Learning Solutions Information Worker Solutions

TT7301 Core Web Services and SOA for J2EE Developers (4 days)

Duration: 4 days Skill Level: Intermediate Focus: J2EE Web Services Audience: Experienced J2EE developers Format: Extensive hands-on programming labs, expert lecture combined with open discussions and high-Level demonstrations and dynamic group exercises. Language / Tools: / XML, SOAP, REST, WSDL /Delivered with most IDEs, including Eclipse, MyEclipse, RAD, JDeveloper, etc. and many servers, including JBoss, WebSphere, WebLogic, etc. Delivery Format: Available for onsite private classroom presentation, or live online / virtual presentation Customizable: Yes

Geared for experienced developers, Core Web Services and SOA for J2EE Developers is a four day, lab-intensive course that provides an in-depth coverage of what J2EE developers need to know to design, implement, and deliver web services within the J2EE framework. In addition to introducing students to the fundamentals of Service Oriented Architectures (SOA) and the core standards that enable Web Services, it provides them hands-on experience with implementations of the Java XML and Web Service including JAXP, JAXB, SAAJ, JAX-WS/RPC, WSEE, XWSS, and .

SOA and Web Services represent a groundbreaking evolution in distributed computing. The concepts are not altogether new, but the application of them, and the unanimous acceptance of core standards like HTTP, XML, SOAP, WSDL, and UDDI, has paved the way for XML Web Services and service-oriented architecture.

Course Objectives: What You’ll Learn  Understand and work with Apache Axis2 and its enhanced capabilities Today's development environments are increasingly dominated by  Recognize security vulnerabilities associated with potential or sophisticated tooling that makes the initial development of web actual web services and design/implement effective defenses services less arduous. The production-level implementation, for those services and related resources. deployment, and maintenance of web services are far more complex and demanding. Prior to digging into the technical aspects of web services, students are given an introduction to Service-Oriented Architectures, Core Web Services and SOA for J2EE Developers focuses on providing a broad context for the purpose and goals for identifying providing an understanding of the fundamental technologies used and implementing web services. in web services. This understanding is critical to being able to diagnose, troubleshoot, tune, and perform other lifecycle activities. Students will explore at the current state of the art of Web services, what works and what doesn’t work, and also at newer standards, Working in a dynamic, interactive discussion and hands-on and how they fit into the Web services picture. Web services are programming environment, developers will be able to: still evolving rapidly, and this course will give you a thorough  Understand and apply the basic concepts of SOA to the understanding of the current Web services architecture, and the identification and design of web services technologies that support Web services including:  Understand and intelligently discuss Web Services and the core  SOAP/SAAJ – Simple Object Access Protocol - A remote technologies involved invocation (RPC) and messaging mechanism.  Design, develop, and deploy real-world J2EE Web Services  WSDL – Web services Description Language – An XML language  Expose existing Java components as XML Web Services that describes the interface and semantics of a Web service.  Write Java components that access remote Web Services  UDDI – Universal Description, Discovery, and Integration – A hosted by a third party standard for describing, publishing and finding Web services.  Read and understand a WSDL document  JAX-WS/RPC – Accessing Web services using Java  Understand the concepts behind REST and implement a REST-  REST- Representational State Transfer - A style of based web service implementing web services that is gaining increasing

