Web Services for J2EE, Version 1.0

IBM : developerWorks 中国网站 : XML & Web services : 所有的文章


	Web Services for J2EE, Version 1.0

Draft version 0.91 -- 19 August 2002

This version:: http://www.ibm.com/developerworks/library/ws-jsr109-proposed/ (available in PDF)
Authors:: Jim Knutson, IBM <knutson@us.ibm.com>; Heather Kreger, IBM <kreger@us.ibm.com>

Copyright© The Specification is protected by copyright and the information described therein may be protected by one or more U.S. patents, foreign patents, or pending applications. Except as provided under the following license, no part of the Specification may be reproduced in any form by any means without the prior written authorization of the Specification Lead and its licensors, if any. Any use of the Specification and the information described therein will be governed by the terms and conditions of this license, the Legal Terms as set forth in the Specification Lead website and any applicable export control laws and regulations. By viewing, downloading or otherwise copying the Specification, you agree that you have read, understood, and will comply with all of the terms and conditions set forth herein.

Copyright© Subject to the terms and conditions of this license, the Specification Lead hereby grants you a fully-paid, non-exclusive, non-transferable, worldwide, limited license (without the right to sublicense) under Specification Lead intellectual property rights to review the Specification internally for the purposes of evaluation only. Other than this limited license, you acquire no right, title or interest in or to the Specification or any other intellectual property of the Specification Lead. The Specification contains the proprietary and confidential information of Specification Lead and may only be used in accordance with the license terms set forth herein. This license will expire ninety (90) days from the date of Release listed above and will terminate immediately without notice from Specification Lead if you fail to comply with any provision of this license. Upon termination, you must cease use of or destroy the Specification.

Copyright© No right, title, or interest in or to any trademarks, service marks, or trade names of Sun or Sun's licensors, the Specification Lead or the Specification Lead's licensors is granted hereunder. Sun, Sun Microsystems, the Sun logo, Java, and the Java Coffee Cup logo are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. IBM and the IBM eight bar logo are trademarks or registered trademarks of International Business Machines Corporation in the United States and/or other countries. Other company, product, and service names may be trademarks or service marks of others.

Copyright© THE SPECIFICATION IS PROVIDED "AS IS" AND IS EXPERIMENTAL AND MAY CONTAIN DEFECTS OR DEFICIENCIES WHICH CANNOT OR WILL NOT BE CORRECTED BY THE SPECIFICATION LEAD. THE SPECIFICATION LEAD MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT THAT THE CONTENTS OF THE SPECIFICATION ARE SUITABLE FOR ANY PURPOSE OR THAT ANY PRACTICE OR IMPLEMENTATION OF SUCH CONTENTS WILL NOT INFRINGE ANY THIRD PARTY PATENTS, COPYRIGHTS, TRADE SECRETS OR OTHER RIGHTS. This document does not represent any commitment to release or implement any portion of the Specification in any product.

Copyright© THE SPECIFICATION COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION THEREIN; THESE CHANGES WILL BE INCORPORATED INTO NEW VERSIONS OF THE SPECIFICATION, IF ANY. THE SPECIFICATION LEAD MAY MAKE IMPROVEMENTS AND/OR CHANGES TO THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THE SPECIFICATION AT ANY TIME. Any use of such changes in the Specification will be governed by the then-current license for the applicable version of the Specification.

Copyright© TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL THE SPECIFICATION LEAD OR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, INCLUDING WITHOUT LIMITATION, LOST REVENUE, PROFITS OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO ANY FURNISHING, PRACTICING, MODIFYING OR ANY USE OF THE SPECIFICATION, EVEN IF THE SPECIFICATION LEAD AND/OR ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Copyright© You will indemnify, hold harmless, and defend the Specification Lead and its licensors from any claims based on your use of the Specification for any purposes other than those of internal evaluation, and from any claims that later versions or releases of any Specification furnished to you are incompatible with the Specification provided to you under this license.

Copyright© If this Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), then the Government's rights in the Software and accompanying documentation shall be only as set forth in this license; this is in accordance with 48 C.F.R. 227.7201 through 227.7202-4 (for Department of Defense (DoD) acquisitions) and with 48 C.F.R. 2.101 and 12.212 (for non-DoD acquisitions).

Copyright© You may wish to report any ambiguities, inconsistencies or inaccuracies you may find in connection with your evaluation of the Specification ("Feedback"). To the extent that you provide the Specification Lead with any Feedback, you hereby: (i) agree that such Feedback is provided on a non-proprietary and non-confidential basis, and (ii) grant the Specification Lead a perpetual, non-exclusive, worldwide, fully paid-up, irrevocable license, with the right to sublicense through multiple levels of sublicensees, to incorporate, disclose, and use without limitation the Feedback for any purpose related to the Specification and future versions, implementations, and test suites thereof.

Abstract

JSR109, Web Services for J2EE, defines how Web services are supported in a J2EE 1.3 or J2EE 1.4 application server. Specifically, Web Services for J2EE defines the client model, deployment model, and runtime model such that Web service clients and implementations are portable from one J2EE Vendors implementation to another. Web Services for J2EE builds on JAX-RPC (JSR101) to provide the client programming model. The client model allows Web service clients, Java and non-Java, inside or outside of J2EE, access to Web services deployed in the JSR109 enabled J2EE application server. It also allows J2EE components to invoke Web services, Java and non-Java, inside or outside of J2EE, using the J2EE programming model. The WebServices for J2EE deployment model defines the treatment of WSDL documents and the mapping of their services and the XML information model to J2EE components, including Stateless Session Beans in the EJB container and Servlets and JAX-RPC endpoints in the Servlet container. It also defines deployment and runtime support for JAX-RPC Handlers. Web Services for J2EE also defines support for service publication by defining how J2EE application servers should make WSDL documents available at URLs. Using JSR109 with your J2EE application server for your Web services support ensures portability of your Web services implementations and clients.

Status of this Document

Proposed Final Draft

This document is the Public Final Draft version of JSR 109. It is the penultimate phase in the Java Community Process for JSR specifications. This is a statement that the specification lead and expert group feel that the draft is complete. Revisions to the Proposed Final Draft are based on issues that come up while creating a Reference Implementation and Technology Compatibility Kit (TCK). This is not the final released version of the JSR 109 specification. The specification becomes a final release when this document, the Reference Implementation and the Technology Compatibility Kit are complete.

1. Introduction

This specification defines the Web Services for J2EE architecture. This is a service architecture that leverages the J2EE component architecture to provide a client and server programming model which is portable and interoperable across application servers, provides a scalable secure environment, and yet is familiar to J2EE developers.

1.1. Target Audience

This specification is intended to be used by:

J2EE Vendors implementing support for Web services compliant with this specification
Developers of Web service implementations to be deployed into J2EE application servers
Developers of Web service clients to be deployed into J2EE application servers
Developers of Web service clients that access Web service implementations deployed into J2EE application servers

This specification assumes that the reader is familiar with the J2EE platform and specifications. It also assumes that the reader is familiar with Web services, specifically the [JAX-RPC] Specification and WSDL documents.

1.2. Acknowledgements

This specification's origins are based on the vision of Donald F. Ferguson, IBM Fellow. It has been refined by an industry wide expert group. The expert group included active representation from the following companies: IBM, Sun, Oracle, BEA, Sonic Software, SAP, HP, Silverstream, IONA. We would like to thank those companies along with other members of the JSR 109 expert group: EDS, Macromedia, Interwoven, Rational Software, Developmentor, interKeel, Borland, Cisco Systems, ATG, WebGain, Sybase, Motorola, and WebMethods.

The JSR 109 expert group had to coordinate with other JSR expert groups in order to define a consistent programming model for Web Service for J2EE. We would like to especially thank Rahul Sharma and the JSR 101 (JAX-RPC) expert group, Farukh Najmi and the JSR 093 (JAX-R) expert group, and Linda G. DeMichiel and the JSR 153 (EJB 2.1) expert group.

