Title: SOAP Simple Object Access Protocol An Introduction
1SOAPSimple Object Access ProtocolAn Introduction
- by Juan J Vargas
- University of Central Florida
- CDA 5937 Fall 2002
2Agenda
- What is SOAP?
- SOAP History
- The SOAP Structure
- The SOAP Message Exchange Model
- Examples of HTTP / XML / SOAP
- SOAP Security
- Conclusions and References
3What is SOAP?
- SOAP Simple Object Access Protocol is a
lightweight communication protocol for exchange
of information in a decentralized, distributed
environment. - SOAP combines HTTP (medium of communication) with
XML (language of communication) - SOAP XML parser server/client code HTTP
server - SOAP invokes methods on servers, services,
components, and objects via Internet.
4What is SOAP? (cont.)
- SOAP has no explicit programming model, unlike
DCOM and CORBA no special components or tools
needed to make an implementation. - Can be implemented in any language (Java, Perl,
C, VB, Windows and UNIX) - SOAP promotes distributed computing thru
communication
5SOAP goals
- Developed to be a platform and language
independent - Simplicity and extensibility
- SOAP meets these goals by omitting features often
found in messaging systems and distributed object
systems - garbage collection, batching of messages,
objects-by-reference
6SOAP goals (cont)
- Simple standardized mechanism for moving
structured information - Format for sending messages
- Enables different programs, written in different
languages and running on different platforms, to
communicate with each other
7SOAP History
- SOAP 0 Developed by UserLand, Microsoft, and
DevelopMentor in 1998 - SOAP 1.0 in 2000
- W3C (World Wide Web Consortium)
- v1.1 final May 2000
- W3C v1.2 draft July 2001
- Specification can be found at
- http//www.w3.org/TR/soap12/
8The SOAP Message Exchange Model (Client/Server)
- SOAP defines two types of messages
- Requests
- Responses
- Clients send a request to a server to invoke a
service, and the server sends back the results
9The SOAP 1.1 Structure
- A SOAP message contains 3 parts
- Envelope defines the content of the message
- Must be associated with a namespace, e.g.
http//www.w3.org/2001/06/soap-envelope - Header (optional) contains header information
- Body contains call and response information
10SOAP Header
- Is an optional component
- The Header has information about how the message
is to be processed - Can contain extensions to the message like
transaction ids - Can also contain security information
11Sample ltsoapHeadergt
- ltsoapEnvelopegt
- ltsoapHeadergt
- lttTransaction xmlnstsome-URI
- soap mustUnderstand1gt
- 12345Â Â lt/tTransactiongtlt/soapHeadergt
- ltsoapBodygt lt/soapBodygt
- lt/soapEnvelopegt
12SOAP Body
- Contains the message referred to as payload
- Must be a child of the Envelope element
- Can contain the encodingStyle
- Can also contain a ltFaultgt element
13Sample ltsoapBodygt
- ltsoapEnvelopegt
- ltsoapHeadergt lt/soapHeadergt
- ltsoapBodygt
- ltwarticle xmlnswwww.w3.org gt
- ltwnamegt SOAP v1.1 lt/wnamegt
- ltwurlgt http//www.w3.org/TR/SOAP lt/wurlgt
- lt/warticlegt
- lt/soapBodygt
- lt/soapEnvelopegt
14Sample ltsoapFaultgt
- ltsoapEnvelopegt ltsoapBodygt
-   ltsoapFaultgt ltfaultcodegtsoapServerlt/faultcode
gt ltfaultstringgtServer Errorlt/faultstringgtÂ
ltdetailgt    ltemyfaultdetails
xmlnse"Hello"gt     ltmessagegt Ooops
lt/messagegt     lterrorcodegt 1001
lt/errorcodegt    lt/emyfaultdetailsgtÂ
lt/detailgtlt/soapFaultgt  - lt/soapBodygt lt/soapEnvelopegt
15SOAP request
POST /Temperature HTTP/1.1 Host
www.weather.com Content-Type text/xml Content-Len
gth ltwhatevergt SOAPMethodName
ltsome-URIgtCurrentTemp ltSOAPEnvelope
xmlnsSOAP"urnschemas-xmlsoap-orgsoap.v1"gt ltSO
APBodygt ltmCurrentTemp xmlnsm"some-URI"gt lt
zip_codegt37919lt/zip_codegt ltmCurrentTempgt lt/SOA
PBODYgt ltSOAPEnvelopegt URI- Uniform Resource
Identifier some-URI -gt www.netsolve.com or
www.globus.com
Http Header
Soap Extensions
Xml Payload
16SOAP response
HTTP/1.1 200 OK Content-Type text/xml Content-Len
gth ltwhatevergt ltSOAPEnvelope
xmlnsSOAP"urnschemas-xmlsoap-orgsoap.v1"gt ltSO
APHeadergt lttTransaction xmlnst"some-URI"gt
5 lt/tTransactiongt lt/SOAPHeadergt ltSOAPBodygt
ltmCurrentTempResponse xmlnsm"some-URI"gt lt
returngt42lt/returngt lt/mCurrentTempResponsegt lt/S
OAPBodygt lt/SOAPEnvelopegt
Http Header
Xml Payload
17The SOAP 1.2 Structure
- A SOAP message contains 4 parts
- Envelope defines a framework describing what is
in the message - Set of encoding rules expresses instances of
application-defined data types - Convention for representing remote procedure
calls (RPCs) and responses - A transport binding convention for exchanging
messages
18HTTP Example
- The following is a legal HTTP request message
- HTTP headers are just plain text.
