Lecture 1012/3/12

1

$_SERVER• Server and execution environment information • An array containing information such as headers, paths, and

script locations• The entries in this array are created by the web server• $_SERVER['PHP_SELF']

This is the filename of the currently executing script

2

Resources

http://www.php.net/manual/en/index.php

3

Server-side scripting• web server technology in which a user's request is fulfilled by

running a script directly on the web server to generate dynamic web pages

• It is usually used to provide interactive web sites that interface to databases or other data stores

• This is different from client-side scripting where scripts are run by the viewing web browser, usually in JavaScript

• The primary advantage to server-side scripting is the ability to highly customize the response based on the user's requirements, access rights, or queries into data stores

4

Alternatives to PHP• Classic ASP• PERL• .NET• JSP

5

PHP and .NET

Compiled Code vs. PHP Interpreted Code • NET compiles code, such as C#, into what its creators have

termed MSIL, or Microsoft Intermediate Language

• This roughly resembles Java's bytecode, the "binary" you have after you compile the source code

6

Compiled Code vs. PHP Interpreted Code• PHP pages will compile into smaller pieces than the equivalent

ASP.NET page, because there is more overhead with the intermediate compilation with the CLR

7

Declaration of Independence from <%• When a function is declared in ASP.NET it must appear in a

<script runat=server> block with the language declared

• Functions must exist in these blocks or else they will generate an error

8

Arrays • In ASP.NET the first value will be in the 0 position. This is

concurrent with other compiled languages

• Secondly, in order to access the values in an array from a querystring or the like the GetValues method must be called

9

Example

ASP.NET: <%

variable1=(Request.QueryString.GetValues("values")(0)

%>

10

Error Messages • When an ASP.NET page is run, if you are on the machine that

the code is being executed on, or you have a web.config file in the root directory of the website configured properly, error messages that appear are quite intuitive

11

Multiple Languages • ASP.NET enables you to switch between multiple languages on

the same page

• ASP.NET adds another language to the fold, C#, known as C sharp

12

File Extension • ASP.NET pages require a different extension

• When a page is created in ASP.NET it requires an .aspx extension, which you may notice this web page has as well

• When a page has this extension IIS knows to treat it as an ASP.NET

13

Useful Resources

• http://www.oracle.com/technology/pub/columns/hull_php2.html

• http://marty.anstey.ca/programming/php/articles/

14

Web Services: Definition• Available online (addressable)• Uses XML messaging (I, O, or both)• Operating system/programming language independent

(provider and consumer can be different)• Self-describing via a common XML grammar (or at least

human-documented)• Discoverable via a simple mechanism

15

Human-centric web

16

Application-centric Web

17

Two common Architectures

18

SOAP

SOAP

XML

HTTP GET

SOAP

REST

Web Services Protocol Stack

19

Web Services Protocol Stack • Service transport layer - responsible for transporting messages

between applications.

• XML messaging layer - responsible for encoding messages in a common XML format so that messages can be understood at either end.

• Service description layer - responsible for describing the public interface to a specific web service.

• Service discovery layer - responsible for centralizing services into a common registry, and providing easy publish/find functionality.

20

Web Services Roles • Service provider - implements

the service and makes it available on the Internet.

• Service requestor - utilizes an existing web service by opening a network connection and sending an XML request.

• Service registry - provides a central place where developers can publish new services or find existing ones. It therefore serves as a centralized clearinghouse for companies and their services.

21

Web Services Process

22

23

The Service Request Perspective

24

Service Provider Perspective

25

1. The Transport Layer• HTTP currently the most popular • Pros: simple, stable, widely deployed, works well

with firewalls• Cons: Security and performance concerns

• can be encrypted via the Secure Sockets Layer (SSL) but problems arise when a single web service comprises a chain of applications

• "SOAP is going to open up a whole new avenue for security vulnerabilities." (Bruce Schneier)

• Schneier's argument: • HTTP was designed for document retrieval not RPC• HTTP + SOAP enables remote clients to invoke commands and

procedures, exactly what firewalls are designed to prevent

26

2. The Messaging Layer

27

The Messaging Layer• REST uses raw XML as output

• transform with XSLT• manipulate with DOM• uses as ASP.NET data source• RSS and other feeds are related

• SOAP – for typed data exchange and method invocation• Envelope - rules for encapsulating data being transferred

between computers (e.g. method name and parameters, return values, error handling)

