Tuesday, October 30, 2012

Web Service incompatibilities

SOAP Web Services have lost quite some of their popularity: too complex, incompatibilities etc.  My answer is always that 1) SOAP just adds a very simple envelope around the request and response messages and 2) SOAP does work fine when you stick to the rules (a copy of a slide I use in my training classes):

Just recently I had encountered 2 nice examples of SOAP incompatibilities.

Cookies and SOAP

While investigating the web services API of a cloud SAAS application, encountered another example how things should not be done.  First of all it was not "stateless" but required the use of a login and logout operation. With security not based on standard HTTP basic authentication or WS-Security, but a proprietary scheme:

  <urn:credential>
    <urn:companyId>company-id</urn:companyId>
    <urn:username>user-name</urn:username>
    <urn:password>password</urn:password>
  </urn:credential>


But then came the surprise: the login operation returns a session handle which is actually a cookie!  The cookie is to be passed as an HTTP header in each subsequent web service.  Had seen many ways to make web service implementations incompatible, but is one for the top 5!  Obviously most web service clients require some hack to pass this cookie along the SOAP request.

Doc/literal with 2 parts

A more subtle challenge came recently by at a customer: the IBM DataPower ESB refused to import the WSDL file an Oracle product.  The web service used the document/literal style and one of the operations had a request message consisting of 2 parts.  So who was wrong and who was right: IBM or Oracle?

SOAP went through some growing pains in the beginning. The initial idea was an RPC mechanism whereby an operation could have multiple parameters. These parameters are passed as multiple parts in a request and response message. But with a better understanding of XML and XML schema's, the world move to a model whereby XML documents were passed. Microsoft introduced the document/literal wrapped style whereby the root contains the name of the operation.
<soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope">
  <soap:Body>
    <OperationName>
      actual XML document...
    </operationName>
  <soap:Body>
</soap:Envelope
</soap:Envelope>

So my initial response was, document/literal web services should only have one part and Oracle is wrong. But a colleague pointed to the fact that Oracle would not implement web services that violate the standards. And indeed, the IBM article clearly explains that a document/literal web service can have multiple parts in a message.

The WS-I Basic Profile was an initiative to sharpen the rules and states: "R2201 A document-literal binding in a DESCRIPTION MUST, in each of its soapbind:body element(s), have at most one part listed in the parts attribute, if the parts attribute is specified.". So the Oracle web service is not WS-I basic compliant but does not violate the SOAP/WSDL specifications.

Again a situation where one has to go for workaround, this time in the DataPower ESB. Had IBM implemented the specs correctly and/or Oracle stuck to the widely accepted ways-of-working and the WS-I Basic profile, everything would have worked smoothly.

10 comments:

Hill said...

So great work for informing us of the possibilities and following a certain path.

I really appreciate your hard work an giving us some information and inspiring others to follow.

Thanks so much.

I hope for more post in the future.



digital marketing courses melbourne

Priya Kannan said...

Usually I do not read post on blogs, but I would like to say that this write-up very forced me to try and do it! Your writing style has been surprised me. Great work admin.Keep update more blog.
AWS Training in Chennai

Sadhana Rathore said...

I want to thank for sharing this blog, really great and informative. Share more stuff like this.
AWS Training in Chennai
DevOps Training in Chennai
Data Science Course in Chennai
ccna course in Chennai
Python Training in Chennai
R Programming Training in Chennai
Angularjs Training in Chennai
RPA Training in Chennai
Blue Prism Training in Chennai

Manipriyan said...
This comment has been removed by the author.
Renuraj said...

Very nice post here thanks to you for this. I evermore like your blog and such a useful content of these post. Keep doing...
Corporate Training in Chennai
Corporate Training institute in Chennai
Spark Training in Chennai
Social Media Marketing Courses in Chennai
Job Openings in Chennai
Oracle Training in Chennai
Tableau Training in Chennai
Power BI Training in Chennai
Linux Training in Chennai
Corporate Training in OMR

Mithun said...

Great Post with lots of useful informations. Excellent blog very much interesting...
SAP Training in Chennai | AWS Training in Chennai | SAP Training | AWS Training

TIC Academy said...

Excellent blog on AWS Concepts. Superb information.
AWS Exam Center in Chennai | AWS Training in Chennai | AWS Training Institute in Chennai

Manigandan said...

An awesome blog with useful stuffs. Clear explanation..
Hardware and Networking Training in Chennai
CCNA Training in Chennai
AWS Training in Chennai
SAP Training in Chennai
Software Testing Training in Chennai
Java Training in Chennai
QTP Training in Chennai
iOS Training in Chennai
Oracle Training in Chennai
Pearson Vue Exam Center in Chennai

Mithun said...

Wonderful Blogspot
AWS Training in Chennai
AWS Training Institutes in Chennai
AWS Training Center in Chennai
AWS Training Course in Chennai
AWS Training Class in Chennai
Best AWS Training in Chennai
AWS Training Institute in Chennai
AWS Certification in Chennai
AWS Classes in Chennai
AWS Training

INFYCLE TECHNOLOGIES said...

Finish the Selenium Training in Chennai from Infycle Technologies, the best software training institute in Chennai which is providing professional software courses such as Data Science, Artificial Intelligence, Java, Hadoop, Big Data, Android, and iOS Development, Oracle, etc with 100% hands-on practical training. Dial 7502633633 to get more info and a free demo and to grab the certification for having a peak rise in your career.