有人能用通俗易懂的英语解释一下什么是REST,什么是SOAP吗?Web服务是如何工作的?


当前回答

这两种方法都被许多大型公司采用。这是个人喜好的问题。我更喜欢REST,因为它更容易使用和理解。

简单对象访问协议(SOAP):

SOAP builds an XML protocol on top of HTTP or sometimes TCP/IP. SOAP describes functions, and types of data. SOAP is a successor of XML-RPC and is very similar, but describes a standard way to communicate. Several programming languages have native support for SOAP, you typically feed it a web service URL and you can call its web service functions without the need of specific code. Binary data that is sent must be encoded first into a format such as base64 encoded. Has several protocols and technologies relating to it: WSDL, XSDs, SOAP, WS-Addressing

具象状态转移(REST):

REST need not be over HTTP but most of my points below will have an HTTP bias. REST is very lightweight, it says wait a minute, we don't need all of this complexity that SOAP created. Typically uses normal HTTP methods instead of a big XML format describing everything. For example to obtain a resource you use HTTP GET, to put a resource on the server you use HTTP PUT. To delete a resource on the server you use HTTP DELETE. REST is a very simple in that it uses HTTP GET, POST and PUT methods to update resources on the server. REST typically is best used with Resource Oriented Architecture (ROA). In this mode of thinking everything is a resource, and you would operate on these resources. As long as your programming language has an HTTP library, and most do, you can consume a REST HTTP protocol very easily. Binary data or binary resources can simply be delivered upon their request.

在谷歌上有关于REST和SOAP的无休止的争论。

我最喜欢的是这个。 2013年11月27日更新:保罗·普莱斯科德的网站似乎已经下线,这篇文章不再可用,不过可以在Wayback Machine上找到副本,或者在CiteSeerX上以PDF格式找到。

其他回答

我将从第二个问题开始:什么是Web服务?原因显而易见。

WebServices本质上是公开某些功能或数据的逻辑片段(您可以模糊地将其称为方法)。客户端实现(技术上讲,消费是这个词)只需要知道方法将要接受的参数是什么,以及它将要返回的数据类型(如果它确实要返回的话)。

下面的链接以极其清晰的方式讲述了关于REST和SOAP的一切。

REST vs SOAP

如果您还想知道什么时候选择什么(REST或SOAP),那么更有理由经历它!

这两种方法都被许多大型公司采用。这是个人喜好的问题。我更喜欢REST,因为它更容易使用和理解。

简单对象访问协议(SOAP):

SOAP builds an XML protocol on top of HTTP or sometimes TCP/IP. SOAP describes functions, and types of data. SOAP is a successor of XML-RPC and is very similar, but describes a standard way to communicate. Several programming languages have native support for SOAP, you typically feed it a web service URL and you can call its web service functions without the need of specific code. Binary data that is sent must be encoded first into a format such as base64 encoded. Has several protocols and technologies relating to it: WSDL, XSDs, SOAP, WS-Addressing

具象状态转移(REST):

REST need not be over HTTP but most of my points below will have an HTTP bias. REST is very lightweight, it says wait a minute, we don't need all of this complexity that SOAP created. Typically uses normal HTTP methods instead of a big XML format describing everything. For example to obtain a resource you use HTTP GET, to put a resource on the server you use HTTP PUT. To delete a resource on the server you use HTTP DELETE. REST is a very simple in that it uses HTTP GET, POST and PUT methods to update resources on the server. REST typically is best used with Resource Oriented Architecture (ROA). In this mode of thinking everything is a resource, and you would operate on these resources. As long as your programming language has an HTTP library, and most do, you can consume a REST HTTP protocol very easily. Binary data or binary resources can simply be delivered upon their request.

