Securing Web Services with XML aware digital signatures
Sabbir Ahmed and Leisa Armstrong
School of Computer and Information Science, Edith Cowan University
E-mail: sahmed21@https://www.doczj.com/doc/524441372.html,.au, l.armstrong@https://www.doczj.com/doc/524441372.html,.au
Abstract
The evolution of web services has facilitated the integration of business processes scattered across different geographical locations of the world. Along with the benefits that web services provide for high value online transactions, it also poses some security threats. A new standard of XML aware digital signatures, recommended by W3C, provides authentication, data integrity, and support for non-repudiation. Since web services communicate with each other through XML formatted messages, a solution may be found through the use of XML aware digital signatures in identifying the requester web service, validating message integrity and conforming non-repudiation thereby. This research project aims to form a theoretical framework and prototype a solution that will use XML aware digital signatures to ensure proper security in web services messaging.
Keywords
Web services, xml, digital signatures, machine to machine identity management, non-repudiation
INTRODUCTION
Current trends in performing business-to-business transactions and enterprise application integration (EAI) have been extended to the use of web services. Web services facilitate the incorporation of different business processes belonging to various organisations into one single application (IBM developerWorks, 2003a). This article details the evolution and architecture of web services since the emergence of object oriented paradigm and assesses what factors influence the deployment of secure web services. A review of research on web services security suggests that digital signatures may be suitable to mitigate the current security concerns of web services. A research study is currently underway to investigate whether the use of XML aware digital signatures can mitigate current security concerns with web services. The research study aims to determine if the security of web services messaging technology can be improved through the introduction of third party applications which use XML digital signatures. The research will firstly determine whether XML digital signatures improve machine to machine identity management and secondly whether machine to machine identity management methodologies can be successfully integrated to fulfil the security requirement of non repudiation.
BACKGROUND
The world of application and system development has seen the facilitation of code re-use through the introduction of the Objected Oriented (OO) paradigm. Concepts like inheritance, polymorphism and data abstraction presented by OO architecture have provided software developers with an enormous advantage in component based software development (Alhir, 1998). While the OO paradigm has enormous advantages, there are also limitations and innovative techniques are required to overcome these limitations (Champion, Ferris, Newcomer and Orchard, 2002). The most significant limitation is that all the classes in an Object Oriented based application have to be immediately accessible by either residing within the same project; or the API has to be downloaded and placed in the class path; or the compiled DLL needs to be referenced (Champion et al., 2002). This forces all components of an application to reside on one machine and therefore, fails to integrate business processes of the various organisations into one single solution.
With the rapid growth of enterprises and spread of business opportunities, computing with an organisational perspective requires integration of far-located business processes. The inability of the Object Orientation paradigm to achieve this goal imposes the need for a mechanism which allows fragmented software teams to re-use components existing elsewhere on another network machine. According to IBM developerWorks (2003), the evolution of web services was suitable for facilitating the communication of such components. Though Common Object Request Broker Architecture (CORBA) is also a vendor-neutral and language-agnostic
protocol that is capable of performing similar operations, it is limited by its complicated, ad-hoc way of utilizing the flexibility of the Internet. Therefore, web services represent the next step beyond CORBA by leveraging the service-centric distributed nature of the Internet. The XML based messaging system used in web services can allow subscription-based access to organisation’s online services by other business partners. The adoption of web services as a standard messaging architecture could eliminate the expensive legacy system integration processes of Enterprise Application Integration (EAI), by wrapping the legacy applications with web service component interfaces (IBM developerWorks, 2003a).
THE EMERGENCE OF WEB SERVICES
A recent survey conducted by Evans Data Corporation in the USA concluded that up to 40 percent of web developers surveyed, are currently using some form of web services technology (https://www.doczj.com/doc/524441372.html,, 2002). Dixit (2002 cited in https://www.doczj.com/doc/524441372.html,, 2002) concluded that nearly 82 percent of survey respondents considered using the “wonders of Web services” as a minor component of their existing applications, whereas nearly 18 percent of the developers were thinking of using a fully featured web services implementation, in all of their forthcoming applications. There has also been a reported increase in the expenditure on web services, despite the current depressed IT business environment. Lange (2003) has predicted a rise in expenditure on web services in the USA from nearly $1.2 billion in 2003 to a surprising $21 billion by 2007.
IBM developersWorks (2003a) defines web services as programs that accept requests in XML format from other systems across the Internet or Intranet via lightweight and vendor-neutral communications protocols. For a web service to be implemented, the following processes must be competed. The web service application that requires access to the remote program sends a method with its arguments through a Remote Procedure Call (RPC). The lightweight, vendor-neutral protocol that is used for web service method calls is known as Simple Object Access Protocol (SOAP) (Champion, Ferris, Newcomer and Orchard, 2002). Each call is packaged in a SOAP message that makes use of XML document structure to contain all the information necessary to process its content. On receipt of the SOAP message, the remote application begins to process the content of the message and a response is sent back to the caller in XML format (IBM developersWorks, 2003a).
THE SECURITY CRISIS AND RISE OF XML DIGITAL SIGNATURES
Although the IT industry is discussing a broader scale implementation of web services on one hand, other parts of the IT industry specify that major security issues are restricting them from adopting this evolution in distributed computing. Dixit (2002 cited in https://www.doczj.com/doc/524441372.html,, 2002) reported that 20 percent of those who participated in their survey had faced some sort of security breach within their organisation when using web services. Schmelzer (2003, cited in Parizo, 2003) asserts, the Secure Socket Layer that has gained great popularity in securing E-Commerce sites, merely provides these businesses with a transport time secured commutation and the data is therefore, left unprotected on the server side. Simon, Madsen and Adams (2001) suggest it is unlikely that data would be tempered during transmission; moreover identity management and non-repudiation issues have been looked over in the deployed version of SSL. This has been a concerning issue for companies wanting to deploy web services solutions to perform high value business transactions.
