UNIT-4

Web Services

Spring Web Services

Spring Web Services (Spring-WS) is a product of the Spring community and is focused on
creating document-driven web services. Spring Web Services aims to facilitate contract-first
SOAP service development, allowing for the creation of flexible web services by using one of
the many ways to manipulate XML payloads. The product is based on Spring itself, which
means you can use the Spring concepts (such as dependency injection) as an integral part of
your web service.

The other key features of Spring Web Services are:

 Powerful mappings
 XML API support
 Flexible XML Marshalling
 Reusing Your Spring expertise
 Support for WS-Security
 Integration with Spring Security
 Apache license

1. Powerful mappings
You can distribute incoming XML requests to any object, depending on message payload,
SOAP Action header, or an XPath expression.
2. XML API support
Incoming XML messages can be handled not only with standard JAXP APIs such as DOM,
SAX, and StAX, but also with JDOM, dom4j, XOM, or even marshalling technologies.
3. Flexible XML Marshalling
Spring Web Services builds on the Object/XML Mapping module in the Spring Framework,
which supports JAXB 1 and 2, Castor, XMLBeans, JiBX, and XStream.
4. Reusing Your Spring expertise
Spring-WS uses Spring application contexts for all configuration, which should help Spring
developers get up-to-speed quickly. Also, the architecture of Spring-WS resembles that of
Spring-MVC.
5. Support for WS-Security
WS-Security lets you sign SOAP messages, encrypt and decrypt them, or authenticate against
them.
6. Integration with Spring Security
The WS-Security implementation of Spring Web Services provides integration with Spring
Security. This means you can use your existing Spring Security configuration for your SOAP
service as well.
7. Apache license
You can confidently use Spring-WS in your project.

Runtime environment
Spring Web Services requires a standard Java 8 Runtime Environment. Spring-WS is built on
Spring Framework 4.0.9, but higher versions are supported.
Spring-WS consists of a number of modules, which are described in the remainder of this
section.
  The XML module (spring-xml.jar) contains various XML support classes for Spring
Web Services. This module is mainly intended for the Spring-WS framework itself and
not web service developers.
 The Core module (spring-ws-core.jar) is the central part of the Spring’s web services
functionality. It provides the central WebServiceMessage and SoapMessage interfaces,
the server-side framework (with powerful message dispatching), the various support
classes for implementing web service endpoints, and the client-
side WebServiceTemplate.
 The Support module (spring-ws-support.jar) contains additional transports (JMS,
Email, and others).
 The Security package (spring-ws-security.jar) provides a WS-Security implementation
that integrates with the core web service package. It lets you sign, decrypt and encrypt,
and add principal tokens to SOAP messages. Additionally, it lets you use your existing
Spring Security security implementation for authentication and authorization.
The following figure shows and the dependencies between the Spring-WS modules. Arrows
indicate dependencies (that is, Spring-WS Core depends on Spring-XML and the OXM
module found in Spring 3 and higher).

Supported standards
Spring Web Services supports the following standards:
 SOAP 1.1 and 1.2
 WSDL 1.1 and 2.0 (XSD-based generation is supported only for WSDL 1.1)
 WS-I Basic Profile 1.0, 1.1, 1.2, and 2.0
 WS-Addressing 1.0 and the August 2004 draft
 SOAP Message Security 1.1, Username Token Profile 1.1, X.509 Certificate Token
Profile 1.1, SAML Token Profile 1.1, Kerberos Token Profile 1.1, Basic Security
Profile 1.1

Service-Oriented Architecture

Service-Oriented Architecture (SOA) is a stage in the evolution of application development
and/or integration. It defines a way to make software components reusable using the
interfaces.
Formally, SOA is an architectural approach in which applications make use of services
available in the network. In this architecture, services are provided to form applications,
through a network call over the internet. It uses common communication standards to speed
up and streamline the service integrations in applications. Each service in SOA is a complete
business function in itself. The services are published in such a way that it makes it easy for
the developers to assemble their apps using those services. Note that SOA is different from
microservice architecture.
  SOA allows users to combine a large number of facilities from existing services to
form applications.
 SOA encompasses a set of design principles that structure system development
and provide means for integrating components into a coherent and decentralized
system.
 SOA-based computing packages functionalities into a set of interoperable
services, which can be integrated into different software systems belonging to
separate business domains.

The different characteristics of SOA are as follows:

o Provides interoperability between the services.
o Provides methods for service encapsulation, service discovery, service composition,
service reusability and service integration.
o Facilitates QoS (Quality of Services) through service contract based on Service Level
Agreement (SLA).
o Provides loosely couples services.
o Provides location transparency with better scalability and availability.
o Ease of maintenance with reduced cost of application development and
deployment.
There are two major roles within Service-oriented Architecture:
1. Service provider: The service provider is the maintainer of the service and the
organization that makes available one or more services for others to use. To
advertise services, the provider can publish them in a registry, together with a
service contract that specifies the nature of the service, how to use it, the
requirements for the service, and the fees charged.
2. Service consumer: The service consumer can locate the service metadata in the
registry and develop the required client components to bind and use the service.

