430 likes | 465 Vues
SOAP Simple Object Access Protocol An Introduction. by Juan J Vargas University of Central Florida CDA 5937 Fall 2002. Agenda. What is SOAP? SOAP History The SOAP Structure The SOAP Message Exchange Model Examples of HTTP / XML / SOAP SOAP Security Conclusions and References.
E N D
SOAPSimple Object Access ProtocolAn Introduction by Juan J Vargas University of Central Florida CDA 5937 Fall 2002
Agenda • What is SOAP? • SOAP History • The SOAP Structure • The SOAP Message Exchange Model • Examples of HTTP / XML / SOAP • SOAP Security • Conclusions and References UCF - CDA 5937
What is SOAP? • SOAP: “Simple Object Access Protocol” is a lightweight communication protocol for exchange of information in a decentralized, distributed environment. • SOAP combines HTTP (medium of communication) with XML (language of communication) • SOAP = XML parser + server/client code + HTTP server • SOAP invokes methods on servers, services, components, and objects via Internet. UCF - CDA 5937
What is SOAP? (cont.) • SOAP has no explicit programming model, unlike DCOM and CORBA: no special components or tools needed to make an implementation. • Can be implemented in any language (Java, Perl, C++, VB, Windows and UNIX) • SOAP promotes distributed computing thru communication UCF - CDA 5937
SOAP goals • Developed to be a platform and language independent • Simplicity and extensibility • SOAP meets these goals by omitting features often found in messaging systems and distributed object systems: • garbage collection, batching of messages, objects-by-reference UCF - CDA 5937
SOAP goals (cont) • Simple standardized mechanism for moving structured information • Format for sending messages • Enables different programs, written in different languages and running on different platforms, to communicate with each other UCF - CDA 5937
SOAP History • SOAP 0: Developed by UserLand, Microsoft, and DevelopMentor in 1998 • SOAP 1.0 in 2000 • W3C (World Wide Web Consortium) v1.1 final – May 2000 • W3C v1.2 draft – July 2001 • Specification can be found at: http://www.w3.org/TR/soap12/ UCF - CDA 5937
The SOAP Message Exchange Model (Client/Server) • SOAP defines two types of messages: • Requests • Responses • Clients send a request to a server to invoke a service, and the server sends back the results UCF - CDA 5937
The SOAP 1.1 Structure A SOAP message contains 3 parts: • Envelope: defines the content of the message • Must be associated with a namespace, e.g.: http://www.w3.org/2001/06/soap-envelope • Header (optional): contains header information • Body: contains call and response information UCF - CDA 5937
SOAP Header • Is an optional component • The Header has information about how the message is to be processed • Can contain extensions to the message like transaction ids • Can also contain security information UCF - CDA 5937
Sample <soap:Header> <soap:Envelope> … <soap:Header> <t:Transaction xmlns:t=“some-URI” soap:mustUnderstand=“1”> 12345 </t:Transaction></soap:Header> <soap:Body> … </soap:Body> </soap:Envelope> UCF - CDA 5937
SOAP Body • Contains the message referred to as “payload” • Must be a child of the Envelope element • Can contain the encodingStyle • Can also contain a <Fault> element UCF - CDA 5937
Sample <soap:Body> <soap:Envelope> … <soap:Header> … </soap:Header> <soap:Body> <w:article xmlns:w=“www.w3.org” > <w:name> SOAP v1.1 </w:name> <w:url> http://www.w3.org/TR/SOAP </w:url> </w:article> </soap:Body> </soap:Envelope> UCF - CDA 5937
Sample <soap:Fault> <soap:Envelope> … <soap:Body> … <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Server Error</faultstring> <detail> <e:myfaultdetails xmlns:e="Hello"><message> Ooops… </message><errorcode> 1001</errorcode> </e:myfaultdetails> </detail></soap:Fault> </soap:Body> </soap:Envelope> UCF - CDA 5937
SOAP request POST /Temperature HTTP/1.1 Host: www.weather.com Content-Type: text/xml Content-Length: <whatever> SOAPMethodName: <some-URI>#CurrentTemp <SOAP:Envelope xmlns:SOAP="urn:schemas-xmlsoap-org:soap.v1"> <SOAP:Body> <m:CurrentTemp xmlns:m="some-URI"> <zip_code>37919</zip_code> <m:CurrentTemp> </SOAP:BODY> <SOAP:Envelope> URI- Uniform Resource Identifier some-URI -> www.netsolve.com or www.globus.com Http Header Soap Extensions Xml Payload UCF - CDA 5937
SOAP response HTTP/1.1 200 OK Content-Type: text/xml Content-Length: <whatever> <SOAP:Envelope xmlns:SOAP="urn:schemas-xmlsoap-org:soap.v1"> <SOAP:Header> <t:Transaction xmlns:t="some-URI"> 5 </t:Transaction> </SOAP:Header> <SOAP:Body> <m:CurrentTempResponse xmlns:m="some-URI"> <return>42</return> </m:CurrentTempResponse> </SOAP:Body> </SOAP:Envelope> Http Header Xml Payload UCF - CDA 5937
