Web Services Certification Exam Objectives

Section 1: Create an SOAP Web Service in a Servlet Container
  1. Create a web service starting from a WSDL file using JAX-WS
    • Use wsimport tool to generate artifacts from WSDL
    • Use external and embedded <jaxws:package>, <jaxws:enableWrapperStyle>, <jaxws:class> customizations
    • Use JAXB customizations to configure mapping
    • Build the web service implementation using the above artifacts
    • Access MessageContext.SERVLET_CONTEXT from the injected @WebServiceContext
    • Configure deployment descriptors( web.xml, webservices.xml) for URL patterns, HTTP security, container authorization, caller authentication, and message protection. jax-ws runtime may also be configured to perform message layer authentication and protection.
    • Compile and package the web service into a WAR file
    • Deploy the web service into a Java EE servlet container
  2. Create a web service starting from a Java source using JAX-WS
    • Use @WebService to indicate a service
    • Use @WebMethod, @WebMethod(exclude) to indicate service methods
    • Use @SOAPBinding to select doc/lit, doc/bare, rpc/lit style of web service
    • Use @Oneway where the service doesn't have any response
    • Use @WebParam, and @WebResult to customize parameter and operation names
    • Use checked exceptions to indicate service specific faults
    • Use wsgen tool to generate artifacts in Java EE5 ( optional in Java EE6, as artifacts are generated at run time
    • Configure deployment descriptors( web.xml, webservices.xml) for URL patterns, HTTP security, container authorization, caller authentication, and message protection. jax-ws runtime may also be configured to perform message layer authentication and protection.
    • Compile and package the web service into a WAR file
    • Deploy the web service into a Java EE servlet container
Section 2: Create a RESTful Web Service in a Servlet Container
  1. Create a web service using JAX-RS, refer to Jersey implementation for examples
    • Annotate a class with a @Path annotation to respond to URI templates.
    • Annotate the class's methods to respond to HTTP requests using the corresponding JAX-RS annotations (@GET, @POST, etc.).
    • Use the JAX-RS @Consumes and @Produces annotations to specify the input and output formats for the RESTful web service.
    • Use @PathParam, @QueryParam, @MatrixParam and @HeaderParam to extract request data
    • Use the UriInfo and UriBuilder to create URIs that refer to resources in the service
    • Use ResponseBuilder to create response with customized status and additional metadata
    • Implement a MessageBodyReader and MessageBodyWriter to add support for custom request and response data types
    • Implement ExceptionMapper to map a custom Exception to a response
    • Use Request to add support for HTTP preconditions
    • Implement the functionality of the JAX-RS resource's methods
    • Use @Path on a method to define a subresource
    • configure deployment descriptor (web.xml) for base URL pattern, HTTP security (via security - constraints in web.xml)
    • Compile and package
    • Deploy the web service in a Java EE servlet container
Section 3: Create a SOAP Based Web Service Implemented by an EJB Component
  1. Create a web service starting from a WSDL file using JAX-WS
    • use wsimport tool to generate artifacts and use customization files for wsimports if needed
    • create an EJB web service implementations using annotations (@Stateless or @Singleton)
    • configure deployment descriptors( ejb-jar.xml, webservices.xml) for transactions, etc
    • configure container role based access control via method-permissions in ejb-jar.xml or via access control annotations on EJB.
    • configure caller authentication and message protection; either by Servlet container via web.xml, and/or by jax-ws message processing runtime
    • compile and package the web service into a ear/war file (Java EE 6 - war can also have EJBs)
    • deploy the web service into a Java EE container
  2. Create a web service starting from a Java source using JAX-WS
    • use wsgen tool to generate artifacts in Java EE5 from EJB classes( optional in Java EE6 - as artifacts are generated at run time)
    • configure deployment descriptors( ejb-jar.xml, webservices.xml) for transactions, etc
    • configure container role based access control via method-permissions in ejb-jar.xml or via access control annotations on EJB.
    • configure caller authentication and message protection; either by Servlet container via web.xml, and/or by jax-ws message processing runtime
    • compile and package the web service into a war/ear file
    • deploy the web service into a Java EE container
Section 4: Create a RESTful Web Service Iimplemented by an EJB Component
  1. Create a web service using JAX-RS from EJB classes, refer to jersey implementation for content
    • Annotate an enterprise bean class with a @Path annotation to respond to URL patterns.
    • Annotate the class's methods to respond to HTTP requests using the corresponding JAX-RS annotations (@GET, @POST, etc.).
    • Use the JAX-RS @Produces and @Consumes annotations to specify the input and output resources for the RESTful web service.
    • Implement the functionality of the JAX-WS resource's methods.
    • configure container role based access control via method-permissions in ejb-jar.xml or via access control annotations on EJB.
    • configure caller authentication (for access control protected methods) and message protection by Servlet container via web.xml
    • compile and package
    • deploy the web service in a Java EE servlet container

    Comment: Use of EJB in JAX-RS is very similar to use of POJOs, only difference is facilities available to class. E.g. an EJB-based resource class can use container managed transactions, interceptors etc. Would probably be better to highlight the additional capabilities here, building on the existing knowledge from task 2.
