This is the chapter President (in the original ), A preliminary understanding for the webservice like there may be some help of friends.
Webservice as a new technology appears in front of us, it is used to solve the birth of the platform in different applications under the coordination. At present, companies in almost every Webservice application must be to develop, but if the lack of a deeper understanding of Webservice, not a very good handle at the design stage a number of important issues, then the final system must be inefficient, not the reliability of the product .
Webservice in the design application, the following points must be taken into account:
l manage systems and external relations
l have the bottom of the transmission model
l and application of the provision of suitable security policy
l planned deployment related issues
The following, these will be related to the design requirements and a number of commonly used model is the model can be applied to start the detailed discussion Webservice. During the discussion, you will find Webservice this new technology is how to compete with us in the past a combination of software development.
l standard capacity provided by the synergistic
A Webservice is to provide the most basic purpose of the various different platforms in different applications the ability to work together.
In order to make a company's network applications to achieve maximum efficiency, the existence of its own and its partners, suppliers and customers Webservice, should be able to achieve seamless interaction. If among the many Webservice interaction can not be easy to achieve, then the efficiency of the application will be greatly reduced. However, in reality, such cases are most likely to occur. Companies as a result of the understanding of the business are different, the same is to understand the circumstances, the same concept may also be in different forms of performance, specifically in respect of the same data is possible that different xml. As a result of the above reasons, the issue of synergy should be applied in the design to be considered when the structure, rather than later to change.
Webservice by following a few posed by technology, SOAP (Simple Object Access Protocol), WSDL (Web service Description Language), and UDDI (Universal Description, Discovery and Integration).
We are not here to a detailed study of these technologies, but rather to reveal some of their important characteristics, these characteristics need to design Webservice careful consideration.
WSDL is the key to achieve synergy, which provides for a contract with the new interaction between the application of the old. This technology enables organizations to develop standards may be concentrated in the Service of the external interface, and do not take into account the concrete realization of the Organization. In short, it implements the interface and implementation of Webservice separation. Standards so that more easily. In addition, based on the interface description, many tools can automatically generate client code to reduce the workload of the developers and makes the majority of developers out of the preparation process SOAP messaging code.
SOAP is to achieve Webservice in various components of information transfer between the transport layer. Therefore, SOAP should be a transparent and collaborative technology. However, to achieve as many of the SOAP methods and standards are moving in the opposite direction or to add a new extension or deletion of a number of standard features. Because of the SOAP standard to varying degrees of support, the ability to greatly Webservice synergy to achieve increased coordination difficulties. On this basis, when developers need to Webservice running on different platforms, to be aware of the specific situation and the corresponding code in order to resolve this inconsistency. SOAP to achieve if all organizations were able to follow the standards, then Webservice developers do not need to consider the use of the underlying platform for the Webservice.
Nevertheless, to achieve synergy of different SOAP or very difficult, because the existence of coordinated standards a lot of differences, some organizations are committed to standards, such as And . However, only Webservice development for different platforms, different realization, making the development of increased cost and burden.
l understand the transmission model
SOAP is not a completely transparent solution, which complicated the realization of some details hidden. Webservice development must be a deeper understanding of SOAP, to understand the underlying mechanisms, as well as the transmission model, in order to know how to achieve SOAP. In some simple applications, some tools can help developers Webservice generate SOAP messaging code, but only in the most simple and effective applications. The real situation can not be as simple as possible in some areas you need to have special treatment (in the actual development of such a situation is very common), this time, you will need to directly manipulate the SOAP messaging code, as well as some the bottom of the XML content. Therefore, Webservice developers require in-depth understanding of SOAP and XML content layer.
Webservice interface in the development of the time, so do not think the use of XML technology, collaborative problem has been solved, XML is not a panacea to solve integration issues. There also needs to develop standards, the industry recognized the need for a glossary. Only in the framework of your design and the introduction of XML technology can not guarantee system synergy, XML is only the language used to describe data, XML itself does not provide semantic data to understand. Like English and German are the use of the Latin alphabet, but they are not the same semantics.
