SlideShare une entreprise Scribd logo

Rest with Spring

Eugen Paraschiv
Eugen Paraschiv
Technologie
1  sur  27
Télécharger pour lire hors ligne
REST with Spring BJUG 6 @IBM Eugen Paraschiv
Overview ● Why REST? ● RESTful Constraints and Guidelines ● REST via Spring MVC ● Persistence with Spring Data ● Testing of a RESTful Service ● Q&A
Why REST ● REST is a set of Constraints (it's not the only one) ● Minimize Coupling between Client and Server ● Update the Server frequently without updating the Clients (no control over them) ● Support for many different types of Clients ● Scaling becomes easy(er)
The Four Levels of HTTP APIs - I, II Level I. SOAP (Flickr SOAP API, Google AdSense API) - WSDL describes the interface at design time - no Resources are identified by URI - only Service Endpoints - no difference between Resource and Representation - HTTP treated as transport - no use of HTTP semantics Level II. RPC (Amazon SimpleDB, Flickr 'REST' API) + the API exposes Resources (often corresponding to the application models) - operations are done via actions in the URIs - the URI space is known at design time (ex. /post/make_new) - operations, failure codes are application specific - HTTP treated as transport - no use of HTTP semantics
The Four Levels of HTTP APIs - III Level III. HTTP (Twitter API) + Resources are exposed and identified by URIs + Resources are manipulated via Representations + HTTP semantics used correctly, use of generic media types (e.g. application/xml) - message semantics only known to Client and Server but not intermediaries - Client and Server are coupled by original design - application state machine is known at design time - assumptions about available representations and transitions are hard-coded
The Four Levels of HTTP APIs - IV Level IV. REST (Atom Pub, OpenSearch) + service description comes in the form of media type (and link relations) specifications + Client only knows entry bookmark (the Root URI) and media types and no specifics about the particular service + Client proceeds through application by looking at one response at a time, each time evaluating how best to proceed given its overall goal and the available transitions + Methods to use are known from media type (and link relations) specifications or selected at runtime based on forms (form semantics known from media type specifications)
REST SEC project WHERE - @github - https://github.com/eugenp/REST WHY - Reference Spring implementation of a REST Service - Identity Management Solution as a Service HOW - REST/web: Spring 3.1.x - Marshalling: Jackson 2.x (for JSON) and XStream (for XML) - Persistence: Spring Data JPA and Hibernate 4.1.x - Testing: Junit, Hamcrest, Mockito, rest-assured, RestTemplate (Apache HTTP Client)
RESTful Constraints - I. Stateless "Each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. Session state is therefore kept entirely on the client" In Short - no sessions, no cookies - each request should contain it's authentication credentials With Spring Security <http create-session="stateless" ... >
RESTful Constraints - II. Cache ● Caching is on the Client side ● Goal of Client side Caching - partially or completely eliminate interactions with the Server ● HTTP Caching options: ● ETag/If-None-Match ● Last-Modified/If-Modified-Since
III. Caching - ETag - example - ex: first, retrieve a Privilege resource: curl -H "Accept: application/json" -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Last-Modified: Fri, 05 Oct 2012 11:36:33 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 52 Date: Fri, 05 Oct 2012 11:36:33 GMT
III. Caching - ETags - example (cont) - next, use the etag value from the previous response to retrieve the Privilege resource again: curl -H "Accept: application/json" -H 'If-None-Match: "f88dd058fe004909615a64f01be66a7"' -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Date: Fri, 05 Oct 2012 11:37:55 GMT
REST Constraint - III. Uniform Interface Uniform Interface Constraints 1. Identification of Resources 2. Manipulation of Resources through Representations 3. Self-descriptive Messages 4. Hypermedia As The Engine Of Application State (HATEOAS)
III.1. Identification of Resources - Spring MVC For a sample foo resource: - the Controller @Controller @RequestMapping(value = "foos") public class FooController{ ... } - retrieve by id: GET api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.GET) public Foo findOne(@PathVariable("id") Long id){...} - search: GET api/foos?q=query @RequestMapping(params = {"q"}, method = RequestMethod.GET) public List<Foo> search(@RequestParam("q") String query){...}
III.1. Identification of Resources - Spring MVC (cont) - create single (update the collection): POST api/foos @RequestMapping(method = RequestMethod.POST) @ResponseStatus(HttpStatus.CREATED) public void create(@RequestBody Foo resource) {...} - update/override PUT api/foos/id @RequestMapping(method = RequestMethod.PUT) @ResponseStatus(HttpStatus.OK) public void update(@RequestBody Foo resource) { ... } - delete: DELETE api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) @ResponseStatus(HttpStatus.NO_CONTENT) public void delete(@PathVariable("id") Long id) { ... }
REST Constraint - III. Uniform Interface Supported Representations: - JSON - application/json - XML - application/xml - future: ATOM All read operations will perform Content Negotiation when the Accept header is set on the request All write operations supports the Content-Type header to be set on the request
Spring MVC - the Controller/Web Layer Simple Responsibilities: - mapping of URIs - Marshalling/Unmarshalling of Resource Representations (implicit) - Translation of Exceptions to HTTP Status Codes
REST Constraint - III. Uniform Interface - HATEOAS - Discoverability at the root - the Create operation - making use of `rel` - Advanced Topics: custom Mime Types, HAL
Persistence Layer - Spring Data - DAO only with interfaces - no implementations public interface IUserJpaDAO extends JpaRepository<User, Long> { … } - define a new, simple method: List<User> findByLastname(String lastname); List<User> findByEmailAddressAndLastname(String emailAddress, String lastname); - flexibility to use @Query @Query("select u from User u where u.emailAddress = ?1") User findByEmailAddress(String emailAddress);
Persistence Layer - Spring Data ● Pagination Page<User> findByFirstname(String firstname, Pageable pageable); ● Sorting List<User> findByLastname(String lastname, Sort sort);
Persistence Layer - Spring Data Other out of the box features - support for: ● Audit: create date, created by, last update date, last updated by ● Advanced Persistence APIs: QueryDSL, JPA 2 Specifications
Transactional Semantics - the API Layer Strategy ● the Controller layer is the transactional owner ● the Service layer contains no transactional semantics ● there are no self-invocations or inter- invocations in the Controller layer - each invocation is a client call
Testing of a REST Service ● Live Tests: testing the deployed RESTful service ○ each RESTful service has a corresponding production API and a testing API ○ high level testing is done via the production API ○ lower level testing is done via the testing API ● Integration tests: business, persistence ● Unit tests
Testing - High Level Live Test (over REST) @Test public void givenResourceExists_whenResourceIsRetrievedByName_thenResourceIsFound() { // Given T existingResource = api.create(createNewEntity()); // When T resourceByName = api.findByName(existingResource.getName()); // Then assertNotNull(resourceByName); }
Testing - Low Level Live Test (over REST) @Test public void givenInvalidResource_whenResourceIsUpdated_then409ConflictIsReceived() { // Given User existingUser = RestAssured.given().auth().preemptive().basic (username, password).contentType("application/json").body(resourceAsJson). post(uri).as(User.class); existingUser.setName(null); // When Response updateResponse = RestAssured.given().auth().preemptive(). basic(username, password).contentType("application/json").body (existingUser).put(uri); // Then assertThat(updateResponse.getStatusCode(), is(409)); }
Security Concerns - Basic and Digest Authentication with Spring Security ON THE SAME URI (similar to Content Negotiation): ● Authorization: Basic ... ● Authorization: Digest ...
Conclusion Questions: -? -? -? -?
THANKS

