servers, 513-517 XML, 78-80 applying data-oriented processing, 81-85 DOM, 91-96 JAXB, 96-104 SAX, 85-91 testing, 105-107 processing instructions (PIs), 35, 640 production (Web services), 683-685 architecture, 691-695 technology mapping, 685-690 profiles, 610 conformance reports, 668-671 requirements, 619 WS-I Basic, 611 WS-I Basic Profile 1.0, 611-619 WSDL documents, 620-621 analyzer tool, 667-671 Attachment Profile 1.0, 650-660 How can we make this index more useful? Email us at indexes@samspublishing.com 779 780 profiles Basic Profile 1.0 requirements, 645-647 Basic Security Profile 1.0, 660-661 conformance claims, 641-643 defining service interfaces, 623-626 future of, 648-650 HTTP/SOAP messages, 638-640 importing, 622-623 publishing service descriptions, 637-638 sample applications, 661-662 security, 641 service providers, 643-645 SOAP bindings, 626-633, 635-637 WS-I Test Tools, 663-666 programming BPEL, 550-553, 588-597, 599-601 abstract processes, 601-603 activities, 561-562 compensation handling, 585-586 correlation, 565-568 data handling, 572-575 design, 553-554 empty/wait activities, 575 event handling, 587 external interface processes, 554-557 fault handling, 582-585 flow, 576-579 invoking Web services, 568-571 language extensibility, 604 partnerLinks, 563-565 process structures, 558-560 structured activities, 580-581 client (JSR109), 380 fault, 135 See also error handling HTTP status, 158 two-level programming models, 550 WSFL, 550 XLANG, 550 XML, 105-107 See also XML prologs (XML), 35-36 properties correlation sets, 565-568 mapping, 357 resources (WS-Notification), 428-431 runtime, 269 setProperty() API, 252 transport binding frameworks, 153-157 WS-Resource, 395 documents, 395, 397-398 GetMultipleResourceProperties operations, 403-405 GetResourceProperty operations, 401-402 operations, 399-401 POPortType operations, 412 QueryResourceProperties operations, 405-406 SetResourceProperties operations, 406-412 protocols 2PC, 538 AT, 538-539 BA, 544-545 GRAAP, 710 HTTP, 157-158 negotiation, 487-492 security, 451-452 SOAP, 112-113 See also SOAP Client view, 118, 120 deploying Web service engines, 118 overview of, 113-116 selecting Web service engines, 117 specifications, 120 viewing Web service engines, 117-118 Volatile Two-Phase Commit, 539 WS-RM, 507-509 applying, 521-523 policy assertions, 518-521 processing models, 510-517 sequence faults, 517-518 specifications, 509 troubleshooting, 521 providers, 240 Axis, 265 Basic Profile, 643-645 service, 13 service-oriented architecture, 307-308 Web service operations, 569 provisioning, 699 proxies, 172, 691-693 Public Key Infrastructure (PKI), 453-454 public keys, 448, 468 See also encryption Publish-Subscribe Notification for Web Services, 413 publisher-assigned keys (UDDI), 336 publisherAssertion element, 324-326 roles publishing, 14 APIs, 326 purchase order submission services, 338-340 service definitions, 340-342 service descriptions, 637-638 WSDL-based service descriptions, 337 pull parsing, 79 See also parsing push parsing, 79 See also parsing Q-R QoS (quality of service), 347 qualified endpoint references, 392 quality of experience layer, 29 QueryResourceProperties operations, 405-406 ranges (XML schemas), 59 RBAC (role-based access control), 495 ReadOnly message, 539 realms, 451 Reason element, 136 receive activity, 569 receivers, message requirements, 644-645 recognition (XML), 46 references attachments (SOAP), 656-660 characters (XML), 42 endpoint, 394, 564 entities (XML), 43 mailing lists, 69 multireference values, 142 portType operations, 627 SOAP, 120-121 standalone address type schemas, 67 WS-Addressing, 