JavaEE - Web services
What is Entrust Privacy Service?
"As the name suggests, Entrust Privacy Service perform encryption of the data so that only concerned parties are able to access the data. It basically deals with two factors Confidentiality Security"
Explain features of XML-RPC?
"The major features of XML-RPC are enlisted below RPCs are performed using simple XML language. XML encoded Requests are sent via HTTP POST. XML Response is embedded in HTTP response. It is considered as platform-independent. It allows communication between diverse applications. It uses HTTP protocol for passing information between client and server computers. It has small XML vocabulary for describing request and response's nature."
Name some implementations of JAX-RS API?
"There are two major implementations of JAX-RS API. Jersey: Jersey is the reference implementation provided by Sun. For using Jersey as our JAX-RS implementation, all we need to configure its servlet in web.xml and add required dependencies. Note that JAX-RS API is part of JDK not Jersey, so we have to add its dependency jars in our application. RESTEasy: RESTEasy is the JBoss project that provides JAX-RS implementation."
Explain <definition> element?
Definition element is described as the root of WSDL document which defines the name of the web service as well as act as a container for all the other elements.
Explain the term statelessness in terms of RESTful web services?
In REST architecture, there is a restriction where a REST web service is not allowed to keep a client state on the server. Such condition is known as 'Statelessness'. In such situation, the client passes its context to the server and in turn, the server stores the context in order to process client's further requests.
What is JAX-WS API?
JAX-WS stands for Java API for XML Web Services. JAX-WS is XML based Java API to build web services server and client application. It's part of standard Java API, so we don't need to include anything else which working with it. Refer to JAX-WS Tutorial for a complete example.
What is JAX-RS API?
Java API for RESTful Web Services (JAX-RS) is the Java API for creating REST web services. JAX-RS uses annotations to simplify the development and deployment of web services. JAX-RS is part of JDK, so you don't need to include anything to use it's annotations.
What is the use of Accept and Content-Type Headers in HTTP Request?
These are important headers in Restful web services. Accept headers tells web service what kind of response client is accepting, so if a web service is capable of sending response in XML and JSON format and client sends Accept header as "application/xml" then XML response will be sent. For Accept header "application/json", server will send the JSON response. Content-Type header is used to tell server what is the format of data being sent in the request. If Content-Type header is "application/xml" then server will try to parse it as XML data. This header is useful in HTTP Post and Put requests.
What is sun-jaxws.xml file?
This file is used to provide endpoints details when JAX-WS web services are deployed in servlet container such as Tomcat. This file is present in WEB-INF directory and contains endpoint name, implementation class and URL pattern. For example;
Which language is used by UDDI?
UDDI uses the language known as WSDL (Web Service Description Language)
Enlist the operation types response used in WSDL?
WSDL basically defines 4 types of Operation type responses. These are enlisted below One-way: Receives a message but does not return response. Request-Response: Receives a request and return a response. Solicit-Response: Sends a request and wait for a response. Notification: Sends a message but does not wait for a response. Among these, Request-Response is the most common operation type.
How would you choose between SOAP and REST web services?
Web Services work on client-server model and when it comes to choose between SOAP and REST, it all depends on project requirements. Let's look at some of the conditions affecting our choice: Do you know your web service clients beforehand? If Yes, then you can define a contract before implementation and SOAP seems better choice. But if you don't then REST seems better choice because you can provide sample request/response and test cases easily for client applications to use later on. How much time you have? For quick implementation REST is the best choice. You can create web service easily, test it through browser/curl and get ready for your clients. What kind of data format are supported? If only XML then you can go with SOAP but if you think about supporting JSON also in future then go with REST.
What is the use of @XmlRootElement annotation?
XmlRootElement annotation is used by JAXB to transform java object to XML and vice versa. So we have to annotate model classes with this annotation.
Define SOA?
"A Service Oriented Architecture (SOA) is basically defined as an architectural pattern consisting of services. Here application components provide services to the other components using communication protocol over the network. This communication involves data exchanging or some coordination activity between services. Some of the key principles on which SOA is based are mentioned below The service contract should be standardized containing all the description of the services. There is loose coupling defining the less dependency between the web services and the client. It should follow Service Abstraction rule, which says the service should not expose the way functionality has been executed to the client application. Services should be reusable in order to work with various application types. Services should be stateless having the feature of discoverability. Services break big problems into little problems and allow diverse subscribers to use the services."
Explain Web Services?
