SlideShare a Scribd company logo
1 of 27
Download to read offline
REST with Spring
    BJUG 6 @IBM

            Eugen Paraschiv
Overview
● Why REST?

● RESTful Constraints and Guidelines

● REST via Spring MVC

● Persistence with Spring Data

● Testing of a RESTful Service

● Q&A
Why REST
● REST is a set of Constraints (it's not the only
  one)
● Minimize Coupling between Client and
  Server
● Update the Server frequently without
  updating the Clients (no control over them)
● Support for many different types of Clients
● Scaling becomes easy(er)
The Four Levels of HTTP APIs - I, II
Level I. SOAP (Flickr SOAP API, Google AdSense API)
- WSDL describes the interface at design time
- no Resources are identified by URI - only Service Endpoints
- no difference between Resource and Representation
- HTTP treated as transport - no use of HTTP semantics


Level II. RPC (Amazon SimpleDB, Flickr 'REST' API)
+ the API exposes Resources (often corresponding to the application models)
- operations are done via actions in the URIs - the URI space is known at
design time (ex. /post/make_new)
- operations, failure codes are application specific
- HTTP treated as transport - no use of HTTP semantics
The Four Levels of HTTP APIs - III
Level III. HTTP (Twitter API)
+ Resources are exposed and identified by URIs
+ Resources are manipulated via Representations
+ HTTP semantics used correctly, use of generic media types (e.g.
application/xml)
- message semantics only known to Client and Server but not intermediaries -
Client and Server are coupled by original design
- application state machine is known at design time - assumptions about
available representations and transitions are hard-coded
The Four Levels of HTTP APIs - IV
Level IV. REST (Atom Pub, OpenSearch)
+ service description comes in the form of media type (and link relations)
specifications
+ Client only knows entry bookmark (the Root URI) and media types and no
specifics about the particular service
+ Client proceeds through application by looking at one response at a time,
each time evaluating how best to proceed given its overall goal and the
available transitions
+ Methods to use are known from media type (and link relations) specifications
or selected at runtime based on forms (form semantics known from media type
specifications)
REST SEC project
WHERE
- @github - https://github.com/eugenp/REST


WHY
- Reference Spring implementation of a REST Service
- Identity Management Solution as a Service


HOW
- REST/web: Spring 3.1.x
- Marshalling: Jackson 2.x (for JSON) and XStream (for XML)
- Persistence: Spring Data JPA and Hibernate 4.1.x
- Testing: Junit, Hamcrest, Mockito, rest-assured, RestTemplate (Apache
HTTP Client)
RESTful Constraints - I. Stateless
"Each request from client to server must contain all of the information
necessary to understand the request, and cannot take advantage of any stored
context on the server. Session state is therefore kept entirely on the client"



In Short
- no sessions, no cookies
- each request should contain it's authentication credentials

With Spring Security
<http create-session="stateless" ... >
RESTful Constraints - II. Cache
● Caching is on the Client side
● Goal of Client side Caching - partially or
  completely eliminate interactions with the
  Server
● HTTP Caching options:
  ● ETag/If-None-Match
  ● Last-Modified/If-Modified-Since
III. Caching - ETag - example
- ex: first, retrieve a Privilege resource:

curl -H "Accept: application/json" -i http://localhost:
8080/rest-sec/api/privileges/1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Link: <http://localhost:8080/rest-sec/api/privileges>;
rel="collection"
ETag: "f88dd058fe004909615a64f01be66a7"
Last-Modified: Fri, 05 Oct 2012 11:36:33 GMT
Content-Type: application/json;charset=UTF-8
Content-Length: 52
Date: Fri, 05 Oct 2012 11:36:33 GMT
III. Caching - ETags - example (cont)
- next, use the etag value from the previous response to
retrieve the Privilege resource again:
curl -H "Accept: application/json" -H 'If-None-Match:
"f88dd058fe004909615a64f01be66a7"' -i http://localhost:
8080/rest-sec/api/privileges/1

