Java Web Services for Experienced Programmers

Table of Contents    |    Preface    |     Product Information    |    Downloads

Tour of the Book

© 1992-2005. Deitel & Associates, Inc. All Rights Reserved.

This book is divided into several sections. Chapters 2–5 introduce XML, which is the foundation technology for Web services. We explore the basics of creating XML and manipulating documents using the Java API for XML Processing (JAXP). Chapters 6–8 describe the core technologies and standards associated with Web services, including the Simple Object Access Protocol (SOAP), SOAP-Based Web-Services Platforms, Web Services Description Language (WSDL) and Universal Description Discovery and Integration (UDDI). Chapters 9–11 present the primary Java technologies for implementing Web services and Web services clients and for manipulating XML registries, such as the Java API for XML-based Remote Procedure Calls (JAX-RPC), the Java API for XML Messaging (JAXM), and the Java API for XML Registries (JAXR).

Reflecting on the enormous importance of Web-services security, Chapters 12 and 13 introduce the fundamentals of computer security and discuss the various technologies for securing Web services, such as XML Encryption, XML Key Management Specification (XKMS), Security Assertions Markup Language (SAML) and Extensible Access Control Markup Language (XACML). Chapter 14 presents the available APIs and technologies for integrating wireless devices, such as cell phones, into Web-services infrastructures.

Chapters 15–17 present a capstone case study that integrates many of the technologies discussed in Java Web Services for Experienced Programmers, to build a significant Web-services-based application. This application integrates Web services across several businesses to enable customers to search for the best prices on Deitel books. In the case study, three fictitious book stores provide Web services that enable business partners to obtain pricing information and place book orders. A consumer-oriented service called the Price Finder Web service retrieves the best prices from the book stores and enables consumers to place orders directly through the Price Finder. In addition, we integrate the Deitel Book Information Web service to enable online stores and other businesses to get up-to-date information on Deitel publications, including titles, descriptions, cover images and more. To demonstrate the interoperability that Web services facilitate, we deploy the various Web services on disparate service platforms. We also implement three different client applications for interacting with the Price Finder Web service, including a Web-based client using servlets, a J2ME client for cell phones and a Swing-based desktop application. The book concludes with appendices that introduce Java servlets and JavaServer Pages, two key technologies that support Java Web services. We use these technologies throughout the book and in the Price Finder case study.

In the walkthrough of each chapter, there will be terms that are unfamiliar to you—they will be defined in the chapters of the book. Many chapters end with an Internet and World Wide Web Resources section that provides a listing of Web sites you should visit to enhance your knowledge of the technologies discussed in those chapters. You may also want to visit www.deitel.com and www.prenhall.com/deitel to keep informed of updates on Java Web services technologies, book errata and additional teaching and learning resources.

This chapter overviewed the technologies presented in Java Web Service for Experienced Programmers. We presented a tour of the book with a brief overview of each chapter. We provided installation and execution instructions for the software required in the book.

XML is the fundamental enabling technology for Web services. We include a substantial introduction to XML in Chapters 2–5. Chapter 2 introduces the fundamentals of XML. We discuss the properties of the XML character set, called Unicode—the standard aimed at providing a flexible character set for most of the world’s languages. We provide a brief overview of parsers—programs that process XML documents and their data. We also overview the requirements for a well-formed document (i.e., a document that is syntactically correct). We discuss elements, which hold data in XML documents. Several elements can have the same name, resulting in naming collisions; we introduce namespaces, which differentiate these elements to avoid such collisions.

A Document Type Definition (DTD) is a structural definition for an XML document, specifying the type, order, number and attributes of the elements in the document as well as other information. By defining the structure of an XML document, a DTD reduces the validation and error-checking work of the application using the document. We discuss well-formed and valid documents (i.e., documents that conform to a DTD). This chapter shows how to specify different element and attribute types, values and defaults that describe the structure of an XML document.

The W3C Document Object Model (DOM) is an API for XML that is platform and language independent. The DOM is a standard API for manipulating the contents of XML documents. The Java API for XML Processing (JAXP) provides DOM support for Java programs. XML documents are hierarchically structured, so the DOM represents XML documents as tree structures. Using DOM, programs can modify the content, structure and formatting of documents dynamically. This chapter examines several important DOM capabilities, including the ability to retrieve data, insert data and replace data. We also demonstrate how to create and traverse documents using the DOM.