1.3. Specification Organization

The next two chapters of this specification outline the requirements and conceptual architecture for Web services support in J2EE environments. Each of the major integration points for Web services in J2EE, the client model, the server model, the deployment model, WSDL bindings, and security have their own chapter. Each of these chapters consists of two topics: Concepts and Specification. The concepts section discusses how Web services are used, issues, considerations, and the scenarios that are supported. The specification section is normative and defines what implementers of this specification must support.

1.4. Document Conventions

In the interest of consistency, this specification follows the document conventions used by the [EJB] specification.

This non-fixed font is used for information that is prescriptive by this specification.

This emphasized font is used for paragraphs that contain descriptive information, such as notes describing typical use, or notes clarifying the text with prescriptive specification.

This fixed font is used for code examples.

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.

2. Objectives

This section lists the high level objectives of this specification.

Build on the evolving industry standards for Web services, specifically WSDL 1.1 and SOAP 1.1.
Leverage existing J2EE 1.3 technology.
Ensure that programmers may implement and package Web services that properly deploy onto application servers that comply with J2EE 1.3 and this specification.
Ensure that vendor implementations of this specification inter-operate, i.e. a Web service client on one vendor's implementation must be able to interact with Web services executing on another vendors implementation.
Define the minimal set of new concepts, interfaces, file formats, etc. necessary to support Web services within J2EE.
Clearly and succinctly define functions that J2EE application server vendors need to provide to comply with this specification on top of J2EE 1.3.
Define the roles that this specification requires, the functions they perform and their mapping to J2EE platform roles. Define the functions that a Web Services for J2EE product provider must provide to support these roles.
Support a simple model for defining a new Web service and deploying this into a J2EE application server.

The relation of this specification to J2EE 1.4 is defined in 10.1. Appendix A. Relationship to other Java Standards.

2.1. Client Model Goals

The client programming model should be conformant and compatible with the client programming model defined by JAX-RPC.

Additional goals for the client programming model are to ensure that:

Programmers can implement Web services client applications conforming to this specification that may reside in a J2EE container (e.g. an EJB that uses a Web service), or a J2EE Client Container can call a Web service running in a Web Services for J2EE container.
Client applications conforming to this specification can call any SOAP 1.1 based Web service through the HTTP 1.1 or HTTPS SOAP Bindings.
Programmers using other client environments such as Java 2 Standard Edition environment can call a Web service running in a Web Services for J2EE container. Programmers using languages other than Java must be able to implement SOAP 1.1 compliant applications that can use Web services conforming to this specification. Support the Client Development Scenarios described in Chapter 4. Client Programming Model.
Client developers must not have to be aware of how the service implementation is realized.
Java 2 Micro Edition clients, defined by JSR 172, should be able to interoperate using the transport standards declared within WSDL and the JAX-RPC runtime with Web Services for J2EE applications.

2.2. Service Development Goals

The service development model defines how Web service implementations are to be developed and deployed into existing J2EE containers and includes the following specific goals:

How the Web service has been implemented should be transparent to the Web service client. A client should not have to know if the Web service has been deployed in a J2EE or non-J2EE environment.
Because the Web service implementation must be deployed in a J2EE container, the class implementing the service must conform to some defined requirements to ensure that it does not compromise the integrity of the application server.
JAX-RPC defines three server side run time categories, J2SE based JAX-RPC Runtime, Servlet Container Based JAX-RPC Runtime, and J2EE Container Based JAX-RPC Runtime. This specification defines the J2EE container based (Web and EJB) runtime such that it is consistent with the Servlet Container based model defined by the [JAX-RPC] specification.
Support mapping and dispatching SOAP 1.1 requests to methods on J2EE Stateless Session Beans.
Support mapping and dispatching SOAP 1.1 requests to methods on JAX-RPC Service Endpoint classes in the Web Container.

2.3. Service Deployment Goals

Web service deployment is declarative. We do this through extending the J2EE 1.3 model for deployment descriptors and EAR file format. These changes are minimized, however.
The Web service deployment is supportable on top of existing J2EE 1.3 environments.
Deployment requires that a service be representable by WSDL. Deployment requires a WSDL file. The deployment of Web services must support:
- those who wish to deploy a Web service as the focus of the deployment
- those who wish to expose existing, deployed J2EE components as a Web service

2.4. Service Publication Goals

Service deployment may publish the WSDL to the appropriate service registry, repository (if required by the Web service), File, or URL.
If a Web service needs to be published by the deployment tools, all of the data required to perform the publication must be provided in the deployment package or during the deployment process.
If any publication to UDDI is performed, the WSDL must also be made available at a URL.

2.5. Web Services Registry Goals

The Web services registry API and programming model is out of the scope of this specification. The Web service implementation, Web service client, or Web service deployment tool may use any registry API including JAX-R. JAX-R does not support WSDL publication directly. It does support interaction with UDDI directories. UDDI.org specifies how to publish a WSDL described service to a UDDI directory.

This specification defines the service publication responsibilities of the deployment tool.

Service definition discovery (finding the WSDL to be implemented) during development or deployment of a service implementation is not defined.

Service discovery during development, deployment, or runtime of service clients is not defined.

3. Overview

3.1. Web Services Architecture Overview

Web Services is a service oriented architecture which allows for creating an abstract definition of a service, providing a concrete implementation of a service, publishing and finding a service, service instance selection, and interoperable service use. In general a Web service implementation and client use may be decoupled in a variety of ways. Client and server implementations can be decoupled in programming model. Concrete implementations may be decoupled in logic and transport.

Figure 1 Service oriented architecture

Service oriented architecture

The service provider defines an abstract service description using the Web Services Description Language (WSDL). A concrete Service is then created from the abstract service description yielding a concrete service description in WSDL. The concrete service description can then be published to a registry such as Universal Description, Discovery and Integration (UDDI). A service requestor can use a registry to locate a service description and from that service description select and use a concrete implementation of the service.

The abstract service description is defined in a WSDL document as a PortType. A concrete Service instance is defined by the combination of a PortType, transport & encoding binding and an address as a WSDL port. Sets of ports are aggregated into a WSDL service.

3.2. Web Service

There is no commonly accepted definition for a Web Service. For the purposes of this specification, a Web Service is defined as a component with the following characteristics:

A service implementation implements the methods of an interface that is describable by WSDL. The methods are implemented using a Stateless Session EJB, , or JAX-RPC Web component.
A Web Service may have its interface published in one or more registries for Web services during deployment.
A Web Service implementation, which uses only the functionality described by this specification, can be deployed in any Web Services for J2EE compliant application server.
A service instance, called a Port, is created and managed by a container.
Run-time service requirements, such as security attributes, are separate from the service implementation. Tools can define these requirements during assembly or deployment.
A container mediates access to the service.

JAX-RPC defines a programming model mapping of a WSDL document to Java which provides a factory (Service) for selecting which aggregated Port a client wishes to use. See Figure 2 for a logical diagram. In general, the transport, encoding, and address of the Port are transparent to the client. The client only needs to make method calls on the Service Endpoint Interface, as defined by JAX-RPC, (i.e. PortType) to access the service. See Chapter 4. Client Programming Model, for more details.

Figure 2 Client view

Client view

3.3. Web Services for J2EE Overview

The Web Services for J2EE specification defines the required architectural relationships as shown in Figure 3. This is a logical relationship and does not impose any requirements on a container provider for structuring containers and processes. The additions to the J2EE platform include a port component that depends on container functionality provided by the Web and EJB containers, and the SOAP/HTTP transport.

Figure 3 J2EE architecture diagram

J2EE architecture diagram

Web Services for J2EE requires that a Port be referencable from the client, Web, and EJB containers. This specification does not require that a Port be accessible from the applet container.

This specification adds additional artifacts to those defined by JAX-RPC that may used to implement Web services, a role based development methodology, portable packaging and J2EE container services to the Web services architecture. These are described in later sections.

3.3.1. Web Service Components

This specification defines two means for implementing a Web service, which runs in a J2EE environment, but does not restrict Web service implementations to just those means. The first is a container based extension of the JAX-RPC programming model which defines a Web service as a Java class running in the Web container. The second uses a constrained implementation of a stateless session EJB in the EJB container. Other service implementations are possible, but are not defined by this specification.