388-391 WS-Policy, 219-220 WS-RenewableReferences, 442 XML elements, 64 Register operation, 532-536 registration, type mappings (Axis), 279, 281 registries service, 14, 645 service-oriented architecture, 307-308 UBR, 311 UDDI, 325-334 users, 453 relationships (XML elements), 39 Remote Procedure Calls (RPCs), 112 reply activity, 569 reports, conformance profiles, 668-671 repositories, interfaces, 172 REpresentational State Transfer (REST), 156-157 request chains, 237 request for quotes See RFQs request handlers, 237 request messages implied resource patterns, 391-395 states, 384-385 Request scope, 271 Request-Response MEPs, 154 request-response operations (WSDL), 201 requestors service, 13 service-oriented architecture, 307-308 WSDL (maps to Java), 213-214 requirements See also specifications; standards Basic Profile 1.0, 645-647 message receiver, 644-645 namespaces, 70 profiles, 612-619 security, 446 services providers, 643-644 registries, 645 resources J2EE, 352 properties (WS-Notification), 428-431 references, 348 stateful See stateful resources responses, 237 REST (REpresentational State Transfer), 156-157 restrictions (XML), 73-75 reusability of XML schemas, 64-78 RFQs (request for quotes), 383 Role element, 136 role-based access control (RBAC), 495 roles, 130 Axis, 292 base notification, 413-415 J2EE, 350-351 of portals, 727 How can we make this index more useful? Email us at indexes@samspublishing.com 781 782 roles service descriptions in SOAs, 168 layers, 171 XML prologs, 35 rollback messages, 537-538 rolling back transactions, 528 root elements (XML prologs), 35 RPC-literal bindings, 632-635 RPCs (Remote Procedure Calls), 112 JAX-RPC handlers, 266 SOAP conventions, 148-149 inout/out parameters, 149-151 styles, 275 rules (SOAP intermediaries), 130-132 rules-based message dispatch, 705-708 runtime properties, 269 service discovery, 309-310 WS-RM sequence faults, 517-518 S SAAJ (SOAP with attachment API for Java), 243-246 SAML (Secure Assertion Markup Language), 473 sample applications, 610, 661-662 SAX (Simple API for XML), 85-87, 89-91 scheduled termination (WS-Resource), 436-439 schemas XML, 51-54, 62-63 associating, 54-55 compilers, 83 complex types, 59-62 defining datatypes, 623 defining priority global attributes, 64 importing, 622-623 Java classes, 83 mailing lists, 68 profiles, 619 reusability, 64-78 simple types, 55-59 standalone address type, 67 xsi:type, 76-78 XSD, 184 SCL (SOAP Contract Language), 175 scope activity, 580-581 option (Axis), 270-271 runtime properties, 269 SDM (System Definition Model), 699 searching APIs, 331-334 Secure Assertion Markup Language (SAML), 473 Secure Socket Layer (SSL), 445, 451, 486 security Axis, 297-298 Basic Security Profile 1.0, 660-661 enterprise, 495-500 J2EE, 352 mustUnderstand flag, 125-126 services, 500-502 tokens, 457 UDDI, 335 Web services, 445, 456-461, 641, 723 authentication, 450-451 cryptography, 447-449 domains, 455 infrastructures, 452-455 models, 456-458 protocols, 451-452 requirements, 446 specifications, 458 WS-C/Tx, 545-546 WS-Federation specification, 492-495 WS-SecureConversation specification, 482-486 negotiation protocols, 487-492 SSL, 486 WS-Security specification, 461, 469-471 digital signatures, 462-465 encryption, 466-468 security tokens, 471-473 WS-SecurityPolicy specification, 481-482 WS-Trust specification, 474 Kerberos, 476-478 PKI, 474-475 XKMS, 479-481 Security Token Service (STS), 458 selection integration, 708 SOAP styles, 151-152 Web service engines, 117 sessions semantic mapping, troubleshooting, 677-678 sending binary date (SOAP), 160-163 SequenceExpiration policy