HTTP/1.1 304 Not Modified
Server: Apache-Coyote/1.1
Link: <http://localhost:8080/rest-sec/api/privileges>;
rel="collection"
ETag: "f88dd058fe004909615a64f01be66a7"
Date: Fri, 05 Oct 2012 11:37:55 GMT
REST Constraint - III. Uniform
Interface
Uniform Interface Constraints
1. Identification of Resources
2. Manipulation of Resources through Representations
3. Self-descriptive Messages
4. Hypermedia As The Engine Of Application State
(HATEOAS)
III.1. Identification of Resources -
Spring MVC
For a sample foo resource:
- the Controller
@Controller
@RequestMapping(value = "foos")
public class FooController{ ... }



- retrieve by id: GET api/foos/id
@RequestMapping(value = "/{id}", method = RequestMethod.GET)
public Foo findOne(@PathVariable("id") Long id){...}



- search: GET api/foos?q=query
@RequestMapping(params = {"q"}, method = RequestMethod.GET)
public List<Foo> search(@RequestParam("q") String query){...}
III.1. Identification of Resources -
Spring MVC (cont)
- create single (update the collection): POST api/foos
@RequestMapping(method = RequestMethod.POST)
@ResponseStatus(HttpStatus.CREATED)
public void create(@RequestBody Foo resource) {...}



- update/override PUT api/foos/id
@RequestMapping(method = RequestMethod.PUT)
@ResponseStatus(HttpStatus.OK)
public void update(@RequestBody Foo resource) { ... }



- delete: DELETE api/foos/id
@RequestMapping(value = "/{id}", method = RequestMethod.DELETE)
@ResponseStatus(HttpStatus.NO_CONTENT)
public void delete(@PathVariable("id") Long id) { ... }
REST Constraint - III. Uniform
Interface
Supported Representations:
- JSON - application/json
- XML - application/xml
- future: ATOM

All read operations will perform Content
Negotiation when the Accept header is set on
the request
All write operations supports the Content-Type
header to be set on the request
Spring MVC - the Controller/Web
Layer
Simple Responsibilities:
- mapping of URIs
- Marshalling/Unmarshalling of Resource
Representations (implicit)
- Translation of Exceptions to HTTP Status
Codes
REST Constraint - III. Uniform
Interface - HATEOAS
- Discoverability at the root
- the Create operation
- making use of `rel`
- Advanced Topics: custom Mime Types, HAL
Persistence Layer - Spring Data
- DAO only with interfaces - no implementations
public interface IUserJpaDAO extends JpaRepository<User,
Long> { … }


- define a new, simple method:
List<User> findByLastname(String lastname);
List<User> findByEmailAddressAndLastname(String
emailAddress, String lastname);


- flexibility to use @Query
@Query("select u from User u where u.emailAddress = ?1")
User findByEmailAddress(String emailAddress);
Persistence Layer - Spring Data

● Pagination
Page<User> findByFirstname(String firstname, Pageable
pageable);



● Sorting
List<User> findByLastname(String lastname, Sort sort);
Persistence Layer - Spring Data
Other out of the box features - support for:
● Audit: create date, created by, last update date, last
   updated by
● Advanced Persistence APIs: QueryDSL,
   JPA 2 Specifications
Transactional Semantics
- the API Layer Strategy
● the Controller layer is the transactional
    owner
● the Service layer contains no transactional
    semantics
● there are no self-invocations or inter-
    invocations in the Controller layer - each
    invocation is a client call
Testing of a REST Service
● Live Tests: testing the deployed RESTful
    service
    ○ each RESTful service has a corresponding
        production API and a testing API
    ○ high level testing is done via the production API
    ○ lower level testing is done via the testing API
●   Integration tests: business, persistence

