How web services work

Basic concepts of Web Service

Web Service is also called XML Web Service. WebService is a lightweight independent communication technology that can receive requests passed from the Internet or other systems on the Intranet. Yes: A software service delivered over the Web via SOAP, described using a WSDL file, and registered via UDDI.

XML: (Extensible Markup Language) Extensible Markup Language. For short-term temporary data processing and the World Wide Web, it is the foundation of Soap.

Soap: (Simple Object Access Protocol) Simple Object Access Protocol. It is the communication protocol of XML Web Service. When the user finds your WSDL description document through UDDI, he can call one or more operations in the Web service you created through SOAP. SOAP is a specification for calling methods in the form of XML documents. It can support different underlying interfaces, such as HTTP(S) or SMTP.

WSDL: (Web Services Description Language) A WSDL file is an XML document that describes a set of SOAP messages and how to exchange them. In most cases automatically generated and used by software.

UDDI (Universal Description, Discovery, and Integration) is a new project mainly aimed at Web service providers and users. Before users can call a Web service, they must determine which business methods are included in the service, find the called interface definition, and compile software on the server side. UDDI is a mechanism that guides the system to find the corresponding service based on the description document. UDDI uses SOAP messaging mechanism (standard XML/HTTP) to publish, edit, browse and find registration information. It uses XML format to encapsulate various types of data, and sends it to the registration center or the registration center returns the required data.

Calling principle:

Web service has two meanings: 1. It refers to a functional collection that is encapsulated into a single entity and published on the network; 2. It refers to the service provided after the functional collection is called. Simply put, a Web service is a URL resource, and the client can request its services programmatically without knowing how the requested service is implemented. This is different from the traditional distributed component object model.

The architecture of Web services is built based on the three roles of Web service provider, Web service requester, and Web service intermediary and the three actions of publishing, discovery, and binding. Simply put, the Web service provider is the owner of the Web service, and it patiently waits to provide its existing functions to other services and users; the Web service requester is the user of the Web service function, and it uses SOAP messages to provide Web services. A requester sends a request to obtain a service; the role of the Web service intermediary is to connect a Web service requester with an appropriate Web service provider. It plays the role of a manager, usually UDDI. These three roles are divided based on logical relationships. In actual applications, there may be overlap between roles: a Web service can be either a Web service provider, a Web service requester, or both. . Shows the relationship between Web service roles: among them, "publish" is to let users or other services know the existence and related information of a certain Web service; "find (discovery)" is to find the appropriate Web service; "binding" ” is to establish some kind of connection between the provider and the requester.

Figure 2-1 Web service architecture

Implementing a complete Web service includes the following steps:

◆ The Web service provider designs and implements the Web service, and passes the correctly debugged Web service through the Web service intermediary Published by the author and registered in the UDDI registration center; (Published)

◆ The Web service requester requests a specific service from the Web service intermediary, and the intermediary queries the UDDI registration center according to the request to find services that satisfy the request for the requester; (Discover )

◆ The Web service intermediary returns to the Web service requester the Web service description information that meets the conditions. The description information is written in WSDL and can be read by various machines that support Web services; (Discovery)

◆ Utilize from the Web service The description information returned by the mediator generates the corresponding SOAP message and sends it to the Web service provider to realize the invocation of the Web service; (Binding)

◆ The Web service provider executes the corresponding Web service according to the SOAP message and sends the service result Returned to the web service requester. (Binding)

Calling method:

1. Simple and flexible method to dynamically call WebService using GET/POST/SOAP method under Net (C#)

There are 3 ways to call webservice

1). httpget
2) . httppost
3). The advantage of httpsoap

soap is that it can pass structured data, but the first two cannot.
btw, soap ultimately uses HTTP to transmit XM

Security:

Webservice is used in a wide range of fields as a convenient service, and it has also become a delicacy for hackers. Here, this article will briefly introduce the current improvements that can be made to Webservice security.

Security in Webservice is mainly divided into the following three aspects.

Transmission SSL/HTTPS encrypts the connection instead of transmitting data

Message Data Encryption (XML Encryption) Digital Signature (XML-DSIG)

Underlying Architecture Utilize application service security mechanism

Security during transmission is the easiest to be added to your Webservice application, using existing SSL and HTTPS protocol, you can easily obtain security during the connection process.

However, this security implementation method has two weaknesses. First, it can only ensure the security of data transmission, not the security of the data itself. Once the data reaches a certain place, it can be viewed by anyone. In Webservice, a piece of data may reach multiple places, but this data should not be viewed by all recipients. Second, it provides all-or-nothing protection. You cannot choose which part of the data is to be protected, and this selectivity is also often used in Webservices.

The second layer of protection is the protection of the message itself. You can use existing XML security extension standards to implement digital signature functions to ensure that your message comes from a specific party and has not been modified. The encryption technology of XML files strengthens the security of Webservice to a greater extent. It can customize whether the data can be viewed by the recipient after it is transmitted, further improving the security after transmission. The industry is also constantly formulating security standards for Webservice. , such as SAML and WS-Security.

The last layer of protection relies on the security of the underlying architecture, which comes more from the protection of the operating system and some middleware. For example, in J2EE, the application server hosts the Webservice. Many J2EE application servers currently support Java Authentication and Authorization Service (JAAS), which was recently added to J2SE 1.4. It is natural to implement some security mechanisms using the server hosting the Webservice. Another security method that leverages the underlying architecture is to create an independent security server that users and creators of the Web service need to gain security trust with.