assertion, 519-520 SequenceRef element policy assertion, 520 sequences activity, 580-581 faults (WS-RM), 517-518 serialization, 81 parameters, 249-251 type mappings (Axis), 284-286 server-side messaging processing (Axis), 238-240 server-side sessions (Axis), 272 servers J2EE, 348 SimpleAxisServer, 275 stubs, 172 WS-RM, 513-517 Service Level Agreements (SLAs), 710, 725-726 Service objects (Axis), 246-247 service-oriented architecture See SOA services Axis, 263 AdminClient, 267-269 JWS, 263 lifecycles, 270-271 scope option, 270-271 server-side sessions, 272 WSDD, 264-266 WSDL, 273-275 WSDL2Java, 272-274 descriptions, 167, 637-638 roles in SOAs, 168 well-defined, 169-171 elemental, 550 elements (WSDL documents), 191 enterprise IT, 674-676 bottom-up deployment, 680-681 hybrid deployment, 681-682 lack of best practices, 678 policies/processes, 682-683 SOA limitations, 677-678 time-based adoption, 676 top-down deployment, 679-680 interfaces, 623-626 J2EE, 347-348 applying EJB from Axis, 354-360 Axis, 360-367 configuring Axis, 367-374 containers, 348 deployment, 350-351 EJB, 348-350 exposing EJB from Axis, 361-362 JSR109, 375-381 versions, 353 Web services, 351-353 WebSphere deployment, 363 logic, 694 message processing, 240 notary, 501 OGSI, 349, 386-387 poSubmission interface definitions, 193-195 modifying, 393 providers, 13, 643-645 registries, 14, 645 requestors, 13 security, 500-502 UDDI, 310-311 bindingTemplate element, 323-324 businessEntity element, 321-322, 327-334 businessService element, 322-323 datatypes, 311-320 new features, 335-336 publisherAssertion element, 324-326 registries, 325-334 WSDL, 337-342 virtualization, 688 Web See also Web services design time/runtime, 309-310 discovery, 307 service-oriented architecture, 307-308 types of, 308-309 WS-Inspection, 343 WS-ServiceGroup, 343, 442 WS-ServiceGroup, 343, 442 WSDL 2.0, 228 Session scope, 271 sessions Axis, 252-253, 272 beans, 349 interfaces, 358-360 How can we make this index more useful? Email us at indexes@samspublishing.com 783 784 setProperty() setProperty() API, 252 SetResourceProperties operations, 406 components, 410 Delete component, 409 Insert component, 407-408 rounding out, 411-412 Update component, 408 SFSBs (stateful session beans), 350 siblings (XML), 38 signatures digital See digital signatures WS-SecureConversation specification, 483 WS-SecurityPolicy, 481 SIIA (Software & Information Industry Association), 674 simple chains, 237 Simple Object Access Protocol See SOAP simple SOAP binding profiles, 649-650 simple types (XML schemas), 55-59 simple WSDL, 176 See also WSDL SimpleAxisServer, 275 single sign-on (SSO), 455 singleton patterns of WS-Resource, 388 skeletons, 172 SLAs (Service Level Agreements), 710, 725-726 SOA (service-oriented architecture), 728 limitations, 677-678 policies/processes, 682-683 proxies, 692-693 service description roles, 168 testing, 697-698 Web services, 13-17 SOAP, 112-113 Basic Profile, 626-635 binary date, 160-163 binding, 649-650 Body element, 132 data models, 141 encoding, 143-147 object graphs, 141-143 datatypes, 282 document-style, 151 envelopes, 656-660 error handling, 134-138 faults, 635-637 headers, 138-140 implementation, 163-165 inout/out parameters, 149-151 intermediaries, 126-130 active/forwarding, 130 explicit/transparent, 128-129 rules for, 130-132 messages classes, 244 WS-I Organization, 638-640 messaging frameworks, 121-123 modules, 126 mustUnderstand flag, 125-126 vertical extensibility, 123-125 notary services, 501 overview of, 113-116 processing, 132-134 profiles, 619 Response MEPs, 155 RPC conventions, 148-149 specifications, 120-121 styles, 