SlideShare a Scribd company logo
1 of 21
Download to read offline
ARCHITECTURE

Dienstag, 11. Februar 14
FROM PRESENTATION TO
SERVICE LAYER

Dienstag, 11. Februar 14
OLD STYLE PRESENTATION LAYER
Server

Browser

GET /index.html HTTP/1.1

200/OK (HTML)
GET /contacts-table.html HTTP/1.1

render
markup

200/OK (HTML)
POST /servlet/contacts HTTP/1.1

200/OK (HTML)

Dienstag, 11. Februar 14

render
markup
DATA CENTRIC SERVICE LAYER
Browser

Server

GET /index.html HTTP/1.1

200/OK (HTML)

GET /api/contacts HTTP/1.1
render
markup

200/OK (JSON)

PUT /api/contacts/12 HTTP/1.1
render
markup

Dienstag, 11. Februar 14

200/OK (JSON)
WHERE ARE WE HEADING TO ?
Browser

Server

GET /index.html HTTP/1.1

200/OK (HTML)
GET /contacts-table.html HTTP/1.1

200/OK (HTML)

ts !
cke
o

ws://future.now/ws

S

eb
W

render
markup

Dienstag, 11. Februar 14

PUT /api/contacts/12 HTTP/1.1

200/OK (JSON)

render
markup
REST AND CRUD

Dienstag, 11. Februar 14
JAX-RS
@GET
@Produces("application/json")
public Collection<ToDo> getAll() throws ServiceException {
...
}
@GET
@Path("/{uuid}")
@Produces("application/json")
public ToDo get(@PathParam("uuid")String id) throws
ServiceException {
...
}
@PUT
@Consumes("application/json")
@Produces("application/json")
public ToDo createToDo(ToDo toDo) throws ServiceException {
...
}
Dienstag, 11. Februar 14
CORS
CROSS ORIGIN RESOURCE SHARING

Dienstag, 11. Februar 14
PREFLIGHT REQUEST
curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo
> OPTIONS /baas/api/todo HTTP/1.1
...
< HTTP/1.1 200 OK
< X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2
Java/Apple Inc./1.6)
< Server: GlassFish Server Open Source Edition 3.1.2.2
< Allow: OPTIONS,GET,HEAD,PUT
< Last-modified: Do, 15 Aug 2013 00:26:54 MESZ
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE
< Access-Control-Allow-Headers: content-type,authorization,x-requested-with
< Access-Control-Max-Age: 1728000
< Content-Type: application/vnd.sun.wadl+xml
< Content-Length: 1642
< Date: Wed, 14 Aug 2013 22:44:55 GMT
<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<application xmlns="http://wadl.dev.java.net/2009/02">
...
</application>

Dienstag, 11. Februar 14
CORS
Browser

Server of origin

Service provider

GET /index.html HTTP/1.1

200/OK (HTML)

!
est
qu

pr

ht re
eflig

OPTIONS /api/contacts HTTP/1.1

200/OK (WADL)

GET /api/contacts HTTP/1.1
render
markup

Dienstag, 11. Februar 14

200/OK (JSON)
SETTING CORS HEADERS
JEE WebFilter (Glassfish 4.0)
@WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"})
public class CorsFilter implements Filter {
private void doBeforeProcessing(ServletRequest request, ServletResponse response)
throws IOException, ServletException {
final HttpServletResponse httpResponse = (HttpServletResponse)response;
httpResponse.addHeader("Access-Control-Allow-Origin", "*");
httpResponse.addHeader("Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE, OPTIONS");
httpResponse.addHeader("Access-Control-Allow-Headers",
"x-requested-with, accept, origin, authorization");
httpResponse.addHeader("Access-Control-Max-Age", "1728000");

}

}
... // netbeans default Filter pattern

Dienstag, 11. Februar 14
CORS
curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo
< HTTP/1.1 200 OK
< X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2
Java/Apple Inc./1.6)
< Server: GlassFish Server Open Source Edition 3.1.2.2
< Allow: OPTIONS,GET,HEAD,PUT
< Last-modified: Do, 15 Aug 2013 00:26:54 MESZ
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE
< Access-Control-Allow-Headers: content-type,authorization,x-requested-with
< Access-Control-Max-Age: 1728000
< Content-Type: application/vnd.sun.wadl+xml
< Content-Length: 1642
< Date: Wed, 14 Aug 2013 22:44:55 GMT
<
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<application xmlns="http://wadl.dev.java.net/2009/02">
...
</application>