POST /foobar HTTP/1.1 Host 209.110.197.12 Content
-Type text/plain Content-Length 12 Hello, World
19HTTP Example
- First line of an HTTP request contains three
components - The HTTP method POST
- The Internet Engineering Task Force (IETF) has
standardized a fixed number of HTTP methods - GET is the HTTP method used to surf the Web.
- POST is the most commonly used HTTP method for
building applications. - The Request-URI /foobar
- URI (Uniform Resource Identifier) to identify
target of request - The protocol version HTTP/1.1
- The protocol version in this example is
HTTP/1.1, which indicates that the rules of RFC
2616 are to be observed.
20HTTP Example
- The third and fourth lines of the request specify
the type and size of the request payload - Content-Type text/plain
- syntax of the payload information as a MIME type
- Most DCE (Distributed Computing Environment)
applications use NDR (Network Data
Representation). - Most Web applications use text/html or other
text-based syntaxes. SOAP uses text/xml - Content-Length 12
- number of bytes of payload information
21HTTP Example
- The blank line between the Content-Length header
and the request payload is a delimiter. - Individual HTTP headers are delimited by a
carriage-return / line-feed sequence. - The headers are delimited from the payload using
an extra carriage-return / line-feed sequence.
22HTTP Example
- The following is an HTTP response message
- If server unable to decode the request
400 Bad Request Content-Length 0
200 OK Content-Type text/plain Content-Length
12 dlroW ,olleH
307 Temporarily Moved Location
http//209.110.197.44/foobar Content-Length 0
23XML NameSpaces
- To support extensibility, every element and
attribute in XML has a namespace URI associated
with it. - This URI is specified using the xmlns attribute.
24XML NameSpaces Example
- ltreverse_string
- xmlns"urnschemas-develop-comStringProcs"gt
- ltstring1gtHello, Worldlt/string1gt
- ltcomment xmlns'http//foo.com/documentation'gt
- This is a comment!!
- lt/commentgt
- lt/reverse_stringgt
URIs
25XML NameSpaces Example
- XML allows namespace URIs to be mapped to locally
unique prefixes as a convenience.
ltspreverse_string xmlnssp"urnschemas-dev
elop-comStringProcs" xmlnsdoc'http//foo.
com/documentation'gt ltspstring1gtHello,
Worldlt/spstring1gt ltdoccommentgt This is
a comment!! lt/doccommentgt lt/spreverse_stringgt
26Sample SOAP Namespaces
- SOAP envelope
- http//www.w3.org/2001/06/soap-envelope
- SOAP serialization
- http//www.w3.org/2001/06/soap-encoding
- SOAP mustUnderstand fault http//www.w3.org/2001/
06/soap-faults - SOAP upgrade
- http//www.w3.org/2001/06/soap-upgrade
27 Example SOAP Method Request
- POST /string_server/Object17 HTTP/1.1
- Host 209.110.197.2
- Content-Type text/xml
- Content-Length 152
- SOAPMethodName urnstrings-comIStringreverse
- ltEnvelopegt
- ltBodygt
- ltmreverse xmlnsm'urnstrings-comIString'gt
- lttheStringgtHello, Worldlt/theStringgt
- lt/mreversegt
- lt/Bodygt
- lt/Envelopegt
URI delim method name
28Example SOAP Response
- 200 OK
- Content-Type text/xml
- Content-Length 162
- ltEnvelopegt
- ltBodygt
- ltmreverseResponse xmlnsm'urnstrings-comIStr
ing'gt - ltresultgtdlroW ,olleHlt/resultgt
- lt/mreverseResponsegt
- lt/Bodygt
- lt/Envelopegt
29SOAP Request Structure
30Another SOAP Example
Lets build a service that calculates the tax due
on a sales transaction. In traditional VB (Visual
Basic) terms we will create a function with the
following definition
Public Function GetSalesTax(ByVal pSalesTotal As
Double) As Double   GetSalesTax pSalesTotal
0.04End Function
31SOAP Example (cont)
If the amount is 100 and GetSalesTax is within
the objTax object the VB call looks like
Dim objTax As New CTaxCalcdblSalesTax
objTax.GetSalesTax(100)
32SOAP Example (cont)CLIENT side
The request is formatted as an XML document,
which is passed up to the server.
ltSOAPEnvelope xmlnsSOAP"urnschemas-xmlsoap-org
soap.v1"gt   ltSOAPHeadergtlt/SOAPHeadergt  Â
ltSOAPBodygt       ltGetSalesTaxgt          Â
ltSalesTotalgt100lt/SalesTotalgt      Â
ltGetSalesTaxgt   lt/SOAPBodygtlt/SOAPEnvelopegt
33How to send the XML document to the server?