151-152 transport binding framework, 152-159 versioning, 133 Web services Client view, 118, 120 deploying, 118 selecting engines, 117 viewing, 117-118 WS-Addressing, 391 WS-RM, 507-509 applying, 521-523 policy assertions, 518-521 processing models, 510-517 sequence faults, 517-518 specifications, 509 troubleshooting, 521 SOAP 1.1 (Axis), 263 SOAP Contract Language (SCL), 175 SOAP with Attachments (SwA), 160-161 SOAPAction feature, 158-159 SOAPAction HTTP headers, 188-189, 639 SOAPBody class, 245 SOAPBodyElement class, 245 SOAPEnvelope class, 244-245 SOAPFault class, 245 SOAPHeader class, 245 SOAPHeaderElement class, 245 SOAPMonitor, 303-304 stubs SOAPPart, 244 Software & Information Industry Association (SIIA), 674 solicit-response operations (WSDL), 203-204 sparse arrays, 147 specifications churning, 720 security (Web services), 458 SOAP, 120-121 WSDL information models, 174-175 WS-Federation, 492-495 WS-Resource, 441 WS-BaseFaults, 442-443 WS-RenewableReferences, 442 WS-ServiceGroup, 343, 442 WS-RM, 509 WS-SecureConversation, 482-486 negotiation protocols, 487-492 SSL, 486 WS-Security, 461, 469-471 digital signatures, 462-465 encryption, 466-468 security tokens, 471-474 WS-SecurityPolicy, 481-482 WS-Trust Kerberos, 476-478 PKI, 474-475 XKMS, 479-481 SpecVersion policy assertion, 519 SSL (Secure Socket Layer), 445, 451, 486 SSO (single sign-on), 455 stacks, interoperability (Web services), 26-30 standalone address type schemas, 67 standards business level, 726 WS-I Organization, 610-611 analyzer tool, 667-671 Attachment Profile 1.0, 650-660 Basic Profile 1.0 requirements, 645-647 Basic Security Profile 1.0, 660-661 conformance claims, 641-643 defining service interfaces, 623-626 future of, 648-650 HTTP/SOAP messages, 638-640 importing WSDL documents/XML schemas, 622-623 profile requirements, 619 publishing service descriptions, 637-638 sample applications, 661-662 security, 641 service providers, 643-645 SOAP bindings, 626-633, 635-637 WS-I Basic Profile 1.0, 611-619 WS-I Test Tools, 663-666 WSDL documents, 620-621 WSDL, 223-230 start transaction operations, 528 stateful resources, 384, 387 implied resource patterns, 391-395 WS-Addressing, 388-391 WS-Resource Framework, 385-388 stateful session beans (SFSBs), 350 stateful/stateless Web services, 550 stateless session beans, 350 states, 383-385 status codes (HTTP), 158 StockAvailableNotification Web service, 614 StockAvailableNotification WSDL documents, 196-200 string patterns, defining formats, 58 structures BPEL activities, 561-562, 580-581 processes, 558-560 WSDL, 176-177 binding element, 186-190, 205-210 customizing, 195-201 definitions, 178-179 documentation element, 192 extensions, 210-213 import element, 192-195 message element, 180-181 operation element, 180, 201-205 part element, 181-184 port element, 190 portType element, 179-180 service element, 191 transmission primitives, 201-204 types element, 184-185 STS (Security Token Service), 458 stubs Axis, 253-256 clients, 172 generation, 246 How can we make this index more useful? Email us at indexes@samspublishing.com 785 786 stubs servers, 172 testing, 255 styles See also configuration Axis, 275 document, 277-278 message, 278-279 RPC, 275 wrapped, 276-277 invocation (WSDL), 188 notification operations (WSDL), 202-203 one-way operations (WSDL), 202 request-response operations (WSDL), 201 SOAP, 151-152 solicit-response operations (WSDL), 203-204 Subcode element, 136 subcodes, fault, 136 subjects policies, 216 security models, 457 subordinate CAs, 454 subscriptions UDDI, 336 WS-Notification, 415-420 suppressJoinFailure attribute, 577 SwA (SOAP with