|MySQL Conference and Expo April 14-17, 2008, Santa Clara, CA|
Using the Mozilla SOAP APIby Scott Andrew LePera and Apple Developer Connection
Although still in its infancy, the age of Web services and SOAP has already created a demand for a wide array of client technologies. A search for "SOAP client" turns up myriad implementations for C++, Perl, .NET, PHP, and Java. If you dig a little deeper, you can even find clients for languages such as Ruby, Python and Tcl. Most of these clients operate at the server level, either as middleware or as a component of a larger system.
Web browsing clients have traditionally been left out of this loop, however, since composing SOAP messages and connecting with Web services was better suited to server-based applications tailored specifically for those tasks.
Until recently, that is. With the release of Mozilla 1.0, the world now has a browser that supports SOAP natively. No longer do the tasks of assembling, executing, and handling SOAP operations fall solely on the server side. A Web application running in Mozilla (or in a client using the same scripting engine, such as Netscape 7.0) can now make SOAP calls directly from the client without requiring a browser refresh or additional calls to the server. The data returned from a SOAP operation can be accessed via the same DOM Level 2 methods used to traverse any XML document.
Note: The example scripts used in this article were developed using Mozilla 1.0 on an iBook running Mac OS X. Only the most recent Mozilla builds include the SOAP API. To run these scripts, you'll need to copy the code into an HTML document and run it from your local machine (see Security Issues, below).
The Mozilla SOAP API
A basic SOAP message contains some key information: the URI of the target service, the name of the service method you want to invoke, and a series of parameters to be passed as method arguments. Once these pieces are in place, the SOAP call is ready to go.
I chose the popular Google Web API as the target SOAP service for these sample scripts. Since Google places limits on the use of their API, you'll need to obtain a free Google API Key so these scripts can have full access to the search data.
Invoking SOAP services via the Mozilla API can be done either synchronously or asynchronously. A synchronous SOAP call will cause the script to wait for a response from the service before proceeding - a behavior known as blocking. An asynchronous (non-blocking) call will allow the script to proceed without waiting for a response, and uses a "listener" function (a callback) to handle the response from the service when it arrives. The example scripts in this article use asynchronous SOAP calls.
If you'd like to experiment with different services beyond Google, you can find a robust directory of SOAP services at XMethods.
Because the SOAP API enables the browser to make HTTP calls to services not controlled by you (the user), the security of your system becomes an issue. A secure browser client will not, for example, allow scripting between frames if they contain pages from two different domains. Similarly, it will not allow a script to make risky calls to a service at a foreign domain. After all, who knows what kind of potentially malicious code this so-called "service" is going to send back?
To ensure the safety of your system, a script that uses Mozilla's SOAP API must be either a signed script or run from the user's local machine. (For more on signed scripts in Mozilla see Signed Scripts & Privileges: An Example.) Even when taking these precautions, Mozilla will require that the user grant the proper security privileges to run the script.