XSL was designed to manipulate the rich and sophisticated data contained in an XML document. XSL has two major functions: formatting XML documents and transforming them into other data formats such as XHTML and Rich Text Format (RTF). In this chapter, we discuss the subset of XSL called XSLT. XSLT uses XPath—a language of expressions for accessing portions of XML documents—to match nodes for transforming an XML document into another text document. We use JAXP—which includes XSLT support—in our examples. An XSL stylesheet contains templates with which elements and attributes can be matched. New elements and attributes can be created to facilitate a transformation.

Web services are built using a variety of technologies, such as SOAP, WSDL, UDDI and ebXML. One of the greatest problems facing Web services developers is trying to understand how implementations of these protocols work together to create Web-services environments. This chapter overviews the general operation of Web services platforms. The chapter provides the reader with detailed instructions on how to deploy a simple Web service called the Book Title Service in a variety Web services platforms, such as Apache's Axis, CapeClear's CapeConnect, The Mind Electric's GLUE, Systinet's Web Applications and Services Platform (WASP) and IBM's Web Services Took Kit (WSTK). The chapter demonstrates how to create a simple client that connects to the Book Title Web service running on any of these Web-services platforms. The chapter also provides a detailed look at the process of sending and receiving SOAP messages to and from a Web service.

Clients that wish to access Web services generally have no prior knowledge either of the specific Web services that an application has made available or of the addresses (URLs) of these services. To publicize this information, a Web service developer uses an XML-based language called Web Service Description Language (WSDL) to specify the information in a WSDL document. The developer places the document in the Web-services environment and clients of the service download the WSDL document to access information about the available services. In this chapter, we discuss how developers use WSDL to provide this information to clients. We discuss the WSDL syntax, and how to generate WSDL documents. To conclude the chapter, we build clients that use WSDL documents to invoke Web services and we discuss the importance of these documents in this process.

For Web services to achieve widespread adoption, a unified system must enable developers and applications to locate specific Web services. Several organizations have developed Web services registry systems, but the leading registry is based on the Universal Description, Discovery and Integration (UDDI) specification. This chapter details aspects of UDDI, including dynamic discovery, the public UDDI Business Registry (UBR) and private registries. We describe the UDDI information model, which is composed of business information, business-service information, bind information, service specification information and publisher-assertion information. We then discuss the UDDI publishing and querying APIs. We also explain key limitations of UDDI and introduce alternative discovery methods provided by ebXML, WS-Inspection and Discovery of Web Services (DISCO).

This chapter introduces the Java API for XML-based Remote Procedure Calls (JAX-RPC), which is a protocol-independent API for building Java-based Web services and Web-services clients. With JAX-RPC, Web services and their clients use XML-based protocols, such as SOAP, and common transport protocols, such as HTTP, to communicate. JAX-RPC abstracts away the complexities of working with SOAP and HTTP directly, yet maintains interoperability. In this chapter, we introduce the JAX-RPC architecture and present three examples that use JAX-RPC APIs to build and access Web services.

The Java XML for Registries (JAXR) is an API that enables developers to register business information in UDDI and ebXML registries. This chapter discusses JAXR API features by registering the Deitel Book Title Service (introduced in Chapter 6) with a UDDI registry. The chapter discusses how to register, modify and delete a business entry in a UDDI-compliant registry and explains the process of categorizing a business under various classification schemes.

The Java API for XML Messaging (JAXM) is Sun Microsystem’s latest API for sending messages between components. Unlike Sun’s other messaging technologies (JavaMail and Java Messaging Service), JAXM packages messages in SOAP XML format and is used by developers to build applications that both access and provide Web services. Using the JAXM API, developers can program two types of applications: standalone applications that use JAXM to access Web services, and applications that use a JAXM message provider to provide and access Web services. We discuss the JAXM API, which we then use to build a standalone application. Later in the chapter, we explain the importance and efficiency of a JAXM message provider and use the provider to construct a JAXM application that can both send and receive SOAP requests and responses.

Security breaches and network attacks cause immense damage, costing organizations billions of dollars and affecting their productivity and credibility. To minimize these problems, it is essential that companies protect their data and ensure secure transactions. Effective security involves authenticating the identities of senders and receivers, verifying data integrity, ensuring that sensitive information remains private and proving that information was sent and properly received. This chapter defines basic security terminology and explores the history of cryptography. We examine and illustrate several cryptographic techniques used to encode information, including secret-key cryptography and public-key cryptography. We explore user authentication methods, such as digital signatures, digital certificates, digital watermarks and Kerberos. We also analyze the strengths and weaknesses of popular security standards and mechanisms, including Secure Sockets Layer (SSL), Internet Protocol Security (IPSec) and Virtual Private Networks (VPNs). Finally, we consider network security options, such as firewalls and intrusion-detection systems.