Dienstag, 11. Februar 14
WADL
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<application xmlns="http://wadl.dev.java.net/2009/02">
<resources base="https://localhost:8181/baas/api/">
<resource path="todo">
<method id="createToDo" name="PUT">
<request>
<representation mediaType="application/json"/>
</request>
<response>
<representation mediaType="application/json"/>
</response>
</method>
...
</resource>
</resources>
</application>

Dienstag, 11. Februar 14
AUTHENTICATION

Dienstag, 11. Februar 14
WEB.XML
<security-constraint>
<display-name>REST API</display-name>
<web-resource-collection>
<web-resource-name>web-api</web-resource-name>
<url-pattern>/api/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
S
<transport-guarantee>CONFIDENTIAL</transport-guarantee> HTTP
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method> uth
a
<realm-name>file</realm-name>basic
</login-config>
<security-role>
<role-name>user</role-name>
</security-role>
Dienstag, 11. Februar 14
HTTPS AND BASIC AUTH
• + easy to implement
• - password is sent on every request
• (- browser stores credentials for session)
• (- browser may store creds permanently)
• corporate proxies
• not for really sensitive data
Dienstag, 11. Februar 14
BASIC AUTHENTICATION
curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo
> GET /baas/api/todo HTTP/1.1
...
<
<
<
<
<
<
<
<
<
<
<

HTTP/1.1 401 Unauthorized
X-Powered-By: Servlet/3.0 JSP/2.2 [...]
Server: GlassFish Server Open Source Edition 3.1.2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 01:00:00 CET
WWW-Authenticate: Basic realm="file"
Content-Type: text/html
Content-Length: 1073
Date: Wed, 14 Aug 2013 23:33:48 GMT

Dienstag, 11. Februar 14
BASIC AUTHENTICATION

curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo
>
>
>
>
>
>

GET /baas/api/todo HTTP/1.1
Authorization: Basic bWFyYzpnZWhlaW0=
User-Agent: ...
Host: localhost:8181
Accept: */*

< HTTP/1.1 200 OK

Dienstag, 11. Februar 14
EXERCISES

ecture/baas-gf
~/ws/05-Archit
~/ws/05-Architecture/jquery-rest
Dienstag, 11. Februar 14
HTTPS AND FORM AUTH
• auth method form in web.xml
• credential sent only once (+)
• SSO (+)
• corporate proxies (-)
Dienstag, 11. Februar 14
SETTING CORS HEADERS
Jersey (eg. Jersey/Tomcat)
public class CrossOriginResourceSharingFilter
implements ContainerResponseFilter {
@Override
public ContainerResponse filter(
ContainerRequest request, ContainerResponse response) {

}

}

Dienstag, 11. Februar 14

response.getHttpHeaders().putSingle(
"Access-Control-Allow-Origin", "*");
response.getHttpHeaders().putSingle(
"Access-Control-Allow-Methods",
"GET, POST, PUT, DELETE");
response.getHttpHeaders().putSingle(
"Access-Control-Allow-Headers",
"content-type,authorization,x-requested-with");
response.getHttpHeaders().putSingle(
"Access-Control-Max-Age",
"3600");
return response;

More Related Content

What's hot

WSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayWSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayProfesia Srl, Lynx Group
 
Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!jfarcand
 
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)PROIDEA
 
Cache is king
Cache is kingCache is king
Cache is kingedrone
 
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Amitesh Madhur
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTPradeep Mishra
 
WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.bodokaiser
 
Building Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsBuilding Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsSergi Almar i Graupera
 
Node worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioNode worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioCaesar Chi
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCLFastly
 
Getting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsGetting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsArun Gupta
 
Getting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaGetting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaArun Gupta
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integrationOleksandr Semenov
 
Service worker: discover the next web game changer
Service worker: discover the next web game changerService worker: discover the next web game changer
Service worker: discover the next web game changerSandro Paganotti
 
Pandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS
 

What's hot (20)

WSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayWSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - Microgateway
 
Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!
 
Dancing with websocket
Dancing with websocketDancing with websocket
Dancing with websocket
 
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
 
Web sockets
Web socketsWeb sockets
Web sockets
 
Cache is king
Cache is kingCache is king
Cache is king
 
Cache is the king
Cache is the kingCache is the king
Cache is the king
 
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured REST
 
WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.
 
