|By Qusay H. Mahmoud, July 2004|
With over 1.2 million downloads, the Java Web Services Developer Pack (Java WSDP) is the most popular toolkit for simplifying development of secure and interoperable web services applications. The Java WSDP is an integrated toolkit for developing, building, testing, and deploying web services, as well as web and XML-based applications. The newest version of Java WSDP, 1.4, contains the latest versions of Java and XML technologies, as well as key standardized technologies to simplify the task of building reliable and secure web services. It has added new features, fixed bugs in earlier releases, and made developing and deploying secure and reliable web services easier than ever. More importantly, Java WSDP 1.4 implements cutting-edge industrial technologies such as the Web Services Interoperability (WS-I) Basic Profile 1.1 with Attachments Profile 1.0, and OASIS Web Services Security (WSS).
This article provides a quick overview of the Java WSDP 1.4 and a description of the technologies that are now part of Java WSDP 1.4, then highlights the new features in Java WSDP 1.4.
The Java Web Services Developer Pack (Java WSDP) is an integrated toolkit that allows Java developers to develop, test, and deploy web services quickly and easily. The Java WSDP 1.4 is an all-in-one download containing key technologies, tools, and APIs that simplify web services development using the Java 2 Platform.
It provides implementations of web services standards including the Web Services Description Language (WSDL), the Simple Object Access Protocol (SOAP), and the Universal Description, Discovery and Integration (UDDI). In addition, it provides implementations for web application development such as JavaServer Pages (JSP Pages) and the JSP Standard Tag Library (JSTL). The Java WSDP 1.4 is also keeping up with key standards by providing support for the Web Services Interoperability Organization (WS-I) profiles to promote interoperability among web services, as well as OASIS Web Services Security specification. It is worth noting that despite the fact that the Java WSDP emphasizes web services, the pack is an integrated toolkit that allows Java developers to develop and deploy not only web services, but also web and XML-based applications. Such applications use common XML and web services technologies, and that is why all the related implementations are bundled together.Java WSDP Technologies
The Java WSDP 1.4 incorporates the following technologies:
Note: The support for WS-I Basic Profile 1.1 with Attachments Profile 1.0 makes the Java WSDP 1.4 the first web services toolkit supporting these profiles. Please see below for more information on the WS-I and WS-I BP. Also, it is important to note that WS-I Basic Profile 1.0 is still supported in the new release of JAX-RPC, and therefore Java WSDP 1.4 will continue to interoperate with other implementations that support Basic Profile 1.0.
The incorporation of the WS-I Attachments Profile 1.0 into JAX-RPC technology (and thus Java WSDP 1.4) has the following advantages
The Java WSDP 1.4 pack includes a WS-I Attachments Sample Application 1.0 EA, defined as a sample Supply Chain Management application that uses web services endpoints for retailers, manufacturers, warehouses, catalogs, and a logging facility. The application allows you to mix and match web services from various vendors in various transactions. These web services have been tested for interoperability with other vendors.
SOAP with Attachments API for Java (SAAJ) v1.2.1: This API enables developers to produce and consume messages conforming to the SOAP 1.1 specification and SOAP with Attachments note.
Java Servlets: Servlets are Java classes that are capable of generating dynamic HTML content using print statements. What is important about Servlets, however, is that they run in a container and the APIs provide session and object life cycle management. Consequently, using Servlets you gain all the benefits from the Java platform which include the sandbox (security), database access API via JDBC, and cross platform portability of servlets.
JavaServer Pages: JSP Pages abstract servlets to a higher level allowing web developers and designers to rapidly develop and maintain information-rich dynamic web page. The JSP technology promotes separation between business logic and presentation.
JavaServer Pages Standard Tag Library (JSTL) v1.1: The JavaServer Pages Standard Tag Library (JSTL) is a standard tag library that provides support for common, structural tasks, such as: iteration and conditionals, processing XML documents, internationalization, and database access using the Structured Query Language (SQL). It provides four separate tag libraries, each containing custom actions that target a specific functional area: (1) core action, (2) XML processing, (3) internationalization, and (4) database access. In addition, the JSTL introduces the concept of an expression language (EL) to simplify page development.
XML and Web Services Security: Java WSDP 1.4 provides an early access (EA) framework for JAX-RPC application developers that enable them to sign/verify SOAP messages, encrypt/decrypt parts of messages, and perform username-password-based authentication. This framework (XWS-Security) is based on the OASIS Web Service Security (WSS) Specification.