●   Unit tests
Testing - High Level Live Test (over
REST)
@Test
public void
givenResourceExists_whenResourceIsRetrievedByName_thenResourceIsFound() {
    // Given
    T existingResource = api.create(createNewEntity());

    // When
    T resourceByName = api.findByName(existingResource.getName());

    // Then
    assertNotNull(resourceByName);
}
Testing - Low Level Live Test (over
REST)
@Test
public void
givenInvalidResource_whenResourceIsUpdated_then409ConflictIsReceived() {
    // Given
    User existingUser = RestAssured.given().auth().preemptive().basic
(username, password).contentType("application/json").body(resourceAsJson).
post(uri).as(User.class);
    existingUser.setName(null);

    // When
    Response updateResponse = RestAssured.given().auth().preemptive().
basic(username, password).contentType("application/json").body
(existingUser).put(uri);

    // Then
    assertThat(updateResponse.getStatusCode(), is(409));
}
Security Concerns
- Basic and Digest Authentication with Spring
Security ON THE SAME URI (similar to
Content Negotiation):
● Authorization: Basic ...
● Authorization: Digest ...
Conclusion
Questions:
-?
-?
-?
-?
THANKS

More Related Content

What's hot

Dropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stackDropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stackJacek Furmankiewicz
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with SpringJoshua Long
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot IntroductionJeevesh Pandey
 
Building Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreStormpath
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring BootTrey Howard
 
The Past Year in Spring for Apache Geode
The Past Year in Spring for Apache GeodeThe Past Year in Spring for Apache Geode
The Past Year in Spring for Apache GeodeVMware Tanzu
 
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLEREST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLEreneechemel
 
Spring Boot & WebSocket
Spring Boot & WebSocketSpring Boot & WebSocket
Spring Boot & WebSocketMing-Ying Wu
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Mario Cardinal
 
Content-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache SlingContent-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache SlingFabrice Hong
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debateRestlet
 
Lecture 7 Web Services JAX-WS & JAX-RS
Lecture 7   Web Services JAX-WS & JAX-RSLecture 7   Web Services JAX-WS & JAX-RS
Lecture 7 Web Services JAX-WS & JAX-RSFahad Golra
 
Using Java to implement SOAP Web Services: JAX-WS
Using Java to implement SOAP Web Services: JAX-WS�Using Java to implement SOAP Web Services: JAX-WS�
Using Java to implement SOAP Web Services: JAX-WSKatrien Verbert
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2
 

What's hot (19)

Dropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stackDropwizard Spring - the perfect Java REST server stack
Dropwizard Spring - the perfect Java REST server stack
 
Multi Client Development with Spring
Multi Client Development with SpringMulti Client Development with Spring
Multi Client Development with Spring
 
Spring boot Introduction
Spring boot IntroductionSpring boot Introduction
Spring boot Introduction
 
Building Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET CoreBuilding Beautiful REST APIs with ASP.NET Core
Building Beautiful REST APIs with ASP.NET Core
 
Introduction to Spring Boot
Introduction to Spring BootIntroduction to Spring Boot
Introduction to Spring Boot
 
Android and REST
Android and RESTAndroid and REST
Android and REST
 
The Past Year in Spring for Apache Geode
The Past Year in Spring for Apache GeodeThe Past Year in Spring for Apache Geode
The Past Year in Spring for Apache Geode
 
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter LehtoJavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
 
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLEREST Easy with AngularJS - ng-grid CRUD EXAMPLE
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
 
Spring Boot & WebSocket
Spring Boot & WebSocketSpring Boot & WebSocket
Spring Boot & WebSocket
 
Spring 4 Web App
Spring 4 Web AppSpring 4 Web App
Spring 4 Web App
 
Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.Best Practices for Architecting a Pragmatic Web API.
Best Practices for Architecting a Pragmatic Web API.
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Content-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache SlingContent-centric architectures - case study : Apache Sling
Content-centric architectures - case study : Apache Sling
 
