Developing Web Services with Apache Axis2

By Kent Ka Iok Tong Copyright 2005-2008 TipTec Development

TipTec Development
All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior written permission of the publisher.
ISBN-978-988-17372-1-8
Second edition March 2008

Developing 4e -ervice! (ith #pache #5i!2

Learn web services and Apache Axis2 easily
I% you$+ like to learn ho( to create (e !ervice! 6in particular, u!ing #pache #5i!27 an+ make !ome !en!e o% variou! !tan+ar+! like -8#P, 4-D9, 3T83, 4--#++re!!ing, 4---ecurity, 4--Policy, :39 2ncryption an+ :39 -ignature, then thi! ook i! %or you' 4hy;

It ha! a tutorial !tyle that (alk! you through in a !tep- y-!tep manner' It i! conci!e' There i! no lengthy, a !tract +e!cription' 3any +iagram! are u!e+ to !ho( the %lo( o% proce!!ing an+ high level concept! !o that you get a (hole picture o% (hat$! happening' The %ir!t <= page! are %reely availa le on http"))((('agile!kill!2'org' >ou can ?u+ge it your!el%'

Unique contents in this book

Thi! ook cover! the %ollo(ing topic! not %oun+ in other ook! on #5i!"

@o( to (ork (ith #5i!2 1'0' @o( to u!e 2clip!e 2uropa 64TP 2'07 (ith #5i!2' @o( to invoke a!ynchronou! operation! u!ing 4--#++re!!ing' @o( to encrypt an+ !ign -8#P me!!age! u!ing Aampart' @o( to !en+ u!er authentication in%ormation u!ing Aampart' @o( to !en+ an+ receive inary %ile! u!ing 3T83' @o( to integrate #5i!2 (ith -pring'

Target audience and prerequisites

Thi! ook i! !uita le %or tho!e (ho (oul+ like to learn ho( to +evelop (e !ervice! in Bava' In or+er to un+er!tan+ (hat$! in the ook, you nee+ to kno( Bava an+ to have e+ite+ :39 %ile!' @o(ever, you +o *8T nee+ to kno( the more a+vance+ :39 concept! 6e'g', :39 !chema, :39 name!pace7, !ervlet, Tomcat or PKI'


Developing 4e -ervice! (ith #pache #5i!2

I$+ like to thank"

The #5i! +eveloper! %or creating #5i!' The 4--<B +eveloper! %or creating 4--<B' #nne Thoma! 3ane!, an e5pert in (e !ervice!, %or revie(ing the ook 6%ir!t e+ition7' @elena 9ei %or proo%rea+ing thi! ook' 2ugenia Chan Peng C %or +oing ook cover an+ layout +e!ign'

Developing 4e -ervice! (ith #pache #5i!2

Table of Contents
Dore(or+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0 9earn (e !ervice! an+ #pache #5i!2 ea!ily''''''''''''''''''''''''''''0 CniEue content! in thi! ook''''''''''''''''''''''''''''''''''''''''''''''''''''''0 Target au+ience an+ prereEui!ite!'''''''''''''''''''''''''''''''''''''''''''''0 #ckno(le+gment!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''< Chapter 1 De!igning the inter%ace %or a !imple (e !ervice''''''''''. 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10 Provi+ing cro!! plat%orm operation! acro!! the Internet''''''''''10 APC !tyle (e !ervice''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''11 Document !tyle (e !ervice'''''''''''''''''''''''''''''''''''''''''''''''''''''1< Determining the operation %or a +ocument !tyle (e !ervice' '1/ Port type'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18 Bin+ing''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1. Port'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 Target name!pace''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''22 4-D9'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2< -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''25 Chapter 2 Implementing a (e !ervice''''''''''''''''''''''''''''''''''''''''2/ 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''28 In!talling 2clip!e'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''28 In!talling #5i!2''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''28 In!talling the #5i!2 plug %or 2clip!e''''''''''''''''''''''''''''''''''''''''''00 4-D9 %ile %or the (e !ervice''''''''''''''''''''''''''''''''''''''''''''''''''01 APC ver!ion o% the (e !ervice'''''''''''''''''''''''''''''''''''''''''''''''05 Creating the 4-D9 %ile vi!ually''''''''''''''''''''''''''''''''''''''''''''''''0= Fali+ating the 4-D9 %ile'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''<5 Generating a !ervice !tu '''''''''''''''''''''''''''''''''''''''''''''''''''''''''<= Implementing the (e !ervice''''''''''''''''''''''''''''''''''''''''''''''''''52 Deploying a (e !ervice'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''50 Creating a client u!ing a client !tu ''''''''''''''''''''''''''''''''''''''''''55 Cn+eploying a (e !ervice'''''''''''''''''''''''''''''''''''''''''''''''''''''''58 -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''5. Chapter 0 8ptimiHing the +evelopment environment'''''''''''''''''''=1 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''=2 Placing the cla!! %ile! into #5i! +irectly''''''''''''''''''''''''''''''''''''=2 3aking change! take e%%ect imme+iately'''''''''''''''''''''''''''''''''=<

Developing 4e -ervice! (ith #pache #5i!2

De ugging a (e !ervice'''''''''''''''''''''''''''''''''''''''''''''''''''''''''== Generating co+e automatically'''''''''''''''''''''''''''''''''''''''''''''''''=. Generating client co+e automatically'''''''''''''''''''''''''''''''''''''''/5 -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/= Chapter < Cn+er!tan+ing the calling proce!!''''''''''''''''''''''''''''''// 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/8 Calling a (e !ervice (ithout a client !tu '''''''''''''''''''''''''''''''/8 -eeing the -8#P me!!age!''''''''''''''''''''''''''''''''''''''''''''''''''''/. -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''80 Chapter 5 #ccepting multiple parameter!''''''''''''''''''''''''''''''''''''85 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''8= #ccepting multiple parameter!'''''''''''''''''''''''''''''''''''''''''''''''''8= Interopera ility''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.0 -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.0 Chapter = -en+ing an+ receiving comple5 +ata !tructure!''''''''''.5 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.= Pro+uct Euery'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.= #voi+ing the type !u%%i5'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''105 -en+ing more +ata in a me!!age''''''''''''''''''''''''''''''''''''''''''10/ Aeturning %ault!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''108 C!ing enco+e+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''11= Ae%erring to e5i!ting :39 element!'''''''''''''''''''''''''''''''''''''''11/ Aetrieving 4-D9 %ile! u!ing @TTP''''''''''''''''''''''''''''''''''''''''122 -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''122 Chapter / -en+ing inary %ile!'''''''''''''''''''''''''''''''''''''''''''''''''''120 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12< Provi+ing the image o% a pro+uct'''''''''''''''''''''''''''''''''''''''''''12< 2na ling 3T83 in the !ervice'''''''''''''''''''''''''''''''''''''''''''''''12. Interopera ility''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12. -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''100 Chapter 8 Invoking lengthy operation!'''''''''''''''''''''''''''''''''''''''101 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''102 Provi+ing lengthy operation!''''''''''''''''''''''''''''''''''''''''''''''''''102 Creating the 4-D9 %or u!ine!! regi!tration!'''''''''''''''''''''''105 Creating a ne( threa+ %or lengthy proce!!ing''''''''''''''''''''''''10. Creating an a!ynchronou! client''''''''''''''''''''''''''''''''''''''''''''1<1 In!pecting the 4--#++re!!ing hea+er lock!'''''''''''''''''''''''1<< #voi+ing mo+i%ication! to the me!!age receiver''''''''''''''''''''1<5 -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<=

Developing 4e -ervice! (ith #pache #5i!2

Chapter . -igning an+ encrypting -8#P me!!age!'''''''''''''''''1<. 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''150 Private key an+ pu lic key''''''''''''''''''''''''''''''''''''''''''''''''''''''150 Digital !ignature''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''152 -igning an+ encrypting'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''150 Certi%icate an+ C#''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''15< Di!tingui!he+ name''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 Per%ormance i!!ue (ith a!ymmetric encryption'''''''''''''''''''''155 Keeping key pair an+ certi%icate! in Bava'''''''''''''''''''''''''''''''15= Generating a key pair'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''15/ -etting up a C#''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=1 Importing the certi%icate into the key!tore''''''''''''''''''''''''''''''1=< In!talling Aampart'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=/ -igning -8#P me!!age!'''''''''''''''''''''''''''''''''''''''''''''''''''''''1=8 -upporting +igital !ignature! in the (e !ervice''''''''''''''''''''1/< 2ncrypting -8#P me!!age!''''''''''''''''''''''''''''''''''''''''''''''''''1/. -ecurity i!!ue! (hen per%orming oth !igning an+ encrypting ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18< Protecting 4--#++re!!ing hea+er element!'''''''''''''''''''''''''18/ -en+ing login in%ormation'''''''''''''''''''''''''''''''''''''''''''''''''''''''188 3o+i%ying !ervice!'5ml programatically''''''''''''''''''''''''''''''''''1.< -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.= Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.. 4hat$! in thi! chapter;'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''200 #5i! !erver a! a mini-(e !erver''''''''''''''''''''''''''''''''''''''''''''200 In!talling Tomcat''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''200 Aunning the #5i! !erver in!i+e Tomcat''''''''''''''''''''''''''''''''''200 Invoking -pring ean! %rom your (e !ervice'''''''''''''''''''''''20= -ummary''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''211 Ae%erence!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''210 #lpha etical In+e5''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''215

Chapter 1
Chapter 1

Designing the interface for a simple web service


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

hat!s in this chapter"

In thi! chapter you$ll learn ho( to +e!ign the inter%ace %or a !imple (e !ervice'

#roviding cross platform operations across the $nternet

-uppo!e that you$+ like to provi+e a !ervice to the pu lic or to !ome u!ine!! partner!" They can !en+ you t(o !tring! an+ you (ill concatenate them an+ return the !tring' 8% cour!e, in the real (orl+ you provi+e a more u!e%ul !ervice' There are !everal ma?or reEuirement!" Dir!t, the u!er! may e u!ing +i%%erent language! 6Bava, CI an+ etc'7 an+ u!ing +i%%erent plat%orm! 64in+o(!, 9inu5 an+ etc'7' >our !ervice mu!t e acce!!i le y +i%%erent language! an+ plat%orm!' -econ+, they (ill call your !ervice acro!! the Internet an+ there may e %ire(all! in et(een' >our !ervice mu!t e a le to go through %ire(all!' Given the!e reEuirement!, the e!t !olution i! to provi+e a !o-calle+ J(e !erviceJ' Dor e5ample, you may make a (e !ervice acce!!i le on the ho!t ((('tt+ev'com an+ acce!!i le a! )-imple-ervice 6!ee the +iagram elo(7, !o the %ull CA9 i! http"))((('tt+ev'com)-imple-ervice' Thi! i! calle+ the Jen+pointJ o% the (e !ervice' >our (e !ervice may !upport one or more operation!' 8ne operation may e name+ JconcatJ"
Com ine+ together, the %ull path o% the (e !ervice i! http"))((('tt+ev'com)-imple-ervice'

# (e !erver at http"))((('tt+ev'com # (e !ervice at the path )-imple-ervice #n operation *ame" concat

#n operation *ame" '''


@o(ever, you hope to provi+e a glo ally uniEue name to each operation !o that you can have your JconcatJ operation (hile another per!on may have hi!

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


JconcatJ operation' -o, in a++ition to the name, you may +eclare that the JconcatJ name a ove i! in the Jname!paceJ o% http"))tt+ev'com)!! 6!ee the +iagram elo(7' # name!pace i! ?u!t like a Bava package, ut it i! not in a +ot %ormat like com'tt+ev'%ooK it i! in the %ormat o% a CA9' -o, the %ull name o% the operation (ill e JconcatJ in name!pace http"))tt+ev'com)!!' The name JconcatJ i! calle+ the Jlocal nameJ' The %ull name i! calle+ a JL*ame 6Euali%ie+ name7J"
# (e !erver at http"))((('tt+ev'com # (e !ervice at the path )-imple-ervice #n operation 9ocal name" concat *ame!pace" http"))tt+ev'com)!!

#n operation 9ocal name" ''' *ame!pace" '''


>ou may (on+er (hat thi! http"))tt+ev'com)!! name!pace mean!' The an!(er i! that it ha! no particular meaning' 2ven though it i! a CA9, it +oe! *8T mean that you can u!e a ro(!er to acce!! thi! CA9 to get a (e page 6i% you +o, you may get a %ile not %oun+ error7' The only important thing i! that it mu!t e glo ally uniEue' #! I have regi!tere+ the +omain name tt+ev'com, it mu!t e glo ally uniEue' *ote that the name!pace i! a completely +i%%erent concept %rom the en+point' The en+point really i! the location, (hile the name!pace i! ?u!t a uniEue i+' I coul+ ea!ily move the (e !ervice to another (e !erver an+ thu! it (ill have a +i%%erent en+point, ut the name!pace! o% it! operation! (ill remain unchange+'

%#C style web service

>our concat operation may take t(o parameter!' 8ne i! name+ J!1J an+ i! a !tring' The other i! name+ J!2J an+ i! al!o a !tring' The return value i! al!o a !tring"


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

#n operation Local name: concat Namespace: Parameters: s1: string s2: string Return: string

@o(ever, (hat +oe! the a ove J!tringJ type mean; I! it the Bava !tring type; *o, you can$t !ay that ecau!e it mu!t e language neutral' Dortunately, the :39 !chema !peci%ication +e%ine! !ome a!ic +ata type! inclu+ing a !tring type' 2ach o% the!e +ata type! ha! a L*ame a! it! i+' Dor e5ample" Data type !tring integer int Local name !tring namespace http"))((('(0'org)2001):39-chema http"))((('(0'org)2001):39-chema

''' ''' ''' -o, the inter%ace o% your operation !houl+ e (ritten a!"
#n operation Local name: concat Namespace: Parameters: s1: string in L!chema s2: string in L!chema Return: string in L!chema

#ctually, in (e !ervice!, a metho+ call i! calle+ an Jinput me!!ageJ an+ a parameter i! calle+ a JpartJ' The return value i! calle+ an Joutput me!!ageJ an+ may contain multiple part!' -o, it i! more correct to !ay"
#n operation Local name: concat Namespace: "nput message: Part 1: Name: s1 #$pe: string in L!chema Part 2: Name: s2 #$pe: string in L!chema %utput message: Part 1: Name: return #$pe: string in L!chema

4hen !omeone call! thi! operation, he can !en+ you an :39 element a! the input me!!age like"

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


Local name: concat Namespace: "nput message: Part 1: Name: s1 #$pe: string in L!chema Part 2: Name: s2 #$pe: string in L!chema %utput message: Part 1: Name: return #$pe: string in L!chema The L*ame o% thi! :39 element i! e5actly that o% the operation he i! trying to call %oo i! a Jname!pace pre%i5J repre!enting the http"))tt+ev'com)!! in the re!t o% thi! element inclu+ing it! chil+ren' &'oo:concat (mlns:'oo)**+ &s1+a,c&/s1+ &s2+123&/s2+ &/'oo:concat+

There i! a chil+ element %or each part' 2ach chil+ element ha! the !ame name a! that part 6J!1J in thi! ca!e7'

4hen you return, the output me!!age may e like"

Local name: concat Namespace: "nput message: Part 1: Name: s1 #$pe: string in L!chema Part 2: Name: s2 #$pe: string in L!chema %utput message: Part 1: Name: return #$pe: string in L!chema The L*ame o% thi! :39 element i! e5actly that o% the operation eing calle+

2ach chil+ element ha! the !ame name a! a part in the output me!!age 6JreturnJ in thi! ca!e7'

&'oo:concat (mlns:'oo)**+ &return+a,c123&/return+ &/'oo:concat+

Thi! kin+ o% (e

!ervice i! calle+ JAPC !tyleJ (e

!ervice 6APC !tan+! %or


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

JAemote Proce+ure CallJ7' That i!, the operation L*ame an+ the name! o% the part! are u!e+ to create the input an+ output me!!age!'

&ocument style web service

The a ove (ay i! not the only (ay you +e!ign the inter%ace o% your (e !ervice' Dor e5ample, you may !ay that it! input me!!age only contain! a !ingle part 6!ee the +iagram elo(7 (hich i! an element +e%ine+ in a !chema' In that !chema, it i! +e%ine+ a! an element name+ JconcatAeEue!tJ that contain! t(o chil+ element! M!1N an+ M!2N"
#n operation Local name: concat Namespace: "nput message: Part 1: Name: concatRe-uest .lement: %utput message: ...

MconcatAeEue!tN i! a comple5t type ecau!e it contain! chil+ element!

The element! +e%ine+ here are put into thi! name!pace

&(sd:schema targetNamespace)** (mlns:(sd)* L!chema*+ &(sd:element name)*concatRe-uest*+ &(sd:comple(#$pe+ It contain! a &(sd:se-uence+ !eEuence o% chil+ &(sd:element name)*s1* t$pe)*(sd:string*/+ element!' The %ir!t &(sd:element name)*s2* t$pe)*(sd:string*/+ i! an M!1N &/(sd:se-uence+ element, then i! an &/(sd:comple(#$pe+ M!2N element' &/(sd:element+ &/(sd:schema+

&'oo:concatRe-uest (mlns:'oo)**+ &s1+a,c&/s1+ &s2+123&/s2+ &/'oo:concatRe-uest+

*ote that the !chema i! inclu+e+ in the inter%ace o% your (e !ervice"

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


# (e !ervice # !chema &(sd:schema targetNamespace)** (mlns:(sd)* L!chema*+ &(sd:element name)*concatRe-uest*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*s1* t$pe)*(sd:string*/+ &(sd:element name)*s2* t$pe)*(sd:string*/+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ &/(sd:schema+ #n operation Local name: concat Namespace: "nput message: Part 1: Name: concatRe-uest .lement: concatRe-uest in %utput message: ...

#! you can !ee a ove, a part may e +eclare+ a! a particular element 6MconcatAeEue!tN +e%ine+ in your !chema7 or a! any element having a particular type 6!tring +e%ine+ in :39 !chema !peci%ication7' In either ca!e it i! i+enti%ie+ u!ing a L*ame' 4hen !omeone call! thi! operation, he (ill !en+ you a MconcatAeEue!tN element a! the input me!!age like"
&'oo:concatRe-uest (mlns:'oo)**+ &s1+a,c&/s1+ &s2+123&/s2+ &/'oo:concatRe-uest+

-imilarly, %or the output me!!age, you may !peci%y that it contain! only one part an+ that part i! a MconcatAe!pon!eN element"


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

# (e !ervice # !chema &(sd:schema targetNamespace)** (mlns:(sd)* L!chema*+ &(sd:element name)*concatRe-uest*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*s1* t$pe)*(sd:string*/+ &(sd:element name)*s2* t$pe)*(sd:string*/+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ <xsd:element name="concatResponse" type="xsd:string"/> &/(sd:schema+ #n operation Local name: concat Namespace: "nput message: Part 1: Name: concatRe-uest .lement: concatRe-uest in %utput message: Part 1: Name: concatResponse Element: concatResponse in Thi! MconcatAe!pon!eN element i! a J!imple type elementJ, meaning that it ha! no attri ute an+ can$t have element! in it! o+y 6!o only !imple !tring or num er in it! o+y7' &'oo:concatResponse (mlns:'oo)**+a,c123&/'oo:concatResponse+

Thi! kin+ o% (e !ervice i! calle+ J+ocument !tyleJ (e !ervice' That i!, the input me!!age (ill contain a !ingle part only (hich i! (ell +e%ine+ in a !chema' The !ame i! true o% the output me!!age' I% you go ack to check the input me!!age %or the APC !tyle !ervice, it !houl+ e revi!e+ a!"

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


&'oo:concat+ (mlns:'oo)** xmlns:xsd="http:// . !.org/"##1/$%&'chema" xmlns:xsi="http:// . !.org/"##1/$%&'chema()nstance"+ &s1 xsi:type="xsd:string"+a,c&/s1+ &s2 xsi:type="xsd:string"+123&/s2+ &/'oo:concat+ Thi! attri ute i! u!e+ to e5plicitly !tate the :39 +ata type o% the o+y o% an element 6Ja cJ here7' Thi! i! u!e%ul (hen the element 6M!1N7 it!el% i! not +e%ine+ in a !chema' Thi! JtypeJ attri ute i! +e%ine+ in the http"))((('(0'org)2001):39-chema-In!tance name!pace, !o you nee+ to intro+uce a pre%i5 %or it"

Thi! i! ecau!e M%oo"concatN, M!1N an+ M!2N are not +e%ine+ in any !chema an+ there%ore you mu!t e5plicitly !tate the :39 element type! o% the content o% M!1N an+ M!2N' *o(, let$! compare the input me!!age! o% the APC !tyle (e !ervice an+ the +ocument !tyle (e !ervice" RPC style
&'oo:concat+ (mlns:'oo)** (mlns:(sd)* L!chema* (mlns:(si)* L!chema/"nstance*+ &s1 (si:t$pe)*(sd:string*+a,c&/s1+ &s2 (si:t$pe)*(sd:string*+123&/s2+ &/'oo:concat+

Document style

&'oo:concatRe-uest (mlns:'oo)**+ &s1+a,c&/s1+ &s2+123&/s2+ &/'oo:concatRe-uest+

*ot much +i%%erence, right; The !igni%icant +i%%erence i! that the %ormer can$t e vali+ate+ (ith a !chema (hile the latter can' There%ore, +ocument !tyle (e !ervice i! ecoming the +ominant !tyle' #ccor+ing to an organiHation calle+ J4--I 6(e !ervice! interopera ility organiHation7J, you !houl+ u!e +ocument !tyle (e !ervice! only'

&etermining the operation for a document style web service

To call an operation in a +ocument !tyle (e !ervice, one (ill !en+ the !ingle part o% the input me!!age only' *ote that it +oe! *8T !en+ the operation name in any (ay' Then i% there are more than one operation! in the (e !ervice 6!ee the +iagram elo(7, ho( can it +etermine (hich one i! eing calle+; In that


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

ca!e, it (ill !ee i% the input me!!age i! a MconcatAeEue!tN or a M!ome2lementN to +etermine' 4hat i% oth take a M!ome2lementN; Then it i! an error an+ it (on$t (ork"
# (e !ervice # !chema ...

#n operation Local name: concat Namespace: "nput message: Part 1: Name: concatRe-uest .lement: concatRe-uest in %utput message: ... #n operation Local name: ,ar Namespace: "nput message: Part 1: Name: ,arRe-uest .lement: some.lement in %utput message: ...

#ort type
#ctually, a (e !ervice +oe!n$t +irectly contain a li!t o% operation!' In!tea+ 6!ee the +iagram elo(7, operation! are groupe+ into one or more Jport type!J' # port type i! like a Bava cla!! an+ each operation in it i! like a !tatic metho+' Dor e5ample, in the (e !ervice a ove, you coul+ have a port type name+ J!tringCtilJ containing operation! %or !tring!, (hile having another port type name+ J+ateCtilJ containing operation! %or +ate!' The name o% a port type mu!t al!o e a L*ame"

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


# (e !ervice # !chema ...

# port type Local name: string0til Namespace: #n operation Local name: concat Namespace: ... #n operation Local name: ,ar Namespace: ...

# port type Local name: date0til Namespace: #n operation Local name: ... Namespace: ... #n operation Local name: ... Namespace: ...

#ctually, a port type may allo( you to acce!! it u!ing +i%%erent me!!age %ormat!' The me!!age %ormat that you have !een i! calle+ the J-imple 8 ?ect #cce!! Protocol 6-8#P7J %ormat' It i! po!!i le that, !ay, the !tringCtil port type may al!o !upport a plain te5t %ormat"
concat1s1)2a,c23 s2)212324

In a++ition to the me!!age %ormat, a port type may allo( the me!!age to e carrie+ 6tran!porte+7 in an @TTP P8-T reEue!t or in an email' 2ach !upporte+ com ination i! calle+ a J in+ingJ"


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

# (e !ervice # !chema ...

Port type" !tringCtil concat ...

Bin+ing Name: ,inding1 Port t$pe: 8ormat: !%7P #ransport: ;##P

Bin+ing Name: ,inding2 Port t$pe: 8ormat: #.X# #ransport: ! #P

Dor e5ample

Dor e5ample

P%!# /56!77/test/ts.php &concatRe-uest+ &s1+a,c&/s1+ &s2+123&/s2+ &/concatRe-uest+

8R% : #%: ... concat1s1)2a,c23 s2)212324

4hat in+ing! !houl+ your port type !upport; -8#PO@TTP i! the mo!t common com ination' -o, you !houl+ pro a ly u!e thi! in+ing in practice'

-uppo!e that there are ?u!t too many people u!ing your (e !ervice, you +eci+e to make it availa le on more than one computer!' Dor e5ample 6!ee the +iagram elo(7, you may +eploy the a ove in+ing 1 on computer! c1, c2 an+ c0 an+ +eploy in+ing 2 on c0' In that ca!e it i! !ai+ that you have %our port!' Three port! are u!ing in+ing 1 an+ one u!ing in+ing 2"

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


# (e !ervice # !chema ...

Port type" !tringCtil concat ...

Bin+ing Name: ,inding1 Port t$pe: 8ormat: !%7P #ransport: ;##P

Bin+ing Name: ,inding2 Port t$pe: 8ormat: #.X# #ransport: ! #P

Deploye+ to Deploye+ to Deploye+ to Deploye+ to

Port 1

Port 2

Port 0 Port <




*ote that it +oe! *8T mean that the reEue!t! receive+ y the!e three computer! (ill e %or(ar+e+ to a computer hi+ing ehin+ %or proce!!ing' In!tea+, it mean! that there i! !ome !o%t(are implementing the port type in!talle+ on the!e three computer!' There i! no reEuirement that the !ame piece o% !o%t(are i! in!talle+ onto the +i%%erent computer!' Dor e5ample, on c1, port 1 may e (ritten in Bava, (hile on c2, port 2 may e (ritten in CI' The important point i! that they oth !upport the operation! !peci%ie+ in port type !tringCtil an+ the me!!age %ormat an+ tran!port !peci%ie+ in the in+ing 1' Port < mu!t al!o implement the !ame operation! too 6!ame port type7 ut the me!!age %ormat an+ tran!port are +i%%erent' To tell other! a out thi! arrangement, you inclu+e the!e port! in the inter%ace o% the (e !ervice"


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

# (e !ervice # !chema ...

Port type" !tringCtil concat ...

Bin+ing Name: ,inding1 Port t$pe: 8ormat: !%7P #ransport: ;##P

Bin+ing Name: ,inding2 Port t$pe: 8ormat: #.X# #ransport: ! #P

Port Name: port1 <inding: .ndpoint: ...

Port Name: port2 <inding: .ndpoint: ...

Port Name: port3 <inding: .ndpoint: ...

Port Name: port= <inding: .ndpoint: ...

Target namespace
>ou have een u!ing the !ame name!pace %or the operation name!, port type name! an+ etc' in thi! (e !ervice' Do they have to e in the !ame name!pace; By +e%ault, thi! i! the ca!e" There i! a !ingle name!pace %or a (e !ervice to put the name! into' Thi! i! calle+ the Jtarget name!paceJ %or the (e !ervice"

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


# (e !ervice #arget namespace: ... # !chema ...

Port type" !tringCtil concat ...

Bin+ing Name: ,inding1 Port t$pe: 8ormat: !%7P #ransport: ;##P

Bin+ing Name: ,inding2 Port t$pe: 8ormat: #.X# #ransport: ! #P

Port Name: port1 <inding: .ndpoint: ...

Port Name: port2 <inding: .ndpoint: ...

Port Name: port3 <inding: .ndpoint: ...

Port Name: port= <inding: .ndpoint: ...

>ou$ve een u!ing http"))tt+ev'com)!! a! the target name!pace' I! it a goo+ choice; Ba!ically a name!pace i! goo+ a! long a! it i! glo ally uniEue' -o thi! one !houl+ e goo+' @o(ever, people may try to +o(nloa+ a (e page %rom thi! CA9' 4hen it +oe!n$t (ork, they may !u!pect that your (e !ervice i! out o% or+er' To avoi+ thi! con%u!ion, you may u!e !omething calle+ CA* 6Cni%orm Ae!ource *ame7 a! the name!pace' # name!pace mu!t e a CAI' CAI !tan+! %or Cni%orm Ae!ource I+enti%ier' There are t(o kin+! o% CAI' 8ne i! CA9 !uch a! http"))((('%oo'com) ar' The other i! CA*' # CA* take! the %ormat o% urn"M!ome-o ?ect-typeN"M!omeo ?ect-i+N' Dor e5ample, International I-B* #gency ha! ma+e a reEue!t to the I#*# 6International #!!igne+ *um er! #!!ociation7 that it (oul+ like to manage the o ?ect type name+ Ji! nJ' #%ter the reEue!t ha! een approve+, the International I-B* #gency can +eclare that a CA* urn"i! n"1-20-<5=/8.-0 (ill i+enti%y a ook (ho!e I-B* i! 1-20-<5=/8.-0' It can +etermine the meaning o% the o ?ect i+ (ithout con!ulting I#*# at all' -imilarly, you may !u mit a reEue!t to I#*# to regi!ter your Internet +omain name !uch a! %oo'com a! the o ?ect type' Then on approval you can u!e CA*! like urn"%oo'com"5yH to i+enti%y an o ?ect 5yH in your company' 4hat 5yH mean! or it! %ormat i! completely up to you to +eci+e' Dor e5ample, you may u!e urn"%oo'com"pro+uct"120 6!o 5yH i! pro+uct"1207 to mean the pro+uct I120 pro+uce+ y your company, or urn"%oo'com"patent)120 6!o 5yH i! patent)1207 to mean a patent co+e+ 120 in your company'


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

@o(ever, thi! (ill create a lot o% (orkloa+ on you an+ on I#*# 6one regi!tration per companyP7' #! you have alrea+y regi!tere+ the +omain name %oo'com, it i! unlikely that !omeone (ill u!e it in their CA*$!' -o, you may (ant to go ahea+ an+ u!e %oo'com, or, a! many people +o, %oo-com a! the o ?ect type (ithout regi!tration (ith I#*# an+ hope that there (on$t e any colli!ion' #n :39 name!pace mu!t e a CAI' >ou can u!e a CA9 or a CA*' Dunctionally there i! no +i%%erence at all' Dor e5ample, you may u!e !ay urn"tt+ev'com"!! a! the target name!pace %or your (e !ervice in!tea+ o% http"))tt+ev'com)!! (ithout changing any %unctionality' By the (ay, i% you are going to lookup re%erence! on CA*, +o *8T try to %in+ term! like Jo ?ect typeJ or Jo ?ect i+J' The o%%icial term! are"
CA* name!pace !peci%ic !tring 6*--7 urn:is,n:1/23/=>?@AB/0 CA* name!pace i+enti%ier 6*ID7' Thi! name!pace i! *8T the name!pace in :39P

By no( you have %ini!he+ +e!igning the inter%ace %or your (e !ervice"

Chapter 1 De!igning the inter%ace %or a !imple (e !ervice


# (e !ervice #arget namespace: ... # !chema ...

Port type" !tringCtil concat ...

Bin+ing Name: ,inding1 Port t$pe: 8ormat: !%7P #ransport: ;##P

Bin+ing Name: ,inding2 Port t$pe: 8ormat: #.X# #ransport: ! #P

Port Name: port1 <inding: .ndpoint: ...

Port Name: port2 <inding: .ndpoint: ...

Port Name: port3 <inding: .ndpoint: ...

Port Name: port= <inding: .ndpoint: ...

It %ully +e!cri e! your (e !ervice' Thi! +e!cription language 6term! an+ concept!7 i! calle+ J4-D9 64e -ervice! De!cription 9anguage7J'

# (e !ervice i! plat%orm neutral, language neutral an+ can e acce!!e+ acro!! the Internet' # (e !ervice ha! one or more port!' 2ach port i! a in+ing +eploye+ at a certain net(ork a++re!! 6en+point7' # in+ing i! a port type u!ing a particular me!!age %ormat an+ a particular tran!port protocol' # port type contain! one or more operation!' #n operation ha! an input me!!age an+ an output me!!age' 2ach me!!age ha! one or more part!' 2ach part i! either a certain element +e%ine+ in the !chema o% the (e !ervice, or any element elonging to a certain element type in that !chema' #ll thi! in%ormation i! %ully +e!cri e+ in 4-D9' To call a APC !tyle (e !ervice, one (ill create an :39 element (ith the name o% the operation an+ a chil+ element %or each o% it! input me!!age part' To call a +ocument !tyle (e !ervice, one (ill ?u!t !en+ the one an+ only part o% it! input me!!age' Becau!e the :39 element u!e+ to call a APC !tyle (e !ervice i! not +e%ine+ in any !chema, %or etter interopera ility, one !houl+ create +ocument !tyle (e !ervice!' The (e !ervice, an+ each o% it! port!, in+ing!, port type! an+ operation!, ha! a L*ame uniEuely i+enti%ying it' # L*ame ha! a local part an+ an :39


Chapter 1 De!igning the inter%ace %or a !imple (e !ervice

name!pace' #n :39 name!pace i! a CAI that i! glo ally uniEue' By +e%ault the name! o% all the!e component! are put into the target name!pace o% the (e !ervice' There are t(o kin+! o% CAI" CA9 an+ CA*' CA* take! the %orm o% urn"M*IDN"M*--N' >ou can u!e either a! an :39 name!pace' The only +i%%erence i! that a CA9 i! !ugge!ting that it i! the location o% an o ?ect, (hile a CA* i! purely an i+ o% the o ?ect'


Chapter 2
Chapter 2

Implementing a web service


Chapter 2 Implementing a (e !ervice

hat!s in this chapter"

In thi! chapter you$ll learn ho( to implement the (e !ervice inter%ace +e!igne+ in the previou! chapter'

$nstalling )clipse
>ou nee+ to make !ure you have 2clip!e v0'0 6or later7 in!talle+ an+ it i! the un+le %or Bava 22 6the un+le %or Bava -2 i! *8T enough7' I% not, go to http"))((('eclip!e'org to +o(nloa+ the 2clip!e ID2 %or Bava 22 Developer! 6e'g', eclip!e-?ee-europa-%all-(in02'Hip7' CnHip it into c"Qeclip!e' Then, create a !hortcut to run Jc"Qeclip!eQeclip!e -+ata c"Q(ork!paceJ' Thi! (ay, it (ill !tore your pro?ect! un+er the c"Q(ork!pace %ol+er' To !ee i% it$! (orking, run it an+ make !ure you can !(itch to the Bava 22 per!pective"

BCG #92AT" I% you$re u!ing 2clip!e 0'0'1, there i! a !eriou! ug in it" 4hen vi!ually e+iting 4-D9 %ile! 2clip!e (ill %reEuently cra!h (ith an 8ut8%3emory2rror' To %i5 it, mo+i%y c"Qeclip!eQeclip!e'ini"
/showsplash org.eclipse.plat'orm //launcher.XX a(Perm!iCe 2>?m /vmargs /Xms=0m /Xm(2>?m ($$:%axPerm'i*e="+,m

Delete them Thi! line mu!t e put a%ter -vmarg!

$nstalling Axis2
*e5t, go to http"))(!'apache'org)a5i!2 to +o(nloa+ the J-tan+ar+ Binary Di!tri utionJ 6e'g' a5i!2-1'0- in'Hip7' CnHip it into c"Qa5i!' To run the #5i! !erver, change into c"Qa5i!Q in an+ run a5i!2!erver' at' >ou !houl+ !ee"

Chapter 2 Implementing a (e !ervice


Then open a ro(!er an+ acce!! http"))localho!t"8080' >ou !houl+ !ee"

It mean! that there i! an e5i!ting (e !ervice calle+ JFer!ionJ availa le' Click on that JFer!ionJ link an+ you !houl+ !ee it! 4-D9 %ile"


Chapter 2 Implementing a (e !ervice

$nstalling the Axis2 plug for )clipse

Go to http"))(!'apache'org)a5i!2)tool!)in+e5'html an+ +o(nloa+ the Co+e Generator 4iHar+ - 2clip!e Plug-in' -uppo!e that it i! a5i!2-eclip!e-co+egen(iHar+'Hip' CnHip it into the c"Qeclip!eQplugin! %ol+er' Ae!tart 2clip!e i% reEuire+' To check i% it$! (orking, choo!e JDile R *e( R 8therJ an+ you !houl+ !ee the J#5i!2 Co+e GeneratorJ"

Chapter 2 Implementing a (e !ervice


(&L file for the web service

-uppo!e that you$+ like to create a (e chapter" !ervice +e!cri e+ in the previou!


Chapter 2 Implementing a (e !ervice

#arget namespace: -chema &(sd:schema targetNamespace)* (mlns:tns)** (mlns:(sd)* L!chema*+ &(sd:element name)*concatRe-uest*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*s1* t$pe)*(sd:string*/+ &(sd:element name)*s2* t$pe)*(sd:string*/+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ &(sd:element name)*concatResponse* t$pe)*(sd:string*/+ &/(sd:schema+ Port type Name: ... %perations: Name: concat "nput msg: Part 1: Name: concatRe-uest .lement: concatRe-uest element as de'ined in the schema %utput msg: Part 1: Name: concatRe-uest .lement: concatResponse element as de'ined in the schema Bin+ing Name: ... Port t$pe: 8ormat: !%7P #ransport: ;##P Port Name: ... <inding: .ndpoint: ...

