Application-to-application communication and Web services

1
Application-to-application communicationand Web
services

• ISD3
• Lecture 9

2
Connecting Information Systems

• Application silos
• Typically applications in a company are build
  with all three layers coupled together, perhaps
  with a web presentation layer
• Personnel (HR)
• Project Management (PM)
• Payroll
• Purchase Order processing
• Application interactions
• PM needs access to staff details
• Job sheets are information about projects and
  payroll
• PM system generates and tracks purchase orders
• Applications may be in different organisations
• Purchase Order processing in company X
• To Order processing in supplier Company Y
• Service Oriented Architecture
• Enabling the use of data and services in each
  application within and between organisations

3
Silos to SOA
4
Reuse

• In Information Systems reuse is about use of
  existing information and information services -
  objects
• In Computer systems , reuse is about use of
  generic software components - classes

5
Creating a web service

• For the client
• Discovering an information service which provides
  the required information
• Understanding the data quality supported.
• Understanding the communication protocol
• Writing the client and converting the information
• from the form it which it is provided
• to the form in which it will be used. 
• For the server 
• Recognising a common service requirement
• Establishing the right to disseminate the
  information.
• Understanding the legacy system
• Developing the service
• Describing the interface to the service
• Publishing the information
• Gaining financial or other benefits from the
  service
• Ensuring the security and reliability of the
  service

6
Web services in practice

• www.webservicex.net provides a range of free
  services. We will use a few of these in the
  workshop next week.
• Another collection of web services is Xmethods. 
  Here there is also a simple interface to try a
  service.
• Other web services will require a payment to
  use. 
• Web services used within an organisation to
  provide a clean interface between information
  providers and information requirers.
• Web services can be put on top of legacy systems
  to enable integration of existing systems.
• Web services lead to a Service Oriented
  Architecture (SOA)

7
Mechanisms

• These are all variations of the simple
  interaction protocol one request with
  parameters sent, one reply returned.
• The differences lie in
• the underlying communications protocol used
  (these are all HTTP based)
• in the way in which parameters are packaged for
  sending and reply.

8
Simple Interaction

• Request/Response pattern

server
client
Request ( parameters)
function
Response
9
Simple URL

• Client-side
• Parameters passed using GET with a formatted
  reply
• Parameters are send in namevalue pairs, each
  value URL-encoded (space replaced by ,  odd
  characters replaced by hex value).
• Limited data structuring available (but names can
  be repeated). 
• One or more parameters might be used to specify
  which operation to perform. 
• operationquery means execute a query
• operationupdate means add a record to the
  database.
• The reply is a page whose structure is determined
  by the server.  The client will be responsible
  for parsing the input to extract the information.
  This might range from a simple string to a
  complex XML document.

10
Simple URL

• Server-side
• Script is invoked just as if it had been the
  target of a link on a page or a form.
• In PHP the parameters themselves can be accessed
  by 
• name (if the installation variable
  register_globals is set)
• _GETname  or _POSTname.
• Reply can be any string whose structure is
  determined by the service application
• Testing and testing scripts are easy to set up.  
   
• . 

11
Example

• The currency converter example was set up as a
  server. 
• The SMS server is the client in this connection,
  your script the server

12
Simple Interaction

• Request/Response pattern

SMS server
Currency script /astudent/cur.php
message CUR8 100 USD NZD
from4478678777
response file(http//www.cems.uwe.ac/astudent/
cur.php? text100USDNZDcodeCUR8from44786787
77)
text100USDNZDcodeCUR8from4478678777
convert
Reply 100 USD 130 NZD
print response
13
Page scraping

• HTTP get as before
• Server is unaware that the client is another
  application, not a browser.
• The information in the reply is contained in a
  normal web page
• Complex parsing of the result is required to dig
  out the required information.
• This html-scrapping is common but there is no
  guarantee that the format of the page or its
  location will remain stable, so its a very risky
  approach. 
• Parsing the html page and the data is also
  difficult.
•  