acceptance and use working knowledge with XML, consider: TT7360 Integrating  Apache Axis2 - A state of the art web services engine that had XML, SOA, and J2EE Web Services. a proven track record in supporting production level web services Take After: We offer a variety of introductory through advanced  WS-I –Web Services Interoperability security, development, project management, engineering,  WS-Security/XWSS – Web Services Security architecture and design courses. Students may want to consider the following topics as a follow-on to this course. The course provides a solid foundation in basic terminology and  Additional web services topics – Intro through Advanced concepts, extended and built upon throughout the engagement.  Additional advanced J2EE or Java EE topics Processes and best practices are discussed and illustrated through  Service-Oriented Architecture or SOA Analysis and Design both discussions and group activities.  Java or J2EE Security topics  AJAX, XML or other Web Development topics Attending students will be led through a series of advanced topics  Java EE topics: EJB3.0; Spring; Hibernate; Design Patterns & comprised of integrated lectures, extensive hands-on lab exercises, more. group discussions and comprehensive demonstrations. Please see  Architecture & Analysis courses below for additional information about the hands-on lab work. Please note all development courses may also be offered in other Audience & Pre-requisites: Who Should Attend programming languages or tailored to suit your unique requirements. Please contact us for recommended next steps This is an intermediate level web services training course, designed tailored to your longer term education, project or development for Java developers and architects who need to identify, design, and objectives. implement web services. We will explore and apply the terminology, the specification, the processes and technologies Experiential Learning: Hands-On Labs specific to web services. This class is “technology-centric”, designed to train attendees in Students should have 1-2 years of working knowledge with Servlets essential web services development skills, coupling the most and JSPs, and should be familiar with XML, Namespaces, and XML current, effective techniques with the soundest industry practices. Schema. This workshop is about 50% dynamic lab exercises and 50% Related Courses – Suggested Learning Path lecture. Throughout the course students will be led through a series of progressively advanced topics, where each topic consists Take Before: Students should have basic understanding and of lecture, group discussion, comprehensive hands-on lab exercises, working knowledge in the following topics, or attend these courses and lab review. Multiple detailed lab exercises are laced as a pre-requisite: throughout the course, designed to reinforce fundamental skills  TT2100 Core Java Programming Fundamentals and concepts learned in the lessons. At the end of each lesson,  TT5100 Mastering J2EE Web Applications (Servlets, JSPs, developers will be tested with a set of review questions to ensure JDBC, Security, etc.) that he/she has fully understands that topic.  TT4300 Core XML Fundamentals (XML, Schema, XPath, and XSLT) Student Materials: What You’ll Receive

Take Instead: We offer other courses that provide different levels Our robust course materials include much more than a simple of knowledge or that blend web services development with other slideshow presentation handout. Student materials include a pertinent topics: comprehensive hard-copy course manual, complete with detailed  If your team needs high level web services training, the TT7005 course notes, code samples, diagrams and current reference Understanding Web Services course may be more appropriate. materials, all directly related to the course at hand, indexed for  For a shorter, subset web services course minus the SOA ease of use. Step-by-step lab instructions and project descriptions exposure, consider TT7300 Core Web Services for J2EE are clearly illustrated and commented for maximum learning and Developers ease of use.  For those members of your team that are focusing on using SOA with lighter web services, consider TT7150 Mastering Our course kits are designed to serve as a useful reference set, long Service-Oriented Architectures (SOA) and J2EE Web Services. after we leave your classroom.

 If you need in-depth web services training but have minimal Delivery Environment & LoadNGo™ Classroom Set Up working knowledge with J2EE, consider: TT7340 Integrating

J2EE, SOA, and Web Services. Although this training is skills-centric, this course may run using a  If you need in-depth web services training but have minimal

variety of IDEs and application server combinations, including but Optional Pre-Testing & Assessment not limited to: JBoss 4.x; BEA WebLogic Server 8.1/9.X; 10; IBM Rational Application Developer (6.x or 7.x); Oracle JDeveloper 10g; We work with you to ensure that your resources are well spent. JBuilder; Apache TomCat; Eclipse Web Tools Project, MyEclipse; and Through our basic pre-testing, we ensure your team is up to the others. challenges that this course offers. We will work with you to come up with the best solution to ensure your needs are met, whether Our lab guides are complete with software-specific instructions, we customize the material, or devise a different educational path to screen shots and detailed tutorials for using the software you prepare for this course. select. In most cases we can easily port our classes to run in the environment of your choosing. Please contact us for details about our online pre and post test assessment services, custom managed training plans for one student or your entire organization, and our custom online training For course deliveries or virtual presentation using open-source program management system for monitoring the courses or tools, we’ll provide our unique LoadNGo Instant Classroom Kit, progress while skilling your students of all experience levels. which enables students to run the entire course off of a DVD that hosts the entire course set up software, labs, and other pertinent useful educational resources, whitepapers and more. You only need to provide the hardware and appropriate O/S, and we’ll do the rest. No installation needed. Great for secure environments. Minimum set up burden for your team or firm, with maximum results for your students.

No matter which set up option or software your firm requires, we’re pleased to provide a detailed set up guide for all private or on-site courses, and as much assistance as you require to prepare your students or classroom for the course. Our support personnel and instructors can be contacted for any advice you may require to prepare your classroom and/or students for attendance.