Even if you use the same language, there is no guarantee of a good collaboration. For example, your company may be used to describe a Order of orders, but you may use partners Purchase_Order, while the other partners may not the same. You can not force all of your partners and you use the same vocabulary. We need to have a large number of technology can serve as a translation between the description of the role. XSLT is a technology so that it converted for different languages. And the use of XML with XSLT in order to resolve the issue of synergy.
l DOM vs. SAX
Webservice many development environment, will be developed from the bottom of the XML document parsing and dealing with emancipated, or who provided a very convenient automation tools, makes this process very simple. However, there are special requirements for some of the Webservice applications, such as the need for better flexibility or special high-speed applications, we need to deal with XML documents by hand. At this time two types of XML parsing-DOM and SAX models of choice, will become important issues.
DOM tree of the way the use of XML document analysis, and more using SAX is event-driven model.
First XML document DOM tree mapped, and then through the use of a wide range of tree related operations to deal with this document. This approach has many benefits, first of all, it is easy to understand developers, using a tree it is for developers of the most common, however. The most commonly used XML in the DOM need to frequently modify Service occasions. DOM of course, has its shortcomings in the handling of XML documents, it need to load the entire document, regardless of whether you need to modify only a small part. So its operating efficiency and the use of memory is clearly unacceptable, especially in the face of a lot of XML documents.
SAX event-driven model used to deal with XML documents. Through a series of trigger events, to complete the analysis of XML, you can only care about what you have to deal with the incident, when these incidents occur, will call to the appropriate callback function to notify you. Such an approach can largely enhance the efficiency of parsing XML documents. But its drawback is difficult to use, as well as many of the same document, there are some problems will be handled.
All in all, DOM is more suitable to deal with the kind of document-oriented XML documents, SAX is suitable for the kind and would like to map directly to the XML structure into a system in your operation of an object. (Such as an XML structure will be mapped directly into JAVA a Class), or the kind of XML document for operation of the special Tag.
l document exchange vs. RPC model
Interaction of these two should be in the application of the initial design of the structure should be carefully considered because it will determine to a large extent the degree of system coupling.
RPC (Remote Procedure Call) is essentially a remote method call. Despite the Webservice is based on XML but you can still use the Remote Method Invocation Webservice this model to the realization, especially in the kind of simple model of the corresponding request. In the process, the transmission of XML documents is described in more information on the remote method, such as the method name, method parameters and so on.
And document exchange, compared with the RPC in the XML file instead of mapping remote method, but a complete self-contained business documents, when the Service after the client received the document and made a pre-treatment (such as vocabulary translation and mapping), and then return to the message structure. The structure of the process to return to the news often is no longer a simple method call, but the completion of a collaboration of many affairs to deal with, and then return the results.
The difference between these two methods, similar to email and phone calls and the different treatment. At the moment, the first method for providing a lot of automated tools make remote method calls can be easily completed, and then the lack of a way to support a range of tools, the need for developers to complete by hand.
In spite of this, or recommended in this document exchange. Because it has the RPC in the following areas do not have the advantage.
Means the use of documents, you can take full advantage of XML files to describe and validate a business document, and in the RPC model is only being used to describe XML methods.
The use of the document the way the client of the Service providers no longer need to close the agreement, and the needs of clients and RPC Model Service providers are closely linked, once the method of change, the client needs to be done on the corresponding changes. This does not comply with the requirements of low-coupling system, and in the exchange of documents is more flexible.
As a result of business data is included, it is clear the document model is more conducive to the use of asynchronous processing.
l the use of design patterns
Webservice design when the design can obviously play a significant role. The main purpose of design patterns is to address some of the similar circumstances similar issues have been more mature design. Here, only brief reference to some very commonly used model, let us understand that the model can be Webservice role to play.
Adapter: for internal systems to provide a different interface
Façade: the complexity of the internal package, providing a series of simple interface
Proxy: a proxy for other objects, the provision of services to replace it
Adapter pattern is used to interface a component into what customers need, here is the customer Webservice. A common situation is that the original packaging of the old system as a Webservice. For example, is using the J2EE platform, and that there is a C + + the system to achieve certain functions, it now needs to be released into a Webservice, need to use it to make a JNI technology Adapter, for the original C + + components to provide a Java - interface, and then into a Webservice.
Façade pattern used to build coarse-grained services, which services the packaging of fine-grained, complex systems so as to provide a simple interface. In J2EE in, Session Bean as a Façade, and the Entity Bean is a fine-grained services. Webservice also in the same, the use of Façade pattern can be the functional components have been wiped out play.