"A Web Service can be defined as an application component for communication or say exchanging information between two applications over the network. Web services basically work on client server model where web services are easily accessible to client applications over the network. To enable communication between various applications, web services take the help of open standards like XML (for data tagging), SOAP (for message transferring) and WSDL (to denote service availability)."
For designing a secure RESTful web service, what are the best factors that should be followed?
"As HTTP URL paths are used as a part of RESTful web service, so they need to be secured. Some of the best practices include the following Perform validation of all inputs on the server from SQL injection attacks. Perform user's session based authentication whenever a request is made. Never use sensitive data like username, session token password, etc through URL. These should be passed via POST method. Methods like GET, POST, PUT, DELETE, etc should be executed with proper restrictions. HTTP generic error message should be invoked wherever required."
Explain BEEP?
"BEEP stands for Blocks Extensible Exchange Protocol. BEEP is determined as building new protocols for the variety of applications such as instant messaging, network management, file transfer etc. It is termed as new Internet Engineering Task Force (IETF) which is layered directly over TCP. It has some built-in features like Authentication Security Error handling Handshake Protocol"
Differentiate SOAP and REST?
"Difference between SOAP and REST can be easily understood from the below table SOAP Simple Object Access Protocol (SOAP) serves as a standard protocol for web service creation. Web services and clients are tightly coupled and define some standards that are to be strictly followed. It requires more bandwidth and resource as well as uses service interfaces for exposing business logic. It is usually less preferred and permits XML data format only. Java API for SOAP web service is JAX-WS. SOAPUI can be used for testing SOAP web services. It defines its own security and uses WSDL contract for binding web services and client programs. REST Representational State Transfer (REST) is an architectural style for web service creation. It does not follow too many standards and is loosely coupled. It requires less bandwidth and resource as well as uses URI (Uniform Resource Identifiers) for exposing business logic. It is usually more preferred and permits data formats like Plain text, HTML, JSON, etc. Java API for RESTFUL web service is JAX-RS. Browsers and extensions such as Chrome postman are used for testing REST web services. It does not have any defined contract as well as does not have its own security methods."
What are the advantages and disadvantages of SOAP?
"Enlisted below are advantages of SOAP web services SOAP allows communications between various applications and it is both language and platform independent. It is very simple as well as uses standard HTTP protocol and XML for sending and receiving messages. It defines and uses its own security known as WS security. It decouples the encoding and communication protocol from the runtime environment. It eradicates firewall problems and is vendor neutral. It allows circulation of messages in distributed and decentralized environment. Enlisted below are disadvantages of SOAP web services Lightweight formats other than XML are not supported. Not easily testable on browsers. Security facilities are not present. SOAP is slow and cannot be easily tested on the browser. Web services and clients are tightly coupled and define some standards that are to be strictly followed."
Enlist few syntax rules applicable for SOAP message?
"Enlisted below are some important syntax rules that are applicable for SOAP message A SOAP message Must be encoded using XML. Must use the SOAP envelope namespace. Must use the SOAP encoding namespace. Must not contain the DTD reference. Must not contain XML processing instructions."
Explain the advantages of RESTful web services?
"Enlisted below are the advantages of RESTful web services They are considered as language and platform independent as these can be written in any programming language and can be executed on any platform. REST is lightweight protocol and is considered as fast because of less consumption of bandwidth and resources. It supports multiple technologies and different data formats like plain text, XML, JSON, etc. It has loosely coupled implementation and can be tested easily over browsers."
What are the two attributes of <Port> element in WSDL?
"Every port element is related to a specific binding by defining an individual endpoint. The port element has following two attributes Name: This attribute provides the unique name within the WSDL document. Binding: This attribute refers to the process of binding which has to be performed as per the linking rules defined by WSDL."
What are the core components of HTTP request and HTTP response?
"HTTP request has following 5 major components HTTP Requests Meaning/work Verb Indicate HTTP methods like GET, PU URI Identifies the resource on server HTTP Version Indicates version. Request Header Contains metadata like client type Request Body Represents content of the message. HTTP Response > Meaning/work Status/Response code > Indicates the status of the server for requested resource. HTTP version > Represents HTTP version. Response Header > Consists of metadata like content length, content type, server length, etc for HTTP response message. Response Body > Represents response message content."
Explain the message element in WSDL?
"Message element describes the data that has been exchanged between the consumer and the web service providers. Every web service consists of two messages and each message has zero or more <part> parameters. The two messages are Input: Describes the parameter for the web service Output: Describes the return data from the web service."