To (rite it u!ing the real 4-D9 language, it !houl+ e"

Chapter 2 Implementing a (e !ervice


The name! o% the port type!, operation!, in+ing! an+ port! (ill e put into thi! name!pace

#ll the element! an+ element type! +e%ine+ in the !chema (ill e put into thi! name!pace

<-xml version="1.#" encoding="./0(1"-> < sdl:de2initions xmlns:soap=" sdl/soap/" xmlns:tns="" xmlns: sdl=" sdl/" xmlns:xsd="http:// . !.org/"##1/$%&'chema" name="'imple'ervice" targetNamespace=""> < sdl:types> <xsd:schema targetNamespace="" Put the !chema xmlns:tns=""> into the Mtype!N <xsd:element name="concatRe34est"> !ection <xsd:complex/ype> <xsd:se34ence> <xsd:element name="s1" type="xsd:string"/> <xsd:element name="s"" type="xsd:string"/> </xsd:se34ence> </xsd:complex/ype> The input me!!age </xsd:element> <xsd:element name="concatResponse" type="xsd:string"/> contain! a !ingle part' The name o% the part </xsd:schema> i! unimportant' </ sdl:types> < sdl:message name="concatRe34est"> < sdl:part name="concatRe34est" element="tns:concatRe34est" /> </ sdl:message> < sdl:message name="concatResponse"> < sdl:part name="concatResponse" element="tns:concatResponse" /> </ sdl:message> < sdl:port/ype name="'imple'ervice"> The output me!!age < sdl:operation name="concat"> contain! a !ingle part' < sdl:inp4t message="tns:concatRe34est" /> The name o% the part < sdl:o4tp4t message="tns:concatResponse" /> i! unimportant' </ sdl:operation> </ sdl:port/ype> ... concat operation </ sdl:de2initions>

Thi! +e%ine! the !chema an+ the port type' To +e%ine the in+ing an+ the port"


Chapter 2 Implementing a (e !ervice

<-xml version="1.#" encoding="./0(1"-> < sdl:de2initions xmlns:soap=" sdl/soap/" xmlns:tns="" xmlns: sdl=" sdl/" xmlns:xsd="http:// . !.org/"##1/$%&'chema" name="'imple'ervice" targetNamespace=""> The in+ing u!e! the -8#P %ormat < sdl:types> an+ @TTP tran!port' -8#P ... !upport! APC an+ +ocument !tyle!' </ sdl:types> @ere you u!e the +ocument !tyle' < sdl:message name="concatRe34est"> < sdl:part name="concatRe34est" element="tns:concatRe34est" /> </ sdl:message> < sdl:message name="concatResponse"> < sdl:part name="concatResponse" element="tns:concatResponse" /> </ sdl:message> < sdl:port/ype name="'imple'ervice"> Thi! in+ing < sdl:operation name="concat"> implement! thi! < sdl:inp4t message="tns:concatRe34est" /> port type < sdl:o4tp4t message="tns:concatResponse" /> </ sdl:operation> </ sdl:port/ype> < sdl:5inding name="'imple'ervice'67P" type="tns:'imple'ervice"> <soap:5inding style="doc4ment" transport="" /> </ sdl:5inding> The port !upport! thi! in+ing < sdl:service name="'imple'ervice"> < sdl:port 5inding="tns:'imple'ervice'67P" name="'imple'ervice'67P"> The port <soap:address location="http://localhost:1#1#/axis"/services/'imple'ervice'67P"/> </ sdl:port> </ sdl:service> </ sdl:de2initions> CA9 to the #5i! !erver 3u!t e the (or+ *ame o% the port J!ervice!J The en+point o% the port

In %act, in a -8#P in+ing, you nee+ to !peci%y !ome more +etail!"

Chapter 2 Implementing a (e !ervice


&wsdl:de'initions ...+ ... &wsdl:message name)*concatRe-uest*+ &wsdl:part name)*concatRe-uest* element)*tns:concatRe-uest* /+ &/wsdl:message+ &wsdl:message name)*concatResponse*+ &wsdl:part name)*concatResponse* element)*tns:concatResponse * /+ &/wsdl:message+ ... &wsdl:,inding name)*!imple!ervice!%7P* t$pe)*tns:!imple!ervice*+ &soap:,inding st$le)*document* transport)*http://schemas.(* /+ &wsdl:operation name)*concat*+ &soap:operation The !oap action i! u!e+ soap7ction)** /+ to tell the @TTP !erver &wsdl:input+ 6Tomcat7 that it i! a &soap:,od$ parts)*concatRe-uest* use)*literal* /+ -8#P me!!age an+ it! &/wsdl:input+ purpo!e' It i! up to the &wsdl:output+ @TTP !erver to &soap:,od$ parts)*concatResponse* use)*literal* /+ interpret the actual &/wsdl:output+ meaning' In your ca!e, &/wsdl:operation+ it i! u!ele!! ecau!e &/wsdl:,inding+ #5i! (ill han+le the ... 9iteral mean! the me!!age -8#P me!!age, not &/wsdl:de'initions+ part! are alrea+y in :39' *o Tomcat' nee+ to convert 6enco+e7 it %urther' Put the input me!!age part! li!te+ The output me!!age here 6?u!t one in thi! ca!e" the # -8#P me!!age i! like a mail' The part! li!te+ here (ill MconcatAeEue!tN element7 into the outermo!t i! an M2nvelopeN' The e put into the o+y o+y o% the -8#P reEue!t main content i! in a MBo+yN' 8ne or o% the -8#P me!!age" more hea+er! can e put into re!pon!e me!!age' M@ea+erN' &soap/env:.nvelope (mlns:soap/env)*http://schemas.(*+ &soap/env:;eader+ The M@ea+erN i! optional &...+ # Jhea+er entryJ or Jhea+er elementJ' It i! &/...+ u!e+ like email hea+er!' &...+ #nother hea+er element &/...+ &/soap/env:;eader+ It mu!t have a MBo+yN' The real me!!age &soap/env:<od$+ content i! put there' &'oo:concatRe-uest...+ Thi! i! calle+ a J o+y entryJ or J o+y &s1+...&/s1+ elementJ &s2+...&/s2+ &/'oo:concatRe-uest+ #nother o+y element' @o(ever, in mo!t &...+ ca!e! you !houl+ have a !ingle me!!age &/...+ part an+ thu! a !ingle o+y element only' &/soap/env:<od$+ 8ther(i!e interopera ility (ill e a%%ecte+' &/soap/env:.nvelope+

%#C version of the web service

I% the (e !ervice (a! a APC !tyle !ervice, then the 4-D9 %ile (oul+ e like"


Chapter 2 Implementing a (e !ervice

&wsdl:de'initions ...+ &wsdl:t$pes+ &(sd:schema ...+ &(sd:element name)*concatRe-uest*+ &(sd:comple(#$pe+ Don$t nee+ the!e &(sd:se-uence+ any more &(sd:element name)*s1* t$pe)*(sd:string*/+ &(sd:element name)*s2* t$pe)*(sd:string*/+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ &(sd:element name)*concatResponse* t$pe)*(sd:string*/+ &/(sd:schema+ &wsdl:t$pes/+ &wsdl:message name)*concatRe-uest*+ The input me!!age ha! t(o part!' < sdl:part name="s1" type="xsd:string" /> 2ach part i! o% element type < sdl:part name="s"" type="xsd:string" /> 5!+"!tring 6not element!7' &/wsdl:message+ &wsdl:message name)*concatResponse*+ The output me!!age ha! one part' < sdl:part name="ret4rn" type="xsd:string" /> It i! o% element type 5!+"!tring 6not &/wsdl:message+ element!7' &wsdl:port#$pe name)*!imple!ervice*+ &wsdl:operation name)*concat*+ &wsdl:input message)*tns:concatRe-uest* /+ &wsdl:output message)*tns:concatResponse* /+ &/wsdl:operation+ APC !tyle &/wsdl:port#$pe+ &wsdl:,inding name)*!imple!ervice!%7P* t$pe)*tns:!imple!ervice*+ &soap:,inding st$le)*rpc* transport)*http://schemas.(* /+ &wsdl:operation name)*concat*+ T(o me!!age part! are li!te+' &soap:operation soap7ction)** /+ -o, they (ill e inclu+e+ into the MBo+yN 6 ut not +irectly7' #! it i! &wsdl:input+ a APC !tyle !ervice, the caller &soap:,od$ parts)*s1 s"* use)*literal* /+ mu!t create an element (ith the &/wsdl:input+ L*ame o% the operation an+ then &wsdl:output+ &soap:,od$ parts)*ret4rn* use)*literal* /+ a++ each me!!age part li!te+ here a! a chil+ element' -o it &/wsdl:output+ !houl+ !till have a !ingle element &/wsdl:operation+ in the MBo+yN" &/wsdl:,inding+ ... &/wsdl:de'initions+ &soap/env:.nvelope (mlns:soap/env)*http://schemas.(*+ &soap/env:;eader+ ... &/soap/env:;eader+ &soap/env:<od$+ &'oo:concat ...+ &s1+...&/s1+ &s2+...&/s2+ &/'oo:concat+ &/soap/env:<od$+ &/soap/env:.nvelope+

*o !chema to vali+ate it

#! APC !tyle i! not goo+ %or interopera ility, you$ll continue to u!e the +ocument !tyle ver!ion'

Creating the

(&L file visually

It may e error prone to manually create !uch a 4-D9 %ile' In!tea+, you may

Chapter 2 Implementing a (e !ervice


u!e the 2clip!e to +o it' Dir!t, create a ne( Bava pro?ect name+ -imple-ervice in 2clip!e"

3ake !ure you u!e !eparate %ol+er! %or !ource! an+ cla!! %ile!' Then go ahea+ an+ complete the creation o% the pro?ect' *e5t, right click the pro?ect an+ choo!e J*e( R 8therJ an+ then J4e -ervice! R 4-D9J"

I% you +on$t !ee thi! option, it mean! that you haven$t in!talle+ the Bava 22 ver!ion o% 2clip!e' I% it i! (orking, click J*e5tJ an+ enter -imple-ervice'(!+l a! the %ilename"


Chapter 2 Implementing a (e !ervice

Click J*e5tJ' Then input a! !ho(n elo("

Target name!pace %or the 4-D9 %ile

C!e the -8#P %ormat Aemem er, you$re u!ing the +ocument !tyle 6the only input me!!age part i! the (hole me!!age7 an+ literal u!e %or that part'

Click JDini!hJ' Then you (ill !ee !omething like"

Chapter 2 Implementing a (e !ervice


Thi! i! the 4-D9 co+e' To e+it it vi!ually, click the JDe!ignJ ta at the ottom o% the e+itor (in+o(' Then you$ll !ee"
The !ervice # in+ing 6-8#P an+ @TTP7 Port type

# port' # !ervice may contain one or more port!'

2n+point o% the port

#n operation' # port type may contain one or more operation!'

Part name

:39 element name or element type %or that part

Dou le











Chapter 2 Implementing a (e !ervice


Dou le click on the name o% operation an+ change it to JconcatJ"

-et the name o% the operation' The :39 element name! %or the input an+ output part! (ill e change+ automatically"

Dor the moment, the input part i! an MconcatN element' >ou$+ like to change it to MconcatAeEue!tN' But %or no(, put the cur!or on the arro( to it! right %ir!t' The arro( (ill turn into lue color' 4ait a couple o% !econ+! then a previe( (in+o( (ill appear !ho(ing the +e%inition o% the MconcatN element"

Clicking any(here el!e (ill make that previe( (in+o( +i!appear' To e+it the !chema +e%inition, click on the lue arro(' # ne( e+itor (in+o( (ill appear"

Chapter 2 Implementing a (e !ervice


To e+it it vi!ually, click the JDe!ignJ ta at the ottom, you$ll !ee"

The MconcatN element elong! to thi! type

Thi! 6concatType7 re%er! to thi! anonymou! comple5 type

JeJ mean! an element Thi! !ym ol mean! that it i! a M!eEuenceN' In thi! ca!e there i! only one chil+ element MinN (hich i! a !tring" &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*in* t$pe)*(sd:string*/+ &/(sd:se-uence+ &/(sd:comple(#$pe+

Dou le click on JinJ an+ change it to J!1J"

Aight click it an+ choo!e J#++ 2lementJ an+ !et the name to J!2J"

By +e%ault the type i! alrea+y !et to !tring' I% you (ante+ it to e !ay an int in!tea+, you (oul+ +ou le click on the type an+ it (oul+ ecome a com o o5


Chapter 2 Implementing a (e !ervice

an+ then you coul+ choo!e JintJ"

I% you (ante+ !2 to appear e%ore !1 in the !eEuence, you coul+ +rag it an+ +rop it e%ore !1"

But %or no(, make !ure it i! !1 %ir!t an+ then !2' *e5t, right click on the MconcatN element an+ choo!e JAe%actor R AenameJ, then change it! name to concatAeEue!t"

>ou$re +one (ith the MconcatAeEue!tN element' *o( return to the 4-D9 e+itor to (ork on the re!pon!e me!!age' Dor the moment, the MconcatAe!pon!eN i! like"

Chapter 2 Implementing a (e !ervice


That i!, it i! an element that contain! a !eEuence o% MoutN element"

&'oo:concatResponse+ &'oo:out+a,c&/'oo:out+ &/'oo:concatResponse+

@o(ever, in your +e!ign, the re!pon!e i! !imple type element, not a comple5 type element"
It! o+y contain! a !tring in!tea+ o% other element! &'oo:concatResponse (mlns:'oo)**+a,c123&/'oo:concatResponse+

To +o that, go into the !chema e+itor to e+it the MconcatAe!pon!eN element"

Aight click it an+ choo!e J-et Type R Bro(!eJ"


Chapter 2 Implementing a (e !ervice

Choo!e J!tringJ"

>ou can al!o type J!J !o that only tho!e !tarting (ith J!J (ill e li!te+

Then it (ill e like"

That$! it' To revie( the (hole !chema, click on the icon at the upper le%t corner"

Chapter 2 Implementing a (e !ervice


Click it to !ee the (hole !chema

Then you$ll !ee"

Thi! look! %ine' *o(, !ave the %ile'

*alidating the

(&L file

The ne5t !tep i! to vali+ate the 4-D9 %ile to make !ure it con%orm! to the variou! (e !ervice! !tan+ar+!' To +o that, right click the -imple-ervice'(!+l %ile in 2clip!e an+ choo!e JFali+ateJ' I% there (ere anything (rong, they (oul+ e reporte+ in the Pro lem! (in+o(' Dor e5ample, here I ha+ intro+uce+ an error into the %ile"


Chapter 2 Implementing a (e !ervice

Try to inclu+e an unkno(n part into the -8#P o+y

+enerating a service stub

*e5t, in or+er to implement the (e !ervice, you (ill generate a J!ervice !tu J 6!ee the +iagram elo(7' 4hen a reEue!t me!!age come! in, the !ervice !tu (ill convert the MconcatAeEue!tN :39 element into a ConcatAeEue!t Bava o ?ect' Then it (ill pa!! it to the concat67 metho+ in a !ervice !keleton to e !upplie+ y you' >our concat67 metho+ (ill create an+ return a ConcatAe!pon!e Bava o ?ect' The !ervice !tu (ill convert it into a MconcatAe!pon!eN :39 element an+ return it to the client"

Chapter 2 Implementing a (e !ervice


&'oo:concatRe-uest+ &s1+a,c&/s1+ &s2+123&/s2+ &/'oo:concatRe-uest+

1" # reEue!t come! in -ervice !tu 5" Convert the ConcatAe!pon!e Bava o ?ect into a re!pon!e me!!age
&'oo:concatResponse+ a,c123 &/'oo:concatResponse+

2" Convert the reEue!t me!!age into a ConcatAeEue!t Bava o ?ect ConcatAeEue!t
s1: a,c s2: 123

0" Call concat67 an+ pa!! that ConcatAeEue!t o ?ect to it

-ervice !keleton ConcatAe!pon!e

,od$: a,c123 DoncatResponse concat1...4 E ... F

<" Create an+ return a ConcatAe!pon!e o ?ect

To implement thi! i+ea, in 2clip!e choo!e JDile R *e( R 8therJ an+ choo!e J#5i!2 Co+e GeneratorJ 6!ee elo(7' The +e%ault i! to generate Bava co+e %rom 4-D9' Thi! i! (hat you (ant"

Click J*e5tJ 6!ee elo(7' Click JBro(!eJ to locate your -imple-ervice'(!+l %ile"


Chapter 2 Implementing a (e !ervice

Click J*e5tJ 6!ee elo(7' -et the option! a! !ho(n elo("

Chapter 2 Implementing a (e !ervice


-et to Jcu!tomJ in or+er to ena le the option! elo('

Generate !erver !i+e co+e 6the co+e implementing the !ervice7

*ote that y +e%ault ho( the name!pace! (ill e mappe+ to Bava package!' Dor e5ample, your -imple-ervice port type in http"))tt+ev'com)!! name!pace (ill e mappe+ to a -imple-ervice Bava inter%ace in the com'tt+ev'!! Bava package" Aever!e it !o that it goe! %rom roa+ 6com7 to narro( 6tt+ev7 Change !la!h 6)7 to +ot 6'7

8% cour!e thi! i! ?u!t the +e%ault' >ou can change the Bava package name! in


Chapter 2 Implementing a (e !ervice

the +ialog o5 a ove' But %or our purpo!e the +e%ault mapping i! ?u!t %ine' -o, click J*e5tJ 6!ee elo(7 an+ enter the in%ormation a! !ho(n elo("

-tore the output into an e5i!ting 2clip!e pro?ect

Click it to choo!e your -imple-ervice pro?ect Copy the #5i!2 ?ar %ile! into the Jli J %ol+er in your -imple-ervice pro?ect Tell it (here i! your #5i!2 in!tallation

Click JDini!hJ' Aight click your pro?ect an+ choo!e JAe%re!hJ' Then you$ll !ee !ome %ile! have een generate+"

Chapter 2 Implementing a (e !ervice


-ome Bava !ource %ile!

The #5i!2 ?ar %ile!

Thi! %ile +e!cri e! your (e !ervice to the #5i!2 !erver' It (ill e %urther e5amine+ later'

Thi! %ile (ill e e5amine+ later

# copy o% your 4-D9 ha! een put into the Jre!ource!J %ol+er

The Bava !ource %ile! are in error! ecau!e they are re%erring to the #5i!2 ?ar %ile! ut they are not on the uil+ path' -o, go to the uil+ path +ialog an+ click J#++ B#A!J"

Choo!e all the ?ar %ile! in the Jli J %ol+er in your pro?ect"


Chapter 2 Implementing a (e !ervice

Then the error! (ill +i!appear'

$mplementing the web service

To implement the (e !ervice, mo+i%y the -imple-ervice-keleton'?ava (hich i! the !ervice !keleton"
&'oo:concatRe-uest+ &s1+a,c&/s1+ &s2+123&/s2+ &/'oo:concatRe-uest+ Aea+ the o+y o% M!1N Thi! o ?ect corre!pon+! to the reEue!t

pu,lic class !imple!ervice!9eleton implements !imple!ervice!9eleton"nter'ace E pu,lic concat1 concatRe-uest04 E 'tring res4lt = concatRe34est#.get'189:concatRe34est#.get'"89; <oncatResponse response = ne <oncatResponse89; response.set<oncatResponse8res4lt9; ret4rn response; Thi! o ?ect corre!pon+! to F the re!pon!e F -et it! o+y &'oo:concatResponse+ a,c123 &/'oo:concatResponse+

4here +o the ConcatAeEue!t cla!! an+ ConcatAe!pon!e cla!! come %rom; They (ere generate+ y the #5i!2 Co+e Generator 4iHar+"

Chapter 2 Implementing a (e !ervice


&eploying a web service

To +eploy the (e !ervice (ith the #5i!2 !erver, copy the %ile! a! !ho(n elo("
c: wor9space !imple!ervice resources services.(ml !imple!ervice.wsdl ,in com ttdev ss ... ... Copy the cla!! %ile! Copy the con%iguration %ile! com ttdev ss ... ... c: a(is repositor$ services !imple!ervice .#7/"N8 services.(ml !imple!ervice.wsdl 2ach %ol+er repre!ent! a (e !ervice

*o(, !tart the #5i!2 !erver y running c"Qa5i!Q inQa5i!2!erver' at' >ou !houl+ !ee that it i! picking up your -imple-ervice"


Chapter 2 Implementing a (e !ervice

Go to http"))localho!t"8080 an+ you !houl+ !ee your -imple-ervice li!te+"

To !ee it! 4-D9 %ile, ?u!t click the J-imple-erviceJ link"

Chapter 2 Implementing a (e !ervice


Creating a client using a client stub

To call thi! (e !ervice, you can u!e the #5i!2 Co+e Generator 4iHar+ to generate a Jclient !tu J' 4hen you call a metho+ on it 6!ee the +iagram elo(7, it (ill convert your Bava +ata)o ?ect! into the right %ormat 6:397, create a reEue!t me!!age in the right %ormat 6-8#P7, !en+ it over the Internet to the right en+point u!ing the right tran!port protocol 6@TTP7 to invoke that operation, (ait %or the re!pon!e me!!age, convert the :39 ack into Bava +ata)o ?ect an+ then return it to you"
&'oo:concatRe-uest+ &s1+a&/s1+ &s2+,&/s2+ &/'oo:concatRe-uest+ 1" Call concat6ne( ConcatAeEue!t6JaJ, J J77 -tu >our co+e 5" Convert the returne+ :39 element into a ConcatAe!pon!e Bava o ?ect an+ return it to your co+e 2n+point" http"))''' Dormat" -8#P Protocol" @TTP 2" Create a -8#P me!!age y converting the ConcatAeEue!t o ?ect into a MconcatAeEue!tN element

0" -en+ the -8#P me!!age to the en+point 4e !ervice <" -en+ a re!pon!e me!!age ack to the !tu &'oo:concatResponse+ a, &/'oo:concatResponse+


Chapter 2 Implementing a (e !ervice

To implement thi! i+ea, run the #5i!2 Co+e Generator 4iHar+ a! e%ore until you !ee the %ollo( !creen' Then tell it to generate client !i+e co+e in!tea+ o% !erver !i+e co+e"

Then tell it to put the co+e into your -imple-ervice pro?ect' Thi! time, no nee+ to copy the #5i!2 ?ar %ile! again"

Click JDini!hJ an+ then re%re!h the pro?ect' >ou$ll !ee a couple o% ne( Bava

Chapter 2 Implementing a (e !ervice


!ource %ile!"

#mong them, -imple-ervice-tu '?ava i! the client !tu ' #! you$re !imulating !omeone el!e calling your (e !ervice, they !houl+ not e mi5e+ (ith the co+e implementing the (e !ervice' There%ore, move them into another package !uch a! com'tt+ev'!!'client' *e5t, create a -impleClient'?ava %ile in the com'tt+ev'!!'client package"
988K 8CTP There i! a ConcatAeEue!t cla!! +e%ine+ in!i+e the -imple-ervice-tu cla!!' There i! another one in the com'tt+ev'!! package %or the !ervice implementation' >ou mu!t u!e the %ormer a! you$re (riting a client' >ou !houl+ have no acce!! to the !erver !i+e co+e'


import >ava.rmi.RemoteException; import'imple'ervice't45.<oncatRe34est; import'imple'ervice't45.<oncatResponse;

p45lic class 'imple<lient ? p45lic static void main8'tring@A args9 thro s RemoteException ? 'imple'ervice't45 service = ne 'imple'ervice't4589; <oncatRe34est re34est = ne <oncatRe34est89; re34est.set'18"a5c"9; The !ame i! true %or re34est.set'"8"1"!"9; the ConcatAe!pon!e <oncatResponse response = service.concat8re34est9; cla!! 'ystem.o4t.println8response.get<oncatResponse899; B B Call the (e !ervice an+ get the re!pon!e

Aun it an+ it !houl+ (ork"


Chapter 2 Implementing a (e !ervice

Undeploying a web service

I% you$+ like to un+eploy a (e -imple-ervice %ol+er"
c: a(is repositor$ services !imple!ervice .#7/"N8 services.(ml !imple!ervice.wsdl com ttdev ss ... ... Delete thi! %ol+er

!ervice, all you nee+ to +o i! to +elete the

Thi! (ork! even (hen the #5i!2 !erver i! running' It (ill note the removal o% the %ol+er an+ un+eploy the !ervice"

Chapter 2 Implementing a (e !ervice


I% you put the %ol+er ack, it (ill e +eploye+ again"

Thi! i! calle+ Jhot +eploymentJ'

Tomcat ho!t! one or more (e application!' The #5i! !erver i! in!talle+ a! one


Chapter 2 Implementing a (e !ervice

o% the (e application!' It in turn ho!t! one or more (e !ervice!' 3o!t u!ually your input me!!age or output me!!age i! !ent in a -8#P me!!age' # -8#P me!!age i! al(ay! an M2nvelopeN element' It may contain a M@ea+erN (hich contain! one or more hea+er entrie!)element!' The M2nvelopeN mu!t contain a MBo+yN (hich may contain one or more o+y entrie!)element!' Dor a +ocument !tyle (e !ervice, the one an+ only input me!!age part i! u!ually the !ingle o+y entry' Dor a APC !tyle (e !ervice, the element name+ a%ter the operation (ill u!ually contain all me!!age part! an+ i! then inclu+e+ a! the !ingle o+y entry' To create a (e !ervice, you %ir!t create a 4-D9 %ile +e!cri ing it! inter%ace' Thi! can e +one manually or u!ing a tool like 2clip!e' Then u!e the #5i! Co+e Generator 4iHar+ on the 4-D9 %ile to generate a !ervice !tu ' Then %ill in the co+e in the !ervice !keleton' The !ervice !tu (ill convert the :39 element! in a reEue!t me!!age into Bava +ata)o ?ect!, call your !keleton an+ convert the Bava o ?ect! returne+ into :39 element! an+ put them into the re!pon!e me!!age' To +eploy a (e !ervice, copy the cla!! %ile! an+ the !ervice!'5ml %ile to the #5i!2 !erver accor+ing to a !peci%ic %ol+er !tructure' To un+eploy a (e !ervice, ?u!t +elete that %ol+er' The #5i!2 !erver !upport! hot +eployment' It mean! you can +eploy or un+eploy a !ervice (hile it i! running' The en+point o% the +eploye+ (e 8080)a5i!2)!ervice!)Mname-o%-your-!erviceN' !ervice i! http"))localho!t"

To call a (e !ervice, run the #5i! Co+e Generator 4iHar+ on the 4-D9 %ile to generate a client !tu ' Then, in your co+e create an in!tance o% the client !tu an+ call it! metho+! a! i% it (ere the (e !ervice' The client !tu (ill convert the Bava +ata)o ?ect! into :39 element!, create the reEue!t me!!age in the right %ormat, !en+ it to the right en+point u!ing the right tran!port protocol an+ convert the :39 element! in the re!pon!e me!!age ack into Bava +ata)o ?ect!'


Chapter 3
Chapter 3

ptimi!ing the development environment


Chapter 0 8ptimiHing the +evelopment environment

hat!s in this chapter"

In thi! chapter you$ll learn ho( to optimiHe the +evelopment environment'

#lacing the class files into Axis directly

#t the moment, (henever you make change! to !ay your (e !ervice Bava co+e 6-imple-ervice-keleton'?ava7, you (ill have to copy the cla!! %ile into the #5i! !erver again' Thi! i! trou le!ome' To !olve thi! pro lem, you can tell 2clip!e to put the cla!! %ile! +irectly into the #5i! repo!itory"
c: a(is repositor$ services !imple!ervice .#7/"N8 services.(ml !imple!ervice.wsdl com ttdev ss ... ... Thi! (ay the cla!! %ile! (ill e put here C!e it a! the output %ol+er in 2clip!e

@o(ever, there i! a pro lem" 2clip!e can only u!e a %ol+er in!i+e the pro?ect a! the output %ol+er' To allo( you to (ork aroun+ thi! re!triction, %ortunately 2clip!e allo(! you to link !uch a %ol+er to an out!i+e %ol+er"
!impleProGect out c: a(is repositor$ services !imple!ervice 9ink it to the out!i+e

To implement thi! i+ea, right click the pro?ect an+ choo!e J*e( R Dol+erJ' 2nter the in%ormation a! !ho(n elo("

Chapter 0 8ptimiHing the +evelopment environment


Click it in or+er to !ee the option! elo(

To !et the output %ol+er, right click the pro?ect in 2clip!e an+ choo!e JPropertie!J, then choo!e JBava Buil+ PathJ an+ choo!e the J-ourceJ ta "

Click JBro(!eJ an+ choo!e the JoutJ %ol+er' Then con%irm to +elete the e5i!ting J inJ %ol+er a! it i! no longer u!e+'


Chapter 0 8ptimiHing the +evelopment environment

*o( the cla!! %ile! are in the right place' The ne5t !tep i! to make the 32T#I*D %ol+er appear in the !ervice %ol+er' To +o that, you nee+ to have !uch a %ol+er in the J!rcJ %ol+er"
!impleProGect src .#7/"N8 services.(ml !imple!ervice.wsdl Compile)copy c: a(is repositor$ services !imple!ervice .#7/"N8 services.(ml !imple!ervice.wsdl

There%ore, rename your Jre!ource!J %ol+er a! 32T#-I*D an+ move it into J!rcJ' To veri%y that thi! !etup i! (orking, mo+i%y the co+e to turn the re!ult !tring into upper ca!e"
pu,lic class !imple!ervice!9eleton implements !imple!ervice!9eleton"nter'ace E pu,lic concat1 concatRe-uest04 E !tring result ) concatRe-uest0.get!114HconcatRe-uest0.get!214I DoncatResponse response ) new DoncatResponse14I<ase894I return responseI F F

*o( !tart the #5i!2 !erver' Aun the client an+ the output !houl+ e in upper ca!e"

,aking changes take effect immediately

9et$! re!tore the co+e no("
pu,lic class !imple!ervice!9eleton implements !imple!ervice!9eleton"nter'ace E pu,lic concat1 concatRe-uest04 E !tring result ) concatRe-uest0.get!114HconcatRe-uest0.get!214I DoncatResponse response ) new DoncatResponse14I response.setDoncatResponse1result.to0pperDase144I return responseI F F

4ill it take e%%ect (hile the #5i! !erver i! running; *o' It (ill !till output #BC120' Thi! i! ecau!e y +e%ault once the #5i! !erver loa+! a (e !ervice, it (ill not monitor change! to it! %ile any more' To change thi! ehavior, mo+i%y c"Qa5i!Qcon%Qa5i!2'5ml"

Chapter 0 8ptimiHing the +evelopment environment


&a(iscon'ig name)*7(isJava2.0*+ &parameter name)*hotdeplo$ment*+true&/parameter+ &parameter name)*hotupdate*+'alse tr4e&/parameter+ &parameter name)*ena,le #% *+'alse&/parameter+ &parameter name)*ena,le!w7*+'alse&/parameter+ ... &/a(iscon'ig+ 2na le hot up+ate

>ou may have notice+ that there i! al!o a hot +eployment option in a++ition to the hot up+ate option' 4hat$! the +i%%erence; It i! e5plaine+ in the +iagram"
@ot +eployment" 3onitor change! in thi! %ol+er' I% there i! a ne( !u -%ol+er, +eploy it a! a !ervice' a(is repositor$ services !imple!ervice 8oo!ervice @ot up+ate" 3onitor change! in each %ol+er' I% any %ile in a %ol+er i! mo+i%ie+, re+eploy that !ervice'


#5i! !erver

>ou nee+ to re!tart the #5i! !erver !o that thi! hot up+ate option take! e%%ect' Then mo+i%y the Bava co+e"
pu,lic class !imple!ervice!9eleton implements !imple!ervice!9eleton"nter'ace E pu,lic concat1 concatRe-uest04 E !tring result ) concatRe-uest0.get!114HconcatRe-uest0.get!214I DoncatResponse response ) new DoncatResponse14I response.setDoncatResponse1"hello: ":result4I return responseI F F

-ave the co+e' Then you !houl+ !ee that the #5i! !erver re+eploying your !ervice"


Chapter 0 8ptimiHing the +evelopment environment

Aun the client an+ it !houl+ (ork"

*ote that the #5i! !erver look! %or change! every 10 !econ+!' -o it may take !ome time e%ore the (e !ervice i! re+eploye+'

&ebugging a web service

To +e ug your (e !ervice in 2clip!e, you nee+ to !et an environment varia le e%ore launching the #5i! !erver 6!hut it +o(n %ir!t i% it$! running7"
Type it all on one line D:Ka(isK,in+set J7L7M%P#!)/Xde,ug /XrunGdwp:transport)dtMsoc9et3add ress)A0003server)$3suspend)n D:Ka(isK,in+a(is2server.,at 9aunch it a! u!ual

Thi! (ay the #5i! !erver (ill run the BF3 in +e ug mo+e !o that the BF3 (ill li!ten %or connection! on port 8000' 9ater you$ll tell 2clip!e to connect to thi! port' *o(, !et a reakpoint here"

Chapter 0 8ptimiHing the +evelopment environment


Choo!e J8pen De ug DialogJ"

The %ollo(ing (in+o( (ill appear"

Aight click JAemote Bava #pplicationJ an+ choo!e J*e(J' *ame thi! con%iguration JDe ug #5i!J 6it +oe!n$t really matter7' 3ake !ure your -imple-ervice pro?ect i! !electe+ an+ make !ure the port i! 8000"


Chapter 0 8ptimiHing the +evelopment environment

Click JDe ugJ to connect to the BF3 running the #5i! !erver' *o( run the client to call the (e !ervice' 2clip!e (ill !top at the reakpoint"

Then you can !tep through the program, check the varia le! an+ (hatever' To !top the +e ug !e!!ion, choo!e the -imple-ervice in the De ug (in+o( an+ click the -top icon"

Chapter 0 8ptimiHing the +evelopment environment


Click here to +i!connect

@aving to !et thi! environment varia le every time i! not %un' -o, you may create a atch %ile c"Qa5i!Q inQ+e ug' at"
+e ug' at set J7L7M%P#!)/Xde,ug /XrunGdwp:transport)dtMsoc9et3address)A0003server)$3suspend)n a(is2server.,at

Then in the %uture you can ?u!t run it to !tart the #5i! !erver in +e ug mo+e'

+enerating code automatically

Dor the moment you$re u!ing the Co+e Generator 4iHar+ to generate the co+e %rom the 4-D9 %ile' I% you mo+i%y the 4-D9 %ile, you$ll have to +o it once again' Thi! i! trou le!ome' >ou nee+ an automate+ proce!! to generate the co+e' To +o that, you$ll e+it the uil+'5ml %ile that (a! generate+ y the Co+e Generator 4iHar+' But %ir!t, you nee+ to un+er!tan+ the !tructure o% the uil+'5ml 6!ee elo(7' # uil+'5ml %ile contain! a pro?ect, (hich i! like a cla!! in a Bava %ile' # pro?ect contain! one or more target!' # target i! like a metho+ in a Bava cla!!' # target contain! one or more ta!k!' # ta!k i! like a !tatement in a Bava metho+"
uil+'5ml proGect target tas9 tas9 tas9 target tas9 tas9 tas9 Bava %ile class method 1 statement statement statement method 2 statement statement statement

1 1.1 1.2 1.3 2 2.1 2.2 2.3

1.1 1.2 1.3 2.1 2.2 2.3

*o(, let$! e+it the uil+'5ml %ile"


Chapter 0 8ptimiHing the +evelopment environment

@ere i! a target name+ Jgenerate-!erviceJ' 9ater you can !ay, %or e5ample, Jlet$! run the generate-!erviceJ target' Thi! target contain! only one ta!k here 6M(!+l2co+eN7' Thi! ta!k (ill generate Bava &N(ml version)*1.0* encoding)*0#8/A*N+ co+e %rom a 4-D9 %ile' &proGect ...+ ... <target name="generate(service"> < sdl"code The path to the 4-D9 %ile' @ere you are sdl2ilename="'imple'ervice. sdl" u!ing a relative path' It i! relative to the serverside="tr4e" uil+'5ml %ile 6pro?ect root7' generateservicexml="tr4e" Generate co+e %or the !ervice' 8ther(i!e s=ip54ildxml="tr4e" it (ill generate co+e %or the client' serversideinter2ace="tr4e" namespacetopac=ages="" targetso4rce2olderlocation="src" Generate the !ervice!'5ml %ile targetreso4rces2olderlocation="src/%E/7()N0"/> </target> &/proGect+ Don$t generate the uil+'5ml' 8ther(i!e it 3ap the http"))tt+ev'com)!! name!pace to (ill over(rite thi! %ileP the com'tt+ev'!! package' Thi! i! not really nee+e+ here a! it i! the +e%ault' It i! here Generate an inter%ace in a++ition to the ?u!t to !ho( you the !ynta5' !keleton" The pro?ect Put the Bava %ile! into the J!rcJ %ol+er (hich i! a relative path to the pro?ect root' pu,lic inter'ace !imple!ervice!9eleton"nter'ace E pu,lic DoncatResponse concat1...4I F

Put the Jre!ource! %ile!J 6e'g', pu,lic class !imple!ervice!9eleton !ervice!'5ml7 into the J!rc)32T#-I*DJ implements !imple!ervice!9eleton"nter'ace E %ol+er (hich i! a relative path to the pu,lic DoncatResponse concat1...4 E pro?ect root' ... F F

*e5t, you are a out to run thi! uil+'5ml %ile u!ing a program calle+ J#ntJ' @o(ever, the M(!+l2co+eN ta!k i! not a uilt-in ta!k in #nt an+ there%ore #nt +oe!n$t kno( ho( to e5ecute it' It i! implemente+ y a Bava cla!! name+ #ntCo+egenTa!k in c"Qa5i!Qli Qa5i!2-ant-plugin-1'0'?ar' To tell #nt ho( the M(!+l2co+eN ta!k i! implemente+, mo+i%y uil+'5ml"

Chapter 0 8ptimiHing the +evelopment environment


&proGect ...+ ... &propert$ name)*a(is2.home* value)*OEenv.7X"!2M;% .F*/+ ... &path id)*a(is2.class.path*+ ... Path! to the #5i! ?ar %ile! &'ileset dir)*OEa(is2.homeF*+ have een +e%ine+ &include name)*li,/P.Gar*/+ &/'ileset+ &/path+ De%ine a ta!k M(!+l2co+eN It i! implemente+ y thi! ... Bava cla!! <tas=de2 name=" sdl"code" classname="org.apache.axis".tool.ant.7nt<odegen/as=" classpathre2="axis".class.path" /> &target name)*generate/service*+ &wsdl2code wsdl'ilename)*!imple!ervice.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8*/+ &/target+ &/proGect+

Cltimately it +epen+! on an environment varia le #:I-2S@832 pointing to the home o% #5i!