- The request is a simple HTTP post.
- The internet browser masks all the complexity of
sending a form to a server. - But if we are going to do the job ourselves,
Microsoft's XML HTTP Request object can be used
to give us a helping hand. - The LHTTPRequest is an object within the MSXML
class library (MSXML.DLL), and it comes with IE5.
34SOAP Client (cont)
Assuming that strEnvelope contains the XML
document described above, the request is
formatted thus
Dim objHTTP As New MSXML.XMLHTTPRequestDim
strEnvelope As String 'Set up to post to our
localhost serverobjHTTP.open "post",
"http//localhost/soap/soap.asp"'Set a standard
SOAP/ XML header for the content-typeobjHTTP.setR
equestHeader "Content-Type", "text/xml"'Set a
header for the method to be calledobjHTTP.setRequ
estHeader "SOAPMethodName", _"urnmyserver/soapT
axCalcGetSalesTax"'Make the SOAP
callobjHTTP.send strEnvelope'Get the return
valuestrReturn objHTTP.responseBody
35SOAP Server Side
The first job is to create the soap.asp page, to
listen for, and process SOAP calls to our
server. For the basic listener service, we need
to parse the body of the request (the SOAP
envelope) and pull out the value of the
SalesTotal parameter. Because the request is XML,
we can load it into an instance of Microsoft's
XMLDOM.
36SOAP Server Side (cont)
Soap.asp begins like this
Set objReq Server.CreateObject("Microsoft.XMLDOM
")objReq.Load Request
objReq contains the SOAP envelope from the
client.
37SOAP Server Side (cont)
The value of SalesTotal can be extracted by
running an XSL pattern query, using the
SelectSingleNode method of the XML DOM object,
and tax is calculated
strQuery "SOAPEnvelope/SOAPBody/mGetSalesTax/
SalesTotalvarSalesTotal objReq.SelectSingleNod
e(strQuery).Text varSalesTax varSalesTotal
0.04
38SOAP Server Side (cont)
The response is ready to be passed back to the
client. The SOAP response envelope conforms to a
format-type almost identical to the request.
ltSOAPEnvelope xmlnsSOAP"urnschemas-xmlsoap-org
soap.v1"gt ltSOAPHeadergtlt/SOAPHeadergt
ltSOAPBodygt ltmGetSalesTaxResponse
xmlnsm"urnmyserver/soapTaxCalc"gt
ltSalesTaxgt4lt/SalesTaxgt lt/mGetSalesTaxResp
onsegt lt/SOAPBodygt lt/SOAPEnvelopegt
39SOAP Client Side (cont)
The response document can be built either by
string-concatenation, or by creating a new
instance of a DOM (Document Object Model), and
appending the appropriate nodes. Back on the
client, the response is received, and can be
decoded by extracting the appropriate node from
the Envelope document
Dim objReturn As New MSXML.DomDocumentobjReturn.L
oadXML strReturn strQuery _"SOAPEnvelope/SOAP
Body/mGetSalesTaxResponse/SalesTax"dblTax
objReturn.SelectSingleNode(strQuery).Text
40Problems with example
- OK, I got it workingby Ned Robinson(nrobinson_at_bas
eline.com)Tuesday, August 28, 2001 - Here is the trick. You must have Application
Protection on your web server set to Low so that
the service and the application can run in the
same address space. Go to IIS Manager, right
click on your Web Site and go to Properties. Go
to the Home Directory tab and make the change to
Application Protection at the bottom.
41SOAP Security
- SOAP specification does not define any
protocol-specific security features. Potential
security threat due to plain text nature of data.
- Security features may be added to the SOAP header
(e.g. digital signatures). - Transport protocols such as SSL (using HTTPS),
TLS, and IP SECurity (IPSec) can provide the
integrity and confidentiality of the message
during transmission.
42Conclusions
- SOAP new and simple protocol. SOAP well suited
for internet. Excellent foundation upon which
other protocols may be built - Primary goal of SOAP is interoperability
- SOAP XML (data representation) HTTP
(transport) RPC (call/response mechanism) - Today SOAP does not address some critical
distributed services (e.g. security). But SOAP
is evolving rapidly.
43References
- http//www.vbip.com/xml/soap_syd.asp
- http//msdn.microsoft.com/msdnmag/issues/0300/soap
/default.aspx - http//www.w3.org/TR/SOAP/
- http//www.xml.org/xml/resources_focus_soap.shtml
- http//www.javaworld.com/javaworld/jw-03-2001/jw-0
330-soap.html - http//msdn.microsoft.com/library/default.asp?url
/library/en-us/dnexxml/html/xml10152001.asp - http//msdn.microsoft.com/library/default.asp?url
/library/en-us/dnwebsrv/html/Xmloverchap2.asp - http//www.microsoft.com/mind/0100/soap/soap.asp