• Aucun résultat trouvé

Sécurité en ingénierie du Logiciel

N/A
N/A
Protected

Academic year: 2022

Partager "Sécurité en ingénierie du Logiciel"

Copied!
16
0
0

Texte intégral

(1)

Sécurité en ingénierie du Logiciel

Le cadre des Web Services Partie 7 : Introduction à SOAP

Alexandre Dulaunoy

[email protected]

Sécurité en ingénierie du Logiciel – p.1/16

(2)

Agenda

Introduction

SOAP format (par l’exemple) SOAP format des erreurs

SOAP format et transport HTTP

(3)

Introduction

SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses. SOAP can potentially be used in combination with a variety of other protocols; however, the only bindings defined in this document describe how to use SOAP in combination with HTTP and HTTP Extension Framework.

Simple Object Access Protocol (SOAP) 1.1 - Document W3C

Sécurité en ingénierie du Logiciel – p.3/16

(4)

SOAP format (par l’exemple)

public interface Hello {

public String sayHelloTo(String name);

}

La méthode sayHelloTo pourrait être *,

Pour interfacer sayHelloTo (client/serveur),

Pas limité à Java (uniquement pour l’exemple),

(5)

SOAP format (par l’exemple)

<?xml version="1.0"?>

<Hello>

<sayHelloTo>

<name>John</name>

</sayHelloTo>

</Hello>

Requête vers l’interface Hello définie, Définition de la méthode,

Paramètres de la méthode,

Sécurité en ingénierie du Logiciel – p.5/16

(6)

SOAP format (par l’exemple)

<?xml version="1.0"?>

<Hello>

<sayHelloToResponse>

<message>Hello John, How are you?</message>

</sayHelloToResponse>

</Hello>

Réponse à la requête (vers l’interface Hello), Methode + "Response",

Un "message" de retour.

(7)

SOAP format (requête)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="

http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="

http://www.w3.org/1999/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/1999/XMLSchema">

<SOAP-ENV:Header>

</SOAP-ENV:Header>

<SOAP-ENV:Body>

<ns1:sayHelloTo xmlns:ns1="Hello"

SOAP-ENV:encodingStyle="

http://schemas.xmlsoap.org/soap/encoding/">

<name xsi:type="xsd:string">John</name>

</ns1:sayHelloTo>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope> Sécurité en ingénierie du Logiciel – p.7/16

(8)

SOAP format (retour)

<SOAP-ENV:Envelope xmlns:SOAP-

ENV="http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi="http://www.w3.org/1999/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/1999/XMLSchema">

<SOAP-ENV:Body>

<ns1:sayHelloToResponse xmlns:ns1="Hello"

SOAP-

ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">

<return xsi:type="xsd:string">Hello John, How are you doing?</return>

</ns1:sayHelloToResponse>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

(9)

SOAP format (header)

<SOAP-ENV:Header>

<t:Transaction xmlns:t="some-URI"

SOAP-ENV:mustUnderstand="1">

5

</t:Transaction>

</SOAP-ENV:Header>

Sécurité en ingénierie du Logiciel – p.9/16

(10)

SOAP format (erreur)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="

http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Body>

<SOAP-ENV:Fault>

<faultcode>SOAP-ENV:Server</faultcode>

<faultstring>Server Error</faultstring>

<detail> <e:myfaultdetails xmlns:e="Hello">

<message> Sorry, my silly constraint says that I cannot say hello on Friday. </message>

<errorcode> 1001 </errorcode>

</e:myfaultdetails>

</detail>

</SOAP-ENV:Fault>

</SOAP-ENV:Body> </SOAP-ENV:Envelope>

(11)

SOAP format (+header)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="

http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="

http://www.w3.org/1999/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/1999/XMLSchema">

<SOAP-ENV:Header>

<t:Transaction xmlns:t="some-URI"

SOAP-ENV:mustUnderstand="1">

5 </t:Transaction>

</SOAP-ENV:Header> <SOAP-ENV:Body>

<ns1:sayHelloTo xmlns:ns1="Hello"