To +e%ine an environment varia le #:I-2S@832, you can either +o it in 4in+o(! or in 2clip!e' 9et$! +o it in 2clip!e' Choo!e J4in+o( R Pre%erence! R #nt R AuntimeJ, choo!e the JPropertie!J ta "

Click J#++ PropertyJ an+ enter the +ata a! !ho(n elo("


Chapter 0 8ptimiHing the +evelopment environment

*o( you$re a out to run #nt' To veri%y that it i! really (orking, rename your -imple-ervice-keleton'?ava %ile a! -imple-erviceImpl %ile' Then +elete all the other Bava %ile! in the package' Delete the %ile! in the 32T#-I*D %ol+er too' BCG #92AT" In #5i!2 1'0 there i! a ug in the Co+e Generator 4iHar+' #%ter in!talling it, you$ll e una le to run #nt in 2clip!e' To (orkaroun+ the pro lem, in the #nt Auntime (in+o( a ove, choo!e the JCla!!pathJ ta an+ click J#nt @omeJ an+ ro(!e to choo!e the org'apache'ant %ol+er in c"Qeclip!eQplugin!"

To run #nt, right click the uil+'5ml %ile an+ then choo!e JAun #! R #nt Buil+'''J a! !ho(n elo("

Then choo!e the Jgenerate-!erviceJ target an+ click JAunJ"

Chapter 0 8ptimiHing the +evelopment environment


>ou !houl+ !ee that it i! (orking in the con!ole"

Then re%re!h the pro?ect an+ you$ll !ee that the Bava %ile! an+ the %ile! in 32T#I*D have een recreate+' *o(, i+eally i% your 4-D9 %ile i! mo+i%ie+, all you nee+ to +o i! to run the uil+'5ml %ile again' @o(ever, thi! i! not the +e%ault ehavior' By +e%ault, the M(!+l2co+eN ta!k (ill not over(rite any e5i!ting %ileP To tell it to +o !o, !et an option"
&proGect ...+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*!imple!ervice.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* over rite="tr4e"/+


Chapter 0 8ptimiHing the +evelopment environment

But thi! intro+uce! another pro lem" I% you %ill your co+e into -imple-ervice-keleton, (hen you run uil+'5ml, the %ile (ill e over(ritten an+ your co+e (ill e lo!tP The i+ea i! not to u!e -imple-ervice-keleton any more' In!tea+, create your o(n -imple-erviceImpl that implement! the !ame inter%ace"
-imple-ervice-keleton Inter%ace

&/target+ &/proGect+

-imple-ervice-keleton Don$t u!e thi! +ummy implementation' It (ill e over(ritten'

-imple-erviceImpl C!e your o(n implementation

In or+er to u!e your -imple-erviceImpl to implement the (e !ervice, you nee+ to kno( ho( the #5i! !erver kno(! (hich Bava cla!! implement! your (e !ervice' It look! up the cla!! name in the !ervice!'5ml %ile"
The #5i! !erver (ill look up the cla!! name an+ then &serviceQroup+ create in!tance! to !erve the &service name)*!imple!ervice*+ reEue!t!' &messageReceivers+ &messageReceiver mep)** class)*!imple!ervice essageReceiver"n%ut* /+ &/messageReceivers+ &parameter name)*!erviceDlass*'imple'ervice'=eleton&/parameter+ &parameter name)*use%riginalwsdl*+true&/parameter+ &parameter name)*modi'$0ser6!5LPort7ddress*+true&/parameter+ &operation name)*concat* mep)**+ &action apping+ -o, you nee+ to change it to -imple-erviceImpl' &/action apping+ &output7ction apping+!imple!ervice/concatResponse &/output7ction apping+ &/operation+ &/service+ &/serviceQroup+

>ou coul+ mo+i%y thi! !ervice!'5ml %ile every time it i! generate+, ut it i! too trou le!ome an+ ea!y to %orget' # much etter (ay i! to let #nt +o it %or you automatically"

Chapter 0 8ptimiHing the +evelopment environment


&proGect ...+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*!imple!ervice.wsdl* serverside)*true* Aeplace regular e5pre!!ion' That i!, generateservice(ml)*true* per%orm !earch an+ replace in a te5t s9ip,uild(ml)*true* %ile u!ing a regular e5pre!!ion' serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true*/+ <replaceregexp 2ile="src/%E/7()N0/services.xml" #++ a ta!k a%ter the match="'imple'ervice'=eleton" M(!+l2co+eN ta!k replace="'imple'ervice)mpl"/> &/target+ &/proGect+ -earch %or !tring! that match the regular -earch T replace in the e5pre!!ion J-imple-ervice-keletonJ !ervice!'5ml %ile Aeplace each match (ith the !tring J-imple-erviceImplJ

Aun it an+ re%re!h the pro?ect' Check the !ervice!'5ml %ile an+ it !houl+ e u!ing your -imple-erviceImpl"
&serviceQroup+ &service name)*!imple!ervice*+ &messageReceivers+ &messageReceiver mep)** class)*!imple!ervice essageReceiver"n%ut* /+ &/messageReceivers+ &parameter name)*!erviceDlass*'imple'ervice)mpl&/parameter+ &parameter name)*use%riginalwsdl*+true&/parameter+ &parameter name)*modi'$0ser6!5LPort7ddress*+true&/parameter+ &operation name)*concat* mep)**+ &action apping+ &/action apping+ &output7ction apping+!imple!ervice/concatResponse &/output7ction apping+ &/operation+ &/service+ &/serviceQroup+

+enerating client code automatically

To generate the client co+e, it i! very !imilar"


Chapter 0 8ptimiHing the +evelopment environment

&proGect ...+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*!imple!ervice.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true*/+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*!imple!ervice!9eleton* #++ another target' The main replace)*!imple!ervice"mpl*/+ +i%%erence i! that the !erver!i+e &/target+ option i! not !et 6the +e%ault i! <target name="generate(client"> %al!e7' < sdl"code 3ap to the client package sdl2ilename="'imple'ervice. sdl" s=ip54ildxml="tr4e" namespacetopac=ages="" targetso4rce2olderlocation="src" over rite="tr4e"/> </target> &/proGect+

Delete the %ile! in the client package e5cept -impleClient'?ava (hich (a! create+ y you' Aun uil+'5ml an+ choo!e the Jgenerate-clientJ target' Ae%re!h the pro?ect an+ you$ll !ee the Bava %ile! in the client package again' To make !ure everything i! (orking, !tart the #5i! !erver an+ run the client' It !houl+ continue to (ork'

>ou can !et the output %ol+er in 2clip!e !o that you +on$t nee+ to copy the %ile! into the !ervice %ol+er in #5i! manually' To make !ure the change! to your Bava co+e take e%%ect imme+iately, you can ena le hot up+ate in the #5i! !erver' To +e ug a (e !ervice, tell the #5i! !erver to run the BF3 in +e ug mo+e, !et a reakpoint in the Bava co+e an+ make a De ug con%iguration in 2clip!e to connect to that BF3' To automate the proce!! o% generating Bava co+e %rom a 4-D9 %ile, you can u!e the M(!+l2co+eN #nt ta!k' In general you$ll (ant it to over(rite e5i!ting %ile!' To prevent %rom over(riting your o(n co+e, you !houl+ never mo+i%y the co+e generate+' In!tea+, create your o(n !ervice implementation cla!! that implement! the !ervice inter%ace an+ mo+i%y !ervice!'5ml to tell the #5i! !erver to u!e that cla!!'


Chapter 4
Chapter "

#nderstanding the calling process


Chapter < Cn+er!tan+ing the calling proce!!

hat!s in this chapter"

In thi! chapter you$ll learn (hat i! happening internally (hen you call a (e !ervice'

Calling a web service without a client stub

-uppo!e that you$+ like to call a (e !ervice (ithout a client !tu ' To +o that, in the -imple-ervice pro?ect in 2clip!e, create a %ile 9o(9evelClient'?ava in a ne( com'tt+ev'!!'lo(level package"
import import import import import; org.apache.axis".7xis0a4lt; org.apache.axis".addressing.EndpointRe2erence; org.apache.axis".client.6ptions; org.apache.axis".client.'ervice<lient; Create a !ervice client o ?ect' >ou (ill u!e it to call the (e !ervice' -et the option!' @ere you only !et the en+point'

p45lic class &o &evel<lient ? p45lic static void main8'tring@A args9 thro s 7xis0a4lt ? 'ervice<lient client = ne 'ervice<lient89; 6ptions options = ne 6ptions89; options.set/o8ne EndpointRe2erence8 "http://localhost:1#1#/axis"/services/'imple'ervice"99; client.set6ptions8options9; 6%Element re34est = ma=eRe34est89; 6%Element response = client.sendReceive8re34est9; ''tring899; B Convert the re!pon!e -en+ the reEue!t an+ B to a !tring an+ print it get the re!pon!e out #n 832lement i! ?u!t >ou$ll (rite thi! metho+ an :39 element' 83 your!el% (hich (ill create mean! Jo ?ect mo+elJ' a MconcatAeEue!tN element'

De%ine the makeAeEue!t67 metho+"

Chapter < Cn+er!tan+ing the calling proce!!


import import import import

>avax.xml.namespace.CName;;; org.apache.axis".addressing.EndpointRe2erence;

Get the +e%ault 83Dactory' >ou$ll u!e it to create :39 element!'

p45lic class &o &evel<lient ? ... private static 6%Element ma=eRe34est89 ? 6%0actory 2actory = 6%75stract0actory.get6%0actory89; 6%Element re34est = 2actory.create6%Element8ne CName8 ""D "concatRe34est"99; 6%Element s1 = 2actory.create6%Element8ne CName8"s1"99; *ote that the M!1N s1.set/ext8"a5c"9; 6%Element s" = 2actory.create6%Element8ne CName8"s""99; element ha! no name!pace, ?u!t the s".set/ext8"de2"9; local name' re34est.add<hild8s19; Create the re34est.add<hild8s"9; Create M!1N MconcatAeEue!tN ret4rn re34est; element B #++ M!1N to B &'oo:concatRe-uest (mlns:'oo)**+ MconcatAeEue!tN &s1+a,c&/s1+ a! a chil+ &s2+de'&/s2+ &/'oo:concatRe-uest+

-et the o+y te5t to Ja cJ

*o( run it an+ it !houl+ (ork' Thi! lo( level #PI i! calle+ #:I83 6Axi!2 - ?ect ,o+el7' C!ually it i! %ar ea!ier to u!e the generate+ !tu ' @o(ever, i% you nee+ to +o !ome !pecial cu!tomiHation!, you may have to u!e #:I83'

(eeing the (-A# messages

*e5t, let$! !ee the actual -8#P me!!age!' To +o that, you$ll u!e a program calle+ JTCP 3onitorJ' It (ork! like thi! 6!ee the +iagram elo(7' >ou tell the client to treat the TCP 3onitor a! the +e!tination' Then (hen the client nee+! to !en+ the reEue!t me!!age, it (ill !en+ it to the TCP 3onitor' Then TCP 3onitor (ill print it to the con!ole an+ then %or(ar+ it to the real +e!tination 6the (e !ervice7' 4hen the (e !ervice return! a re!pon!e me!!age, it (ill return it to the TCP 3onitor' It (ill print it to the con!ole an+ then %or(ar+ it to the client"


Chapter < Cn+er!tan+ing the calling proce!!


4e !ervice

m2 =" Thi! i! the re!pon!e me!!age TCP 3onitor 1" Thi! i! the reEue!t me!!age m1 2" Print it to the con!ole m1

m2 <" Thi! i! the re!pon!e me!!age

5" Print it to the con!ole m2

0" Thi! i! the reEue!t me!!age m1


To implement thi! i+ea, go to http"))(!'apache'org)common!)tcpmon to +o(nloa+ the inary +i!tri ution o% TCP 3onitor' -uppo!e that it i! tcpmon-1'0in'Hip' CnHip it into !ay c"Qtcpmon' Then change into the c"QtcpmonQ uil+ %ol+er an+ run tcpmon' at"

*ote that +irectly running c"QtcpmonQ uil+Qtcpmon' at (ill *8T (orkK it reEuire! the current %ol+er to e c"QtcpmonQ uil+' *e5t, you$ll !ee a (in+o(' 2nter the +ata a! !ho(n elo("

Chapter < Cn+er!tan+ing the calling proce!!


2nter a port that i! currently unu!e+

Dor(ar+ (hatever it receive! to 12/'0'0'1 at port 8080 6i'e', the a5i! !erver7

Click J#++J' Thi! (ill open a ne( ta 6!ho(n elo(7' Then it (ill li!ten on port 120<' Check the J:39 DormatJ option' Thi! (ay it (ill %ormat the content o% the TCP connection 6an @TTP reEue!t containing a -8#P reEue!t, ut it +oe!n$t kno( that7 nicely a! :39"


Chapter < Cn+er!tan+ing the calling proce!!

Dor the client, you nee+ to tell it to u!e localho!t"120< a! the en+point' Dor e5ample, in 9o(9evelClient'?ava"
pu,lic class LowLevelDlient E pu,lic static void main1!tringRS args4 throws 7(is8ault E !erviceDlient client ) new !erviceDlient14I %ptions options ) new %ptions14I options.set#o1new .ndpointRe'erence1 *http://localhost:A0A01"!E/a(is2/services/!imple!ervice*44I client.set%ptions1options4I % .lement re-uest ) ma9eRe-uest14I % .lement response ) client.sendReceive1re-uest4I !$!tring144I F ... F

Aun it an+ you (ill !ee the me!!age! in TCP 3onitor"

Chapter < Cn+er!tan+ing the calling proce!!


AeEue!t me!!age

Ae!pon!e me!!age

-imilarly, %or the -impleClient that i! u!ing the generate+ client !tu , you can !peci%y the en+point a++re!! to overri+e the +e%ault"
pu,lic class !impleDlient E pu,lic static void main1!tringRS args4 throws Remote.(ception E !imple!ervice!tu, service ) new !imple!ervice!tu,1 "http://localhost:1"!E/axis"/services/'imple'ervice"4I DoncatRe-uest re-uest ) new DoncatRe-uest14I re-uest.set!11*a,c*4I re-uest.set!21*123*4I DoncatResponse response ) service.concat1re-uest4I !$stem.out.println1response.getDoncatResponse144I F F

To call a (e !ervice (ithout u!ing a generate+ !tu , you may u!e the #:I83 inter%ace' It i! a lo(er level inter%ace an+ thu! i! har+er to u!e, ut it provi+e! a


Chapter < Cn+er!tan+ing the calling proce!!

lot o% %le5i ility' To check the -8#P me!!age!, you can u!e the TCP 3onitor'


Chapter 5
Chapter $

Accepting m%ltiple parameters


Chapter 5 #ccepting multiple parameter!

hat!s in this chapter"

In thi! chapter you$ll learn ho( to accept multiple parameter! in your implementation cla!!'

Accepting multiple parameters

Con!i+er the -imple-erviceImpl cla!!"
pu,lic class !imple!ervice"mpl implements !imple!ervice!9eleton"nter'ace E pu,lic <oncatResponse concat1<oncatRe34est concatRe34est#4 E !tring result ) concatRe-uest0.get!114 H concatRe-uest0.get!214I DoncatResponse response ) new DoncatResponse14I response.setDoncatResponse1result4I return responseI F F

Becau!e it$! a +ocument !tyle (e !ervice, you can have a !ingle part in the input me!!age' There%ore, you have a !ingle parameter only' The !ame i! true %or the output me!!age' It (oul+ e nice i% you coul+ (rite"
pu,lic class !imple!ervice"mpl implements !imple!ervice!9eleton"nter'ace E pu,lic 'tring concat1'tring s1D 'tring s"4 E return s1Hs"I F F

(hile !till accepting a !ingle part 6MconcatAeEue!tN7 in the me!!age' To +o that, you ?u!t nee+ to make t(o change! to the 4-D9 %ile"

Chapter 5 #ccepting multiple parameter!


&N(ml version)*1.0* encoding)*0#8/A*N+ &wsdl:de'initions ...+ The element mu!t e a !eEuence, &wsdl:t$pes+ (hich i! in+ee+ the ca!e here' &(sd:schema ...+ &(sd:element name)*concatRe-uest concat*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*s1* t$pe)*(sd:string* /+ &(sd:element name)*s2* t$pe)*(sd:string* /+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ &(sd:element name)*concatResponse* t$pe)*(sd:string* /+ &/(sd:schema+ &/wsdl:t$pes+ &wsdl:message name)*concatRe-uest*+ &wsdl:part name)*parameters* element)*tns:concatRe-uest concat* /+ &/wsdl:message+ &wsdl:message name)*concatResponse*+ &wsdl:part name)*parameters* element)*tns:concatResponse* /+ &/wsdl:message+ &wsdl:port#$pe name)*!imple!ervice*+ &wsdl:operation name)*concat*+ &wsdl:input message)*tns:concatRe-uest* /+ 3ake !ure the element &wsdl:output message)*tns:concatResponse* /+ name o% that !ingle part in &/wsdl:operation+ the input me!!age i! the &/wsdl:port#$pe+ !ame a! that o% the ... operation' &/wsdl:de'initions+

-imilarly, %or the output me!!age, the element name mu!t e the name o% the operation (ith the (or+ JAe!pon!eJ appen+e+ an+ it mu!t e a !eEuence 6containing a !ingle chil+ element7"


Chapter 5 #ccepting multiple parameter!

&N(ml version)*1.0* encoding)*0#8/A*N+ &wsdl:de'initions ...+ &wsdl:t$pes+ &(sd:schema ...+ &(sd:element name)*concat*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*s1* t$pe)*(sd:string* /+ &(sd:element name)*s2* t$pe)*(sd:string* /+ It mu!t not e a !imple type &/(sd:se-uence+ !uch a! !tring' It mu!t e a &/(sd:comple(#$pe+ !eEuence' &/(sd:element+ <xsd:element name="concatResponse" t$pe)*(sd:string* > The !eEuence mu!t <xsd:complex/ype> contain a !ingle element' <xsd:se34ence> The element name 6MrN <xsd:element name="r" type="xsd:string" /> here7 i! unimportant' </xsd:se34ence> </xsd:complex/ype> The element name mu!t e </xsd:element> JconcatJ O JAe!pon!eJ, (hich &/(sd:schema+ happen! to e the ca!e &/wsdl:t$pes+ alrea+y' &wsdl:message name)*concatRe-uest*+ &wsdl:part name)*parameters* element)*tns:concat* /+ &/wsdl:message+ &wsdl:message name)*concatResponse*+ &wsdl:part name)*parameters* element)*tns:concatResponse* /+ &/wsdl:message+ &wsdl:port#$pe name)*!imple!ervice*+ &wsdl:operation name)*concat*+ &wsdl:input message)*tns:concatRe-uest* /+ &wsdl:output message)*tns:concatResponse* /+ &/wsdl:operation+ &/wsdl:port#$pe+ ... &/wsdl:de'initions+

To te!t it, copy the -imple-ervice pro?ect an+ pa!te it a! 4rappe+-ervice' Delete all the Bava %ile!' The JoutJ %ol+er i! !till linking to the ol+ location 6c"Qa5i!Qrepo!itoryQ!ervice!Q-imple-ervice7' -o go to the *avigator vie( in 2clip!e an+ open the 'pro?ect %ile"
Choo!e the *avigator vie(

2+it the 'pro?ect %ile

Then change the path to c"Qa5i!Qrepo!itoryQ!ervice!Q4rappe+-ervice"

Chapter 5 #ccepting multiple parameter!


-et the path

Aename -imple-ervice'(!+l to 4rappe+-ervice'(!+l an+ mo+i%y it"

&N(ml version)*1.0* encoding)*0#8/A*N+ &wsdl:de'initions (mlns:wsdl)*http://schemas.(* (mlns:soap)*http://schemas.(* (mlns:tns)** (mlns:(sd)* L!chema* name)*Frapped'ervice* targetNamespace)**+ &wsdl:t$pes+ &(sd:schema targetNamespace)** (mlns:(sd)* L!chema*+ &(sd:element name)*concat*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*s1* t$pe)*(sd:string* /+ &(sd:element name)*s2* t$pe)*(sd:string* /+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ <xsd:element name="concatResponse"> <xsd:complex/ype> <xsd:se34ence> <xsd:element name="r" type="xsd:string" /> </xsd:se34ence> </xsd:complex/ype> </xsd:element> &/(sd:schema+ &/wsdl:t$pes+ &wsdl:message name)*concatRe-uest*+ &wsdl:part name)*parameters* element)*tns:concat* /+ &/wsdl:message+ &wsdl:message name)*concatResponse*+ &wsdl:part name)*parameters* element)*tns:concatResponse* /+


Chapter 5 #ccepting multiple parameter!

3o+i%y uil+'5ml"

&/wsdl:message+ &wsdl:port#$pe name)*Frapped'ervice*+ &wsdl:operation name)*concat*+ &wsdl:input message)*tns:concatRe-uest* /+ &wsdl:output message)*tns:concatResponse* /+ &/wsdl:operation+ &/wsdl:port#$pe+ &wsdl:,inding name)*Frapped'ervice'67P* t$pe)*tns:Frapped'ervice*+ &soap:,inding st$le)*document* transport)*http://schemas.(* /+ &wsdl:operation name)*concat*+ &soap:operation soap7ction)** /+ &wsdl:input+ &soap:,od$ use)*literal* /+ &/wsdl:input+ &wsdl:output+ &soap:,od$ use)*literal* /+ &/wsdl:output+ &/wsdl:operation+ &/wsdl:,inding+ &wsdl:service name)*Frapped'ervice*+ &wsdl:port ,inding)*tns:Frapped'ervice'67P* name)*Frapped'ervice'67P*+ &soap:address location)*http://localhost:A0A0/a(is2/services/Frapped'ervice* /+ &/wsdl:port+ &/wsdl:service+ &/wsdl:de'initions+

There i! a property telling &N(ml version)*1.0* encoding)*0#8/A*N+ &proGect ,asedir)*.* de'ault)*Gar.server*+ the name o% the pro?ect ... &propert$ name)*name* value)*!imple!erviceFrapped'ervice* /+ ... &target name)*generate/service*+ Ae%er to the property &wsdl2code wsdl'ilename)*!imple!erviceG?nameB.wsdl* serverside)*true* generateservice(ml)*true* Put the co+e into another s9ip,uild(ml)*true* package serversideinter'ace)*true* namespacetopac9ages)* rap* targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true* /+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*!imple!erviceG?nameB!9eleton* Ae%er to the property replace)*!imple!erviceG?nameB"mpl* /+ &/target+ &target name)*generate/client*+ &wsdl2code wsdl'ilename)*!imple!erviceG?nameB.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)* rap.client* targetsource'olderlocation)*src* overwrite)*true* /+ &/target+ &/proGect+

*e5t i! an important !tep" >ou nee+ a !ervice !tu that per%orm! !ome !pecial proce!!ing 6!ee the +iagram elo(7' 4hen an incoming MconcatN element

Chapter 5 #ccepting multiple parameter!


arrive!, the !ervice !tu (ill e5tract the M!1N an+ M!2N element! %rom the MconcatN element an+ u!e them a! value! %or the t(o parameter! 6Jun(rappingJ7' 4hen the !ervice implementation return! a !tring, the !tu (ill u!e it a! the value %or the MrN element an+ put the MrN element into a MconcatAe!pon!eN element 6J(rappingJ7"
&concat+ &s1+a,c&/s1+ &s2+123&/s2+ &/concat+ 1" #n incoming MconcatN element arrive! 2" 25tract M!1N, %rom MconcatN u!e it a! parameter !1' Do the !ame thing %or M!2N' Thi! i! calle+ Jun(rappingJ'

-ervice !tu

!tring concat1!tring s13 !tring s24 E return *($C*I F

&concatResponse+ &r+a,c&/r+ &/concatResponse+

0" C!e the return value a! element MrN' Put MrN into MconcatAe!pon!eN' Thi! i! calle+ J(rappingJ'

*ote that thi! !ervice i! !till a 100U +ocument !tyle !ervice' The client! can !till call it the !ame (ay 6e5cept that MconcatAeEue!tN i! change+ to MconcatN7' The +i%%erence i! ho( the !ervice !tu call! your implementation an+ ho( it han+le! your return value' There i! no +i%%erence !een y the client' To generate !uch a !ervice !tu , a++ an option to the M(!+l2co+eN #nt ta!k"


Chapter 5 #ccepting multiple parameter!

&N(ml version)*1.0* encoding)*0#8/A*N+ &proGect ,asedir)*.* de'ault)*Gar.server*+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true* Generate a !ervice !tu that per%orm! 4n rap="tr4e" /+ (rapping an+ un(rapping &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* replace)*OEnameF"mpl* /+ &/target+ &target name)*generate/client*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)** targetsource'olderlocation)*src* overwrite)*true* 4n rap="tr4e" /+ &/target+ &/proGect+ Generate a client !tu that per%orm! (rapping an+ un(rapping

Aun uil+'5ml to generate the !ervice !tu an+ client !tu ' BCG #92AT" In #5i!2 1'0 there i! a ug preventing M(!+l2co+eN to over(rite the !ervice!'5ml %ile' -o, +elete it %ir!t e%ore running uil+'5ml' Ae%re!h the pro?ect' Check the 4rappe+-ervice-keleton'?ava"
pu,lic class 6rapped!ervice!9eleton implements 6rapped!ervice!9eleton"nter'ace E pu,lic 'tring concat1'tring s11D 'tring s""4 E ... F F p45lic class Frapped'ervice)mpl implements Frapped'ervice'=eleton)nter2ace ? p45lic 'tring concat8'tring s1D 'tring s"9 ? ret4rn s1 : s"; B B

To !ee it (orking, create a 4rappe+-erviceImpl cla!!"

-tart the #5i! !erver' Create a 4rappe+Client'?ava in the client package"

Chapter 5 #ccepting multiple parameter!


p45lic class Frapped<lient ? p45lic static void main8'tring@A args9 thro s RemoteException ? Frapped'ervice't45 rapped'ervice = ne Frapped'ervice't4589; 'tring res4lt = rapped'ervice.concat8"xy*"D "111"9; 'ystem.o4t.println8res4lt9; B B The client !tu (ill per%orm (rapping an+ un(rapping

Aun it an+ it !houl+ (ork'

The (rappe+ convention i! a goo+ i+ea' It i! the only kin+ o% (e !ervice !upporte+ y the '*2T %rame(ork' 8 viou!ly #5i! ha! al!o implemente+ thi! convention' The goo+ ne(! i!, %rom the vie(point o% the caller, it i! ?u!t a +ocumentOliteral !tyle !ervice' -o i% the caller +oe!n$t un+er!tan+ the (rappe+ convention, it can !till acce!! it a! a regular +ocument !tyle !ervice'

>ou can u!e the (rappe+ convention !upport in M(!+l2co+eN !o that your ack en+ Bava metho+ can have multiple parameter!' The client! un+er!tan+ing thi! convention can al!o call it u!ing multiple parameter!' Dor tho!e not un+er!tan+ing it, they can !till call it a! a regular +ocument !tyle !ervice' To en!ure interopera ility (ith '*2T, you !houl+ u!e thi! convention'


Chapter 6
Sending and receiving complex data str%ct%res
Chapter &


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

hat!s in this chapter"

In thi! chapter you$ll learn ho( to !en+ an+ receive comple5 +ata !tructure! to an+ %rom a (e !ervice'

#roduct query
-uppo!e that your company (oul+ like to u!e (e !ervice to let your cu!tomer! Euery the pro+uct availa ility an+ place or+er! (ith you' Dor thi! you nee+ to +i!cu!! (ith them to +eci+e on the inter%ace' It +oe!n$t make !en!e to !ay that J4hen +oing Euery, plea!e !en+ me an o ?ect o% !uch a Bava cla!!' In thi! cla!! there are thi! an+ that %iel+!'''J ecau!e perhap! the people involve+ aren$t programmer! or +on$t u!e Bava' In!tea+, :39 i! (hat i! +e!igne+ %or thi!' It i! plat%orm neutral an+ programming language neutral' -o, !uppo!e that you all agree on the %ollo(ing !chema"
C!e the :39 !chema name!pace a! the +e%ault name!pace' It +e%ine! element! !uch a! MelementN, Mcomple5TypeN nee+e+ %or you to +e%ine ne( element!' Put your element! an+ type! into thi! name!pace

# Mpro+uctLueryN contain! one <-xml version="1.#"-> or more MEueryItemN element!' <schema @ere i! an e5ample" xmlns="http:// . !.org/"##1/$%&'chema" targetNamespace=""> <element name="prod4ctC4ery"> De%ine an element Mpro+uctLueryN <complex/ype> <se34ence> <element name="34ery)tem" min6cc4rs="1" max6cc4rs="4n5o4nded"> <complex/ype> <attri54te name="prod4ct)d" type="string"/> <attri54te name="3ty" type="int"/> </complex/ype> </element> </se34ence> </complex/ype> # MEueryItemN mu!t </element> appear at lea!t once 617' </schema> The !tring type an+ int type are +e%ine+ in the There i! no upper limit o% :39 !chema' They are u!ually !ho(n a! it! occurrence' 5!+"!tring an+ 5!+"int, ut the :39 !chema name!pace here i! the +e%ault name!pace, !o no pre%i5 i! nee+e+' # Mpro+uctLueryN ha! t(o attri ute! name+ Jpro+uctI+J an+ JEtyJ re!pectively' &N(ml version)*1.0*N+ &'oo:productTuer$ (mlns:'oo)*http://'*+ &-uer$"tem product"d)*p01* -t$)*100*/+ &-uer$"tem product"d)*p02* -t$)*200*/+ &-uer$"tem product"d)*p03* -t$)*>00*/+ &/'oo:productTuer$+

That i!, (hen they nee+ to %in+ out the availa ility o% !ome pro+uct!, they (ill !en+ you a Mpro+uctLueryN element' Dor e5ample i% they$+ like to check i% you

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


have 100 piece! o% p01, 200 piece! o% p02 an+ 500 piece! o% p00, they may !en+ you a reEue!t like thi!"
&'oo:productTuer$ (mlns:'oo)*http://'*+ &-uer$"tem product"d)*p01* -t$)*100*/+ &-uer$"tem product"d)*p02* -t$)*200*/+ &-uer$"tem product"d)*p03* -t$)*>00*/+ &/'oo:productTuer$+ >our (e !ervice Client

@o( +oe! your (e !ervice reply; C!e an :39 element o% cour!e' -o, in the !chema you may have"
&N(ml version)*1.0*N+ &schema (mlns)* L!chema* targetNamespace)*http://'*+ &element name)*productTuer$*+ ... &/element+ Dor each MEueryItemN, i% the pro+uct i! <element name="prod4ctC4eryRes4lt"> availa le, create a Mre!ultItemN telling <complex/ype> the unit price' <se34ence> <element name="res4lt)tem" min6cc4rs="1" max6cc4rs="4n5o4nded"> <complex/ype> <attri54te name="prod4ct)d" type="string"/> <attri54te name="price" type="int"/> </complex/ype> </element> </se34ence> </complex/ype> </element> &/schema+

-o, %or the !ample Euery a ove, i% you have over 100 piece! o% p01 an+ 500 piece! o% p00 ut only 150 piece! o% p02, an+ you$re (illing to !ell p01 at 5 +ollar! each an+ p00 at 8 +ollar! each, you may reply"
&'oo:productTuer$Result (mlns:'oo)*http://'*+ &result"tem product"d)*p01* price)*>*/+ &result"tem product"d)*p03* price)*A*/+ &/'oo:productTuer$Result+ >our (e !ervice Client

To implement thi! i+ea, create a ne( pro?ect name+ BiH-ervice a! u!ual 6>ou may copy an ol+ one7' 3ake !ure the JoutJ %ol+er link! to c"Qa5i!Qrepo!itoryQ!ervice!QBiH-ervice' Delete the e5i!ting 4-D9 %ile an+ create a BiH-ervice'(!+l %ile 6u!e 2clip!e or manually7"
<-xml version="1.#" encoding="./0(1"-> < sdl:de2initions xmlns: sdl=" sdl/" xmlns:soap=" sdl/soap/" xmlns:tns="" xmlns:xsd="http:// . !.org/"##1/$%&'chema" name="Hi*'ervice"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

I% you e+it it vi!ually, here are the key !tep!" Dir!t, rename the operation to JEueryJ' The input element i! automatically rename+ to MEueryN' Dou le click on

targetNamespace=""> < sdl:types> <xsd:schema targetNamespace="" xmlns:xsd="http:// . !.org/"##1/$%&'chema"> <xsd:element name="prod4ctC4ery"> <xsd:complex/ype> <xsd:se34ence> <xsd:element name="34ery)tem" max6cc4rs="4n5o4nded" min6cc4rs="1"> <xsd:complex/ype> <xsd:attri54te name="prod4ct)d" type="xsd:string"> </xsd:attri54te> <xsd:attri54te name="3ty" type="xsd:int"> </xsd:attri54te> </xsd:complex/ype> </xsd:element> </xsd:se34ence> </xsd:complex/ype> </xsd:element> <xsd:element name="prod4ctC4eryRes4lt"> <xsd:complex/ype> <xsd:se34ence> <xsd:element name="res4lt)tem" max6cc4rs="4n5o4nded" min6cc4rs="1"> <xsd:complex/ype> <xsd:attri54te name="prod4ct)d" type="xsd:string"> </xsd:attri54te> <xsd:attri54te name="price" type="xsd:int"> </xsd:attri54te> </xsd:complex/ype> </xsd:element> </xsd:se34ence> </xsd:complex/ype> </xsd:element> </xsd:schema> </ sdl:types> < sdl:message name="34eryRe34est"> < sdl:part name="parameters" element="tns:prod4ctC4ery" /> </ sdl:message> < sdl:message name="34eryResponse"> < sdl:part name="parameters" element="tns:prod4ctC4eryRes4lt" /> </ sdl:message> < sdl:port/ype name="Hi*'ervice"> < sdl:operation name="34ery"> < sdl:inp4t message="tns:34eryRe34est" /> < sdl:o4tp4t message="tns:34eryResponse" /> </ sdl:operation> </ sdl:port/ype> < sdl:5inding name="Hi*'ervice'67P" type="tns:Hi*'ervice"> <soap:5inding style="doc4ment" transport="" /> < sdl:operation name="34ery"> <soap:operation soap7ction=" 6peration" /> < sdl:inp4t> <soap:5ody 4se="literal" /> </ sdl:inp4t> < sdl:o4tp4t> <soap:5ody 4se="literal" /> </ sdl:o4tp4t> </ sdl:operation> </ sdl:5inding> < sdl:service name="Hi*'ervice"> < sdl:port 5inding="tns:Hi*'ervice'67P" name="Hi*'ervice'67P"> <soap:address location="http://localhost:1#1#/axis"/services/Hi*'ervice" /> </ sdl:port> </ sdl:service> </ sdl:de2initions>

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


the arro( to right o% the MEueryN element in or+er to e+it it' Then right click on it an+ choo!e JAe%actor R AenameJ"

Aename it to Jpro+uctLueryJ"

Aename the JinJ element to JEueryItemJ"

Dor the moment it i! a !tring' Aight click on it an+ choo!e J-et Type R *e(J"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

Choo!e to create an anonymou! local comple5 type"

It (ill e like"

>ou nee+ to e+it it ne5t

*e5t, you$+ like to e+it the 6EueryItemType7' But clicking on it (ill *8T allo( you to e+it it' In!tea+, it (ill only let you choo!e another type %or MEueryItemN"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


Thi! i! ecau!e 2clip!e (ill not allo( you to +irectly e+it !omething too +eep' In!tea+, it reEuire! you to +rill +o(n y one level' -o, +ou le click on 6pro+uctLueryType7 V*ote" *8T 6EueryItemType7W to +rill +o(n' >ou$ll !ee that the 6EueryitemType7 i! availa le %or e+iting"

*o( it i! availa le %or e+iting

Aight click on 6EueryItemType7 an+ choo!e J#++ #ttri uteJ"

Aename the attri ute to Jpro+uctI+J' The type i! y +e%ault !tring (hich i! (hat you (ant"

-imilarly, a++ another attri ute JEtyJ an+ !et it! type to int"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

To tell that there can e 1 to many MEueryItemN element!, right click the MEueryItemN element an+ choo!e J-et 3ultiplicity R 1''XJ"

>ou$ll !ee"

*o(, it i! +one' To return to one level up, click the le%t arro( icon a! i% it (ere a ro(!er"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


Go ack one !creen a! i% you (ere in a ro(!er

-imilarly, create the Mpro+uctLueryAe!ultN element' #! u!ual, vali+ate it (hen you$re +one' *e5t, up+ate the uil+'5ml %ile"
&N(ml version)*1.0* encoding)*0#8/A*N+ &proGect ,asedir)*.* de'ault)*Gar.server*+ ... &propert$ name)*name* value)*6rappedHi*!ervice*/+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** namespacetopac=ages="*" targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true* unwrap)*true*/+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* replace)*OEnameF"mpl*/+ &/target+ &target name)*generate/client*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)** namespacetopac=ages="*.client" targetsource'olderlocation)*src* overwrite)*true* unwrap)*true*/+ &/target+ &/proGect+

Generate the !ervice !tu an+ client !tu ' BCG #92AT" In #5i!2 1'0 there i! a ug preventing M(!+l2co+eN to over(rite the !ervice!'5ml %ile' -o, +elete it %ir!t e%ore running uil+'5ml' Then create a BiH-erviceImpl cla!! in the com'tt+ev' iH package"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

