soap simple object access protocol an introduction

SOAPSimple Object Access Protocol

An Introduction

SOAPSimple Object Access Protocol

An Introduction

by Juan J VargasUniversity of Central Florida

CDA 5937 Fall 2002

October 2002 UCF - CDA 5937 2

AgendaAgenda

What is SOAP? SOAP History The SOAP Structure The SOAP Message Exchange Model Examples of HTTP / XML / SOAP SOAP Security Conclusions and References


What is SOAP?What is SOAP? SOAP: “Simple Object Access Protocol” is a

lightweight communication protocol for exchange of information in a decentralized, distributed environment.

SOAP combines HTTP (medium of communication) with XML (language of communication)

SOAP = XML parser + server/client code + HTTP server SOAP invokes methods on servers, services,

components, and objects via Internet.


What is SOAP? (cont.)What is SOAP? (cont.) SOAP has no explicit programming model,

unlike DCOM and CORBA: no special components or tools needed to make an implementation.

Can be implemented in any language (Java, Perl, C++, VB, Windows and UNIX)

SOAP promotes distributed computing thru communication


SOAP goalsSOAP goals

Developed to be a platform and language independent

Simplicity and extensibilitySOAP meets these goals by omitting features often found in messaging systems and distributed object systems:–garbage collection, batching of messages,

objects-by-reference


SOAP goals (cont)SOAP goals (cont)

Simple standardized mechanism for moving structured information

Format for sending messages Enables different programs, written in different

languages and running on different platforms, to communicate with each other


SOAP HistorySOAP History SOAP 0: Developed by UserLand, Microsoft,

and DevelopMentor in 1998 SOAP 1.0 in 2000 W3C (World Wide Web Consortium)

v1.1 final – May 2000 W3C v1.2 draft – July 2001

Specification can be found at:http://www.w3.org/TR/soap12/


The SOAP Message Exchange Model (Client/Server)

The SOAP Message Exchange Model (Client/Server)

SOAP defines two types of messages:Requests Responses

Clients send a request to a server to invoke a service, and the server sends back the results


The SOAP 1.1 StructureThe SOAP 1.1 Structure

A SOAP message contains 3 parts:1. Envelope: defines the content of the message

– Must be associated with a namespace, e.g.: http://www.w3.org/2001/06/soap-envelope

2. Header (optional): contains header information3. Body: contains call and response information


SOAP HeaderSOAP Header

Is an optional component The Header has information about how the

message is to be processed Can contain extensions to the message like

transaction ids Can also contain security information


Sample <soap:Header>Sample <soap:Header><soap:Envelope> …

<soap:Header> <t:Transaction xmlns:t=“some-URI”

soap: mustUnderstand=“1”> 12345 </t:Transaction></soap:Header>

<soap:Body> … </soap:Body></soap:Envelope>


SOAP BodySOAP Body

Contains the message referred to as “payload” Must be a child of the Envelope element Can contain the encodingStyle Can also contain a <Fault> element


Sample <soap:Body>Sample <soap:Body><soap:Envelope> … <soap:Header> … </soap:Header><soap:Body> <w:article xmlns:w=“www.w3.org” > <w:name> SOAP v1.1 </w:name> <w:url> http://www.w3.org/TR/SOAP </w:url> </w:article></soap:Body>

</soap:Envelope>


Sample <soap:Fault>Sample <soap:Fault><soap:Envelope> … <soap:Body> … <soap:Fault> <faultcode>soap:Server</faultcode> <faultstring>Server Error</faultstring> <detail> <e:myfaultdetails xmlns:e="Hello"> <message> Ooops… </message> <errorcode> 1001 </errorcode> </e:myfaultdetails> </detail></soap:Fault>

</soap:Body> </soap:Envelope>


POST /Temperature HTTP/1.1

Host: www.weather.com

Content-Type: text/xml

Content-Length: <whatever>

SOAPMethodName: <some-URI>#CurrentTemp

<SOAP:Envelope xmlns:SOAP="urn:schemas-xmlsoap-org:soap.v1">

<SOAP:Body>

<m:CurrentTemp xmlns:m="some-URI">

<zip_code>37919</zip_code>

<m:CurrentTemp>

</SOAP:BODY>

<SOAP:Envelope>

URI- Uniform Resource Identifier

some-URI -> www.netsolve.com or www.globus.com

SOAP requestSOAP request

Http Header

Xml Payload

Soap Extensions


HTTP/1.1 200 OK


Content-Length: <whatever>


<SOAP:Header>

<t:Transaction xmlns:t="some-URI">

5

</t:Transaction>

</SOAP:Header>

<SOAP:Body>

<m:CurrentTempResponse xmlns:m="some-URI">

<return>42</return>

</m:CurrentTempResponse>

</SOAP:Body>

</SOAP:Envelope>

SOAP responseSOAP response

Http Header

Xml Payload


The SOAP 1.2 StructureThe SOAP 1.2 Structure

A SOAP message contains 4 parts:1. Envelope: defines a framework describing

what is in the message 2. Set of encoding rules: expresses

instances of application-defined data types

3. Convention for representing remote procedure calls (RPCs) and responses

4. A transport binding convention for exchanging messages


HTTP ExampleHTTP Example

The following is a legal HTTP request message:

HTTP headers are just plain text.