Attachments), 160-161 switch activity, 580-581 symmetric encryption, 447 syntax See also programming security tokens, 471 WS-Security specification, 461, 469-471 XML namespaces, 47-49 See also XML systems architecture, 691-695 management, 713 T tags (XML), 36 See also XML targeted chains, 237 TC (Technical Committee), 709 tcpmon, 303-304 Technical Committee (TC), 709 technology mapping, 685-690 temporary tickets, 493 termination (WS-Resource), 435-441 testing analyzer tool, 667-671 SOA, 697-698 stubs, 255 Web services, 687 WS-I Test Tools, 663-666 XML, 105-107 text (XML) associating schemas, 54-55 complex types (schemas), 59-62 data-centric, 33-34 document lifetimes, 34-35 document-centric, 32 DOM, 91-96 global attributes/elements, 63 instances, 35-42, 44 JAXB, 96-104 namespaces, 44-51 processing, 78-85 reusability (schemas), 64-78 SAX, 85-91 schemas, 51-54, 62-63 simple types (schemas), 55-59 testing, 105-107 TGT (ticket-granting ticket), 455 ticket-granting ticket (TGT), 455 time, termination, 439 time-based adoption of Web services, 676 TLS (Transport Layer Security), 486 tmodels, UDDI, 314-317 TMR (TypeMappingRegistry), 279 tokens, security, 457, 471-473 tools, 696-697 analyzer tool, 667-671 Axis, 301, 303-304 deployment, 699 SOA testing, 697-698 WDSL2Java, 253-256 WS-I Test Tools, 663-666 top-down deployment, 679-680 TopicPathExpressions, 426, 428 topics aliasRef, 428 WS-Notification, 420-423 topic expressions, 426-428 topics space documents, 423-426 transactions committing, 539-543 J2EE, 352 Universal Character Set (UCS) WS-C/Tx, 525-529 ATs, 536-543 BA, 544-545 CoordinationContext operation, 530 CreateCoordinationContext operation, 530-532 fault codes, 536 Register operation, 532-536 security, 545-546 transition conditions, 576 transmission primitives (WSDL), 201-204 transparent intermediaries, 128-129 transport (WSDD declarations), 261-262 transport binding framework (SOAP), 152-159 Transport Layer Security (TLS), 486 transport-specific message processing, 239 transports, 694 Axis, 298-299 clients, 298 servers, 299 chains, 239 layers, 27 listeners, 238 trees parsing, 79 See also parsing topics, 421 XML elements, 38 trends in e-business, 17 in Web services, 720-728 Triple A cycles, 709 Triple DES (3DES), 448 troubleshooting analyzer tool, 667-671 Axis, 288 AxisFault class, 288-289 typed exceptions, 289-290 compensation (BPEL), 585-586 dead path elimination, 577-578 events (BPEL), 587 faults (BPEL), 582-585 join failures, 577-578 semantic mapping, 677-678 SOAP, 113, 134-138 encoding, 147 headers, 138-140 WS-Coordination fault codes, 536 WS-I Test Tools, 663-666 WS-RM sequence faults, 517-518, 521 XML, 105-107 trust models, PLI, 454 Two-Phase Commit (2PC) protocols, 538 type mapping, 240 Axis, 279 defaults, 281-284 deserializers/serializers, 284-286 MessageElement class, 286-287 registering, 279, 281 WSDD, 262-263 WSDL2Java, 257-258 typed exceptions, 289-290 TypeMappingRegistry (TMR), 279 types complex (XML schemas), 59-62 element (WSDL), 184-185 of mappings, 357 service discovery mechanisms, 308-309 simple (XML schemas), 55-59 standalone address schemas, 67 WSDL 2.0, 227 xsi:type, 76-78 U UBR (UDDI Business Registry), 311 UCS (Universal Character Set), 36 UDDI (Universal Description, Discovery, and Integration), 310-311 bindingTemplate element, 323-324 businessEntity element, 321-322, 327-334 businessService element, 322-323 conformance claims, 642 datatypes, 311-320 new features, 335-336 publisherAssertion element, 324-326 registries, 325-334 WSDL, 337-342 Unicode (ISO 10646), 36 Unicode Transformation Format-8 (UTF-8), 36 Uniform Resource Identifiers (URIs), 