A Closer Look At Enhancements To Integrated Web Services
March 21, 2018 Dan Burger
Technology Refresh 8 for IBM i 7.2 and TR4 for IBM i 7.3 became available last week. One of the enhancements in this TR pertains to the Integrated Web Services (IWS), which Business Architect for IBM i Application Development Tim Rowe calls IWS “one of our most widely used pieces of software from an integrated perspective.”
Web services provide the capability to expose the database to outside developers via APIs and Web services. Although that thought brings a shiver down the spine of many developers who learned the proprietary ways of the AS/400, multi-platform integration is the modern development path. The emphasis on integration cannot be overstated.
“In the world of the Web, things change radically and quickly,” Rowe says. “We are continuously looking at what we can do in our REST Web services support to keep it current.”
There have been many enhancements to IWS since its introduction as part of the V5R4 operating system in 2006. Most notable was the evolution from the SOAP protocol to REST services, APIs and Web interfaces that now dominate Web services development. Most new Web services development in IBM i shops uses REST services, but the established Web services were developed using SOAP and they easily outnumber the new Web services.
Although the latest TR enhancements to IWS don’t have the impact of support for REST services, they do further the mission of reducing complexity and shortening development time.
The most important work by the IBM i development team is a security feature that allows Web services to run under the authenticated user. Rowe says authenticated user support has been asked for by IWS users for several years and developing this enhancement required a significant amount of work.
When a Web services job on IBM i runs using an authenticated user, it was passed on an HTTP request. An authenticated user allows the program to leverage the library list associated with the user, as well as ensuring that the job only accesses objects to which the user has authority.
Prior to this enhancement, developers specified a single user profile to run the Web service implementation code and the Web service implementation code ensured the client request was allowed.
Now the user and library list can be dynamically set when the request is made. It goes from static to dynamic control, which includes permissions and authorities. All the work for static control had to be done in the backend code before this IWS enhancement arrived. Most Web service developers would consider this a welcome simplification, Rowe figures.
From a security perspective, Charles Guarino sees an immediate improvement based on the just-released enhancement. Guarino is president of Central Park Data Systems, a consulting firm with experience in Web services development and implementation.
“In the past, IWS created a wide-open server and it was up to the developer to go into the server configuration and lock it down,” Guarino notes.
Guarino’s colleague at Central Park Data Systems, Mike Larson, explains that prior to the authentication enhancement, it was necessary to create and exchange certificates to prove authentication, which was a challenging task. That brings to mind systems described as securable but not necessarily secure.
To run Web service implementation code under an authenticated user profile requires two steps. The first step is the enablement of HTTP basic authentication in the HTTP server associated with the integrated Web services server. The second step involves indicating that the Web service implementation code is to be run under an authenticated user profile. Neither of these steps are considered complex or cumbersome by anyone I talked with.
The second enhancement just released in the latest Technology Refresh is referred to as VARCHAR support. VARCHAR (variable character field) is a type of variable commonly included in Web services. VARCHAR fields determine the amount of data that get passed in or returned via Web services. For years, SQL developers had to specify a separate value that could be passed back.
It also simplifies the detection and determination of lengths of fields when defining large data structure, Rowe says. It’s a convenience for system admins because it allows them to re-deploy a service rather than having to un-deploy it and re-deploy it.
“We have some users who are advanced and doing interesting things,” Rowe says. “This will make things more normal for those people in today’s world. This is part of keeping IBM i current. It’s similar to changes in the RPG language that make it modern and current. These are features that are expected by developers today.”
Web services are considered a key element to providing flexible information technology infrastructure. The integrated Web services server and the integrated Web services client for ILE enables ILE applications to participate in the Web services arena. The combination of Web services and IBM i technologies are part of a modernization strategy that furthers the integration of core business assets while extending and reusing them beyond their original scope of design.
The integrated Web services for IBM i support includes the Web services server and the Web services client for ILE. The server deploys ILE-based programs. The client generates RPG, C or C++ stubs that can be invoked by an ILE program. The stubs get credit for eliminating the complexity of the Web service protocol by handling Web service requests and responses.
Read more about the integrated Web services capabilities at the IBM developerWorks website.