POST /foobar HTTP/1.1

Host: 209.110.197.12

Content-Type: text/plain

Content-Length: 12

Hello, World


HTTP ExampleHTTP ExampleFirst line of an HTTP request contains three components: The HTTP method: POST

The Internet Engineering Task Force (IETF) has standardized a fixed number of HTTP methods:GET is the HTTP method used to surf the Web.POST is the most commonly used HTTP method for building applications.

The Request-URI: /foobarURI (Uniform Resource Identifier) to identify target of request

The protocol version: HTTP/1.1The protocol version in this example is HTTP/1.1, which indicates that the rules of RFC 2616 are to be observed.


HTTP ExampleHTTP ExampleThe third and fourth lines of the request specify

the type and size of the request payload: Content-Type: text/plain

syntax of the payload information as a MIME type

Most DCE (Distributed Computing Environment) applications use NDR (Network Data Representation).

Most Web applications use text/html or other text-based syntaxes. SOAP uses text/xml

Content-Length: 12number of bytes of payload information



The blank line between the Content-Length header and the request payload is a delimiter.

Individual HTTP headers are delimited by a carriage-return / line-feed sequence.The headers are delimited from the payload using an extra carriage-return / line-feed sequence.



The following is an HTTP response message:

If server unable to decode the request

200 OK

Content-Type: text/plain

Content-Length: 12

dlroW ,olleH

400 Bad Request

Content-Length: 0

307 Temporarily Moved

Location: http://209.110.197.44/foobar

Content-Length: 0


XML NameSpacesXML NameSpaces

To support extensibility, every element and attribute in XML has a namespace URI associated with it.

This URI is specified using the xmlns attribute.


XML NameSpaces: ExampleXML NameSpaces: Example

<reverse_string

xmlns="urn:schemas-develop-com:StringProcs">

<string1>Hello, World</string1>

<comment xmlns='http://foo.com/documentation'>

This is a comment!!

</comment>

</reverse_string>URIs


XML NameSpaces: ExampleXML NameSpaces: ExampleXML allows namespace URIs to be mapped to

locally unique prefixes as a convenience.<sp:reverse_string

xmlns:sp="urn:schemas-develop-com:StringProcs"

xmlns:doc='http://foo.com/documentation'>

<sp:string1>Hello, World</sp:string1>

<doc:comment>

This is a comment!!

</doc:comment>

</sp:reverse_string>


Sample SOAP NamespacesSample SOAP Namespaces SOAP envelope:

http://www.w3.org/2001/06/soap-envelope SOAP serialization:

http://www.w3.org/2001/06/soap-encoding SOAP mustUnderstand fault:

http://www.w3.org/2001/06/soap-faults SOAP upgrade:

http://www.w3.org/2001/06/soap-upgrade


Example: SOAP Method Request Example: SOAP Method RequestPOST /string_server/Object17 HTTP/1.1Host: 209.110.197.2Content-Type: text/xmlContent-Length: 152SOAPMethodName: urn:strings-com:IString#reverse

<Envelope> <Body> <m:reverse xmlns:m='urn:strings-com:IString'> <theString>Hello, World</theString> </m:reverse> </Body></Envelope>

URI – delim – method name

Method must match


Example: SOAP ResponseExample: SOAP Response200 OK


Content-Length: 162

<Envelope>

<Body>

<m:reverseResponse xmlns:m='urn:strings-com:IString'>

<result>dlroW ,olleH</result>

</m:reverseResponse>

</Body>

</Envelope>

Method name + “Response” suffix


SOAP Request StructureSOAP Request Structure


Another SOAP ExampleAnother SOAP Example

Let’s build a service that calculates the tax due on a sales transaction. In traditional VB (Visual Basic) terms we will create a function with the following definition:

Public Function GetSalesTax(ByVal pSalesTotal As Double) As Double GetSalesTax = pSalesTotal * 0.04End Function


SOAP Example (cont)SOAP Example (cont)

Dim objTax As New CTaxCalcdblSalesTax = objTax.GetSalesTax(100)

If the amount is $100 and GetSalesTax is within the objTax object the VB call looks like:


SOAP Example (cont)CLIENT sideSOAP Example (cont)CLIENT side

The request is formatted as an XML document, which is passed up to the server.

<SOAP:Envelope xmlns:SOAP="urn:schemas-xmlsoap-org:soap.v1"> <SOAP:Header></SOAP:Header> <SOAP:Body> <GetSalesTax> <SalesTotal>100</SalesTotal> <GetSalesTax> </SOAP:Body></SOAP:Envelope>


How to send the XML document to the server?How to send the XML document to the server?