Services might aggregate information and data retrieved from other services or create
workflows of services to satisfy the request of a given service consumer. This practice is
known as service orchestration Another important interaction pattern is service choreography,
which is the coordinated interaction of services without a single point of control.
Components of SOA:
Guiding Principles of SOA:
1. Standardized service contract: Specified through one or more service
description documents.
2. Loose coupling: Services are designed as self-contained components, maintain
relationships that minimize dependencies on other services.
3. Abstraction: A service is completely defined by service contracts and description
documents. They hide their logic, which is encapsulated within their
implementation.
4. Reusability: Designed as components, services can be reused more effectively,
thus reducing development time and the associated costs.
5. Autonomy: Services have control over the logic they encapsulate and, from a
service consumer point of view, there is no need to know about their
implementation.
6. Discoverability: Services are defined by description documents that constitute
supplemental metadata through which they can be effectively discovered. Service
discovery provides an effective means for utilizing third-party resources.
7. Composability: Using services as building blocks, sophisticated and complex
operations can be implemented. Service orchestration and choreography provide a
solid support for composing services and achieving business goals.

Advantages of SOA:
 Service reusability: In SOA, applications are made from existing services. Thus,
services can be reused to make many applications.
 Easy maintenance: As services are independent of each other they can be
updated and modified easily without affecting other services.
 Platform independent: SOA allows making a complex application by combining
services picked from different sources, independent of the platform.
 Availability: SOA facilities are easily available to anyone on request.
 Reliability: SOA applications are more reliable because it is easy to debug small
services rather than huge codes
 Scalability: Services can run on different servers within an environment, this
increases scalability
Disadvantages of SOA:
 High overhead: A validation of input parameters of services is done whenever
services interact this decreases performance as it increases load and response time.
 High investment: A huge initial investment is required for SOA.
 Complex service management: When services interact they exchange messages
to tasks. the number of messages may go in millions. It becomes a cumbersome
task to handle a large number of messages.

Practical applications of SOA: SOA is used in many ways around us whether it is

mentioned or not.
1. SOA infrastructure is used by many armies and air forces to deploy situational
awareness systems.
2. SOA is used to improve healthcare delivery.
3. Nowadays many apps are games and they use inbuilt functions to run. For
example, an app might need GPS so it uses the inbuilt GPS functions of the
device. This is SOA in mobile solutions.
4. SOA helps maintain museums a virtualized storage pool for their information and
content.

Web Services:

Web Service is the set of rules or guidelines which enable communication among different
applications via the World wide web (.i.e. the internet). Before web service, there were other
technologies but some of them have dependencies such as EJB (enterprise java bean) which
allows applications to communicate only if the applications are working on Java, these
dependencies make communication difficult. These dependencies are removed by web
services.
In the present world, applications are developed on a variety of programming languages such
as Java, Python, PHP, etc. These heterogeneous applications need communication to happen
between them. Since they are developed in different programming languages it becomes
difficult to ensure efficient communication between them. Here is where web services come
into the picture, web services provide a language-independent way of communication that
means the applications working on Java can communicate with other applications working on
Python. Therefore, web service helps us to invoke the functionality of other programs in the
existing program.

Why application needs to communicate

While working, some applications might need to use the service or functionality offered by
other applications. To use that service or functionality applications need to communicate with
each other. Let us consider an example of a restaurant, when you visit the restaurant and ask
for the food(a service) then the waiter will be taking the order to the kitchen and serve you
prepared food from the kitchen. Here the waiter is like the web service which allows you(.i.e.
client) to communicate with the kitchen(.i.e. application).
The figure below shows another example of how the ICICI bank ATM used the service
provided by SBI bank to access the database of the customer which cannot be accessed by the
ICICI bank ATM directly.

How do web services work?

Web services use the request-response method to communicate among applications. For any
communication, we need a medium and a common format that can be understood by
everyone, in the case of web services medium is the internet and the common format is the
XML (Extensible Markup Language) format as every programming language can understand
the XML markup language.
A client is the one that requests some service from the server that is known as the service
provider. The request is sent through a message which is in common XML format and in
response to that request, the service provider will respond with a message in a common
format (.i.e. XML).

