Projektstudien

TraceLogger

Basics of Cryptography

Custom JBossAS Login

SOAP Webservice

The Idea

Technologies

Project Structure

Service Definition

XML Signature

Installation and Test

Downloads

Role Based Access Control

The Idea

The purpose of this project study is to demonstrate how a contract-first SOAP Webservice can be built by using a JAX-WS 2.2 implementation. The contract-first approach is also known as top-down strategy. Starting point is therefore a Web Services Description Language (WSDL) interface definition together with an (optional) external XML Schema. That is the created web service adheres strictly to the formal interface definition we must have designed up front. Note that the JAX-WS 2.2 specification doesn't support WSDL 2.0 - which is the official W3C recommendation - thus we have to stick with WSDL 1.1.

The deployment platform will be primarily the current WildFly 10.1.0 Application Server from RedHat. The JAX-WS implementation is therefore an Apache CXF variant incorporated by WildFly. Note that the deployment should work quite as well with the GlassFish Server 4.1 or with the equivalent Payara Server which are using the JAX-WS reference implementation. However, the configuration will focus on the Wildfly Server.

The service accepts several Securities Identification Numbers (WKN or ISIN) pooled in a batch and responds with the appropriate market prices. For this our service will request for its part several web sites (e.g. OnVista) to retrieve the current rates for the requested securities. The service implementation uses the Strategy pattern to abstract from the actual price extraction algorithm.

JAX-WS specifies that one or more Handlers may be added to the process chain on the client and/or the server side. SOAPHandler objects can access the full SOAP message including the SOAP header. We take advantage of this to add a detached XML signature of the message payload to the SOAP header. This allows us to supplement the whole process by a custom authentication and authorization method. That is only authorized users with well known public keys on the server side may access the service.

The SOAP message exchange can be monitored by an intermediate agent between client and server. This HttpMonitor has been implemented by using the Java Networking APIs provided by the JDK.