9et 2clip!e a++ the unimplemente+ metho+!' p45lic class Hi*'ervice)mpl implements Hi*'ervice'=eleton)nter2ace ? p45lic Prod4ctC4eryRes4lt 34ery8Prod4ctC4ery prod4ctC4ery9 ? B B :39 element! are mappe+ to Bava cla!!e! &(sd:schema ...+ &(sd:element name)*productTuer$*+ ... &/(sd:element+ &(sd:element name)*productTuer$Result*+ ... &/(sd:element+ &/(sd:schema+

I% you in!pect the Pro+uctLuery cla!! an+ the Pro+uctLueryAe!ult cla!!, you$ll note the mapping i! like thi!"
2ach element in a !eEuence i! mappe+ to a %iel+ in the cla!! #n element that can occur multiple time! 6i'e', ma58ccur! N 17 i! mappe+ to a Bava array

class ProductTuer$ E Tuer$"temMt$pe0RS -uer$"temI F class Tuer$"temMt$pe0 E !tring product"dI int -t$I F class ProductTuer$Result E ProductTuer$"temMt$pe0RS result"temI F class Result"temMt$pe0 E !tring product"dI int priceI F

&(sd:element name)*productTuer$*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*-uer$"tem* ma(%ccurs)*un,ounded* min%ccurs)*1*+ ...attr product"d3 -t$... &/(sd:element+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ &(sd:element name)*productTuer$Result*+ ... &/(sd:element+

#ttri ute! are al!o mappe+ to %iel+!, ?u!t like element! in a !eEuence'

The type %or MEueryItemN i! mappe+ to a Bava cla!!' But (hy the cla!! i! not !imply name+ LueryItem; 4hy the Stype0 !u%%i5; Thi! i! ecau!e the element i! a local element an+ there%ore it i! po!!i le %or another top level element to contain another local MEueryItemN element a! !ho(n elo(' Then that coul+ e mappe+ to LueryItemStype1' &(sd:element name)*userTuer$*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*-uer$"tem*/+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+

Then %ill in the co+e to complete the implementation"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


pu,lic class <iC!ervice"mpl implements <iC!ervice!9eleton"nter'ace E pu,lic ProductTuer$Result -uer$1ProductTuer$ productTuer$4 E Prod4ctC4eryRes4lt res4lt = ne Prod4ctC4eryRes4lt89; C4ery)temItype#@A 34ery)tems = prod4ctC4ery.getC4ery)tem89; 2or 8int i = #; i < 34ery)tems.length; i::9 ? 9oop through each C4ery)temItype# 34ery)tem = 34ery)tems@iA; Euery item' #!!ume i2 834ery)tem.getCty89 <= "##9 ? Res4lt)temItype# res4lt)tem = ne Res4lt)temItype#89;it$! availa le i% Ety i! MY 200' res4lt)tem.setProd4ct)d834ery)tem.getProd4ct)d899; res4lt)tem.setPrice8"#9; res4lt.addRes4lt)tem8res4lt)tem9; B #!!ume the unit price i! B al(ay! 20 ret4rn res4lt; F F

Deploy it' Create a BiHClient'?ava in the com'tt+ev' iH'client package"

p45lic class Hi*<lient ? p45lic static void main8'tring@A args9 thro s RemoteException ? Hi*'ervice't45 5i*'ervice = ne Hi*'ervice't4589; Prod4ctC4ery 34ery = ne Prod4ctC4ery89; C4ery)temItype# 34ery)tem = ne C4ery)temItype#89; 34ery)tem.setProd4ct)d8"p#1"9; 34ery)tem.setCty81##9; 34ery.addC4ery)tem834ery)tem9; 34ery)tem = ne C4ery)temItype#89; 34ery)tem.setProd4ct)d8"p#""9; 34ery)tem.setCty8"##9; 34ery.addC4ery)tem834ery)tem9; 34ery)tem = ne C4ery)temItype#89; 34ery)tem.setProd4ct)d8"p#!"9; 34ery)tem.setCty8+##9; 34ery.addC4ery)tem834ery)tem9; Prod4ctC4eryRes4lt res4lt = 5i*'ervice.34ery834ery9; 2or 8Res4lt)temItype# res4lt)tem : res4lt.getRes4lt)tem899 ? 'ystem.o4t.println8res4lt)tem.getProd4ct)d89 : ": " : res4lt)tem.getPrice899; B B B

Aun the client an+ it !houl+ (ork"

Avoiding the type suffix


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

I% you +on$t like the type !u%%i5e! like Stype0, you can turn the type %or MEueryItemN into a top level type' To +o that, right click 6EueryItemType7 an+ choo!e JAe%actor R 3ake #nonymou! Type Glo alJ"

The 4-D9 co+e (ill ecome"

&(sd:schema ...+ &(sd:element name)*productTuer$*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*-uer$"tem* min%ccurs)*1* ma(%ccurs)*un,ounded* type="tns:34ery)tem<omplex/ype"+ &/(sd:element+ JtypeJ mean! that thi! element &/(sd:se-uence+ con%orm! to an e5i!ting type &/(sd:comple(#$pe+ &/(sd:element+ <xsd:complex/ype name="34ery)tem<omplex/ype"> <xsd:attri54te name="prod4ct)d" type="xsd:string"/> <xsd:attri54te name="3ty" type="xsd:int"/> </xsd:complex/ype> &/(sd:schema+

Aename the type %rom EueryItemComple5Type to EueryItemType"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


Generate the !ervice co+e an+ client co+e again' The LueryItemStype0 cla!! (ill e gone an+ you$ll have a LueryItemType cla!! in!tea+' >ou$ll nee+ to up+ate your co+e accor+ingly"
pu,lic class <iC!ervice"mpl implements <iC!ervice!9eleton"nter'ace E pu,lic ProductTuer$Result -uer$1ProductTuer$ productTuer$4 E ProductTuer$Result result ) new ProductTuer$Result14I Tuer$"temMt$pe0 C4ery)tem/ypeRS -uer$"tems ) productTuer$.getTuer$"tem14I 'or 1int i ) 0I i & -uer$"tems.lengthI iHH4 E Tuer$"temMt$pe0 C4ery)tem/ype -uer$"tem ) -uer$"temsRiSI i' 1-uer$"tem.getTt$14 &) 2004 E Result"temMt$pe0 result"tem ) new Result"temMt$pe014I result"tem.setProduct"d1-uer$"tem.getProduct"d144I result"tem.setPrice1204I result.addResult"tem1result"tem4I F F return resultI F F

3ake !imilar change! to the BiHClient cla!!' Aun it an+ it !houl+ continue to (ork'

(ending more data in a message

By the (ay, thi! Euery operation +emon!trate! a goo+ practice in (e !ervice!" >ou generally hope to !en+ more +ata in a me!!age' Dor e5ample, you may e !en+ing many Euery item! in a !ingle re!pon!e me!!age' Thi! i! more e%%icient than !en+ing a !ingle Euery item o ?ect in a me!!age' Thi! i! ecau!e there i! a certain overhea+ involve+ in !en+ing a me!!age, even i% it contain! no +ata"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

3e!!age 1

3e!!age 2

3e!!age 0

Luery item

# !ingle me!!age

Luery item

Luery item

%eturning faults
-uppo!e that a client i! calling your Euery operation ut a pro+uct i+ i! invali+ 6not ?u!t out o% !tock, ut a !olutely unkno(n7 or the Euantity i! Hero or negative' >ou may (ant to thro( an e5ception' To return an e5ception to the client, you !en+ a J%ault me!!ageJ, (hich i! very much like an output me!!age' To +o that, mo+i%y the 4-D9 %ile"

Luery item


Luery item

Luery item




Chapter = -en+ing an+ receiving comple5 +ata !tructure!


&N(ml version)*1.0* encoding)*0#8/A*N+ &wsdl:de'initions ...+ &wsdl:t$pes+ &(sd:schema ...+ &(sd:element name)*productTuer$*+ ... &/(sd:element+ &(sd:element name)*productTuer$Result*+ ... &/(sd:element+ &(sd:comple(#$pe name)*-uer$"tem#$pe*+ ... &/(sd:comple(#$pe+ <xsd:element name="invalidProd4ct)d" type="xsd:string" /> <xsd:element name="invalidCty" type="xsd:int "/> &/(sd:schema+ &/wsdl:t$pes+ The one an+ only &wsdl:message name)*-uer$Re-uest*+ part i! a (ell +e%ine+ &wsdl:part name)*parameters* element)*tns:productTuer$* /+ element in the &/wsdl:message+ !chema &wsdl:message name)*-uer$Response*+ &wsdl:part name)*parameters* element)*tns:productTuer$Result* /+ &/wsdl:message+ < sdl:message name="34ery)nvalidProd4ct)d"> < sdl:part name="parameters" element="tns:invalidProd4ct)d" /> </ sdl:message> < sdl:message name="34ery)nvalidCty"> < sdl:part name="parameters" element="tns:invalidCty" /> </ sdl:message> &wsdl:port#$pe name)*<iC!ervice*+ # %ault me!!age i! like an &wsdl:operation name)*-uer$*+ output me!!age, ut it &wsdl:input message)*tns:-uer$Re-uest* /+ in+icate! an error' &wsdl:output message)*tns:-uer$Response* /+ < sdl:2a4lt name="2#1" message="tns:34ery)nvalidProd4ct)d" /> < sdl:2a4lt name="2#"" message="tns:34ery)nvalidCty" /> &/wsdl:operation+ &/wsdl:port#$pe+ Cnlike an input or output me!!age (hich +oe!n$t nee+ ... &/wsdl:de'initions+ a name, a %ault nee+! a uniEue name ecau!e there can e multiple %ault me!!age! 6here you have 27' 9ater you$ll re%er to a %ault u!ing it! name'

@o( to inclu+e the %ault me!!age in a -8#P me!!age; It i! inclu+e+ in the -8#P o+y, ut not +irectly"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

&wsdl:de'initions ...+ ... &wsdl:port#$pe name)*<iC!ervice*+ &wsdl:operation name)*-uer$*+ &wsdl:input message)*tns:-uer$Re-uest* /+ &wsdl:output message)*tns:-uer$Response* /+ &wsdl:'ault name)*'01* message)*tns:-uer$"nvalidProduct"d* /+ &wsdl:'ault name)*'02* message)*tns:-uer$"nvalidTt$* /+ &/wsdl:operation+ &/wsdl:port#$pe+ &wsdl:,inding name)*<iC!ervice!%7P* t$pe)*tns:<iC!ervice*+ &soap:,inding st$le)*document* transport)*http://schemas.(* /+ &wsdl:operation name)*-uer$*+ &soap:operation soap7ction)*http://'* /+ &wsdl:input+ &soap:,od$ use)*literal* /+ @o( to !tore thi! %ault &/wsdl:input+ me!!age in a in+ing; &wsdl:output+ &soap:,od$ use)*literal* /+ &/wsdl:output+ < sdl:2a4lt name="2#1" > In -8#P, inclu+e the <soap:2a4lt name="2#1" 4se="literal"/> %ault me!!age into the </ sdl:2a4lt> -8#P MDaultN" < sdl:2a4lt name="2#"" > <soap:2a4lt name="2#"" 4se="literal"/> </ sdl:2a4lt> &/wsdl:operation+ The me!!age part i! &/wsdl:,inding+ alrea+y in :39 ... &/wsdl:de'initions+ &soap/env:.nvelope (mlns:soap/env)*http://http://schemas.(*+ &soap/env:;eader+ ... &/soap/env:;eader+ &soap/env:<od$+ &soap/env:8ault+ &soap/env:'aultcode+...&/soap/env:'aultcode+ &soap/env:'aultstring+...&/soap/env:'aultstring+ &soap/env:detail+ &'oo:invalidProduct"d (mlns:'oo)*http://'*+ p1000 &/'oo:invalidProduct"d+ &/soap/env:detail+ &/soap/env:8ault+ &/soap/env:<od$+ &soap/env:.nvelope+

The -8#P MDaultN element tell! the caller that !omething i! (rong' The M%aultco+eN i! a L*ame acting a! an error co+e' The M%ault!tringN i! an error me!!age %or human rea+ing' The M+etailN (ill contain any in%ormation that oth !i+e! agree on' In thi! ca!e, it contain! your %ault me!!age part' To make the a ove change! to the 4-D9 %ile vi!ually, right click the Euery operation an+ choo!e J#++ DaultJ"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


Choo!e the %ault, in the Propertie! (in+o(, !et it! name to %01"

Choo!e to create a ne( me!!age"

2nter the name %or the me!!age"

-et the one an+ only part to a ne( :39 element Minvali+Pro+uctI+N' By +e%ault it !houl+ e o% type 5!+"!tring (hich i! (hat you (ant here' Create the !econ+ %ault !imilarly' -et the me!!age name to EueryInvali+Lty, !et the :39 element to Minvali+LtyN (ho!e type i! 5!+"int' Dinally it !houl+ e like"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

*e5t, create the in+ing %or the t(o %ault!' Choo!e the JGenerate Bin+ing ContentJ in the Propertie! (in+o("
Choo!e it' It repre!ent! the in+ing

in+ing an+ click

Click here

Check J8ver(rite e5i!ting in+ing in%ormationJ an+ then click JDini!hJ"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


Thi! (ill generate the in+ing portion"

&wsdl:,inding name)*<iC!ervice!%7P* t$pe)*tns:<iC!ervice*+ &soap:,inding st$le)*document* transport)*http://schemas.(* /+ &wsdl:operation name)*-uer$*+ &soap:operation soap7ction)*http://'$* /+ &wsdl:input+ &soap:,od$ use)*literal* /+ &/wsdl:input+ &wsdl:output+ &soap:,od$ use)*literal* /+ &/wsdl:output+ < sdl:2a4lt name="2#1"> <soap:2a4lt 4se="literal" name="2#1" /> </ sdl:2a4lt> < sdl:2a4lt name="2#""> <soap:2a4lt 4se="literal" name="2#"" /> </ sdl:2a4lt> &/wsdl:operation+ &/wsdl:,inding+

Dinally go into the !chema in+e5 to +elete the unu!e+ element! create+ 2clip!e"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

They (ere create+ (hen you a++e+ the %ault!

-imilarly, choo!e J4in+o( R -ho( Fie( R 8utlineJ to !ho( the outline o% the 4-D9 %ile a! !ho(n elo(' Aight click an+ +elete the unu!e+ me!!age! !uch a! EueryS%ault3!g an+ EueryS%ault3!g1"

*o(, generate the !ervice an+ client !tu ! an+ re%re!h the %ile! in 2clip!e' >ou (ill %in+ !ome ne( Bava cla!!e!"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


class Tuer$"nvalidProduct"d e(tends .(ception E "nvalidProduct"d 'ault essageI ... F

# %ault me!!age i! mappe+ to a Bava e5ception' It! one an+ only part 6an :39 element7 i! mappe+ to a %iel+' #! u!ual, an :39 element !uch a! the Minvali+Pro+uctI+N element i! mappe+ to a Bava cla!!' It (ante+ to e5ten+ -tring, ut -tring i! a %inal cla!!' -o the !tring i! mappe+ to a %iel+'

class "nvalidProduct"d E !tring invalidProduct"dI ... F class Tuer$"nvalidTt$ e(tends .(ception E "nvalidTt$ 'ault essageI ... F class "nvalidTt$ E int invalidTt$I ... F

The metho+ !ignature in BiH-ervice-keletonInter%ace ha! al!o een up+ate+ to thro( !uch e5ception!"
pu,lic inter'ace <iC!ervice!9eleton"nter'ace E pu,lic ProductTuer$Result -uer$1ProductTuer$ productTuer$4 thro s C4ery)nvalidProd4ct)dD C4ery)nvalidCtyI F pu,lic class <iC!ervice"mpl implements <iC!ervice!9eleton"nter'ace E pu,lic ProductTuer$Result -uer$1ProductTuer$ productTuer$4 thro s C4ery)nvalidProd4ct)dD C4ery)nvalidCty E ProductTuer$Result result ) new ProductTuer$Result14I Tuer$"tem#$peRS -uer$"tems ) productTuer$.getTuer$"tem14I 'or 1int i ) 0I i & -uer$"tems.lengthI iHH4 E Tuer$"tem#$pe -uer$"tem ) -uer$"temsRiSI i2 8J34ery)tem.getProd4ct)d89.startsFith8"p"99 ? C4ery)nvalidProd4ct)d 2a4lt = ne C4ery)nvalidProd4ct)d89; )nvalidProd4ct)d part = ne )nvalidProd4ct)d89; part.set)nvalidProd4ct)d834ery)tem.getProd4ct)d899; 2a4lt.set0a4lt%essage8part9; thro 2a4lt; B i2 834ery)tem.getCty89 <= #9 ? C4ery)nvalidCty 2a4lt = ne C4ery)nvalidCty89; )nvalidCty part = ne )nvalidCty89; part.set)nvalidCty834ery)tem.getCty899; 2a4lt.set0a4lt%essage8part9; thro 2a4lt; B i' 1-uer$"tem.getTt$14 &) 2004 E Result"temMt$pe0 result"tem ) new Result"temMt$pe014I result"tem.setProduct"d1-uer$"tem.getProduct"d144I result"tem.setPrice1204I result.addResult"tem1result"tem4I F F return resultI F F pu,lic class <iCDlient E

*o( mo+i%y your implementation co+e"

To !ee i% it$! (orking, mo+i%y BiHClient'?ava"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

-tart the #5i! !erver, then run the BiHClient an+ it !houl+ (ork"

pu,lic static void main1!tringRS args4 throws Remote.(ception E <iC!ervice!tu, ,iC!ervice ) new <iC!ervice!tu,14I ProductTuer$ -uer$ ) new ProductTuer$14I Tuer$"tem#$pe -uer$"tem ) new Tuer$"tem#$pe14I -uer$"tem.setProduct"d1*p01*4I -uer$"tem.setTt$11004I -uer$.addTuer$"tem1-uer$"tem4I -uer$"tem ) new Tuer$"tem#$pe14I -uer$"tem.setProduct"d1*p02*4I -uer$"tem.setTt$1("##4I -uer$.addTuer$"tem1-uer$"tem4I -uer$"tem ) new Tuer$"tem#$pe14I -uer$"tem.setProduct"d1*p03*4I -uer$"tem.setTt$1>004I -uer$.addTuer$"tem1-uer$"tem4I try ? ProductTuer$Result result ) ,iC!ervice.-uer$1-uer$4I 'or 1Result"temMt$pe0 result"tem : result.getResult"tem144 E !$stem.out.println1result"tem.getProduct"d14 H *: * H result"tem.getPrice144I F B catch 8C4ery)nvalidProd4ct)d e9 ? 'ystem.o4t.println8")nvalid prod4ct id: " : e.get0a4lt%essage89.get)nvalidProd4ct)d899; B catch 8C4ery)nvalidCty e9 ? 'ystem.o4t.println8")nvalid 3ty: " : e.get0a4lt%essage89.get)nvalidCty899; B

I% you$+ like, you can !ee the me!!age! in TCP 3onitor"

Using encoded
>ou have een (riting +ocument !tyle !ervice!' In a++ition, the part! are !ent a! JliteralJ"
... &wsdl:,inding name)*<iC!ervice!%7P* t$pe)*tns:<iC!ervice*+ &soap:,inding st$le)*doc4ment*

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


4hat +oe! literal mean!; I% you +on$t u!e literal, you may !et it to Jenco+e+J' Then #5i! (ill per%orm !ome e5tra enco+ing o% the +ata in or+er to convert it into :39' Dor e5ample, it (ill e a le to han+le multi-+imen!ion array! an+ +ata !tructure! containing loop! 6e'g', a circular linke+-li!t7' The!e kin+ o% +ata !tructure! +on$t have +irect counter-part! in :39' In %act, i% you !tart %rom a 4-D9, you (ill never get the!e +ata type! %rom the M(!+l2co+eN #nt ta!k' -o, Jenco+e+J i! u!e%ul only (hen you have !ome legacy co+e that u!e! !uch +ata !tructure! an+ you$+ like to e5po!e it a! a (e !ervice' The re!ulting :39 i! :39 ut can$t e vali+ate+ y any !chema' Thi! i! prohi ite+ in +ocument !tyle !ervice!' There%ore, in or+er to u!e Jenco+e+J, you mu!t u!e the APC !tyle' To u!e APCOenco+e+, in theory you only nee+ to change the 4-D9 an+ then generate the !tu ! again' @o(ever, a! o% #5i!2 1'0, #5i!2 +oe!n$t !upport the enco+e+ u!e a! it i! not goo+ %or interopera ility an+ i! getting pha!e+ out 6in the ne5t ver!ion o% 4-D9, namely 4-D9 2'0, only +ocumentOliteral i! !upporte+7'

transport)*http://schemas.(* /+ &wsdl:operation name)*-uer$*+ &soap:operation soap7ction)*http://'$* /+ &wsdl:input+ &soap:,od$ use)*literal* /+ &/wsdl:input+ &wsdl:output+ &soap:,od$ use)*literal* /+ &/wsdl:output+ &wsdl:'ault name)*'01*+ &soap:'ault name)*'01* use)*literal* /+ &/wsdl:'ault+ &wsdl:'ault name)*'02*+ &soap:'ault name)*'02* use)*literal* /+ &/wsdl:'ault+ &/wsdl:operation+ &/wsdl:,inding+

%eferring to existing .,L elements

Dor the moment you$re +e%ining :39 element! !uch a! Mpro+uctLueryN +irectly in the 4-D9 %ile' @o(ever, in practice, mo!t likely !uch element! are +e%ine+ y a 0r+ party !uch a! an in+u!trial con!ortium or neutral a!!ociation' -uppo!e that they are provi+e+ in a %ile purcha!ing'5!+ !uch a! thi!"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

The root element i! M!chemaN

The +e%ault name!pace i! the :39 !chema name!pace, !o you +on$t nee+ to u!e the 5!+ pre%i5 elo('

&N(ml version)*1.0* encoding)*0#8/A*N+ &schema (mlns)* L!chema* targetNamespace)** (mlns:tns)**+ &element name)*productTuer$*+ &comple(#$pe+ &se-uence+ &element name)*-uer$"tem* min%ccurs)*1* ma(%ccurs)*un,ounded* t$pe)*tns:-uer$"tem#$pe*+ &/element+ &/se-uence+ &/comple(#$pe+ &/element+ &element name)*productTuer$Result*+ &comple(#$pe+ &se-uence+ &element name)*result"tem* ma(%ccurs)*un,ounded* min%ccurs)*1*+ &comple(#$pe+ &attri,ute name)*product"d* t$pe)*string*+ &/attri,ute+ &attri,ute name)*price* t$pe)*int*+ &/attri,ute+ &/comple(#$pe+ &/element+ &/se-uence+ &/comple(#$pe+ &/element+ &comple(#$pe name)*-uer$"tem#$pe*+ &attri,ute name)*product"d* t$pe)*string*+&/attri,ute+ &attri,ute name)*-t$* t$pe)*int*+&/attri,ute+ &/comple(#$pe+ &element name)*invalidProduct"d* t$pe)*string*+&/element+ &element name)*invalidTt$* t$pe)*int*+&/element+ &/schema+

#! they are +e%ine+ y a 0r+ party, it !houl+ u!e a +i%%erent target name!pace' 9et$! a!!ume that it i! http")) ar'com)purcha!ing'

2verything el!e remain! unchange+

@o( to re%er to tho!e :39 element! in your 4-D9 %ile; Dir!t, put the purcha!ing'5!+ %ile into the !ame %ol+er a! the 4-D9 %ile 6i'e', the pro?ect root7' Then mo+i%y the 4-D9 %ile"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


>ou$re !aying" I$+ like to re%er to the :39 element! +e%ine+ in the http")) ar'org)purcha!ing name!pace' Then the :39 element! (ill e vi!i le to thi! 4-D9 %ile' Thi! i! like the import !tatement in Bava u!e+ to import a package or a cla!!' >ou +on$t nee+ to +e%ine your o(n element! anymore

@o( can the 4-D9 par!er %in+ out the :39 element! +e%ine+ there; It (ill (ork i% the per!on par!ing the 4-D9 have !et up a ta le like elo(' -uch a ta le i! calle+ an :39 catalog'
#ath to its xsd file c"Q!chemaQ%1'5!+ c"Q''' c"Q'''

/amespace http")) ar'org)purcha!ing http"))''' http"))'''

&N(ml version)*1.0* encoding)*0#8/A*N+ &wsdl:de'initions (mlns:wsdl)*http://schemas.(* (mlns:soap)*http://schemas.(* (mlns:tns)*http://'* xmlns:p="" (mlns:(sd)* L!chema* name)*<iC!ervice* targetNamespace)*http://'*+ &wsdl:t$pes+ &(sd:schema targetNamespace)*http://'* (mlns:(sd)* L!chema*+ <xsd:import namespace="" schema&ocation="p4rchasing.xsd"> </xsd:import> #! you$ll e giving a(ay thi! 4-D9 to many people, it &(sd:element name)*productTuer$*+ may e too +i%%icult to a!k everyone to !et up the :39 ... catalog' -o you may !imply +i!tri ute the :-D %ile an+ &/(sd:element+ make !ure it i! in the !ame %ol+er a! the 4-D9 %ile an+ ... !peci%y the relative path here' In a++ition to the :39 &/(sd:schema+ catalog, their 4-D9 proce!!or (ill %ollo( thi! path to &/wsdl:t$pes+ %in+ the :-D %ile' &wsdl:message name)*-uer$Re-uest*+ &wsdl:part name)*parameters* element)*p:productTuer$* /+ &/wsdl:message+ &wsdl:message name)*-uer$Response*+ &wsdl:part name)*parameters* element)*p:productTuer$Result* /+ &/wsdl:message+ &wsdl:message name)*-uer$"nvalidProduct"d*+ &wsdl:part name)*NewPart* element)*p:invalidProduct"d* /+ &/wsdl:message+ &wsdl:message name)*-uer$"nvalidTt$*+ &wsdl:part name)*NewPart* element)*p:invalidTt$* /+ &/wsdl:message+ &wsdl:port#$pe name)*<iC!ervice*+ The element! are no( +e%ine+ in ... another name!pace &/wsdl:port#$pe+ &wsdl:,inding name)*<iC!ervice!%7P* t$pe)*tns:<iC!ervice*+ ... &/wsdl:,inding+ &wsdl:service name)*<iC!ervice*+ ... &/wsdl:service+ &/wsdl:de'initions+

3o+i%y uil+'5ml"


Chapter = -en+ing an+ receiving comple5 +ata !tructure!

&proGect ...+ #! the :39 element! are in the ... http")) ar'org)purcha!ing name!pace, &target name)*generate/service*+ &wsdl2code you may (ant to map it to a Bava wsdl'ilename)*OEnameF.wsdl* package' serverside)*true* generateservice(ml)*true* -eparate them y a comma s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages) *http://',iCD*.p4rchasing* targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true*/+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* >ou coul+ +o the !ame thing %or the replace)*OEnameF"mpl*/+ client, ut y +e%ault the :39 element! &/target+ (ill e mappe+ to inner cla!!e! o% the &target name)*generate/client*+ client !tu ' -o you +on$t nee+ to !peci%y &wsdl2code a package %or them' wsdl'ilename)*OEnameF.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)*http://',iC.client* targetsource'olderlocation)*src* overwrite)*true*/+ &/target+ &/proGect+

Delete all the Bava %ile! generate+' That i!, all %ile! e5cept your BiH-erviceImpl an+ BiHClient' #l!o +elete all the %ile! in 32T#-I*D' Aun uil+'5ml' >ou !houl+ !ee the %ollo(ing output in the con!ole"
<uild'ile: D:Kwor9spaceK<iC!erviceK,uild.(ml generate/service: @ sdl"codeA Retrieving schema at Kp4rchasing.xsdKD relative to K2ile:/<:/ or=space/Hi*'ervice/K. generate/client: @ sdl"codeA Retrieving schema at Kp4rchasing.xsdKD relative to K2ile:/<:/ or=space/Hi*'ervice/K. <0"L5 !0DD.!!80L #otal time: 10 seconds

Ae%re!h the pro?ect' *ote that the :-D %ile (ill have een copie+ into the 32T#I*D %ol+er to e acce!!e+ y potential client!"

Chapter = -en+ing an+ receiving comple5 +ata !tructure!


It ha! een rename+ too

The BiH-erviceImpl cla!! !houl+ !till e in error a! the :39 element cla!!e! are no( in a +i%%erent package' Di5 thi!' Dor e5ample, in 2clip!e, open the BiH-erviceImpl %ile an+ pre!! Ctrl--hi%t-8 an+ then choo!e the cla!!e! in the com'tt+ev' iH'purcha!ing package 6+o *8T choo!e tho!e inner cla!!e! in the com'tt+ev' iH'client'BiH-ervice-tu 7"

Aun the BiHClient an+ it !houl+ continue to (ork'


Chapter = -en+ing an+ receiving comple5 +ata !tructure!


(&L files using 0TT#

To really !imulate the client !i+e, it !houl+ retrieve the 4-D9 %ile u!ing http"))localho!t"8080)a5i!2)!ervice!)BiH-ervice;(!+l in!tea+ o% a local %ile' It !houl+ al!o e a le to retrieve the :-D %ile automatically' To veri%y that, mo+i%y uil+'5ml"
&proGect ...+ ... &target name)*generate/client*+ &wsdl2code wsdl'ilename)*http://localhost:1#1#/axis"/services/Hi*'ervice- sdl* s9ip,uild(ml)*true* namespacetopac9ages)*http://',iC.client* targetsource'olderlocation)*src* overwrite)*true*/+ &/target+ &/proGect+

3ake !ure the #5i! !erver i! running' Then run uil+'5ml to generate the client !tu again' It !houl+ (ork an+ +i!play !omething like that in the con!ole"
<uild'ile: D:Kwor9spaceK<iC!erviceK,uild.(ml generate/client: @ sdl"codeA Retrieving schema at KHi*'ervice-xsd=xsd#.xsdKD relative to Khttp://localhost:1#1#/axis"/services/K. <0"L5 !0DD.!!80L #otal time: @ seconds

Aun the client an+ it !houl+ continue to (ork'

>ou can %reely u!e :39 !chema element! to e5pre!! comple5 +ata !tructure!' The M(!+l2co+eN #nt ta!k (ill tran!late them into Bava type!' Dor etter per%ormance, you !houl+ +e!ign the inter%ace! o% your (e !ervice operation! !o that more +ata i! !ent in a me!!age' To report an error %rom your operation, +e%ine a me!!age in the 4-D9 %ile an+ u!e it a! a %ault me!!age in the operation' Then a++ a corre!pon+ing chil+ element in the -8#P in+ing to !tore it into the -8#P Dault element' The %ault me!!age !houl+ contain one an+ only one part (hich i! an :39 element +e!cri ing the %ault' The M(!+l2co+eN #nt ta!k (ill map a %ault me!!age to a Bava e5ception cla!! an+ the part a! a %iel+' The operation (ill e mappe+ to a Bava metho+ thro(ing that e5ception' I% you nee+ to !en+ (eir+ +ata !tructure!, you can u!e APCOenco+e+ ut interopera ility (ill e a%%ecte+' The enco+e+ u!e i! not !upporte+ y #5i!2 a! o% 1'0' I% you have e5i!ting :39 element! in an :-D %ile that you$+ like to u!e in a 4-D9 %ile, you can u!e MimportN to import them' >ou can !peci%y the relative path to the :-D %ile !o that the 4-D9 par!er can %in+ it'


Chapter 7
Chapter '

Sending binar( files


Chapter / -en+ing inary %ile!

hat!s in this chapter"

In thi! chapter you$ll learn ho( to receive an+ return !ervice' inary %ile! in your (e

#roviding the image of a product

-uppo!e that you$+ like to have a (e !ervice to allo( people to uploa+ the image 6?peg7 o% a pro+uct 6i+enti%ie+ y a pro+uct i+7' The -8#P me!!age may e like"
&.nvelope+ &<od$+ &upload"mage+ &product"d+p01&/product"d+ &image+9du,nA@9amlnd$...&/image+ &/upload"mage+ &/<od$+ &/.nvelope+ Typically inary +ata !uch a! the image i! enco+e+ u!ing the a!e=< enco+ing

The pro lem i! that the a!e=< enco+e+ +ata (ill e much larger than the inary ver!ion' Thi! (a!te! proce!!ing time, net(ork an+(i+th an+ tran!mi!!ion time' In %act, i% the image i! huge, then many :39 par!er! may not e a le to han+le it properly' To !olve thi! pro lem, in!tea+ o% al(ay! repre!enting an :39 +ocument a! te5t, people !tate that it can e repre!ente+ a! a 3I32 me!!age' Dor e5ample, the a ove :39 +ocument 6-8#P envelope7 can e repre!ente+ a! elo( (ithout changing it! meaning"

Chapter / -en+ing inary %ile!


Thi! i! a 3I32 me!!age' It can contain multiple part!' @ere it contain! 2 part!' Thi! 3I32 me!!age repre!ent! the :39 +ocument 6the -8#P envelope7' Dontent/#$pe: ultipart/Related # part that contain! the JcoreJ o% the :39 +ocument a! te5t

// " . ,oundar$ Dontent/#$pe: te(t/(ml &.nvelope+ Thi! i! the 5op name!pace' &<od$+ &upload"mage+ 5op !tan+! %or :39- inary &product"d+p01&/product"d+ optimiHe+ packaging' &image+ &(op:"nclude (mlns:(op)** hre')*cid:a,c*/+ &/image+ Ae%er to the actual &/upload"mage+ +ata y content i+ &/<od$+ &/.nvelope+ // " . ,oundar$ Dontent/#$pe: image/Gpeg Dontent/"5: a,c ...,inar$ data here... ... // " . ,oundar$

Binary +ata i! allo(e+ in a 3I32 part

# part that contain! inary +ata 6the image7

To implement thi! i+ea, create a ne( pro?ect name+ Image-ervice a! u!ual 6>ou may copy an ol+ one' I% !o, change the linke+ %ol+er7' 3o+i%y the 4-D9 %ile"


Chapter / -en+ing inary %ile!

C!e a urn a! the target name!pace <-xml version="1.#" encoding="./0(1"-> < sdl:de2initions xmlns: sdl=" sdl/" xmlns:soap=" sdl/soap/" xmlns:tns="" xmlns:xsd="http:// . !.org/"##1/$%&'chema" name=")mage'ervice" targetNamespace=""> < sdl:types> <xsd:schema targetNamespace="" xmlns:xsd="http:// . !.org/"##1/$%&'chema"> <xsd:element name="4pload)mage"> <xsd:complex/ype> <xsd:se34ence> <xsd:element name="prod4ct)d" type="xsd:string" /> <xsd:element name="image" type="xsd:5ase,EHinary" /> </xsd:se34ence> </xsd:complex/ype> It (ill contain inary +ata' It i! a!ically to </xsd:element> e enco+e+ u!ing a!e=<' 9ater you (ill </xsd:schema> tell #5i! to u!e :8P %or it' </ sdl:types> < sdl:message name="4pload)mageRe34est"> < sdl:part name="parameters" element="tns:4pload)mage" /> </ sdl:message> The operation +oe!n$t return anything, < sdl:port/ype name=")mage'ervice"> !o there i! no output me!!age' < sdl:operation name="4pload)mage"> < sdl:inp4t message="tns:4pload)mageRe34est" /> </ sdl:operation> </ sdl:port/ype> < sdl:5inding name=")mage'ervice'67P" type="tns:)mage'ervice"> <soap:5inding style="doc4ment" transport="" /> < sdl:operation name="4pload)mage"> <soap:operation soap7ction="" /> < sdl:inp4t> <soap:5ody 4se="literal" /> </ sdl:inp4t> </ sdl:operation> </ sdl:5inding> < sdl:service name=")mage'ervice"> < sdl:port 5inding="tns:)mage'ervice'67P" name=")mage'ervice'67P"> <soap:address location="http://localhost:1#1#/axis"/services/)mage'ervice" /> </ sdl:port> </ sdl:service> </ sdl:de2initions>

#lthough thi! i! not reEuire+, it u!e! the (rappe+ convention' *e5t, up+ate uil+'5ml"
&N(ml version)*1.0* encoding)*0#8/A*N+ &proGect ,asedir)*.* de'ault)*Gar.server*+ ... &propert$ name)*name* value)*)mage'ervice* /+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* serverside)*true*

Chapter / -en+ing inary %ile!


