Web service Interview Question
What Are Web Services?
Web services are client and server applications that communicate over the WWW's HTTP.
As described by the World Wide Web Consortium (W3C), web services provide a standard means of interoperating
between software applications running on a variety of platforms and frameworks.
Web services are characterized by their great interoperability and extensibility as well as their
machine-processable descriptions. Web services can be combined in a loosely coupled
way to achieve complex operations. Programs providing simple services can interact with each other to deliver
sophisticated added-value services.
Why web services?
1) Interoperability : work outside of private networks, can easily programming with other languages (virtually platform-independent)
2) Loosely Coupled: independently work
4) Deployability : Easily deploy, can use SSL
Explain web service architecture?
3 different layers and roles are as below
Service provider role is to create the web service and makes it accessible to the
client applications over the internet for their usage.
Any consumer of web service like any client application.
Client applications are written in any language contact web service for any type of functionality
by sending XML request over network.
Service registry is the centralized directory which helps locate web services
for client applications.
The Service Provider uses the ‘Publish’ interface of Service Registry to make the existing web services
available to client applications. With all the information provided by the service registry,
service requestor is able to bind or invoke services.
What are different types of Web Services?
There are two types of web services : 'big' and RESTful.
Big(SOAP) Web Services: Runs on SOAP protocol and uses XML technology for sending data.
RESTful Web Services: Runs on HTTP/HTTPS protocol almost all the time.
RESTful is a stateless client-server architecture where web services are resources
and can be identified by their URIs. Client applications can use HTTP GET/POST methods to invoke RESTful web services.
What are the components of web service?
SOAP- Simple Object Access Protocol
XML- Extensible Markup Language
WSDL- Web Service Description language
UDDI- Universal Description, Discovery, and Integration
RDF- Resource Description Framework
Explain the term Interoperability with respect of Web services?
The term widely used in product marketing description which defines the ability of different products
or systems working together without any special effort from the customer part.
Communication between various applications, sharing of data as well as services among themselves.
There is no restriction on the which type of application to be in communication.
If any code is written, it will be treated as generic code that will be understood by all application.
Thus, the cost of writing specific codes for each application is reduced.
Define web service protocol stack and its layers?
1) Service transport:
Helps in transporting XML messages between various client applications.
Commonly uses the below-mentioned protocols:
HTTP(Hypertext Transport Protocol)
SMTP(Simple Mail Transport Protocol)
FTP(File Transfer Protocol)
BEEP(Block Extensible Exchange Protocol)
2) XML messaging:
Messages are encoded in common XML format which is easily understood by others.
This layer includes : XML-RPC and SOAP(Simple Object Access Protocol)
3) Service description:
Location, available functions, and data types for XML messaging which describes
the public interface to a specific web service.
This layer includes : WSDL(Web Service Description Language)
4) Service discovery:
Responsible for providing a way to publish and find web services over the web.
This layer includes: UDDI(Universal Description, Discovery, and Integration)
What is XML-RPC?
RPC(Remote Procedure Call) is the method of calling a procedure or function available on any remote computer and
XML (Extensible Markup Language).
XML-RPC represents a simple protocol that performs RPCs by using XML messaging.
Excellent tool for connecting different environments and establishing connections between wide
varieties of computers.
What are the features of XML-RPC?
What are advantages of web services?
- RPCs are performed using simple XML language.
- XML encoded Requests are sent via HTTP POST.
- XML Response is embedded in HTTP response.
- It is considered as platform-independent.
- It allows communication between diverse applications.
- It uses HTTP protocol for passing information between client and server computers.
- It has small XML vocabulary for describing request and response’s nature.
Differentiate SOAP and REST?
- Web services help in exposing the existing functionalities over the network to help other applications
to use in their programs.
- It has features like ‘Interoperability’ which determines the communication between various
applications, sharing of data as well as services among themselves.
- Standardized web service protocol stack for communication which consists
of 4 layers namely, Service Transport, XML messaging, Service description and Service discovery.
- Low cost of communication because of the usage of SOAP (Simple Object Access Protocol) over HTTP protocol.
- Easy to deploy, integrate and is reusable.
- Allows simple integration between different feature as a part of loose coupling feature.
Can we maintain user session in web services?