在谷歌上有关于REST和SOAP的无休止的争论。

我最喜欢的是这个。 2013年11月27日更新:保罗·普莱斯科德的网站似乎已经下线,这篇文章不再可用,不过可以在Wayback Machine上找到副本,或者在CiteSeerX上以PDF格式找到。

SOAP web服务和REST web服务都可以使用HTTP协议和其他协议(只是提到SOAP可以是REST的底层协议)。我将只讨论与SOAP和REST相关的HTTP协议,因为这是它们最常用的用法。

SOAP

SOAP(“简单”对象访问协议)是一种协议(也是W3C标准)。它定义了如何创建、发送和处理SOAP消息。

SOAP messages are XML documents with a specific structure: they contain an envelope which contains the header and the body section. The body contains the actual data - we want to send - in an XML format. There are two encoding styles, but we usually choose literal, which means that our application or its SOAP driver does the XML serialization and unserialization of the data. SOAP messages travel as HTTP messages with SOAP+XML MIME subtype. These HTTP messages can be multipart, so optionally we can attach files to SOAP messages. Obviously we use a client-server architecture, so the SOAP clients send requests to the SOAP webserices and the services send back responses to the clients. Most of the webservices use a WSDL file to describe the service. The WSDL file contains the XML Schema (XSD hereafter) of the data we want to send and the WSDL binding which defines how the webservice is bound to the HTTP protocol. There are two binding styles: RPC and document. By the RPC style binding the SOAP body contains the representation of an operation call with the parameters (HTTP requests) or the return values (HTTP response). The parameters and return values are validated against the XSD. By the document style binding the SOAP body contains an XML document which is validated against the XSD. I think the document binding style is better suited to event based systems, but I never used that binding style. The RPC binding style is more prevalent, so most people use SOAP for XML/RPC purposes by distributed applications. The webservices usually find each other by asking an UDDI server. UDDI servers are registries which store the location of the webservices.

SOAP RPC

因此,在我看来,最流行的SOAP web服务使用RPC绑定样式和文字编码样式,它具有以下属性:

It maps URLs to operations. It sends messages with SOAP+XML MIME subtype. It can have a server side session store, there are no constraints about that. The SOAP client drivers use the WSDL file of the service to convert the RPC operations into methods. The client side application communicates with the SOAP webservice by calling these methods. So most of the SOAP clients break by interface changes (resulting method names and/or parameter changes). It is possible to write SOAP clients which won't break by interface changes using RDF and find operations by semantics, but semantic webservice are very rare and they don't necessarily have a non breaking client (I guess).

REST

REST (representational state transfer) is an architecture style which is described in the dissertation of Roy Fielding. It does not concern about protocols like SOAP does. It starts with a null architecture style having no constraints and defines the constraints of the REST architecture one by one. People use the term RESTful for webservices which fulfill all of the REST constraints, but according to Roy Fielding, there are no such things as REST levels. When a webservice does not meet with every single REST constraint, then it is not a REST webservice.