The never-ending REST API design debate
The never-ending REST API design debateThe never-ending REST API design debate
The never-ending REST API design debate
 
Lecture 7 Web Services JAX-WS & JAX-RS
Lecture 7   Web Services JAX-WS & JAX-RSLecture 7   Web Services JAX-WS & JAX-RS
Lecture 7 Web Services JAX-WS & JAX-RS
 
Using Java to implement SOAP Web Services: JAX-WS
Using Java to implement SOAP Web Services: JAX-WS�Using Java to implement SOAP Web Services: JAX-WS�
Using Java to implement SOAP Web Services: JAX-WS
 
Angularjs & REST
Angularjs & RESTAngularjs & REST
Angularjs & REST
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected BusinessWSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
 

Similar to Rest with Spring

ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiTiago Knoch
 
Networked APIs with swift
Networked APIs with swiftNetworked APIs with swift
Networked APIs with swiftTim Burks
 
Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Sumy PHP User Grpoup
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterSachin G Kulkarni
 
Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Charlin Agramonte
 
Restful web services rule financial
Restful web services   rule financialRestful web services   rule financial
Restful web services rule financialRule_Financial
 
RESTful API-centric Universe
RESTful API-centric UniverseRESTful API-centric Universe
RESTful API-centric UniverseTihomir Opačić
 
nguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-servicenguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-servicehazzaz
 
Design Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John HardyDesign Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John HardyManageIQ
 
Embrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web APIEmbrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web APIFilip W
 
Rest api titouan benoit
Rest api   titouan benoitRest api   titouan benoit
Rest api titouan benoitTitouan BENOIT
 
Cloud Side: REST APIs - Best practices
Cloud Side: REST APIs - Best practicesCloud Side: REST APIs - Best practices
Cloud Side: REST APIs - Best practicesNicolas FOATA
 
Building Restful Applications Using Php
Building Restful Applications Using PhpBuilding Restful Applications Using Php
Building Restful Applications Using PhpSudheer Satyanarayana
 

Similar to Rest with Spring (20)

ASP.NET Mvc 4 web api
ASP.NET Mvc 4 web apiASP.NET Mvc 4 web api
ASP.NET Mvc 4 web api
 
APITalkMeetupSharable
APITalkMeetupSharableAPITalkMeetupSharable
APITalkMeetupSharable
 
Networked APIs with swift
Networked APIs with swiftNetworked APIs with swift
Networked APIs with swift
 
REST APIs
REST APIsREST APIs
REST APIs
 
Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2Service approach for development Rest API in Symfony2
Service approach for development Rest API in Symfony2
 
REST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in CodeigniterREST API Best Practices & Implementing in Codeigniter
REST API Best Practices & Implementing in Codeigniter
 
Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5Xamarin Workshop Noob to Master – Week 5
Xamarin Workshop Noob to Master – Week 5
 
Restful web services rule financial
Restful web services   rule financialRestful web services   rule financial
Restful web services rule financial
 
RESTful API-centric Universe
RESTful API-centric UniverseRESTful API-centric Universe
RESTful API-centric Universe
 
nguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-servicenguyenhainhathuy-building-restful-web-service
nguyenhainhathuy-building-restful-web-service
 
Apitesting.pptx
Apitesting.pptxApitesting.pptx
Apitesting.pptx
 
ASP.NET WEB API Training
ASP.NET WEB API TrainingASP.NET WEB API Training
ASP.NET WEB API Training
 
Design Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John HardyDesign Summit - RESTful API Overview - John Hardy
Design Summit - RESTful API Overview - John Hardy
 
Embrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web APIEmbrace HTTP with ASP.NET Web API
Embrace HTTP with ASP.NET Web API
 
Best Practices in Api Design
Best Practices in Api DesignBest Practices in Api Design
Best Practices in Api Design
 