Generate the !ervice !tu an+ client !tu ' Check the implementation cla!!"
pu,lic class "mage!ervice!9eleton implements "mage!ervice!9eleton"nter'ace E pu,lic void upload"mage1 Gava.lang.!tring product"d13 Gava(.activation.5ata;andler image24 E F F

generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true* unwrap)*true* /+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* replace)*OEnameF"mpl* /+ &/target+ &target name)*generate/client*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)** targetsource'olderlocation)*src* overwrite)*true* unwrap)*true* /+ &/target+ &/proGect+

*ote that the inary image +ata i! pre!ente+ a! a Data@an+ler o ?ect' To rea+ the +ata %rom it, create an Image-erviceImpl cla!!"
# Data@an+ler repre!ent! a 3I32 part a ove" It ha! a content type an+ !ome +ata 6 yte!7' p45lic class )mage'ervice)mpl implements )mage'ervice'=eleton)nter2ace ? Thi! i! ho( you get the content type %rom a Data@an+ler p45lic void 4pload)mage8'tring prod4ct)dD LataMandler image9 ? 'ystem.o4t.println8image.get<ontent/ype899; Thi! i! ho( you get the +ata %rom a try ? )np4t'tream in = image.get)np4t'tream89; Data@an+ler 'tring imageLir = "c:/tmp"; 0ile64tp4t'tream o4t = ne 0ile64tp4t'tream8ne 0ile8imageLirD prod4ct)d99; try ? 5yte 542@A = ne 5yte@1#"EA; 2or 8;;9 ? int noHytesRead = in.read85429; o4t. rite8542D #D noHytesRead9; i2 8noHytesRead < 542.length9 ? 5rea=; B B Copy the ?peg %ile +ata into c"Qtmp' B 2inally ? The %ile i! name+ a%ter the pro+uct o4t.close89; i+ 6e'g', c"QtmpQp017' B B catch 8)6Exception e9 ? thro ne R4ntimeException8e9; B B

Create an ImageClient'?ava %ile in the client package" -tart the #5i! !erver 6i% it i! not yet !tarte+7' Create the c"Qtmp %ol+er' Aun the


Chapter / -en+ing inary %ile!

import >avax.activation.LataMandler; import >avax.activation.Lata'o4rce; import >avax.activation.0ileLata'o4rce;

Critical point" 2na le 3T83' 3T83 !tan+! %or me!!age tran!mi!!ion optimiHation mechani!m' It mean! the !ame thing a! :8P (hen it i! applie+ to -8#P me!!age!' The e%%ect i!, (henever it nee+! to !en+ a!e=< enco+e+ +ata, it (ill !en+ it u!ing :8P'

p45lic class )mage<lient ? p45lic static void main8'tring@A args9 thro s RemoteException ? )mage'ervice't45 service = ne )mage'ervice't4589; service.Iget'ervice<lient89.get6ptions89.setProperty8 <onstants.<on2ig4ration.EN7H&EI%/6%D "tr4e"9; Lata'o4rce so4rce = ne 0ileLata'o4rce8"c:/axis/docs/xdocs/1I!/images/axis.>pg"9; LataMandler handler = ne LataMandler8so4rce9; service.4pload)mage8"p#1"D handler9; >ou nee+ to make !ure thi! 'ystem.o4t.println8"LoneJ"9; %ile e5i!t! B B Create a Data@an+ler o ?ect that Create a Data-ource o ?ect that (ill rea+ the +ata %rom the %ile' It rea+! that Data-ource o ?ect (ill al!o %in+ out the 3I32 type 6image)?peg in thi! ca!e7 %rom the %ile e5ten!ion 6'?pg7'

client' Then check c"Qtmp an+ you !houl+ %in+ a ne( %ile p01 there' >ou can veri%y that it$! a copy o% a5i!'?pg y opening it in a ro(!er"

To e !ure that it i! u!ing :8P, u!e the TCP 3onitor' >ou !houl+ !ee"

Chapter / -en+ing inary %ile!


3I32 me!!age 6multipart)relate+7

Ae%er to the inary +ata u!ing ci+ 6content i+7

The inary +ata

)nabling ,T-, in the service

Dor the moment, it i! your client that nee+! to !en+ a %ile' I% it (a! your (e !ervice that nee+e+ to +o that, you (oul+ nee+ to ena le 3T83 in the !ervice' To +o that, mo+i%y !ervice!'5ml"
&N(ml version)*1.0* encoding)*0#8/A*N+ &serviceQroup+ &service name)*"mage!ervice*+ &messageReceivers+ &messageReceiver mep)*$*... /+ &/messageReceivers+ &parameter name)*!erviceDlass*+ com.ttdev.image."mage!ervice"mpl &/parameter+ &parameter name)*use%riginalwsdl*+true&/parameter+ &parameter name)*modi'$0ser6!5LPort7ddress*+true&/parameter+ <parameter name="ena5le%/6%">tr4e</parameter> &operation name)*upload"mage* mep)*$*+ &action"mage&/action apping+ &/operation+ &/service+ &/serviceQroup+

*ote that no matter the !etting i! there or not, the !ervice can al(ay! han+le incoming me!!age! u!ing 3T83' Thi! !etting a%%ect! it! outgoing me!!age! only'

I% you nee+ to !en+ inary %ile! to other!, make !ure the other !i+e !upport!


Chapter / -en+ing inary %ile!

3T83' Dor e5ample, %or '*2T, 3T83 i! !upporte+ (ith 4-2 64e -ervice! 2nhancement!7 0'0 or later'

:8P !tore! :39 element! that i! o% the type 5!+" a!e=<Binary a! 3I32 part! an+ repre!ent! the (hole :39 +ocument a! a 3I32 me!!age' 4hen the :39 +ocument i! a -8#P envelope, it i! calle+ 3T83' To receive a inary %ile u!ing 3T83, i% the receiver i! (ritten (ith #5i!2, %or ma5imum interopera ility, it can al(ay! han+le incoming me!!age! u!ing 3T83 (ithout any con%iguration' To !en+ a inary %ile u!ing 3T83, ena le 3T83 in the !en+er'


Chapter 8
Chapter )

Invo*ing length( operations


Chapter 8 Invoking lengthy operation!

hat!s in this chapter"

4hat i% your (e !ervice involve! manual proce!!ing that coul+ take +ay! to %ini!h; In thi! chapter you$ll learn (hat the pro lem! are an+ ho( to +eal (ith them'

#roviding lengthy operations

-uppo!e that you have a (e !ervice that proce!!e! u!ine!! regi!tration reEue!t! an+ that each reEue!t mu!t e manually revie(e+ y a human eing e%ore it i! approve+' Then a u!ine!! regi!tration num er i! provi+e+ to the client' The pro lem i! that thi! revie( proce!! coul+ take +ay! an+ the (e !ervice client (ill e kept (aiting %or the @TTP re!pon!e 6a!!uming it i! u!ing -8#P over @TTP7"
AeEue!t Client *o re!pon!eP 4e !ervice

In that ca!e, the @TTP client co+e in the client (ill think !omething may e (rong in the !erver' In or+er to avoi+ hol+ing up the re!ource! u!e+ y the connection, it (ill time out an+ terminate the connection' To !olve thi! pro lem 6!ee the +iagram elo(7, you can tell the client to !en+ a reEue!t an+ then imme+iately li!ten on a port %or incoming connection' 8n the !erver !i+e, the (e !ervice (ill imme+iately return a !hort re!pon!e !aying that the reEue!t ha! een receive+ %or proce!!ing 6not approve+ yet7, then create a ne( threa+ to (ait %or the manual approval 6!o that the (e !ervice i! %ree to !erve other reEue!t!7' 4hen that threa+ get! the manual approval, it connect! to the client an+ tell! it that it ha! een approve+ an+ tell! it the u!ine!! regi!tration num er"
" Create a ne( threa+ to per%orm the lengthy proce!!ing 6here, (ait %or the manual approval7 Threa+

1" -en+ a reEue!t Client

4e !ervice a" >our reEue!t ha! een receive+

2" 9i!ten %or incoming connection

c" It i! approve+ an+ your regi!tration num er i! 120'

@o(ever, in !tep c a ove, ho( +oe! it kno( the ho!t name an+ port o% the client; There%ore, (hen the client !en+! the reEue!t 6!ee the +iagram elo(7, it coul+ pick a ran+om port an+ then inclu+e it! ho!t name an+ the port num er in the reply-to CA9 an+ inclu+e that CA9 in a -8#P hea+er entry' Thi! (ay, the

Chapter 8 Invoking lengthy operation!


ackgroun+ threa+ create+ y the (e !ervice can !en+ the re!ult to that CA9' Thi! i! very much like having a Drom a++re!! or Aeply-To a++re!! in an email' Thi! i! calle+ J4--#++re!!ingJ"
2" 4hen !en+ing the -8#P me!!age, a++ a hea+er entry to tell the reply-to CA9' &.nvelope+ &;eader+ <Reply(/o> http://localhost:!!EE </Reply(/o> &/;eader+ &<od$+ &re-uest+ ... &/re-uest+ &/<od$+ &/.nvelope+ Client a" AeEue!t accepte+ 4e !ervice

" Create ne( threa+ Threa+

1" Pick a ran+om port 6!ay 00<<7 an+ li!ten on it

c" -en+ the real re!ult to http"))localho!t"00<<

@o(ever, there i! !till a pro lem' I% the client !en+! multiple reEue!t! to the (e !ervice or to +i%%erent (e !ervice!, i% it open! a ne( port %or each reEue!t, then it (ill u!e a lot o% port! an+ (ill (a!te a lot o% re!ource!' There%ore, it (ill open a !ingle port only an+ let a !ingle ackgroun+ threa+ li!tening on it"


Chapter 8 Invoking lengthy operation!

0" -en+ the reEue!t &.nvelope+ &;eader+ <Reply(/o> http://localhost:,#,# </Reply(/o> &/;eader+ ... &/.nvelope+ Client 1" I! the ackgroun+ threa+ running; I% no, !tart it' Threa+ a" AeEue!t accepte+ 4e !ervice

" Create ne( threa+ Threa+

c" -en+ the real re!ult to http"))localho!t"=0=0 2" #l(ay! li!ten on a !ingle port 6=0=0 y +e%ault7

@o(ever, i% multiple reEue!t! (ere !ent, then multiple re!pon!e! (ill arrive' Then in !tep c a ove, ho( can the ackgroun+ threa+ tell the re!pon!e i! %or (hich reEue!t;
&.nvelope+ &<od$+ &registerResponse+ &regNo+,111222&/regNo+ &/registerResponse+ &/<od$+ &/.nvelope+ &.nvelope+ &<od$+ &registerResponse+ &regNo+,111223&/regNo+ &/registerResponse+ &/<od$+ &/.nvelope+ ...



To !olve thi! pro lem, (hen !en+ing the reEue!t, the client (ill generate a uniEue me!!age ID 6e'g', m0017 an+ inclu+e it in a hea+er lock 6!ee the +iagram elo(7' 4hen the (e !ervice generate! the re!pon!e me!!age, it (ill copy the me!!age ID m001 into the MAelate!-ToN hea+er lock' Thi! (ay, (hen the ackgroun+ threa+ receive! the re!pon!e, it kno(! that it i! the re!pon!e %or reEue!t m001"

Chapter 8 Invoking lengthy operation!


&.nvelope+ &;eader+ <%essage()L>m##1</%essage()L> &Repl$/#o+... &/Repl$/#o+ &/;eader+ ... &/.nvelope+ Client

It (ill ha! it! o(n me!!age ID ut it i! not u!e+ here

It i! a reply to m001


&.nvelope+ &;eader+ <Relates(/o>m##1</Relates(/o> <%essage()L>----</%essage()L> &/;eader+ &<od$+ &registerResponse+ &regNo+,111222&/regNo+ &/registerResponse+ &/<od$+ &/.nvelope+ &.nvelope+ &;eader+ <Relates(/o>m##"</Relates(/o> <%essage()L>----</%essage()L> &/;eader+ &<od$+ &registerResponse+ &regNo+,111223&/regNo+ &/registerResponse+ &/<od$+ &/.nvelope+

#ll the!e MAeply-ToN, M3e!!age-IDN, MAelate!-ToN hea+er lock! are part o% the 4--#++re!!ing !tan+ar+'

Creating the

(&L for business registrations

To implement thi! i+ea, create a ne( pro?ect name+ 3anual-ervice a! u!ual 6>ou may copy an ol+ one' I% !o, change the linke+ %ol+er7' 3o+i%y the 4-D9 %ile"


Chapter 8 Invoking lengthy operation!

C!e thi! urn a! the target name!pace <-xml version="1.#" encoding="./0(1"-> < sdl:de2initions xmlns: sdl=" sdl/" xmlns:soap=" sdl/soap/" xmlns:tns="*/reg" xmlns:xsd="http:// . !.org/"##1/$%&'chema" name="%an4al'ervice" targetNamespace="*/reg"> < sdl:types> <xsd:schema targetNamespace="*/reg" xmlns:xsd="http:// . !.org/"##1/$%&'chema"> <xsd:element name="register"> Thi! i! the reEue!t' It contain! the u!ine!! <xsd:complex/ype> name an+ the i+ o% the u!ine!! o(ner' <xsd:se34ence> <xsd:element name="5i*Name" type="xsd:string" /> <xsd:element name="o ner)d" type="xsd:string" /> </xsd:se34ence> Thi! i! the re!pon!e' It contain! either an </xsd:complex/ype> Mapprove+N or a Mre?ecte+N element' </xsd:element> <xsd:element name="registerResponse"> <xsd:complex/ype> <xsd:choice> MchoiceN !ay! that <xsd:element re2="tns:approved"></xsd:element> <xsd:element re2="tns:re>ected"></xsd:element> one an+ only one Ae%er! to thi! element elo( (ill </xsd:choice> </xsd:complex/ype> element e there </xsd:element> <xsd:element name="approved" type="xsd:string"></xsd:element> <xsd:element name="re>ected" type="xsd:string"></xsd:element> </xsd:schema> </ sdl:types> &registerResponse+ ... &approved+123&/approved+ </ sdl:de2initions> &/registerResponse+ &registerResponse+ &reGected+,usiness name in use&/reGected+ &/registerResponse+

To create the MchoiceN vi!ually, right click the 6regi!terAe!pon!eType7 an+ choo!e J#++ ChoiceJ"

Chapter 8 Invoking lengthy operation!


Then it (ill ecome"

Thi! !ym ol repre!ent! the MchoiceN

Aight click the MchoiceN !ym ol an+ choo!e J#++ 2lement Ae%J"

Then it (ill look like"


Chapter 8 Invoking lengthy operation!

I% you have alrea+y create+ the Mapprove+N an+ Mre?ecte+N element!, they may appear %or !election'

I% you have create+ the Mapprove+N an+ Mre?ecte+N element!,they may appear %or !election, or you can choo!e JBro(!eJ to !elect one o% them' I% you haven$t create+ them yet, choo!e J*e(J to create them' The re!t o% the 4-D9 %ile i! a! u!ual"
&N(ml version)*1.0* encoding)*0#8/A*N+ &wsdl:de'initions (mlns:wsdl)*http://schemas.(* (mlns:soap)*http://schemas.(* (mlns:tns)*urn:',iC/reg* (mlns:(sd)* L!chema* name)* anual!ervice* targetNamespace)*urn:',iC/reg*+ &wsdl:t$pes+ &(sd:schema targetNamespace)*urn:',iC/reg* (mlns:(sd)* L!chema*+ &(sd:element name)*register*+ &(sd:comple(#$pe+ &(sd:se-uence+ &(sd:element name)*,iCName* t$pe)*(sd:string* /+ &(sd:element name)*owner"d* t$pe)*(sd:string* /+ &/(sd:se-uence+ &/(sd:comple(#$pe+ &/(sd:element+ &(sd:element name)*registerResponse*+ &(sd:comple(#$pe+ &(sd:choice+ &(sd:element re')*tns:approved*+&/(sd:element+ &(sd:element re')*tns:reGected*+&/(sd:element+ &/(sd:choice+ &/(sd:comple(#$pe+ &/(sd:element+ &(sd:element name)*approved* t$pe)*(sd:string*+&/(sd:element+ &(sd:element name)*reGected* t$pe)*(sd:string*+&/(sd:element+ &/(sd:schema+ &/wsdl:t$pes+ < sdl:message name="registerRe34est"> < sdl:part name="parameters" element="tns:register" /> </ sdl:message> < sdl:message name="registerResponse"> < sdl:part name="parameters" element="tns:registerResponse"></ sdl:part> </ sdl:message> < sdl:port/ype name="%an4al'ervice"> < sdl:operation name="register"> < sdl:inp4t message="tns:registerRe34est" /> < sdl:o4tp4t message="tns:registerResponse" /> </ sdl:operation> </ sdl:port/ype> < sdl:5inding name="%an4al'ervice'67P" type="tns:%an4al'ervice"> <soap:5inding style="doc4ment" transport="" /> < sdl:operation name="register">

Chapter 8 Invoking lengthy operation!


*e5t, up+ate uil+'5ml"

<soap:operation soap7ction="*/reg/register" /> < sdl:inp4t> <soap:5ody 4se="literal" /> </ sdl:inp4t> < sdl:o4tp4t> <soap:5ody 4se="literal" /> </ sdl:o4tp4t> </ sdl:operation> </ sdl:5inding> < sdl:service name="%an4al'ervice"> < sdl:port 5inding="tns:%an4al'ervice'67P" name="%an4al'ervice'67P"> <soap:address location="http://localhost:1#1#/axis"/services/%an4al'ervice" /> </ sdl:port> </ sdl:service> &/wsdl:de'initions+ &N(ml version)*1.0* encoding)*0#8/A*N+ &proGect ,asedir)*.* de'ault)*Gar.server*+ ... &propert$ name)*name* value)*%an4al'ervice* /+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)**/reg=gov.2a=e.5i*reg* targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true* unwrap)*true* /+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* replace)*OEnameF"mpl* /+ &/target+ &target name)*generate/client*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)**/reg=gov.2a=e.5i*reg.client* targetsource'olderlocation)*src* overwrite)*true* unwrap)*true* /+ &/target+ &/proGect+

Becau!e the re!pon!e u!e! a MchoiceN, you can$t u!e the (rap convention anymore' Then, generate the !ervice !tu an+ client !tu ' #ll the!e are pretty !tan+ar+ !tu%%' The ne5t !tep i! to make the (e !ervice create a ne( threa+ %or lengthy proce!!ing'

Creating a new thread for lengthy processing

In or+er to let the (e !ervice create a ne( threa+ to +o the lengthy proce!!ing, you nee+ to un+er!tan+ the concept o% me!!age receiver in #5i!' There i! a me!!age receiver %or each (e !ervice' 4hen a reEue!t %or your (e !ervice arrive! 6!ee the +iagram elo(7, the me!!age receiver (ill e han+e+ the me!!age' It (ill check your !ervice!'5ml %ile to %in+ out the implementation cla!!


Chapter 8 Invoking lengthy operation!

name 6gov'%ake' iHreg'3anual-erviceImpl here7' Then it (ill create an in!tance o% thi! cla!!, convert :39 to Bava o ?ect!, pa!! them a! parameter! to the right metho+ on that o ?ect in!tance' Dinally, it convert! the return value ack to :39 an+ return it in a re!pon!e"
1" # reEue!t arrive! 3e!!age receiver 5" -en+ a re!pon!e 2" 4hat$! the Bava cla!! to u!e; <" Convert :39 to Bava o ?ect! 6a! parameter!7, call the right metho+ an+ convert return value ack to :39' 0" Create an in!tance o% thi! cla!! 3anual-erviceImpl

!ervice!'5ml &service name)* anual!ervice*+ &parameter name)*!erviceDlass*+ gov.'a9e.,iCreg. anual!ervice"mpl &/parameter+ &/service+

#ll the!e are happening in the !ame threa+ y +e%ault' *o(, you (ill tell your me!!age receiver to create a ne( threa+ to call your implementation cla!!, (hile returning an Jaccepte+J re!pon!e at the !ame time' To +o that, you can mo+i%y your me!!age receiver, (hich i! the 3anual-ervice3e!!ageAeceiverIn8ut cla!! generate+ y the M(!+l2co+eN #nt ta!k"
4hen a reEue!t 6me!!age7 arrive!, thi! metho+ (ill e calle+' >ou$re no( overri+ing it' import org.apache.axis".7xis0a4lt; import org.apache.axis".context.%essage<ontext; pu,lic class anual!ervice essageReceiver"n%ut e(tends 7,stract"n%ut!$nc essageReceiver E p45lic void receive8%essage<ontext message<tx9 thro s 7xis0a4lt ? message<tx.setProperty8L6I7'NN<D "tr4e"9; s4per.receive8message<tx9; Tell the parent cla!! that B the me!!age !houl+ e pu,lic void invo9e<usinessLogic1 han+le+ a!ynchronou!ly' ... F F Thi! metho+ (ill per%orm +ata +eco+ing an+ enco+ing an+ call your implementation cla!!' *o( it (ill e e5ecute+ in a ne( threa+'

Create 3anual-erviceImpl'?ava to implement your (e !ervice"

Chapter 8 Invoking lengthy operation!


Aeturn a har+-co+e+ regi!tration num er %or no( p45lic class %an4al'ervice)mpl implements %an4al'ervice'=eleton)nter2ace ? p45lic RegisterResponse register8Register register9 ? 'ystem.o4t.println8"Oot re34est"9; 'tring regNo = "1"!"; try ? -leep %or %ive !econ+! to /hread.sleep8+###9; !imulate human revie( B catch 8)nterr4ptedException e9 ? B RegisterResponse response = ne RegisterResponse89; response.set7pproved8regNo9; ret4rn response; B B

*o( the me!!age receiver (ill call your regi!ter67 metho+ in a ne( threa+' The ne5t !tep i! to (ork on the client" It !houl+ kick !tart the ackgroun+ threa+ an+ inclu+e the MAeply-ToN an+ M3e!!age-IDN hea+er! in the reEue!t'

Creating an asynchronous client

To create the client, create a BiHAegClient'?ava %ile in the client package"


Chapter 8 Invoking lengthy operation!

To enco+e the reply-to CA9 an+ me!!age ID u!ing the 4--#++re!!ing !tan+ar+, #5i! provi+e! a Jmo+uleJ to +o that' Thi! mo+ule i! name+ Ja++re!!ingJ' >ou can !imply ena le 6JengageJ7 it'

p45lic class Hi*Reg<lient ? p45lic static void main8'tring@A args9 thro s RemoteException ? %an4al'ervice't45 st45 = ne %an4al'ervice't4589; 'ervice<lient service<lient = st45.Iget'ervice<lient89; service<lient.engage%od4le8"addressing"9; 6ptions options = service<lient.get6ptions89;'eparate&istener8tr4e9; The ackgroun+ threa+ (ill Register re34est = ne Register89; e5tract the re!pon!e an+ pa!! re34est.setHi*Name8"0oo &td."9; it to your call ack re34est.set6 ner)d8"Pent"9; %an4al'ervice<all5ac=Mandler call5ac= = ne %an4al'ervice<all5ac=Mandler89 ? p45lic void receiveRes4ltregister8RegisterResponse res4lt9 ? 'ystem.o4t.println8"Oot res4lt: " : res4lt.get7pproved899; B B; st45.startregister8re34estD call5ac=9; 'ystem.o4t.println8"Re34est sent"9; B B -en+ the reEue!t an+ return imme+iately Thi! i! the critical !tep' It cau!e! the client to kick !tart the ackgroun+ threa+ to li!ten on port =0=0 %or the re!pon!e' Conceptually, the ackgroun+ threa+ maintain! an internal ta le like thi!" Call ack1

Internally the !tu u!e! thi! o ?ect to call the (e !ervice

3e!!age ID m001 m002 '''

Call ack


Call ack2

4hen it receive! a re!pon!e an+ %in+! that it i! relate+ to m001, it (ill call the call ack %or m001'

*ote the +i%%erence et(een Ju!ing a call ackJ an+ Ju!ing a !eparate li!tenerJ' C!ing a call ack mean! the #PI i! a!ynchronou!, no matter one or t(o @TTP connection! are u!e+' Dor e5ample, you can u!e a call ack (ithout u!ing a !eparate li!tener"
1" Call it (ithout (aiting %or the re!ult 6provi+e a call ack o ?ect7 Client !tu 2" It u!e! a !ingle @TTP connection 6!ynchronou!7 to invoke the (e !ervice an+ (ait %or the re!pon!e'

>our co+e

4e !ervice

Call ack 0" Call the call ack

In thi! ca!e, the #PI i! a!ynchronou! an+ your co+e !eem! to e a!ynchronou!, ut a! only one @TTP connection i! u!e+, it i! !till !u ?ect to the timeout pro lem' -o thi! i! !uita le (hen the proce!!ing i! not too lengthy

Chapter 8 Invoking lengthy operation!


6(on$t cau!e a timeout7 an+ your client co+e really (ant! to procee+ (ithout getting the re!ult imme+iately' >ou$ve alrea+y !een the ca!e o% u!ing a call ack an+ a !eparate li!tener 6 u!ine!! regi!tration7' Thi! i! the ultimate a!ynchronou! !ituation' It i! goo+ %or lengthy proce!!ing (hen your client co+e can procee+ (ithout getting the re!ult' >ou$ve al!o !een the ca!e o% not u!ing a call ack an+ not u!ing a !eparate li!tener 6the normal ca!e7' Thi! i! the ultimate !ynchronou! !ituation' It i! goo+ %or %a!t proce!!ing an+ your client co+e nee+! to (ait %or the re!ult' Dinally, it i! al!o po!!i le to not u!e a call ack (hile u!ing a !eparate li!tener"
1" Call it an+ (ait %or the re!ult >our co+e Client !tu 2" -en+ a reEue!t 4e !ervice

<" 8K to return

Backgroun+ threa+

0" -en+ the re!pon!e

Thi! i! goo+ %or lengthy proce!!ing (hen your client co+e mu!t (ait %or the re!ult e%ore procee+ing' *o( the client i! +one' Dor the (e !ervice to +eco+e the me!!age ID an+ reply-to CA9 %rom the -8#P me!!age, you nee+ to engage the a++re!!ing mo+ule in the (e !ervice' Thi! i! the ca!e y +e%ault' >ou can veri%y that in glo al con%iguration %ile %or #5i!, c"Qa5i!Qcon%Qa5i!2'5ml"
&a(iscon'ig name)*7(isJava2.0*+ ... <mod4le re2="addressing"/> ... &/a(iscon'ig+

-tart the #5i! !erver 6i% it i! not yet !tarte+7' Aun the client an+ it !houl+ (ork"

@o(ever, there are !till t(o i!!ue! le%t' Dir!t, once !tarte+, the ackgroun+ threa+ (ill not terminate an+ (ill continue to li!ten on that port' -o i% you run it again, it (ill %ail to gra the port an+ (ill %ail to receive the re!pon!e' -econ+, it (ill prevent your BF3 %rom terminating' >ou can veri%y that (ith the re+ utton in 2clip!e in the a ove !creen !hot' *o(, click that re+ utton to terminate it' To %i5 the!e pro lem!, mo+i%y the co+e"
pu,lic class <iCRegDlient E pu,lic static void main1!tringRS args4 throws Remote.(ception E anual!ervice!tu, stu, ) new anual!ervice!tu,14I 2inal !erviceDlient serviceDlient ) stu,.Mget!erviceDlient14I serviceDlient.engage odule1*addressing*4I


Chapter 8 Invoking lengthy operation!

4hat i% the (e !ervice return! an error; >ou can catch it thi! (ay"
pu,lic class <iCRegDlient E pu,lic static void main1!tringRS args4 throws Remote.(ception E anual!ervice!tu, stu, ) new anual!ervice!tu,14I 'inal !erviceDlient serviceDlient ) stu,.Mget!erviceDlient14I serviceDlient.engage odule1*addressing*4I %ptions options ) serviceDlient.get%ptions14I options.set0se!eparateListener1true4I Register re-uest ) new Register14I re-uest.set<iCName1*8oo Ltd.*4I re-uest.set%wner"d1*Uent*4I anual!erviceDall,ac9;andler call,ac9 ) new anual!erviceDall,ac9;andler14 E pu,lic void receiveResultregister1RegisterResponse result4 E !$stem.out.println1*Qot result: * H result.get7pproved144I 'inished14I F p45lic void receiveErrorregister8Exception e9 ? ... 2inished89; B private void 'inished14 E tr$ E serviceDlient.cleanup14I F catch 17(is8ault e4 E throw new Runtime.(ception1e4I F 'inall$ E !$stem.e(it104I F F FI stu,.startregister1re-uest3 call,ac94I !$stem.out.println1*Re-uest sent*4I F F

%ptions options ) serviceDlient.get%ptions14I options.set0se!eparateListener1true4I Register re-uest ) new Register14I re-uest.set<iCName1*8oo Ltd.*4I re-uest.set%wner"d1*Uent*4I anual!erviceDall,ac9;andler call,ac9 ) new anual!erviceDall,ac9;andler14 E pu,lic void receiveResultregister1RegisterResponse result4 E !$stem.out.println1*Qot result: * H result.get7pproved144I 2inished89; F private void 2inished89 ? try ? service<lient.clean4p89; B catch 87xis0a4lt e9 ? thro ne R4ntimeException8e9; B 2inally ? 'ystem.exit8#9; B B FI stu,.startregister1re-uest3 call,ac94I !$stem.out.println1*Re-uest sent*4I

$nspecting the

(1Addressing header blocks

>ou can al!o check the 4--#++re!!ing hea+er lock! u!ing the TCP 3onitor' The reEue!t !houl+ e like"

Chapter 8 Invoking lengthy operation!


Thi! i! the target CA9' 4hy i! it nee+e+; Thi! allo(! routing the reEue!t me!!age through interme+iate hop! ecau!e the target CA9 i! maintaine+ in the me!!age' The 4--#++re!!ing name!pace &soapenv:.nvelope (mlns:soapenv)*http://schemas.(* xmlns: sa="http:// . !.org/"##+/#1/addressing"+ &soapenv:;eader+ #! +e!cri e+ e%ore < sa:/o> http://localhost:1"!E/axis"/services/%an4al'ervice </ sa:/o> < sa:Reply/o> < sa:7ddress> http://1Q".1,1.#.1E,:,#,#/axis"/services/%an4al'ervice"+1#R!,! </ sa:7ddress> </ sa:Reply/o> < sa:%essage)L> 4rn:44id:E17!#R<11+,++0#<0<11QR1,,1#R1Q, </ sa:%essage)L> < sa:7ction>*/reg/register</ sa:7ction> &/soapenv:;eader+ &soapenv:<od$+ &ns1:register (mlns:ns1)*urn:',iC/reg*+ &,iCName+8oo Ltd.&/,iCName+ &owner"d+Uent&/owner"d+ It allo(! the client to uniEuely !peci%y the &/ns1:register+ operation it (ant! to call' Thi! i! al!o &/soapenv:<od$+ !peci%ie+ y the 4--#++re!!ing !tan+ar+' &/soapenv:.nvelope+ &wsdl:de'initions ...+ ... &wsdl:,inding name)* anual!ervice!%7P* t$pe)*tns: anual!ervice*+ &soap:,inding st$le)*document* transport)*http://schemas.(* /+ &wsdl:operation name)*register*+ <soap:operation soap7ction="*/reg/register" /> &wsdl:input+ &soap:,od$ use)*literal* /+ &/wsdl:input+ &wsdl:output+ &soap:,od$ use)*literal* /+ &/wsdl:output+ &/wsdl:operation+ &/wsdl:,inding+ ... &/wsdl:de'initions+

*ote that TCP 3onitor (ill get a +ummy re!pon!e a! the real re!pon!e i! !ent to port =0=0'

Avoiding modifications to the message receiver

Currently you$re mo+i%ying 3anual-ervice3e!!ageAeceiverIn8ut'?ava (hich i! generate+ y M(!+l2co+eN' Thi! i! no goo+ a! it (ill e over(ritten i% you run M(!+l2co+eN again' There%ore, a etter (ay i! to e5ten+ it' Dor e5ample, create 3anual-erviceAeceiver'?ava an+ move the receive67 metho+ into there"
p45lic class %an4al'erviceReceiver extends %an4al'ervice%essageReceiver)n64t ? p45lic void receive8%essage<ontext message<tx9 thro s 7xis0a4lt ? message<tx.setProperty8L6I7'NN<D "tr4e"9;


Chapter 8 Invoking lengthy operation!

Then +elete the receive67 metho+ %rom 3anual-ervice3e!!ageAeceiverIn8ut"

pu,lic class anual!ervice essageReceiver"n%ut ... E pu,lic void receive1 essageDonte(t messageDt(4 throws 7(is8ault E messageDt(.setPropert$15%M7!VND3 *true*4I super.receive1messageDt(4I F pu,lic void invo9e<usinessLogic1...4 E ... F F


3o+i%y uil+'5ml to %i5 !ervice!'5ml !o that it u!e! 3anual-erviceAeceiver a! the me!!age receiver"
&target name)*generate/service*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)*urn:',iC/reg)gov.'a9e.,iCreg* targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true*/+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* replace)*OEnameF"mpl* /+ <replaceregexp 2ile="src/%E/7()N0/services.xml" match="G?nameB%essageReceiver)n64t" replace="G?nameBReceiver" /> &/target+

Delete the !ervice!'5ml an+ run uil+'5ml again' 2verything !houl+ continue to (ork'

To !upport a lengthy operation in a (e !ervice, it! me!!age receiver nee+! to ena le the D8S#->*C %lag !o that it create! a ne( threa+ to call your u!ine!! logic an+ return the re!pon!e in that threa+' Dor thi! to (ork, the client nee+! to kick !tart a ackgroun+ threa+ to li!ten on a certain port %or the re!pon!e an+ inclu+e a reply-to CA9 in a hea+er lock in the reEue!t -8#P me!!age' To +i!tingui!h (hich re!pon!e i! %or (hich reEue!t, the client al!o nee+! to inclu+e a uniEue me!!age ID into the me!!age an+ the (e !ervice nee+! to copy that into a relate!-to hea+er lock' 4--#++re!!ing !upport! the enco+ing an+ +eco+ing o% the me!!age ID, relate!-to an+ reply-to CA9' 4--#++re!!ing i! implemente+ y a mo+ule calle+ Ja++re!!ingJ in #5i!' # mo+ule i! ?u!t !ome %unctionality that can e ena le+ or +i!a le+' 4hen it i! ena le+, it i! !ai+ to e Jengage+J' The client #PI can e !ynchronou! or a!ynchronou!, in+epen+ent o% (hether the tran!port i! !ynchronou! or not' I% your co+e can an+ !houl+ procee+ (ithout (aiting %or the re!ult, u!e the a!ynchronou! #PI' I% it mu!t (ait %or the

Chapter 8 Invoking lengthy operation!


re!ult, u!e the !ynchronou! #PI'


Chapter 9
Chapter +

Signing and encr(pting S A, messages


Chapter . -igning an+ encrypting -8#P me!!age!

hat!s in this chapter"

In thi! chapter you$ll learn ho( to !ign an+ encrypt -8#P me!!age!'

#rivate key and public key

C!ually (hen you encrypt !ome te5t u!ing a key, you nee+ the !ame key to +ecrypt it"
@ello, (orl+P

# key 6!ay k17



The !ame key 6k17


Thi! i! calle+ J!ymmetric encryptionJ' I% you (oul+ like to !en+ !omething to me in private, then (e nee+ to agree on a key' I% you nee+ to !en+ !omething private to 100 in+ivi+ual!, then you$ll nee+ to negotiate (ith each !uch in+ivi+ual to agree on a key 6!o 100 key! in total7' Thi! i! trou le!ome' To !olve the pro lem, an in+ivi+ual may u!e !omething calle+ a Jprivate keyJ an+ a Jpu lic keyJ' Dir!t, he u!e! !ome !o%t(are to generate a pair o% key!" 8ne i! the private key an+ the other i! the pu lic key' There i! an intere!ting relation!hip et(een the!e t(o key!" I% you u!e the private key to encrypt !omething, then it can only e +ecrypte+ u!ing the pu lic key 6u!ing the private key (on$t (ork7' The rever!e i! al!o true" I% you u!e the pu lic key to encrypt !omething, then it can only e +ecrypte+ u!ing the private key"

Chapter . -igning an+ encrypting -8#P me!!age!



k1-pu @ello, (orl+P






@ello, (orl+P






#%ter generating the key pair, he (ill keep the private key really private 6(on$t tell anyone7, ut he (ill tell everyone hi! pu lic key' Can other people %in+ out the private key %rom the pu lic key; It i! e5tremely +i%%icult, !o there i! no (orry a out it' *o(, !uppo!e that you$+ like to !en+ !omething con%i+ential to an in+ivi+ual Paul 6!ee the +iagram elo(7, you can u!e hi! pu lic key to encrypt it' 2ven though other people kno( hi! pu lic key, they can$t +ecrypt it 6a! it i! encrypte+ u!ing the pu lic key, only the private key can +ecrypt it7' 8nly Paul kno(! the private key an+ !o only he can +ecrypt it"
Paul$! key pair k1-priv @ello, (orl+P @ello, (orl+P k1-pu






Thi! kin+ o% encryption i! calle+ Ja!ymmetric encryptionJ'


Chapter . -igning an+ encrypting -8#P me!!age!

&igital signature
-uppo!e that the me!!age you !en+ to Paul i! not con%i+ential' @o(ever, Paul really nee+! to e !ure that it i! really %rom you' @o( to +o that; >ou nee+ to prove to Paul that the creator o% the me!!age kno(! your private key' I% he +oe!, then he mu!t e you 6remem er, no o+y el!e i! !uppo!e+ to kno( your private key7' To prove that, you can u!e your private key to encrypt the me!!age, then !en+ it to Paul' Paul can try to +ecrypt it u!ing your pu lic key' I% it (ork!, then the creator o% the me!!age mu!t kno( your private key an+ mu!t e you' @o(ever, thi! i! not a goo+ !olution, ecau!e i% the me!!age i! long, the encrypte+ me!!age may +ou le in !iHe an+ the encryption take! a lot o% time' To !olve thi! pro lem, you can %ee+ the me!!age to a Jone (ay ha!h %unctionJ 6!ee the +iagram elo(7' *o matter ho( long the input i!, the output %rom the one (ay ha!h %unction i! al(ay! the !ame !mall !iHe 6e'g', 128 it!7' In a++ition, i% t(o input me!!age! are +i%%erent 6may e ?u!t a !ingle it i! +i%%erent7, then the output (ill e completely +i%%erent' There%ore, the output me!!age can e con!i+ere+ a !mall-!iHe+ !nap!hot o% the input me!!age' It i! there%ore calle+ the Jme!!age +ige!tJ o% the original me!!age"
Z#[ i! change+ to ZB[ # very very long me!!age''' B very very long me!!age'''

8ne (ay ha!h

8ne (ay ha!h

Di5e+ !mall k%?+ih.0=8+h%? !iHe

The output (ill 8/0k?h%h0<8/ e completely +i%%erent

#nother %eature o% the one (ay ha!h %unction i! that it i! very %a!t to calculate the +ige!t o% a given me!!age, ut it i! e5tremely +i%%icult to calculate a me!!age given a +ige!t' 8ther(i!e people (oul+ %in+ +i%%erent me!!age! %or a given +ige!t an+ it i! no longer a goo+ !nap!hot %or the me!!age"

Chapter . -igning an+ encrypting -8#P me!!age!


