How Web Service Works

Source: Internet
Author: User
Tags soap client server hosting stock prices

Basic concepts of WEB service

Web service, also known as XML Web service WebService, is a lightweight, independent communication technology that can receive requests passed from the Internet or other systems on the intranet. is: Software services provided through SOAP on the web, described using WSDL files, and registered through UDDI.

XML: (extensible Markup Language) Extensible Markup Language. Temporary data processing for short-term, web-oriented network, is the basis of soap.

Soap: Simple Object access Protocol protocol. is the communication protocol for XML WEB Service. When a user finds your WSDL description document through UDDI, he can invoke one or more of the actions in the Web service that you set up by soap. SOAP is a specification for calling methods in the form of XML documents that can support different underlying interfaces, such as HTTP (S) or SMTP.

WSDL: (Web Services Description Language) A WSDL file is an XML document that describes a set of SOAP messages and how to exchange them. In most cases, it is automatically generated and used by the software.

UDDI (Universal Description, Discovery, and integration) is a new project primarily for Web service providers and users. Before a user can invoke a Web service, it is important to determine which business methods are included in the service, to find the called interface definition, and to prepare the software on the server side, and UDDI is a mechanism to guide the system through the description document to find the appropriate service. UDDI uses the SOAP message mechanism (standard xml/http) to publish, edit, browse, and find registration information. It uses XML format to encapsulate various types of data and send it to the registry or to the registry to return the required data.

web service has two meanings: 1, refers to the package into a single entity and published to the network feature set, 2, refers to the function set is called after the service provided. Simply put, the web service is a url resource, and the client can request its service programmatically without knowing how the requested service is implemented. This is different from the traditional distributed Component Object model.

The architecture of the

web service is based on web service providers, web service requesters, Web Services broker three roles and publish, Discover, bind three actions built. Simply put, web service provider is the owner of web service, which patiently waits for other services and users to provide their existing functions; web service feature that uses soap messages to send requests to web Service providers for service Span lang= "en-us" >; The role of a Web service mediator is to associate a web service requester with an appropriate web service provider, which acts as a manager, typically uddi. These three roles are divided according to the logical relationship, in practice, there is likely to be a cross between roles: a web service can either be web service provider, or it can be web service requesters, or both. Shows the relationship between web Service roles web service Span lang= "en-us" >; " Find (Find) "is to find the right web service ;" Binding "is the establishment of a connection between the provider and the requester.

Figure 2-1 The architecture of the WEB service

Implementing a complete Web service consists of the following steps:

The Web service provider designs the implementation Web service and publishes the correct Web service through the Web Service Broker and registers with the UDDI registry; (publish)

A Web service requester requests a specific service from a Web Service Broker, who queries the UDDI registry on request, and finds the service that satisfies the request for the requestor;

The Web service mediator returns to the Web Service requester The Web Service description information that satisfies the condition, which is written in WSDL and can be read by various machines that support Web services;

Generate the corresponding SOAP message from the description information returned by the Web service mediator and send it to the Web service provider for the invocation of the Web Service; (binding)

the Web service provider executes the corresponding Web service by SOAP message and returns the result of the service to the Web service requester. (binding)

Call Mode:

1. NET simple and flexible method of dynamically calling WebService using Get/post/soap mode (C #)

There are 3 ways to call WebService

1). HttpGet
2). HttpPost
3). HttpSoap

The advantage of soap is that it can pass structured data, while the first two do not.
BTW, Soap eventually uses HTTP to send XM


WebService as a convenient service is used in a wide range of areas, but also become the food of hackers. Here, this article will be on the current WebService security can make a brief introduction to the improvement.

The security in WebService is mainly divided into the following three aspects.

Transfer Ssl/https to connection encryption, not data transfer

Message data encryption (XML encryption) digital signature (XML-DSIG)

The underlying architecture leverages the application service security mechanism

Security at the time of transmission is easiest to add to your WebService application, and with the existing SSL and HTTPS protocols, it is easy to get the security of the connection process.

However, there are two weaknesses in this method of security implementation. One is that it can only guarantee the security of data transmission, not the security of the information itself, once the data arrives at a place, it can be viewed by anyone. In WebService, a single piece of data may reach multiple locations, and the data should not be viewed by all recipients. The second is that it provides either all-or-nothing protection, and you cannot choose which part of the data is to be protected, and this selectivity is often used in webservice.

The second layer of protection is the protection of the message itself. You can use the existing XML security extension standard to implement a digital signature function to ensure that your message is from a specific party and has not been modified. XML file encryption technology to enhance the security of the webservice, it can be customized data transmission to the later, can be viewed by the recipient, further improve the security after transmission, the industry is constantly developing webservice security standards, such as SAML and Ws-security.

The last layer of protection relies on the security of the underlying architecture, which is more derived from the protection of the operating system and certain middleware. For example, in the Java EE, host the WebService application server. The Java Authentication and Authorization Service (JAAS) is currently supported by a large number of EE application servers, which have recently been added to J2SE 1.4. It is a natural practice to implement some security mechanisms using the server hosting WebService. Another safe way to take advantage of the underlying architecture is to be a separate, secure server, where users and creators of WebService need to get security trust.