3.3.2. Web Service Containers

The container provides for life cycle management of the service implementation, concurrency management of method invocations, and security services. A container provides the services specific to supporting Web services in a J2EE environment. This specification does not require that a new container be implemented. Existing J2EE containers may be used and indeed are expected to be used to host Web services. Web service instance life cycle and concurrency management is dependent on which container the service implementation runs in. A JAX-RPC Service Endpoint implementation in a Web container follows standard servlet life cycle and concurrency requirements and an EJB implementation in an EJB container follows standard EJB life cycle and concurrency requirements.

3.4. Platform Roles

This specification defines the responsibilities of the existing J2EE platform roles. There are no new roles defined by this specification. There are two roles specific to Web Services for J2EE used within this specification, but they can be mapped onto existing J2EE platform roles. The Web Services for J2EE product provider role can be mapped to a J2EE product provider role and the Web services container provider role can be mapped to a container provider role within the J2EE specification.

In general, the developer role is responsible for the service definition, implementation, and packaging within a J2EE module. The assembler role is responsible for assembling the module into an application, and the deployer role is responsible for publishing the deployed services and resolving client references to services. More details on role responsibilities can be found in later sections.

3.5. Portability

A standard packaging format, declarative deployment model, and standard run-time services provide portability of applications developed using Web services. A Web services specific deployment descriptor included in a standard J2EE module defines the Web service use of that module. More details on Web services deployment descriptors can be found in later chapters. Deployment tools supporting Web Services for J2EE are required to be able to deploy applications packaged according to this specification.

Web services container providers may provide support for additional service implementations and additional transport and encoding bindings at the possible expense of application portability.

3.6. Standard Services

The J2EE platform defines a set of standard services a J2EE provider must supply. The Web Services for J2EE specification identifies an additional set of run-time services which are required.

3.6.1. JAX-RPC

JAX-RPC provides run-time services for marshalling and demarshalling Java data and objects to and from XML SOAP messages. In addition, JAX-RPC defines the WSDL to Java mappings for a Service Endpoint Interface and a Service class.

3.7. Interoperability

This specification extends the interoperability requirements of the J2EE platform by defining interoperability requirements for products that implement this specification on top of J2EE(TM). The interoperability requirements rely on the interoperability of existing standards that this specification depends on.

The specification builds on the evolving work of the following JSRs and specifications:

JSR 101, Java(TM) API for XML-based RPC (JAX-RPC)
J2EE 1.3
[EJB]
Servlet 2.3

3.8. Scope

3.8.1. Scope

The scope of this specification is limited to Web service standards that are widely documented and accepted in the industry. These include:
- SOAP 1.1 and SOAP with Attachments
- WSDL 1.1
- UDDI 1.0
This specification is limited to defining support for SOAP over HTTP 1.1 or HTTPS protocols and communication APIs for Web services (vendors are free to support additional transports).
These standards are expected to continue to change and evolve. Future versions of this JSR will accommodate and address future versions of these standards. In this specification, all references to SOAP, WSDL, and UDDI are assumed to be the versions defined above.

3.8.2. Not in Scope

The most glaring deficiency of SOAP over HTTP is basic reliable message semantics. Despite this deficiency, this JSR does not consider Message Reliability or Message Integrity to be in scope. Other JSRs, like the evolution and convergence of JAX-M and JMS, as well as activities in W3C and other standard bodies will define these capabilities.
Persistence of XML data.
Workflow and data flow models.
Arbitrary XML transformation.
Client programming model for Web service clients which do not conform to this specification.

3.9. Web Service Client View

The client view of a Web service is quite similar to the client view of an Enterprise JavaBean. A client of a Web service can be another Web service, a J2EE component, including a J2EE application client, or an arbitrary Java application. A non-Java application or non-Web Services for J2EE application can also be a client of Web service, but the client view for such applications is out of scope of this specification.

The Web service client view is remotable and provides local-remote transparency.

The Port provider and container together provide the client view of a Web service. This includes the following:

Service interface
Service Endpoint interface

The JAX-RPC Handler interface is considered a container SPI and is therefore not part of the client view.

Figure 4 Web Service Client View

Web Service Client View

The Service Interface defines the methods a client may use to access a Port of a Web service. A client does not create or remove a Port. It uses the Service Interface to obtain access to a Port. The Service interface is defined by the [JAX-RPC] specification, but its behavior is defined by a WSDL document supplied by the Web service provider. The container's deployment tools provide an implementation of the methods of the Service Interface or the JAX-RPC Generated Service Interface.

A client locates a Service Interface by using JNDI APIs. This is explained further in Chapter 4. Client Programming Model. A Web service implementation is accessed by the client using the Service Endpoint Interface. The Service Endpoint Interface is specified by the service provider. The deployment tools and container run-time provide server side classes which dispatch a SOAP request to a Web service implementation which implements the methods of the Service Endpoint Interface. The Service Endpoint Interface extends the java.rmi.Remote interface and is fully defined by the [JAX-RPC] specification.

A Port has no identity within the client view and is considered a stateless object.

3.10. Web Service Server View

Chapter 5. Server Programming Model defines the details of the server programming model. This section defines the general requirements for the service provider.

The service provider defines the WSDL PortType, WSDL binding, and Service Endpoint Interface of a Web service. The PortType and Service Endpoint Interface must follow the JAX-RPC rules for WSDL->Java and Java->WSDL mapping.

The service provider defines the WSDL service and aggregation of ports in the WSDL document.

The business logic of a Web service is implemented by a service provider in one of two different ways:

A Stateless SessionBean: The service provider implements the Web service business logic by implementing a stateless session EJB. The EJB's remote interface method signatures must match the method signatures of the Service Endpoint Interface and must include all methods of the Service Endpoint Interface.
A Java class: The service provider implements the Web service business logic according to the requirements defined by the JAX-RPC Servlet based service implementation model.

The life cycle management of a Web service is specific to the service implementation methodology.

The service provider implements the container callback methods specific to the service implementation methodology used. See the [JAX-RPC] specification and Enterprise JavaBeans specification for details on the container callback methods.

The container manages the run-time services required by the Web service, such as security. A Web service does not execute under a global transaction context. If the client accesses a Port with a transaction context, it will be suspended before the Port is accessed.

Service providers must avoid programming practices that interfere with container operation. These restrictions are defined by the J2EE 1.3, Servlet 2.3, and [EJB] specifications.

Packaging of a Web service in a J2EE module is specific to the service implementation methodology, but follows the J2EE requirements for an EJB-JAR file or WAR file. It contains the Java class files of the Service Endpoint Interface and WSDL documents for the Web service. In addition it contains an XML deployment descriptor which defines the Web service Ports and their structure. Packaging requirements are described in Section 5.4. Packaging.

4. Client Programming Model

This chapter defines the client programming model of Web Services for J2EE. In general, the client programming model is covered in detail by the [JAX-RPC] specification. This specification covers the use of the JAX-RPC client programming model in a J2EE environment.

Differences between this specification and the [JAX-RPC] specification will be noted in this style.

4.1. Concepts

Clients of Web services are not limited to clients defined within this specification, however the client programming model for non-Web Services for J2EE clients is not specifically addressed by this specification. In general, the WSDL definition of a Web service provides enough information for a non-Web Services for J2EE client to be built and run, but the programming model for that is undefined. The rest of this chapter covers the programming model for Web Services for J2EE clients. It makes no assumption on whether the Web service implementation invoked by the client is hosted by a Web Services for J2EE run-time or some external run-time.

A client uses the Web Services for J2EE run-time to access and invoke the methods of a Web service. A client can be any of the following: J2EE application client, Web component, EJB component, or another Web service.

The client view of a Web service is a set of methods that perform business logic on behalf of the client. A client cannot distinguish whether the methods are being performed locally or remotely, nor can the client distinguish how the service is implemented. Lastly, a client must assume that the methods of a Web service have no state that is persistent across multiple Web service method invocations. A client can treat the Web service implementation as stateless.