OASIS Universal Business Language (UBL): The UBL is an OASIS initiative that aims at compiling a standard library of XML business documents (for purchase order, invoice, dispatch advice, receipt advice, and cancellation) that are defined with XML Schema definitions. JAXB 1.0.3 includes a sample application that demonstrates how to process a UBL order using JAXB-generated classes.
Java WSDP Registry Server v1.0_06: The Java WSDP Registry Server implements Version 2 of the Universal Description, Discovery and Integration (UDDI) specification to provide a UDDI registry for web services in a private environment. Use it as a test registry for web services application development to test applications that you develop that use the Java API for XML Registries (JAXR). A Registry Browser is also provided to perform queries and updates on registry data.
Apache Ant v1.5.4: Ant is a XML-based Java build tool.
Java APIs for XML Digital Signatures (EA): This implementation provides a preview of the JSR-105: XML Digital Signature APIs, which are standard Java APIs for digitally signing and validating XML messages, based on the W3C XML Signature Recommendation.
Web Containers: The Java WSDP 1.4 doesn't come with any web container, but it has support for three containers: Sun Java System Application Server Platform Edition 8 (formerly Sun ONE Application Server), Sun Java System Web Server 6.1 (formerly Sun ONE Web Server), and Tomcat. Therefore, it is now possible to integrate the Java WSDP 1.4 component technologies with a web container of your choice even after you have performed a custom installation.
You can download any of these three containers from the Web Container Downloads page. It is worth noting that Sun Java Web Server has better performance than Apache Tomcat; you can learn more about this from Sun Java Web Server vs. Apache/Tomcat Benchmarks.
The Java WSDP 1.4 features:
The Java WSDP 1.4 supports interoperability between web services from different vendors by implementing key interoperability standards such as those developed by the Web Services Interoperability Organization (WS-I). WS-I is an open, industry organization committed to promoting interoperability among web services based on common, industry-accepted definitions and related XML standards support. Membership in WS-I is open to all organizations interested in promoting interoperability among Web Services and contributing to the development of ws-i.org. Members, however, are required to pay annual membership fees and sign membership agreements.
WS-I is producing a set of deliverables to help developers build and deploy interoperable web services. In addition, it aims to provide implementation guidance and education to help customers with web services adoption. More importantly, it promotes consistent and reliable interoperability among web services across platforms, applications, and programming languages. This is because without industry-accepted guidelines, interoperability between web services will be reduced and this would limit the growth and promise of web services.
One way to achieve this is through testing implementations and guidelines that can help developers in checking whether their web services satisfy the interoperability requirements. In addition, web services profiles can help by grouping key web services standards to simplify implementation and promote interoperability. The aim is really to ensure that web services implementations conform to a commonly accepted set of basic standards.
The first thing that may come to your mind now might be: why isn't an effort like this coming from OASIS or W3C? Well, these organizations are engaged in developing specifications around web services. A third party is needed for industry alignment and agreements on groupings of specifications to provide interoperability and direction. This third party is the WS-I organization, which brings the work of multiple standards together for the purpose of providing conformance around Web Services.
One of the deliverables of WS-I are profiles. A profile contains a list of named and versioned web services specifications at specific levels together with a set of implementation and interoperability guidelines recommending how the specifications should be used to develop interoperable web services.
More information about Web Services Interoperability can be found at the java.net Web Services Interoperability page.Why WS-I Profiles Are Needed?
The core set of specifications that are used to describe, publish, enable discovery, and invoke web services are the Simple Object Access Protocol (SOAP), Web Services Description Language (WSDL), and Universal Description Discovery and Integration (UDDI). All of these specifications are based on XML and XML schema. If you have been keeping up with these core specifications, you would know that it is difficult to determine which products support which levels (or versions) of the specifications. This task becomes harder when you want to ensure that your web services are interoperable. WS-I addresses this need through Profiles.
The first profile is the WS-I Basic Profile 1.0, which includes XML Schema 1.0, SOAP 1.1, WSDL 1.1, and UDDI 2.0. This profile attempts to improve interoperability within its scope which is bounded by the specification referenced by it. The current version of the WS-I Basic Profile is 1.1 is intended to supersede Basic Profile 1.0. The difference between the two is that in 1.1, the serialization of envelopes and their representation in messages are now part of the Simple SOAP Binding Profile 1.0. Therefore, a conformance to both the Basic Profile 1.1 and the Simple SOAP Binding Profile 1.0 is equivalent to conformance to the Basic Profile 1.0.
Another profile, which compliments the WS-I Basic Profile 1.1, is the WS-I Attachments Profile 1.0. It adds support for sending interoperable attachments with SOAP messages. It does so by defining a MIME multipart structure for packaging attachments with SOAP messages. This profile is intended to be used in combination with the Basic Profile 1.1. A complete overview of interoperable attachments support is available at the java.net Attachments feature in JAX-RPC 1.1.2 page.