The primary goal of WEB service is interoperability across platforms. To achieve this goal, Web Service is based entirely on platform-independent, software-vendor-specific standards, such as XML (Extensible Markup Language), XSD (XML Schema), and is a new platform for creating interoperable, distributed applications. So using Web service has many advantages:

1. Cross-firewall communication

If the application has thousands of users and is distributed around the world, then communication between the client and the server will be a tricky issue. Because there is usually a firewall or proxy server between the client and the server. The traditional approach is to use a browser as a client, write down a lot of ASP pages, and expose the middle tier of the application to the end user. The result is that the development is difficult and the program is difficult to maintain. If client code is no longer so dependent on HTML forms, the client's programming is much simpler. If the middle-tier component is replaced with a Web service, the middle-tier component can be called directly from the user interface, eliminating the step of building an ASP page. To invoke a Web Service, you can directly use a SOAP client such as Microsoft SOAP Toolkit or. NET, or you can use your own SOAP client and then connect it to your application. It not only shortens the development cycle, but also reduces the complexity of the code and improves the maintainability of the application. At the same time, the application no longer needs to jump to the corresponding results page each time the middle-tier component is called.

2. Application integration

Enterprise-Class application developers know that it is common for businesses to integrate various programs that are written in different languages and run on different platforms, and that this integration will take a lot of development power. Applications often need to get data from programs running on one host, or send data to a host or other platform application. Even on the same platform, a variety of software produced by different software vendors often need to be integrated. With Web Service, applications can "expose" functionality and data in a standard way for use by other applications.

XML WEB Services provides the ability to exchange messages using standard protocols (HTTP, XML, SOAP, and WSDL) in a loosely coupled environment. Messages can be structured, typed, or loosely defined.

3, business-to-business integration

Business-to-business-to-business,as in businesses doing businesses with other businesses, businesses (generally referred to enterprises) of business e-commerce, that is, between enterprises and enterprises through the Internet products, Exchange of services and information. Popular parlance refers to the trade between the supply and demand of e-commerce business (or enterprises, companies), they use the Internet technology or a variety of business network platform to complete the process of business transactions.

Web Service is the key to the success of business-to-business integration. With Web service, companies can simply "expose" critical business applications to designated suppliers and customers, and Web service runs on the internet and can be easily implemented anywhere in the world, with relatively low operating costs. Web service is just a key part of business-to-business integration, and many other parts are needed to achieve integration. The greatest benefit of using Web service for business-to-business integration is the ease of interoperability. As long as the business logic is "exposed" and becomes a Web Service, it is possible for any designated partner to invoke these business logic, regardless of the platform on which their system runs, and what language to use. This greatly reduces the time and cost of spending on business-to-business integration.

4. Software and data reuse

Web Service can reuse the data behind the code while allowing reuse of the code. With Web service, it is no longer necessary to purchase, install, and invoke these components from a third party, just call the remote Web service directly, as you did before. Another kind of software reuse is the integration of the functions of several applications, through the Web Service "exposed", it is very easy to integrate all these features into your portal site, to provide users with a unified, user-friendly interface. You can use the functionality provided by a third-party Web service in your application, or you can make your own application functionality available to others through a Web service. In both cases, the data behind the code and the code can be reused.

As you can see from the above discussion, Web Service is most useful when it is interoperable or remotely invoked over the Web. However, there are cases where Web service does not bring any benefit at all, and Web service has some drawbacks:

1. Stand-alone application

Today, businesses and individuals are also using many desktop applications. Some of them only need to communicate with other programs on this computer. In this case, it is best not to use the Web Service, as long as the local API. COM is well suited to working in this situation because it is both small and fast. This is also true for server software running on the same server. Of course, Web Service can also be used in these situations, but that not only consumes too much, but does not bring any benefits.

2. Some applications of LAN

In many applications, all programs use COM under the Windows platform, all running on the same LAN. In these programs, using DCOM is much more effective than soap/http. Similarly, if a. NET program is to connect to another. NET program on the local area network, you should use. NET Remoting. In fact, in. NET remoting, you can also specify that you use Soap/http to make Web Service calls. However, it is best to make RPC calls directly over TCP, which is much more effective.

1.3. Application of XML Web service

1. The initial XML Web Service is often a source of information that can easily be incorporated into the application, such as stock prices, weather forecasts, sports scores, and so on.

2. Provide existing applications as XML Web service to build new, more powerful applications and take advantage of XML Web service as building blocks.

For example, a user can develop a sourcing application to automatically obtain price information from different vendors, so that users can select suppliers, submit orders, and then track the shipment of the goods until they receive the goods. In addition to providing services on the Web, the vendor's application can also use an XML Web service to check the customer's credit, collect the purchase price, and handle shipping formalities with the shipping company.

SOAP message Format:

123456789101112131415161718 <?xml version="1.0"?><soap:Envelopexmlns:soap=""soap:encodingStyle=""><soap:Header>  <m:Trans xmlns:m=""  soap:mustUnderstand="1">234  </m:Trans></soap:Header><soap:Body>  <m:GetPrice xmlns:m="">    <m:Item>Apples</m:Item>  </m:GetPrice></soap:Body></soap:Envelope>

How Web Service Works

Related Article

E-Commerce Solutions

Leverage the same tools powering the Alibaba Ecosystem

Learn more >

Apsara Conference 2019

The Rise of Data Intelligence, September 25th - 27th, Hangzhou, China

Learn more >

Alibaba Cloud Free Trial

Learn and experience the power of Alibaba Cloud with a free trial worth $300-1200 USD

Learn more >

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.