SharePoint services WSDL specification - web-services

What is the reason why hitting, for example, http:///_vti_bin/UserGroup.asmx?wsdl gives me a not full wsdl specification (if compared with http://msdn.microsoft.com/en-us/library/dd965659%28v=office.12%29.aspx)?
What I mean about not full: it does not contain some of complex types definition, e.g. User (unlike the full one), so this types are no generated by the wsdl.exe.
I have a question in regard of this: is it safe to generate c# web service stub basing on specification from MSDN or this approach is dangerous due to possible changes in contract?

For your first question as to the WSDL not being the same: it really should be equivalent and contain all the types! Whenever you append /_vti_bin/UserGroup.asmx?wsdl to your site's URL, SharePoint should definitely display the FULL WSDL, including the complex type definitions, etc. I just tried it now against my own SharePoint instance and the WSDL returned from http:// mysite.com/ ...snip... /pierre/_vti_bin/UserGroup.asmx?wsdl is pretty much the same size as the one from http://msdn.microsoft.com/en-us/library/dd965659%28v=office.12%29.aspx and a quick check to make sure complex types are in both places confirm that.
To answer your second question: I think you should NOT create your Web Service stubs and skeletons based on the WSDL in the documentation. Instead use the WSDL returned from your site. If you're not getting all the complex types in the WSDL returned from SharePoint, you should fix that issue first.
First thing I would try: download SOAPui (free) and simply plugin the URL that ends with ?wsdl and create sample requests. Maybe you'll run into access issues (UAG or other) but at least you'll know that the WSDL is well formed. If SOAPui can generate the client code based on the WSDL, you can too (using wsdl2java or the wsdl2dotnet equivalent; I can't remember the name of the .net version).
And yes, it's dangerous to copy the WSDL from the docs but I'd be more worried about some things being abbreviated or documentation going stale, etc.
As for the contract changing, I'm using the UserGroup.asmx?wsdl endpoint since 2009 and it still works on newer versions of SharePoint (even after the upgrade to SP2010). And I'm using java as the client code. Microsoft really nailed the Web Services in SharePoint, it was surprisingly easy to integrate our java stack and make calls to/from the SharePoint web services. And it was also very inter-operable with the other tools we use to test Web Services like SOAPui, etc.

Related

Best practice: WebLogic SOAP service -- should WSDL be visible?

I am going to deploy a SOAP web service on a WebLogic server.
The endpoint of the service is something like:
http://myserver.mycompany.com:1234/MyService-0.0.1-SNAPSHOT/MyServiceService
However, if (using a browser), I navigate to either
http://myserver.mycompany.com:1234/MyService-0.0.1-SNAPSHOT/MyServiceService?WSDL
-- or --
http://myserver.mycompany.com:1234/MyService-0.0.1-SNAPSHOT/MyServiceService?xsd=1
I can see the WSDL or schema file, respectively, for the service.
My group does not deploy a lot of web services (we're a back-office group and use Oracle Middleware to automate what little services we do provide), so a question has come up regarding whether exposing the WSDL file and schema file is "best practice".
Is it OK for these files to be visible, or should access to them be shutdown somehow? Conversely, is it even possible to restrict access to them, or would that interfere with clients trying to access the service?
This is an old question, but anyway.
It depends, but in my projects it was considered a bad practice to do so. You should always do Contract first, don't base your WSDL on your code or most likely you will end up with a WSDL that is somehow dependent on the programming language used for the implementation.
I don't know how Weblogic behaves but I remember that Jboss (5) used to generate the WSDL from the code any way and serve that. Even when we did Contract (WSDL) first development. So you would end up with little differences in these WSDLs which may cause problems. Exchange of the WSDL and the XML Schema files should be done by other means. It is possible to restrict access to any URI on Weblogic.
Another aspect is, that if you don't remove these, we found the developers on the clientside will start pointing their development-tools and implementation to these endpoints to get the WSDLs. This will most likely also cause problems and at least (a lot) unnecessary downloads of these files. As most frameworks will (need to) read the WSDL every time they instantiate the client-code. By not providing these endpoints, you keep the clients from these bad practices.

Is it mandatory to have a WSDL definition accessible using ?wsdl?

Is it mandated by any standard that a web service should provide a WSDL by appending ?wsdl to the endpoint address?
Is it OK if the WSDL is hosted at a different URL (without appending ?wsdl)?
For example:
Endpoint: http://abc.xyz.com/MyService
WSDL: http://abc.xyz.com/MyServiceDefinition.pqr
Note that I'm even using a different extension for the WSDL definition.
Does using this approach violate any standards or one can host the thing the way they want?
Is it mandatory to have a WSDL definition accessible using ?wsdl?
No, it's not.
A WSDL is used to describe a web service contract and is provided because it allows tools to automate generation of client stub code for calling the specified web service. Exposing the WSDL at the same location as the web service with ?wsdl appended to it is just very handy and that's the convention everybody uses.
People and tools look for the WSDL at that location and frameworks automatically expose it at that location but it's just a convention. As to my knowledge this isn't specified in any specification (or at least none that I could find).
Sometimes though you don't want to provide a WSDL that everybody can look at and try to create a client because it's a private web service and you only want to give access to your partners, not to everybody. At that point you can disallow the ?wsdl URL and provide the WSDL only to your partners by using an alternative channel. You can even e-mail it if you don't want it exposed online.
So you can choose whatever channel to expose it. Just remember that because people and tools are following this convention they are used to see it there and some (poorly written) tools might choke in a different extension, for example.
P.S. One other thing I wanted to mention - which isn't strictly related to this answer but kinda reinforces the convention - is the new ?singleWsdl option in WCF 4.5.
WCF, as most other tools, exposes the WSDL at the ?wsdl address but uses xsd:import statements with external schemas. Some frameworks were not able to process WSDL with imported dependencies so people started to write customizations over WCF to have a flat WSDL exposed, so much so that in the latest version of WCF Microsoft decided to add this feature out of the box.
But for backward compatibility they needed to keep the ?wsdl endpoint as it was (returning a WSDL document with xsd:import statements inside) and were forced to add a new query parameter for the flat WSDL: ?singleWsdl. I'm sure this idea will be picked up by other web service vendors and providers as well.
No, Its not mandatory to have ?wsdl access, but its recommended way.
Its worth noting that most clients will try to append "?wsdl" to your URL and will try to access WSDL file, Hence its highly recommended to setup it.