46, 51 Uniform Resource Locators (URLs), 47 units of work, 528 Universal Character Set (UCS), 36 How can we make this index more useful? Email us at indexes@samspublishing.com 787 788 Universally Unique Identifiers (UUIDs) Universally Unique Identifiers (UUIDs), 47 unmarshalling XML, 83 Update component (SetResourceProperties), 408 Upgrade header, 140 URIs (Uniform Resource Identifiers), 46, 51 URLs (Uniform Resource Locators), 47 user registries, 453 user-defined datatypes, 623 user-role mapping, 497 UsernameToken, 472 UTF-8 (Unicode Transformation Format-8), 36 UUIDs (Universally Unique Identifiers), 47 V validity (XML schemas), 51-52 value networks, 728 value-added networks (VANs), 696 value-network approach, 17 values attributes (XML), 39 See also XML multireference, 142 resource properties, 399-401 GetMultipleResourceProperties operations, 403-405 GetResourceProperty operations, 401-402 QueryResourceProperties operations, 405-406 SetResourceProperties operations, 406-412 VANs (value-added networks), 696 versions Basic Profile, 648-650 J2EE, 353 SOAP, 133 WSDL, 223-230 vertical extensibility (SOAP), 123-125 viewing Web service engines (SOAP), 117-118 views, Client (SOAP), 118, 120 virtualization, 687-688 vocabularies (DTDs), 51 See also DTDs Volatile Two-Phase Commit protocol, 539 W wait activity, 575 Web method feature (SOAP), 159 Web Service Flow Language (WSFL), 550 Web services, 10-11 adoption of, 674-676 bottom-up deployment, 680-681 hybrid deployment, 681-682 lack of best practices, 678 policies/processes, 682-683 SOA limitations, 677-678 time-based, 676 top-down deployment, 679-680 application integration, 22-23 B2B, 24 B2C, 24 BPA, 700-708 buses, 703-705 business applications of, 11-12 composition, 549-550 BPEL, 553, 588-597, 599-601 stateful/stateless, 550 two-level programming models, 550 core technologies, 19-20 costs, 25-26 discovery, 307 design time/runtime, 309-310 service-oriented architecture, 307-308 types of, 308-309 WS-Inspection, 343 WS-ServiceGroup, 343 e-business, 17 endpoint policies, 457 evolution of, 717-720 industry dynamics, 20-21 interoperability stacks, 26, 28-30 J2EE, 351-353, 498-500 JSR109, 375-381 JWS, 263 models, 21-22 need for, 18-19 PriceCheck, 613 production, 683-685 architecture, 691-695 technology mapping, 685-690 resource properties, 395 documents, 395, 397-398 GetMultipleResourceProperties operations, 403-405 GetResourceProperty operations, 401-402 writing operations, 399-401 POPortType operations, 412 QueryResourceProperties operations, 405-406 SetResourceProperties operations, 406-412 security, 445, 456-461, 641 authentication, 450-451 cryptography, 447-449 domains, 455 infrastructures, 452-455 models, 456-458 protocols, 451-452 requirements, 446 specifications, 458 SOA, 13-17 stateful resources, 387 cordinality of WS-Resource Framework, 387-388 implied resource patterns, 391-395 WS-Addressing, 388-391 WS-Resource Framework, 385-387 states, 384-385 StockAvailableNotification, 614 technical overview, 12 testing, 687 trends, 720-728 UDDI, 310-311 bindingTemplate element, 323-324 businessEntity element, 321-322, 327-334 businessService element, 322-323 datatypes, 311-320 new features, 335-336 publisherAssertion element, 324-326 registries, 325-334 WSDL, 337-342 WS-Federation specification, 492-495 WS-Resource aliasRef, 428 base notification, 413-415 broker, 433-434 consumers, 432 factory, 399 GetCurrentMessage, 429 resource properties, 428-431 subscribing, 415-420 topics, 420-428 WS-Notification, 412-413 WS-ResourceLifetime, 434-441 WS-SecureConversation specification, 482-486 negotiation protocols, 487-492 SSL, 486 