A client accesses a Web service using a Service Endpoint Interface as defined by the [JAX-RPC] specification. A reference to the Web service implementation should never be passed to another object. A client should never access the Web service implementation directly. Doing so bypasses the container's request processing which may open security holes or cause anomalous behavior.

A client uses JNDI lookup to access a Service object that implements the Service Interface as defined by the [JAX-RPC] specification. The Service object is a factory used by the client to get a stub or proxy that implements the Service Endpoint Interface. The stub is the client representation of an instance of the Web service.

The Service Interface can be a generic javax.xml.rpc.Service interface or a Generated Service Interface, which extends javax.xml.rpc.Service, as defined by JAX-RPC. Further references in this document to the Service Interface refer to either the generic or generated version, unless noted otherwise.

The client has no control over the life cycle of the Web service implementation on the server. A client does not create or destroy instances of a Web service, which is referred to as a Port. The client only accesses the Port. The life cycle of the Ports, or instances of a Web service implementation, are managed by the run-time that hosts the Web service. A Port has no identity. This means that a client cannot compare a Port to other Ports to see if they are the same or identical, nor can a client access a specific Port instance. A client cannot tell if a server crashes and restarts if the crash and restart complete in between Web service access.

A client developer starts with the Service Endpoint Interface and Service Interface. How a developer obtains these is out of scope, but includes having the Web service provider supply them or tools generate them from a WSDL definition supplied by the Web service provider. These tools operate according to the JAX-RPC rules for WSDL->Java mapping. A client developer does not need to generate stubs during development, nor are they encouraged to do so. The client should use the interfaces, and not the stubs. Stubs will be generated during deployment and will be specific to the vendor's run-time the client will run in.

Each client JNDI lookup of a Web service is by a logical name. A client developer chooses the logical name to be used in the client code and declares it along with the required Service Interface in a Web service client deployment descriptor. The client should use the interfaces, and not the stubs.

The Service Interface methods can be categorized into two groups: stub/proxy and DII. The stub/proxy methods provide both service specific (client requires WSDL knowledge) and service agnostic (does not require WSDL knowledge) access to Ports. The DII methods are used when a client needs dynamic, non-stub based communication with the Web service.

A client can use the stub/proxy methods of the Service Interface to get a Port stub or dynamic proxy. The WSDL specific methods can be used when the full WSDL definition of the service is available to the client developer. The WSDL agnostic methods must be used if the client developer has a partial WSDL definition that only contains only the portType and bindings.

4.2. Specification

4.2.1. Service Lookup

The client developer is required to define a logical JNDI name for the Web service called a service reference. This name is specified in the deployment descriptor for the client. It is recommended, but not required that all service reference logical names be organized under the service subcontext of a JNDI name space. The container must bind the Service Interface implementation under the client's environment context, java:comp/env, using the logical name of the service reference. In the following examples, the logical service name declared in the client deployment descriptor is service/AddressBookService.

The container acts as a mediator on behalf of the client to ensure a Service Interface is available via a JNDI lookup. More specifically, the container must ensure that an implementation of the required Service Interface is bound at a location in the JNDI namespace of the client's choosing as declared by the service reference in the Web services client deployment descriptor. This is better illustrated in the following code segment:

     InitialContext ic = new InitialContext ();
     Service abf = (Service)ic.lookup(
          "java:comp/env/service/AddressBookService");

In the above example, the container must ensure that an implementation of the generic Service Interface, javax.xml.rpc.Service, is bound in the JNDI name space at a location specified by the developer. A similar code fragment is used for access to an object that implements a Generated Service Interface such as AddressBookService.

     InitialContext ic = new InitialContext ();
     AddressBookService abf = (AddressBookService)ic.lookup(
          "java:comp/env/service/AddressBookService");

A J2EE product provider is required to provide Service lookup support in the Web, EJB, and application client containers.

4.2.2. Service Interface

The Service Interface is used by a client to get a stub or dynamic proxy or a DII Call object for a Port. A container provider is required to support all methods of the Service interface except for the getHandlerRegistry() and getTypeMappingRegistry() methods as described in sections 4.2.2.7 and 4.2.2.8.

A client developer must declare the Service Interface type used by the application in the client deployment descriptor.

4.2.2.1 Stub/proxy access

The client may use the following Service Interface methods to obtain a static stub or dynamic proxy for a Web service:

     java.rmi.Remote getPort(QName portName, Class serviceEndpointInterface) throws ServiceException;
     java.rmi.Remote getPort(java.lang.Class serviceEndpointInterface) throws ServiceException;

The client may also use the additional methods of the Generated Service Interface to obtain a static stub or dynamic proxy for a Web service.

The container must provide at least one of static stub or dynamic proxy support for these methods as described in section 4.2.3. Port Stub and Dynamic Proxy. The container must ensure the stub or dynamic proxy is fully configured for use by the client, before it is returned to the client. The deployment time choice of whether a stub or dynamic proxy is returned by the getPort or get<port name> methods is out of the scope of this specification. Container providers are free to offer either one or both.

The container provider must provide Port resolution for the getPort(java.lang.Class serviceEndpointInterface) method. This is useful for resolving multiple WSDL ports that use the same binding or when ports are unknown at development time. A client must declare its dependency on container Port resolution for a Service Endpoint Interface in the client deployment descriptor. If a dependency for resolving the interface argument to a port is not declared in the client deployment descriptor, the container may provide a default resolution capability or throw a ServiceException.

4.2.2.2 Dynamic Port access

A client may use the following DII methods of a Service Interface located by a JNDI lookup of the client's environment to obtain a Call object:

     Call createCall() throws ServiceException;
     Call createCall(QName portName) throws ServiceException;
     Call createCall(QName portName, String operationName) throws ServiceException;
     Call createCall(QName portName, QName operationName) throws ServiceException;
     Call[] getCalls(QName portName) throws ServiceException;

A DII Call object may or may not be pre-configured for use depending on the method used to obtain it. See the [JAX-RPC] specification for details.

4.2.2.3 ServiceFactory

The JAX-RPC ServiceFactory class is not supported in a Web Services for J2EE product. The client must obtain a Service Interface using JNDI lookup as described in section 4.2.1. Service Lookup.

4.2.2.4 Service method use with full WSDL

A client developer may use all methods of the Service Interface (except as described in sections 4.2.2.7 and 4.2.2.8) if a full WSDL description and JAX-RPC mapping file are declared in the client deployment descriptor. The port address attribute may be absent from the WSDL or may be a dummy value.

4.2.2.5 Service method use with partial WSDL

A client developer may use the following methods of the Service Interface if a partial WSDL definition is declared in the client deployment descriptor:

Call createCall() throws ServiceException;
java.rmi.Remote getPort(java.lang.Class serviceEndpointInterface) throws ServiceException;
java.net.URL getWSDLDocumentLocation()

A partial WSDL definition is defined as a fully specified WSDL document which contains no service or port elements. The JAX-RPC mapping file specified by the developer will not include a service-interface-mapping in this case.

The container must throw a java.lang.UnsupportedOperationException if other methods of the Service Interface are called and the developer specifies a partial WSDL definition.

4.2.2.6 Service method use with no WSDL

A client developer may use the following methods of the Service Interface if no WSDL definition is specified in the client deployment descriptor:

     Call createCall() throws ServiceException;

If the wsdl-file is not specified in the deployment descriptor, the jaxrpc-mapping-file must not be specified.

The container must throw a java.lang.UnsupportedOperationException if other methods of the Service Interface are called and the developer does not specify a WSDL definition.

4.2.2.7 Handlers

Components should not use the getHandlerRegistry() method. A container provider must throw a java.lang.UnsupportedOperationException from the getHandlerRegistry() method of the Service Interface. Handler support is documented in Chapter 6. Handlers.

4.2.2.8 Type Mapping

Components should not use the getTypeMappingRegistry() method. A container provider must throw a java.lang.UnsupportedOperationException from the getTypeMappingRegistry() method of the Service Interface.