Workshop Topics Covered

Session: Path to Useful Web Services  Crossing Boundaries  XML and Java APIs at a Glance  What are Web Services?  XML Signature Lesson: Services via the Web  Six Key Components  XML Digital Signatures  What is SOA?  Web Services Characteristics  XML Encryption  Characteristics of SOA  Web Services Architecturally  JAXP & JAXB  Comparing SOA to OO Design  Technology Comparison  JAXP, JAXB, and Web Services  Potential Benefits of Service-oriented  Architectural Perspective  Web Services APIs at a Glance Systems  Web Services Enable Decoupling  JAX-WS  Potential Problems with Service-  Many Web Services Challenges  SAAJ Oriented Systems  Spec and Standard Evolution  JAX-WSA and XWSS  Discovering Services  Web Services Interoperability  Web Services APIs  Service Modeling Guidelines Organization  Web Services for J2EE (JSR109)  Business Versus Application  WS-I Has Many Deliverables  J2EE and Web Services  Preventing Boundary Logic Creep  Basic Profile 1.0 Consists of:  Web Services Metadata  Logical Components of a SOA  Has > 100 Requirements and  Web Services Stacks at a Glance  Characteristics of a Good Service Suggestions  Apache Axis 1.x  Services and their Formal Contracts  .NET Platform & .NET Web Services  Apache Axis2  Services Should be Stateless  Java and Web Services  JBossWS  Service Design Guidelines  Exercise: Web Services in Action  JWSDP  SOA Anti-Patterns  WebSphere WS Lesson: Web Services, Java, and J2EE  Spring-WS Lesson: Web Services Overview

 Key Features  Element Definitions Session: Binding – SOAP/REST  Corresponding XML Schema Lesson: Web Services – Axis Quickstart  Simple Types - Primitive Datatypes Lesson : SOAP Overview  What is Axis?  Restricting Simple Types: Facets  SOAP in a Nutshell  Axis Tool Support  Complex Types Bring More to  Anatomy of a SOAP Message  How is Apache Axis Used? Validation  SOAP and HTTP  Web Service Development with Axis  Repetition Control  A Typical Scenario  Debugging Web Services  Restricting Simple Types  What is SOAP?  TCP/IP Monitors Provide View of  Complex Types Can be Derived  SOAP Specification Provides: Wire  Derivation by Extension  Why do I need SOAP?  Exercise: Implementing a Web  Extension of Phone Number  Simple Scenario Service  Associating Schemas with XML  Less Simple Scenario  Exercise: Debugging Web Services Instances  Uses of SOAP  Using XML Schema with Namespaces  A Simple Example... Session: Foundation - XML and Java  Namespaces Provide Thread of  Remote Procedure Calls Connection  Example of SOAP RPC Call Lesson : XML, Namespaces, & Schema  Schema Defines a Target Namespace  Example of Response  What is XML?  XML Doc Uses Schema-Defined  Exercise: SOAP in Action  XML Can Provide Application-Specific Namespace Information  schemaLocation Links Namespace to Lesson: SOAP in Detail  Content: XML Document Syntax Location  Protocols Used With Web Services Rules  Relating Schemas to XML  Request and Response Example  Structure: A Document Type  Exercise: Namespaces and Schemas  The SOAP Envelope Definition  SOAP Header  XML Transformation to HTML Lesson: XML in Java - JAXP and JAXB  SOAP Body  XML Separates Structure, Content  XML Parsers Are Complex and  SOAP Request/Response Example and Format Powerful  SOAP Defines a Fault Element  TriveraTunes Purchase Order  Parsers Are Integral to XML  SOAP Data Model  Content as MarkUp Processing  Example Using XSD Data Type  Tell Parser That Text is Data  Parsers and API’s  SOAP Styles and Modes  Use Predefined Entities  Parser Generates DOM, Then Hands  SOAP With Attachments  Well-Formed and Valid XML to App  SOAP Messaging Documents  Parsing With a DTD or Schema  Endpoint Behavior  Why Are These Definitions  Many Options to Consider  SOAP Encoding Styles Important?  XML and Java  SOAP 1.1 vs. SOAP 1.2  XML Namespaces  Bridging Application Data and XML  What is SAAJ?  Name Collision – Example  JAXP: Java API for XML Processing  Understanding SAAJ Inter-Organization Name Collisions  JAXP and Transformations  SOAPElement  W3C’s Solution: Namespaces  Challenges to Mapping XML  SOAPElement Methods  Uniform Resource Indicator  Generating XML is Nondeterministic  SOAPMessage  Declaring a Namespace  JAXB: Binding XML to Java  SOAPPart  Namespace Scope  JAXB 2.0 Incorporated Changes  SOAPEnvelope  Parsers Use URI, Not the Alias  JAXB 2.0 and Java Versions  SOAPBody  Default Namespace  Defining the Rules in JAXB  SOAPBodyElement  Attributes and Namespaces  Turning Rules into Java Classes  SOAPHeaderElement  Example of Namespaces  Using the Generated Classes  SOAPHeaderElement Methods  Namespaces Best Practices  Creating Content  SOAPFault  Benefits From Valid XML  Some JAXB Type Bindings  Connections  W3C XML Schemas  XML Schema for List of Items  Exercise: Creating a SOAP Message  Impacts of Schemas  Corresponding Class Interface  Exercise: Accessing a Service with a  General Form of an XML Schema  A Word About Validation… Servlet  Elements, Attributes, and Types  Exercise: Working With JAXB  Simple Schema and XML Document