Note: Splitting Basic Profile 1.0 into Basic Profile 1.1 and Simple SOAP Binding Profile 1.0 allows composability of profiles. This allows Attachments Profile 1.0 to be composed with Basic Profile 1.1. In addition, if there are other serialization mechanisms introduced in the future and profiled, they can be composed with Basic Profile 1.1.
It is worth noting that WS-I makes available some testing tools that are designed to help developers determine whether their Web Services conform to the Basic Profile. The current version tests for version 1.0 of the Basic Profile. It can be downloaded from the ws-i.org Implementation Tools page. In addition, the WS-I Sample Application with Attachments is one of the other deliverables of WS-I, and demonstrates the reality of practical application of web services technologies to solve real world business needs. The WS-I Attachments Sample Application 1.0 EA, which is implemented by Sun and provided as part of the Java WSDP 1.4, demonstrates how WS-I Basic Profile 1.0 and WS-I Basic Profile 1.1 with Attachments Profile 1.0 web services might be designed, implemented and deployed. Instructions of how to configure and run WS-I testing tools with the sample application in Java WSDP 1.4 can be found at the java.net Configuring WS-I Sample Application with WS-I Testing Tools 1.0 page.XML and Web Services Security
Security can be provided at two levels:
Java WSDP 1.4 provides an early access (EA) framework for JAX-RPC application developers that enables them to sign/verify SOAP messages, encrypt/decrypt parts of messages, and perform username-password-based authentication. This framework (XWS-Security) is based on the OASIS Web Services Security (WSS) core specification, and the implementation has been tested for interoperability with other vendors' implementations through participation in OASIS interop events. The current framework uses both: Apache's XML-DSig implementation, which is based on W3C XML Signature Syntax and Processing, and Apache's XML-Enc, that is based on W3C XML Encryption Syntax and Processing.
Note that the message-level security solution provided in Java WSDP 1.4 is based on non-standard Java APIs, which may change with new revisions. The Java standards for XML Digital Signatures and XML Digital Encryption are now part of the Java Community Process (JCP) under JSR-105: XML Digital Signature APIs and JSR-106: XML Digital Encryption APIs, respectively. Note that the Java WSDP 1.4 includes an Early Access implementation of JSR-105, and provides samples that show how you can use the JSR-105 APIs to sign and validate XML signatures.
Examples are provided to illustrate how a JAX-RPC developer can use the XML and Web Services Security framework. The examples can be found at <PathToyourJWSDP1.4Installation>/xws-security/samples/ directory.Beyond Java WSDP 1.4
At JavaOne 2003, Sun announced Fast Web Services as a way to investigate methods for improving performance using encoding mechanisms other than XML. Also, Sun Microsystems is participating in the StAX expert group (JSR-173). This parser will be used when it is ready and this will lead to some gain in performance.
Sun teams are also working on the next generation of JAX-RPC and JAXB specifications and implementations with main emphasis on ease of development, and alignment of JAX-RPC and JAXB technologies. Both of these technologies are going through the Java Community Process: JAX-RPC 2.0 and JAXB 2.0.
Sun is also participating actively in WS-I Basic Security Profile Working Group, and will be working towards providing additional functionality in this space through a future version of the XWS-Security framework.
The source for Java technology collaboration website, or java.net, has a number of interesting projects going on, some of which are related to web services and XML (WS and XML), and you should get involved. Check out the Java WSDP Developer Community.
The Java Web Services Developer Pack 1.4 (Java WSDP 1.4) is an integrated toolkit that enables Java developers to easily develop, test, and deploy secure and reliable web services as well as web and XML-based applications. This article provided an overview of the technologies and tools incorporated in the Java WSDP 1.4. The major differences between Java WSDP 1.4 and earlier releases can be summarized as follows: Java WSDP 1.4 has added support for multiple web containers and thus allowing choice and flexibility for developers; added support for the WS-I Basic Profile 1.1 with Attachments Profile 1.0; provided a web services security framework that implements key web services security standards such as OASIS WSS; and imp=lemented minor bug fixes and performance enhancements.
The Java WSDP development team would like to have your comments and suggestions. Send your feedback to: email@example.com.
Special thanks to Ramesh Mandava, Anita Jindal, Sherman Dickman, Arun Gupta, Sean Mullan, Tom Amiro, Ana Lindstrom-Tamer, and Vishal Mahajan for their contributions to this article.