What is the purpose and format of URI in REST architecture?
"Purpose of URI is to locate resources on the server that are hosting web services. Format of URI<protocol>://<service-name>/<ResourceType>/<ResourceID>"
What do you know about RESTful Web Services?
"REST stands for Representational State Transfer. REST is defined as the stateless client-server architectural style for developing application accessed over the web. When web services use HTTP methods to implement the concept of REST architecture, then it is known as RESTful Web services. In this architectural style, data and functionality are served as resources and is accessed by URI (Uniform Resource Identifiers). RESTful web services enable web services to work best by inducing properties like Performance Scalability Modifiability"
What do you understand by XML-RPC?
"RPC is Remote Procedure Call and as the name suggests, it is the method of calling a procedure or function available on any remote computer. XML stands for Extensible Markup Language. Thus XML-RPC represents a simple protocol that performs RPCs by using XML messaging. This has been considered as an excellent tool for connecting different environments and also establishing connections between wide varieties of computers."
What is the difference between RPC Style and Document Style SOAP web Services?
"RPC style generate WSDL document based on the method name and it's parameters. No type definitions are present in WSDL document. Document style contains type and can be validated against predefined schema. Let's look at these with a simple program. Below is a simple test program where I am using Endpoint to publish my simple SOAP web service."
What is a resource in RESTful web service and how it is represented?
"Resource is said to be a fundamental concept having a type and relationship with other resources. In REST architecture, each content is considered as the resource and they are identified by their URIs. Resources are represented with the help of XML, JSON, text etc in RESTful architecture."
What are the points that should be considered by ports while binding?
"SDL allows extensibility elements which are used to specify binding information. Below are few important points that should be kept in consideration while binding. A port must not Specify more than one address. Specify any binding information other than address information."
What are the elements of a SOAP message?
"SOAP is just like other XML document and has following elements Envelope: This element is defined as the mandatory root element. It translates the XML document and determines the start and end of the SOAP message. Header: This element contains the optional header attributes of the message that contains specific information of the application. This element can occur multiple times and are intended to add new features and functionalities. Body: This element is mandatory and contains the call and response messages. It is also defined as the child element of the envelope containing all the application derived XML data that has been exchanged as a part of SOAP message. Fault element: Errors that occur during processing of the messages are handled by the fault element. If the error is present, then this element appears as a child element of the body. However, there can only be one fault block."
What are different ways to test web services?
"SOAP web services can be tested programmatically by generating client stubs from WSDL or through software such as Soap UI. REST web services can be tested easily with program, curl commands and through browser extensions. Resources supporting GET method can be tested with browser itself, without any program"
Explain the actions performed by SOAPUI?
"SOAPUI is an open-source, free and cross-platform functional testing solution. Mentioned below are some actions performed by SOAPUI It can help create functional, security and load testing test suites. Data driven testing and scenario based testing is also performed. It has the ability to impersonate web services as well as has got built-in reporting abilities."
Name important annotations used in JAX-RS API?
"Some of the important JAX-RS annotations are: @Path: used to specify the relative path of class and methods. We can get the URI of a webservice by scanning the Path annotation value. @GET, @PUT, @POST, @DELETE and @HEAD: used to specify the HTTP request type for a method. @Produces, @Consumes: used to specify the request and response types. @PathParam: used to bind the method parameter to path value by parsing it."
What are the components of web service?
"The different components of web services are SOAP- Simple Object Access Protocol UDDI- Universal Description, Discovery, and Integration WSDL- Web Service Description language RDF- Resource Description Framework XML- Extensible Markup Language"
What are the different elements of WSDL documents?
"The different elements of WSDL document along with brief description is enlisted below Types: This defines the message data types, which are in the form of XML schema, used by the web services. Message: This defines the data elements for each operation where messages could be the entire document or an argument that is to be mapped. Port Type: There are multiple services present in WSDL. Port type defines the collection of operations that can be performed for binding. Binding: Determines and defines the protocol and data format for each port type. Operations: This defines the operations performed for a message to process the message."
Explain the term Interoperability with respect of Web services?