14
Web service

• Web services are a response to the problems of
  the simple URL based mechanism. 
• The main problem is the formatting of the sent
  and received data. If there was a standard way of
  formatting both, and a standard way of describing
  that format, life would be much easier. 
• Web service interaction
• an XML file sent using HTP POST
• response is also an XML document
• the client has to parse the returned XML document
  to discover what information has been provided. 
• Parsing XML is not a simple task, but with the
  increased use of XML, it is a routine task, for
  which many packages already exist.  PHP has
  built-in support for XML parsing. 
•  
• The convention for the structure of both the sent
  and returned data is called SOAP Simple Object
  Access Protocol).
•  
• There also needs to be a way of describing the
  structure of both documents, there is a third use
  of XML in the Web Service Definition Language
  WSDL.

15
Web services and PHP

• Creating a web service at a low level is a bit
  complicated but packages are available in most
  languages such as PHP, Perl and Java to simplify
  the task of writing a client or server.
• We will use a package for PHP called nusoap.  It
  can be downloaded from here, and just needs to be
  unzipped into a suitable directory to use. . It
  is an open source project under Sourceforge.
• SOAP is included in PHP5 and the interface is
  slightly different, but this package works fine
  with PHP4.

16
ISBN application

• One of the free web services is a service to
  locate book details given the ISBN
  International Standard Book Number
• 0-201-32563-2 is the ISB for UML Distilled by
  Martin Fowler
• Run my simple client
• Show the script

17
ISBN Web Service

• The interface is defined by the WDSL for this
  service.
• Service URI
• www.webserviceX.NET/isbn.asmx
• Operation
• GetISBNInformation
•  
• Parameters  
• Code
•  
• Output
• An XML structure with fields for
• AUTHOR
• FULLTITLE
• SHORTTITLE
• ISBN
• DATE
• SUBJSECT

18
SOAP and Java

• Object-orientation is at the heart of all modern
  approachs to systems development Java, .NET,
  Object-oriented databases
• SOAP is object-oriented but it has a much simpler
  model than Java and other object oriented
  languages.
• The following slides contrast the two

19
Feature Java SOAP (Simple Object Access Protocol)

unit object object aka service
encapsulates.. state and behaviour state and behaviour
reference to object internal hidden pointer URL
scope all objects in the same program the entire web
message format layer JVM SOAP
transport layer JVM HTTP (and others)
interface methods operations
method categories adhoc service
direct access to state possible but inadvisable no
20
Feature Java SOAP (Simple Object Access Protocol)
request procedure call sending a SOAP package with parameters expressed in XML
example myDictionary.get ('0-201-72219-4') ltsoapEnvelope ..gtltsoapBodygtltgetbyISBMgtltCodegt0-201-72219-4lt/Codegtlt/getByISBNgtlt/soapBodygtlt/soapEnvelopegt
21
Feature Java SOAP (Simple Object Access Protocol)
response value or object reference a SOAP package with data in XML
example a (reference to) another object e.g. a Dictionary ltsoapEnvelope ..gtltsoapBodygtltgetByISBNResultgtltauthorgtBudgenlt/authorgtlttitlegt Software Designlt/titlegt..lt/getByISBNResultgtlt/soapBodygtlt/soapEnvelopegt
human readable no yes
object creation within program external
object deletion garbage collection external
classes extensive base class library application libraries no classes
22
Feature Java SOAP (Simple Object Access Protocol)
description of interface the class definition WSDL (Web Service Definition Language)
interface checking at compile time at runtime
class reuse yes in base library no
locating suitable object no or adhoc published service describe by UDDI (Universal Description, Discovery Integration)
object reuse Java Beans ? service is unit of reuse
lifetime runtime of program (if not saved to disk) Persistent
speed 1 100
security is an issue no yes
23
Web services as information services

• WSDL defines (part of ) the formal interface
• But what defines the information quality of he
  service?
• Which are books in the ISBN service whats the
  coverage of the service?
• How current is the data?
• How accurately has the data been collected?
• Who is responsible for the content of the
  service?
• What guarantees of service availability?
• How stable is the defied interface?

24
Web Service Security issues

• Web services open up an application to the web
  and to malicious access
• Accessing confidential data
• Unauthorised interaction with a core system
• Denial of service attacks