Recommandé

Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVC
IndicThreads
 
Microservices with Spring Boot
Microservices with Spring BootMicroservices with Spring Boot
Microservices with Spring Boot
Joshua Long
 
Spring Mvc Rest
Spring Mvc RestSpring Mvc Rest
Spring Mvc Rest
Craig Walls
 
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy ClarksonMulti Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Joshua Long
 
Effective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingEffective Web Application Development with Apache Sling
Effective Web Application Development with Apache Sling
Robert Munteanu
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with Spring
Joshua Long
 
Microservices/dropwizard
Microservices/dropwizardMicroservices/dropwizard
Microservices/dropwizard
FKM Naimul Huda, PMP
 
Apache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareApache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middleware
Robert Munteanu
 

Recommandé

Building RESTful applications using Spring MVC
Building RESTful applications using Spring MVCBuilding RESTful applications using Spring MVC
Building RESTful applications using Spring MVC
IndicThreads
 
Microservices with Spring Boot
Microservices with Spring BootMicroservices with Spring Boot
Microservices with Spring Boot
Joshua Long
 
Spring Mvc Rest
Spring Mvc RestSpring Mvc Rest
Spring Mvc Rest
Craig Walls
 
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy ClarksonMulti Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Joshua Long
 
Effective Web Application Development with Apache Sling
Effective Web Application Development with Apache SlingEffective Web Application Development with Apache Sling
Effective Web Application Development with Apache Sling
Robert Munteanu
 