"The term 'Interoperability' is widely used in product marketing description which defines the ability of different products or systems working together without any special effort from the customer part. This is applicable in the same way when we talk about 'Interoperability' in terms of web services. Here it determines the communication between various applications, sharing of data as well as services among themselves. There is no restriction on the type of application to be in communication. If any code is written, it will be treated as generic code that will be understood by all application. Thus, the cost of writing specific codes for each application is reduced. There is no restriction on the type of application to be in communication. If any code is written, it will be treated as generic code that will be understood by all application. Thus, the cost of writing specific codes for each application is reduced."
What are the various approaches available for developing SOAP based web services?
"There are basically 2 different approaches available for developing SOAP-based web services. These are explained as follows Contract-first approach: In this approach, the contract is defined first by XML and WSDL and then java classes are derived from the contract. Contract-last approach: In this approach, java classes are defined first and then the contract is generated which is usually the WSDL file from the java class. "Contract-first" method is the most preferred approach."
What are the primary security issues of web service?
"To ensure reliable transactions and secure confidential information, web services requires very high level of security which can be only achieved through Entrust Secure Transaction Platform. Security issues for web services are broadly divided into three sections as described below 1) Confidentiality: A single web service can have multiple applications and their service path contains a potential weak link at its nodes. Whenever messages or say XML requests are sent by the client along with the service path to the server, they must be encrypted. Thus, maintaining the confidentiality of the communication is a must. 2) Authentication: Authentication is basically performed to verify the identity of the users as well as ensuring that the user using the web service has the right to use or not? Authentication is also done to track user's activity. There are several options that can be considered for this purpose Application level authentication HTTP digest and HTTP basic authentication Client certificates 3) Network Security: This is a serious issue which requires tools to filter web service traffic."
Enlist few tools used to test web services?
"To test Web services, below-mentioned tools are used SoapUI REST client JMeter"
Explain the term UDDI with its features?
"UDDI is an XML-based standard in the service discovery layer of web service protocol stack. It is used for publishing and finding web services over the web as it acts like a directory. Some of the features of UDDI are explained below It is an open framework and is platform independent. SOAP, COBRA, and Java RMI protocols are used for communication. It helps businesses to discover each other and enable interaction between them over the internet. It acts as a database containing all WSDL files."
Explain WSDL?
"WSDL stands for Web service Description Language. It is a simple XML document which comes under the Service Description layer of Web Service Protocol Stock and describes the technical details or locates the user interface to web service. Few of the important information present in WSDL document are Method name Port types Service end point Method parameters Header information Origin, etc"
Enlist few advantages of web services?
"We have already discussed web services, its architecture, components. Now, let us see some its advantages Every application is now on the internet and it the web service which provides some sort of required functionality to the client applications. Web services help in exposing the existing functionalities over the network to help other applications to use in their programs. It has features like 'Interoperability' which determines the communication between various applications, sharing of data as well as services among themselves. Web services use the standardized web service protocol stack for communication which consists of 4 layers namely, Service Transport, XML messaging, Service description and Service discovery. It has the feature of the low cost of communication because of the usage of SOAP (Simple Object Access Protocol) over HTTP protocol. Easy to deploy, integrate and is reusable. Allows simple integration between different feature as a part of loose coupling feature."
What are the important characteristics of SOAP envelope element?
"We have seen the basic work of a SOAP envelope element in the previous answer, now let us see some of its characteristics SOAP envelope is a packaging mechanism. Every Soap message has a mandatory root envelope message. Only one body element is allowed for each envelope element. As the SOAP version changes, envelope changes. If the header element is present, it should appear as the first child. Prefix ENV and envelope element is used for specification. A namespace and an optional encoding style are used in case of optional SOAP encoding."
Explain web service architecture?
"Web service framework consists of an architecture which consists of three different layers. The roles of these layers are defined as below Service Provider: As the name denotes, service provider role is to create the web service and makes it accessible to the client applications over the internet for their usage. Service Requestor: Service requestor is basically any consumer of web service like any client application. Client applications are written in any language contact web service for any type of functionality by sending XML request over the available network connection. Service Registry: Service registry is the centralized directory which helps locate web services for client applications. Here we can find the existing web services, as well as developers, can also create the new one. The Service Provider uses the 'Publish' interface of Service Registry to make the existing web services available to client applications. With all the information provided by the service registry, service requestor is able to bind or invoke services."
Define web service protocol stack and its layers?