As a result of great industry discussion, it has been proposed that there is a need for the development of a standard that provides a means of transforming thoroughly secured digital data. The new standard of digital signatures for XML documents developed by W3C and IETS provides authentication, data integrity, and support for non-repudiation to the data that has been signed. An excellent feature of this standard is the ability to sign a uniquely identified element of the XML tree, rather than the complete document (Simon, Madsen and Adams, 2001). The verification algorithm is designed to indicate the originator of the XML document and thereby revealing the sender’s identity.
IMPROVING WEB SERVICES SECURITY
It is clear that for a successful adoption of web services technology and the facilitation of the application-to-application transaction; improvements are needed in web service security. A review of literature has concluded
that there are different means of identity management and non-repudiation for low value consumer-to-application transactions. The existing methodologies are cost-effective and can provide sufficient security, only in case of low value consumer to application transaction. The applicability of the new standard of XML digital signatures in application-to-application commercial transactions has immense potential and substantial probabilities. This is because, the emerging trend of application-to-application transaction is the usage of web service requests and responses using XML formatted data elements.
The research study currently underway is investigating the technical requirements and methodologies of a third-party application, designed to manage identities of the machines and prevent repudiation for machine-to-machine high value commercial transactions. As a result of substantial expansion in the deployment of web services in the Industry, a number of IT corporations are also researching web service technologies. This study expands on previous research, carried out by IBM and is utilizing the IBM security suite as an initial starting point for the development of a prototype tool. All signature algorithms used within the proposed research, will be acquired from W3C sites through the use of RPCs, as an alternative to having to implement new algorithms. The boom of web-based applications and the drive to make information accessible world wide, has forced corporations to use a strong and scalable security infrastructure (Stanek, 2004). Nikander (1999) divides the security requirements that form the basis of an ideal corporate security infrastructure into three distinct parts: authentication, integrity and confidentiality.. As far as web services are concerned, Stanek (2004) asserts that web services like web-based applications, also need to meet the basic security requirements of authentication, integrity and confidentiality for its successful uptake by Industry.
Organisations like W3C, Organization for the Advancement of Structured Information Standards (OASIS), and the Liberty Alliance have been working to develop protocols for web services messaging (Loeb, 2001). In fact, the number of standards and protocols emerged, is so large and has originated from so many disparate sources that, Kunene (2004) suggests, confirming that web services of all types can communicate with each other is a major concern. To that end, Kermaier (2004 cited in Kunene, 2004) suggested that there are three XML security standards that he believes are fairly mature and well suited to implement web services security today. These standards include XML signature and XML encryption which are both W3C recommendations; and XML Key Management Specification 2.0 (XKMS) which is currently a W3C working draft. Loeb (2001) asserts that “XML signatures have been designed with the multiple goals of providing integrity, message authentication, and signer authentication services for data of any type, whether located within the XML that includes the signature or elsewhere.”Further investigation by Salz (2003) has presented similar conclusions to Loeb (2001), concerning the goals of XML digital signatures.
The idea of non-repudiation in the case of consumer-to-application transactions is to avert the merchant, along with the purchaser from denial of the committed operation (Tsai, 2003). In relation to formal technical standards and guidelines, Tsai (2003) concludes that little importance has been given to non repudiation and procedures for seamless implementation have not yet been defined. Amongst the techniques that attempt to provide non-repudiation, Tsai (2003) concludes that digital signatures are the most suitable and viable alternative to replace traditional signatures in consumer to application data processing. However, research studies have concluded that such an attempt to achieve non-repudiation with SSL is inadequate for web services messaging (Shin, 2003). Shin (2003) rationalises this due to SSL’s being transport-level security scheme as opposed to a message-level scheme and inability to provide element-wise signing.
In the context of “federated identity management”, Lasance (2003) asserts that enterprises need a mechanism to maintain identity-based policy in this loosely coupled world of web services, where the identity data may need to be shared across organizational boundaries. Chanliau (2004) suggests that the use of security objects or tokens to represent entities may be a possibility. The WS-Security specification developed by OASIS, to ensure proper security of web services, supports various security tokens including X.509 certificates (Chanliau, 2004). Secure propagation of identity information of web services across organisations, through such security tokens (X.509) is being investigated in the current research investigation.
Many organisations are currently working on developing tools and techniques which provide some type of security mechanism in support of web service based applications. For example, Westbridge Technology Inc. (Parizo, 2003) has investigated the methodologies of developing rule-based authorization software that would enable a web service to identify a pre-approved web service request. Software corporations such as IBM and Microsoft have released a number of security white papers (IBM developersWorks, 2003b) which have focussed on the issue of web service security concerns. A number of companies such as Netegrity Inc., VeriSign Inc., RSA Security Inc., and Oblix Inc., have already gone a long way to exhibit their commitment in web services security by offering illustrative identity management products (Parizo, 2003).
RESEARCH IN PROGRESS
The current research study has adopted a grounded theory as its principle research methodology (Martin and Turner 1986). The studies objective is to form a descriptive and explanatory theory, regarding the probabilities of utilising XML aware digital signatures in machine to machine identity management and preventing repudiation of SOAP messages. Other research methodologies have also been described for Information Technology implementation (Ginzberg 1981, Markus 1983); however these methodologies concentrate on the development part of the software and focus comprehensively on user relations. Since the users of the proposed study would be pre-programmed machines and underlying theory development would be critical as per the probability identification, the traditional view of information technology implementation is considered less applicable.
The research study consists of two distinct parallel phases; prototyping a third party tool and theory formation. The prototyping phase of the study focuses on the analysis, design and construction of a third party tool, to generate data, with an aim to attest the validity of the usage of XML aware digital signature. The prototype tool would reside in multiple machines, be integrated with “dummy” web services and be used to study the maturity of the proposed hypothesis. The tool is independent of the programming language with which the web services are written. Web services used in the research experiments are based on both Java and .Net framework, depending on the strategic information architecture of the provider.