• Data encoding rules - data types mostly based on the W3C XML Schema specification

• RPC conventions - conventions for representing remote procedure calls and responses

28

29

Example SOAP Request<?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<SOAP-ENV:Body> <ns1:getTemp xmlns:ns1="urn:xmethods-Temperature" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><zipcode xsi:type="xsd:string">10016</zipcode> </ns1:getTemp>

</SOAP-ENV:Body> </SOAP-ENV:Envelope>

30

• Envelope – root element• Body – required child• getTemp – the “payload” (RPC)• Zipcode – the parameter• Namespaces:

• SOAP Envelope http://schemas.xmlsoap.org/soap/envelope/

• data encoding via XML Schemas http://www.w3.org/2001/XMLSchema-instance and http://www.w3.org/2001/XMLSchema

• application identifiers specific to XMethods urn:xmethods-Temperature

31

Example SOAP Response<?xml version='1.0' encoding='UTF-8'?> <SOAP-ENV:Envelope

xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<SOAP-ENV:Body> <ns1:getTempResponse xmlns:ns1="urn:xmethods-

Temperature“SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/

encoding/"> <return xsi:type="xsd:float">71.0</return> </ns1:getTempResponse> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

32

• Envelope and Body again• getTempResponse – payload (response to RPC)• return – returned value

33

3. DescriptionWeb Service Descriptions (WSDL)

• Describe the abstract interface through which a service consumer communicates with a service provider

• defines specific details of how a given web service has implemented that interface

• Defines four types of things: • data• messages• interfaces• services

34

35

Data<?xml version="1.0" encoding="UTF-8"?> <wsdl:definitions name="HelloWorldDescription"

targetNamespace="urn:HelloWorld" xmlns:tns="urn:HelloWorld" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/"xmlns:xsd="http://www.w3.org/2001/XMLSchema">

<wsdl:message name="sayHello_IN"> <part name="name" type="xsd:string" />

</wsdl:message> <wsdl:message name="sayHello_Out">

<part name="greeting" type="xsd:string" /></wsdl:message>

36

Messages

<wsdl:portType name="HelloWorldInterface"> <wsdl:operation name="sayHello">

<wsdl:input message="tns:sayHello_IN" /><wsdl:output message="tns:sayHello_OUT" />

</wsdl:operation> </wsdl:portType>

37

Interfaces<wsdl:binding name="HelloWorldBinding"

type="tns:HelloWorldInterface"> <soap:binding style="rpc"

transport="http://schemas.xmlsoap.org/soap/http" />

<wsdl:operation name="sayHello"> <soap:operation soapAction="urn:Hello" /> <wsdl:input>

<soap:body use="encoded" namespace="urn:Hello" encodingStyle=http://schemas.xmlsoap.org/soap/encoding/ />

</wsdl:input> <wsdl:output>

<soap:body use="encoded" namespace="urn:Hello" encodingStyle=http://schemas.xmlsoap.org/soap/encoding/ />

</wsdl:output></wsdl:operation></wsdl:binding>

38

Services

<wsdl:service name="HelloWorldService"> <wsdl:port name="HelloWorldPort"

binding="tns:HelloWorldBinding"> <!-- location of the Perl Hello World Service --> <soap:address location="http://localhost:8080" /> </wsdl:port> </wsdl:service> </wsdl:definitions>

39

4. Discovery Layer

• UDDI – Universal Description, Discovery and Integration• A technical specification for building distributed directories of

businesses and web services• White pages

• General company information like business name, business description, contact information, address and phone numbers.

• Yellow pages • General company/service classification data (e.g. industry, product, or

geographic codes) • Green pages

• Technical information about a web service (e.g. pointer to an external specification and an address for invoking the web service)

• UDDI is not restricted to describing web services based on SOAP but can be used to describe any service, from a single web page or email address all the way up to SOAP, CORBA, and Java RMI services.

40

Technical Components• UDDI data model

• An XML Schema for describing businesses and web services. The data model is described in detail in the "UDDI Data Model" section, later in this chapter.

• UDDI API • A SOAP-based API for searching and publishing UDDI

data.• UDDI cloud services

• Operator sites that provide implementations of the UDDI specification and synchronize all data on a scheduled basis.

• Private UDDI registries

41

UDDI Data Model

42

Sources• Ethan Cerami "Web Services Essentials" O'Reilly, 2002

• http://www-128.ibm.com/developerworks/library/ws-soapsec/