Rest api titouan benoit
Rest api   titouan benoitRest api   titouan benoit
Rest api titouan benoit
 
Apex REST
Apex RESTApex REST
Apex REST
 
Web api
Web apiWeb api
Web api
 
Cloud Side: REST APIs - Best practices
Cloud Side: REST APIs - Best practicesCloud Side: REST APIs - Best practices
Cloud Side: REST APIs - Best practices
 
Building Restful Applications Using Php
Building Restful Applications Using PhpBuilding Restful Applications Using Php
Building Restful Applications Using Php
 

Recently uploaded

Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...DianaGray10
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechProduct School
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kitJamie (Taka) Wang
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxSatishbabu Gunukula
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3DianaGray10
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud DataEric D. Schabell
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfInfopole1
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxNeo4j
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1DianaGray10
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNeo4j
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applicationsnooralam814309
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024Brian Pichman
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdfThe Good Food Institute
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTopCSSGallery
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0DanBrown980551
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameKapil Thakar
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.IPLOOK Networks
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4DianaGray10
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInThousandEyes
 

Recently uploaded (20)

Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...Explore the UiPath Community and ways you can benefit on your journey to auto...
Explore the UiPath Community and ways you can benefit on your journey to auto...
 
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - TechWebinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
Webinar: The Art of Prioritizing Your Product Roadmap by AWS Sr PM - Tech
 
20140402 - Smart house demo kit
20140402 - Smart house demo kit20140402 - Smart house demo kit
20140402 - Smart house demo kit
 
Oracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptxOracle Database 23c Security New Features.pptx
Oracle Database 23c Security New Features.pptx
 
UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3UiPath Studio Web workshop Series - Day 3
UiPath Studio Web workshop Series - Day 3
 
3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data3 Pitfalls Everyone Should Avoid with Cloud Data
3 Pitfalls Everyone Should Avoid with Cloud Data
 
Extra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdfExtra-120324-Visite-Entreprise-icare.pdf
Extra-120324-Visite-Entreprise-icare.pdf
 
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptxGraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
GraphSummit Copenhagen 2024 - Neo4j Vision and Roadmap.pptx
 
UiPath Studio Web workshop series - Day 1
UiPath Studio Web workshop series  - Day 1UiPath Studio Web workshop series  - Day 1
UiPath Studio Web workshop series - Day 1
 
Novo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4jNovo Nordisk's journey in developing an open-source application on Neo4j
Novo Nordisk's journey in developing an open-source application on Neo4j
 
Graphene Quantum Dots-Based Composites for Biomedical Applications
Graphene Quantum Dots-Based Composites for  Biomedical ApplicationsGraphene Quantum Dots-Based Composites for  Biomedical Applications
Graphene Quantum Dots-Based Composites for Biomedical Applications
 
CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024CyberSecurity - Computers In Libraries 2024
CyberSecurity - Computers In Libraries 2024
 
2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf2024.03.12 Cost drivers of cultivated meat production.pdf
2024.03.12 Cost drivers of cultivated meat production.pdf
 
Top 10 Squarespace Development Companies
Top 10 Squarespace Development CompaniesTop 10 Squarespace Development Companies
Top 10 Squarespace Development Companies
 
LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0LF Energy Webinar - Unveiling OpenEEMeter 4.0
LF Energy Webinar - Unveiling OpenEEMeter 4.0
 
Flow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First FrameFlow Control | Block Size | ST Min | First Frame
Flow Control | Block Size | ST Min | First Frame
 
Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.Introduction - IPLOOK NETWORKS CO., LTD.
Introduction - IPLOOK NETWORKS CO., LTD.
 