Experiments will be carried out to establish the susceptibilities of web services (dummy representatives) deploying common security measures in place (SSL for example). This would form a base line, to gauge what improvements in security the study could achieve. In order to make conclusions as to the general suitability of XML aware digital signatures, in improving the security of web services and in particular, recognising the identities of machines along with preventing repudiation, a number of variables have been identified to determine whether the prototype tool has been successful in securing the web service information. Suitability will be assessed based on whether the prototype tool meets the following criteria; verifies the requestor of the messages, verifies the message integrity, verifies the signatures validity, separates the data and signature element, ensures the creator and sender are the same, ensures the sender can not refuse sent messages, ensures the sender can not claim sent messages are tempered, confirms the machine identity, repudiation and assures suitability. Each criteria would be measured under two scenarios, firstly, with the dummy web services deploying existing security mechanisms and secondly, with the web services deploying the prototyped security mechanism. Data generated from these replicated experiments will be used to refine the theory suggesting the appropriate mechanism of securing web services messaging.
CONCLUSIONS
The emergence of web services as a means facilitate the exchange of business data has a number of benefits including the ability to support high value transactions. However it is clear that the IT industry is concerned by the security threats. This article has demonstrated that one possible solution is the use of the new standard of XML aware digital signatures, recommended by W3C. This standard can provide authentication, data integrity, and support for non-repudiation. Since web services communicate with each other through XML formatted messages, a solution may be found through the use of XML aware digital signatures in identifying the requester web service, validating message integrity and conforming non-repudiation thereby. The research currently underway proposes the prototyping of a solution that uses XML aware digital signatures to ensure proper security in web services messaging.The research study described in this article is in progress and will be completed by the end of 2004.
REFERENCES:
Alhir, S. S. (1998, October 23). The Object-Oriented Paradigm.Retrieved July 28, 2004, from
https://www.doczj.com/doc/524441372.html,/~salhir/TheObjectOrientedParadigm.pdf
Champion, M.; Ferris, C.; Newcomer, E.; & Orchard, D. (2002, November 14). Web Services Architecture. Retrieved July 27, 2004, from https://www.doczj.com/doc/524441372.html,/TR/2002/ WD-ws-arch-20021114/
Chanliau, M (2004, May 06). Getting a grip on federated identity. Retrieved May 6, 2004, from
https://www.doczj.com/doc/524441372.html,/developmenttopics/development/webservices/story/0,10801,92737,00.html Ginzberg, M.J. (1981, April). Early Diagnosis of MIS Implementation Failure: Promising Results and Unanswered Questions. Management Science, 27(4), 459-478.
IBM developersWorks (2003a). XML Web services fundamentals. Retrieved April 10, 2004, from
https://https://www.doczj.com/doc/524441372.html,/developerworks/education/ws-intwsdk51/ws-intwsdk51-2-1.html
IBM developerWorks (2003b). IBM WebSphere SDK for Web Services (WSDK) Version 5.1. Retrieved May 9, 2004, from http: //https://www.doczj.com/doc/524441372.html,/developerworks/webservices/wsdk/
