Web services technology represents an important step toward fulfilling the vision of the Internet as an open, interoperable environment in which customers and businesses can interact in ways that were not possible before. The technology is based on fundamental Internet technologies developed during the last few years by a variety of standards bodies, including the World Wide Web Consortium (W3C) and the Internet Engineering Task Force (IETF). These Internet technologies allow software applications developed by various vendors or individuals to interoperate, regardless of the software or hardware systems used to implement the applications. 9.1.1 Web Services TechnologiesThe building blocks of Web services technology are Extensible Markup Language (XML) and HyperText Transfer Protocol (HTTP), which together provide a way to flexibly represent structured information and exchange it over networks. Other standards contribute to making Web services possible, including standards for describing, accessing, and publishing the service:
The WSDL, SOAP, and UDDI standards form the backbone of Web services technology. Enterprise applications use these technologies to interact with other applications at customer, supplier, and partner locations. Such interactions allow these applications to exchange business information and to conduct transactions rapidly. Enterprises in a variety of industries are becoming aware of the cost savings, along with productivity and efficiency gains, achieved by using Web services. As a result, businesses in diverse industries are making significant investments to enable their enterprises to use Web services. 9.1.2 J2EE and Web ServicesAlthough Web services provide a new way for applications to interoperate over the Internet, an enterprise still must develop and implement a Web services application, or it must expose existing applications as Web services. To expeditiously implement or expose a Web service requires an application development and deployment platform that is powerful and full featured yet at the same time easy for developers and deployers to use. The J2EE platform leverages the strengths of the Java programming language and enterprise APIs, including the EJB technology, to provide an industry-leading Web services platform. The strengths of the J2EE platform include a set of component models that allow developers to focus on writing the business logic in their applications and to delegate system-level details to infrastructure layers. In addition, the platform's range of business integration features for accessing relational databases, messaging systems, and enterprise information systems makes it easy to leverage existing enterprise information assets. These features are coupled with a powerful set of Web technologies, revolving around XML and HTTP, that simplify access to J2EE applications from customers and other business applications. The J2EE 1.4 platform release includes an entire set of Web services technologies:
In addition, the EJB 2.1 architecture defines how to use an enterprise bean to implement a Web services endpoint. The Web Services for J2EE specification also describes how to develop and deploy Web services clients and servers in a J2EE environment. 9.1.3 Security and J2EE-Based Web ServicesEnterprises that build Web services to expose their enterprise applications to customers, suppliers, or partners must be sure that such Web services are secure. Enterprise applications must be able to access and update business-critical data. The availability of enterprise applications is critical to the functioning of business processes in the enterprise. It is imperative that Web services not impair the consistency or availability of enterprise applications and data. The technologies that predated Web services did not implement security uniformly. As a result, most enterprise organizations used different security standards, which made it difficult for organizations to interoperate securely, creating a problematic situation. Web services technology provides solutions to such security concerns by providing standardization. Some of these solutions are based on established standards, such as the Secure Sockets Layer (SSL). Other standards, such as for security information in SOAP messages, are forthcoming. Standards bodies are giving the security area intense attention, and security standards for resolving security issues across enterprises using Web services are still evolving. The EJB architecture and the J2EE platform provide an "enterprise-strength" security infrastructure that enables administrators to control who is allowed to access what applications and data. This security is achieved through
Chapter 11, Managing Security, discusses the security infrastructure in detail. The important point for developers of EJB-based Web services is that there are no new APIs for Web services security. Instead, the container takes care of the security needs of the application, based on information provided in the deployment descriptor. The Web services features of the EJB architecture also allow for modular, componentized, and incremental development of Web services. For example, an enterprise may expose just a small component of its large enterprise application as a Web service, keeping the remaining parts of the application unaffected. This permits the enterprise to tightly control the set of allowed operations that can be performed by external users. Furthermore, security for such external access is enforced at the entry point, which in this case is the EJB-based Web service hosted and administered by the enterprise. The administrators of the Web service use the familiar security administration tools provided by the J2EE product to modify the Web service and control who can access what parts of the service. Thus, an enterprise can build and administer the Web service with minimal incremental work. The next sections discuss how to leverage the strengths of the EJB architecture, Web services technologies, and these Java APIs JAX-RPC, JAX-R, JAX-P, and JAX-B to develop Web services using enterprise beans. |