Proxy mode for other objects to act as a proxy, similar to the role of intermediaries will be dealing with transmission from an object to another object. In Webservice, it is mainly used to hide information structure Soap process. Can also be used to simulate the object (Mock Object) creation.
Some can be more than just a model for the development of Webservice, if you will be skilled Webservice applies to the development of these models, you will find Webservice application development will be like to do a special kind of object-oriented design.
l Security
Webservice for services as convenient to use with the majority of the field, but also become the food hackers. Here, this paper will present Webservice can do to improve security so briefly.
Webservice security in the mainly divided into the following three aspects.
Transfer SSL / HTTPS encryption for the connection, rather than data
Message data encryption (XML Encryption) Digital Signature (XML-DSIG)
The underlying structure of the use of application service security mechanism
The security of transmission is most likely to be added to your application in the Webservice, using the existing SSL and HTTPS protocol, you can easily connect the process to obtain security.
However, this method has two security vulnerabilities. First, it can only guarantee the security of data transmission, rather than their own safety data, data, once they arrived in a certain place, it can be viewed by anyone. In Webservice, the data may arrive at a number of places, and this data is not the be all of the recipients of the Show. Second, it provided there is either full or no protection, you can not choose which part of the data to be protected, which is optional in regular use in the Webservice to.
The second layer of protection is the protection for the news itself. You can use the expansion of existing XML security standards, to achieve the functions of a digital signature to ensure that your news is from a particular party has not been modified. XML document encryption technology to enhance a greater extent from the Webservice security, it can transmit data to custom, the recipient can be by check, and further improve the security of the transmission, the industry has been the safety of the formulation Webservice standards such as SAML and WS-Security.
The final layer of protection is dependent on the security of the underlying structure, this more from the operating system and the protection of some middleware. For example, in J2EE, the application server Webservice chair. At present, many of the J2EE application server support for Java Authentication and Authorization Service (JAAS), which is recently were added to the J2SE 1.4. Webservice use the auspices of the server, some security mechanism to achieve this is a very natural approach. Another use of the underlying security architecture is to do a separate security server, Webservice to create the users and have made the need for security with confidence.
Recommended information
Webservice as a new technology appears in front of us, it is used to solve the birth of the platform in different applications under the coordination. At present, companies in almost every Webservice application must be to develop, but if the lack of a deeper understanding of Webservice, not a very good handle at the design stage a number of important issues, then the final system must be inefficient, not the reliability of the product .
Webservice in the design application, the following points must be taken into account:
l manage systems and external relations
l have the bottom of the transmission model
l and application of the provision of suitable security policy
l planned deployment related issues
The following, these will be related to the design requirements and a number of commonly used model is the model can be applied to start the detailed discussion Webservice. During the discussion, you will find Webservice this new technology is how to compete with us in the past a combination of software development.
l standard capacity provided by the synergistic
A Webservice is to provide the most basic purpose of the various different platforms in different applications the ability to work together.
In order to make a company's network applications to achieve maximum efficiency, the existence of its own and its partners, suppliers and customers Webservice, should be able to achieve seamless interaction. If among the many Webservice interaction can not be easy to achieve, then the efficiency of the application will be greatly reduced. However, in reality, such cases are most likely to occur. Companies as a result of the understanding of the business are different, the same is to understand the circumstances, the same concept may also be in different forms of performance, specifically in respect of the same data is possible that different xml. As a result of the above reasons, the issue of synergy should be applied in the design to be considered when the structure, rather than later to change.
Webservice by following a few posed by technology, SOAP (Simple Object Access Protocol), WSDL (Web service Description Language), and UDDI (Universal Description, Discovery and Integration).
We are not here to a detailed study of these technologies, but rather to reveal some of their important characteristics, these characteristics need to design Webservice careful consideration.
WSDL is the key to achieve synergy, which provides for a contract with the new interaction between the application of the old. This technology enables organizations to develop standards may be concentrated in the Service of the external interface, and do not take into account the concrete realization of the Organization. In short, it implements the interface and implementation of Webservice separation. Standards so that more easily. In addition, based on the interface description, many tools can automatically generate client code to reduce the workload of the developers and makes the majority of developers out of the preparation process SOAP messaging code.