REST APIs with Spring
REST APIs with SpringREST APIs with Spring
REST APIs with Spring
Joshua Long
 
Microservices/dropwizard
Microservices/dropwizardMicroservices/dropwizard
Microservices/dropwizard
FKM Naimul Huda, PMP
 
Apache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middlewareApache Sling as an OSGi-powered REST middleware
Apache Sling as an OSGi-powered REST middleware
Robert Munteanu
 
Dropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stackDropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stack
Jacek Furmankiewicz
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with Spring
Joshua Long
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
Jeevesh Pandey
 
Building Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET Core
Stormpath
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
Trey Howard
 
Android and REST
Android and RESTAndroid and REST
Android and REST
Roman Woźniak
 
The Past Year in Spring for Apache Geode
The Past Year in Spring for Apache GeodeThe Past Year in Spring for Apache Geode
The Past Year in Spring for Apache Geode
VMware Tanzu
 
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter LehtoJavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLEREST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
reneechemel
 
Spring Boot & WebSocket
Spring Boot & WebSocketSpring Boot & WebSocket
Spring Boot & WebSocket
Ming-Ying Wu
 
Spring 4 Web App
Spring 4 Web AppSpring 4 Web App
Spring 4 Web App
Rossen Stoyanchev
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Spring Boot
Spring BootSpring Boot
Spring Boot
Jiayun Zhou
 
Content-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache SlingContent-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache Sling
Fabrice Hong
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
Restlet
 
Lecture 7 Web Services JAX-WS & JAX-RS
Lecture 7 Web Services JAX-WS & JAX-RSLecture 7 Web Services JAX-WS & JAX-RS
Lecture 7 Web Services JAX-WS & JAX-RS
Fahad Golra
 
Using Java to implement SOAP Web Services: JAX-WS
Using Java to implement SOAP Web Services: JAX-WS�Using Java to implement SOAP Web Services: JAX-WS�
Using Java to implement SOAP Web Services: JAX-WS
Katrien Verbert
 
Angularjs & REST
Angularjs & RESTAngularjs & REST
Angularjs & REST
Corley S.r.l.
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2
 
ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
Tiago Knoch
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
Obaidur (OB) Rashid
 
Networked APIs with swift
Networked APIs with swiftNetworked APIs with swift
Networked APIs with swift
Tim Burks
 

Contenu connexe

Tendances

JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter LehtoJavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
Spring Boot & WebSocket
Spring Boot & WebSocketSpring Boot & WebSocket
Spring Boot & WebSocket
Ming-Ying Wu
 
Content-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache SlingContent-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache Sling
Fabrice Hong
 
Using Java to implement SOAP Web Services: JAX-WS
Using Java to implement SOAP Web Services: JAX-WS�Using Java to implement SOAP Web Services: JAX-WS�
Using Java to implement SOAP Web Services: JAX-WS
Katrien Verbert
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2
 

Tendances (19)

Dropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stackDropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stack
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with Spring
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
 
Building Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET Core
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
 
Android and REST
Android and RESTAndroid and REST
Android and REST
 
The Past Year in Spring for Apache Geode
The Past Year in Spring for Apache GeodeThe Past Year in Spring for Apache Geode
The Past Year in Spring for Apache Geode
 
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter LehtoJavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
 
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLEREST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
 
Spring Boot & WebSocket
Spring Boot & WebSocketSpring Boot & WebSocket
Spring Boot & WebSocket
 
Spring 4 Web App
Spring 4 Web AppSpring 4 Web App
Spring 4 Web App
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Content-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache SlingContent-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache Sling
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
 
Lecture 7 Web Services JAX-WS & JAX-RS
Lecture 7 Web Services JAX-WS & JAX-RSLecture 7 Web Services JAX-WS & JAX-RS
Lecture 7 Web Services JAX-WS & JAX-RS
 
Using Java to implement SOAP Web Services: JAX-WS
Using Java to implement SOAP Web Services: JAX-WS�Using Java to implement SOAP Web Services: JAX-WS�
Using Java to implement SOAP Web Services: JAX-WS
 
Angularjs & REST
Angularjs & RESTAngularjs & REST
Angularjs & REST
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
 

Similaire à Rest with Spring

Restful web services rule financial
Restful web services rule financialRestful web services rule financial
Restful web services rule financial
Rule_Financial
 
nguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-servicenguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-service
hazzaz
 
Embrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web APIEmbrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web API
Filip W
 

Similaire à Rest with Spring (20)

ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
Networked APIs with swift
Networked APIs with swiftNetworked APIs with swift
Networked APIs with swift
 
REST APIs
REST APIsREST APIs
REST APIs
 
Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
 
Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5
 
Restful web services rule financial
Restful web services rule financialRestful web services rule financial
Restful web services rule financial
 
RESTful API-centric Universe
RESTful API-centric UniverseRESTful API-centric Universe
RESTful API-centric Universe
 
nguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-servicenguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-service
 
Apitesting.pptx
Apitesting.pptxApitesting.pptx
Apitesting.pptx
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
 
Design Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John HardyDesign Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John Hardy
 
Embrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web APIEmbrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web API
 
Best Practices in Api Design
Best Practices in Api DesignBest Practices in Api Design
Best Practices in Api Design
 
Rest api titouan benoit
Rest api titouan benoitRest api titouan benoit
Rest api titouan benoit
 
Apex REST
Apex RESTApex REST
Apex REST
 
Web api
Web apiWeb api
Web api
 
Cloud Side: REST APIs - Best practices
Cloud Side: REST APIs - Best practicesCloud Side: REST APIs - Best practices
Cloud Side: REST APIs - Best practices
 
Building Restful Applications Using Php
Building Restful Applications Using PhpBuilding Restful Applications Using Php
Building Restful Applications Using Php
 