SOAP-ENV:encodingStyle="

http://schemas.xmlsoap.org/soap/encoding/">

<name xsi:type="xsd:string">Alex</name>

</ns1:sayHelloTo>

</SOAP-ENV:Body> </SOAP-ENV:Envelope>Sécurité en ingénierie du Logiciel – p.11/16

(12)

SOAP format (erreur sur header)

<SOAP-ENV:Envelope xmlns:SOAP-ENV="

http://schemas.xmlsoap.org/soap/envelope/">

<SOAP-ENV:Body>

<SOAP-ENV:Fault>

<faultcode>SOAP-ENV:MustUnderstand</faultcode>

<faultstring>SOAP Must Understand Error</faultstring> </SOAP-ENV:Fault>

</SOAP-ENV:Body>

</SOAP-ENV:Envelope>

(13)

SOAP via HTTP

POST http://www.SmartHello.com/HelloApplication HTTP/1.0 Content-Type: text/xml; charset="utf-8"

Content-Length: 587

SOAPAction: "http://www.SmartHello.com/HelloApplication#sayHelloTo"

<SOAP-ENV:Envelope xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi=" http://www.w3.org/1999/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/1999/XMLSchema"> <SOAP-ENV:Header> </SOAP-ENV:Header>

<SOAP-ENV:Body> <ns1:sayHelloTo xmlns:ns1="Hello" SOAP-ENV:encodingStyle="

http://schemas.xmlsoap.org/soap/encoding/"> <name xsi:type="xsd:string">John</name>

</ns1:sayHelloTo> </SOAP-ENV:Body> </SOAP-ENV:Envelope>

Sécurité en ingénierie du Logiciel – p.13/16

(14)

SOAP via HTTP (retour)

HTTP/1.0 200 OK

Content-Type: text/xml; charset="utf-8"

Content-Length: 615

<SOAP-ENV:Envelope xmlns:SOAP-ENV=" http://schemas.xmlsoap.org/soap/envelope/"

xmlns:xsi="

http://www.w3.org/1999/XMLSchema-instance"

xmlns:xsd="http://www.w3.org/1999/XMLSchema">

<SOAP-ENV:Body> <ns1:sayHelloToResponse

xmlns:ns1="Hello" SOAP-ENV:encodingStyle=" http://schemas.xmlsoap.org/soap/encoding/">

<return xsi:type="xsd:string">Hello John, How are you doing?</return>

</ns1:sayHelloToResponse> </SOAP-ENV:Body>

</SOAP-ENV:Envelope>

(15)

SOAP : plusieurs transports

via HTTP / TLS,

via les extensions HTTP, via SMTP,

via "Batch processing", via ...

Sécurité en ingénierie du Logiciel – p.15/16

(16)

Q&R

[email protected]

http://www.foo.be/cours/securite-webservices/

3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD

Références

Documents relatifs

Infection with the protozoan Toxoplasma gondii is one of the most frequent parasitic infections worldwide. This obligate intracellular parasite was first described

Jiang, “enhancing the security of mobile applications by using tee and (u)sim,” in Proceedings of the 2013 IEEE 10th International Con- ference on Ubiquitous Intelligence

We define a partition of the set of integers k in the range [1, m−1] prime to m into two or three subsets, where one subset consists of those integers k which are &lt; m/2,

It is expected that the result is not true with = 0 as soon as the degree of α is ≥ 3, which means that it is expected no real algebraic number of degree at least 3 is

La CPU souhaite l’augmentation du préciput de l’Agence Nationale de la Recherche (ANR) et demande que cette augmentation soit attribuée aux universités sans aucun

The study indicates that recovery-oriented principles can be implemented even in an acute admission ward, increasing team satisfaction with work, while attitudes towards coercion

* Compréhension orale et écrite de phrases cellar is down the staircase.. A dark cat sat up

For example, whereas for a = 2,25 and the exponential distribution as the distribution of claim amounts the largest claim constitutes only 4,3% of the total loss, in the case of