SOAP is to achieve Webservice in various components of information transfer between the transport layer. Therefore, SOAP should be a transparent and collaborative technology. However, to achieve as many of the SOAP methods and standards are moving in the opposite direction or to add a new extension or deletion of a number of standard features. Because of the SOAP standard to varying degrees of support, the ability to greatly Webservice synergy to achieve increased coordination difficulties. On this basis, when developers need to Webservice running on different platforms, to be aware of the specific situation and the corresponding code in order to resolve this inconsistency. SOAP to achieve if all organizations were able to follow the standards, then Webservice developers do not need to consider the use of the underlying platform for the Webservice.
Nevertheless, to achieve synergy of different SOAP or very difficult, because the existence of coordinated standards a lot of differences, some organizations are committed to standards, such as And . However, only Webservice development for different platforms, different realization, making the development of increased cost and burden.
l understand the transmission model
SOAP is not a completely transparent solution, which complicated the realization of some details hidden. Webservice development must be a deeper understanding of SOAP, to understand the underlying mechanisms, as well as the transmission model, in order to know how to achieve SOAP. In some simple applications, some tools can help developers Webservice generate SOAP messaging code, but only in the most simple and effective applications. The real situation can not be as simple as possible in some areas you need to have special treatment (in the actual development of such a situation is very common), this time, you will need to directly manipulate the SOAP messaging code, as well as some the bottom of the XML content. Therefore, Webservice developers require in-depth understanding of SOAP and XML content layer.
Webservice interface in the development of the time, so do not think the use of XML technology, collaborative problem has been solved, XML is not a panacea to solve integration issues. There also needs to develop standards, the industry recognized the need for a glossary. Only in the framework of your design and the introduction of XML technology can not guarantee system synergy, XML is only the language used to describe data, XML itself does not provide semantic data to understand. Like English and German are the use of the Latin alphabet, but they are not the same semantics.
Even if you use the same language, there is no guarantee of a good collaboration. For example, your company may be used to describe a Order of orders, but you may use partners Purchase_Order, while the other partners may not the same. You can not force all of your partners and you use the same vocabulary. We need to have a large number of technology can serve as a translation between the description of the role. XSLT is a technology so that it converted for different languages. And the use of XML with XSLT in order to resolve the issue of synergy.
l DOM vs. SAX
Webservice many development environment, will be developed from the bottom of the XML document parsing and dealing with emancipated, or who provided a very convenient automation tools, makes this process very simple. However, there are special requirements for some of the Webservice applications, such as the need for better flexibility or special high-speed applications, we need to deal with XML documents by hand. At this time two types of XML parsing-DOM and SAX models of choice, will become important issues.
DOM tree of the way the use of XML document analysis, and more using SAX is event-driven model.
First XML document DOM tree mapped, and then through the use of a wide range of tree related operations to deal with this document. This approach has many benefits, first of all, it is easy to understand developers, using a tree it is for developers of the most common, however. The most commonly used XML in the DOM need to frequently modify Service occasions. DOM of course, has its shortcomings in the handling of XML documents, it need to load the entire document, regardless of whether you need to modify only a small part. So its operating efficiency and the use of memory is clearly unacceptable, especially in the face of a lot of XML documents.
SAX event-driven model used to deal with XML documents. Through a series of trigger events, to complete the analysis of XML, you can only care about what you have to deal with the incident, when these incidents occur, will call to the appropriate callback function to notify you. Such an approach can largely enhance the efficiency of parsing XML documents. But its drawback is difficult to use, as well as many of the same document, there are some problems will be handled.
All in all, DOM is more suitable to deal with the kind of document-oriented XML documents, SAX is suitable for the kind and would like to map directly to the XML structure into a system in your operation of an object. (Such as an XML structure will be mapped directly into JAVA a Class), or the kind of XML document for operation of the special Tag.
l document exchange vs. RPC model
Interaction of these two should be in the application of the initial design of the structure should be carefully considered because it will determine to a large extent the degree of system coupling.
RPC (Remote Procedure Call) is essentially a remote method call. Despite the Webservice is based on XML but you can still use the Remote Method Invocation Webservice this model to the realization, especially in the kind of simple model of the corresponding request. In the process, the transmission of XML documents is described in more information on the remote method, such as the method name, method parameters and so on.