Section 5: Configure JavaEE Security for a SOAP Web Service
  1. Configure security requirements of service using JavaEE-container based security (overlaps with steps in other tasks - repeated here for convenience)
    • Configure security requirements through deployment descriptors( web.xml, webservices.xml) for a servlet-based web service endpoint: container authorization, caller authentication, and message protection.jax- ws runtime may also be configured to perform message layer authentication and protection.
    • Configure security requirements through deployment descriptors( ejb-jar.xml, webservices.xml) for EJB - based web service endpoint:
      1. configure transactional support
      2. configure container role based access control via method-permissions in ejb-jar.xml or via access control annotations on EJB.
      3. configure caller authentication and message protection; either by Servlet container via web.xml, and/or by jax-ws message processing runtime.
    • Configure security requirements through deployment descriptor (web.xml ) for JAX-RS based web service endpoint
Section 6: Create a Web Service Client for a SOAP Based Web Service
  1. Create a standalone client
    • Use wsimport to generate artifacts
    • create a client application using these artifacts
    • invoke web service synchronously or asynchronously
    • package and deploy accordingly
  2. Create a client in a managed component in a EE container
    • Use wsimport to generate artifacts
    • using @WebserviceRef in the client application
    • package and deploy accordingly
Section 7: Create a Web Service Client for a RESTful Web Service
  1. Use a browser to access a JAX-RS resource
  2. Use the java.net APIs to access a JAX-RS resource. See the getAge method.
  3. Use java.net.Authenticator to access a secure JAX-RS resource
  4. Use Ajax to access a JAX-RS resource.
  5. Use the Jersey client API to access a JAX-RS resource.
  6. Use the JAX-WS HTTP binding to access a JAX-RS resource
Section 8: Create a SOAP Based Web Service Using Java SE Platform
  1. Create a web service starting from a WSDL file using JAX-WS
    • use wsimport tool to generate artifacts and use customization files for wsimports if needed
    • build the web service implementation using the above artifacts
    • use Endpoint API to configure and deploy it in Java SE 6 platform
  2. Create a web service starting from a Java source using JAX-WS
    • use wsgen tool to generate artifacts in Java EE5 ( optional in Java EE6 - as artifacts are generated at run time)
    • use Endpoint API to configure and deploy it in Java SE 6 platform
Section 9: Create Handlers for SOAP Web Services
  1. Configure SOAP and logical handlers on the server side
    • use @HandlerChain annotation
    • use deployment descriptors
  2. Configure SOAP and logical handlers on the client side
    • use deployment descriptors
    • use programmatic API
Section 10: Create Low-Level SOAP Web Services
  1. Describe the functions and capabilities of the APIs included within JAXP.
  2. Describe the functions and capabilities of JAXB, including the JAXB process flow, such as XML-to-Java and Java-to-XML, and the binding and validation mechanisms provided by JAXB.
  3. Use Provider API to create a web service
    • Process the entire SOAP message, using the SAAJ APIs
    • Process only the SOAP body, using JAXB
  4. Use Dispatch API to create a dynamic web service client
Section 11: Use MTOM and MIME in a SOAP Web Service
  1. Use MTOM on the service
    • Use @MTOM annotation with a web service
    • Use MTOM policy in WSDL (not yet final standard)
    • Use MTOM in the deployment descriptors
    • Use MTOMFeature with javax.xml.ws.Endpoint API
    • Use swaref in wsdl
    • Use MIME binding in wsdl
  2. Use MTOM on the client
    • Use MTOMFeature with getPort() methods
    • Use MTOM in the deployment descriptors
    • Sending any additional attachments using MessageContext properties
Section 12: Use WS-Addressing with a SOAP Web Service
  1. Use Addressing on the service
    • Use @Addressing annotation with a web service
    • Use wsam:Addressing policy in WSDL
    • Use Adressing in the deployment descriptors
    • Use AddressingFeature with javax.xml.ws.Endpoint API
    • Use @Action and @FaultAction on the service methods
    • Use WebServiceContext.getEndpointReference()
  2. Use Addressing on the client
    • Use AddressingFeature with getPort() methods
    • Use Adressing in the deployment descriptors
    • Use BindingProvider.getEndpointReference()
    • Use getPort(EndpointReference) methods
Section 13: Configure Message Level Security for a SOAP Web Service
Configure SOAP message-layer security requirements of service as policy assertions in service description; this should be supported by an IDE such as is the case when Netbeans is used to select a Metro Security Profile.
  1. Select the appropriate Security Profile for your service. The selection would be based on a match of the Protection guarantees offered by the profile and those required by the service. This first item requires an awareness of the set of security profiles available, and the characteristics of each one - but not enough detail to actually implement a service using any one of them, since not all platforms might support them all...
  2. Configure Username/Password callbacks required by the Username Token Profile.
  3. Configure any server side Validators as maybe applicable for the profile. There are defaults in GlassFish for most of them.
  4. Optimize interaction between client and server by using WS-SecureConversation
Section 14: Apply Best Practices to Design and Implement Web Services
  1. Use different encoding schemes -fast infoset
  2. Use GZIP for optimiziing message sizes
  3. Use catalog mechanism for WSDL access
  4. Refer to WS-I sample app for best practices: WS-I BSP sample app
  5. Refer to Sang Shins presentation