Web Service Components

1. SOAP: As mentioned above SOAP stands for Simple Object Access Protocol. It is the
protocol stating how the communication between the application is going to happen.
2. WSDL: It stands for Web Services Description Language which is the XML document
containing the rules for communication among different software. It defines that:
 How that service can be accessed by the system requesting for it from other
systems
 What is the name of the service
 What are the specific parameter needed for accessing that service, what would be
the return type
 What are the error messages that would be displayed in case of any issue while
accessing the data.
3. UDDI: Universal Description, Discovery, and Integration is the full form for the UDDI. It
is a directory that provides us the detail that which software needs to be contacted for the
particular type of data.
Types of Web Services:

There are mainly two types of web services:

1. SOAP web services: SOAP stands for Simple Object Access Protocol. These protocols are
based on XML which is a lightweight data exchange language. These protocols are
independent of language and can be run on any platform.
SOAP supports both stateful and stateless operations. Stateful means that the server keeps
track of the information received from the client on each request. While Stateless means that
each request contains enough information about the state of the client and thus server does
not need to bother about saving the state of the client thus increasing the speed of
communication.
Many companies such as IBM, Microsoft are producing an implementation of SOAP into
their systems.
2. RESTful web services: It stands for Representational State Transfer. They are also
language and platform-independent and are faster in comparison to SOAP. Nowadays
RESTful web services are more used than SOAP. They treat the data as resources. RESTful
web services return data in JSON format or XML format. These web services create the
object and send the state of the object in response to the client’s requests, that’s why known
as Representational State Transfer.

Characteristics of Web Services:

Following are the characteristics of web services:

1. Web services are XML-based as they use XML as a standard language for data
exchange as XML allows flexible coding and decoding of data with every
programming language and operating system.
2. Web services are coarse-grained. It means they have broader functionality and
scope of operations. It is cheaper and provides more fine-grained services in one
coarse-grained service.
3. Web Services supports RPCs (Remote Procedure Calls). Web services that use the
RPCs style are synchronous, which means the client has to wait for the response
after the request. RPCs allows a program to invoke procedure and functions on
remote objects.
4. Web services allow loose coupling with the systems that means systems are
weekly associated with each other. Web service does not concern with the state of
the system involved in the process of communication.
5. Web Services are Synchronous and Asynchronous. In synchronous web services,
the client will wait for the response until the server sends the response.
Synchronous web service is provided through RPC communication. In
Asynchronous web services, the client will not wait for the response and in the
meantime, it can continue with other operations processing.

WEBSERVICES; SOAP AND REST- A SIMPLE INTRODUCTION

In general terms, web services are applications that allow for communication
between devices over the internet and are usually independent of the technology or language
the devices are built on as they use standardised eXtensible Markup Language (XML) for
information exchange. A client or user is able to invoke a web service by sending an XML
message and then in turn gets back and XML response message.
There are a number of communication protocols for web services that use the XML format
such as Web Services Flow Language(WSFL), Blocks Extensible Exchange Protocol(BEEP)
among others. Simple Object Access Protocol(SOAP) and Representational State Transfer
(REST) are by far the most used options for accessing web services, however they are not
directly comparable as they vary in the sense that SOAP is a communications protocol while
REST is a set of architectural principles for data transmission.

SOAP
SOAP is a messaging protocol for exchanging information between two computers based on
XML over the internet. SOAP messages are purely written in XML which is why they are
platform and language independent.

A SOAP message contains:

 An Envelope that indicates the start and end of the message

 A Header that includes attributes used to process the message and is an optional
element
 A Body that holds the XML data that is to be sent and it cannot be left out
 A Fault which provides error messages when processing and it is an optional element.

Working with SOAP requests and responses could get very complex. Some languages make
efficient use of the SOAP shortcuts to reduce the level of complexity and the .Net platform
for example hides the XML to a large extent. This is made possible due to the Web Service
Definition Language (WSDL). WSDL is an XML file that defines and describes the services
that are available in the web service of interest. It describes the naming of services, the
specifications and structure of the response sent back. The services in the WSDL are
described as a compilation of network ports/endpoints. With the WSDL, the .Net platform is
able to auto-generate the proxy classes and functions which can be called from the
application.
  The types describe the datatypes the web service use.
 The message defines each operation’s data element
 The portType describes what operations can be done and the messages involved in
this operation. This could be one of four types: One way (receives messages but no
response), Request-Response (receives request and responds), Solicit-Response
(sends request and waits for response) or Notification (sends request, does not require
response
 Binding tells the format of data for the type of each port and the protocol.

SOAP Web Services

SOAP stands for Simple Object Access Protocol. It is a XML-based protocol for accessing
web services.

SOAP is a W3C recommendation for communication between two applications.

SOAP is XML based protocol. It is platform independent and language independent. By

using SOAP, you will be able to interact with other programming language applications.

Advantages of Soap Web Services

WS Security: SOAP defines its own security known as WS Security.

Language and Platform independent: SOAP web services can be written in any
programming language and executed in any platform.