Lesson : REST  JAX-RPC Service  UDDI Background  Representational State Transfer  JAX-RPC Development Process  UDDI Registries  REST Characteristics  Bottom-up Building of a Web Service  Using a UDDI Business Registry  REST Elements  Top-Down Building of a Web Service  What is Stored in a Registry?  REST in Web Service Terms  Contract First Approach Has  The UDDI Information model  REST: Another Option for Binding Advantages  Interacting With UDDI  Characterizing REST  Exercise: WSDL-Generated Service  JAXR Introduced  REST Example  JAX-RPC Client  JAXR vs. JNDI  REST Design Principles  Types of JAX-RPC Clients  What is WSIL?  REST/SOAP Comparison  JAX-RPC Basic Client Operations  What is WS-Discovery?  SOAP vs. REST  Static Web Service Client  Exercise: Discovery in Action  RESTing in Java  Dynamic JAX-RPC Client  Exercise: Working With REST  DII JAX-RPC Client Session: Security - WS-Security and (Optional)  SOAP Handlers Defenses  Handlers Applied Via Declaration Session: Description - WSDL  Exercise: WSDL-Generated Client Lesson: XML Signature and Encryption  Cryptography Addresses Many Lesson: WSDL Session: Web Services in J2EE – WSEE Aspects of Security  Describing Web Services  Common Solutions to Big Three  WSDL in Practice Lesson: Web Services for J2EE (WSEE)  XML Challenges  WSDL Extensibility  WSEE & WSEE Server Programming  XML Signature  WSDL/SOAP Namespaces Model  XML Digital Signatures  WSDL Elements  Server Programming Model  XML Signature Usage  WSDL Anatomy  Servlets as Web Services  Standard For Digital Signature  element  EJBs as Web Services  XML Encryption  element  Routing SOAP requests to an EJB  XML Encryption Usage  element  WSDD  XML Encryption Protects Data  and  WSDD Example  element  WSEE Client Programming Model Lesson: WS-Security  and elements  Client Programming Model  Securing a Web service  Looking Ahead – WSDL 2.0  Types of WSEE Clients  Web Service Security Exposures  Exercise: WSDL in Action  WSEE Basic Client Operations  Transport-Level Security  Static WSEE Client  Secure Sockets Layer (SSL) Session: Web Services in Java – JAX-  Dynamic WSEE Client  SSL In Action WS/RPC  DII WSEE Client  When to Use Transport-Level  WSEE Client Packaging Security Lesson: JAX-WS/RPC Overview  Message-Level Security  JAX-WS and JAX-RPC Lesson: Handlers  Web Services Security Roadmap  JAX-RPC Introduction  Handlers: The Basics  WS-Security Enables Interoperability  JAX-RPC Architecture  WSEE and Handlers  Security Tokens; Example of Security  JAX-RPC vs RMI  Handler Life Cycle Token  JAX-RPC Data Type Mappings  Applying Handlers  Message Authentication  What about JAXM?  Handler Interface and  XML Signature and Encryption  JAX-WS Overview – The Future Implementation  Picture is Evolving  JAX-WS Under the Hood  SOAPMessageContext  What is XWSS?  JAX-WS Basics  Example of Handler Class  XWSS Provides Many Functions  JAX-WS Features  Configuring Handlers  Web Service Annotation Examples  Web Service Handler Configuration Lesson: Securing Untrusted Input  JAX-WS Programming Model  Input Data Attacks  JAX-WS Handlers Session: Discovery - UDDI  Protecting a Web Service  Tenacious D Lesson: Working with JAX-WS/RPC Lesson: UDDI Overview  Defending a Web Service  What is UDDI?