"Web service protocol stack consists of 4 layers. This can be described as follows 1) Service transport: This is the first layer which helps in transporting XML messages between various client applications. This layer commonly uses the below-mentioned protocols: HTTP(Hypertext Transport Protocol) SMTP(Simple Mail Transport Protocol) FTP(File Transfer Protocol) BEEP(Block Extensible Exchange Protocol) 2) XML messaging: This layer is based on the XML model where messages are encoded in common XML format which is easily understood by others. This layer includes XML-RPC SOAP(Simple Object Access Protocol) 3) Service description: This layer contains description like location, available functions, and data types for XML messaging which describes the public interface to a specific web service. This layer includes: WSDL(Web Service Description Language) 4) Service discovery: This layer is responsible for providing a way to publish and find web services over the web. This layer includes: UDDI(Universal Description, Discovery, and Integration)"
Is binding between SOAP and WSDL possible?
"Yes, it is possible to bind WSDL to SOAP. The binding is possible by basically two attributes Name: Defines the name of the binding. Type: Defines the port for the binding. For SOAP binding, two attributes need to be declared Transport: Defines the SOAP protocol to be used i.e. HTTP. Style: This attribute can be 'rpc' or 'document'."
What is use of javax.xml.ws.Endpoint class?
Endpoint class provides useful methods to create endpoint and publish existing implementation as web service. This comes handy in testing web services before making further changes to deploy it on actual server.
Explain different HTTP methods supported by RESTful web services?
Enlisted below are some common HTTP methods along with their functions that are supported by RESTful web services GET: Read-only access to the resource. PUT: Creation of new resource. DELETE: Removal of a resource. POST: Update of an existing resource. OPTIONS: Get supported operations on the resource. HEAD: Returns HTTP header only, no body.
What is Entrust Entitlements Service?
Entrust Entitlement service is those whose task is to verify the services that are attempting to access the web services. It basically ensures security in business operations as well as some authentication services.
What is Entrust Identification Service?
Entrust Identification Service is categorized under Entrust Secure Transaction Platform which provides essential security capabilities to ensure secure transactions. This usually allows companies to fully control the identities that are trusted to perform web service transactions.
How to set different status code in HTTP response?
For setting HTTP status code other than 200, we have to use javax.ws.rs.core.Response class for response. Below are some of the sample return statements showing it's usage.
What do you know about foundation security services?
Foundation security services consist of the following Integration Authentication Authorization Digital Signatures Encryption processes
Explain the major obstacle faced by SOAP users?
One of the major hindrance observed by users of SOAP is the 'Firewall security mechanism'. In this case, all the HTTP ports except those which bypass firewall are locked. In some cases, a technical issue of mixing specification of message transport with message structure is also observed.
What is difference between SOA and Web Services?
Service Oriented Architecture (SOA) is an architectural pattern where applications are designed in terms of services that can be accessed through communication protocol over network. SOA is a design pattern and doesn't go into implementation. Web Services can be thought of as Services in SOAP architecture and providing means to implement SOA pattern.
Define SOAP web services?
Simple Object Access Protocol (SOAP) is defined as the XML based protocol which is known for designing and developing web services as well as enabling communication between applications developed on different platforms with different programming languages over the internet. It is both platform and language independent.
Name important annotations used in JAX-WS API?
Some of the important annotations used in JAX-WS API are: @WebService @SOAPBinding @WebMethod
Enlist advantages and disadvantages of statelessness?
The advantages of statelessness include Each and every method requests are treated independently. Application design is simplified as it does not maintain client's previous interaction. Works with HTTP protocol as it shares the feature of being statelessness. The disadvantage of statelessness includes Every time client interaction takes place, web services are to be provided with extra information about each request so that they can interpret the client's state.
Do we require any special application to access web service?
The only requirement for accessing web services from any application is that it must support XML-based request and response. There is no need or say the requirement of installing any application for accessing web services.
How to get WSDL file of a SOAP web service?
WSDL document can be accessed by appending ?wsdl to the SOAP endoint URL. In above example, we can access it at http://localhost:8888/testWS?wsdl location.
Name some frameworks in Java to implement SOAP web services?
We can create SOAP web services using JAX-WS API, however some of the other frameworks that can be used are Apache Axis and Apache CXF. Note that they are not implementations of JAX-WS API, they are totally different framework that work on Servlet model to expose your business logic classes as SOAP web services. Read more at Java SOAP Web Service Eclipse example.
What is wsimport utility?
We can use wsimport utility to generate the client stubs. This utility comes with standard installation of JDK. Below image shows an example execution of this utility for one of JAX-WS project.
Can we maintain user session in web services?
Web services are stateless so we can't maintain user sessions in web services