WS-Security specification, 461, 469-471 digital signatures, 462-465 encryption, 466-468 security tokens, 471-473 WS-SecurityPolicy specification, 481-482 WS-Trust specification, 474 Kerberos, 476-478 PKI, 474-475 XKMS, 479-481 Web Services Coordination and Transaction See WS-C/Tx Web Services Description Language See WSDL Web Services Distributed Management (WSDM), 689 Web services management (WSM), 714 Web Services Reliable Messaging See WS-RM WebSphere EJB deployment, 363 Java2WSDL command, 376 well-defined services, 169-171 well-formedness (XML schemas), 51-52 while activity, 580-581 white pages, 321 whitespace (XML), 42 workflow-based applications, 550 World Wide Web Consortium (W3C), 11 wrapped styles, 276-277 writing handlers, 292-296 XML associating schemas, 54-55 complex types (schemas), 59-62 DOM, 91-96 global attributes/elements, 63 instances, 44 JAXB, 96-104 namespace-prefixed attributes, 49-51 namespaces, 44-49 processing, 78-85 reusability (schemas), 64-78 SAX, 85-91 schemas, 51-54, 62-63 How can we make this index more useful? Email us at indexes@samspublishing.com 789 790 writing simple types (schemas), 55-59 testing, 105-107 WS-Addressing, 388-391 WS-BaseFaults, 442-443 WS-BaseNotification, 413 WS-BrokeredNotification, 413 WS-C/Tx (Web Services Coordination and Transaction), 525-529 ATs, 536-538 committing transactions, 539-543 flow, 543 protocols, 538-539 BA, 544-545 CoordinationContext operation, 530 CreateCoordinationContext operation, 530-532 fault codes, 536 Register operation, 532-536 security, 545-546 WS-Coordination, 536 See also WS-C/Tx WS-Federation specification, 492-495 WS-I Organization, 610-611 analyzer tool, 667-671 Attachment Profile 1.0, 650-660 Basic Profile 1.0 requirements, 645-647 Basic Security Profile 1.0, 660-661 conformance claims, 641-643 future of, 648-650 HTTP/SOAP messages, 638-640 profile requirements, 619 sample applications , 661-662 security, 641 services descriptions, 637-638 interfaces, 623-626 providers, 643-645 SOAP bindings, 626-633, 635-637 WS-I Basic Profile 1.0, 611-619 importing WSDL documents/XML schemas, 622-623 WSDL documents, 620-621 WS-I Test Tools, 663-666 WS-Inspection (Web Services Inspection Language), 343 WS-Notification, 412-413 aliasRef, 428 base notification, 413-415 brokers, 433-434 consumers, 432 GetCurrentMessage, 429 resource properties, 428-431 subscribing, 415-420 topic expressions, 426-428 topic space documents, 423-426 topics, 420-423 WS-Policy, 216-220 WS-PolicyAssertions, 220 WS-PolicyAttachments, 220-222 WS-RenewableReferences, 442 WS-Resource factory, 399 properties, 395 documents, 395-398 GetMultipleResourceProperties operations, 403-405 GetResourceProperty operations, 401-402 operations, 399-401 POPortType operations, 412 QueryResourceProperties operations, 405-406 SetResourceProperties operations, 406-412 qualified endpoint references, 392 specifications, 441 WS-BaseFaults, 442-443 WS-RenewableReferences, 442 WS-ServiceGroup, 442 WS-Notification, 412-413 aliasRef, 428 base notification, 413-415 brokers, 433-434 consumers, 432 GetCurrentMessage, 429 resource properties, 428-431 subscribing, 415-420 topic expressions, 426-428 topic space documents, 423-426 topics, 420-423 WS-ResourceLifetime, 434-441 WS-Resource Framework, 385-388 WS-ResourceLifetime, 434-441 WS-RM (Web Services Reliable Messaging), 507-509 applying, 521-523 policy assertions, 518-521 XML (Extensible Markup Language) processing models, 510-511 clients, 511-513 servers, 513-517 sequence faults, 517-518 specifications, 509 troubleshooting, 521 WS-SecureConversation specification, 482-486 negotiation protocols, 487-492 