# very very long me!!age'''

-ome me!!age

Da!t an+ ea!y

8ne (ay ha!h

25tremely +i%%icult

8ne (ay ha!h



*o(, to prove to Paul that you kno( your private key, you can u!e your private key to encrypt the me!!age +ige!t 6 ecau!e the +ige!t i! !mall, the re!ult i! al!o !mall an+ the encryption proce!! (ill e %a!t7, then !en+ oth the me!!age an+ the me!!age +ige!t to Paul' @e can try to +ecrypt the +ige!t u!ing your pu lic key' Then he can calculate the +ige!t %rom the me!!age an+ compare the t(o' I% the t(o match, then the per!on pro+ucing the encrypte+ +ige!t mu!t e you"
@ello, (orl+P 8ne (ay ha!h

8ne (ay ha!h

120<5= -ame;

>our key pair k2-priv k2-pu k2-priv







@ello, (orl+P 111222

The encrypte+ +ige!t i! calle+ the J+igital !ignatureJ' The (hole proce!! o% calculating the +ige!t an+ then encrypting it i! calle+ J!igning the me!!ageJ'

(igning and encrypting

4hat i% you$+ like to !ign the me!!age, (hile keeping the me!!age availa le to Paul only; Bu!t !ign it a! u!ual 6!ee the +iagram elo(7 an+ then encrypt the me!!age an+ the +ige!t u!ing Paul$! pu lic key' 4hen Paul receive! it, he u!e! hi! private key to +ecrypt it an+ then go on to veri%y the !ignature a! u!ual"


Chapter . -igning an+ encrypting -8#P me!!age!

>our key pair k2-priv k2-pu @ello, (orl+P 8ne (ay ha!h

Paul$! key pair k1-priv k1-pu

8ne (ay ha!h

120<5= -ame;








@ello, (orl+P 111222

@ello, (orl+P 111222





Certificate and CA
Thi! !eem! to (ork very (ell' @o(ever, (hen you nee+ to !ay !en+ a con%i+ential me!!age to Paul, you$ll nee+ hi! pu lic key' But ho( can you %in+ out hi! pu lic key; >ou can call him on the phone to a!k him' But ho( can you e !ure that the per!on on the phone i! really Paul; I% he i! a hacker, he (ill tell you hi! pu lic key' 4hen you !en+ the me!!age to Paul u!ing the hacker$! pu lic key, the hacker (ill e a le to +ecrypt it u!ing hi! private key' I% you nee+ to communicate (ith many +i%%erent in+ivi+ual!, thi! (ill get even more trou le!ome' To !olve the pro lem, Paul may go to a government authority, !ho( hi! ID car+ an+ etc an+ tell the authority hi! pu lic key' Then the authority (ill generate an electronic me!!age 6like an email7 !tating Paul$! pu lic key' Dinally, it !ign! that me!!age u!ing it! o(n private key"
*ame" Paul Pu lic key" ===888 -ignature

Chapter . -igning an+ encrypting -8#P me!!age!


-uch a !igne+ me!!age i! calle+ a Jcerti%icateJ' That authority i! calle+ a Jcerti%icate authority 6C#7J' Then Paul can put hi! certi%icate on hi! per!onal (e !ite, email it to you +irectly or put it onto !ome 0 r+ party pu lic (e !ite' Drom (here you get the certi%icate i! unimportant' 4hat i! important i! that i% you can veri%y the !ignature o% that C# an+ you tru!t (hat the C# !ay!, then you can tru!t that pu lic key in the certi%icate' In or+er to veri%y the !ignature, you (ill nee+ the pu lic key o% that C#' 4hat;P >ou$re ack to the origin o% the pro lem' @o(ever, you only nee+ to %in+ out a !ingle pu lic key %or a !ingle entity 6the C#7, not a pu lic key %or everyone you nee+ to communicate (ith' @o( to o tain that pu lic key; C!ually it i! alrea+y con%igure+ in your ro(!er or you can +o(nloa+ it %rom a tru!te+ (e !ite, ne(!paper or other !ource! that you tru!t' # C# +oe!n$t really nee+ to e a government authority' It can e (ell kno(n commercial organiHation! !uch a! Feri-ign' It mean! that in or+er to u!e a!ymmetric encryption an+ +igital !ignature, people nee+ private key!, pu lic key!, a C# an+ certi%icate!' #ll the!e element! com ine+ together i! calle+ a Zpu lic key in%ra!tructure 6PKI7[ ecau!e it provi+e! a plat%orm %or u! to u!e pu lic key!'

&istinguished name
I% you revie( the certi%icate"
*ame" Paul Pu lic key" ===888 -ignature

you (ill !ee that it i! not that u!e%ul ecau!e there are pro a ly million! o% people name+ ZPaul[ in the (orl+' There%ore, in a real certi%icate, u!ually the country, city an+ the company o% that in+ivi+ual are al!o inclu+e+ like"
C* mean! common name 8rganiHation 6company7 -tate Country

*ame" C*YPaul 3c*eil, 8Y3icro!o%t, -TY4#, CYCPu lic key" ===888 -ignature The (hole thing i! calle+ a Z+i!tingui!he+ name 6D*7[

*o( i% you$re looking %or the pu lic key o% Paul 3c*eil (ho (ork! at IB3, you kno( that the certi%icate a ove !houl+ *8T e u!e+'

#erformance issue with asymmetric encryption

-uppo!e that you$+ like to !en+ an encrypte+ me!!age to Paul' >ou can u!e


Chapter . -igning an+ encrypting -8#P me!!age!

Paul$! pu lic key to +o that' @o(ever, in practice %e( people (oul+ +o it thi! (ay, ecau!e a!ymmetric encryption i! very !lo(' In contra!t, !ymmetric encryption i! a lot %a!ter' To !olve thi! pro lem, you can generate a ran+om !ymmetric key, u!e it to encrypt the me!!age, then u!e Paul$! pu lic key to encrypt that !ymmetric key an+ !en+ it to Paul along (ith the encrypte+ me!!age' Paul can u!e hi! private key to get ack the !ymmetric key an+ then u!e it to +ecrypt the me!!age"
Aan+om key k0 @ello, (orl+P Paul$! key pair k1-priv k1-pu





@ello, (orl+P







aaa 5yH


2eeping key pair and certificates in 3ava

In or+er to u!e PKI, typically you !houl+ have a private key %or your!el% 6!ee the +iagram elo(7, a certi%icate %or your!el% !o that you can !en+ to other!, a certi%icate %or each per!on that you nee+ to !en+ !omething con%i+ential to 6e'g', Paul an+ 3ary7 an+ the pu lic key! o% the C#$! that you tru!t' Dor the pu lic key o% the C#, you +on$t +irectly !tore it! pu lic key' In!tea+, you !tore it! certi%icate (hich contain! it! pu lic key' But (ho i!!ue+ that certi%icate to it; It (a! i!!ue+ y it!el% 6!igne+ y it! o(n private key7"

Chapter . -igning an+ encrypting -8#P me!!age!


%wner: DN)John3%0)...3DN)0! Pu,lic 9e$: 91/pu, "ssuer: DN)D713%0)...3DN)0!

Private key Dor your!el% Dor the C# Dor Paul Dor 3ary k1-priv *)# *)# *)#


!igned ,$ 9/ca/priv

%wner: DN)D73%0)...3DN)0! Pu,lic 9e$: 9/ca/pu, "ssuer: DN)D73%0)...3DN)0! !igned ,$ 9/ca/priv

%wner: DN)Paul3%0)...3DN)0! Pu,lic 9e$: 92/pu, "ssuer: DN)D73%0)...3DN)0! !igned ,$ 9/ca/priv %wner: DN) ar$3%0)...3DN)0! Pu,lic 9e$: 93/pu, "ssuer: DN)D73%0)...3DN)0! !igned ,$ 9/ca/priv

-uch a ta le i! calle+ a Zkey!tore[ in Bava 6!ee the +iagram elo(7' # key!tore i! !tore+ in a %ile' In a++ition, each entry in the ta le ha! a name calle+ the Zalia![ o% the entry' Thi! (ay you can, e'g', tell the !o%t(are to !ign a particular me!!age u!ing the private key in the Z?ohn[ entry 6your!el%7, or encrypt the me!!age u!ing the pu lic key in Zpaul[ entry' 4ithout the alia! you (ill have to u!e the D* to re%er to an entry"
key!tore #lia! ?ohn C# paul mary Private key k1-priv *)# *)# *)# Certi%icate

+enerating a key pair

In or+er to generate a key pair, you can u!e the keytool program in BDK' Dor e5ample, i% your BDK i! in c"QProgram Dile!QBavaQ?+k, then you can %in+ keytool'e5e in the in !u -%ol+er 6i'e', c"QProgram Dile!QBavaQ?+kQ in7' Dor convenience, let$! a++ c"QProgram Dile!QBavaQ?+kQ in to the P#T@"


Chapter . -igning an+ encrypting -8#P me!!age!

*ote that thi! P#T@ !etting a%%ect! thi! comman+ prompt only' I% later you u!e a ne( comman+ prompt, you$ll nee+ to !et the P#T@ again' *e5t, create a %ol+er c"Qkey! to hol+ the key! an+ change into there"

*o(, generate a key pair %or your (e !ervice client"

>ou (ill input the D* o% your client 6let$! call it Jc1J7
%wner: DN)c13%)<ar3DN)0! Pu,lic 9e$: 91/pu, "ssuer: DN)c13%)<ar3DN)0! 91/priv

The certi%icate (ill e !igne+ y k1-priv 6!el%!igne+7

c"Qkey!Qclient'k! #lia! c1 Private key Certi%icate k1-priv The path to the key!tore' # key!tore i! ?u!t a %ile' @ere only the %ilename 6client'k!7 i! !peci%ie+, !o a!!ume it$! in the current +irectory 6c"Qkey!7' #! it +oe!n$t e5i!t yet, it (ill e create+ y keytool'

Generate a key pair, i'e', a++ an entry to the key!tore

The name 6alia!7 o% the entry

c:K9e$s+9e$tool /gen9e$ /alias c1 /9e$store client.9s /9e$alg R!7 /sigalg !;71withR!7 The key generation algorithm' Commonly it i! either D-# or A-#' Bava !upport! oth ut !ome o% the li rarie! you u!e later only !upport A-#, !o u!e it here' The !ignature algorithm' @ere, ha!h the me!!age u!ing -@#1 %ir!t an+ then encrypt it u!ing the A-# private key' I% you +on$t !peci%y it here, keytool (ill u!e 3D5(ithA-#' But 3D5 i! kno(n to e in!ecure no(a+ay!, !o +on$t u!e 3D5 anymore'

9et$! run it"

Chapter . -igning an+ encrypting -8#P me!!age!


>ou nee+ to provi+e a key!tore pa!!(or+ to protect the key!tore' >ou can con!i+er that keytool (ill appen+ thi! pa!!(or+ to the content o% the key!tore an+ then generate a ha!h an+ !tore it into the key!tore' I% !omeone mo+i%ie! the key!tore (ithout thi! pa!!(or+, he (on$t e a le to up+ate the ha!h' The ne5t time you run keytool on thi! key!tore, it (ill note the mi!match an+ (arn you not to u!e thi! key!tore anymore'

The D* o% Bohn

>ou nee+ to provi+e an entry pa!!(or+ to protect the entry %or c1' >ou can con!i+er that keytool (ill u!e thi! pa!!(or+ to encrypt c1$! private key' Thi! (ay other people (on$t e a le to rea+ c1$! private key'

To veri%y that the entry ha! een a++e+, you can li!t the entrie!"

*ote that it a!k! %or the key!tore pa!!(or+ !o that it can veri%y the ha!h' I% you$+ like to !ee more +etail! in the entrie!, u!e the -v option"


Chapter . -igning an+ encrypting -8#P me!!age!

>ou can !ee that oth the J8(nerJ an+ the JI!!uerJ are !et to the D* o% c1' It !ho(! that it i! in+ee+ a !el%-!igne+ certi%icate' @aving a !el%-!igne+ certi%icate i! not u!e%ul' >ou nee+ to a!k a C# to !ign it' To +o that, generate a certi%icate reEue!t %ir!t"
Generate a certi%icate reEue!t %or the entry name+ Jc1J" c:K9e$s+9e$tool /certre- /alias c1 /9e$store client.9s /'ile c1.csr Put the certi%icate reEue!t into thi! %ile

Aun it"

*o( it ha! put the certi%icate reEue!t into c"Qkey!Qc1'c!r' >ou nee+ to !en+ to a C#' In real li%e, you !houl+ !en+ it to Feri-ign or !ome (ell kno(n C# to get a certi%icate 6o% cour!e a payment i! reEuire+7' @ere you$ll !etup your o(n C#'

Chapter . -igning an+ encrypting -8#P me!!age!


(etting up a CA
Go to http"))((('open!!l'org)relate+) inarie!'html to +o(nloa+ the 4in+o(! ver!ion o% 8pen--9' -uppo!e the %ile i! 4in028pen--9-v0'.'8a'e5e' 9ogin a! the #+mini!trator an+ run it' Dollo( the in!truction to complete the in!tallation' -uppo!e that it ha! een in!talle+ into c"Q8pen--9' To make it ea!ier to run, a++ c"Q8pen--9Q in to the P#T@"

*e5t, create a %ol+er !ay c"QC# to contain the %ile! o% the C#' Then create a private key %or the C# it!el%"
-ome open!!l comman+! nee+ to !ave a ran+om !ee+ in%ormation to a %ile 6Jran+om %ileJ7' >ou nee+ to tell it the path to that %ile' @ere, ?u!t tell it to u!e a %ile name+ Jran+J in the current %ol+er' c:K+cd D7 c:KD7+set R7N58"L.)rand c:KD7+openssl re- /new /9e$out ca9e$.pem /out care-.pem 4ork on a reEue!t Create a ne( private key an+ a certi%icate reEue!t Put the private key into thi! %ile Put the certi%icate reEue!t into thi! %ile

Aun it an+ it (ill prompt you %or the D* o% the C# an+ a pa!!(or+ to encrypt the private key 6e'g', you may u!e Jca-pa!!J7"


Chapter . -igning an+ encrypting -8#P me!!age!

*e5t, generate a !el%-!igne+ certi%icate %or it"

Chapter . -igning an+ encrypting -8#P me!!age!


4ork on an 6550.7 certi%icate

Tell it actually the input i! not a certi%icate, ut a certi%icate reEue!t' The re!ulting !el%-!igne+ certi%icate -el%-!ign a certi%icate (ill e vali+ %rom no( until 0=50 u!ing thi! private key +ay! 610 year!7 later

c:KD7+openssl (>0B /sign9e$ ca9e$.pem /re- /da$s 3?>0 /in care-.pem /out cacert.pem /e(t'ile c:K%pen!!LK,' /e(tensions v3Mca Copy !ome Je5ten!ionJ !etting! %rom the open!!l'cn% %ile in it! v0Sca !ection' 4hat you (ant i! !omething like" The input %ile 6the certi%icate reEue!t7 The output %ile 6the !el%-!igne+ certi%icate7

%wner: ... "ssuer: ... .(tension 1 1Donstraint4: D7 .(tension 2 1...4 : ...

Aun it an+ enter Jca-pa!!J a! the pa!!(or+ %or the C# key"

*o( you$re a out to u!e thi! C# to !ign the certi%icate reEue!t %rom Bohn 6?ohn'c!r7' @o(ever, e%ore that, you nee+ to note that (hen a C# i!!ue! a ne( certi%icate, it (ill put a uniEue !erial num er into that certi%icate' -o you nee+ to tell 8pen--9 (hat i! the ne5t !erial num er to u!e' To +o that"
-tore the !tring J02J into a %ile !erial't5t' The %ile (ill e create+' Thi! (ay 8pen--9 (ill u!e 02 a! the ne5t !erial num er' Then it (ill !et it to 00 automatically' c:KD7+echo 02 + serial.t(t

*ote that the J0J i! nece!!ary' C!ing J2J (ill *8T (ork ecau!e 8pen--9 e5pect! a he5a+ecimal num er that contain! an even num er o% +igit!'

To !ign c1$! certi%icate reEue!t"


Chapter . -igning an+ encrypting -8#P me!!age!

-ign a certi%icate u!ing thi! C# certi%icate' Dor e5ample, it can %in+ the D* o% the C# here' -till (orking (ith 550. certi%icate! The private key o% the C# i! in thi! %ile

#ctually the input i! a certi%icate reEue!t, not a certi%icate' The !erial I i! in thi! %ile

c:KD7+openssl (>0B /D7 cacert.pem /D79e$ ca9e$.pem /D7serial serial.t(t /re/in c:K9e$sKc1.csr /out c:K9e$sKc1.cer /da$s 10B> The input %ile 6certi%icate reEue!t %or c17 The output %ile 6certi%icate %or c17 The certi%icate (ill e vali+ %or 10.5 +ay! 60 year!7

Aun it an+ enter Jca-pa!!J a! the pa!!(or+ %or the C# key"

$mporting the certificate into the keystore

*o( you have got the certi%icate in c1'cer, you can import it into the key!tore' @o(ever, e%ore +oing that, you mu!t %ir!t import the certi%icate o% the C# it!el% into your key!tore a! a tru!te+ C# cert%icate, other(i!e it (ill re%u!e to import Bohn$! certi%icate' To +o that"
Change ack to c"Qkey! Import a certi%icate into the key!tore c:KD7+cd K9e$s Create a certi%icate entry name+ Jte!tC#J' >ou can u!e any name that you like an+ it (on$t make any +i%%erence'

c:K9e$s+9e$tool /import /alias testD7 /'ile c:KD7Kcacert.pem /9e$store client.9s The C#$! certi%icate i! in thi! %ile' In real (orl+, (hen you receive your certi%icate %rom the C# 6e'g', Feri-ign7, it (ill al!o give you it! o(n certi%icate' 8r you can pro a ly +o(nloa+ it %rom it! (e !ite'

Aun it"

Chapter . -igning an+ encrypting -8#P me!!age!


*ote that it a!ke+ you to tru!t thi! certi%icate or not' Thi! i! a very important +eci!ion' I% you tru!t thi! certi%icate a! a C# certi%icate, you (ill tru!t all certi%icate! i!!ue+ y it' *e5t, a++ Bohn$! certi%icate to the key!tore to replace hi! !el%-!igne+ certi%icate' Thi! i! al!o +one u!ing the -import option"
4hen keytool %in+! an e5i!ting entry (ith the name+ Jc1J in the key!tore, it kno(! you$re trying to replace a certi%icate i!!ue+ y a C# %or the e5i!ting !el%-!igne+ one' c:K9e$s+9e$tool /import /alias c1 /'ile c1.cer /9e$store client.9s The certi%icate i! in thi! %ile

Aun it"

To veri%y, you can li!t the entrie! in the key!tore"


Chapter . -igning an+ encrypting -8#P me!!age!

D:K9e$s+9e$tool /list /v /9e$store client.9s .nter 9e$store password: client/9s/pass Ue$store t$pe: G9s Ue$store provider: !0N Vour 9e$store contains 2 entries 7lias name: testca Dreation date: 5ec 123 200@ .ntr$ t$pe: trustedDert.ntr$

There are 2 entrie! in the key!tore 2ntry 1

It i! a tru!te+ certi%icate entry, i'e', a tru!te+ C# certi%icate'

%wner: DN)D73 %)#est D73 !#)!ome/!tate3 D)0! "ssuer: DN)D73 %)#est D73 !#)!ome/!tate3 D)0! !erial num,er: d=,'?=c2e?ae,?B= Lalid 'rom: !at 5ec 0A 10:2?:1= D!# 200@ until: #ue 5ec 0> 10:2?:1= D!# 201@ Derti'icate 'ingerprints: 5>: 2?:=A:17:18:A5:>@:38:7@:08:<5:A2:3B:80:77:>8:?5 !;71: 1>:3>:08:D?:D5:=@:<2:B.:A3:?1:5<:11:@=:B.:=0:0A:<?:A8:>>:@B PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

It i! a key entry, i'e', a private key along (ith a certi%icate'

It mean! that there The %ir!t certi%icate i! c1$! certi%icate' are t(o certi%icate! Drom the JI!!uerJ %iel+ you can !ee it i! i!!ue+ y the te!t C#, !o the ne5t in the entry certi%icate i! that o% the te!t C#' 2

7lias name: c1 2ntry Dreation date: 5ec 123 200@ .ntr$ t$pe: 9e$.ntr$ Derti'icate chain length: 2 Derti'icateR1S: %wner: DN)c13 %0)0n9nown3 %)<ar3 L)0n9nown3 !#)0n9nown3 D)0! "ssuer: DN)D73 %)#est D73 !#)!ome/!tate3 D)0! !erial num,er: = Lalid 'rom: 6ed 5ec 12 11:1B:>A D!# 200@ until: !at 5ec 11 11:1B:>A D!# 2010 Derti'icate 'ingerprints: 5>: A3:>>:>8:B8:0<:<?:AD:BA:2B:DB:0<:@3:B>:A0:B=:8B !;71: D8:7@:>D:<B:@D:>1:?7:88:==:2?:38:@.:><:.>:.>:<.:B0:=1:B5:B= Derti'icateR2S: %wner: DN)D73 %)#est D73 !#)!ome/!tate3 D)0! "ssuer: DN)D73 %)#est D73 !#)!ome/!tate3 D)0! !erial num,er: d=,'?=c2e?ae,?B= Lalid 'rom: !at 5ec 0A 10:2?:1= D!# 200@ until: #ue 5ec 0> 10:2?:1= D!# 201@ Derti'icate 'ingerprints: 5>: 2?:=A:17:18:A5:>@:38:7@:08:<5:A2:3B:80:77:>8:?5 !;71: 1>:3>:08:D?:D5:=@:<2:B.:A3:?1:5<:11:@=:B.:=0:0A:<?:A8:>>:@B PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

The !econ+ certi%icate i! the certi%icate o% the te!t C#

# certi%icate chain i! al!o calle+ Jcerti%icate pathJ' I% the certi%icate o% your te!t C# (a! i!!ue+ y yet another C#, then the certi%icate path (oul+ contain the certi%icate o% that other C# a! the la!t certi%icate'

Chapter . -igning an+ encrypting -8#P me!!age!


$nstalling %ampart
In or+er to per%orm !igning or encryption, you nee+ an #5i! mo+ule calle+ JAampartJ' -o, go to http"))(!'apache'org)a5i!2)mo+ule! to +o(nloa+ it' -uppo!e that it i! rampart-1'0'Hip' CnHip it into !ay c"Qrampart' Aampart nee+! another li rary 5alan 2'/'0' I% you$re u!ing BDK 5 or earlier, you pro a ly ha! only an ol+ ver!ion' -o, in that ca!e, +o(nloa+ 5alan-2'/'0'?ar %rom http"))((('apache'org)+i!t)?ava-repo!itory)5alan)?ar! an+ put it into c"QrampartQli ' To make rampart availa le to your (e !ervice! at runtime, copy all the %ile! !ho(n elo("
# 'mar %ile i! a mo+ule archive' It repre!ent! a mo+ule in #5i!' rampart rampart/1.3.mar li, NNN.Gar ... li, NNN.Gar ...


c: a(is repositor$ services modules rampart/1.3.mar

The rampart mo+ule nee+! the!e ?ar %ile!

To make it availa le to your client, copy the 4rappe+-ervice pro?ect an+ pa!te it a! -ecure-ervice' #+?u!t the linke+ %ol+er' To make the rampart mo+ule availa le to your client co+e, a++ the ?ar %ile! in c"QrampartQli to the uil+ path o% your pro?ect an+ copy rampart-1'0'mar into your pro?ect in !uch a %ol+er !tructure"
!ecure!ervice src repositor$ modules Bu!t like the #5i! !erver (hich ha! a repo!itory, your #5i! client can al!o have a repo!itory'


Aename the 4-D9 to -ecure-ervice'(!+l an+ replace the (or+ J-ecureJ %or J4rappe+J in it' Cp+ate the uil+'5ml %ile"
&proGect ,asedir)*.* de'ault)*Gar.server*+ ...


Chapter . -igning an+ encrypting -8#P me!!age!


&propert$ name)*name* value)*'ec4re'ervice* /+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src* targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true* unwrap)*true* /+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* replace)*OEnameF"mpl* /+ &/target+ &target name)*generate/client*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)** targetsource'olderlocation)*src* overwrite)*true* unwrap)*true* /+ &/target+

(igning (-A# messages

In or+er to !ign the -8#P me!!age!, mo+i%y the 4-D9 %ile"

Chapter . -igning an+ encrypting -8#P me!!age!


It elong! to the (e !ervice policy name!pace &wsdl:de'initions (mlns:wsdl)*http://schemas.(* (mlns:soap)*http://schemas.(* (mlns:tns)** (mlns:(sd)* L!chema* xmlns:sp=" s/"##+/#R/sec4ritypolicy" xmlns: sp=" s/"##E/#Q/policy" xmlns: s4="http://docs.oasis( ss/"##E/#1/oasis("##E#1( ss( ssec4rity(4tility(1.#.xsd" It elong! to the !ecurity policy name)*!ecure!ervice* name!pace targetNamespace)**+ < sp:Policy s4:)d="p1"> Thi! i! a JpolicyJ' # policy !peci%ie! non-%unctional <sp:'ignedParts> reEuirement! o% the (e !ervice 6e'g', !ecurity, Euality o% <sp:Hody /> !ervice7' The !ynta5 o% !peci%ying a policy i! governe+ </sp:'ignedParts> y the 4--Policy !tan+ar+' </ sp:Policy> Thi! i! a Jpolicy a!!ertionJ' It reEuire! certain part! o% &wsdl:t$pes+ the -8#P me!!age e !igne+' ... The part! !houl+ e !igne+ are li!te+ here' &/wsdl:t$pes+ &wsdl:message name)*concatRe-uest*+ @ere, only the MBo+yN o% the -8#P me!!age !houl+ e !igne+' ... &/wsdl:message+ &wsdl:message name)*concatResponse*+ ... &/wsdl:message+ &wsdl:port#$pe name)*!ecure!ervice*+ &wsdl:operation name)*concat*+ &wsdl:input message)*tns:concatRe-uest* /+ &wsdl:output message)*tns:concatResponse* /+ &/wsdl:operation+ &/wsdl:port#$pe+ &wsdl:,inding name)*!ecure!ervice!%7P* t$pe)*tns:!ecure!ervice*+ &soap:,inding st$le)*document* transport)*http://schemas.(* /+ &wsdl:operation name)*concat*+ < sp:PolicyRe2erence .R)="Sp1" sdl:re34ired="tr4e" /> &soap:operation .../+ #pply the policy Jp1J to the -8#P in+ing o% the &wsdl:input+ &soap:,od$ use)*literal* /+ concat operation' It mean! the MBo+yN o% all the me!!age! %or the concat operation mu!t e &/wsdl:input+ !igne+ a! long a! they$re u!ing -8#P over &wsdl:output+ &soap:,od$ use)*literal* /+ @TTP' 4ithout thi! the policy (oul+ e !itting there i+le an+ (oul+ have no e%%ect' &/wsdl:output+ &/wsdl:operation+ &/wsdl:,inding+ &wsdl:service name)*!ecure!ervice*+ &wsdl:port ,inding)*tns:!ecure!ervice!%7P* name)*!ecure!ervice!%7P*+ #! the MPolicyAe%erenceN element &soap:address elong! to a %oreign name!pace 6(!p7, location)*http://localhost: there i! no guarantee that the program A0A0/a(is2/services/!ecure!ervice* /+ proce!!ing the 4-D9 %ile 6e'g', &/wsdl:port+ M(!+l2co+eN7 un+er!tan+! it' Thi! &/wsdl:service+ &/wsdl:de'initions+ attri ute reEuire! that the program un+er!tan+ it, other(i!e it !houl+ a ort the proce!!ing' I% you ha+ multiple operation! in the port type an+ they all reEuire+ !igne+ me!!age!, you (oul+ move the MPolicyAe%erenceN to there !o that it (oul+ apply to the -8#P in+ing o% the -ecure-ervice port type'

-aying that the MBo+yN !houl+ e !igne+ i! not enough' >ou !till nee+ to !peci%y


Chapter . -igning an+ encrypting -8#P me!!age!

that a!ymmetric encryption !houl+ e u!e+ an+ (hat !ignature algorithm! are !upporte+ an+ etc'"
4hy have an e5tra MPolicyN element; Dor e5ample, the M550.TokenN element can e reu!e+ in another place 6e'g', MAecipientTokenN elo(7, then it (ill e +e!igne+ a! a policy a!!ertion' 8ne a!!ertion cannot +irectly inclu+e another a!!ertion' It ha! to inclu+e a policy %ir!t' Thi! (ay, +i%%erent policy a!!ertion! coul+ e put in!i+e' Thi! policy a!!ertion !tate! that a!ymmetric encryption !houl+ e u!e+' Thi! a!!ertion an+ the M-igne+Part!N a!!ertion are #*D$e+ &wsdl:de'initions ... together' name)*!ecure!ervice* targetNamespace)**+ The 1!t a!!ertion in the a!ymmetric a!!ertion" &wsp:Polic$ wsu:"d)*p1*+ 4hat kin+ o% token 6certi%icate here7 !houl+ <sp:7symmetricHinding> e u!e+ y the initiator 6i'e', the client7; < sp:Policy> <sp:)nitiator/o=en> It !houl+ u!e an :50. token, (hich mean! an < sp:Policy> certi%icate' :50. i! the o%%icial name' <sp:$+#Q/o=en sp:)ncl4de/o=en=" s/"##+/#R/sec4ritypolicy/)ncl4de/o=en/7l ays/oRecipient"> < sp:Policy> <sp:Fss$+#QT!/o=en1# /> :50. certi%icate! have +i%%erent ver!ion! an+ pre!entation!' @ere #l(ay! inclu+e the </ sp:Policy> u!e v0 an+ the :39 pre!entation token 6certi%icate7 in </sp:$+#Q/o=en> the me!!age to the a! !peci%ie+ in the (e !ervice </ sp:Policy> !ecurity 64--7 :50. token pro%ile (e !ervice </sp:)nitiator/o=en> 1'0' <sp:Recipient/o=en> < sp:Policy> <sp:$+#Q/o=en sp:)ncl4de/o=en=" s/"##+/#R/sec4ritypolicy/)ncl4de/o=en/Never"> < sp:Policy> <sp:Fss$+#QT!/o=en1# /> </ sp:Policy> The 2n+ a!!ertion in the a!ymmetric #l!o u!e :50. v0 certi%icate %or the (e !ervice, ut +o not !en+ </sp:$+#Q/o=en> a!!ertion" 4hat kin+ o% token </ sp:Policy> 6certi%icate here7 !houl+ e u!e+ y it! certi%icate to the client' </sp:Recipient/o=en> the recipient 6i'e', the (e !ervice7; In!tea+, !en+ enough in%ormation to the client !o that <sp:7lgorithm'4ite> the client can retrieve it' @o(; < sp:Policy> >ou$ll !ee later' <sp:/ripleLesRsa1+ /> </ sp:Policy> r+ </sp:7lgorithm'4ite> The 0 a!!ertion in the a!ymmetric </ sp:Policy> a!!ertion' It !upport! the u!e o% 0D2- %or </sp:7symmetricHinding> encryption an+ A-# 1'5 algorithm %or &sp:!ignedParts+ +igital !ignature!' &sp:<od$ /+ &/sp:!ignedParts+ In principle you coul+ have multiple element! like thi! to !ay &/wsp:Polic$+ that it !upport! multiple algorithm !uite! an+ let the client an+ ... the !ervice negotiate to +eci+e (hich one to u!e' @o(ever, %or &/wsdl:de'initions+ the moment thi! negotiation i! not !upporte+ in #5i!' It mean! (hat i! !upporte+ (ill actually e u!e+' -o, +o not li!t multiple alternative! in the policy'

Dinally, you !till nee+ to !ay that it !upport! the 4e -ervice -ecurity 64--7 !tan+ar+ v1'0"

Chapter . -igning an+ encrypting -8#P me!!age!


&wsdl:de'initions ... name)*!ecure!ervice* targetNamespace)**+ &wsp:Polic$ wsu:"d)*p1*+ &sp:7s$mmetric<inding+ ... &/sp:7s$mmetric<inding+ -upport! 4-- 1'0 <sp:Fss1#> < sp:Policy> <sp:%4st'4pportRe2Em5edded/o=en /> <sp:%4st'4pportRe2)ss4er'erial /> </ sp:Policy> </sp:Fss1#> &sp:!ignedParts+ &sp:<od$ /+ &/sp:!ignedParts+ &/wsp:Polic$+ ... &/wsdl:de'initions+

It can +eal (ith token! 6certi%icate!7 +irectly inclu+e+ in the me!!age! It can al!o u!e the i!!uer D* an+ !erial num er to look up the certi%icate

Generate the !ervice !tu implementation cla!!"

an+ client !tu ' Dill out the co+e in the

Create -ecureClient'?ava in the client package"

p45lic class 'ec4re'ervice)mpl implements 'ec4re'ervice'=eleton)nter2ace ? p45lic 'tring concat8'tring s1D 'tring s"9 ? ret4rn s1 : s"; B B

Tell the #5i! client to loa+ con%iguration! %rom the Jrepo!itoryJ %ol+er in the current %ol+er 6pro?ect root7' @ere it (ill %in+ the mo+ule archive %or rampart' import org.apache.axis".context.<on2ig4ration<ontext; import org.apache.axis".context.<on2ig4ration<ontext0actory; p45lic class 'ec4re<lient ? p45lic static void main8'tring@A args9 thro s RemoteException ? <on2ig4ration<ontext context = <on2ig4ration<ontext0actory .create<on2ig4ration<ontext0rom0ile'ystem8"repository"9; 'ec4re'ervice't45 st45 = ne 'ec4re'ervice't458context9; st45.Iget'ervice<lient89.engage%od4le8"rampart"9; 'tring res4lt = st45.concat8"xy*"D "111"9; 'ystem.o4t.println8res4lt9; B @aving rampart availa le i! not enough, B you mu!t engage it'

Dor rampart to !ign the MBo+yN, it nee+! acce!! to the policy' Dortunately M(!+l2co+eN ha! e5tracte+ the policy in%ormation %rom the 4-D9 an+ put it into the Bava co+e generate+' 4hat i! mi!!ing i!, (hat i! the alia! o% the certi%icate to u!e, the pa!!(or+, the location o% the key!tore an+ etc' #ll thi! in%ormation can e !peci%ie+ in a Bava -tring or in a te5t %ile' @ere, let$! put it into a te5t %ile rampart-con%ig'5ml in the pro?ect root"


Chapter . -igning an+ encrypting -8#P me!!age!

The rampart con%iguration happen! to e al!o in the %orm o% a policy, although it i! !uppo!e+ to e u!e+ y the client it!el%'

#ll the other element! here are in the rampart name!pace

<-xml version="1.#" encoding="./0(1"-> < sp:Policy xmlns: sp=" s/"##E/#Q/policy" xmlns="http://"> <Rampart<on2ig> The alia! o% the entry in the key!tore' C!e <4ser>c1</4ser> it! private key to !ign the me!!age' <pass ord<all5ac=<lass> It (ill create an in!tance o% com.ttdev.sec4re.client.Pass ord<all5ac=Mandler thi! cla!! an+ a!k it %or the </pass ord<all5ac=<lass> pa!!(or+ <signat4re<rypto> Con%iguration! %or !igning <crypto provider="org.apache. s.sec4rity.components.crypto.%erlin"> <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.type"> UP' # Bava key!tore !upport! +i%%erent </property> %ormat!' BK- i! the +e%ault' <property name="org.apache. s.sec4rity.crypto.merlin.2ile"> c:/=eys/client.=s </property> The path to the key!tore <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.pass ord"> client(=s(pass The key!tore pa!!(or+ </property> </crypto> </signat4re<rypto> Aampart u!e! a cryptographic provi+er to per%orm </Rampart<on2ig> !igning, encryption an+ etc' >ou !peci%y the cla!! o% </ sp:Policy> the provi+er to u!e thi!' @ere you$re telling it to u!e the 3erlin provi+er (hich come! (ith rampart an+ Three propertie! %or 3erlin only' It ha! u!e! the BDK to per%orm the!e ta!k!' the concept o% key!tore 6a Bava concept7 an+ etc'

To loa+ the con%iguration %ile into rampart, mo+i%y the -ecureClient'?ava"

import import import import't7$6%H4ilder; org.apache.axis".description.Policy)ncl4de; 9oa+ the rampart-con%ig'5ml %ile an+ org.apache.neethi.Policy; get the MPolicyN element org.apache.neethi.PolicyEngine;

pu,lic class !ecureDlient E pu,lic static void main1!tringRS args4 throws Remote.(ception3 0ileNot0o4ndExceptionD $%&'treamException E Convert the MPolicyN Don'igurationDonte(t conte(t ) Don'igurationDonte(t8actor$ .createDon'igurationDonte(t8rom8ile!$stem1*repositor$*4I :39 element into a Policy Bava o ?ect !ecure!ervice!tu, stu, ) new !ecure!ervice!tu,1conte(t4I stu,.Mget!erviceDlient14.engage odule1*rampart*4I 't7$6%H4ilder 54ilder = ne 't7$6%H4ilder8"rampart(con2ig.xml"9; 6%Element con2igElement = 54ilder.getLoc4mentElement89; Policy rampart<on2ig = PolicyEngine.getPolicy8con2igElement9; st45.Iget'ervice<lient89.get7xis'ervice89.getPolicy)ncl4de89 .addPolicyElement8Policy)ncl4de.'ERT)<EIP6&)<ND rampart<on2ig9; !tring result ) stu,.concat1*($C*3 *111*4I !$stem.out.println1result4I F #++ that Policy o ?ect to the e5i!ting policy' Thi! #5i!-ervice o ?ect repre!ent! your (e F #pply thi! e5tra Policy to the (hole (e !ervice a! it i! +e!cri e+ y the 4-D9 !ervice' 6inclu+ing the policy in there7

8% cour!e you nee+ to create a Pa!!(or+Call ack@an+ler cla!! in the client package"
p45lic class Pass ord<all5ac=Mandler implements <all5ac=Mandler ? p45lic void handle8<all5ac=@A call5ac=s9

Chapter . -igning an+ encrypting -8#P me!!age!