Building Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsBuilding Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSockets
 
Presentation (PPT)
Presentation (PPT)Presentation (PPT)
Presentation (PPT)
 
Node worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioNode worshop Realtime - Socket.io
Node worshop Realtime - Socket.io
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCL
 
Android and REST
Android and RESTAndroid and REST
Android and REST
 
Getting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsGetting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent Events
 
Getting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaGetting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in Java
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integration
 
Service worker: discover the next web game changer
Service worker: discover the next web game changerService worker: discover the next web game changer
Service worker: discover the next web game changer
 
Pandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS: Sun One webserver
Pandora FMS: Sun One webserver
 

Viewers also liked

Viewers also liked (14)

p2p
p2pp2p
p2p
 
Hadoop map reduce data flow
Hadoop map reduce data flowHadoop map reduce data flow
Hadoop map reduce data flow
 
Map reduce
Map reduceMap reduce
Map reduce
 
Statistical Significance | Statistics
Statistical Significance | StatisticsStatistical Significance | Statistics
Statistical Significance | Statistics
 
FTP Client and Server | Computer Science
FTP Client and Server | Computer ScienceFTP Client and Server | Computer Science
FTP Client and Server | Computer Science
 
Ad hoc networks
Ad hoc networksAd hoc networks
Ad hoc networks
 
Networking
NetworkingNetworking
Networking
 
Client server architecture
Client server architectureClient server architecture
Client server architecture
 
Lecture 5 6 .ad hoc network
Lecture 5 6 .ad hoc networkLecture 5 6 .ad hoc network
Lecture 5 6 .ad hoc network
 
Density Function | Statistics
Density Function | StatisticsDensity Function | Statistics
Density Function | Statistics
 
Client server architecture
Client server architectureClient server architecture
Client server architecture
 
Ad-Hoc Networks
Ad-Hoc NetworksAd-Hoc Networks
Ad-Hoc Networks
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc Networks
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer network
 

Similar to Modern web application network architecture

HTTP Caching in Web Application
HTTP Caching in Web ApplicationHTTP Caching in Web Application
HTTP Caching in Web ApplicationMartins Sipenko
 
Cake fest 2012 create a restful api
Cake fest 2012 create a restful apiCake fest 2012 create a restful api
Cake fest 2012 create a restful apiceeram
 
HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?Alessandro Nadalin
 
An introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOsAn introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOsTom Anthony
 
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...Distilled
 
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023Thijs Feryn
 
I got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't oneI got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't oneAdrian Cole
 
Adriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talkaldur999
 
RESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSRESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSCarol McDonald
 
REST and Web API
REST and Web APIREST and Web API
REST and Web APIIT Weekend
 
An introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applicationsAn introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applicationsmrdon
 
Construindo APIs Usando Rails
Construindo APIs Usando RailsConstruindo APIs Usando Rails
Construindo APIs Usando RailsFernando Kakimoto
 
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK -  Nicola Iarocci - Co...RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK -  Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...Codemotion
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and PythonPiXeL16
 

Similar to Modern web application network architecture (20)

HTTP Caching in Web Application
HTTP Caching in Web ApplicationHTTP Caching in Web Application
HTTP Caching in Web Application
 
Cake fest 2012 create a restful api
Cake fest 2012 create a restful apiCake fest 2012 create a restful api
Cake fest 2012 create a restful api
 
Introduction HTTP via cURL
Introduction HTTP via cURLIntroduction HTTP via cURL
Introduction HTTP via cURL
 
HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?
 
Cors michael
Cors michaelCors michael
Cors michael
 
An introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOsAn introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOs
 
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
 
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
 
I got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't oneI got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't one
 
RESTful design
RESTful designRESTful design
RESTful design
 
Adriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talk
 
RESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSRESTful Web Services with JAX-RS
RESTful Web Services with JAX-RS
 
Oredev 2009 JAX-RS
Oredev 2009 JAX-RSOredev 2009 JAX-RS
Oredev 2009 JAX-RS
 
REST and Web API
REST and Web APIREST and Web API
REST and Web API
 
REST and Web API
REST and Web APIREST and Web API
REST and Web API
 
An introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applicationsAn introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applications
 
Construindo APIs Usando Rails
Construindo APIs Usando RailsConstruindo APIs Usando Rails
Construindo APIs Usando Rails
 
Rest
RestRest
Rest
 
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK -  Nicola Iarocci - Co...RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK -  Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and Python
 

More from Marc Bächinger

Introduction to web components
Introduction to web componentsIntroduction to web components
Introduction to web componentsMarc Bächinger
 
Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)Marc Bächinger
 

More from Marc Bächinger (9)

Introduction to web components
Introduction to web componentsIntroduction to web components
Introduction to web components
 
High-Quality JavaScript
High-Quality JavaScriptHigh-Quality JavaScript
High-Quality JavaScript
 
HTML5 unplugged
HTML5 unpluggedHTML5 unplugged
HTML5 unplugged
 
JavaScript toolchain
JavaScript toolchainJavaScript toolchain
JavaScript toolchain
 
JQuery primer
JQuery primerJQuery primer
JQuery primer
 
With your bare hands
With your bare handsWith your bare hands
With your bare hands
 
Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)
 
Jax-rs-js Tutorial
Jax-rs-js TutorialJax-rs-js Tutorial
Jax-rs-js Tutorial
 
Html5 communication
Html5 communicationHtml5 communication
Html5 communication
 

Recently uploaded

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Recently uploaded (20)

Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

Modern web application network architecture

  • 2. FROM PRESENTATION TO SERVICE LAYER Dienstag, 11. Februar 14
  • 3. OLD STYLE PRESENTATION LAYER Server Browser GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 render markup 200/OK (HTML) POST /servlet/contacts HTTP/1.1 200/OK (HTML) Dienstag, 11. Februar 14 render markup
  • 4. DATA CENTRIC SERVICE LAYER Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /api/contacts HTTP/1.1 render markup 200/OK (JSON) PUT /api/contacts/12 HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • 5. WHERE ARE WE HEADING TO ? Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 200/OK (HTML) ts ! cke o ws://future.now/ws S eb W render markup Dienstag, 11. Februar 14 PUT /api/contacts/12 HTTP/1.1 200/OK (JSON) render markup
  • 6. REST AND CRUD Dienstag, 11. Februar 14
  • 7. JAX-RS @GET @Produces("application/json") public Collection<ToDo> getAll() throws ServiceException { ... } @GET @Path("/{uuid}") @Produces("application/json") public ToDo get(@PathParam("uuid")String id) throws ServiceException { ... } @PUT @Consumes("application/json") @Produces("application/json") public ToDo createToDo(ToDo toDo) throws ServiceException { ... } Dienstag, 11. Februar 14
  • 8. CORS CROSS ORIGIN RESOURCE SHARING Dienstag, 11. Februar 14
  • 9. PREFLIGHT REQUEST curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo > OPTIONS /baas/api/todo HTTP/1.1 ... < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • 10. CORS Browser Server of origin Service provider GET /index.html HTTP/1.1 200/OK (HTML) ! est qu pr ht re eflig OPTIONS /api/contacts HTTP/1.1 200/OK (WADL) GET /api/contacts HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • 11. SETTING CORS HEADERS JEE WebFilter (Glassfish 4.0) @WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"}) public class CorsFilter implements Filter { private void doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse)response; httpResponse.addHeader("Access-Control-Allow-Origin", "*"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpResponse.addHeader("Access-Control-Allow-Headers", "x-requested-with, accept, origin, authorization"); httpResponse.addHeader("Access-Control-Max-Age", "1728000"); } } ... // netbeans default Filter pattern Dienstag, 11. Februar 14
  • 12. CORS curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • 13. WADL <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> <resources base="https://localhost:8181/baas/api/"> <resource path="todo"> <method id="createToDo" name="PUT"> <request> <representation mediaType="application/json"/> </request> <response> <representation mediaType="application/json"/> </response> </method> ... </resource> </resources> </application> Dienstag, 11. Februar 14
  • 16. HTTPS AND BASIC AUTH • + easy to implement • - password is sent on every request • (- browser stores credentials for session) • (- browser may store creds permanently) • corporate proxies • not for really sensitive data Dienstag, 11. Februar 14
  • 17. BASIC AUTHENTICATION curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo > GET /baas/api/todo HTTP/1.1 ... < < < < < < < < < < < HTTP/1.1 401 Unauthorized X-Powered-By: Servlet/3.0 JSP/2.2 [...] Server: GlassFish Server Open Source Edition 3.1.2.2 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET WWW-Authenticate: Basic realm="file" Content-Type: text/html Content-Length: 1073 Date: Wed, 14 Aug 2013 23:33:48 GMT Dienstag, 11. Februar 14
  • 18. BASIC AUTHENTICATION curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo > > > > > > GET /baas/api/todo HTTP/1.1 Authorization: Basic bWFyYzpnZWhlaW0= User-Agent: ... Host: localhost:8181 Accept: */* < HTTP/1.1 200 OK Dienstag, 11. Februar 14
  • 20. HTTPS AND FORM AUTH • auth method form in web.xml • credential sent only once (+) • SSO (+) • corporate proxies (-) Dienstag, 11. Februar 14
  • 21. SETTING CORS HEADERS Jersey (eg. Jersey/Tomcat) public class CrossOriginResourceSharingFilter implements ContainerResponseFilter { @Override public ContainerResponse filter( ContainerRequest request, ContainerResponse response) { } } Dienstag, 11. Februar 14 response.getHttpHeaders().putSingle( "Access-Control-Allow-Origin", "*"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Headers", "content-type,authorization,x-requested-with"); response.getHttpHeaders().putSingle( "Access-Control-Max-Age", "3600"); return response;