Is there any book that can guide me building secure webservices.
Adding xsds to WSDL
Adding WS security policies to WSDL
Any book that can describe how to put together a secure web service.
the language shouldn't matter, but it should explain the concepts and help the reader to put together all the pieces required for building a secure web service.
Thanks
I think the Spring "contract first" web service explanation is excellent.
Related
can someone help me telling what is RESTful and difference with `web Service'?
i tried to search but i get confused between it and web service can anyone help ?
It's name clearly state its meaning that services provided on the web are called a web service
web service has two type REST API and SOAP API
RESTful Web Services are basically REST Architecture based Web Services. In REST Architecture everything is a resource. RESTful web services are light weight, highly scalable and maintainable and are very commonly used to create APIs for web-based applications.
SOAP (Simple Object Access Protocol) is a messaging protocol that allows programs that run on disparate operating systems (such as Windows and Linux) to communicate using Hypertext Transfer Protocol (HTTP) and its Extensible Markup Language (XML).
RESTful is one kind of web service. Another kind is SOAP. I think comment in this link will help you
https://stackoverflow.com/a/2285743/4874281
I know that UDDI gives the posibility of descovering a web service. Is there any alternative for UDDI that do the same thing : to discover web services?
UDDI is out of the scene these days. People are moving towards semantic web services. WSMO and OWL-s are major initiatives for semantic web services. These solutions can provide more precise results.
Here's a few
mDNS/Bonjour/Avahi - can be used to share endpoint information for a web service, or anything else using a TXT record
WS-Discovery - supported by CXF and WCF, shares implementation of a specific interface
ebXML - had a component similar to UDDI
Our application has thousands of web services. We are looking for a standard way / technology to provide our clients with list of web services / some documentation and some other meta information?
Use UDDI and WSDL for this.
WSDL is the way to give "some documentation and meta data" as you have mentioned.
UDDI is the way to search for web services.
To get very basic introduction about both of these refer to these links on W3c school on WSDL & UDDI. Once you get a start, you can browse Internet for many UDDI providers and WSDL tutorials.
UDDI (its not dead)
ebXML
mDNS
WS-Discovery
My last application had Axis2 web service and used contract last approach. We had a new requirement for creating a web service and I used Spring Web service. A discussion came up in the meeting that why use Spring WS when we already have the required Axis2 libraries to create new web service. I was convincing my team because Spring has Contract first approach which is the best way of creating and all other best points mention in the chapter 2 of the documentation.
But their point was Axis 2 also has contract first.
I would really appreciate anyone since I am really new to web services and still learning what is the difference between Axis 2 and Spring WS. I like an elaborate answer for our better understanding.
Thanks in advance.
If your team already has experience with CXF, and it fits the contract-first requirements, then stick with it.
Spring-WS is simpler and more flexible than CXF, in my experience, but that's not an especially compelling reason to switch to it.
I ask this question in anticipation as part of a project. I have experience of developing and consuming web services in the past and am au fait with those. However I have been told that as part of this next project I will need to use "secure" web services. Can you provide some insight into what additional development tasks there will be to implement these as opposed to standard dare i say it insecure web services?
Cheers
Unless you have a complex multi-hop scenario, then SSL is vastly more practical and interoperable than anything based on WS-Security or related specification
If your going to be using WCF, check out these guide lines on MSDN
Exising ASMX Web Service can be secured using Web Services Enhancements (WSE) 3.0