SOAP web service
RESTful web service
|Java API for SOAP web service is JAX-WS.
||Java API for RESTful web service is JAX-RS.
|Simple Object Access Protocol (SOAP) serves as a standard protocol for web service creation.
||Representational State Transfer (REST) is an architectural style for web service creation.
|Web services and clients are tightly coupled and define some standards that need to be strictly followed.
||It does not follow many standards and is loosely coupled.
|It requires more bandwidth and resource as well as uses service interfaces for exposing business logic.
||It requires less bandwidth and resource as well as uses URI (Uniform Resource Identifiers) for exposing business logic.
|Permits XML data format only.
||Permits data formats like Plain text, HTML, JSON, etc.
|It is usually less preferred
||It is usually more preferred
|SOAPUI can be used for testing SOAP web services.
||Browsers and extensions such as Chrome postman are used for testing RESTful web services.
|Its own security and uses WSDL contract for binding web services and client programs.
||It does not have any defined contract as well as does not have its own security methods.
|Standard communication protocol on top of transport protocols such as HTTP, SMTP, Messaging, TCP, UDP, etc.
||transmitted over transport protocol such as HTTP(S).
|cannot be cached
||can be cached
|Supports both SSL security and WS-security
||Supports only point-to-point SSL security
|Has comprehensive support for both ACID based transaction management for short-lived
transactions and compensation based transaction management for long-running transactions.
It also supports two-phase commit across distributed resources.
||REST supports transactions, but it is neither ACID compliant nor can provide two phase commit
across distributed transactional resources as it is limited by its HTTP protocol.
|SOAP has success or retry logic built in and provides end-to-end reliability even through SOAP intermediaries.
||REST does not have a standard messaging system, and expects clients invoking the service to deal with
communication failures by retrying.
WS-Security maintains its encryption right up to the point where the request is being processed.
WS-Security allows you to secure parts (e.g. only credit card details) of the message
that needs to be secured. Given that encryption/decryption is not a cheap operation,
this can be a performance boost for larger messages.
It is also possible with WS-Security to secure different parts of the message using
different keys or encryption algorithms. This allows separate parts of the message to be
read by different people without exposing other, unneeded information.
SSL security can only be used with HTTP. WS-Security can be used with other protocols
like UDP, SMTP, etc.
Client encrypts all of the requests based on a key retrieved from a third party.
When the request is received at the destination,
it is decrypted and presented to the service. This means the request is only encrypted while
it is traveling between the client and the server. Once it hits the server
(or a proxy which has a valid certificate), it is decrypted from that moment on.
The SSL encrypts the whole message, whether all of it is sensitive or not.
Web services are stateless so we can’t maintain user sessions in web services.
What is difference between SOA and Web Services?
Service Oriented Architecture (SOA) is an architectural pattern where applications are designed in terms
of services that can be accessed through communication protocol over network.
SOA is a design pattern and doesn’t go into implementation.
Web Services can be thought of as Services in SOAP architecture and providing means to implement SOA pattern.
SOA (Service Oriented Architecture ) is an architectural pattern consisting of services.
Application components provide services to the other components using communication protocol over the network.
This communication involves data exchanging or some coordination activity between services.
Key principles of SOA
What is the role of SOAPUI?
- The service contract should be standardized containing all the description of the services.
- There is loose coupling defining the less dependency between the web services and the client.
- It should follow Service Abstraction rule, which says the service should not expose the way functionality has been executed to the client application.
- Services should be reusable in order to work with various application types.
- Services should be stateless having the feature of discoverability.
- Break services into little problems and allow diverse subscribers to use the services.
- SOAPUI is an open-source, free and cross-platform functional testing solution.
- It can help create functional, security and load testing test suites.
- Data driven testing and scenario based testing is also performed.
- It has the ability to impersonate web services as well as has got built-in reporting abilities.
- What do you know about foundation security services?
Integration, Authentication, Authorization , Digital Signatures, Encryption processes
- What do you mean by ESB?
ESB is stands for Enterprise Service Bus. ESB is standard based which is most important component of
Service Oriented Architecture(SOA).Using ESB we can connect applications through service interfaces.
- Differentiate between SOA (Service Oriented Architecture) versus WOA (Web Oriented Architecture)?
WOA extends SOA to be a light-weight architecture using technologies such as REST and POX (Plain Old XML).
POX compliments REST. JSON is a variant for data returned by REST Web Services.
WOA – RESTFul Service Calls via AJAX to populate different sections of a UI.
SOA and WOA differ in terms of the layers of abstraction. SOA is a system-level architectural style that tries to expose business capabilities so that they can be consumed by many applications. WOA is an interface-level architectural style that focuses on the means by which these service capabilities are exposed to consumers. You can start out with a WOA and then grow into SOA.
- How to handle Network security threats in Web services?
There are two possible solutions −
• Filter out all HTTP POST requests that set their content type to text/xml.
• Another alternative is to filter the SOAP Action HTTP header attribute.
- What are the different styles of Web Services used for application integration?