>ou may (on+er (hy it i! !o complicate+ ?u!t to tell it the pa!!(or+ an+ (hy not ?u!t !peci%y the pa!!(or+ in the rampart-con%ig'5ml %ile' It i! !o that you can look it up in a +ata a!e an+ etc' *o( launch the TCP 3onitor an+ let it li!ten on port 120<' Dor it to (ork, !peci%y the port 120< in the client"
pu,lic class !ecureDlient E pu,lic static void main1!tringRS args4 throws Remote.(ception3 8ileNot8ound.(ception3 X L!tream.(ception E Don'igurationDonte(t conte(t ) Don'igurationDonte(t8actor$ .createDon'igurationDonte(t8rom8ile!$stem1*repositor$*4I !ecure!ervice!tu, stu, ) new !ecure!ervice!tu,1conte(tD "http://localhost:1"!E/axis"/services/'ec4re'ervice"4I stu,.Mget!erviceDlient14.engage odule1*rampart*4I !t7X% <uilder ,uilder ) new !t7X% <uilder1*rampart/con'ig.(ml*4I % .lement con'ig.lement ) ,uilder.get5ocument.lement14I Polic$ rampartDon'ig ) Polic$.ngine.getPolic$1con'ig.lement4I stu,.Mget!erviceDlient14.get7(is!ervice14.getPolic$"nclude14 .addPolic$.lement1Polic$"nclude.!.RL"D.MP%L"DV3 rampartDon'ig4I !tring result ) stu,.concat1*($C*3 *111*4I !$stem.out.println1result4I F F

thro s )6ExceptionD .ns4pported<all5ac=Exception ? 2or 8int i = #; i < call5ac=s.length; i::9 ? F'Pass ord<all5ac= p c5 = 8F'Pass ord<all5ac=9 call5ac=s@iA; 'tring id = p c5.get)denti2er89; i2 8id.e34als8"c1"99 ? p c5.setPass ord8"c1(pass"9; B B

Aun it an+ you (ill !ee an error in the con!ole !aying the a hea+er (a! not un+er!too+"

Thi! i! %ine a! the (e !ervice i! not yet prepare+ to han+le the +igital !ignature' 4hat i! intere!ting i! in the reEue!t me!!age a! !ho(n in the TCP 3onitor"


Chapter . -igning an+ encrypting -8#P me!!age!

# M-ecurityN element i! a++e+' It i! a hea+er entry'

The Jmu!tCn+er!tan+J attri ute i! !et to 1, meaning that the receiver 6the !ervice7 mu!t han+le thi! hea+er, other(i!e it mu!t return a -8#P %ault 6(hich i! the ca!e here7'

&soapenv:.nvelope (mlns:soapenv)*http://schemas.(*+ &soapenv:;eader+ &wsse:!ecurit$ (mlns:wsse)*...* soapenv:must0nderstand)*1*+ &wsse:<inar$!ecurit$#o9en (mlns:wsu)*...* The token 6certi%icate7 i! +irectly .ncoding#$pe)*...<ase?=<inar$* inclu+e+ here Lalue#$pe)*...X>0Bv3* wsu:"d)*Dert"d/1>3=?>2*+ ""D.CDD... &/wsse:<inar$!ecurit$#o9en+ &ds:!ignature (mlns:ds)** "d)*!ignature/1A?A@3=?*+ &ds:!igned"n'o+ # M-ignatureN &ds:DanonicaliCation ethod 7lgorithm)** /+ element repre!ent! a &ds:!ignature ethod +igital !ignature' >ou 7lgorithm)** /+ +on$t nee+ to %ully &ds:Re'erence 0R")*W"d/=@@B==>*+ &ds:#rans'orms+ un+er!tan+ it! +etail!' &ds:#rans'orm I% later you encrypt the 7lgorithm)** /+ me!!age, there (ill e &/ds:#rans'orms+ an M2ncrypte+DataN &ds:5igest ethod 7lgorithm)** /+ element a! it! !i ling' &ds:5igestLalue+ uPNL.v!dUi<JpH(XNw-Ga8g0X;c) &/ds:5igestLalue+ &/ds:Re'erence+ The !ignature i! !igning over thi! element, i'e', the &/ds:!igned"n'o+ &ds:!ignatureLalue+ MBo+yN element' 5;7A=d!... &/ds:!ignatureLalue+ &ds:Ue$"n'o "d)*Ue$"d/22A31A0=*+ &wsse:!ecurit$#o9enRe'erence The !ignature (a! create+ u!ing thi! token (mlns:wsu)*...* 6certi%icate7 wsu:"d)*!#R"d/1>?B?A>1*+ &wsse:Re'erence 0R")*WDert"d/1>3=?>2* Lalue#$pe)*...X>0Bv3* /+ &/wsse:!ecurit$#o9enRe'erence+ &/ds:Ue$"n'o+ &/ds:!ignature+ &/wsse:!ecurit$+ &/soapenv:;eader+ &soapenv:<od$ (mlns:wsu)*...* The MBo+yN element i! a!ically wsu:"d)*"d/=@@B==>*+ &ns1:concat (mlns:ns1)**+ unchange+' The only e5ception i! that an &s1+($C&/s1+ i+ ha! een a++e+ !o that the !ignature &s2+111&/s2+ can re%er to it' &/ns1:concat+ &/soapenv:<od$+ &/soapenv:.nvelope+

(upporting digital signatures in the web service

I+eally, (hen generating the !ervice !tu , M(!+l2co+eN !houl+ con!ult the policy in the 4-D9 an+ !etup rampart properly' @o(ever, the current ver!ion o% #5i! i! not +oing that' That$! (hy the (e !ervice i! not un+er!tan+ing the M-ecurityN hea+er element' To %i5 the pro lem, a++ the policy to !ervice!'5ml"
&N(ml version)*1.0* encoding)*0#8/A*N+ &serviceQroup+ &service name)*!ecure!ervice*+ &messageReceivers+ &messageReceiver mep)** class)*!ecure!ervice essageReceiver"n%ut* /+ &/messageReceivers+ &parameter name)*!erviceDlass*+!ecure!ervice"mpl

Chapter . -igning an+ encrypting -8#P me!!age!


Then engage the rampart mo+ule an+ a++ the rampart con%iguration a! a policy a!!ertion"

&/parameter+ &parameter name)*use%riginalwsdl*+true&/parameter+ &parameter name)*modi'$0ser6!5LPort7ddress*+true&/parameter+ &operation name)*concat* mep)**+ &action apping+ &/action apping+ &output7ction apping+!ecure!ervice/concatResponse &/output7ction apping+ &/operation+ < sp:Policy xmlns:sp=" s/"##+/#R/sec4ritypolicy" xmlns: sp=" s/"##E/#Q/policy" xmlns: s4="http://docs.oasis( ss/"##E/#1/ oasis("##E#1( ss( ssec4rity(4tility(1.#.xsd" s4:)d="p1"> <sp:7symmetricHinding> < sp:Policy> <sp:)nitiator/o=en> < sp:Policy> <sp:$+#Q/o=en sp:)ncl4de/o=en=" s/"##+/#R/ sec4ritypolicy/)ncl4de/o=en/7l ays/oRecipient"> < sp:Policy> <sp:Fss$+#QT!/o=en1# /> </ sp:Policy> </sp:$+#Q/o=en> </ sp:Policy> </sp:)nitiator/o=en> <sp:Recipient/o=en> < sp:Policy> <sp:$+#Q/o=en sp:)ncl4de/o=en=" s/"##+/#R/ sec4ritypolicy/)ncl4de/o=en/Never"> < sp:Policy> <sp:Fss$+#QT!/o=en1# /> </ sp:Policy> </sp:$+#Q/o=en> </ sp:Policy> </sp:Recipient/o=en> <sp:7lgorithm'4ite> < sp:Policy> <sp:/ripleLesRsa1+ /> </ sp:Policy> </sp:7lgorithm'4ite> </ sp:Policy> </sp:7symmetricHinding> <sp:Fss1#> < sp:Policy> <sp:%4st'4pportRe2Em5edded/o=en /> <sp:%4st'4pportRe2)ss4er'erial /> </ sp:Policy> </sp:Fss1#> <sp:'ignedParts> <sp:Hody /> </sp:'ignedParts> &/service+ &/serviceQroup+


Chapter . -igning an+ encrypting -8#P me!!age!

&N(ml version)*1.0* encoding)*0#8/A*N+ &serviceQroup+ &service name)*!ecure!ervice*+ &messageReceivers+ 2ngage the rampart mo+ule' The or+ering o% ... the Mmo+uleN element +oe!n$t really matter &/messageReceivers+ a! long a! it i! +irectly in the M!erviceN &parameter ...+ element' &parameter ...+ c"Qkey!Q!ervice'k! &operation name)*concat* ...+ ... #lia! Private key Certi%icate &/operation+ <mod4le re2="rampart" /> !1 ''' ''' &wsp:Polic$ ...+ &sp:7s$mmetric<inding+ ... &/sp:7s$mmetric<inding+ &sp:6ss10+ ... &/sp:6ss10+ It i! u!e+ a! a policy &sp:!ignedParts+ a!!ertion >ou$ll create thi! key!tore &sp:<od$ /+ &/sp:!ignedParts+ entry later %or the (e <Rampart<on2ig !ervice xmlns="http://"> <4ser>s1</4ser> <pass ord<all5ac=<lass> com.ttdev.sec4re.Pass ord<all5ac=Mandler </pass ord<all5ac=<lass> <signat4re<rypto> >ou$ll create thi! cla!! later <crypto provider="org.apache. s.sec4rity.components.crypto.%erlin"> <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.type"> UP' </property> >ou$ll create thi! <property key!tore later name="org.apache. s.sec4rity.crypto.merlin.2ile"> c:/=eys/service.=s </property> <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.pass ord"> service(=s(pass </property> The key!tore </crypto> pa!!(or+ </signat4re<rypto> </Rampart<on2ig> &/wsp:Polic$+ &/service+ &/serviceQroup+

To get a certi%icate %or the !ervice, open a comman+ prompt an+ then"
c:K+cd K9e$s c:K9e$s+9e$tool /gen9e$ /alias s1 /9e$store service.9s /9e$alg R!7 /sigalg !;71withR!7 .nter 9e$store password: service/9s/pass 6hat is $our 'irst and last nameN R0n9nownS: s1 6hat is the name o' $our organiCational unitN R0n9nownS: 6hat is the name o' $our organiCationN R0n9nownS: 8oo 6hat is the name o' $our Dit$ or Localit$N R0n9nownS: 6hat is the name o' $our !tate or ProvinceN R0n9nownS:

Chapter . -igning an+ encrypting -8#P me!!age!


Generate a certi%icate reEue!t %or it"

6hat is the two/letter countr$ code 'or this unitN R0n9nownS: 0! "s DN)s13 %0)0n9nown3 %)8oo3 L)0n9nown3 !#)0n9nown3 D)0! correctN RnoS: $es .nter 9e$ password 'or &s1+ 1R.#0RN i' same as 9e$store password4: s1/pass c:K9e$s+9e$tool /certre- /alias s1 /9e$store service.9s /'ile s1.csr .nter 9e$store password: service/9s/pass .nter 9e$ password 'or &s1+s1/pass

C!e your te!t C# to create a certi%icate %or it 6remem er that Jca-pa!!J i! the pa!!(or+ %or the C# key7"
c:K9e$s+cd KD7 c:KD7+openssl (>0B /D7 cacert.pem /D79e$ ca9e$.pem /D7serial serial.t(t /re- /in c:K9e$sKs1.csr /out c:K9e$sKs1.cer /da$s 10B>

Import the certi%icate o% the C# an+ that %or the !ervice into the key!tore %or the !ervice"
c:KD7+cd K9e$s c:K9e$s+9e$tool /import /alias testD7 /9e$store service.9s /'ile c:KD7Kcacert.pem .nter 9e$store password: service/9s/pass %wner: DN)D73 %)#est D73 !#)!ome/!tate3 D)0! "ssuer: DN)D73 %)#est D73 !#)!ome/!tate3 D)0! !erial num,er: d=,'?=c2e?ae,?B= Lalid 'rom: !at 5ec 0A 10:2?:1= D!# 200@ until: #ue 5ec 0> 10:2?:1= D!# 201@ Derti'icate 'ingerprints: 5>: 2?:=A:17:18:A5:>@:38:7@:08:<5:A2:3B:80:77:>8:?5 !;71: 1>:3>:08:D?:D5:=@:<2:B.:A3:?1:5<:11:@=:B.:=0:0A:<?:A8:>>:@B #rust this certi'icateN RnoS: $es Derti'icate was added to 9e$store c:K9e$s+9e$tool /import /alias s1 /9e$store service.9s /'ile s1.cer .nter 9e$store password: service/9s/pass .nter 9e$ password 'or &s1+s1/pass Derti'icate repl$ was installed in 9e$store

Do you nee+ to import c1$! certi%icate; *o' #! the client (ill inclu+e it in the me!!age, you +on$t nee+ it in the key!tore' 8n the other han+, +o you nee+ to import !1$! certi%icate into the key!tore %or the client; >e!' Thi! i! ecau!e the (e !ervice (ill not !en+ it! certi%icate to the client, ut ?u!t the i!!uer$! D* an+ !erial num er o% the certi%icate' -o the client nee+! thi! certi%icate in it! key!tore' -o, import it"
c:K9e$s+9e$tool /import /alias s1 /9e$store client.9s /'ile s1.cer .nter 9e$store password: client/9s/pass Derti'icate was added to 9e$store

*o(, run the client again' Thi! time it (ill (ork' I% you check the -8#P re!pon!e me!!age in TCP 3onitor, you$ll !ee"


Chapter . -igning an+ encrypting -8#P me!!age!

&soapenv:.nvelope (mlns:soapenv)*http://schemas.(*+ &soapenv:;eader+ &wsse:!ecurit$ There i! no MBinary-ecurityTokenN here' It (mlns:wsse)*...* mean! the !1 certi%icate i! not !ent' soapenv:must0nderstand)*1*+ &ds:!ignature (mlns:ds)** "d)*!ignature/2>>B12AB*+ &ds:!igned"n'o+ &ds:DanonicaliCation ethod 7lgorithm)** /+ &ds:!ignature ethod 7lgorithm)** /+ &ds:Re'erence 0R")*W"d/?B23=?@*+ &ds:#rans'orms+ &ds:#rans'orm 7lgorithm)** /+ &/ds:#rans'orms+ &ds:5igest ethod 7lgorithm)** /+ &ds:5igestLalue+ 0PQQ;vigd ?mTrQJ3l8Q86d6<9=) &/ds:5igestLalue+ &/ds:Re'erence+ &/ds:!igned"n'o+ &ds:!ignatureLalue+ ?A0t... &/ds:!ignatureLalue+ &ds:Ue$"n'o "d)*Ue$"d/1@2=020?*+ C!e the i!!uer D* an+ certi%icate !erial < sse:'ec4rity/o=enRe2erence num er 65 here7 to i+enti%y the certi%icate' xmlns: s4="..." It i! up to the client to look it up' s4:)d="'/R)d(1!,"!!,Q"> <ds:$+#QLata> <ds:$+#Q)ss4er'erial> <ds:$+#Q)ss4erName> <N=<7D6=/est <7D'/='ome('tateD<=.' </ds:$+#Q)ss4erName> <ds:$+#Q'erialN4m5er>+</ds:$+#Q'erialN4m5er> </ds:$+#Q)ss4er'erial> </ds:$+#QLata> </ sse:'ec4rity/o=enRe2erence> &/ds:Ue$"n'o+ &/ds:!ignature+ &/wsse:!ecurit$+ &/soapenv:;eader+ &soapenv:<od$ (mlns:wsu)*...* wsu:"d)*"d/?B23=?@*+ &ns1:concatResponse (mlns:ns1)**+ &r+($C111&/r+ &/ns1:concatResponse+ &/soapenv:<od$+ &/soapenv:.nvelope+

That i!, it i! telling the !ervice that the certi%icate u!e+ to !ign the me!!age i! i!!ue+ y C*YC#,8YTe!t C#,-TY-ome--tate,CYC- an+ the !erial num er o% the certi%icate i! 5' It i! hoping that the client can u!e thi! in%ormation to locate the certi%icate an+ then u!e the pu lic key in it to veri%y the !ignature' Dor thi! to (ork, the client may !can all the certi%icate! in the key!tore to try to %in+ it' It mean! you mu!t import !1$! certi%icate into the key!tore on the client'

Chapter . -igning an+ encrypting -8#P me!!age!


To check that the !ervice i! really veri%ying the !ignature, note me!!age! like elo( in the con!ole"

)ncrypting (-A# messages

#t the moment the me!!age! are !igne+, ut they aren$t encrypte+ an+ thu! people on the Internet can !ee them' I% the in%ormation i! con%i+ential, you !houl+ encrypt it' To +o that, mo+i%y the policy in the 4-D9 %ile"
&N(ml version)*1.0* encoding)*0#8/A*N+ &wsdl:de'initions ...+ &wsp:Polic$ wsu:"d)*p1*+ &sp:7s$mmetric<inding+ ... &/sp:7s$mmetric<inding+ &sp:6ss10+ ... &/sp:6ss10+ &sp:!ignedParts+ &sp:<od$ /+ &/sp:!ignedParts+ <sp:EncryptedParts> The MBo+yN element o% the -8#P <sp:Hody /> </sp:EncryptedParts> me!!age !houl+ e encrypte+ &/wsp:Polic$+ ... &/wsdl:de'initions+

Generate the !ervice !tu an+ client !tu again' 3o+i%y rampart-con%ig'5ml %or the client"


Chapter . -igning an+ encrypting -8#P me!!age!

Thi! i! a key!tore alia!' Get the certi%icate %or &wsp:Polic$ ...+ the alia! Z!1[ %rom the key!tore an+ u!e the &RampartDon'ig+ pu lic key there to encrypt the me!!age' &user+c1&/user+ <encryption.ser>s1</encryption.ser> *ote that you +on$t nee+ the pa!!(or+ to get the pu lic key' &passwordDall,ac9Dlass+,ac9;andler &/passwordDall,ac9Dlass+ &signatureDr$pto+ &cr$pto provider)*$$pto. erlin*+ &propert$ name)*$.cr$pto.merlin.9e$store.t$pe*+ JU! &/propert$+ &propert$ name)*$.cr$pto.merlin.'ile*+ c:/9e$s/client.9s &/propert$+ &propert$ name)*$.cr$pto.merlin.9e$store.password*+ client/9s/pass &/propert$+ &/cr$pto+ &/signatureDr$pto+ <encryption<rypto> <crypto provider="org.apache. s.sec4rity.components.crypto.%erlin"> <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.type"> UP' </property> <property name="org.apache. s.sec4rity.crypto.merlin.2ile"> c:/=eys/client.=s </property> <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.pass ord"> client(=s(pass </property> </crypto> </encryption<rypto> &/RampartDon'ig+ &/wsp:Polic$+ -peci%y the cryptographic provi+er to per%orm encryption' @ere, you !till u!e the 3erlin provi+er 6BDK7' >ou al!o !peci%y it! con%iguration! 6the path to the key!tore an+ the key!tore pa!!(or+7' @ere, everything i! the !ame a! the cryptographic provi+er %or !igning'

Dor the (e !ervice, mo+i%y !ervice!'5ml"

Chapter . -igning an+ encrypting -8#P me!!age!


&serviceQroup+ &service name)*!ecure!ervice*+ ... &wsp:Polic$ ... wsu:"d)*p1*+ &sp:7s$mmetric<inding+ ... &/sp:7s$mmetric<inding+ &sp:6ss10+ ... &/sp:6ss10+ The MBo+yN element o% the -8#P &sp:!ignedParts+ me!!age !houl+ e encrypte+ &sp:<od$ /+ &/sp:!ignedParts+ <sp:EncryptedParts> <sp:Hody /> 2ncrypt the re!pon!e u!ing c1$! pu lic key </sp:EncryptedParts> &RampartDon'ig (mlns)*$*+ &user+s1&/user+ <encryption.ser>c1</encryption.ser> &passwordDall,ac9Dlass+,ac9;andler &/passwordDall,ac9Dlass+ &signatureDr$pto+ &cr$pto provider)*$$pto. erlin*+ &propert$ name)*$.cr$pto.merlin.9e$store.t$pe*+ JU! &/propert$+ &propert$ name)*$.cr$pto.merlin.'ile*+ c:/9e$s/service.9s &/propert$+ &propert$ name)*$.cr$pto.merlin.9e$store.password*+ service/9s/pass &/propert$+ &/cr$pto+ &/signatureDr$pto+ <encryption<rypto> <crypto provider="org.apache. s.sec4rity.components.crypto.%erlin"> <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.type"> UP' </property> <property name="org.apache. s.sec4rity.crypto.merlin.2ile"> c:/=eys/service.=s </property> <property name="org.apache. s.sec4rity.crypto.merlin.=eystore.pass ord"> service(=s(pass </property> </crypto> </encryption<rypto> &/RampartDon'ig+ &/wsp:Polic$+ &/service+ -peci%y the cryptographic provi+er to per%orm encryption' It &/serviceQroup+ i! the !ame a! the one u!e+ %or !igning' It i! al!o i+entical to the one u!e+ y the client e5cept that it u!e! a +i%%erent key!tore %ile'

@o(ever, there i! a pro lem here' #! you$re encrypting the re!pon!e me!!age


Chapter . -igning an+ encrypting -8#P me!!age!

u!ing c1$! pu lic key, ho( can it %in+ out c1$! pu lic key; >ou$ll nee+ to put c1$! certi%icate in the key!tore %or the (e !ervice' In a++ition, thi! (e !ervice can only talk to a !ingle client c1 6!ee the +iagram elo(7' I% there i! another client c2, it can encrypt the reEue!t u!ing !1$! pu lic key, ut !1 (ill encrypt the re!pon!e u!ing the pu lic key o% c1 6*8T c27, making c2 %ail to +ecrypt it"
1" 2ncrypt the reEue!t u!ing !1$! pu lic key c1 2" 2ncrypt the re!pon!e u!ing c1$! pu lic key 0" 2ncrypt the reEue!t u!ing !1$! pu lic key c2 <" 2ncrypt the re!pon!e u!ing c1$! pu lic key' Pro lem" c2 can$t +ecrypt itP !1

To !olve thi! pro lem, rampart !upport! a !pecial (ay o% operation' I% c1 oth !ign! an+ encrypt! the reEue!t, it (ill !ign it u!ing it! o(n private key' I% it al!o inclu+e! it! certi%icate in the reEue!t, then rampart can e in!tructe+ to look up thi! certi%icate in the reEue!t an+ u!e it to encrypt the re!pon!e' There%ore, it (ill u!e c1$! certi%icate to encrypt the re!pon!e' I% c2 !en+! it a reEue!t, it (ill encrypt the re!pon!e u!ing c2$! certi%icate"
c1 cert

2" Get thi! certi%icate an+ u!e it to encrypt the re!pon!e

1" -ign the reEue!t u!ing c1$! private key an+ encrypt it u!ing !1$! pu lic key' c1 0" 2ncrypt the re!pon!e u!ing c1$! pu lic key 5" Get thi! certi%icate an+ u!e it to encrypt the re!pon!e !1

c2 cert

<" -ign the reEue!t u!ing c2$! private key an+ encrypt it u!ing !1$! pu lic key' c2 =" 2ncrypt the re!pon!e u!ing c2$! pu lic key

To ena le thi! operation, put a !pecial value Ju!eAeg-igCertJ into the MencryptionC!erN element"

Chapter . -igning an+ encrypting -8#P me!!age!


&serviceQroup+ It !tan+! %or Ju!e reEue!t !igning certi%icateJ' &service name)*!ecure!ervice*+ That i!, u!e the certi%icate that !igne+ the ... reEue!t me!!age' &wsp:Polic$ ... wsu:"d)*p1*+ ... &RampartDon'ig (mlns)*$*+ &user+s1&/user+ <encryption.ser>4seRe3'ig<ert</encryption.ser> ... &/RampartDon'ig+ &/wsp:Polic$+ &/service+ &/serviceQroup+

*o( run the client an+ it !houl+ (ork' To veri%y that the me!!age! are in+ee+ encrypte+, check them out in the TCP 3onitor"


Chapter . -igning an+ encrypting -8#P me!!age!

&soapenv:.nvelope ...+ i! inclu+e+ in the M-ecurityN hea+er &soapenv:;eader+ &wsse:!ecurit$ (mlns:wsse)*...* soapenv:must0nderstand)*1*+ &(enc:.ncr$ptedUe$ "d)*.ncUe$"d/10?30?@2*+ &(enc:.ncr$ption ethod Thi! repre!ent! the 7lgorithm)*>* /+ encrypte+ !ymmetric &ds:Ue$"n'o (mlns:ds)**+ key &wsse:!ecurit$#o9enRe'erence+ &ds:X>0B5ata+ @o( the !ymmetric &ds:X>0B"ssuer!erial+ key (a! encrypte+ &ds:X>0B"ssuerName+ DN)D73%)#est D73!#)!ome/!tate3D)0! &/ds:X>0B"ssuerName+ In%ormation a out the private &ds:X>0B!erialNum,er+ key that (a! u!e+ to encrypt > thi! !ymmetric key' @ere it &/ds:X>0B!erialNum,er+ &/ds:X>0B"ssuer!erial+ re%er! to !1$! certi%icate u!ing &/ds:X>0B5ata+ the i!!uer D* an+ !erial &/wsse:!ecurit$#o9enRe'erence+ num er' &/ds:Ue$"n'o+ &(enc:Dipher5ata+ &(enc:DipherLalue+ 7<lBmXu<1... The encrypte+ !ymmetric key &/(enc:DipherLalue+ &/(enc:Dipher5ata+ &(enc:Re'erenceList+ &(enc:5ataRe'erence 0R")*W.nc5ata"d/2??22@A2* /+ &/(enc:Re'erenceList+ &/(enc:.ncr$ptedUe$+ &wsse:<inar$!ecurit$#o9en ... wsu:"d)*Dert"d/>@12B>*+ ""D5... The certi%icate u!e+ %or &/wsse:<inar$!ecurit$#o9en+ !igning 6c1$! certi%icate7 &ds:!ignature ... "d)*!ignature/22A31A0=*+ ... &/ds:!ignature+ &/wsse:!ecurit$+ &/soapenv:;eader+ &soapenv:<od$ ... wsu:"d)*"d/2??22@A2*+ &(enc:.ncr$pted5ata "d)*.nc5ata"d/2??22@A2* #$pe)**+ The !ymmetric key &(enc:.ncr$ption ethod 7lgorithm)*,c* /+ u!e+ to encrypt the &ds:Ue$"n'o (mlns:ds)**+ +ata &wsse:!ecurit$#o9enRe'erence ...+ &wsse:Re'erence 0R")*W.ncUe$"d/10?30?@2* /+ @o( (a! the content o% &/wsse:!ecurit$#o9enRe'erence+ &/ds:Ue$"n'o+ the MBo+yN encrypte+; It &(enc:Dipher5ata+ u!e+ 0D2&(enc:Diph1'>erLalue+ D2wnp#td... The encrypte+ content o% the &/(enc:DipherLalue+ MBo+yN &/(enc:Dipher5ata+ &/(enc:.ncr$pted5ata+ &/soapenv:<od$+ &/soapenv:.nvelope+

#ll encryption an+ !igning in%ormation

The content o% the MBo+yN ha! een encrypte+

(ecurity issues when performing both signing and encrypting

4hen you$re per%orming oth !igning an+ encryption, there are !ecurity i!!ue!' Dor e5ample, i% you !ign the MBo+yN an+ then encrypt it, then the re!ulting me!!age (ill e like"

Chapter . -igning an+ encrypting -8#P me!!age!


&;eader+ &!ecurit$+ &.ncr$ptedUe$+...&/.ncr$ptedUe$+ &!ignature+ &ds:!igned"n'o+ &ds:DanonicaliCation ethod .../+ &ds:!ignature ethod .../+ &ds:Re'erence 0R")*W"d/2??22@A2*+ ... &ds:5igest ethod .../+ &ds:5igestLalue+U66/7/R*e"p/H.H l31VU1x$QvE=&/ds:5igestLalue+ &/ds:Re'erence+ &/ds:!igned"n'o+ ... The +ige!t o% the content o% the &/!ignature+ MBo+yN element &/!ecurit$+ &/;eader+ &<od$+ encr$pted data... &/<od$+

The pro lem i! that, i% you run the client multiple time!, the +ige!t (ill e the !ame' Thi! i! the (ay it !houl+ e' Given !ome particular plain te5t, anyone can calculate the +ige!t an+ it !houl+ e the !ame' Thi! mean! that a hacker coul+ calculate the +ige!t o% !ome common plain te5t to uil+ a lookup ta le like"
Plain te5t &ns1:concat (mlns:ns1)**+ &s1+($C&/s1+ &s2+111&/s2+ &/ns1:concat+ &ns1:concat (mlns:ns1)**+ &s1+($C&/s1+ &s2+a,c&/s2+ &/ns1:concat+ ... ''' khg8%ry%!0/u%aeG


Then he can capture your me!!age, get the +ige!t an+ u!e the lookup ta le a ove to recover the plain te5t, even though you$ve encrypte+ the content o% the MBo+yN element' It mean! the +ige!t i! actually leaking the plain te5t' >ou may (on+er i% the hacker can +o the !ame thing u!ing the encrypte+ content o% the MBo+yN element;


Chapter . -igning an+ encrypting -8#P me!!age!

&soapenv:<od$ ...+ &(enc:.ncr$pted5ata "d)*.nc5ata"d/2??22@A2* ...+ &(enc:.ncr$ption ethod .../+ &ds:Ue$"n'o ...+ ... &/ds:Ue$"n'o+ &(enc:Dipher5ata+ &(enc:Diph1'>erLalue+ The encrypte+ content o% the dPe01F&L3'T... MBo+yN element &/(enc:DipherLalue+ &/(enc:Dipher5ata+ &/(enc:.ncr$pted5ata+ &/soapenv:<od$+

I% you run the client multiple time!, you$ll !ee that the encrypte+ content o% the MBo+yN element (ill change every time' Thi! i! a a!ic reEuirement o% encryption algorithm! to prevent !uch a lookup attack 6calle+ J+ictionary attackJ7' *o( the Eue!tion i! ho( to prevent the +ige!t %rom leaking in%ormation; There are three alternative !olution!' The %ir!t !olution i! to per%orm encryption %ir!t an+ then !ign on the encrypte+ MBo+yN content' #! the encrypte+ content change! every time, the +ige!t (ill change every time' @o(ever, thi! i! not a very goo+ !olution a! +igital !ignature! !houl+ e per%orme+ on (hat i! !een y the u!er! 6i'e', plain te5t, not encrypte+ te5t7' Dor the ca!e on han+, a! it i! the client 6not u!er7 !igning it, it may e goo+ enough' The !econ+ !olution i! to !ign an+ then encrypt an+ %inally al!o encrypt the !ignature' Thi! (ork! %or the ca!e on han+' @o(ever, i% the (e !ervice (a! !uppo!e+ to veri%y the !ignature ut nee+e+ to pa!! the encrypte+ +ata to a 0r+ party, then the (e !ervice (oul+n$t have the key to +ecrypt the !ignature an+ coul+n$t veri%y it' The thir+ !olution i! to inclu+e a ran+om element 6u!ually calle+ JnonceJ or J!altJ7 into the plain te5t !o that the +ige!t change! every time' Dor e5ample, you coul+ a++ a thir+ element to the reEue!t"
&ns1:concat (mlns:ns1)**+ &s1+($C&/s1+ &s2+111&/s2+ <salt>=g4y10Ls2L072a!1Qr</salt> &/ns1:concat+

Thi! i! the mo!t %le5i le !olution ut it mean! a lot o% e5tra (ork on you' #ny(ay, in or+er to implement the %ir!t !olution 6encrypt an+ then !ign7, mo+i%y the policy"
&wsp:Polic$ wsu:"d)*p1*+ &sp:7s$mmetric<inding+ &wsp:Polic$+ &sp:"nitiator#o9en+ ... &/sp:"nitiator#o9en+ &sp:Recipient#o9en+ ...

Chapter . -igning an+ encrypting -8#P me!!age!


To implement the !econ+ !olution, mo+i%y the policy"

&wsp:Polic$ wsu:"d)*p1*+ &sp:7s$mmetric<inding+ Don$t nee+ thi! any more ... &sp:.ncr$pt<e'ore!igning/+ ... &/sp:7s$mmetric<inding+ &sp:6ss10+ ... &/sp:6ss10+ It i! like M2ncrypte+Part!N ut it i! not u!ing &sp:!ignedParts+ &sp:<od$ /+ -8#P !tructure! !uch a! MBo+yN to re%er the &/sp:!ignedParts+ me!!age' In!tea+, it u!e! !omething calle+ &sp:.ncr$ptedParts+ :Path to re%er to element! in the :39 &sp:<od$ /+ +ocument' &/sp:.ncr$ptedParts+ <sp:EncryptedElements> <sp:$Path> //W@local(name89=K'ignat4reKA </sp:$Path> </sp:EncryptedElements> Then !elect tho!e (ho!e element &/wsp:Polic$+ name 6ignoring the name!pace7 i! J-ignatureJ' 9ook %or any +e!cen+ant o% :39 root element 6M2nvelopeN here7 &soapenv:.nvelope ...+ &soapenv:;eader+ &wsse:!ecurit$ ...+ &(enc:.ncr$ptedUe$ ...+...&/(enc:.ncr$ptedUe$+ &ds:!ignature ...+ ... &/ds:!ignature+ &/wsse:!ecurit$+ &/soapenv:;eader+ &/soapenv:.nvelope+

&/sp:Recipient#o9en+ &sp:7lgorithm!uite+ ... &/sp:7lgorithm!uite+ <sp:EncryptHe2ore'igning/> &/wsp:Polic$+ &/sp:7s$mmetric<inding+ ... &/wsp:Polic$+

BCG #92AT" Due to a ug in the current ver!ion o% Aampart, the M2ncrypte+2lement!N %eature i! not (orking'


(1Addressing header elements

I% you$re u!ing 4--#++re!!ing, mo!t likely you$+ like to en!ure that the 4-#++re!!ing hea+er element! are not tampere+ (ith' To +o that, you can mo+i%y the policy to reEuire !igning on hea+er element!"


Chapter . -igning an+ encrypting -8#P me!!age!

&wsp:Polic$ wsu:"d)*p1*+ &sp:7s$mmetric<inding+ ... &/sp:7s$mmetric<inding+ &sp:6ss10+ ... &/sp:6ss10+ &sp:!ignedParts+ &sp:<od$ /+ &sp:;eader Name)*#o* Namespace)*>/0A/addressing*/+ &/sp:!ignedParts+ &sp:.ncr$ptedParts+ 2ncrypt the MToN element in the http"))((('(0'org)2005)08)a++re!!ing &sp:<od$ /+ &/sp:.ncr$ptedParts+ name!pace &/wsp:Polic$+ &soapenv:.nvelope (mlns:wsa)*>/0A/addressing* ...+ &soapenv:;eader+ &wsse:!ecurit$+ ... &/wsse:!ecurit$+ &wsa:#o+http://localhost:123=/a(is2/services/!ecure!ervice&/wsa:#o+ &wsa: essage"5+urn:uuid:>B831>3.B@@.5.5.=@11B@?AA=BA@AA&/wsa: essage"5+ &wsa:7ction+,=%peration&/wsa:7ction+ &/soapenv:;eader+ &/soapenv:.nvelope+

To protect all !uch element!, you may li!t them one y one"
&sp:!ignedParts+ &sp:<od$ /+ &sp:;eader Name)*#o* Namespace)*>/0A/addressing*/+ <sp:Meader Name="%essage)L" Namespace="http:// . !.org/"##+/#1/addressing"/> <sp:Meader Name="7ction" Namespace="http:// . !.org/"##+/#1/addressing"/> <sp:Meader Name="Relates/o" Namespace="http:// . !.org/"##+/#1/addressing"/> &/sp:!ignedParts+

@o(ever, thi! i! too much trou le' # etter (ay i! not to !peci%y the *ame attri ute an+ !peci%y only the *ame!pace attri ute' Thi! (ay all hea+er element! in the 4--#++re!!ing name!pace (ill e !igne+"
&sp:!ignedParts+ &sp:<od$ /+ &sp:;eader Name)*#o* Namespace)*>/0A/addressing*/+ &/sp:!ignedParts+

BCG #92AT" Due to a ug in the current ver!ion o% Aampart, thi! %eature i! not (orking' There%ore, %or the moment, you$ll have to li!t them one y one'

(ending login information

-uppo!e that the (e !ervice (ill per%orm the reEue!te+ operation only %or !electe+ u!er! only' To +o that, you can con%igure your client to !en+ the u!er name an+ pa!!(or+ to the (e !ervice' -uch in%ormation i! calle+ a C!ername Token' To reEuire a C!ername token in the reEue!t me!!age, mo+i%y the policy"

Chapter . -igning an+ encrypting -8#P me!!age!


