Our web service class starts with three annotations:
@ServiceMode(value = Service.Mode.PAYLOAD)
@WebServiceProvider(serviceName = "authService")
@BindingType(value = HTTPBinding.HTTP_BINDING)
In the SOAP web services @ServiceMode is set to MESSAGE which indicates that you want to work with the entire SOAP envelop, but in the RESTful web services it is set to PAYLOAD to indicate that we just need the SOAP body of the message.
@WebServiceProvider annotation is required for deploying a RESTful web service and its serviceName attribute is used to deploy our web service with a desired name. This name is used in the client application to access the web service.
The @BindingType annotation (javax.xml.ws.BindingType) is also defined by the JAX-WS 2.0 specification and is used to specify the binding that should be employed when publishing an endpoint.
The property value indicates the actual binding. In this case, you can see that the value is specified as follow:
value=HTTPBinding.HTTP_BINDING
This indicates that the XML/HTTP binding should be used, rather than the default SOAP 1.1/HTTP. This is how REST endpoints are specified in JAX-WS 2.0—by setting the @BindingType. If one were to leave the @BindingType annotation off this example, the Java EE 5 container would deploy it as a service that expects to receive a SOAP envelope, rather than straight XML over HTTP.
The web service class should implement the javax.xml.ws.Provider.
This interface enables you to create a web service that works directly with the XML message as an instance of javax.xml.transform.Source.
The web service class receives the XML message as an instance of javax.xml.transform.Source. So the first step toward authentication is to convert this object to an XML document, then we can parse the XML document to extract our required information.
The transformation is done in the parse(Source src) method which get an Source object as input parameter and returns the parsed XML document.
ByteArrayOutputStream baos = new ByteArrayOutputStream();
StreamResult res = new StreamResult(baos);
try {
TransformerFactory.newInstance().newTransformer()
.transform(src, res);
} catch (Exception e) {
e.printStackTrace();
}
This code transforms the Source object to an OutputStream object. Then this OutputStream object is converted to an InputStream object and passed to the DomParser to be converted to the parsed XML document (I used the Apache Xerces-J 2 for XML parsing).
ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
try {
InputSource is = new InputSource(bais);
// Create a DOM Parser
DOMParser parser = new DOMParser();
// Parsing the incoming file
parser.parse(is);
// Obtain the document
doc = parser.getDocument();
} catch (IOException ioe) {
ioe.printStackTrace();
} catch (SAXException saxe) {
saxe.printStackTrace();
}
Once we have the parsed XML document, we can extract the required information needed for the authentication.
NodeList root = doc.getElementsByTagName("auth");
Element rootEL = (Element) root.item(0);
String username = getStringVal(rootEL, "username");
String password = getStringVal(rootEL, "password");
Now we have the passed in Username and Password which needs to be authenticated.
After authenticating Username and Password we must return the appropriate message. This message will be and XML message but as an StreamSource object (as the message passed into the web service).
if (auth(username, password)) {
String message = "";
// Write the authentication result to an XML message
message += "";
message += "
message += "
message += "
// Create an InputStream with the authentication info
ByteArrayInputStream bais = new ByteArrayInputStream(message.getBytes());
return new StreamSource(bais);
} else {
String message = "";
// Write the authentication result to an XML message
message += "";
message += "
message += "
message += "
// Create an InputStream with the authentication info
ByteArrayInputStream bais = new ByteArrayInputStream(message.getBytes());
return new StreamSource(bais);
}
The client will use the same transformation we did here to parse this XML message and find out the authentication result.
Deploying the Web Service
By using @WebServiceProvider annotation, deploying our web service is as easy as putting the .war file in the deploy directory of the application server. The application server detects it as a web service and deploys it automatically.