 Responding to Error State Session: Introduction to SOA  Legacy Functions and Resources  Best Practices for Untrusted Data  SOA Overview  Defining and Creating New Services  Defenses to Consider  Thinking Services  Implementing SOA  Additional Types of Attacks  Enabling Infrastructure  Exercise: Insecure Web Services Session: Working with SOA  Layering of Services

Why Work With Us?

 We provide a solid web services development foundation. Students will learn how to develop (and reuse!) essential Java and web services development and design skills and concepts properly, using best design practices, grounding them for advanced curriculum. Students will be prepared for designing and implementing real solutions, right after the class ends. Students will learn the importance of developing and maintaining well-designed web services applications.  Our courses are focused - no "fluff" included. We offer more than a “laundry list” approach to teaching. All lessons have clear objectives, are fundamental to core development and design practices, and are reinforced by hands-on labs and solid practical examples. Each lesson has performance driven objectives that ensure students will learn technologies and skills core to fundamental application design – nothing more, nothing less.  Our materials are comprehensive, and current. Our comprehensive manuals include not only a hard copy of the course presentation, but also detailed reference notes, pertinent diagrams and charts, current lists of suggested online resources and articles, and often technical tutorials or white papers geared to the topics at hand.  We set you up! Hands-on courses also include our unique materials for each student, complete with our LoadNGo Instant Classroom course set up DVD, software, and a multitude of learning resources that complement the course. Run the course right off the DVD – minimal set up for your company – maximum results for your students.  We foster "Learning by Doing". Progressive labs are designed in such a way that students get a firm grasp on fundamental skills while they work toward defending a complete application. All labs are take-home, and all solution code is presented in an easy to use self-study format for future use and review.  True content ownership gives us flexibility & quality above the rest. These course materials are wholly-owned by our authors and fully customizable - at little or no cost - to help you best meet your learning objectives. We have many dedicated experts available worldwide to instruct your team, and can provide services around the globe, either locally or virtually. We work closely with you to produce the most effective events and materials for your team, within your desired timeframe and budget.  We have to adhere to higher standards. As a courseware provider, our content and hands-on lab materials are licensed internationally by dozens of firms, and are therefore subject to very stringent quality requirements. Not only will your organization benefit from our own technical team’s technical expertise, but also the feedback of hundreds of students and trainers using these materials, worldwide, on a regular basis. This unique fact guarantees that our materials are not only robust and interesting, but also technically correct, current and of the highest quality and usability.  We bring years of practical, current experience into the classroom and content. Our instructors and course authors are also skilled mentors, Java, J2EE / JavaEE, .Net, SOA, and web services developers, architects and security-oriented professionals. We believe that learning, using and maintaining solid software execution and delivery methods are as important as gaining sharp coding skills. Best Practices for software development and execution, beyond technical coding skills, are enforced throughout all of our courses and discussions. Our team brings this extensive experience into every classroom and engagement.  We're skills-centric. Although our team has extensive experience using a variety of tools and solutions, our core content is “technology- centric”. Our aim is to teach you the best skills and solutions out there – not to sell you software from any particular vendor.  We're Java & J2EE authors and industry speakers. Our team was selected to write the online J2EE, EJB, EJB CMP-CMR and Web Services Tutorial Series for IBM developerWorks® (www.ibm.com) These are the same instructors who train our classes and author the courseware. Most of our trainers/consultants have also authored additional articles on web services, EJB< Struts, J2EE and advanced Java topics, and are recognized speakers and presenters on the industry technical seminar circuit. Our team is comprised on several successful published authors. Members of our team have written or contributed to: Eclipse Kick Start, Mastering Eclipse; Professional Jakarta Struts; Using Java Tools for Extreme Programming; Mastering Resin; Mastering TomCat and others.