A few gotchas from consuming .net-webservices with a Linux/Java-client
Webservice-integration and SOAP is easy, right? Well I wouldn't really agree with the S in SOAP standing for "simple"...
I have been working for a client, building a Java(Tomcat) web application that integrates with a Microsoft back-end using SOAP web services. I have been working with SOAP frameworks a lot before, mostly Apache Axis, and I didn't think I was going to run into so many problems, but...
The setup:
Java/Tomcat/Axis on Linux --> c#/.net on Windows Server
The first obstacle was to even generate Java-classes from the WSDL. Apparently Axis didn't support operation overloading (and a bit of googling on the subject told me that it wasn't really clear whether it was supported in the specification or not. If I got it right it was not supported in SOAP 1.0, but supported in SOAP 1.1 (but didn't really work there either), and then...not supported again in SOAP 1.2).
Anyway, other people have had the same problem and have fixed it (if you need it, you can download an enhanced version of wsdl4j.jar from: http://www.xwebservices.com/Resources/wsdl4j-esigma.zip)
The second obstacle was that the web service I was suppose to use returned .net-datasets (which I could not find any solution to use). After a lot of discussion I managed to have the web services rewritten to return standard "complexTypes".
The third obstacle does not have to do with SOAP but with Windows authentication. The client I worked with had a policy to use Windows Integrated Security for authentication (NTLM) as the only way to authenticate, and you had to use NTML version 2. I don't really know the details of that protocol but when searching the web for a solution to use it from Java on Linux I only found frustrated questions but no answers. Apparently Sun has licensed to have the JRE Http client work with NTLM, but only on the Windows platform. So that didn't work. Next try was to use Apache Commons Http Client, but the documentation was pretty clear on the support for NTLM.
From jakarta.apache.org:
"NT Lan Manager (NTLM) authentication is a proprietary, closed challenge/response authentication protocol for Microsoft Windows. Only some details about NTLM protocol are available through reverse engineering. HttpClient provides limited support for what is known as NTLMv1, the early version of the NTLM protocol. HttpClient does not support NTLMv2 at all."
Well...after a lot of searching I found a commercial http-client from oakland software that managed to handle the ntlm-protocol. And it finally it worked fine after some tweaking.
My advices:
1. Don't let tools like Visual Studio generate web services for you, without specifying the interface yourself (in particular do not return .net datasets if you want to service other than .net clients)
2. Don't use Windows Integrated Security (NTLM) for authentication from other than Windows clients (unless really, really necessary)
3. If you do choose to use NTLM, and want to use a commercial client, consider Oakland software's http-client, they had excellent support (and fixed Axis support in just a couple of days)...
4. SOAP is not (S)imple...Consider REST instead of SOAP where applicable... (after this project I am really looking forward to try out REST-support (and Active resources) in Rails 1.2. That might be my next blog post.
