Web services combine the HTTP communication protocol and the XML data format


Simple Object Access Protocol is a framework for exchanging XML-based information in a network. Client requests and web service responses are transmitted as Simple Object Access Protocol (SOAP) messages over HTTP to enable a completely interoperable exchange between clients and web services, all running on different platforms and at various locations on the Internet. Every soap message is an envelope. An envelope contains header (optional- for transaction, security,…) and body (mandatory- for payload).

SOAP messages can be sent over any transport protocol, including TCP/IP, UDP, email (SMTP) and message queues.


* Web Service Description Language
* An XML-based language for describing network services
* WSDL descriptions of capabilities and locations of services
* like an interface description language for Web services
* communication using SOAP or direct HTTP


* Universal Description, Discovery, and Integration
* provides a registry mechanism for clients and servers to find each other
* uses SOAP for communication
* Is not used much!

JAX-WS in JavaEE

JAX-WS stands for Java API for XML Web Services. JAX-WS is a technology for building web services and clients that communicate using XML. JAX-WS allows developers to write message-oriented as well as RPC-oriented web services. It uses JAXB under the hood.

The starting point for developing a JAX-WS web service is a Java class annotated with the javax.jws.WebService annotation. The @WebService annotation defines the class as a web service endpoint.

A service endpoint interface or service endpoint implementation (SEI) is a Java interface or class, respectively, that declares the methods that a client can invoke on the service. An interface is not required when building a JAX-WS endpoint. The web service implementation class implicitly defines an SEI.

You may specify an explicit interface by adding the endpointInterface element to the @WebService annotation in the implementation class. You must then provide an interface that defines the public methods made available in the endpoint implementation class.

We use wsgen to generate the artifacts required to deploy the service and then use the endpoint implementation class and the wsimport tool to generate the web service artifacts that connect a web service client to the JAX-WS runtime.


Send soap xml to web service

    fis = new FileInputStream("1.xml");
    SOAPMessage sm = messageFactory.createMessage(new MimeHeaders(),fis);
        SOAPConnectionFactory newInstance = SOAPConnectionFactory.newInstance();
    SOAPConnection connection = newInstance.createConnection();
    String url = "";
    SOAPMessage answer = connection.call(sm, url);


  • SoapUI
  • SOATest
  • XMLSpy!

Basic principles underlying SOA

  • Boundaries are explicit.
  • Services are autonomous, independent applications
  • Share schemas and contracts, not implementations
  • Service compatibility is based on policy: Policies are collections of machine-readable statements that let a service define its requirements for things like security and reliability. These policies can be included as part of a service’s contract, allowing it to completely specify a service’s behavior and expectations, or they can be kept in separate policy stores and fetched dynamically at run-time.

Webservice Security

3 most popular methods are:

  1. IP blocking: easy to implement, no client change, easy to break
  2. Certificates: some code change required, client change needed, difficult to implement in public, best for interanet applications
  3. Authentication: code change required, more flexible
Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License