为什么 SOAP 消息必须通过 HTTP 发送?
下面是一个演示 SOAP 请求消息:
HTTP/1.1 200 OK
Content-Type: text/xml; charset="utf-8"
Content-Length: nnnn
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
<SOAP-ENV:Header>
<t:SessionOrder
xmlns:t="http://example.com"
xsi:type="xsd:int" mustUnderstand="1">
5
</t:SessionOrder>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<GetStockQuote
xmlns="http://someexample.com">
<Price>MSFT</Price>
</GetStockQuote>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
我们可以看到,该 SOAP 消息被编码为就好像它是一个网页一样。为什么我们必须使用HTTP协议? SOAP 消息只是一些 XML,为什么我们不直接使用 XML 作为信息交换协议并摆脱 HTTP 标头(从而保留 HTTP)。
非常感谢。
更新 - 1
HTTP 不是传输层协议。它只是一个应用程序级协议。与交通无关。实际上,我的问题是向 SOAP 消息添加 HTTP 内容的动机是什么?
Below is a demo SOAP request message:
HTTP/1.1 200 OK
Content-Type: text/xml; charset="utf-8"
Content-Length: nnnn
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"/>
<SOAP-ENV:Header>
<t:SessionOrder
xmlns:t="http://example.com"
xsi:type="xsd:int" mustUnderstand="1">
5
</t:SessionOrder>
</SOAP-ENV:Header>
<SOAP-ENV:Body>
<GetStockQuote
xmlns="http://someexample.com">
<Price>MSFT</Price>
</GetStockQuote>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
And we can see, this SOAP message is encoded as if it is a web page. Why do we have to use the HTTP protocol? SOAP message is just some XML, why not we just use XML as the information exchange protocol and get rid of the HTTP headers (thus leave HTTP alone).
Many thanks.
Update - 1
HTTP is not a transport level protocol. It is just a application-level protocol. It has nothing to do with transport. Actually, my question is what's the motive of adding HTTP stuff to a SOAP message?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(9)
概述
SOAP 是一种消息传递协议,简而言之,它只是另一种 XML 语言。
其目的是通过网络进行数据交换。它关注的是这些数据的封装以及发送和接收它们的规则。
HTTP 是一种应用程序协议,SOAP 消息作为 HTTP 有效负载放置。
尽管存在 HTTP 的开销,但它的优点是它是一种对防火墙开放、易于理解且得到广泛支持的协议。因此,可以通过现有技术来访问和公开 Web 服务。
SOAP 消息通常通过HTTP 进行交换。尽管可以使用其他(应用程序)协议,例如 SMTP 或 FTP,但 SOAP 规范未指定非 HTTP 绑定,并且 WS-BP(互操作性规范)。
您可以通过原始 TCP 交换 SOAP 消息,但这样您将拥有不可互操作的 Web 服务(不符合 WS-BP)。
现在的争论是为什么要有 SOAP 开销而不通过 HTTP(RESTful WS)发送数据。
为什么使用 HTTP 来实现 SOAP?
我将尝试更详细地解决 OP 中的问题,询问为什么将 HTTP 用于 SOAP:
首先,SOAP 定义了一种数据封装格式,仅此而已。
现在网络中的大部分流量都是通过 HTTP 进行的。 HTTP 无处不在,并受到完善的服务器和客户端(即浏览器)基础设施的支持。此外,它是一个非常容易理解的协议。
创建 SOAP 的人希望使用这个现成的基础设施,并且
HTTP 上的隧道将会并且确实有助于它的快速采用。由于 HTTP 的基础设施已经就位,因此公司无需花费额外的资金进行另一种实施。相反,他们可以使用已部署的技术公开和访问 Web 服务。
具体来说,在 Java 中,Web 服务可以部署为 servlet 端点或 EJB 端点。因此,所有底层网络套接字、线程、流、HTTP 事务等均由容器处理,开发人员只需关注 XML 有效负载。
因此,一家公司在端口 80 上运行 Tomcat 或 JBoss,并且 Web 服务也已部署并可访问。
无需在传输层进行编程,强大的容器可以处理其他所有事情。
最后,防火墙配置为不限制 HTTP 流量,这是首选 HTTP 的第三个原因。
由于 HTTP 流量通常是允许的,因此客户端/服务器的通信更加容易,并且 Web 服务可以在没有 HTTP 隧道导致的网络安全拦截器问题的情况下运行。
SOAP 是 XML=纯文本,因此防火墙可以检查 HTTP 主体的内容并相应地进行阻止。但在这种情况下,它们也可以根据内容进行增强,以拒绝或接受 SOAP。这部分似乎让您感到困扰,与 Web 服务或 SOAP 无关,也许您应该开始一个关于防火墙如何工作的新线程。
话虽如此,HTTP 流量不受限制的事实通常会导致安全问题,因为防火墙基本上被绕过,这就是应用程序网关出现的原因。
但这与这篇文章无关。
总结
所以总结一下使用HTTP的原因:
Overview
SOAP is a messaging protocol and in a nutshell is just another XML language.