SSL, 486 WS-Security specification, 461, 469-471 digital signatures, 462-465 encryption, 466-468 security tokens, 471-473 WS-SecurityPolicy specification, 481-482 WS-ServiceGroup, 343, 442 WS-Topics, 413 WS-Trust specification, 474 Kerberos, 476-478 PKI, 474-475 XKMS, 479-481 WSDD (Web Service Deployment Descriptor), 258-259 Axis, 264-266 chain definitions, 260-261 handler declarations, 259-260 transport declarations, 261-262 type mappings, 262-263 WSDL (Web Services Description Language), 173 Axis deploying, 273-275 faults, 289-290 stubs, 253-256 extensions, 556-557 files, 376 information models, 174-175 maps (to Java), 213-214 messages, 554-556 nonfunctional descriptions, 214 assertions (policies), 220 attachments (policies), 220-222 policies, 214-215 WS-Policy, 216-220 portTypes, 554-556 service interfaces, 623-626 structure of, 176-177 binding element, 186-190, 205-210 customizing, 195-201 definitions, 178-179 documentation element, 192 extensions, 210-213 import element, 192-195 message element, 180-181 operation element, 180, 201-205 part element, 181-184 port element, 190 portType element, 179-180 service element, 191 transmission primitives, 201-204 types element, 184-185 UDDI, 337-342 versions, 223-230 WS-I Basic Profile 1.0, 620-623 WSDL-aware Service() constructors, 251 WSDL2Java, 253-256 Axis, 253-256, 272-274 type mapping, 257-258 WSDM (Web Services Distributed Management), 689 WSFL (Web Service Flow Language), 550 WSIA (Web Services For Interactive Applications), 684 WSM (Web services management), 714 WSPs (wireless service providers), 690 WSRP (Web Services For Remote Portlets), 684 X-Z X.509 certificates, 474-475 XKMS (XML Key Management Specification), 474, 479-481 XLANG, 550 XML (Extensible Markup Language), 31 aliasRef, 428 callback interfaces, 86 canonicalization, 465 characters, 43 collections (Java), 282-283 data-centric, 33-34 declarations, 35 document lifetimes, 34-35 How can we make this index more useful? Email us at indexes@samspublishing.com 791 792 XML (Extensible Markup Language) document-centric, 32 document-style SOAP, 151 element references, 64 encryption, 467-468 generated interfaces, 99-100 global attributes/elements, 63 identifiers, 47 infosets, 121 instances, 35 attributes, 38-41 characters, 42, 44 elements, 36-39 prologs, 35-36 writing, 44 MessageElement class, 286-287 namespaces, 44-46 prefixed attributes, 49-51 syntax, 47-49 naming, 283-284 nodes, 79 objects, 141 encoding (SOAP), 143-147 graphs, 141-143 processing, 78-80 applying data-oriented processing, 81-85 DOM, 91-96 JAXB, 96, 98-104 SAX, 85-91 testing, 105-107 profiles, 619 schemas, 51-55, 62-63 compilers, 83 complex types, 59-62 datatypes, 623 defining priority global attributes, 64 importing, 622-623 Java classes, 83 reusability , 64-78 simple types, 55-59 SOAP, 112 See also SOAP XML Key Management Specification (XKMS), 474, 479-481 XML Schema (XSD), 184 XOP (XML-Binary Optimized Packaging), 162 XPath extensions, 575 TopicPathExpressions, 428 XSD (XML Schema), 184 xsi:type, 76-78 yellow pages, 321 ... services and J2EE: Implementation and deployment of Web services using J2EE Client access to Web services from a J2EE application Service publication Security for Web services and mapping to J2EE... Chapter Web Services and J2EE or transactions, but these are now being added using the open and flexible model that SOAP and Web services offer Many businesses are using Web services with J2EE to...7 Web Services and J2EE T HIS CHAPTER INTRODUCES THE CONCEPTS of using SOAP ,WSDL, and the Web services stack with Java Enterprise Edition (J2EE) g Although a single chapter