SheDev 2024
SheDev 2024SheDev 2024
SheDev 2024
 
UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4UiPath Studio Web workshop series - Day 4
UiPath Studio Web workshop series - Day 4
 
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedInOutage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
Outage Analysis: March 5th/6th 2024 Meta, Comcast, and LinkedIn
 

Rest with Spring

  • 1. REST with Spring BJUG 6 @IBM Eugen Paraschiv
  • 2. Overview ● Why REST? ● RESTful Constraints and Guidelines ● REST via Spring MVC ● Persistence with Spring Data ● Testing of a RESTful Service ● Q&A
  • 3. Why REST ● REST is a set of Constraints (it's not the only one) ● Minimize Coupling between Client and Server ● Update the Server frequently without updating the Clients (no control over them) ● Support for many different types of Clients ● Scaling becomes easy(er)
  • 4. The Four Levels of HTTP APIs - I, II Level I. SOAP (Flickr SOAP API, Google AdSense API) - WSDL describes the interface at design time - no Resources are identified by URI - only Service Endpoints - no difference between Resource and Representation - HTTP treated as transport - no use of HTTP semantics Level II. RPC (Amazon SimpleDB, Flickr 'REST' API) + the API exposes Resources (often corresponding to the application models) - operations are done via actions in the URIs - the URI space is known at design time (ex. /post/make_new) - operations, failure codes are application specific - HTTP treated as transport - no use of HTTP semantics
  • 5. The Four Levels of HTTP APIs - III Level III. HTTP (Twitter API) + Resources are exposed and identified by URIs + Resources are manipulated via Representations + HTTP semantics used correctly, use of generic media types (e.g. application/xml) - message semantics only known to Client and Server but not intermediaries - Client and Server are coupled by original design - application state machine is known at design time - assumptions about available representations and transitions are hard-coded
  • 6. The Four Levels of HTTP APIs - IV Level IV. REST (Atom Pub, OpenSearch) + service description comes in the form of media type (and link relations) specifications + Client only knows entry bookmark (the Root URI) and media types and no specifics about the particular service + Client proceeds through application by looking at one response at a time, each time evaluating how best to proceed given its overall goal and the available transitions + Methods to use are known from media type (and link relations) specifications or selected at runtime based on forms (form semantics known from media type specifications)
  • 7. REST SEC project WHERE - @github - https://github.com/eugenp/REST WHY - Reference Spring implementation of a REST Service - Identity Management Solution as a Service HOW - REST/web: Spring 3.1.x - Marshalling: Jackson 2.x (for JSON) and XStream (for XML) - Persistence: Spring Data JPA and Hibernate 4.1.x - Testing: Junit, Hamcrest, Mockito, rest-assured, RestTemplate (Apache HTTP Client)
  • 8. RESTful Constraints - I. Stateless "Each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. Session state is therefore kept entirely on the client" In Short - no sessions, no cookies - each request should contain it's authentication credentials With Spring Security <http create-session="stateless" ... >
  • 9. RESTful Constraints - II. Cache ● Caching is on the Client side ● Goal of Client side Caching - partially or completely eliminate interactions with the Server ● HTTP Caching options: ● ETag/If-None-Match ● Last-Modified/If-Modified-Since
  • 10. III. Caching - ETag - example - ex: first, retrieve a Privilege resource: curl -H "Accept: application/json" -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Last-Modified: Fri, 05 Oct 2012 11:36:33 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 52 Date: Fri, 05 Oct 2012 11:36:33 GMT
  • 11. III. Caching - ETags - example (cont) - next, use the etag value from the previous response to retrieve the Privilege resource again: curl -H "Accept: application/json" -H 'If-None-Match: "f88dd058fe004909615a64f01be66a7"' -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Date: Fri, 05 Oct 2012 11:37:55 GMT
  • 12. REST Constraint - III. Uniform Interface Uniform Interface Constraints 1. Identification of Resources 2. Manipulation of Resources through Representations 3. Self-descriptive Messages 4. Hypermedia As The Engine Of Application State (HATEOAS)