&wsp:Polic$ wsu:"d)*p1*+ &sp:7s$mmetric<inding+ ... &/sp:7s$mmetric<inding+ &sp:6ss10+ ... &/sp:6ss10+ &sp:!ignedParts+ # C!ername Token i! not like the certi%icate token ... (hich i! reEuire+ %or !igning or encryption' &/sp:!ignedParts+ There%ore it i! ?u!t a !upporting token' @ere, you &sp:.ncr$ptedParts+ al!o reEuire that it e !igne+ to make !ure that it ha! ... not een tampere+ (ith' &/sp:.ncr$ptedParts+ <sp:'igned'4pporting/o=ens> < sp:Policy> <sp:.sername/o=en sp:)ncl4de/o=en="http://docs.oasis( s(sx/ s(sec4ritypolicy/"##R#"/)ncl4de/o=en/7l ays/oRecipient"/> </ sp:Policy> </sp:'igned'4pporting/o=ens> &/wsp:Polic$+ #l(ay! inclu+e it in the reEue!t me!!age There can e other type! o% !upporting token!' C!ername token i! ?u!t one po!!i le type'

@o( to !peci%y the u!er name; Dor the moment rampart (ill al(ay! u!e the Mu!erN con%iguration 6in your rampart-con%ig'5ml %ile7"
It i! u!e+ oth a! the u!er name in the C!ername token an+ a! the alia! %or the client certi%icate &wsp:Polic$ (mlns:wsp)*http://schemas.($* (mlns)*$*+ &RampartDon'ig+ <4ser>c1</4ser> &encr$ption0ser+s1&/encr$ption0ser+ &passwordDall,ac9Dlass+,ac9;andler &/passwordDall,ac9Dlass+ &signatureDr$pto+ ... &/signatureDr$pto+ &encr$ptionDr$pto+ ... &/encr$ptionDr$pto+ &/RampartDon'ig+ &/wsp:Polic$+

Thi! i! a pro lem a! you pro a ly (ant the client to allo( +i%%erent u!er! to u!e it to talk to the (e !ervice' In the late!t !nap!hot o% rampart the!e concept! can e !eparate+"


Chapter . -igning an+ encrypting -8#P me!!age!

It i! u!e+ only a! the u!er name in the C!ername token &wsp:Polic$ (mlns:wsp)*http://schemas.($* (mlns)*$*+ &RampartDon'ig+ It i! u!e+ only a! the alia! %or <4ser>41</4ser> the client certi%icate <4ser<ert7lias>c1</4ser<ert7lias> &encr$ption0ser+s1&/encr$ption0ser+ &passwordDall,ac9Dlass+,ac9;andler &/passwordDall,ac9Dlass+ &signatureDr$pto+ ... &/signatureDr$pto+ &encr$ptionDr$pto+ ... &/encr$ptionDr$pto+ &/RampartDon'ig+ &/wsp:Polic$+

#! that ver!ion ha! not een relea!e+ yet, here you can only u!e c1 %or oth purpo!e!' -o rampart ha! the u!er name, ho( +oe! it kno( the pa!!(or+; It can u!e the pa!!(or+ call ack' -o mo+i%y Pa!!(or+Call ack@an+ler'?ava in the client package"
pu,lic class PasswordDall,ac9;andler implements Dall,ac9;andler E pu,lic void handle1Dall,ac9RS call,ac9s4 throws "%.(ception3 0nsupportedDall,ac9.(ception E 'or 1int i ) 0I i & call,ac9s.lengthI iHH4 E 6!PasswordDall,ac9 pwc, ) 16!PasswordDall,ac94 call,ac9sRiSI !tring id ) pwc,.get"denti'er14I s itch 8p c5.get.sage899 ? 4hen rampart nee+! to !ign or case F'Pass ord<all5ac=.')ON7/.RE: +ecrypt, c1 i! acting a! the alia!' case F'Pass ord<all5ac=.LE<RNP/:? i' 1id.e-uals1*c1*44 E pwc,.setPassword1*c1/pass*4I 4hen rampart nee+! to !en+ a F C!ername token, c1 i! acting a! 5rea=; the u!er name' B case F'Pass ord<all5ac=..'ERN7%EI/6PEN: ? i2 8id.e34als8"c1"99 ? p c5.setPass ord8"c1(as(4ser(pass"9; B @ere u!e a +i%%erent pa!!(or+ to 5rea=; veri%y that they are +i%%erent B B F F F

@o( can the (e !ervice veri%y the pa!!(or+; #gain, rampart replie! on the pa!!(or+ call ack to get the correct pa!!(or+ %or compari!on' -o, mo+i%y Pa!!(or+Call ack@an+ler'?ava in the com'tt+ev'!ecure package"

Chapter . -igning an+ encrypting -8#P me!!age!


pu,lic class PasswordDall,ac9;andler implements Dall,ac9;andler E pu,lic void handle1Dall,ac9RS call,ac9s4 throws "%.(ception3 0nsupportedDall,ac9.(ception E 'or 1int i ) 0I i & call,ac9s.lengthI iHH4 E 6!PasswordDall,ac9 pwc, ) 16!PasswordDall,ac94 call,ac9sRiSI !tring id ) pwc,.get"denti'er14I s itch 8p c5.get.sage899 ? 4hen rampart nee+! to !ign or case F'Pass ord<all5ac=.LE<RNP/: +ecrypt, it nee+! it! o(n 6!17 case F'Pass ord<all5ac=.')ON7/.RE: ? pa!!(or+' i' 1id.e-uals1*s1*44 E pwc,.setPassword1*s1/pass*4I 4hen rampart nee+! to veri%y a F C!ername token, it nee+! to 5rea=; return the pa!!(or+ %or the B kno(n u!er! 6c17' case F'Pass ord<all5ac=..'ERN7%EI/6PEN: ? i2 8id.e34als8"c1"99 ? p c5.setPass ord8"c1(as(4ser(pass"9; B 5rea=; B B F F F

*o( generate the !ervice !tu an+ client !tu again' Aun it' >ou !houl+ !ee the C!ername token in the TCP 3onitor"


Chapter . -igning an+ encrypting -8#P me!!age!

&soapenv:.nvelope ...+ The C!ername token &soapenv:;eader+ &wsse:!ecurit$ ...+ &(enc:.ncr$ptedUe$ "d)*.ncUe$"d/2BA>@A0=*+ ... &/(enc:.ncr$ptedUe$+ c1 i! the u!er name < sse:.sername/o=en xmlns: s4="..." s4:)d=".sername/o=en(,,+Q+11"> Dor !ecurity, the pa!!(or+ i! < sse:.sername>c1</ sse:.sername> not !ent a! clear te5t ut a! a < sse:Pass ord +ige!t' /ype="http://docs.oasis( ss/ "##E/#1/oasis("##E#1( ss(4sername(to=en(pro2ile(1.#SPass ordLigest"> ,OF!"n>R$U#s/y)>LVrcCFn!$#E= </ sse:Pass ord> < sse:Nonce>/L"o%d40"",4*RdERs!H= ==</ sse:Nonce> < s4:<reated>"##R(1"(1+/#,:1,:++.R,+V</ s4:<reated> </ sse:.sername/o=en> ... &ds:!ignature (mlns:ds)** "d)*!ignature/2>=21@B0*+ &ds:!igned"n'o+ The token i! !igne+ ... <ds:Re2erence .R)="S.sername/o=en(,,+Q+11"> 7lgorithm="http:// . !.org/"###/#Q/xmldsigSsha1" /> <ds:LigestTal4e> MtE45H,UdMc&yaU.xNi dn'CT>#= To %ight again!t +ictionary attack, a nonce </ds:LigestTal4e> an+ a time !tamp are inclu+e+ (hen </ds:Re2erence> calculating the +ige!t" &/ds:!igned"n'o+ ... pa!!(or+ O nonce O time &/ds:!ignature+ !tamp &/wsse:!ecurit$+ ... &/soapenv:.nvelope+ In a++ition, the (e !ervice can remem er the nonce! !een in a !hort recent perio+' I% the !ame nonce i! u!e+ again, it i! a replay attack' +ige!t

I% you +on$t (ant other! to even !ee the u!er name o% Jc1J, you can encrypt the C!ername token' #ll that i! reEuire+ i! to change M-igne+-upportingToken!N to M-igne+2ncrypte+-upportingToken!N in the policy' 4hat i% +i%%erent u!er! have +i%%erent permi!!ion!; >ou can retrieve the u!er name in your o(n co+e an+ +eci+e (hat permi!!ion! he ha!' To +o that, you nee+ to un+er!tan+ the +ata !tructure create+ y rampart a%ter proce!!ing the reEue!t me!!age' There coul+ e multiple rampart mo+ule in!tance! running' 2ach (ill !tore it! re!ult into an element o% a Fector 6!ee the +iagram elo(7' 2ach rampart mo+ule in!tance may per%orm multiple action!, e'g', veri%y it! !ignature, veri%y a C!ername token or +ecrypt a me!!age' There%ore, %or each action it (ill create a 4--ecurity2ngineAe!ult to repre!ent the re!ult o% that action' -o, %or each in!tance it create! a vector-like !tructure to !tore all !uch re!ult!' Thi! i! the 4-@an+lerAe!ult' Dor e5ample, in the +iagram, the %ir!t action i! -IG*, (hich mean! veri%ying a !ignature, the re!ult contain! the certi%icate u!e+ an+ etc' The !econ+ action i! CT, (hich mean! veri%ying a C!ername token, the re!ult contain! the u!er name"

Chapter . -igning an+ encrypting -8#P me!!age!


Fector The re!ult create+ y a rampart mo+ule 4-@an+lerAe!ult 6 a!ically a Fector7

The re!ult %or the 4--ecurity2ngineAe!ult 1!t action 7ction: !"QN 5N: DN)Gohn... ... The re!ult %or the 4--ecurity2ngineAe!ult 2n+ action 7ction: 0# 0ser name: c1 ...

The re!ult create+ y another rampart mo+ule 4-@an+lerAe!ult 6 a!ically a Fector7

*o(, to retrieve the D* o% the u!er in the -ecure-erviceImpl'?ava"

ack en+ o ?ect, mo+i%y

pu,lic class !ecure!ervice"mpl implements !ecure!ervice!9eleton"nter'ace E pu,lic !tring concat1!tring s13 !tring s24 E chec=.ser89; Get the re!ult Fector %rom the property %or all return s1 H s2I rampart in!tance! F Get the action re!ult! %or a rampart private void chec=.ser89 ? in!tance %essage<ontext context = %essage<ontext.get<4rrent%essage<ontext89; Tector handlersRes4lts = 8Tector9 context .getProperty8F'Mandler<onstants.RE<TIRE'.&/'9; 2or 8)terator iter = handlersRes4lts.iterator89; iter.hasNext89;9 ? F'MandlerRes4lt handlerRes4lt = 8F'MandlerRes4lt9 iter.next89; Tector actionsRes4lts = handlerRes4lt.getRes4lts89; Get the re!ult %or 2or 8)terator iterator = actionsRes4lts.iterator89; iterator a !ingle action .hasNext89;9 ? F''ec4rityEngineRes4lt actionRes4lt = 8F''ec4rityEngineRes4lt9 iterator .next89; int action = 88)nteger9 actionRes4lt .get8F''ec4rityEngineRes4lt./7OI7</)6N99.intTal4e89; i2 8action == F'<onstants../9 ? Principal p = 8Principal9 actionRes4lt .get8F''ec4rityEngineRes4lt./7OIPR)N<)P7&9; i2 8p J= n4ll9 ? 'ystem.o4t.println8"<hec=ing " : p.getName899; ret4rn; //ret4rn i2 the 4ser has the re34ired permission B B Dor te!ting, ?u!t print out B Get the action an+ the name' B check i% it i! CT 6veri%y a // thro an exception i2 the 4ser is not allo ed C!ername token7 B F Get the u!er principal' # Principal o ?ect repre!ent! a u!er i+' It only ha! a Zname[ %iel+'

*o( run the client an+ you !houl+ !ee the output in the Tomcat con!ole"


Chapter . -igning an+ encrypting -8#P me!!age!

,odifying services4xml programatically

Currently you$re a++ing the MPolicyN an+ the Mmo+ule re%YJrampartJ )N element! to the !ervice!'5ml %ile manually' Thi! i! no goo+ a! it (ill e over(ritten i% you run M(!+l2co+eN again 6it i! not +elete+ +ue to a BCG7' # etter (ay i! to let #nt mo+i%y the !ervice!'5ml %ile every time it i! generate+ y M(!+l2co+eN' To +o that, create a %ile a++-policy'5!l in the pro?ect root"
<-xml version="1.#" encoding=")'6(11+Q(1"-> <xsl:stylesheet version="1.#" xmlns:xsl="http:// . !.org/1QQQ/$'&//rans2orm"> <xsl:template match="XWYnode89"> <xsl:copy> <xsl:apply(templates select="XWYnode89" /> </xsl:copy> </xsl:template> 1" Thi! pattern (ill match any element or attri ute' -o </xsl:stylesheet> thi! template (ill e applie+ to the M!erviceGroupN' -o, the o+y o% the template (ill e output' <" 8nly thi! template i! applica le' -o, it (ill e copie+ an+ !o (ill it! chil+ren' 2" The M5!l"copyN element ha! !pecial meaning' It (ill output the !tart tag o% the current no+e 6M!erviceGroupN7, then output it! o(n o+y an+ then output the en+ tag 6M)!erviceGroupN7' &serviceQroup+ &serviceQroup+ &service name)*!ecure!ervice*+ ... ... &/serviceQroup+ &/service+ &/serviceQroup+ 0" @ere M5!l"apply-template!N i! the o+y o% the M5!l"copyN element' It al!o ha! !pecial meaning' It (ill apply a template to each chil+ element o% the current no+e 6here, there i! only one" the M!erviceN element7' The output (ill e put a%ter M!erviceGroupN tag an+ e%ore the M)!erviceGroupN tag in the output'

-uch a %ile i! calle+ an J:-9 Tran!%ormation! 6:-9T7J' :-9 !tan+! %or J25ten!i le -tyle!heet 9anguageJ' 4hat thi! %ile +oe! i! to copy the !ervice!'5ml %ile to the output' In or+er to a++ the MPolicyN an+ the Mmo+ule re%YJrampartJ )N element! to it, %urther mo+i%y the a++-policy'5!l %ile"

Chapter . -igning an+ encrypting -8#P me!!age!


&N(ml version)*1.0* encoding)*"!%/AA>B/1*N+ &(sl:st$lesheet version)*1.0* (mlns:(sl)*!L/#rans'orm*+ &(sl:template match)*:PYnode14*+ &(sl:cop$+ &(sl:appl$/templates select)*:PYnode14* /+ &/(sl:cop$+ &/(sl:template+ <xsl:template match="operation"> <xsl:copy> <xsl:apply(templates select="XWYnode89" /> </xsl:copy> <mod4le re2="rampart" /> < sp:Policy xmlns: sp=" s/"##E/#Q/policy" xmlns:sp=" s/"##+/#R/sec4ritypolicy" xmlns: s4="..." s4:)d="p1"> ... </ sp:Policy> </xsl:template> &/(sl:st$lesheet+ 1" Thi! template an+ the previou! one (ill match thi! MoperationN element, ut thi! template i! more !peci%ic !o it (ill e applie+' There%ore it! content (ill e output' 2" M5!l"copyN (ill copy it an+ it! &serviceQroup+ &service name)*!ecure!ervice*+ chil+ren a! u!ual ... &operation name)*concat* ...+ &operation name)*concat* ...+ ... ... &/operation+ &/operation+ &/service+ &module re')*rampart* /+ &/serviceQroup+ &wsp:Polic$ ...+ ... &/wsp:Polic$+ 0" Thi! part (ill e output ver atim a! it i! no !pecial meaning to :-9T' It (ill e put a%ter the MoperationN element that (a! output'

To apply thi! a++-policy'5ml %ile, mo+i%y uil+'5ml"


Chapter . -igning an+ encrypting -8#P me!!age!

#! you$ll e u!ing the path to the !ervice!'5ml %ile %or many time!, +e%ine a property %or it' &proGect ,asedir)*.* de'ault)*Gar.server*+ &propert$ name)*name* value)*!ecure!ervice* /+ <property name="services0ile" val4e="src/%E/7()N0/services.xml" /> ... &target name)*generate/service*+ Due to the ug, M(!+l2co+eN (on$t <delete 2ile="G?services0ileB"/> over(rite the %ile, !o +elete it to !imulate &wsdl2code the correct ehavior' .../+ &replacerege(p 'ile)*G?services0ileB* #pply an :-9T %ile match)*OEnameF!9eleton* replace)*OEnameF"mpl* /+ <xslt The input %ile i! the !ervice!'5ml %ile in="G?services0ileB" o4t="G?services0ileB.tmp" The output %ile i! !ervice!'5ml'tmp style="add(policy.xsl"/> The :-9T %ile <move 2ile="G?services0ileB.tmp" to2ile="G?services0ileB"/> &/target+ &/proGect+ 3ove the !ervice!'5ml'tmp %ile into !ervice!'5ml' It i! e!!entially a rename'

*o( run the uil+'5ml %ile an+ the !ervice!'5ml (ill e !etup properly' Aun the client an+ it !houl+ continue to (ork'

4--Policy allo(! you to !peci%y non-%unctional reEuirement! !uch a! !ecurity on (e !ervice!' >ou inclu+e a policy in the 4-D9 %ile an+ the generate+ client !tu (ill u!e it' Dor the (e !ervice, you !till nee+ to inclu+e it into the !ervice!'5ml %ile' To !ign or encrypt a me!!age, !peci%y in the policy the con%iguration !etting! !uch a! algorithm! to u!e, (hether to inclu+e the certi%icate 6token7 an+ ho( 6+irect inclu+e or i!!uer D* plu! !erial num er an+ etc'7' >ou al!o !peci%y (hich part! !houl+ e !igne+ an+ (hich part! !houl+ e encrypte+' The Aampart mo+ule implement! the 4---ecurity !tan+ar+ an+ can e u!e+ to !ati!%y !ecurity reEuirement! e5pre!!e+ in policie!' It get! in%ormation %rom the policy' In a++ition, you al!o nee+ to provi+e %urther con%iguration! to it u!ing an :39 %ile or a !tring' -uch con%iguration! inclu+e the u!er name alia!, pa!!(or+ call ack cla!!, (hat cryptographic provi+er to u!e 6e'g', BDK7, the location o% the key!tore an+ the key!tore pa!!(or+' 4hen per%orming oth !igning an+ encrypting, to %ight again!t +ictionary attack!, you !houl+ encrypt the !ignature, encrypt e%ore !igning or inclu+e a nonce into the +ige!t'

Chapter . -igning an+ encrypting -8#P me!!age!


To !en+ authentication in%ormation, you can u!e a C!ername token' Thi! i! al!o !peci%ie+ in a policy' >our pa!!(or+ call ack cla!! !houl+ provi+e the pa!!(or+' The C!ername token !houl+ e !igne+ an+ pro a ly al!o e encrypte+' >ou can retrieve the u!er name in your (e !ervice to per%orm authoriHation' To mo+i%y :39 %ile u!ing #nt, you can u!e :-9T' Thi! allo(! you to mo+i%y the !ervice!'5ml %ile programmatically'


Chapter 10
Integrating .o%r Web Services with /omcat and Spring
Chapter 1-


Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring

hat!s in this chapter"

In thi! chapter you$ll learn ho( to run the #5i! !erver in!i+e Tomcat an+ let your (e !ervice invoke u!ine!! logic in -pring ean!'

Axis server as a mini1web server

Cp until no( you$ve een running the #5i! !erver a! a !eparate proce!! li!tening %or -8#P me!!age! in @TTP reEue!t! on port 8080' 2!!entially it i! acting a! a mini-(e !erver' I% you$re alrea+y running a (e !erver !uch a! Tomcat, you pro a ly (ant to run the #5i! !erver a! a (e application in Tomcat'

$nstalling Tomcat
I% you alrea+y have Tomcat in!talle+, !kip to the ne5t !ection' 8ther(i!e, go to http"))tomcat'apache'org to +o(nloa+ a inary package o% Tomcat' Do(nloa+ the Hip ver!ion in!tea+ o% the 4in+o(! e5e ver!ion' -uppo!e that it i! apachetomcat-='0'10'Hip' CnHip it into a %ol+er !ay c"Qtomcat' *ote that Tomcat ='5 (ork! (ith BDK 5 or a ove' Be%ore you can run it, make !ure the environment varia le B#F#S@832 i! +e%ine+ to point to your BDK %ol+er 6e'g', C"QProgram Dile!QBavaQ?+k1'5'0S027"

Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring


I% you +on$t have it, +e%ine it no(' *o(, open a comman+ prompt, change to c"QtomcatQ in an+ then run !tartup' at' I% it i! (orking, you !houl+ !ee"


Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring

8pen a ro(!er an+ go to http"))localho!t"8080 an+ you !houl+ !ee"

9et$! !hut it +o(n y changing to c"QtomcatQ in an+ running !hut+o(n' at'

Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring


%unning the Axis server inside Tomcat

*e5t, go to http"))(!'apache'org)a5i!2 to +o(nloa+ the J4#A 64e #rchive7 Di!tri utionJ 6e'g' a5i!2-1'0-(ar'Hip7' There are ?u!t a han+%ul o% %ile! in the Hip %ile' CnHip it an+ put the %ile! into c"Qa5i!' The only important %ile there i! the a5i!2-1'0'(ar %ile' To in!tall it into Tomcat, copy it into c"QtomcatQ(e app!' Then !tart Tomcat y running !tartup' at' >ou !houl+ !ee"

To %urther check that the #5i! !erver i! running, go to http"))localho!t"8080)a5i!2 in a ro(!er' >ou !houl+ !ee"


Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring

Check c"QtomcatQ(e app!, you !houl+ !ee that there i! an a5i!2 %ol+er create+ (ith the %ollo(ing !tructure"

Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring


c: tomcat we,apps a(is2 6.</"N8 con' a(is2.(ml services !imple!ervice .#7/"N8 services.(ml !imple!ervice.wsdl com ttdev ss ... ... !ecure!ervice ... ... ... modules addressing/1.3.mar rampart/1.3.mar ... li, P.Gar ... # 'mar %ile %or each mo+ule Con%iguration %ile %or a5i! To +eploy a (e !ervice, put !uch a %ol+er here

#nother (e !ervice

?ar %ile! nee+e+ y #5i! it!el%, the mo+ule! or your (e !ervice!

To +eploy the (e !ervice! you +evelope+ in the previou! chapter!, ?u!t copy their %ol+er! over"


Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring

c: a(is con' a(is2.(ml repositor$ services !imple!ervice !ecure!ervice ... modules rampart/1.3.mar li, ...

c: tomcat Copy the con%iguration %ile we,apps a(is2 6.</"N8 con' a(is2.(ml services Copy the %ol+er %or each (e !ervice !imple!ervice !ecure!ervice ... services rampart/1.3.mar li, Aampart nee+! !ome a++itional ?ar %ile! ...

Deploy the rampart mo+ule

Ae!tart Tomcat %or the change! to take e%%ect' Aun a client !uch a! the -ecureClient an+ it !houl+ continue to (ork'

$nvoking (pring beans from your web service

Cp until no( all your (e !ervice! per%orm very !imple operation! !uch a! concatenating t(o !tring!' In practice, they !houl+ really invoke u!ine!! logic !uch a! placing an or+er %or !ome goo+!' Typically !uch u!ine!! logic may have een implemente+ a! -pring ean!' *e5t, let$! (ork on one !uch e5ample' In 2clip!e copy the 4rappe+-ervice pro?ect an+ pa!te it a! -pring-ervice' 9ink the JoutJ %ol+er to C"QtomcatQ(e app!Qa5i!2Q42B-I*DQ!ervice!Q-pring-ervice' Aename 4rappe+-ervice'(!+l to -pring-ervice'(!+l an+ change! the (or+ J4rappe+J to J-pringJ in the %ile' Then mo+i%y uil+'5ml"
&N(ml version)*1.0* encoding)*0#8/A*N+ &proGect ,asedir)*.* de'ault)*Gar.server*+ ... &propert$ name)*name* value)*'pring'ervice* /+ ... &target name)*generate/service*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* serverside)*true* generateservice(ml)*true* s9ip,uild(ml)*true* serversideinter'ace)*true* namespacetopac9ages)** targetsource'olderlocation)*src*

Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring


Aun it to generate the !tu !'

targetresources'olderlocation)*src/ .#7/"N8* overwrite)*true* unwrap)*true* /+ &replacerege(p 'ile)*src/ .#7/"N8/services.(ml* match)*OEnameF!9eleton* replace)*OEnameF"mpl* /+ &/target+ &target name)*generate/client*+ &wsdl2code wsdl'ilename)*OEnameF.wsdl* s9ip,uild(ml)*true* namespacetopac9ages)** targetsource'olderlocation)*src* overwrite)*true* unwrap)*true* /+ &/target+ &/proGect+

To !etup -pring, go to http"))((('!pring%rame(ork'org to +o(nloa+ it' -uppo!e that the %ile i! !pring-%rame(ork-2'0'=-(ith-+epen+encie!'Hip' CnHip it into !ay c"Q!pring-%rame(ork' To make the -pring cla!!e! availa le to your application, copy the %ollo(ing ?ar %ile! into c"QtomcatQ(e app!Qa5i!2Q42B-I*DQli "
c"Q !pring-%rame(ork +i!t !pring'?ar li cgli cgli -no+ep-2'1S0'?ar ?akarta-common! common!-logging'?ar

>ou$ll al!o nee+ to acce!! the -pring cla!!e! in 2clip!e, !o a++ !pring'?ar to the uil+ path o% your pro?ect in 2clip!e' Then mo+i%y c"QtomcatQ(e app!Qa5i!2Q42B-I*DQ(e '5ml a! !ho(n elo(' >ou a++ a Mli!tenerN element' 4hen Tomcat note! that there i! a Mli!tenerN element, (hen it i! !tarting the #5i! !erver 6a! a (e application7, it (ill create a li!tener o ?ect o% the !peci%ie+ cla!! 6here, the Conte5t9oa+er9i!tener cla!! provi+e+ y -pring7 an+ call it' The Conte5t9oa+er9i!tener (ill initialiHe the -pring %rame(ork, or rather, it (ill create a -pring application conte5t (hich i! a!ically a collection o% -pring ean!' #! the li!tener i! loa+ing the conte5t, that$! (hy it i! calle+ Conte5t9oa+er9i!tener"


Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring


0" Create T call a5i!2

2" -tart

1" 9ook, I nee+ to create a li!tener o% thi! cla!!'

Conte5t9oa+er 9i!tener <" InitialiHe -pring

&N(ml version)*1.0* encoding)*"!%/AA>B/1*N+ &Z5%D#VP. we,/app P0<L"D *///!un icros$stems3 "nc.//5#5 6e, 7pplication 2.3//.N* *,/appM2M3.dtd*+ &we,/app+ &displa$/name+7pache/7(is2&/displa$/name+ <listener> <listener(class> org.spring2rame or=. e5.context.<ontext&oader&istener </listener(class> </listener> &servlet+ ... &/servlet+ ... &/we,/app+

4hen -pring i! creating the application conte5t, it (ill try to rea+ a con%iguration %ile 42B-I*D)applicationConte5t'5ml to %in+ out (hat ean! are availa le' -o, create that %ile no("
De%ine a ean name+ JconcatBeanJ 1" Give me the ean name+ JconcatBeanJ'

<-xml version="1.#" encoding="./0(1"-> -pring <5eans xmlns="http:// .spring2rame" xmlns:xsi="http:// . !.org/"##1/$%&'chema(instance" xsi:schema&ocation="http:// .spring2rame http:// .spring2rame".#.xsd"> <5ean 2" Create an in!tance o% thi! cla!! Concat-ervice id="concatHean" class="com.ttdev.spring.middletier.<oncat'ervice"/> <5ean id="app<ontextMolder" #!!ume that thi! mi++letier package contain! all the u!ine!! class="org.apache.axis".extensions.spring. receivers.7pplication<ontextMolder"/> logic cla!!e! in your !y!tem </5eans>
De%ine another ean' It (ill get acce!! to the application conte5t an+ allo( other! to acce!! it'

*e5t, create Concat-ervice'?ava in the com'tt+ev'!pring'mi++letier package"

Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring


pac=age com.ttdev.spring.middletier; p45lic class <oncat'ervice ? p45lic 'tring concat8'tring s1D 'tring s"9 ? ret4rn s1:s"; B B

To make the cla!!e! in thi! mi++letier package availa le to -pring, they !houl+ e packe+ into a ?ar %ile an+ then copie+ into 42B-I*D)li ' To +o that, right click the mi++letier package an+ choo!e 25port, then choo!e Bava R B#A %ile"

2nter the +e!tination path a! !ho(n elo("


Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring

Click Dini!h to create the ?ar %ile' To invoke the concatBean -pring-erviceImpl'?ava" in your (e !ervice co+e, create

Get the application conte5t

p45lic class 'pring'ervice)mpl implements 'pring'ervice'=eleton)nter2ace ? p45lic 'tring concat8'tring s1D 'tring s"9 ? 7pplication<ontext context = 7pplication<ontextMolder.get<ontext89; <oncat'ervice 5ean = 8<oncat'ervice9 context.getHean8"concatHean"9; ret4rn 5ean.concat8s1D s"9; B Get the JconcatBeanJ B
Call the u!ine!! logic

*o(, re!tart Tomcat %or the change! to take e%%ect' To te!t it, create a -pringClient in the client package"
p45lic class 'pring<lient ? p45lic static void main8'tring@A args9 thro s RemoteException ?

Chapter 10 Integrating >our 4e -ervice! (ith Tomcat an+ -pring


Aun it an+ it !houl+ (ork'

'pring'ervice't45 st45 = ne 'pring'ervice't4589; 'tring res4lt = st45.concat8"xy*"D "a5c"9; 'ystem.o4t.println8res4lt9;

The #5i! !erver can e run in!i+e Tomcat a! a (e application' Thi! i! mo!t u!e%ul (hen you are alrea+y running Tomcat' In particular, (hen you$re u!ing -pring ean! to implement your u!ine!! logic, in or+er %or your (e !ervice co+e to acce!! the -pring ean!, you have to run the #5i! !erver in!i+e Tomcat' To acce!! a -pring ean %rom your (e !ervice, the key i! to gain acce!! to the -pring application conte5t' Thi! can e +one through a !pecial application conte5t hol+er ean'

Developing 4e -ervice! (ith #pache #5i!2 210


Alphabetical $ndex
0D2-''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 #nt''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/0 Property'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/0 MmoveN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.5 Mreplacerege5pN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/< M(!+l2co+eN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/0 M5!ltN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.5 #!ymmetric encryption''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''151 #!ynchronou! proce!!ing in the !ervice'''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<0 #:I83''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/. #5i!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' In!talling'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''28 #5i! !erver'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Aunning in Tomcat'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''200 -etting up'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''28 #5i!2'5ml''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''=<, 1<0, 20< Ba!e=<''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12< Bin+ing''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1. Buil+'5ml'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''=. C#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 Call ack''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/2 Call ack@an+ler'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/2 Certi%icate''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 Certi%icate authority'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 Certi%icate chain''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1== Certi%icate path''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1== Client !tu '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''55 -peci%ying an e5plicit en+point'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''80 -peci%ying the repo!itory location'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/1 C*''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 Co+e Generator 4iHar+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''00 Con%igurationConte5t''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/1 Data@an+ler''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12/ De ugging a (e !ervice''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''== Deploying a (e !ervice''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' 4hen #5i!2 i! running in !tan+alone mo+e'''''''''''''''''''''''''''''''''''''''''''''''''50 4hen #5i!2 i! running in Tomcat''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''205 Dictionary attack'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18= Digital !ignature''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''150 Di!tingui!he+ name''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 D*''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 Document !tyle'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1= D-#''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''158 2clip!e''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''28


Developing 4e -ervice! (ith #pache #5i!2

9inking a %ol+er to out!i+e''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''=2 Aelinking a %ol+er to another location'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''88 2nco+e+''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''11/ 2ncrypting -8#P me!!age!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/. 2ncryption key''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''15= 2n+point''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10 2n+point provi+e+ y #5i!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''02 25ten!i le -tyle!heet 9anguage'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.< Dault''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''108 Dault me!!age''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''108 Getting the (!+l o% a (e !erivce'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2. @ot +eployment'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''5., =5 @ot up+ate''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''=< I#*#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 Input me!!age''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12 International #!!igne+ *um er! #!!ociation''''''''''''''''''''''''''''''''''''''''''''''''''''20 Interopera ility''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12. 4ith '*2T''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.0, 100 Key!tore''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''15/ #lia!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''15/ #lia! pa!!(or+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''158 Generating a certi%icate reEue!t'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=0 Generating a key pair'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''15/ Importing a certi%icate''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=< Pa!!(or+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''158 Keytool''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''15/ 9i!ting the (e !ervice!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''5< 9iteral''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0<, 11= 9ocal name'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''11 3D5''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''158 3e!!age +ige!t'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''152 3e!!age receiver''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10. 3e!!age tran!mi!!ion optimiHation mechani!m'''''''''''''''''''''''''''''''''''''''''''''12/ 3I32 me!!age'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12< 3o+ule''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<1 Deploying into #5i!2'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=/ Deploying into the client'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=/ 2ngaging''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<1 3o+ule archive''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=/ 3T83'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12/ 2na ling in the client''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12/ 2na ling in the !ervice'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12. 3u!tCn+er!tan+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 *ame!pace''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''11 *ame!pace pre%i5'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12 *once'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18= 832lement'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/8

Developing 4e -ervice! (ith #pache #5i!2 21/

83Dactory''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/8 8ne (ay ha!h'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''152 8pen--9''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=1 8peration''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10 Part'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12 Per%ormance''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' By coar!e graine+ inter%ace!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10/ PKI''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 Port'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 Port type'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18 Principal''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.0 Private key''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''150 Pu lic key'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''150 Pu lic key in%ra!tructure''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''155 L*ame'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''11 Luali%ie+ name''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''11 Aampart''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=/ Cryptographic provi+er'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/1 @o( it !tore! the re!ult!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.2 In!talling'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=/ Pa!!(or+ call ack u!age''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.0 4-@an+lerAe!ult''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.2 4--ecurity2ngineAe!ult'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.2 MAampartCon%igN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/1 Mu!erCert#lia!N'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18. Aemote Proce+ure Call'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1< Aeplay attack''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.1 APC !tyle''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10, 05 A-#''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''158 -alt''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18= -chema''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12 #nonymou! local type v!' glo al type''''''''''''''''''''''''''''''''''''''''''''''''''''''''10= #ttri ute!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.= Ba!e=<Binary'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''125 Choice'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''105 Comple5Type'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1< Importing''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''118 3a58ccur!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.= 3in8ccur!'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.= -eEuence'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1< Target name!pace'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1< -eeing the -8#P me!!age!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/. -ervice !tu ''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''<= -erviceClient'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/8 -erviceClient''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' -etting option! %or''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/8 -ervice!'5ml''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''50, /<, 12., 1/<


Developing 4e -ervice! (ith #pache #5i!2

-etting up a C#'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=1 -@#1''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''158 -igning''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''150 -igning an+ encryption''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18< -igning -8#P me!!age!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=8 -imple 8 ?ect #cce!! Protocol'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1. -8#P''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1. -8#P action'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0<, 1<< -8#P o+y element'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0< -8#P envelope''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0< -8#P %ault''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10. -8#P hea+er element''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0< -8#P me!!age %ormat'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''0< -pring''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' #pplication conte5t'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20/ #pplicationConte5t'5ml''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''208 Conte5t9oa+er9i!tener'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20/ Invoking -pring ean! %rom your (e !ervice''''''''''''''''''''''''''''''''''''''''''''20= -ymmetric encryption'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''150 TCP 3onitor''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''/. Time out pro lem (ith @TTP''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''102 Tomcat''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''200 Cn+eploying a (e !ervice'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''58 Cni%orm Ae!ource I+enti%ier''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 Cni%orm Ae!ource *ame''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 Cn(rapping'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.1 CAI'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 CA9''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 CA*''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''20 *ame!pace i+enti%ier'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2< *ame!pace !peci%ic !tring'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2< *ID''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2< *--'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''2< C!ername Token''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''188 C!ing a call ack''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<2 C!ing a !eparate li!tener''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<2 4e !ervice''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10 4e -ervice -ecurity''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 4e -ervice! De!cription 9anguage''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''25 4rapping''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.1 4--#++re!!ing'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''100 M#ctionN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<< M3e!!ageIDN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10<, 1<< MAelate!ToN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''10< MAeplyToN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''100, 1<< MToN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1<< 4--I'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/

Developing 4e -ervice! (ith #pache #5i!2 21.

4--Policy'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=8 M#!ymmetricBin+ingN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M2ncryptBe%ore-igningN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18= M2ncrypte+2lement!N''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18/ M2ncrypte+Part!N''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/. MInitiatorTokenN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M3u!t-upportAe%2m e++e+TokenN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M3u!t-upportAe%I!!uer-erialN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 MPolicyN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=8 MAecipientTokenN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M-igne+2ncrypte+-upportingToken!N'''''''''''''''''''''''''''''''''''''''''''''''''''''''1.2 M-igne+Part!N'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=8 Dor -8#P hea+er element''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18/ M-igne+-upportingToken!N''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''188 MC!ernameTokenN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''188 M4!!10N'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M:50.''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M:50.TokenN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 4---ecurity'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' MBinary-ecurityTokenN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M2ncrypte+DataN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0, 180 M2ncrypte+KeyN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''180 M-ecurityN''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 M-ignatureN'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 4-D9'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''25, 02 Target name!pace'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''02 Fali+ating a 4-D9 %ile'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''<5 4-2'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''100 4-Pa!!(or+Call ack''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/2 4--'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 :50.'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1/0 :39 catalog''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''118 :39- inary optimiHe+ packaging''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12< :op'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''12< :Path''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''18/ :!+'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1< :-9'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.< :-9 Tran!%ormation!''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.< :-9T'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1.< 'mar %ile'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''1=/ '*2T''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Interopera ility'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''.0