4.2.3. Port Stub and Dynamic Proxy

4.2.3.1 Identity

The Port Stub and Dynamic Proxy are a client's representation of a Web service. The Port that a stub or proxy communicates with has no identity within the client view. The equals() method cannot be used to compare two stubs or proxy instances to determine if they represent the same Port. The results of the equals(), hash(), and toString() methods for a stub are unspecified. There is no way for the client to ensure that a Port Stub, Dynamic Proxy, or Call will access a particular Port instance or the same Port instance for multiple invocations.

4.2.3.2 Type narrowing

Although the stub and dynamic proxy classes are considered Remote objects, a client is not required to use PortableRemoteObject.narrow(...). However, clients are encouraged to use PortableRemoteObject.narrow(...) to prevent confusion with client use of other Remote objects.

4.2.4. JAX_RPC Properties

The J2EE container environment changes the requirements for supporting the Stub/proxy properties defined within JAX-RPC.

4.2.4.1 Optional properties

Container providers are not required to support the following properties on the javax.xml.rpc.Stub and javax.xml.rpc.Call interfaces. If a setProperty() method call is made using the following properties and the Stub implementation does not support the property, the stub must throw a java.lang.UnsupportedOperationException exception.

USERNAME_PROPERTY & PASSWORD_PROPERTY - the client managed credential propogation properties.

A container provider is not required to support the USERNAME_PROPERTY and PASSWORD_PROPERTY properties on the Stub implementation. Container providers are responsible for obtaining credential information and passing it to the server based on authentication requirements for a given request. For example, when submitting a HTTP request to access a Web service and the server is configured to require HTTP Basic authentication, the container must obtain a userid and password and add a HTTP Authorization header to the HTTP request. In the case where a client certificate is required for an HTTP request, the container is responsible for establishing a HTTPS connection with mutual SSL by making the client certificate available to the underlying SSL layer.

The J2EE 1.3 specification section 9.2 describes the mechanism by which a client may programmatically supply authentication information to the container by implementing the javax.security.auth.callback.CallbackHandler interface.

SESSION_MAINTAIN_PROPERTY - session management configuration.

A container provider is not required to support the SESSION_MAINTAIN_PROPERTY property on the Stub implementation. The container management and configuration of participation in an HTTP Session is specific to the container implementation and end user requirements. Containers are expected to provide a means for an end user to select whether or not they want to participate in an HTTP Session, but there is no standard requirement for defining this.

Participation in an HTTP Session is specific to the JAX-RPC Service Endpoint model and does not necessarily pertain the Session EJB model for implementing a Web service. A client may receive an error if it invokes a Web service that requires HTTP Session participation and the client is configured not to participate in an HTTP Session.

4.2.4.2 Required properties

ENDPOINT_ADDRESS_PROPERTY - dynamic endpoint address assignment.

A container provider is required to support the ENDPOINT_ADDRESS_PROPERTY to allow components to dynamically redirect a Stub/proxy to a different URI.

4.2.5. JAX-RPC Custom Serializers / Deserializers

The use of JAX-RPC custom serializers / deserializers is out of scope for this version of the specification. JAX-RPC customer serializers / deserializers are not portable across Web Services for J2EE providers and are therefore not included as part of the portable deployment unit. It is expected that vendors will provide proprietary solutions to this problem until it has been addressed by a future version of JAX-RPC.

4.2.6. Packaging

The developer is responsible for packaging, either by containment or reference, the WSDL file, Service Endpoint Interface class, Generated Service Interface class (if used), their dependent classes, and JAX-RPC Mapping Files, along with a Web services client deployment descriptor in a J2EE module. The location of the Web services client deployment descriptor in the module is module specific. WSDL files are located relative to the root of the module and are typically co-located with the module's deployment descriptor. JAX-RPC Mapping Files are located relative to the root of the module and are typically co-located with the WSDL file. The developer must not package generated stubs.

5. Server Programming Model

This chapter defines the server programming model for Web Services for J2EE. A WSDL document defines the interoperability of Web services and includes the specification of transport and wire format requirements. In general, WSDL places no requirement on the programming model of the client or the server. Web Services for J2EE defines two methods of implementing a Web service. It requires the JAX-RPC Servlet container based Java class programming model for implementing Web services that run in the Web container and it requires the Stateless Session EJB programming model for implementing Web services that run in the EJB container. These two implementation methods provide a means for defining a Port component to bring portable applications into the Web Services programming paradigm. This specification also requires that a developer be able to start simple and grow up to use more complex qualities of service. The following sections define the requirements for Port components.

5.1. Goals

Port components address the following goals:

Provide a portable Web services programming model
Provide a server programming model which maintains a consistent client view. The client must not be required to know how the service is implemented.
Provide path to start simple and grow to more complex run-time service requirements
Leverage existing J2EE container functionality
Leverage familiar programming models

5.2. Concepts

A Port component (sometimes referred to as Port) defines the server view of a Web service. Each Port services a location defined by the WSDL port address. A Port component services the operation requests defined by a WSDL PortType. Every Port component has a Service Endpoint Interface and a Service Implementation Bean. The Service Endpoint Interface is a Java mapping of the WSDL PortType and binding associated with a WSDL port. The Service Implementation Bean can vary based on the container the Port is deployed in, but in general it is a Java class which implements the methods defined by the Service Endpoint Interface. WSDL ports, which differ only in address, are mapped to separate Port components, each with its own potentially unique but probably shared Service Implementation Bean. Figure 5 illustrates this below.

Figure 5 container

container

A Port's life cycle is specific to and completely controlled by the container, but in general follows the same life cycle of the container itself. A Port is created and initialized by the container before the first request received at the WSDL port address can be serviced. A Port is destroyed by the container whenever the container feels it is necessary to do so, such as when the container is shutting down.

The implementation of a Port and the container it runs in are tied. A JAX-RPC Service Implementation Bean always runs in a Web container. An EJB Service Implementation Bean always runs in an EJB container.

The Port component associates a WSDL port address with a Service Implementation Bean. In general the Port component defers container service requirement definition to the J2EE component's deployment descriptor. This is discussed further in Chapters 6.3. Packaging and 7.3. JAX-RPC Mapping Deployment Descriptor. A container provides a listener for the WSDL port address and a means of dispatching the request to the Service Implementation. A container also provides run-time services such as security constraints and logical to physical mappings for references to distributed objects and resources.

5.3. Port Component Model Specification

A Port component defines the programming model artifacts that make the Web Service a portable server application. The association of a Port component with a WSDL port provides for interoperability. The programming model artifacts include:

WSDL document - Although not strictly a programming model artifact, the WSDL document provides a canonical description of a Web service that may be published to third parties. A WSDL document and the Service Endpoint Interface are related by the JAX-RPC WSDL<->Java mapping rules. Support for OUT and IN/OUT parameters is optional for the EJB container.

Service Endpoint Interface (SEI) - This interface defines the methods that are implemented by the Service Implementation Bean. Support for Holder parameters is optional for the EJB container.

Service Implementation Bean - The Service Implementation Bean is a Java class that provides the business logic of the Web service. In addition, it defines the Port component contract for the container, which allows the business logic to interact with container services. It implements the same methods and signatures of the SEI, but is not required to implement the SEI itself.

Security Role References - The Port may declare logical role names in the deployment descriptor. These logical role names are reconciled across the modules by the assembler and mapped to physical roles at deployment time and allow the service to provide instance level security checks.

A developer declares a Port component within a Web services deployment descriptor. The deployment descriptor includes the WSDL document that describes the PortType and binding of the Web service. A deployer and the deploy tool handles the mapping of the Port into a container.

5.3.1. Service Endpoint Interface

The Service Endpoint Interface (SEI) must follow the JAX-RPC rules for WSDL<->Java mapping. The SEI is related to the WSDL PortType and WSDL bindings by these rules. The SEI is required for use by the deployment tools and parallel client development. The Port component developer is responsible for providing both the WSDL document with a minimum of the PortType and binding defined and the SEI and for keeping the two in sync with each other.

JAX-RPC defines Holders as non-serializable classes which cannot be implemented by the remote interface of an Enterprise JavaBean. Therefore, support for an SEI which uses Holders for parameters is not required for Port components deployed in the EJB container.