Its purpose is the data exchange over networks. Its concern is the encapsulation of these data and the rules for transmitting and receiving them.
HTTP is an application protocol and SOAP messages are placed as the HTTP payload.
Although there is the overhead of HTTP, it has the advantage that it is a protocol that is open to firewalls, well-understood and widely-supported. Thus, web services can be accessed and exposed via technology already in-place.
SOAP messages are usually exchanged via HTTP. Although it is possible to use other (application) protocols, e.g. SMTP or FTP, the non-HTTP bindings are not specified by SOAP specs and are not supported by WS-BP (interoperability spec).
You could exchange SOAP messages over raw TCP but then you would have web services that are not interoperable (not compliant to WS-BP).
Nowadays the debate is why have the SOAP overhead at all and not send data over HTTP (RESTful WS).
Why use HTTP for SOAP?
I will try to address in more detail the question in the OP, asking why use HTTP for SOAP:
First of all SOAP defines a data encapsulation format and that's that.
Now the majority of traffic in the web is via HTTP. HTTP is literary EVERYWHERE and supported by a well-established infrastructure of servers and clients(namely browsers). Additionally it is a very well understood protocol.
The people who created SOAP wanted to use this ready infrastructure and
The tunneling over HTTP would and did help in it's rapid adoption. Because the infrastructure of HTTP is already in-place, companies would not have to spend extra money for another kind of implementation. Instead they can expose and access web services using technology already deployed.
Specifically in Java a web service can be deployed either as a servlet endpoint or as an EJB endpoint. So all the underlying network sockets, threads, streams, HTTP transactions etc. are handled by the container and the developer focuses only on the XML payload.
So a company has Tomcat or JBoss running in port 80 and the web service is deployed and accessible as well.
There is no effort to do programming at the transport layer and the robust container handles everything else.
Finally the fact that firewalls are configured not to restrict HTTP traffic is a third reason to prefer HTTP.
Since HTTP traffic is usually allowed, the communication of clients/servers is much easier and web services can function without network security blockers issues as a result of the HTTP tunneling.
SOAP is XML=plain text so firewalls could inspect the content of HTTP body and block accordingly. But in this case they could also be enhanced to reject or accept SOAP depending on the contents.This part which seems to trouble you is not related to web services or SOAP, and perhaps you should start a new thread concerning how firewalls work.
Having said that, the fact that HTTP traffic is unrestricted often causes security issues since firewalls are essentially by-passed, and that is why application-gateways come in.
But this is not related to this post.
Summary
So to sum up the reasons for using HTTP:
SOAP 可以通过不同的传输方式发送。 HTTP 只是其中之一。
例如:SMTP、TCP/IP
SOAP can be sent over different transports. HTTP is just one of them.
For example: SMTP, TCP/IP
使用 HTTP 的目的是为了穿越防火墙。您会看到,大多数网络 IT 人员不允许打开任何端口,但出于某种原因,他们总是允许端口 80 对网页开放。由于网络服务器已经过多年的测试,因此保护它们的安全变得“更容易”。通过使用 HTTP,您就拥有了一组用于处理通信协议的现有工具。
The motive of using HTTP was to get through firewalls. You see most network IT people do not allow just any port to be open, but for some reason they always allowed port 80 to be open for web pages. Because web servers have been tested over the years it is "easier" to secure them. By using HTTP you have an existing set of tools for dealing with a communications protocol.