Features:

The main goal of Web Service is cross-platform interoperability. In order to achieve this goal, Web Service is completely based on platform-independent and software vendor-independent standards such as XML (Extensible Markup Language) and XSD (XML Schema). It is a new platform for creating interoperable and distributed applications. . Therefore, using Web Service has many advantages:

1. Communication across firewalls

If the application has thousands of users and is distributed around the world, then the communication between the client and the server will be a thorny problem . Because there is usually a firewall or proxy server between the client and the server. The traditional approach is to choose to use the browser as the client, write a lot of ASP pages, and expose the middle layer of the application to the end user. The result of this is that development is difficult and the program is difficult to maintain. Client-side programming would be much simpler if client-side code no longer relied so much on HTML forms. If the middle-tier component is replaced by a Web Service, the middle-tier component can be called directly from the user interface, thus eliminating the step of creating an ASP page. To call a Web Service, you can directly use a SOAP client such as Microsoft SOAP Toolkit or .net, or you can use a self-developed SOAP client and then connect it to the application. Not only does it shorten the development cycle, it also reduces code complexity and enhances the maintainability of the application. At the same time, the application no longer needs to jump to the corresponding "result page" every time it calls the middle-tier component.

2. Application integration

Enterprise-level application developers all know that enterprises often have to integrate various programs written in different languages ​​and running on different platforms, and this integration will cost a lot of money. Great development power. Applications often need to obtain data from a program running on a host; or send data to the host or other platform applications. Even on the same platform, various software produced by different software vendors often need to be integrated. Through Web Services, applications can use standard methods to "expose" functions and data for use by other applications.

XML Web services provide the ability to exchange messages using standard protocols (HTTP, XML, SOAP and WSDL) in a loosely coupled environment. Messages can be structured, typed, or loosely defined.

3. B2B integration

B2B refers to Business to Business, as in businesses doing business with other businesses, merchants (generally refers to enterprises) to merchants e-commerce, that is, products and services between enterprises through the Internet and exchange of information. In layman's terms, it means that both the supply and demand sides of e-commerce transactions are merchants (or enterprises, companies), and they use Internet technology or various business network platforms to complete the process of business transactions.

Web Service is the key to successful B2B integration. Through Web Service, companies can simply "expose" key business applications to designated suppliers and customers. Web Service runs on the Internet and can be easily implemented anywhere in the world, and its operating costs are relatively low. Low. Web Service is only a key part of B2B integration, and many other parts are needed to achieve integration. The biggest advantage of using Web Service to implement B2B integration is that interoperability can be easily achieved. As long as the business logic is "exposed" and becomes a Web Service, any designated partner can call these business logic, regardless of what platform their system runs on or what development language they use. This greatly reduces the time and cost spent on B2B integration.

4. Software and data reuse

Web Service allows reuse of code while also reusing the data behind the code. Using Web Service, you no longer have to purchase and install software components from a third party as before, and then call these components from the application; you only need to directly call the remote Web Service. Another situation of software reuse is to integrate the functions of several applications and "expose" them through Web Service. You can easily integrate all these functions into your portal site and provide users with a unified , friendly interface. You can use the functions provided by third-party Web Services in your application, or you can provide your own application functions to others through Web Service. In both cases, the code and the data behind the code can be reused.

As can be seen from the above discussion, Web Service is most useful when performing interoperation or remote calls through the Web. However, there are also some situations where Web Service cannot bring any benefits at all. Web Service has the following disadvantages:

1. Stand-alone applications

Currently, businesses and individuals still use many desktop applications. Some of them simply need to communicate with other programs on the machine. In this case, it is best not to use Web Service, just use the local API. COM is ideal for working in this situation because it is small and fast. The same goes for server software running on the same server. Of course, Web Service can also be used in these situations, but that will not only consume too much, but will not bring any benefits.

2. Some applications on LAN

In many applications, all programs use COM under the Windows platform and run on the same LAN. In these programs, using DCOM will be much more efficient than SOAP/HTTP. Similarly, if a .net program wants to connect to another .net program on the LAN, .net Remoting should be used. In fact, in .net Remoting, you can also specify to use SOAP/HTTP to make Web Service calls. However, it is better to make RPC calls directly through TCP, which is much more efficient.

1.3. Application of XML Web Service

1. The original XML Web Service is usually an information source that can be easily incorporated into the application, such as stock prices, weather forecasts, sports scores, etc.

2. Providing existing applications as XML Web Services allows you to build new, more powerful applications and leverage XML Web Services as building blocks.

For example, users can develop a procurement application to automatically obtain price information from different suppliers, allowing users to select suppliers, submit orders, and then track the shipment of goods until they are received. In addition to providing services on the Web, the supplier's application can also use XML Web Service to check customer credit, collect payment, and handle freight procedures with freight companies.

SOAP message format:

<?xml version="1.0"?>
<soap:Envelope
xmlns:soap="http://www.w3.org/2001/12/soap-envelope"
soap:encodingStyle="http://www.w3.org/2001/12/soap-encoding">
 
<soap:Header>
  <m:Trans xmlns:m="http://www.w3schools.com/transaction/"
  soap:mustUnderstand="1">234
  </m:Trans>
</soap:Header>
 
 
<soap:Body>
  <m:GetPrice xmlns:m="http://www.w3schools.com/prices">
    <m:Item>Apples</m:Item>
  </m:GetPrice>
</soap:Body>
</soap:Envelope>

For more articles related to the working principle of Web Service, please pay attention to the PHP Chinese website!