5.3.2. Service Implementation Bean

There are two ways a Service Implementation Bean can be implemented. This includes a Stateless Session EJB and JAX-RPC service endpoint as defined by Chapter 10 of the [JAX-RPC] specification. The two programming models are fully defined in sections 5.3.2.1 and 5.3.2.2.

A container may use any bean instance to service a request.

5.3.2.1 EJB container programming model

A Stateless Session Bean, as defined by sections 7.8-7.10 of the [EJB] specification, can be used to implement a Web service to be deployed in the EJB container.

A Stateless Session Bean does not have to worry about multi-threaded access. The EJB container is required to serialize request flow through any particular instance of a Service Implementation Bean.

The requirements for creating a Service Implementation Bean as a Stateless Session EJB are repeated in part here.

The Service Implementation Bean must have a default public constructor.
The Service Implementation Bean may implement the Service Endpoint Interface, but it is not required to do so. The bean must implement all the method signatures of the SEI. The Service Implementation Bean methods are not required to throw javax.rmi.RemoteException. The business methods of the bean must be public and must not be final or static. It may implement other methods in addition to those defined by the SEI.
A Service Implementation Bean must be a stateless object. A Service Implementation Bean must not save client specific state across method calls either within the bean instance's data members or external to the instance.
The class must be public, must not be final and must not be abstract.
The class must not define the finalize() method.
Currently, it must implement the ejbCreate() and ejbRemove() methods which take no arguments. This is a requirement of the EJB container, but generally can be stubbed out with an empty implementations.

5.3.2.1.1 The required SessionBean interface

Currently, a Stateless Session Bean must implement the javax.ejb.SessionBean interface either directly or indirectly.

This interface allows the container to notify the Service Implementation Bean of impending changes in its state. The full requirements of this interface are defined in the Enterprise JavaBeans specification 2.0 section 7.5.1.

5.3.2.1.2 Allowed access to container services

The [EJB] specification section 7.8.2 defines the allowed container service access requirements.

5.3.2.1.3 Exposing an existing EJB

An existing Enterprise JavaBean may be used as a Service Implementation Bean if it meets the following requirements:

The business methods of the EJB bean class must meet the Service Implementation Bean requirements defined in section 5.3.1. Service Endpoint Interface.
The Service Endpoint Interface methods must be a subset of the remote interface methods of the EJB and the SEI must meet the requirements described in the [JAX-RPC] specification for Java->WSDL mapping.
The transaction attributes of the SEI methods must not include Mandatory.

The developer must package the Web service as described in section 5.4. Packaging and must specify an ejb-link from the port in the Web services deployment descriptor to the existing EJB.

5.3.2.2 Web container programming model

The term JAX-RPC Service Endpoint used within the [JAX-RPC] specification is somewhat confusing since both Service Implementation Beans require the use of a JAX-RPC run time. However, in this case it refers to the programming model defined within the [JAX-RPC] specification that is used to create Web services that run within the Web container. The requirements are repeated here with clarification. Changes from the JAX-RPC defined programming model are required for running in a J2EE container-managed environment.

A JAX-RPC Service Endpoint can be single or multi-threaded. The concurrency requirement is declared as part of the programming model. A JAX-RPC Service Endpoint must implement javax.servlet.SingleThreadModel if single threaded access is required by the component. A container must serialize method requests for a Service Implementation Bean that implements the SingleThreadModel interface.

The Service Implementation Bean must follow the Service Developer requirements outlined in the [JAX-RPC] specification and are listed below except as noted.

The Service Implementation Bean must have a default public constructor.
The Service Implementation Bean may implement the Service Endpoint Interface, but it is not required to do so. The bean must implement all the method signatures of the SEI. The business methods of the bean must be public and must not be final or static. It may implement other methods in addition to those defined by the SEI.
A Service Implementation must be a stateless object. A Service Implementation Bean must not save client specific state across method calls either within the bean instance's data members or external to the instance. A container may use any bean instance to service a request.
The class must be public, must not be final and must not be abstract.
The class must not define the finalize() method.

5.3.2.2.1 The optional ServiceLifecycle Interface

A Service Implementation Bean for the Web container may implement the java.xml.rpc.server.ServiceLifeCycle interface:

     package javax.xml.rpc.server;
     public interface ServiceLifecycle {
     void init(Object context) throws ServiceException;
     void destroy();
     }

The ServiceLifeCycle interface allows the Web container to notify a Service Implementation Bean instance of impending changes in its state. The bean may use the notification to prepare its internal state for the transition. If the bean implements the ServiceLifeCycle interface, the container is required to call the init and destroy methods as described below.

The container must call the init method before it can start dispatching requests to the SEI methods of the bean. The init method parameter value provided by the container is described by the [JAX-RPC] specification. The bean may use the container notification to ready its internal state for receiving requests.

The container must notify the bean of its intent to remove the bean instance from the container's working set by calling the destroy method. A container may not call the destroy method while a request is being processed by the bean instance. The container may not dispatch additional requests to the SEI methods of the bean after the destroy method is called.

5.3.2.2.2 Allowed access to container services

The container provides certain services based on the life cycle state of the Service Implementation Bean. The table below describes the services that may be accessed within the various methods of the bean. If the bean attempts to access container services which are not allowed, a java.lang.IllegalStateException will be thrown.

Table 1: Allowed access to container services

Bean Method Allowed container support

constructor

init JNDI lookup of java:comp/env

destroy
Business methods of the SEI ServletEndpointContext methods
resource managers
enterprise beans.

5.3.3. Service Implementation Bean Life Cycle

The life cycle of a Service Implementation Bean is controlled by the container and is illustrated in Figure 6. The methods called by the container are container/bean specific, but in general are quite similar. Figure 6 illustrates the life cycle in the Web container. The EJB container life cycle may be found in the [EJB] specification section 7.8.1.

Figure 6 Service Implementation Bean life cycle in the Web container

Service Implementation Bean life cycle in the Web container

The container services requests defined by a WSDL port. It does this by creating a listener for the WSDL port address, receiving requests and dispatching them on a Service Implementation Bean. Before a request can be serviced, the container must instantiate a Service Implementation Bean and ready it for method requests.

A container readies a bean instance by first calling newInstance on the Service Implementation Bean class to create an instance. The container then calls the life cycle methods on the Service Implementation Bean that are specific to the container. For the Web container, it calls the init method on the instance if the Service Implementation Bean class implements the ServiceLifecycle interface. For the EJB container, it calls the setSessionContext and ejbCreate methods.

A Service Implementation Bean instance has no identity.

A container may pool method ready instances of a Service Implementation Bean and dispatch a method request on any instance in a method ready state.

The container notifies a Service Implementation Bean instance that it is about to be removed from Method Ready state by calling container/bean specific life cycle methods on the instance. For the Web container, the destroy method is called. For the EJB container, the ejbRemove method is called.

5.3.4. JAX-RPC Custom Serializers / Deserializers

5.4. Packaging

Port components may be packaged in a WAR file, or EJB JAR file. Port components packaged in a WAR file must use a JAX-RPC Service Endpoint for the Service Implementation Bean. Port components packaged in a EJB-JAR file must use a Stateless Session Bean for the Service Implementation Bean.

The developer is responsible for packaging, either by containment or reference, the WSDL file, Service Endpoint Interface class, Service Implementation Bean class, and their dependent classes, JAX-RPC mapping file along with a Web services deployment descriptor in a J2EE module. The location of the Web services deployment descriptor in the module is module specific. WSDL files are located relative to the root of the module and are typically co-located with the module deployment descriptor. Mapping files are located relative to the root of the module and are typically co-located with the WSDL file.

5.4.1. EJB Module Packaging

Stateless Session EJB Service Implementation Beans are packaged in an EJB-JAR that contains the class files and WSDL files. The packaging rules follow those defined by the Enterprise JavaBeans specification. In addition, the Web services deployment descriptor location within the EJB-JAR file is META-INF/webservices.xml.

5.4.2. Web App Module Packaging

JAX-RPC Service Endpoints are packaged in a WAR file that contains the class files and WSDL files. The packaging rules for the WAR file are those defined by the Servlet specification. A Web services deployment descriptor is located in a WAR at WEB-INF/webservices.xml.