https://www.doczj.com/doc/524441372.html, (2002). Study: Web services, security top developer concerns. Retrieved April 10, 2004, from https://www.doczj.com/doc/524441372.html,/4605/020424webservicessecurity/page_1.html
Kunene, G. (2004). XML Standards Provide Web Services Security. Retrieved April 13, 2004, from
https://www.doczj.com/doc/524441372.html,/security/Article/11934/1954?pf=true
Lange, L. (2003). Web Services Security Gets Serious. Retrieved April 15, 2004, from
https://www.doczj.com/doc/524441372.html,/tech/security/20030129_security
Lasance, M. (2003). Identity Management and Web Services: The need for a more federated approach to identity management. Retrieved May 5, 2004, from https://www.doczj.com/doc/524441372.html,/arts/899_maxware.htm
Loeb, L. (2001). XML signatures: Behind the curtain. Retrieved May 2, 2004, from http://www-
https://www.doczj.com/doc/524441372.html,/developerworks/library/s-digsig.html
Markus, M. L. (1983, June). Power, Politics, and MIS Implementation. Communications of the ACM, 26(6), 430-444.
Martin, P.Y. & B.A. Turner (1986). Grounded Theory and Organizational Research. The Journal of Applied Behavioral Science, 22(2), 141-157.
Nikander, P. (1999, November). IPSEC - Internet Protocol Security. Retrieved May 7, 2004, from
http://www.tml.hut.fi/Tutkimus/IPSEC/
Parizo, E. B. (2003). Identity, authentication key to Web services security. Retrieved April 21, 2004, from https://www.doczj.com/doc/524441372.html,/originalContent/0,289142,sid26_gci929656,00.html
Salz, R. (2003). Understanding XML Digital Signature. Retrieved May 3, 2004, from
https://www.doczj.com/doc/524441372.html,/library/default.asp?url=/library/en-us/dnwebsrv/html/ underxmldigsig.asp
Shin, S. (2003, March 18). Secure Web services. The upcoming Web services security schemes should help drive Web services forward. April 12, 2004, from https://www.doczj.com/doc/524441372.html,/javaworld/jw-03-2003/jw-0321-wssecurity-tote_p.html
Simon, E.; Madsen, P. & Adams, C. (2001). An Introduction to XML Digital Signatures. Retrieved April 25, 2004, from https://www.doczj.com/doc/524441372.html,/pub/ a/2001/08/08/xmldsig.html
Stanek, R (2004, April 20). Future of Web Services Expert(s). Retrieved May 8, 2004, from
https://www.doczj.com/doc/524441372.html,/ateQuestionNResponse/0,289625,sid26_cid582964_tax294589,00.html Stylus Inc. (2004). Software Development Life Cycle. Retrieved April 28, 2004, from
https://www.doczj.com/doc/524441372.html,/Common/Concerns/SoftwareDevtPhilosophy.php
Tsai, C. (2003). Non-Repudiation In Practice Retrieved April 1, 2004, from
https://www.doczj.com/doc/524441372.html,.tw/iwap/proceedings/proceedings/sessionD/6.pdf
COPYRIGHT
Sabbir Ahmed and Leisa Armstrong ? 2004. The author/s assign the We-B Centre & Edith Cowan University a non-exclusive license to use this document for personal use provided that the article is used in full and this
copyright statement is reproduced. The authors also grant a non-exclusive license to the We-B Centre & ECU to publish this document in full in the Conference Proceedings. Such documents may be published on the World Wide Web, CD-ROM, in printed form, and on mirror sites on the World Wide Web. Any other usage is prohibited without the express permission of the authors
SAP开发webservice接口教程 在client=100中进行开发: 1.创建RFC函数 SE80,在函数组下,右击->创建,创建函数模块,填写函数模块名称及描述。 2.函数属性标签页,选择“远程启用的模块”,其余默认不变。 3.函数导入标签页,需要添加调用时传入的参数(表),“传递值”需勾选。 表类型:ZSHR_EMPLOYEER_T (需要自己创建) 行类型:ZSHR_EMPLOYEER (需要自己创建)