The SOAP 1.2 Structure A SOAP message contains 4 parts: • Envelope: defines a framework describing what is in the message • Set of encoding rules: expresses instances of application-defined data types • Convention for representing remote procedure calls (RPCs) and responses • A transport binding convention for exchanging messages UCF - CDA 5937
HTTP Example • The following is a legal HTTP request message: • HTTP headers are just plain text. POST /foobar HTTP/1.1 Host: 209.110.197.12 Content-Type: text/plain Content-Length: 12 Hello, World UCF - CDA 5937
HTTP Example First line of an HTTP request contains three components: • The HTTP method: POST The Internet Engineering Task Force (IETF) has standardized a fixed number of HTTP methods: • GET is the HTTP method used to surf the Web. • POST is the most commonly used HTTP method for building applications. • The Request-URI: /foobar URI (Uniform Resource Identifier) to identify target of request • The protocol version: HTTP/1.1 The protocol version in this example is HTTP/1.1, which indicates that the rules of RFC 2616 are to be observed. UCF - CDA 5937
HTTP Example The third and fourth lines of the request specify the type and size of the request payload: • Content-Type: text/plain • syntax of the payload information as a MIME type Most DCE (Distributed Computing Environment) applications use NDR(Network Data Representation). Most Web applications use text/html or other text-based syntaxes. SOAP uses text/xml • Content-Length: 12 • number of bytes of payload information UCF - CDA 5937
HTTP Example The blank line between the Content-Length header and the request payload is a delimiter. • Individual HTTP headers are delimited by a carriage-return/line-feed sequence. • The headers are delimited from the payload using an extra carriage-return/line-feed sequence. UCF - CDA 5937
The following is an HTTP response message: If server unable to decode the request HTTP Example 400 Bad Request Content-Length: 0 200 OK Content-Type: text/plain Content-Length: 12 dlroW ,olleH 307 Temporarily Moved Location: http://209.110.197.44/foobar Content-Length: 0 UCF - CDA 5937
XML NameSpaces To support extensibility, every element and attribute in XML has a namespace URI associated with it. This URI is specified using the xmlns attribute. UCF - CDA 5937
XML NameSpaces: Example <reverse_string xmlns="urn:schemas-develop-com:StringProcs"> <string1>Hello, World</string1> <comment xmlns='http://foo.com/documentation'> This is a comment!! </comment> </reverse_string> URIs UCF - CDA 5937
XML NameSpaces: Example XML allows namespace URIs to be mappedto locally unique prefixes as a convenience. <sp:reverse_string xmlns:sp="urn:schemas-develop-com:StringProcs" xmlns:doc='http://foo.com/documentation'> <sp:string1>Hello, World</sp:string1> <doc:comment> This is a comment!! </doc:comment> </sp:reverse_string> UCF - CDA 5937
Sample SOAP Namespaces • SOAP envelope: http://www.w3.org/2001/06/soap-envelope • SOAP serialization: http://www.w3.org/2001/06/soap-encoding • SOAP mustUnderstand fault: http://www.w3.org/2001/06/soap-faults • SOAP upgrade: http://www.w3.org/2001/06/soap-upgrade UCF - CDA 5937
Method must match Example: SOAP Method Request URI – delim – method name POST /string_server/Object17 HTTP/1.1 Host: 209.110.197.2 Content-Type: text/xml Content-Length: 152 SOAPMethodName: urn:strings-com:IString#reverse <Envelope> <Body> <m:reverse xmlns:m='urn:strings-com:IString'> <theString>Hello, World</theString> </m:reverse> </Body> </Envelope> UCF - CDA 5937
Method name + “Response” suffix Example: SOAP Response 200 OK Content-Type: text/xml Content-Length: 162 <Envelope> <Body> <m:reverseResponse xmlns:m='urn:strings-com:IString'> <result>dlroW ,olleH</result> </m:reverseResponse> </Body> </Envelope> UCF - CDA 5937
SOAP Request Structure UCF - CDA 5937
Another SOAP Example Let’s build a service thatcalculates the tax due on a sales transaction. In traditional VB (Visual Basic) terms we will create a function with the following definition: Public Function GetSalesTax(ByVal pSalesTotal As Double) As Double GetSalesTax = pSalesTotal * 0.04End Function UCF - CDA 5937
SOAP Example (cont) If the amount is $100 and GetSalesTax is within the objTax object the VB call looks like: Dim objTax As New CTaxCalcdblSalesTax = objTax.GetSalesTax(100) UCF - CDA 5937
SOAP Example (cont)CLIENT side The request is formatted as an XML document, which is passed up to the server. <SOAP:Envelope xmlns:SOAP="urn:schemas-xmlsoap-org:soap.v1"> <SOAP:Header></SOAP:Header><SOAP:Body> <GetSalesTax> <SalesTotal>100</SalesTotal> <GetSalesTax> </SOAP:Body></SOAP:Envelope> UCF - CDA 5937