  • 13. III.1. Identification of Resources - Spring MVC For a sample foo resource: - the Controller @Controller @RequestMapping(value = "foos") public class FooController{ ... } - retrieve by id: GET api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.GET) public Foo findOne(@PathVariable("id") Long id){...} - search: GET api/foos?q=query @RequestMapping(params = {"q"}, method = RequestMethod.GET) public List<Foo> search(@RequestParam("q") String query){...}
  • 14. III.1. Identification of Resources - Spring MVC (cont) - create single (update the collection): POST api/foos @RequestMapping(method = RequestMethod.POST) @ResponseStatus(HttpStatus.CREATED) public void create(@RequestBody Foo resource) {...} - update/override PUT api/foos/id @RequestMapping(method = RequestMethod.PUT) @ResponseStatus(HttpStatus.OK) public void update(@RequestBody Foo resource) { ... } - delete: DELETE api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) @ResponseStatus(HttpStatus.NO_CONTENT) public void delete(@PathVariable("id") Long id) { ... }
  • 15. REST Constraint - III. Uniform Interface Supported Representations: - JSON - application/json - XML - application/xml - future: ATOM All read operations will perform Content Negotiation when the Accept header is set on the request All write operations supports the Content-Type header to be set on the request
  • 16. Spring MVC - the Controller/Web Layer Simple Responsibilities: - mapping of URIs - Marshalling/Unmarshalling of Resource Representations (implicit) - Translation of Exceptions to HTTP Status Codes
  • 17. REST Constraint - III. Uniform Interface - HATEOAS - Discoverability at the root - the Create operation - making use of `rel` - Advanced Topics: custom Mime Types, HAL
  • 18. Persistence Layer - Spring Data - DAO only with interfaces - no implementations public interface IUserJpaDAO extends JpaRepository<User, Long> { … } - define a new, simple method: List<User> findByLastname(String lastname); List<User> findByEmailAddressAndLastname(String emailAddress, String lastname); - flexibility to use @Query @Query("select u from User u where u.emailAddress = ?1") User findByEmailAddress(String emailAddress);
  • 19. Persistence Layer - Spring Data ● Pagination Page<User> findByFirstname(String firstname, Pageable pageable); ● Sorting List<User> findByLastname(String lastname, Sort sort);
  • 20. Persistence Layer - Spring Data Other out of the box features - support for: ● Audit: create date, created by, last update date, last updated by ● Advanced Persistence APIs: QueryDSL, JPA 2 Specifications
  • 21. Transactional Semantics - the API Layer Strategy ● the Controller layer is the transactional owner ● the Service layer contains no transactional semantics ● there are no self-invocations or inter- invocations in the Controller layer - each invocation is a client call
  • 22. Testing of a REST Service ● Live Tests: testing the deployed RESTful service ○ each RESTful service has a corresponding production API and a testing API ○ high level testing is done via the production API ○ lower level testing is done via the testing API ● Integration tests: business, persistence ● Unit tests
  • 23. Testing - High Level Live Test (over REST) @Test public void givenResourceExists_whenResourceIsRetrievedByName_thenResourceIsFound() { // Given T existingResource = api.create(createNewEntity()); // When T resourceByName = api.findByName(existingResource.getName()); // Then assertNotNull(resourceByName); }
  • 24. Testing - Low Level Live Test (over REST) @Test public void givenInvalidResource_whenResourceIsUpdated_then409ConflictIsReceived() { // Given User existingUser = RestAssured.given().auth().preemptive().basic (username, password).contentType("application/json").body(resourceAsJson). post(uri).as(User.class); existingUser.setName(null); // When Response updateResponse = RestAssured.given().auth().preemptive(). basic(username, password).contentType("application/json").body (existingUser).put(uri); // Then assertThat(updateResponse.getStatusCode(), is(409)); }
  • 25. Security Concerns - Basic and Digest Authentication with Spring Security ON THE SAME URI (similar to Content Negotiation): ● Authorization: Basic ... ● Authorization: Digest ...