4.函数导出标签页,需要添加调用返回的参数(表),“传递值”需勾选。 表类型:ZSHR_EMPLOYEER_OUT_T (需要自己创建) 行类型:ZSHR_EMPLOYEER_OUT (需要自己创建) 5.函数源代码标签页,需要写代码实现把传入的数据保存在透明表中。 至此,函数创建完成。 6.创建Web Services 右击包名创建企业服务,进入如下页面,选择“Service Provider”,因为我们是服务提供者,点击“继续”。
7.选择“Existing ABAP Object (Inside Out)”,点击“继续”。 8.给服务起名,并填写描述,点击“继续”
9.选择“Function Module”,点击“继续”。 10.填写我们第一步创建的函数,并勾选“Map Name”,点击“继续”。 11.SOAP Appl默认不变,Profie下拉框选择第四个选择,即不进行权限认证。点击“继续”。 12.填写对于的包和请求,点击“继续”。 下一步,直接点击“完成”。服务创建成功。
13.配置SOA 使用T-CODE:soamanager,进入web页面的SOA管理(client=100)。 14.点击“简化Web服务配置”,进入如下设置页面,点击“执行”,从列表中找到自己创建的 服务,勾选第一个checkbox,User Name/Password(basic),点击列表左上角的“保存”,之后页面右上角的“返回”按钮,返回首页。 这一步设置,代表我们只设置用户名/密码的调用认证方式。
填空题 1.W3C是指___万维网联盟_______。 2.Internet采用的通信协议是___TCP/IP___。 3.当今比较流行的技术研发模式是__C/S__和__B/S__的体系结构来实现的。 4.Web应用中的每一次信息交换都要涉及到__服务器_和_客户端__两个层面。 5.HTML文档的开头和结束元素为_______。 6.表格定义中使用的子标记
XXXX系统 Web Services业务接口规范说明书 拟制 审核 会签 批准 【公司名称】
版本历史
目录 1.范围 (1) 2.术语、定义和缩略语 (1) 2.1 术语、定义 (1) 2.2 缩略语 (1) 3.接口设计 (1) 3.1 接口公共参数 (1) 3.1.1请求参数 (1) 3.1.2返回参数 (2) 3.2 业务功能接口 (3) 3.2.1业务模块1 (3) 4.MD5加密 (6) 5.参考文献 (6)
1.范围 本规范文档主要适用于XXXX系统和其它业务系统信息数据的接入。 2.术语、定义和缩略语 2.1术语、定义 2.2缩略语 3.接口设计 3.1接口公共参数 接口服务器通过:http://IP:port/EIP/WebService/ 连接服务器,同时对外提供业务功能接口,接收的参数和返回的参数都用一定的xml格式进行封装。 3.1.1请求参数 1.请求类型为String类型
3.请求参数体param定义 参数体param中的具体请求参数,根据不同的业务而不同,详见各业务接口。 3.1.2返回参数 1.返回类型为String类型
【WebService】接口的测试方法 有以下多种方式: 一、通过WSCaller.jar工具进行测试: 前提:知道wsdl的url。 wsCaller可执行程序的发布方式为一个wsCaller.jar包,不包含Java运行环境。你可以把wsCaller.jar复制到任何安装了Java运行环境(要求安装JRE/JDK 1.3.1或更高版本)的计算机中,用以下命令运行wsCaller: java -jar wsCaller.jar 使用wsCaller软件的方法非常简单,下面是wsCaller的主界面: 首先在WSDL Location输入框中输入你想调用或想测试的Web Service的WSDL位置,如“https://www.doczj.com/doc/524441372.html,/axis/services/StockQuoteService?wsdl”,然后点“Find”按钮。wsCaller就会检查你输入的URL地址,并获取Web Service的WSDL信息。如果信息获取成功,wsCaller会在Service和Operation下拉列表框中列出该位置提供的Web Service服务和服务中的所有可调用的方法。你可以在列表框中选择你要调用或测试的方法名称,选定后,wsCaller窗口中间的参数列表框就会列出该方法的所有参数,包括每个参数的名
称、类型和参数值的输入框(只对[IN]或[IN, OUT]型的参数提供输入框)。你可以输入每个参数的取值。如下图: 这时,如果你想调用该方法并查看其结果的话,只要点下面的“Invoke”按钮就可以了。如果你想测试该方法的执行时间,则可以在“Invoke Times”框中指定重复调用的次数,然后再按“Invoke”按钮。wsCaller会自动调用你指定的方法,如果调用成功,wsCaller会显示结果对话框,其中包括调用该方法所花的总时间,每次调用的平均时间和该方法的返回值(包括返回值和所有输出型的参数)。如下图:
第二章——JSP脚本元素和标记 一、教学内容 1.JSP页面的基本结构 2.变量和方法的声明 3.Java程序片 4.表达式 5.JSP中的注释 6.JSP指令标记 7.JSP动作标记 二、教学目标 1.理解JSP页面的基本结构; 2.掌握JSP变量和方法的声明方法;理解Java程序片及其编写;会用Java表达式与JSP注释; 3.熟悉JSP指令标记与JSP动作标记; 4.初步掌握JSP编程方法。 三、教学重点及难点 1.重点:JSP页面构成;变量与方法声明;Java程序片;Java表达式。 2.难点:JSP指令与动作标记。 四、教学方式与方法 演示讲解法,任务驱动法,案例教学法,问题探究法,与多媒体教学演示相结合 五、实施教学 第一部分:新授课 一JSP页面的基本结构 1.构成JSP页面的五种元素:普通的HTML标记,JSP标记,变量和方法的声明,Java程序片,Java表达式 ?JSP页面程序是在传统的静态页面程序中加入用Java描写的动态页面处理部分。 例1:制作JSP页面example2_1.jsp,显示内容如图1所示。 分析: (1)创建JSP页面:记事本、DREAMWEAVER (2)编辑JSP页面:Date对象的创建和当前日期的获取;和的计算; (3)保存JSP页面:文件类型、文件名(不区分大小写) (4)运行JSP页面:WEB服务器 二JSP脚本元素 1.什么是JSP的脚本元素? 用来在JSP中包含脚本代码,以<%开始并以%>结束,通常是Java代码,它允许声明变量和方法,包含任意脚本代码和对表达式的求值。 2.JSP中的脚本元素有哪些? 注释、声明、表达式和程序代码段。 3.变量和方法的声明:声明是用来声明在JSP网页程序中将会用到的变量和方法。在JSP中使用这些变量和方法前,必须事先声明。声明语句必须符合指定脚本语言(Java)的语法规范。 语法格式如下: <%!Java的变量声明语句
[为Web服务而生]Web服务是基于 SOA和Web Service都是当前红得发紫的角色,Syti公司的Registry 6.0就较好地适合了这二者。 Systi Registry 6.0(以下简称SR)可以在红帽Linux、Sun Solaris 9以及Windows系列产品上使用。安装向导使得安装非常轻松,并且安装完毕后直接就可以使用,该产品采用嵌入式的Hypersonic SQL数据库,这也在一定程度上令安装更加容易。不过,为了能够广泛地支持用户的应用,它也支持Oracle、DB/2、Microsoft SQL、Sybase和PostgreSQL等多种数据库。 开发者可以以两种模式使用SR:当开发一项新的服务时,他们可以浏览或搜索注册中心来发现服务,这就促进了代码的再次使用,并能帮助开发者发现已有的、可直接用于生产的服务;另一种则是应用程序通过在运行期内查询注册中心,以便为它使用的服务获得终端数据。在这种模式下,该产品像远程过程调用(RPC)风格的应用程序里的注册中心一样运转,使开发者通过名字而不是内置的终端数据就能找到服务。 连同这两种模式一起,SR提供了两个不同的控制台:注册中心管理控制台(Registry Admin Console)和商业服务控制台(Business Service Console)。注册中心管理控制台被用来配置和管理注册中心自身,为了简单安装的目的,这个控制台一般来说很少被使用。商