WSDL for REST based web services? Intellisense?

It seems that most of the new kids on the block are using RESTful web services rather than SOAP. I've only dabbled in them enough to know the basics of how they work.
Essentially in a SOAP implimentation, you are able to use a WSDL file that describes data types as well as usable RPC's. Finding a WSDL file and simply adding it as a service reference in visual studio is awesome and easy to impliment.
In a REST web service you have one (or more, depending on overrides) method for each action you are wanting to take (GET, POST, PUT, DELETE). While I can see how this would be beneficial, I can see problems with this... such as still having to deserialize into a local object.
So my question is... can you actually get intellisense when consuming REST web services? When you add a service reference to a WSDL you are able to see the list of usable methods. Otherwise, is the only way to actually see the usable methods through documentation? Is there any "self-containing" document that describes to VS what you can use and/or how to interpret data types without having to deserialize/serialize.

WSDL runtime validation with JAX-WS

We are developing an MDA platform that has support for Web Services. The user can provide a WSDL in runtime and we generate all the artifacts (service interface and implementation for the server, and consumer for the client) using JAX-WS internally.
We want to add validation on the WSDL document provided by the user. Right now the user has to validate that with an external tool like Oxygen, XMLSpy or a web tool, but we want to add that as a part of our system. A nice-to-have feature would be schema validation aswell, including the embedded schemas of the WSDLs.
In JAX-WS (RI) there is support for schema validation in runtime (using the #SchemaValidation annotation) but we haven't found any support for WSDL validation.
We've tried to integrate Eclipse's WSDL validator but it doesn't seem to work for us.
Is there any way of doing this with JAX-WS?
If not, is there any other validation framework that we can integrate?
Thanks
There is a bit of confusion in your question that I need to clarify first.
You seem to want the ability to validate the WSDL (syntax + WS-I) and XSDs, either embedded or referenced externally by the WSDL. On the other hand you bring in #SchemaValidation, which is actually used to validate instance documents.
In a traditional development approach, one might say you want at least the ability to validate design-time artifacts (WSDL+XSDs).
For this scenario then, I would recommend the following:
WSDL: for WS-I compliance testing, please take a look at the test tools section of the WS-I site. It is not clear how the licensing they have with their test tooling would work with yours, but at least it should give you an idea for what to look if it doesn't work for you.
UPDATE: Additional WSDL validation resources:
- Eclipse based, how to use outside Eclipse.
XSDs: if you really need separate validation for XSD files, things may get tricky for a production quality product; WSDL4J is not much help here, and I believe XSOM is the way to go for this kind of job. You have to extract content from the types section as one or more XSD files (could be more than one XSD file, take a look at some examples, Microsoft's SharePoint WSDLs come to my mind as a good test case), assign a base uri for each extracted XSD that matches the WSDLs location, then use XSOM to validate those.
Since you're generating the client, you're most likely not concerned with validating, say of the HTTP headers (SOAP 1.1/HTTP, SOAPAction, if it matches the WSDL operation definition). If you end up developing an interest in that as well, which I call runtime validation, then I would recommend a different layout in your approach (i.e. I would not rely on #SchemaValidation but rather do it through a transparent, and generic, proxy service).

Restful service in .NET with WADL instead of WSDL

I used WCF to create a restful web service in .NET, by means of a .svc file. The web application automatically produces a WSDL file. AFAIK, the WADL is more natural for a restful web service.
How could I create a restful service in .NET (preferably with wcf) that produces a WADL description?
Note An answer like "RTFM" is accepted, as long as you indicate a suitable manual/tutorial.
This is an old question but having consumed restful services with WADLs they do offer some value. You can import them straight into SOAPUI and it will build a test suite for you automatically. Secondly they tend to contains all the required XSDs for XML based services and are useful for automatically building serialisable classes that your endpoints accept and receive.
Looks like REST Describe & Compile should do the trick.
On the WADL developer site Marc Hadley
maintains a command line tool named
WADL2Java. The ambitious goal of REST
Describe & Compile is to provide sort
of WADL2Anything. So what REST
Describe & Compile does is that it:
Generates new WADL files in a completely interactive way.
Lets you upload and edit existing WADL files.
Allows you to compile WADL files to source code in various programming
languages.
Forgive me for answering a question with a question, but do you really want to do REST? REST really has no need for things like WADL.
Update:
The "hypermedia constraint" (aka HATEOAS) dictates that the user agent discovers content based on links embedded in previously retrieved content. It really is unnecessary to have a separate document that describes all the available content.
Imagine using a web browser to go to a site and instead of going to the home page and navigating from there, you are presented with a page which is a list of all the URLs on the site. You must then looks through the list of available urls, choose the one you are interested in and copy it into the address bar.
WADL is effectively you list of site urls. You just don't need it if your main content is linked together.
Linking content instead of using a WADL "site map" has other advantages. The available links can be dynamic based on particular data values in the content. This capability can vastly reduce the complexity of clients, because the client no longer needs to host the logic to decide when it is allowed to follow a link.