The request is a simple HTTP post.

The internet browser masks all the complexity of sending a form to a server.

But if we are going to do the job ourselves, Microsoft's XML HTTP Request object can be used to give us a helping hand.

The LHTTPRequest is an object within the MSXML class library (MSXML.DLL), and it comes with IE5.


SOAP Client (cont)SOAP Client (cont)Assuming that strEnvelope contains the XML document described above, the request is formatted thus:

Dim objHTTP As New MSXML.XMLHTTPRequestDim strEnvelope As String

'Set up to post to our localhost serverobjHTTP.open "post", "http://localhost/soap/soap.asp"

'Set a standard SOAP/ XML header for the content-typeobjHTTP.setRequestHeader "Content-Type", "text/xml"

'Set a header for the method to be calledobjHTTP.setRequestHeader "SOAPMethodName", _"urn:myserver/soap:TaxCalc#GetSalesTax"

'Make the SOAP callobjHTTP.send strEnvelope

'Get the return valuestrReturn = objHTTP.responseBody

In this example, the server is in the local computer


SOAP Server SideSOAP Server Side

The first job is to create the soap.asp page, to listen for, and process SOAP calls to our server.

For the basic listener service, we need to parse the body of the request (the SOAP envelope) and pull out the value of the SalesTotal parameter.

Because the request is XML, we can load it into an instance of Microsoft's XMLDOM.


SOAP Server Side (cont)SOAP Server Side (cont)

Set objReq = Server.CreateObject("Microsoft.XMLDOM")objReq.Load Request

Soap.asp begins like this:

objReq contains the SOAP envelope from the client.



strQuery = "SOAP:Envelope/SOAP:Body/m:GetSalesTax/SalesTotal“varSalesTotal = objReq.SelectSingleNode(strQuery).Text

varSalesTax = varSalesTotal * 0.04

The value of SalesTotal can be extracted by running an XSL pattern query, using the SelectSingleNode method of the XML DOM object, and tax is calculated:




<SOAP:Header></SOAP:Header>

<SOAP:Body>

<m:GetSalesTaxResponse xmlns:m="urn:myserver/soap:TaxCalc">

<SalesTax>4</SalesTax>

</m:GetSalesTaxResponse>

</SOAP:Body>

</SOAP:Envelope>

The response is ready to be passed back to the client.

The SOAP response envelope conforms to a format-type almost identical to the request.


SOAP Client Side (cont)SOAP Client Side (cont)

The response document can be built either by string-concatenation, or by creating a new instance of a DOM (Document Object Model), and appending the appropriate nodes.

Back on the client, the response is received, and can be decoded by extracting the appropriate node from the Envelope document:

Dim objReturn As New MSXML.DomDocumentobjReturn.LoadXML strReturn

strQuery = _"SOAP:Envelope/SOAP:Body/m:GetSalesTaxResponse/SalesTax"dblTax = objReturn.SelectSingleNode(strQuery).Text


Problems with exampleProblems with exampleOK, I got it working

by Ned Robinson([email protected])Tuesday, August 28, 2001

Here is the trick. You must have Application Protection on your web server set to Low so that the service and the application can run in the same address space. Go to IIS Manager, right click on your Web Site and go to Properties. Go to the Home Directory tab and make the change to Application Protection at the bottom.


SOAP SecuritySOAP Security SOAP specification does not define any protocol-

specific security features. Potential security threat due to plain text nature of data.

Security features may be added to the SOAP header (e.g. digital signatures).

Transport protocols such as SSL (using HTTPS), TLS, and IP SECurity (IPSec) can provide the integrity and confidentiality of the message during transmission.


ConclusionsConclusions

SOAP: new and simple protocol. SOAP well suited for internet. Excellent foundation upon which other protocols may be built

Primary goal of SOAP is interoperabilitySOAP = XML (data representation) + HTTP

(transport) + RPC (call/response mechanism)

Today SOAP does not address some critical distributed services (e.g. security). But SOAP is evolving rapidly.


ReferencesReferenceshttp://www.vbip.com/xml/soap_syd.asphttp://msdn.microsoft.com/msdnmag/issues/0300/soap/

default.aspx

http://www.w3.org/TR/SOAP/http://www.xml.org/xml/resources_focus_soap.shtmlhttp://www.javaworld.com/javaworld/jw-03-2001/jw-0330-

soap.htmlhttp://msdn.microsoft.com/library/default.asp?url=/library/en-

us/dnexxml/html/xml10152001.asphttp://msdn.microsoft.com/library/default.asp?url=/library/en-

us/dnwebsrv/html/Xmloverchap2.asphttp://www.microsoft.com/mind/0100/soap/soap.asp

soap simple object access protocol an introduction

Documents

soap headeris

soap goalsdeveloped

soap bodycontains

soap historysoap

structurea soap message

sample soap v1

communicationucf cda

referenceucf cda