其他约束

Client - server architecture - I think this part is familiar to everyone. The REST clients communicate with the REST webservices, the webservices maintain the common data - resource state hereafter - and serve it to the clients. Stateless - The "state transfer" part of the abbreviation: REST. The clients maintain the client state (session/application state), so the services must not have a session storage. The clients transfer the relevant part of the client state by every request to the services which respond with the relevant part of the resource state (maintained by them). So requests don't have context, they always contain the necessary information to process them. For example by HTTP basic auth the username and the password is stored by the client, and it sends them with every request, so authentication happens by every request. This is very different from regular webapplications where authentication happens only by login. We can use any client side data storage mechanism like in-memory(javascript), cookies, localStorage, and so on... to persist some parts of the client state if we want. The reason of the statelessness constraint, that the server scales well - even by very high load (millions of users) - when it does not have to maintain the session of every single client. Cache - The response must contain information about it can be cached by the client or not. This improves scalability further. Uniform interface Identification of resources - REST resource is the same as RDF resource. According to Fielding if you can name something, then it can be a resource, for example: "the current local weather" can be a resource, or "your mobile phone" can be a resource, or "a specific web document" can be a resource. To identify a resource you can use resource identifiers: URLs and URNs (for example ISBN number by books). A single identifier should belong only to a specific resource, but a single resource can have many identifiers, which we frequently exploit for example by pagination with URLs like https://example.com/api/v1/users?offset=50&count=25. URLs have some specifications, for example URLs with the same pathes but different queries are not identical, or the path part should contain the hierarhical data of the URL and the query part should contain the non-hierarchical data. These are the basics of how to create URLs by REST. Btw. the URL structure does matter only for the service developers, a real REST client does not concern with it. Another frequently asked question is API versioning, which is an easy one, because according to Fielding the only constant thing by resource is semantics. If the semantics change, then you can add a new version number. You can use classical 3 number versioning and add only the major number to the URLs (https://example.com/api/v1/). So by backward compatible changes nothing happens, by non-backward compatible changes you will have a non-backward compatible semantics with a new API root https://example.com/api/v2/. So the old clients won't break, because they can use the https://example.com/api/v1/ with the old semantics. Manipulation of resources through representations - You can manipulate the data related to resources (resource state) by sending the intended representation of the resources - along with the HTTP method and the resource identifier - to the REST service. For example if you want to rename a user after marriage, you can send a PATCH https://example.com/api/v1/users/1 {name: "Mrs Smith"} request where the {name: "Mrs Smith"} is a JSON representation of the intended resource state, in other words: the new name. This happens vica-versa, the service sends representations of resources to the clients in order to change their states. For example if we want to read the new name, we can send a GET https://example.com/api/v1/users/1?fields="name" retrieval request, which results in a 200 ok, {name: "Mrs Smith"} response. So we can use this representation to change the client state, for example we can display a "Welcome to our page Mrs Smith!" message. A resource can have many representations depending on the resource identifier (URL) or the accept header we sent with the request. For example we can send an image of Mrs Smith (probably not nude) if image/jpeg is requested. Self-descriptive messages - Messages must contain information about how to process them. For example URI and HTTP method, content-type header, cache headers, RDF which describes the meaning of the data, etc... It is important to use standard methods. It is important to know the specification of the HTTP methods. For example GET means retrieving information identified by the request URL, DELETE means asking the server to delete the resource identified by the given URL, and so on... HTTP status codes have a specification as well, for example 200 means success, 201 means the a new resource has been created, 404 means that the requested resource was not found on the server, etc... Using existing standards is an important part of REST. Hypermedia as the engine of application state (HATEOAS hereafter) - Hypermedia is a media type which can contain hyperlinks. By the web we follow links - described by a hypermedia format (usually HTML) - to achieve a goal, instead of typing the URLs into the addres bar. REST follows the same concept, the representations sent by the service can contain hyperlinks. We use these hyperlinks to send requests to the service. With the response we get data (and probably more links) which we can use to build the new client state, and so on... So that's why hypermedia is the engine of application state (client state). You probably wonder how do clients recognize and follow the hyperlinks? By humans it is pretty simple, we read the title of the link, maybe fill input fields, and after that just a single click. By machines we have to add semantics to the links with RDF (by JSON-LD with Hydra) or with hypermedia specific solutions (for example IANA link relations and vendor specific MIME types by HAL+JSON). There are many machine readable XML and JSON hypermedia formats, just a short list of them: XHTML ATOM+XML RDF+XML HAL+XML HAL+JSON JSON-LD RDF+JSON Siren Collection+JSON Sometimes it is hard to choose... Layered system - We can use multiple layers between the clients and the services. None of them should know about all of these additonal layers, just of layer right next to it. These layers can improve scalability by applying caches and load balancing or they can enforce security policies. Code on demand - We can send back code which extends the functionality of the client, for example javascript code to a browser. This is the only optional constraint of REST.

REST web服务与SOAP RPC web服务的区别

因此,REST web服务与SOAP web服务(具有RPC绑定样式和文字编码样式)非常不同。

It defines an uniform interface (intead of a protocol). It maps URLs to resources (and not operations). It sends messages with any MIME types (instead of just SOAP+XML). It has a stateless communication, and so it cannot have a server side session storage. (SOAP has no constraint about this) It serves hypermedia and the clients use links contained by that hypermedia to request the service. (SOAP RPC uses operation bindings described in the WSDL file) It does not break by URL changes only by semantics changes. (SOAP RPC clients without using RDF semantics break by WSDL file changes.) It scales better than a SOAP webservice because of its stateless behavior.