And document exchange, compared with the RPC in the XML file instead of mapping remote method, but a complete self-contained business documents, when the Service after the client received the document and made a pre-treatment (such as vocabulary translation and mapping), and then return to the message structure. The structure of the process to return to the news often is no longer a simple method call, but the completion of a collaboration of many affairs to deal with, and then return the results.
The difference between these two methods, similar to email and phone calls and the different treatment. At the moment, the first method for providing a lot of automated tools make remote method calls can be easily completed, and then the lack of a way to support a range of tools, the need for developers to complete by hand.
In spite of this, or recommended in this document exchange. Because it has the RPC in the following areas do not have the advantage.
Means the use of documents, you can take full advantage of XML files to describe and validate a business document, and in the RPC model is only being used to describe XML methods.
The use of the document the way the client of the Service providers no longer need to close the agreement, and the needs of clients and RPC Model Service providers are closely linked, once the method of change, the client needs to be done on the corresponding changes. This does not comply with the requirements of low-coupling system, and in the exchange of documents is more flexible.
As a result of business data is included, it is clear the document model is more conducive to the use of asynchronous processing.
l the use of design patterns
Webservice design when the design can obviously play a significant role. The main purpose of design patterns is to address some of the similar circumstances similar issues have been more mature design. Here, only brief reference to some very commonly used model, let us understand that the model can be Webservice role to play.
Adapter: for internal systems to provide a different interface
Façade: the complexity of the internal package, providing a series of simple interface
Proxy: a proxy for other objects, the provision of services to replace it
Adapter pattern is used to interface a component into what customers need, here is the customer Webservice. A common situation is that the original packaging of the old system as a Webservice. For example, is using the J2EE platform, and that there is a C + + the system to achieve certain functions, it now needs to be released into a Webservice, need to use it to make a JNI technology Adapter, for the original C + + components to provide a Java - interface, and then into a Webservice.
Façade pattern used to build coarse-grained services, which services the packaging of fine-grained, complex systems so as to provide a simple interface. In J2EE in, Session Bean as a Façade, and the Entity Bean is a fine-grained services. Webservice also in the same, the use of Façade pattern can be the functional components have been wiped out play.
Proxy mode for other objects to act as a proxy, similar to the role of intermediaries will be dealing with transmission from an object to another object. In Webservice, it is mainly used to hide information structure Soap process. Can also be used to simulate the object (Mock Object) creation.
Some can be more than just a model for the development of Webservice, if you will be skilled Webservice applies to the development of these models, you will find Webservice application development will be like to do a special kind of object-oriented design.
l Security
Webservice for services as convenient to use with the majority of the field, but also become the food hackers. Here, this paper will present Webservice can do to improve security so briefly.
Webservice security in the mainly divided into the following three aspects.
Transfer SSL / HTTPS encryption for the connection, rather than data
Message data encryption (XML Encryption) Digital Signature (XML-DSIG)
The underlying structure of the use of application service security mechanism
The security of transmission is most likely to be added to your application in the Webservice, using the existing SSL and HTTPS protocol, you can easily connect the process to obtain security.
However, this method has two security vulnerabilities. First, it can only guarantee the security of data transmission, rather than their own safety data, data, once they arrived in a certain place, it can be viewed by anyone. In Webservice, the data may arrive at a number of places, and this data is not the be all of the recipients of the Show. Second, it provided there is either full or no protection, you can not choose which part of the data to be protected, which is optional in regular use in the Webservice to.
The second layer of protection is the protection for the news itself. You can use the expansion of existing XML security standards, to achieve the functions of a digital signature to ensure that your news is from a particular party has not been modified. XML document encryption technology to enhance a greater extent from the Webservice security, it can transmit data to custom, the recipient can be by check, and further improve the security of the transmission, the industry has been the safety of the formulation Webservice standards such as SAML and WS-Security.
The final layer of protection is dependent on the security of the underlying structure, this more from the operating system and the protection of some middleware. For example, in J2EE, the application server Webservice chair. At present, many of the J2EE application server support for Java Authentication and Authorization Service (JAAS), which is recently were added to the J2SE 1.4. Webservice use the auspices of the server, some security mechanism to achieve this is a very natural approach. Another use of the underlying security architecture is to do a separate security server, Webservice to create the users and have made the need for security with confidence.
Recommended information