业服务控制台是SR真正给企业带来价值的地方,也是会花费企业大量时间的地方。对开发者、体系结构设计者和商业用户来说,商业服务控制台是连接注册中心的主要接口。使用它,用户可以发布服务说明、管理已发布服务的元数据,比如说,指示出哪些服务正在开发中,哪些处于质量评价(QA)阶段,以及哪些在生产阶段等。 复制与集成 SR能够以单一模式被使用,但是通常情况下许多公司希望启动不止一个注册中心,以满足专门的要求。譬如,两个注册中心可以一前一后地合作运行――一个用作发布注册中心,通过该中心,开发者可以发布服务;而另一个注册中心可以充当发现注册中心,通过它,服务的使用者可以找到他们想采用的服务。 SR商业服务控制台界面如图
目录 第一章批处理基础 第一节常用批处理内部命令简介 1、REM 和:: 2、ECHO 和@ 3、PAUSE 4、ERRORLEVEL 5、TITLE 6、COLOR 7、mode 配置系统设备 8、GOTO 和: 9、FIND 10、START 11、assoc 和ftype 12、pushd 和popd 13、CALL 14、shift 15、IF 16、setlocal 与变量延迟(ENABLEDELAYEDEXPANSION / DISABLEDELAYEDEXPANSION 启动或停用延缓环境变量扩展名。) 17、ATTRIB显示或更改文件属性 第二节常用特殊符号 1、@命令行回显屏蔽符 2、%批处理变量引导符 3、> 重定向符 4、>>重定向符 5、<、>、<& 重定向符 6、|命令管道符 7、^转义字符 8、组合命令 9、& 组合命令 10、||组合命令 11、\"\"字符串界定符 12、, 逗号 13、; 分号 14、() 括号 15、! 感叹号 第二章FOR命令详解 一、基本格式 二、参数/d仅为目录 三、参数/R递归(文件名) 四、参数/L迭代数值范围 五、参数/F迭代及文件解析 第三章FOR命令中的变量
一、~I- 删除任何引号(\"),扩展%I 二、%~fI- 将%I 扩展到一个完全合格的路径名 三、%~dI- 仅将%I 扩展到一个驱动器号 四、%~pI- 仅将%I 扩展到一个路径 五、%~nI- 仅将%I 扩展到一个文件名 六、%~xI- 仅将%I 扩展到一个文件扩展名 七、%~sI- 扩展的路径只含有短名 八、%~aI- 将%I 扩展到文件的文件属性 九、%~tI- 将%I 扩展到文件的日期/时间 十、%~zI- 将%I 扩展到文件的大小 十一、%~$PATH:I 第四章批处理中的变量 一、系统变量 二、自定义变量 第五章set命令详解 一、用set命令设置自定义变量 二、用set命令进行简单计算 三、用set命令进行字符串处理 1、字符串替换 2、字符串截取 第六章if命令讲解 第一种用法:IF [NOT] ERRORLEVEL number command 第二种用法:IF [NOT] string1==string2 command 第三种用法:IF [NOT] EXIST filename command 第四种用法:IF增强的用法 第七章DOS编程高级技巧 一、界面设计 二、if…else…条件语句 三、循环语句 四、子程序 五、用ftp命令实现自动下载 六、用7-ZIP实现命令行压缩和解压功能 七、调用VBScript程序 八、将批处理转化为可执行文件 九、时间延迟 1、利用ping命令延时 2、利用for命令延时 3、利用vbs延迟函数,精确度毫秒,误差1000毫秒内 4、仅用批处理命令实现任意时间延迟,精确度10毫秒,误差50毫秒内 十、模拟进度条 十一、特殊字符的输入及应用 十二、随机数(%random%)的应用技巧 十三、变量嵌套与命令嵌套 1、更正了所有的错别字,适当排版,增加条理性。
金蝶K/3 基于WebServices 外部数据交换接口使用指南 目录 概述 (4) 总体说明 (4) 通过该说明文档,你可以了解到 (4) 该文档阅读的适用对象 (4) 外部数据交换服务的安装 (4) WebServices测试工具介绍 (5) 外部数据交换服务功能列表 (5) 公共服务(Public.asmx) (7) AisQuery服务 (7) GetAisType服务 (7) DeleteItemQuery服务 (8) DeleteItemUpdate服务 (9) 币别(Currency.asmx) (10) Query服务 (10) Update服务 (10) 计量单位(MeasureUnit.asmx) (12) Query服务 (12) Update服务 (12) 辅助资料(AssistDetail.asmx) (14) Query服务 (14) Update服务 (14) 科目(Account.asmx) (16) Query服务 (16) Update服务 (16) 凭证字(VoucherGroup.asmx) (18) Query服务 (18) Update服务 (18) 客户(Customer.asmx) (20) Query服务 (20) Update服务 (20) 部门(Department.asmx) (22)
Query服务 (22) Update服务 (22) 职员(Employee.asmx) (24) Query服务 (24) Update服务 (24) 物料或商品(Material.asmx) (26) Query服务 (26) Update服务 (26) 仓库(Stock.asmx) (28) Query服务 (28) Update服务 (28) 供应商(Supplier.asmx) (30) Query服务 (30) Update服务 (30) 分支机构(SubCompany.asmx) (32) Query服务 (32) Update服务 (32) 费用(Fee.asmx) (34) Query服务 (34) Update服务 (34) 工作中心(WorkCenter.asmx) (36) Query服务 (36) Update服务 (36) 工业订单与订单执行情况(InduSaleOrder.asmx) (38) QuerySaleOrder服务 (38) UpdateSaleOrder服务 (38) QueryOrderTrace服务 (39) 库存(InduStockData.asmx) (40) QueryWithBatch服务 (40) QueryWithOutBatch服务 (40) 销售发票(InduSaleInvoice.asmx) (42) QuerySaleInvoice服务 (42) 凭证(财务) (Voucher.asmx) (43) Query服务 (43) Update服务 (43) 收款单(ReceiveBill.asmx) (45) QueryReceiveBill服务 (45) 应收计划(ArApPlan.asmx) (46) QueryArApPlan服务 (46) 合同(Contract.asmx) (47) QueryContract服务 (47) 调用方式 (48) 通过现有工具(组件)进行访问 (48) Http方式 (49)
第三章JSP语法基础习题 一、选择题 1.JSP的编译指令标记通常是指:() A)Page指令、Include指令和Taglib指令 B)Page指令、Include指令和Plugin指令 C)Forward指令、Include指令和Taglib指令 D)Page指令、Param指令和Taglib指令 2.可以在以下哪个()标记之间插入Java程序片?() A)<% 和%> B)<% 和/> C) D)<% 和!> 3.下列哪一项不属于JSP动作指令标记?() A)