等等……

SOAP RPC web服务不满足所有REST约束:

客户-服务器架构——总是这样 无状态-可能 缓存-可能 统一接口-从不 分层系统-从不 按需编码(可选)-可能

REST

I understand the main idea of REST is extremely simple. We have used web browsers for years and we have seen how easy, flexible, performing, etc web sites are. HTML sites use hyperlinks and forms as the primary means of user interaction. Their main goal is to allow us, clients, to know only those links that we can use in the current state. And REST simply says 'why not use the same principles to drive computer rather than human clients through our application?' Combine this with the power of the WWW infrastructure and you'll get a killer tool for building great distributed applications.

另一种可能的解释是针对具有数学思维的人。每个应用程序基本上都是一个状态机,业务逻辑操作是状态转换。REST的思想是将每个转换映射到某个资源的请求上,并向客户端提供表示当前状态下可用转换的链接。因此,它通过表示和链接对状态机建模。这就是为什么它被称为具象状态传输。

It's quite surprising that all answers seem to focus either on message format, or on HTTP verbs usage. In fact, the message format doesn't matter at all, REST can use any one provided that the service developer documents it. HTTP verbs only make a service a CRUD service, but not yet RESTful. What really turns a service into a REST service are hyperlinks (aka hypermedia controls) embedded into server responses together with data, and their amount must be enough for any client to choose the next action from those links.

不幸的是,除了Roy Fielding的论文,在Web上很难找到关于REST的正确信息。(他是REST的发明人)。我推荐《REST in Practice》这本书,因为它提供了一个全面的循序渐进的教程,教你如何从SOAP演进到REST。

SOAP

这是RPC(远程过程调用)体系结构样式的一种可能形式。本质上,它只是一种允许客户端通过服务边界(网络、进程等)调用服务器方法的技术,就像调用本地方法一样。当然,它实际上与调用本地方法在速度、可靠性等方面有所不同,但思想就是这么简单。

相比

The details like transport protocols, message formats, xsd, wsdl, etc. don't matter when comparing any form of RPC to REST. The main difference is that an RPC service reinvents bicycle by designing it's own application protocol in the RPC API with the semantics that only it knows. Therefore, all clients have to understand this protocol prior to using the service, and no generic infrastructure like caches can be built because of proprietary semantics of all requests. Furthermore, RPC APIs do not suggest what actions are allowed in the current state, this has to be derived from additional documentation. REST on the other hand implies using uniform interfaces to allow various clients to have some understanding of API semantics, and hypermedia controls (links) to highlight available options in each state. Thus, it allows for caching responses to scale services and making correct API usage easily discoverable without additional documentation.

在某种程度上,SOAP(与任何其他RPC一样)试图通过服务边界进行隧道,将连接媒体视为只能传输消息的黑盒。REST决定承认Web是一个巨大的分布式信息系统,接受世界的现状并学会掌握它,而不是与之对抗。

当您同时控制服务器和客户端,并且交互不太复杂时,SOAP似乎非常适合内部网络api。开发人员更自然地使用它。然而,对于一个被许多独立方使用的公共API来说,它既复杂又庞大,REST应该更适合它。但最后这个比较非常模糊。

更新

My experience has unexpectedly shown REST development to be more difficult than SOAP. At least for .NET. While there are great frameworks like ASP.NET Web API, there's no tooling that would automatically generate client-side proxy. Nothing like 'Add Web Service Reference' or 'Add WCF Service Reference'. One has to write all serialization and service querying code by hand. And man, that's lots of boilerplate code. I think REST development needs something similar to WSDL and tooling implementation for each development platform. In fact, there seems to be a good ground: WADL or WSDL 2.0, but neither of the standards seems to be well-supported.

更新(2016年1月)

事实证明,现在有各种各样的REST API定义工具。目前我的个人偏好是RAML。

Web服务如何工作

嗯,这是一个过于宽泛的问题,因为它取决于特定web服务中使用的架构和技术。但一般来说,web服务只是web中的某个应用程序,它可以接受来自客户机的请求并返回响应。它暴露在网络上,因此它是一种网络服务,它通常是全天候可用的,这就是为什么它是一种服务。当然,它为客户端解决了一些问题(否则为什么有人会使用web服务)。

REST是一种用于设计网络应用程序的体系结构风格。其思想是,使用简单的HTTP在机器之间进行调用,而不是使用复杂的机制(如CORBA、RPC或SOAP)来连接机器。