5.4.3. Assembly within an EAR file

Assembly of modules containing port components into an EAR file follows the requirements defined by the J2EE specification.

5.5. Transactions

The methods of a Service Implementation Bean run under a transaction context specific to the container. The Web container runs the methods under an unspecified transaction context. The EJB container runs the methods under the transaction context defined by the container-transaction element of the EJB deployment descriptor.

5.6. Container Provider Responsibilities

In addition to the container requirements described above a container provider must provide a JAX-RPC runtime.

It is the responsibility of the container provider to support processing JAX-RPC compliant requests and invoking Ports as described above. The application server must support deployment of these Ports. This specification prescribes the use of the JAX-RPC Java<->WSDL and Java<->XML Serialization framework for all XML Protocol based Web service bindings. For JAX-RPC inbound messages, the container will act as the JAX-RPC server side runtime. It is responsible for:

Listening on a well known port or on the URI of the Web service implementation (as defined in the service's WSDL after deployment) for SOAP/HTTP bindings.
Parsing the inbound message according to the Service binding.
Mapping the message to the implementation class and method according to the Service deployment data.
Creating the appropriate Java objects from the SOAP envelope according to the [JAX-RPC] specification.
Invoking the Service Implementation Bean handlers and instance method with the appropriate Java parameters.
Capturing the response to the invocation if the style is request-response
Mapping the Java response objects into SOAP message according to the [JAX-RPC] specification.
Creating the message envelope appropriate for the transport
Sending the message to the originating Web service client.

6. Handlers

This chapter defines the programming model for handlers in Web Services for J2EE. Handlers define a means for an application to access the raw SOAP message of a request. This access is provided on both the client and server. Handlers are not part of the WSDL specification and are therefore not described in it. See chapter 6.3. Packaging for declaration of handlers within deployment descriptors. The [JAX-RPC] specification defines the Handler APIs in chapter 12. This specification defines Handler use within a J2EE environment.

6.1. Concepts

A Handler can be likened to a Servlet Filter in that it is business logic that can examine and potentially modify a request before it is processed by a Web Service component. It can also examine and potentially modify the response after the component has processed the request. Handlers can also run on the client before the request is sent to the remote host and after the client receives a response.

JAX-RPC Handlers are specific to SOAP requests only and cannot be used for other non-SOAP Web services. Handlers may be transport independent. For instance, a Handler as defined by JAX-RPC may be usable for SOAP/JMS in addition to SOAP/HTTP if a JMS protocol binding was available. Handlers for non-SOAP encodings have not been defined yet.

Handlers are service specific and therefore associated with a particular Port component or port of a Service interface. This association is defined in the deployment descriptors in section 7.1 7.1. Web Services Deployment Descriptor and 7.2 7.2. Web Service Client Deployment Descriptor respectively. They are processed in an ordered fashion called a HandlerChain, which is defined by the deployment descriptors.

There are several scenarios for which Handlers may be considered. These include application specific SOAP header processing, logging, and caching. A limited form of encryption is also possible. For application specific SOAP header processing, it is important to note that the client and server must agree on the header processing semantics without the aid of a WSDL description that declares the semantic requirements. Encryption is limited to a doc/literal binding in which the SOAP message part maps to a SOAPElement. In this case, a value within the SOAPElement may be encrypted as long as the encryption of that value does not change the structure of the SOAPElement.

Some Handler scenarios described within the [JAX-RPC] specification on not supported by this specification. For example, auditing cannot be fully supported because there is no means for a Handler to obtain the Principal. The secure stock quote example cannot be supported as stated because encrypting the body would prevent the container from determining which Port component the request should be directed to and therefore which Handler should decrypt the body.

A Handler always runs under the execution context of the application logic. On the client side, the Stub/proxy controls Handler execution. Client side Handlers run after the Stub/proxy has marshaled the message, but before container services and the transport binding occurs. Server side Handlers run after container services have run including method level authorization, but before demarshalling and dispatching the SOAP message to the endpoint. Handlers can access the the java:comp/env context for accessing resources and environment entries defined by the Port component the Handler is associated with.

Handlers are constrained by the J2EE managed environment. Handlers are not able to re-target a request to a different component. Handlers cannot change the WSDL operation nor can Handlers change the message part types and number of parts. On the server, Handlers can only communicate with the business logic of the component using the MessageContext. On the client, Handlers have no means of communicating with the business logic of the client. There is no standard means for a Handler to access the security identity associated with a request, therefore Handlers cannot portably perform processing based on security identity.

The life cycle of a Handler is controlled by the container.

Handlers are associated with the Port component on the server and therefore run in both the Web and EJB containers. This specification makes Handler support in the EJB container optional due to the required EJB container changes that would be necessary to implement Handler support. It is expected that EJB Handler support will be made required in a future J2EE specification.

6.2. Specification

This section defines the requirements for JAX-RPC Handlers running in Web Services for J2EE. Chapter 12 of the [JAX-RPC] specification defines the programming model requirements. Differences between this specification and the [JAX-RPC] specification are noted in boxed paragraphs.

6.2.1. Scenarios

Handlers must be able to support the following scenarios:

Scenario 1: Handlers must be able to transform the SOAP header. One example is the addition of a SOAP header for application specific information, like customerId, by the handler.

Scenario 2: Handlers must be able to transform just parts of the body. This might include changing part values within the SOAP body. Encryption of some parameter values is an example of this scenario.

Scenario 3: Handlers must be able to just read a message where no additions, transformations, or modification to the message is made. Common scenarios are logging, metering, and accounting.

6.2.2. Programming Model

A Web Services for J2EE provider is required to provide the following interfaces and classes of the javax.xml.rpc.handler package.

Handler
HandlerRegistry
MessageContext
GenericHandler
HandlerInfo

The HandlerChain interface is not required. The HandlerChain functionality is provided in a container specific manner. It is not used by application code. A container provider is not required to use the HandlerChain interface to implement the chain functionality.

The HandlerInfosetHandlerConfig() and getHandlerConfig() methods do not affect the container's Handler request processing.

A Web Services for J2EE provider is not required to provide an implementation of HandlerRegistry. This functionality is specific to the container.

A Web Services for J2EE provider is required to provide an implementation of MessageContext.

A Web Services for J2EE provider is required to provide all the interfaces of the javax.xml.rpc.handler.soap package. The provider must also provide an implementation of the SOAPMessageContext interface.

The programming model of a Port component can be single-threaded or multi-threaded as defined in sections 5.3.2.1 EJB container programming model and 5.3.2.2. Web container programming model. The concurrency of a JAX-RPC Handler must match the concurrency of the business logic it is associated with. Client handlers may need to support multi-threaded execution depending on the business logic which is accessing the Port.

Handlers must be loaded using the same class loader the application code was loaded with. The class loading rules follow the rules defined for the container the Handler is running in.

6.2.2.1 Handler Life Cycle

The life cycle of a Handler is controlled by the container and is illustrated in Figure 7.

Figure 7 Handler life cycle

Handler life cycle

The init and destroy methods of the Handler interface allows the container to notify a Handler instance of impending changes in its state. The Handler may use the notification to prepare its internal state for the transition. The container is required to call the init and destroy methods as described below.

The container must call the init method before it can start dispatching requests to the handleRequest(), handleResponse(), and handleFault() methods of the Handler. The Handler may use the container notification to ready its internal state for receiving requests.

The container must notify the Handler of its intent to remove the instance from the container's working set by calling the destroy method. A container must not call the destroy method while a request is being processed by the Handler instance. The container must not dispatch additional requests to the Handler interface methods after the destroy method is called.

As defined by JAX-RPC, a RuntimeException (other than SOAPFaultException) thrown from any method of the Handler results in the destroy method being invoked and transition to the "Does Not Exist" state.

Pooling of Handler instances is allowed, but is not required. If Handler instances are pooled, they must be pooled by Port component. This is because Handlers may retain non-client specific state across method calls that are specific to the Port component. For instance, a Handler may initialize internal data members with Port component specific environment values. These values may not be consistent when a single Handler type is associated with multiple Port components. Any pooled instance of a Port component's Handler in a Method Ready state may be used to service the handleRequest(), handleResponse(), and handleFault() methods. It is not required that the same Handler instance service both the handleRequest() and handleResponse() or handleFault() method invocations of any given request.