手把手教你写批处理(willsort题注版) Climbing兄可谓用心良苦,受其感昭,略紧微薄之力;原文内容一字未易,仅于每段之下另加题注,其文大多非为纠错,多是年来体会,或偶得,或渐悟,未免偏颇;又加近来俗事渐多,闲情愈少,心浮气燥,一蹴而就。义理悖逆,敬请斧正;措辞不当,尚请莫怪。 另,建议Climbing兄取文不用拘泥于国内,此类技术文章,内外水平相差极大;与其修正国内只言片语,不如翻译国外优秀著述。 -------------------------------------------------------- 标题:手把手教你写批处理-批处理的介绍 作者:佚名 编者:Climbing 出处:中国DOS联盟之联合DOS论坛 题注:willsort 日期:2004-09-21 -------------------------------------------------------- 批处理的介绍 扩展名是bat(在nt/2000/xp/2003下也可以是cmd)的文件就是批处理文件。 ====willsort编注===================================================== .bat是dos下的批处理文件 .cmd是nt内核命令行环境的另一种批处理文件 从更广义的角度来看,unix的shell脚本以及其它操作系统甚至应用程序中由外壳进行解释执行的文本,都具有与批处理文件十分相似的作用,而且同样是由专用解释器以行为单位解释执行,这种文本形式更通用的称谓是脚本语言。所以从某个程度分析,batch,unix shell,awk, basic,perl等脚本语言都是一样的,只不过应用的范围和解释的平台各有不同而已。甚至有些应用程序仍然沿用批处理这一称呼,而其内容和扩展名与dos的批处理却又完全不同。====================================================================== == 首先批处理文件是一个文本文件,这个文件的每一行都是一条DOS命令(大部分时候就好象我们在DOS提示符下执行的命令行一样),你可以使用DOS下的Edit或者Windows的记事本(notepad)等任何文本文件编辑工具创建和修改批处理文件。 ====willsort题注==================================== 批处理文件中完全可以使用非dos命令,甚至可以使用不具有可执行特性的普通数据性文件,这缘于windows系统这个新型解释平台的涉入,使得批处理的应用越来越“边缘化”。所以我们讨论的批处理应该限定在dos环境或者命令行环境中,否则很多观念和设定都需要做比较大的变动。 ====================================================================== ==
批处理文件bat 语法备忘 需要用到的脚本语言还真是多,从系统管理、数据管理、程序开发。脚本语言的影子真是无处不在,孱弱的windows上的可怜的bat也是不得不时常备忘得东东。现在渐渐习惯了把一些零碎的需要整理的文档放在writely上面,即方便自己移动处理文档,还可以跟他们协作或者讨论之用。而且能支持word文档的直接导入,之前用的时候稳定性不很理想,有发生过几次文件不能保存或者保存了无效的问题,发信给他们管理员,倒是很快得到了答复和解决。最近用的时候才发现出现了下列的文字。Writely is now part of Google! 看来有钱就是好啊,想买啥就买啥。估计用不了多久,google也会变成跟ms一样被骂得对象了。没办法,有钱的,横看竖看都是一副欠扁的样。好了,切入正题,把google借来的文章先放着自己备用!:) 扩展名是bat(在nt/2000/xp/2003下也可以是cmd)的文件就是批处理文件。 ==== 注======================================= .bat是dos下的批处理文件 .cmd是nt内核命令行环境的另一种批处理文件 从更广义的角度来看,unix的shell脚本以及其它操作系统甚至应用程序中由外壳进行解释执行的文本,都具有与批处理文件十分相似的作用,而且同样是由专用解释器以行为单位解释执行,这种文本形式更通用的称谓是脚本语言。所以从某个程度分析,batch, unix shell, awk, basic, perl 等脚本语言都是一样的,只不过应用的范围和解释的平台各有不同而已。甚至有些应用程序仍然沿用批处理这一称呼,而其内容和扩展名与dos的批处理却又完全不同。 =================================== 首先批处理文件是一个文本文件,这个文件的每一行都是一条DOS命令(大部分时候就好象我们在DOS提示符下执行的命令行一样),你可以使用DOS下的Edit或者Windows的记事本(notepad)等任何文本文件编辑工具创建和修改批处理文件。 ==== 注=================== 批处理文件中完全可以使用非dos命令,甚至可以使用不具有可执行特性的普通数据性文件,这缘于windows系统这个新型解释平台的涉入,使得批处理的应用越来越"边缘化"。所以我们讨论的批处理应该限定在dos环境或者命令行环境中,否则很多观念和设定都需要做比较大的变动。 ======================== 其次,批处理文件是一种简单的程序,可以通过条件语句(if)和流程控制语句(goto)来控制命令运行的流程,在批处理中也可以使用循环语句(for)来循环执行一条命令。当然,批处理文件的编程能力与C语言等编程语句比起来是十分有限的,也是十分不规范的。批处理的程序语句就是一条条的DOS命令(包括内部命令和外部命令),而批处理的能力主要取决于你所使用的命令。 ==== 注==================
商业和贸易: 1、股票行情数据WEB 服务(支持香港、深圳、上海基金、债券和股票;支持多股票同时查询) Endpoint:https://www.doczj.com/doc/524441372.html,/WebServices/StockInfoWS.asmx Disco:https://www.doczj.com/doc/524441372.html,/WebServices/StockInfoWS.asmx?disco WSDL:https://www.doczj.com/doc/524441372.html,/WebServices/StockInfoWS.asmx?wsdl 支持香港股票、深圳、上海封闭式基金、债券和股票;支持多股票同时查询。数据即时更新。此中国股票行情数据WEB 服务仅作为用户获取信息之目的,并不构成投资建议。支持使用| 符号分割的多股票查询。 2、中国开放式基金数据WEB 服务 Endpoint:https://www.doczj.com/doc/524441372.html,/WebServices/ChinaOpenFundWS.asmx Disco:https://www.doczj.com/doc/524441372.html,/WebServices/ChinaOpenFundWS.asmx?disco WSDL:https://www.doczj.com/doc/524441372.html,/WebServices/ChinaOpenFundWS.asmx?wsdl 中国开放式基金数据WEB 服务,数据每天15:30以后及时更新。输出数据包括:证券代码、证券简称、单位净值、累计单位净值、前单位净值、净值涨跌额、净值增长率(%)、净值日期。只有商业用户可获得此中国开放式基金数据Web Services的全部功能,若有需要测试、开发和使用请QQ:8698053 或联系我们 3、中国股票行情分时走势预览缩略图WEB 服务 Endpoint: https://www.doczj.com/doc/524441372.html,/webservices/ChinaStockSmallImageWS.asmx Disco: https://www.doczj.com/doc/524441372.html,/webservices/ChinaStockSmallImageWS.asmx?disco WSDL: https://www.doczj.com/doc/524441372.html,/webservices/ChinaStockSmallImageWS.asmx?wsdl 中国股票行情分时走势预览缩略图WEB 服务(支持深圳和上海股市的全部基金、债券和股票),数据即时更新。返回数据:2种大小可选择的股票GIF分时走势预览缩略图字节数组和直接输出该预览缩略图。 4、外汇-人民币即时报价WEB 服务 Endpoint: https://www.doczj.com/doc/524441372.html,/WebServices/ForexRmbRateWebService.asmx Disco:https://www.doczj.com/doc/524441372.html,/WebServices/ForexRmbRateWebService.asmx?disco