Web services can move transactions beyond corporate firewalls and enable outside entities to access corporate applications. This offers many benefits to organizations, but also increases the potential for security breaches and data corruption. This chapter addresses security—one of the main obstacles to widespread Web services adoption. We describe why existing security technologies such as HTTP and SSL are insufficient to protect Web services transmissions. We then present several evolving Web-services security specifications, including XML Signature and XML Encryption; the XML Key Management Specification (XKMS) for registering and distributing encryption keys can be used with these techniques to authenticate each party in a transaction and to set up Public Key Infrastructure (PKI) for Web services. We also examine authorization and policy standards, such as Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML). The chapter concludes by discussing the effects of Web-services security on firewalls and networks.

Accessing Web services via wireless mobile devices continues to emerge throughout industry as Web-service–based applications become more predominant. The advantage of wireless Web services is that wireless devices enable users to access Web services at any time and from virtually anywhere. This is especially convenient for services such as checking stock quotes and discovering local activities. In this chapter, we introduce Java 2 Micro Edition (J2ME^™), which is Sun Microsystem’s most recent Java platform for developing applications for various consumer devices, such as Web terminals, mobile phones and cell pagers. We discuss the J2ME API and use it to program J2ME applications. We then show how to enable a J2ME client to access Web services that have been deployed in Web-services environments (e.g., WASP servers). We also discuss Enhydra’s kSOAP and kXML packages, which enable a J2ME client to make SOAP requests to Web-service environments.

At this point, we have introduced the technologies and services that enable developers to build, publish and access Web services. In these final chapters, we integrate many of those technologies into a substantial case study that demonstrates an application built with Web services. The Price Finder Web service enables clients to find and purchase Deitel books at the best available prices. The Price Finder Web service itself uses Web services provided by several fictitious online bookstores to obtain price information and to place orders. The Price Finder Web service also communicates with the Deitel Book Information Web service to obtain book descriptions, titles, authors, cover images, etc. In addition to the Web-service implementations, we present several applications that consume the Price Finder Web Service, including a servlet-based Web site, a J2ME application for wireless devices and a Swing-based desktop application.

Servlets extend the functionality of servers—typically Web servers. Servlets are effective for developing Web-based solutions that interact with databases on behalf of clients, dynamically generate custom content to be displayed by browsers, and maintain unique session information for each client. Many developers feel that servlets are the right solution for database-intensive applications that communicate with so-called thin clients—applications that require minimal client-side processing capability. Clients connect to the server using standard protocols, such as HyperText Transfer Protocol (HTTP), available on most client platforms through Web browsers (and other applications). Thus, the application logic can be written once and reside on the server for access by clients. The Java Servlet API allows developers to add functionality to Web servers for handling client requests. Unlike the Common Gateway Interface (CGI), in which a separate process may be started for each client request, servlets typically are threads in a single JVM process. Servlets also are reusable across Web servers and across platforms. This appendix demonstrates the Web’s request–response mechanism (primarily with HTTP get and post requests), session-tracking capabilities, redirecting requests to other resources and interacting with databases through JDBC. We provide this appendix as a tutorial and reference, since several of the Web-services platforms and reference implementations use servlets to provide Web-services endpoints. Also, in several examples throughout the book, including the case study of Chapters 15–17, we implement servlets as Web-services clients.

This appendix introduces an extension of servlet technology called JavaServer Pages (JSP). JSPs enable delivery of dynamically generated Web content and are used primarily for developing presentation logic in Enterprise Java applications. JSPs may contain Java code in the form of scriptlets and may also use JavaBeans components. Custom tag libraries enable Web-page designers unfamiliar with Java to enhance Web pages with powerful dynamic content and processing capabilities created by Java developers. To enhance performance, each JSP is compiled into a Java servlet—this normally occurs the first time each JSP is requested by a client. Subsequent client requests are fulfilled by the compiled servlet. We provide this appendix as a tutorial and reference, since we use JSP technology in the Price Finder case study of Chapters 15–17.

[ top ]

© 1992-2005. Deitel & Associates, Inc. All Rights Reserved.