您也可以使用 TCP,之前称为 .NET Remoting,现在它是 WCF 的一部分...
you can use TCP too and that was named .NET Remoting before and now its part of WCF...
SOAP 不必通过 HTTP 发送。开发人员最常使用 HTTP 和 POST 肥皂,就好像它是普通的 HTTP POST 一样,因为我们很可能比 SMTP 等其他协议更熟悉 HTTP,再加上我们已经通过 HTTP 实现了 REST。
例如,下面是我们如何通过 SMTP 电子邮件协议发送 SOAP。 通过 SMTP 发送 SOAP
这只是一种常见做法使用 HTTP
SOAP doesn't have to be sent over HTTP. Developers most frequently use HTTP and POST the soap as if it were a normal HTTP POST because we are most probably more familiar with HTTP than other protocols like SMTP, add this to the fact that we already implement REST over HTTP.
For example here is how we send SOAP over SMTP email protocol. Sending SOAP over SMTP
It's just a common practice to use HTTP
由开发人员选择简单对象访问协议的传输层。 XML 不是网络协议,因此不能仅使用 XML 来传输数据。它必须被打包成某种东西。
It is up to developer to choose the transfer layer for Simple Object Access Protocol. The XML is not a network protocol so the data cant be transfered using just XML. It has to be packed into something.
另一个原因可能是(如果我没记错的话)HTTP 也被指定为互联网协议的外观/工作方式的“黄金标准”,所以如果你要开发一个自己的协议,你基本上(在一个如果您遵循所有 RFC,那么最终会得到非常相似的结果,至少是理想的世界。因此,为什么不使用 HTTP,世界上最常见且易于理解的协议之一。
Another reason might be that (if I remember correctly) HTTP is also designated as a "gold standard" for how an internet protocol is supposed to look/work, so if you were to develop an own protocol, you'd basically (in an ideal world at least) end up with something very similar if you followed all the RFCs. Therefore, why not use HTTP, one of the worlds most common and well understood protocols.
基本上,SOAP 是包含 XML 形式的消息描述的 Web 服务标准。该消息结构将在服务请求者调用 Web 服务时传递。在SOA架构中最重要的特性之一是互操作性,在SOA中SOAP发挥着重要作用,通过HTTP/HTTPS传递,因此可以跨越防火墙,其他架构如DCOM、CORBA和RPC不能跨越防火墙。
Basically SOAP is the web services standard that contains descriptions of the message which in the form of XML. That message structure will passed at time of web service called by service requester. In SOA architecture one of the most important characteristic is interoperability, in SOA SOAP play massive role that passed via HTTP/HTTPS and therefore can cross the firewalls, other architecture like DCOM, CORBA and RPC does not cross the firewall.
所有浏览器都支持 HTTP 以实现兼容性,并且它是使用最广泛的 Internet 协议。 SOAP 是一种通信协议,指定发送消息的格式。 RPC和CORBA存在兼容性和安全问题,而HTTP则与所有浏览器兼容。
现在 HTTP 通过 TCP/IP 进行通信。 SOAP 方法是使用 SOAP 编码规则编译的 HTTP 请求/HTTP 响应。
使用 SOAP,提交给 W3C 的协议数据可以封装在 XML 中并使用任意数量的 Internet 协议进行传输。
All the browsers supports HTTP for compatibility and its the most widely used Internet Protocol. SOAP is a communication protocol that specifies the format for sending messages. RPC and CORBA has compatibility and security issues, whereas HTTP is compatible with all the browsers.
Now that HTTP communicates over TCP/IP. A SOAP method is an HTTP request/HTTP response that compiles with the SOAP encoding rules.
using SOAP, a protocol submitted to the W3C data can be enclosed in XML and transmitted using any number of Internet Protocols.