1 统一待办(WebService方式) 1.1 概述 门户系统做为用户访问各集成应用系统的统一入口,用户访问企业内部信息资源时只需要登录到门户系统,就可使用门户系统集成的各个应用,而待办做为各系统中用户需要处理的工作,门户系统需要提供收集建投内部应用系统中产生的待办信息,并且进行统一展现的功能,即统一待办功能。 统一待办应用业务涉及到的系统其中包括本期门户系统建设过程中所需集成的OA、WCM、EAM系统。 为保证门户系统接入各应用系统待办信息的规范性,现就各应用系统接入实现做统一要求,以确保门户系统统一待办功能实现的规范性、重用性及安全性。不满足本技术方案提供的接入规则的相关应用系统,应参考本文档完成对应用系统改造后方可进行门户系统统一待办接入工作。 统一待办实现共分为以下部分: 系统待办信息获取 系统待办信息展示 系统待办信息处理 1.2 待办信息获取 设计思路:应用系统通过门户系统提供的webservice接口向门户系统统一待办系统库写入代表信息,如下图
数据获取设计示意图 步骤如下: 1.应用系统需获得最新的待办信息。 2.应用系统通过门户接口,将获得的最新待办信息发送到门户系统。 3.统一待办系统将应用系统提供的待办信息展示给用户。 4.应用系统通过调用集成接口后获得信息,可以判断发送信息操作是否正常。 1.3 待办信息展示 设计思路:应用系统将最新的待办信息发送到统一待办系统中,并最终展示到门户首页上的待办栏目上,如下图 用户 待办栏目页面 待办集中展示设计示意图 场景如下:
在所有的待办类标题前加上”请办理”,待阅类标题前加上”请审阅”。此外,如果信息是未办或者未阅,用红色表示 1.4 待办信息处理 设计思路:用户点击门户系统上“待办栏目”里的一条待办时,弹出一个新页面,首先同应用系统实现SSO,然后跳转到应用系统的待办页面,完成待办处理后,由应用系统调用门户接口通知门户系统,并关闭弹出的待办处理页面,门户系统负责即时刷新门户待办页。如下图: 待办信息集中处理设计示意图
.bat文件的基本应用 bat是dos下的批处理文件。 首先批处理文件是一个文本文件,这个文件的每一行都是一条DOS命令(大部分时候就好像我们 在DOS提示符下执行的命令行一样),你可以使用DOS下的Edit或者Windows的记事本(notepad)等任何文本文件编辑工具来创建和修改批处理文件。 ==== 注 =================== 批处理文件中完全可以使用非dos命令,甚至可以使用不具有可执行特性的普通数据性文件,这缘 于windows系统这个新型解释平台的涉入,使得批处理的应用越来越"边缘化"。所以我们讨论的批 处理应该限定在dos环境或者命令行环境中,否则很多观念和设定都需要做比较大的变动。 ======================== 其次,批处理文件是一种简单的程序,可以通过条件语句(if)和流程控制语句(goto)来控制命令运行 的流程,在批处理中也可以使用循环语句(for)来循环执行一条命令。当然,批处理文件的编程能力 与C语言等编程语句比起来是十分有限的,也是十分不规范的。批处理的程序语句就是一条条的DOS命令(包括内部命令和外部命令),而批处理的能力主要取决于你所使用的命令。 ==== 注 ================== 批处理文件(batch file)也可以称之为批处理程序(batch program),这一点与编译型语言有所不同, 就c语言来说,扩展名为c或者cpp的文件可以称之为c语言文件或者c语言源代码,但只有编译 连接后的exe文件才可以称之为c语言程序。因为批处理文件本身既具有文本的可读性,又具有程 序的可执行性,这些称谓的界限是比较模糊的。 =========================== 第三,每个编写好的批处理文件都相当于一个DOS的外部命令,你可以把它所在的目录放到你的DOS搜索路径(path)中来使得它可以在任意位置运行。一个良好的习惯是在硬盘上建立一个bat或 者batch目录(例如C:\BATCH),然后将所有你编写的批处理文件放到该目录中,这样只要在path中设置上c:\batch,你就可以在任意位置运行所有你编写的批处理程序。 ==== 注 ===== 纯以dos系统而言,可执行程序大约可以细分为五类,依照执行优先级由高到低排列分别是:DOSKEY宏命令(预先驻留内存),https://www.doczj.com/doc/524441372.html,中的内部命令(根据内存的环境随时进驻 内存),以com为扩展名的可执行程序(由https://www.doczj.com/doc/524441372.html, 直接载入内存),以exe位扩展名的 可执行程序(由https://www.doczj.com/doc/524441372.html, 重定位后载入内存),以bat位扩展名的批处理程序(由https://www.doczj.com/doc/524441372.html, 解释分析,根据其内容按优先级顺序调用第2,3,4,5种可执行程序,分析一行,执行一行,文件本身不载入内存) ============ 第四,在DOS和Win9x/Me系统下,C:盘根目录下的AUTOEXEC.BAT批处理文件是自动运行批 处理文件,每次系统启动时会自动运行该文件,你可以将系统每次启动时都要运行的命令放入该文
WS接口代码样例 Java代码调用样例 参见WSTest_for_Java.rar附件,该附件为Eclipse工程代码。接口调用参见https://www.doczj.com/doc/524441372.html,info.smsmonitor.Test C代码调用样例 参见WSTest_for_c.tar附件,该附件为标准C工程代码。 附录 Webservice消息发送接口报文样例:
一、选择题 1,修改服务端口时,需要修改的文件是________。 A. web.xml B. Server.xml C. config.xml D. bin.xml 2,下列哪种开发语言是弱类型语言_______。 A. C/C++ B.JSP C. Java D. JavaScript 3,在JSP中,要定义一个方法,需要用到以下________元素。 A. <%= %> B. <% %> C. <%! %> D. <%@ %> 4,JSP页面经过编译之后,将创建一个________。 A. applet B. servlet C. application D. exe文件 5,在Java EE中的MVC设计模式中,________ 负责接受客户端的请求数据 A.JavaBean B.JSP C.Servlet D.HTML 6,URL是Internet中资源的命名机制,URL由三部分构成________。 A)协议、主机DNS名或IP地址和文件名 B)主机、DNS名或IP地址和文件名、协议 C)协议、文件名、主机名 D)协议、文件名、IP地址 7,下列设置颜色的方法中不正确的是________ A)
B) C) D) 8,标记中,align属性为段落文字的对齐方式,不能取的值为________。 A)Left B)Right C)Center D)width 10,表示粗体加斜体的标记是________。 A)字体 B)字体 C)字体D)字体 11,用来在网页中显示图形的标记为________ A) C)
C) D) 13,下列哪个属性为单元格向下打通的行数,用于合并单元格________ A)rowspan B)colspan C)height D)width 14,JSP的编译指令标记通常是指:________ A)Page指令、Include指令和Taglib指令 B)Page指令、Include指令和Plugin指令 C)Forward指令、Include指令和Taglib指令 D)Page指令、Param指令和Taglib指令
相关主题
文本预览