How to send the XML document to the server? The request is a simple HTTP post. The internet browser masks all the complexityof sending a form to a server. But if we are going to do the job ourselves, Microsoft's XML HTTP Request object can be used to give us a helping hand. The LHTTPRequest is an object within the MSXML class library (MSXML.DLL), and it comes with IE5. UCF - CDA 5937
In this example, the server is in the local computer SOAP Client (cont) Assuming that strEnvelope contains the XML document described above, the request is formatted thus: Dim objHTTP As New MSXML.XMLHTTPRequestDim strEnvelope As String 'Set up to post to our localhost serverobjHTTP.open "post", "http://localhost/soap/soap.asp"'Set a standard SOAP/ XML header for the content-typeobjHTTP.setRequestHeader "Content-Type", "text/xml"'Set a header for the method to be calledobjHTTP.setRequestHeader "SOAPMethodName", _"urn:myserver/soap:TaxCalc#GetSalesTax"'Make the SOAP callobjHTTP.send strEnvelope'Get the return valuestrReturn = objHTTP.responseBody UCF - CDA 5937
SOAP Server Side The first job is to create the soap.asp page, to listen for, and process SOAP calls to our server. For the basic listener service, we need to parse the body of the request (the SOAP envelope) and pull out the value of the SalesTotal parameter. Because the request is XML, we can load it into an instance of Microsoft's XMLDOM. UCF - CDA 5937
SOAP Server Side (cont) Soap.asp begins like this: Set objReq = Server.CreateObject("Microsoft.XMLDOM")objReq.Load Request objReq contains the SOAP envelope from the client. UCF - CDA 5937
SOAP Server Side (cont) The value of SalesTotal can be extracted by running an XSL pattern query, using the SelectSingleNode method of the XML DOM object, and tax is calculated: strQuery = "SOAP:Envelope/SOAP:Body/m:GetSalesTax/SalesTotal“varSalesTotal = objReq.SelectSingleNode(strQuery).Text varSalesTax = varSalesTotal * 0.04 UCF - CDA 5937
SOAP Server Side (cont) The response is ready to be passed back to the client. The SOAP response envelope conforms to a format-type almost identical to the request. <SOAP:Envelope xmlns:SOAP="urn:schemas-xmlsoap-org:soap.v1"> <SOAP:Header></SOAP:Header> <SOAP:Body> <m:GetSalesTaxResponse xmlns:m="urn:myserver/soap:TaxCalc"> <SalesTax>4</SalesTax> </m:GetSalesTaxResponse> </SOAP:Body> </SOAP:Envelope> UCF - CDA 5937
SOAP Client Side (cont) The response document can be built either by string-concatenation, or by creating a new instance of a DOM(Document Object Model), and appending the appropriate nodes. Back on the client, the response is received, and can be decoded by extracting the appropriate node from the Envelope document: Dim objReturn As New MSXML.DomDocumentobjReturn.LoadXML strReturn strQuery = _"SOAP:Envelope/SOAP:Body/m:GetSalesTaxResponse/SalesTax"dblTax = objReturn.SelectSingleNode(strQuery).Text UCF - CDA 5937
Problems with example OK, I got it workingby Ned Robinson(nrobinson@baseline.com)Tuesday, August 28, 2001 Here is the trick. You must have Application Protection on your web server set to Low so that the service and the application can run in the same address space. Go to IIS Manager, right click on your Web Site and go to Properties. Go to the Home Directory tab and make the change to Application Protection at the bottom. UCF - CDA 5937
SOAP Security • SOAP specification does not define any protocol-specific security features. Potential security threat due to plain text nature of data. • Security features may be added to the SOAP header (e.g. digital signatures). • Transport protocols such as SSL (using HTTPS), TLS, and IP SECurity (IPSec) can provide the integrity and confidentiality of the message during transmission. UCF - CDA 5937
Conclusions • SOAP: new and simple protocol. SOAP well suited for internet. Excellent foundation upon which other protocols may be built • Primary goal of SOAP is interoperability • SOAP = XML (data representation) + HTTP (transport) + RPC (call/response mechanism) • Today SOAP does not address some critical distributed services (e.g. security). But SOAP is evolving rapidly. UCF - CDA 5937
References http://www.vbip.com/xml/soap_syd.asp http://msdn.microsoft.com/msdnmag/issues/0300/soap/default.aspx http://www.w3.org/TR/SOAP/ http://www.xml.org/xml/resources_focus_soap.shtml http://www.javaworld.com/javaworld/jw-03-2001/jw-0330-soap.html http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnexxml/html/xml10152001.asp http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwebsrv/html/Xmloverchap2.asp http://www.microsoft.com/mind/0100/soap/soap.asp UCF - CDA 5937