REST
REST is a web standard architecture that achieves data communication using a standard
interface such as HTTP or other transfer protocols that use standard Uniform Resource
Identifier (URI). The design is such that each component in a RESTful web service is a
resource that can be accessed using standard HTTP methods (if the chosen protocol is
HTTP). Resources which can be thought of as objects in the concept of Object oriented
programming (OOP) are identified by URIs and the resources are represented in several ways
such as JSON, XML, Text etc. though JSON is currently the more favoured choice.

RESTful services have the following properties: Representations, Messages, URIs, Uniform
interface, Stateless, Links between resources and caching. A quick look into these properties
below using HTTP

1. Representation- resources are represented in different formats as earlier stated and

should be a complete representation of the resource.
2. Messages- This is how the client and server interact. Along with the data, messages
contain metadata bout the message. When accessing a RESTful resource using HTTP,
the commonly used methods are GET (reads a resource), PUT (creates a resource),
DELETE (removes a resource) and POST (updates an existing resource)
The figures below show the request and response message formats

The Response Header and Body hold similar information to the request, only that the
information is different as it is the server response

3. URIs – Each resource needs at least one URI to identify a resource(s) and the
operation is determined by the HTTP verb/action. Hence a URI can be called with
different actions.
 4. Stateless- Restful web services are stateless and any session state is held on the client
not server. This ensures that every client to server request has the necessary
information to understand the request and handles each request independently.
5. Links Between Resources- the representation of a resource can have links to other
resources.
6. Caching- the data produced when a request is made the first time is stored and used
the next time in order to stop regenerating same information for the same request and
improves performance. The HTTP headers help to control caching such as age which
tracks how long ago the data was fetched from the server, expires date and time the
resource representation expires etc.

The above gives an oversight of the six properties of REST and it is important to remember
that:

 REST is not coupled to HTTP and is actually protocol independent. It is simply not a
mapping of CRUD to the HTTP methods.
 REST makes it relatively easy to integrate with websites and are exposed using XML
(one of many ways) for easy consumption

RESTful Web Services

REST stands for REpresentational State Transfer.

REST is an architectural style not a protocol.

Advantages of RESTful Web Services

Fast: RESTful Web Services are fast because there is no strict specification like SOAP. It
consumes less bandwidth and resource.

Language and Platform independent: RESTful web services can be written in any
programming language and executed in any platform.

Can use SOAP: RESTful web services can use SOAP web services as the implementation.

Permits different data format: RESTful web service permits different data format such as
Plain Text, HTML, XML and JSON.

WHICH IS MORE FAVOURABLE?

REST was designed to be a more straightforward and easier to implement alternative to
heavyweight SOAP for web service access. SOAP functions well in distributed environments
where REST assumes a direct point to point communication. Also, SOAP allows for services
to describe themselves to clients and in some languages allows for automation. On the other
hand, REST is fast as less processing is required, uses less bandwidth and is closer to
technologies used in web design.

The choice on which to use is totally dependent on what the requirement. For example,
SOAP is a better choice for applications that have complex API so as to describe the services
and methods, where formal contracts are agreed for the exchange format, where a guaranteed
level of security is required etc. REST will be preferred when limiting bandwidth and
resources, when operations are can be stateless and the information can be cached.

What is REST architecture?

REST stands for REpresentational State Transfer. REST is web standards based architecture
and uses HTTP Protocol. It revolves around resource where every component is a resource
and a resource is accessed by a common interface using HTTP standard methods. REST was
first introduced by Roy Fielding in 2000.

In REST architecture, a REST Server simply provides access to resources and REST client
accesses and modifies the resources. Here each resource is identified by URIs/ global IDs.
REST uses various representation to represent a resource like text, JSON, XML. JSON is the
most popular one.

HTTP methods

Following four HTTP methods are commonly used in REST based architecture.

 GET − Provides a read only access to a resource.

 POST − Used to create a new resource.
 DELETE − Used to remove a resource.
 PUT − Used to update a existing resource or create a new resource.

Introduction to RESTFul web services

A web service is a collection of open protocols and standards used for exchanging data
between applications or systems. Software applications written in various programming
languages and running on various platforms can use web services to exchange data over
computer networks like the Internet in a manner similar to inter-process communication on a
single computer. This interoperability (e.g., between Java and Python, or Windows and Linux
applications) is due to the use of open standards.

Web services based on REST Architecture are known as RESTful web services. These
webservices uses HTTP methods to implement the concept of REST architecture. A RESTful
web service usually defines a URI, Uniform Resource Identifier a service, provides resource
representation such as JSON and set of HTTP Methods.

Creating RESTFul Webservice

We can create a webservice say user management with the following functionalities –

Sr.No HTTP POST

URI Result
. Method body

Show list of all

1 /UserService/users GET empty
the users.

JSON Add details of

2 /UserService/addUser POST
String new user.

Show details
3 /UserService/getUser/:id GET empty
of a user.