what are web services(Rmi,ejb,soap)? what is the difference between web services and web application? Is it possible to implement web services in web application?
A web service is a way to transmit/expose information in such a way that a Web Service client, which can created in a server script or from a stand-alone program, can call the service for what it wants using methods and functions defined by the service.
One of the benefits of a web service is that it abstracts these methods and functions (and variable types) in such a way that any language that "speaks" web services can use it's own syntax to interface with the service (thus making it cross-language).
Another benefit is that it uses the HTTP protocol (usually transmitting via XML or JSON, but not necessarily either), so it's also cross-platform.
A huge benefit is that an application that typically requires very specific knowledge and software can "expose" information via a web-service. So if you're corporate mainframe has tons of top-secret data that typically requires a terminal client, etc, to get data, certain data can be accessed via a Web Service so that you can have your HR department download and upload timesheet changes from a web site.
A web app can certainly include a web service, but they are not the same thing. You can make a web service using PHP or .NET, and then have a web app written in either language interface with that service, but a web app tends to be an interface for the site you're on, while a web service is about getting info to and from other apps (web or not).
web app is user interface, access by humans, user can browse data , can submit and retrieve data. All user interactivity (the GUI) is done through web pages, but all data is stored and manipulated on the server.
Web service server-based application and meant for interaction with other programs.
A web service is a way to expose some business logic you have over the internet. Say you got a module that connects to the database and does something. You can let other applications on the internet use this module of yours via web services. Web services uses SOAP over HTTP to invoke the request and retrieve the response in XML.
Web application - Person-to-server with HTTP, HTML
Web service - Server-to-server with HTTP, SOAP, XML
Related
im planning to develop a webapplication using java and HTML implementing as REST Services and confused how ot start with what technologies..
As a First step my first requirement is just creating a login HTML page and create REST SERVICE for LOGIN which validates the user by connecting to Database and generates a session and next page say shopping page.
Please suggest the Java jars,ide, etc to start.
Sorry, your problem is very complex.
To make a website such as shopping page, you can write code with REST services or no need.
If REST Services is used, you must build and setup 2 system/application: web app & server app. (front-end & back-end). With any system/app, you need technologies its own.
To done, you must know many knowledges such as:
API, Rooter, OOP, MVC, how to connect DB,...
There are many IDE such as Eclipse,... or only need a Editor with a few plugin.
I'm building a mobile front-end for my customer's CRM system. CRM data is stored in a SQL Server database in their local network. What will be the best practice to make this data available to mobile app users. Mobile app will be distributed using Enterprise key, not via App Store.
I'm thinking about making a WCF service running on a local server and having access to the SQL server via ethernet. This service will provide basic authentication. But I'm not sure if it's the best way in terms of security.
How to provide access to SQL server data?
A WCF web service can definitely be used as a SQL front end. Windows or JavaScript-based client applications running on hand-held devices have no trouble accessing WCF applications, and there's plenty of sample code out there about using a WCF app as a front-end to databases. Here's a sample project from CodeProject.
Security wise, there are several options: you could create a Login(ID, PWD) function that all non-authenticated user requests would have to pass through before getting to your SQL server. Once the user authenticates, you can create a persistant session or send back to the client a SessionID he/she can use to re-authenticate on subsequent requests. You can also use more exotic and complex methods for authentication/authorization like client certificates and Forms, though on a iOS or Android device that will certainly take some extra work.
Since a public web service, accessing company core data, is a hacker's dream, you can always set up your web service so that it can only be accessed from inside the company firewalls via VPN. If not that, then you can use SSL or message-level encryption.
I have few basic questions on session management in GWTP.
Client : GWTP, Server - Restful WebServices using Guice and Jersey.
Application session management is straightforward when i have the backend service with RPC mechanism. But, With GWT client running on android and server side logic exposed as Restful Web services using Jersey, how do we maintain session because Restful WS are stateless. Now how do we achieve user session in this case?
Regarding session management there is no difference whether you use GWT's RPC, RequestFactory or RequestBuilder.
Communication in the web is basically stateless regardless of the communication protocol you are using.
Traditionally session management is done via server side sessions.
However RESTfull services are not supposed to rely on server side sessions as it violates restful principle.
So basically there are two ways to do it:
If you don't care much about violating the restful principles you can deploy server side sessions (see here for more details).
use OAuth (https://wikis.oracle.com/display/Jersey/OAuth)
somehow pass the credentials/securityToken for every request to your backend. You can probably do that by using GWTP's ClientActionHandlers.
After going throught lot of comments from different people, here what I have thought of doing.
My application can be accessed from Browser based app and Mobile devices as well. Application was written the http session management in server at first for browser based app. Now while getting Mobile client, we have implemented Rest web services, with same service layer for mobile device and browser client as well.
When user logs in with mobile device, we are creating a unique auth token and we store the http session with this token ID as key, value map in app. Later on we expect every user request from mobile device to return this token, and using this token get the session from map and continue.
Does anybody has any opinion on this approach?
Regardless of whether I create a RESTful Web service to be consumed by Ajax in my own pages, or by any user, I can provide the same functionality (data) to the application or user using a simple servlet.
I mean the user or application don't see any different between response provided by a simple servlet or respone provided by a RESTful web service. So, I'm guessing that the benefit is on the server side and to the developers. Can someone please tell me what are the benefits of using RESTful web services.
I appreciate any respone
By definition a webservice is intended to be consumed by any client granted access. If the client you are developing is the only application that you will ever need or want to access the resource then there is little benefit to creating a webservice. However, if you want to make the resource available as a service endpoint for more than just this application in a way that is implementation agnostic then a Restful webservice is a great way of doing it.
I would like to have some guidance regarding how to handle authentication for my restful service to be able to support a couple of different scenarios, see included image?
I've been thinking about this problem for a couple of week without finding a solution for all of the cases and even if I'll make trade offs I'll be running into problems
If we skip the Mobile application and the use of Curl, there's no need to expose the service to the public and it would be possible to use basic authentication for the server to server communication. But we'll still need to put some responsibility at the "Web site for ninjas only" to pass the (openid authenticated user) as part for the http header?
In this case we're using Google apps to manage credentials for our co-workers and I don't like the idea to manage another username/password within the service if it's possible to avoid.
Is there any sustainable solution for my dreams, so that I can build awesome features for the client and implement a tight api that manages the authorization for different resources for a specific user?
Another possible to solution might be to integrate the service with the openid provider, but then I'll have problem with passing the user from "Web site for ninjas only"