Dernier

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Rest with Spring

  • 1. REST with Spring BJUG 6 @IBM Eugen Paraschiv
  • 2. Overview ● Why REST? ● RESTful Constraints and Guidelines ● REST via Spring MVC ● Persistence with Spring Data ● Testing of a RESTful Service ● Q&A
  • 3. Why REST ● REST is a set of Constraints (it's not the only one) ● Minimize Coupling between Client and Server ● Update the Server frequently without updating the Clients (no control over them) ● Support for many different types of Clients ● Scaling becomes easy(er)
  • 4. The Four Levels of HTTP APIs - I, II Level I. SOAP (Flickr SOAP API, Google AdSense API) - WSDL describes the interface at design time - no Resources are identified by URI - only Service Endpoints - no difference between Resource and Representation - HTTP treated as transport - no use of HTTP semantics Level II. RPC (Amazon SimpleDB, Flickr 'REST' API) + the API exposes Resources (often corresponding to the application models) - operations are done via actions in the URIs - the URI space is known at design time (ex. /post/make_new) - operations, failure codes are application specific - HTTP treated as transport - no use of HTTP semantics
  • 5. The Four Levels of HTTP APIs - III Level III. HTTP (Twitter API) + Resources are exposed and identified by URIs + Resources are manipulated via Representations + HTTP semantics used correctly, use of generic media types (e.g. application/xml) - message semantics only known to Client and Server but not intermediaries - Client and Server are coupled by original design - application state machine is known at design time - assumptions about available representations and transitions are hard-coded
  • 6. The Four Levels of HTTP APIs - IV Level IV. REST (Atom Pub, OpenSearch) + service description comes in the form of media type (and link relations) specifications + Client only knows entry bookmark (the Root URI) and media types and no specifics about the particular service + Client proceeds through application by looking at one response at a time, each time evaluating how best to proceed given its overall goal and the available transitions + Methods to use are known from media type (and link relations) specifications or selected at runtime based on forms (form semantics known from media type specifications)
  • 7. REST SEC project WHERE - @github - https://github.com/eugenp/REST WHY - Reference Spring implementation of a REST Service - Identity Management Solution as a Service HOW - REST/web: Spring 3.1.x - Marshalling: Jackson 2.x (for JSON) and XStream (for XML) - Persistence: Spring Data JPA and Hibernate 4.1.x - Testing: Junit, Hamcrest, Mockito, rest-assured, RestTemplate (Apache HTTP Client)
  • 8. RESTful Constraints - I. Stateless "Each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. Session state is therefore kept entirely on the client" In Short - no sessions, no cookies - each request should contain it's authentication credentials With Spring Security <http create-session="stateless" ... >
  • 9. RESTful Constraints - II. Cache ● Caching is on the Client side ● Goal of Client side Caching - partially or completely eliminate interactions with the Server ● HTTP Caching options: ● ETag/If-None-Match ● Last-Modified/If-Modified-Since
  • 10. III. Caching - ETag - example - ex: first, retrieve a Privilege resource: curl -H "Accept: application/json" -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Last-Modified: Fri, 05 Oct 2012 11:36:33 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 52 Date: Fri, 05 Oct 2012 11:36:33 GMT
  • 11. III. Caching - ETags - example (cont) - next, use the etag value from the previous response to retrieve the Privilege resource again: curl -H "Accept: application/json" -H 'If-None-Match: "f88dd058fe004909615a64f01be66a7"' -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Date: Fri, 05 Oct 2012 11:37:55 GMT
  • 12. REST Constraint - III. Uniform Interface Uniform Interface Constraints 1. Identification of Resources 2. Manipulation of Resources through Representations 3. Self-descriptive Messages 4. Hypermedia As The Engine Of Application State (HATEOAS)
  • 13. III.1. Identification of Resources - Spring MVC For a sample foo resource: - the Controller @Controller @RequestMapping(value = "foos") public class FooController{ ... } - retrieve by id: GET api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.GET) public Foo findOne(@PathVariable("id") Long id){...} - search: GET api/foos?q=query @RequestMapping(params = {"q"}, method = RequestMethod.GET) public List<Foo> search(@RequestParam("q") String query){...}
  • 14. III.1. Identification of Resources - Spring MVC (cont) - create single (update the collection): POST api/foos @RequestMapping(method = RequestMethod.POST) @ResponseStatus(HttpStatus.CREATED) public void create(@RequestBody Foo resource) {...} - update/override PUT api/foos/id @RequestMapping(method = RequestMethod.PUT) @ResponseStatus(HttpStatus.OK) public void update(@RequestBody Foo resource) { ... } - delete: DELETE api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) @ResponseStatus(HttpStatus.NO_CONTENT) public void delete(@PathVariable("id") Long id) { ... }
  • 15. REST Constraint - III. Uniform Interface Supported Representations: - JSON - application/json - XML - application/xml - future: ATOM All read operations will perform Content Negotiation when the Accept header is set on the request All write operations supports the Content-Type header to be set on the request
  • 16. Spring MVC - the Controller/Web Layer Simple Responsibilities: - mapping of URIs - Marshalling/Unmarshalling of Resource Representations (implicit) - Translation of Exceptions to HTTP Status Codes
  • 17. REST Constraint - III. Uniform Interface - HATEOAS - Discoverability at the root - the Create operation - making use of `rel` - Advanced Topics: custom Mime Types, HAL
  • 18. Persistence Layer - Spring Data - DAO only with interfaces - no implementations public interface IUserJpaDAO extends JpaRepository<User, Long> { … } - define a new, simple method: List<User> findByLastname(String lastname); List<User> findByEmailAddressAndLastname(String emailAddress, String lastname); - flexibility to use @Query @Query("select u from User u where u.emailAddress = ?1") User findByEmailAddress(String emailAddress);
  • 19. Persistence Layer - Spring Data ● Pagination Page<User> findByFirstname(String firstname, Pageable pageable); ● Sorting List<User> findByLastname(String lastname, Sort sort);
  • 20. Persistence Layer - Spring Data Other out of the box features - support for: ● Audit: create date, created by, last update date, last updated by ● Advanced Persistence APIs: QueryDSL, JPA 2 Specifications
  • 21. Transactional Semantics - the API Layer Strategy ● the Controller layer is the transactional owner ● the Service layer contains no transactional semantics ● there are no self-invocations or inter- invocations in the Controller layer - each invocation is a client call
  • 22. Testing of a REST Service ● Live Tests: testing the deployed RESTful service ○ each RESTful service has a corresponding production API and a testing API ○ high level testing is done via the production API ○ lower level testing is done via the testing API ● Integration tests: business, persistence ● Unit tests
  • 23. Testing - High Level Live Test (over REST) @Test public void givenResourceExists_whenResourceIsRetrievedByName_thenResourceIsFound() { // Given T existingResource = api.create(createNewEntity()); // When T resourceByName = api.findByName(existingResource.getName()); // Then assertNotNull(resourceByName); }
  • 24. Testing - Low Level Live Test (over REST) @Test public void givenInvalidResource_whenResourceIsUpdated_then409ConflictIsReceived() { // Given User existingUser = RestAssured.given().auth().preemptive().basic (username, password).contentType("application/json").body(resourceAsJson). post(uri).as(User.class); existingUser.setName(null); // When Response updateResponse = RestAssured.given().auth().preemptive(). basic(username, password).contentType("application/json").body (existingUser).put(uri); // Then assertThat(updateResponse.getStatusCode(), is(409)); }
  • 25. Security Concerns - Basic and Digest Authentication with Spring Security ON THE SAME URI (similar to Content Negotiation): ● Authorization: Basic ... ● Authorization: Digest ...