6.2.2.2 Security

Handlers associated with a Port component run after authorization has occurred and before the business logic method of the Service Implementation bean is dispatched to. For JAX-RPC Service endpoints, Handlers run after the container has performed the security constraint checks associated with the servlet element that defines the Port component. For EJB based service implementations, Handlers run after method level authorization has occurred.

A Handler must not change the message in any way that would cause the previously executed authorization check to execute differently. A Handler.handleRequest() method must not change the operation name, number of parts in the message, or types of the message parts. A container must throw a java.rmi.MarshalException or java.rmi.UnmarshalException back to the client if the Handler does this. Although, not strictly required for security reasons, a Handler.handleResponse() method must not change the number of parts in the message, or types of the message parts. A container must throw a MarshalException or UnmarshalException back to the client if the Handler does this. A container should log occurrences of these errors since the client may not be expecting a response (i.e. it may be a one-way invocation).

A handler may perform programmatic authorization checks if the authorization is based solely on the MessageContext and the component's environment values. A Handler cannot perform role based programmatic authorization checks nor can a Handler access the Principal associated with the request.

The Java 2 security permissions of a Handler follow the permissions defined by the container it runs in. The application client, Web, and EJB containers may have different permissions associated with them. If the provider allows defining permissions on a per application basis, permissions granted to a Handler are defined by the permissions granted to the application code it is packaged with. See section J2EE.6.2.3 of the J2EE 1.3 specification for more details.

6.2.2.3 Transactions

Handlers run under an unspecified transaction context.

In general Handlers follow the same requirements as Servlet filters regarding transactions. Handlers must not demarcate transactions using the javax.transaction.UserTransaction interface. Handlers may use transactional resources in a local transaction mode, but should not use transactional resources in the methods of any objects used to wrap the MessageContext.

6.2.3. Developer Responsibilities

A developer is not required to implement a Handler. Handlers are another means of writing business logic associated with processing a Web services request. A developer may implement zero or more Handlers that are associated with a Port component and/or a Service reference. If a developer implements a Handler, they must follow the requirements outlined in this section.

A Handler is implemented as a stateless instance. A Handler does not maintain any message processing (client specific) related state in its instance variables across multiple invocations of the handle method.

A Handler class must implement the java.xml.rpc.handler.Handler interface.

A Handler.handleXXX() method may access the component's environment entries by using JNDI lookup of the "java:comp/env" contenxt and accessing the env-entry-names defined in the deployment descriptor by performing a JNDI lookup. See chapter 20 of the [EJB] specification for details. The container may throw a java.lang.IllegalStateException if the environment is accessed from any other Handler method and the environment is not available. In addition, the Handler may use HandlerInfo.getHandlerConfig() method to access the Handler's init-params declared in the deployment descriptor.

The Handler.init() method must retain the information defined by HandlerInfo.getHeaders().

A Handler implementation must implement the getHeaders() method to return the results of the HandlerInfo.getHeaders() method. The headers that a Handler declares it will process (i.e. those returned by the Handler.getHeaders() method must be defined in the WSDL definition of the service.

A Handler implementation should test the type of the MessageContext passed to the Handler in the handle<action>() methods. Although this specification only requires support for SOAP messages and the container will pass a SOAPMessageContext in this case, some providers may provide extensions that allow other message types and MessageContext types to be used. A Handler implementation should be ready to accept and ignore message types which it does not understand.

A Handler implementation must use the MessageContext to pass information to other Handler implementations in the same Handler chain and, in the case of the JAX-RPC service endpoint, to the Service Implementation Bean. A container is not required to use the same thread for invoking each Handler or for invoking the Service Implementation Bean.

A Handler may access the complete SOAP message and can process both SOAP header blocks and body if the handle<action>() method is passed a SOAPMessageContext.

A SOAPMessageContext Handler may add or remove headers from the SOAP message. A SOAPMessageContext Handler may modify the header of a SOAP message if it is not mapped to a parameter or if the modification does not change value type of the parameter if it is mapped to a parameter. A Handler may modify part values of a message if the modification does not change the value type.

A Handler may access transactional resources in a local transaction mode.

Handlers that define application specific headers should declare the header schema in the WSDL document for the component they are associated with, but are not required to do so.

6.2.4. Container Provider Responsibilities

A Handler chain is processed according to the [JAX-RPC] specification section 12.2.2. The process order defaults to the order the handlers are defined in the deployment descriptor and follow the [JAX-RPC] specification section 12.1.4 processing order.

A container is required to provide an instance of a java.util.Map object in the HandlerInfo instance. The HandlerInfo.getHeaders() method must return the set of soap-headers defined in the deployment descriptor. The Map object must provide access to each of the Handler's init-param name/value pairs declared in the deployment descriptor as java.lang.String values. The container must provide a unique HandlerInfo instance and Map config instance for each Handler instance. A unique Handler instance must be provider for each Port component declared in the deployment descriptor.

The container must call the init() method within the context of a Port component's environment. The container must ensure the Port component's env-entrys are setup for the init method to access.

The container must provide a MessageContext type unique to the request type. For example, the container must provide a SOAPMessageContext to the handle<action>() methods of a Handler in a handler chain when processing a SOAP request. The SOAPMessageContext must contain the complete SOAP message.

The container must share the same MessageContext instance across all Handler instances and the target endpoint that are invoked during a single request and response or fault processing on a specific node.

The container must setup the Port component's execution environment before invoking the handle<action>() methods of a handler chain. Handlers run under the same execution environment as the Port component's business methods. This is required so that handlers have access to the Port component's java:comp/env context.

A container provider is not required to support Handlers for Port component's that run in the EJB container. It is expected this will be required when this specification is included in J2EE 1.4.

6.3. Packaging

A developer is required to package, either by containment or reference, the Handler class and its dependent classes in the module with the deployment descriptor information that references the Handler classes. A developer is responsible for defining the handler chain information in the deployment descriptor.

6.4. Object Interaction Diagrams

This section contains object interaction diagrams for handler processing. In general, the interaction diagrams are meant to be illustrative.

6.4.1. Client Web service method access

Figure 8 Client method invoke handler OID

Client method invoke handler OID

6.4.2. EJB Web service method invocation

Figure 9 EJB Web service method invocation handler processing part 1

EJB Web service method invocation handler processing part 1

7. Deployment Descriptors

This chapter describes the various deployment descriptors used for Web Services for J2EE and the roles responsible for defining the information within the deployment descriptors.

7.1. Web Services Deployment Descriptor

This section defines the content of the webservices.xml file, location within modules, roles and responsibilities, and the format.

7.1.1. Overview

The webservices.xml deployment descriptor file defines the set of Web services that are to be deployed in a Web Services for J2EE enabled container. The packaging of the webservices.xml deployment descriptor file is defined in sections 5.4.1. EJB Module Packaging and 5.4.2. Web App Module PackagingWeb services are defined by WSDL documents as described by section 3.2. Web Service. The deployment descriptor defines the WSDL port to Port component relationship. Port components are defined in Chapter 5. Server Programming Model.

7.1.2. Developer responsibilities

The developer is responsible not only for the implementation of a Web service, but also for declaring its deployment characteristics. The deployment characteristics are defined in both the module specific deployment descriptor and the webservices.xml deployment descriptor. Service Implementations using a stateless session bean must be defined in the ejb-jar.xml deployment descriptor file using the session element. Service Implementations using a JAX-RPC Service Endpoint must be defined in the web.xml deployment descriptor file using the servlet-class element. See the [EJB] and Servlet 2.3 specifications for additional details on developer requirements for defining deployment descriptors. The developer is also required to provide structural information that defines the Port components within the webservices.xml deployment descriptor file. The developer is responsible for providing the set of WSDL documents that describe the Web services to be deployed, the Java classes that represent the Web services, and the mapping that correlates the two.

The developer is responsible for providing the following info