Modern web application network architecture
Upcoming SlideShare
Loading in...5
×
 

Modern web application network architecture

on

  • 430 views

Talk about web application architecture for Java web applications targeted to JavaScript single page applications

Talk about web application architecture for Java web applications targeted to JavaScript single page applications

Statistics

Views

Total Views
430
Views on SlideShare
430
Embed Views
0

Actions

Likes
1
Downloads
13
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Modern web application network architecture Modern web application network architecture Presentation Transcript

  • ARCHITECTURE Dienstag, 11. Februar 14
  • FROM PRESENTATION TO SERVICE LAYER Dienstag, 11. Februar 14
  • OLD STYLE PRESENTATION LAYER Server Browser GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 render markup 200/OK (HTML) POST /servlet/contacts HTTP/1.1 200/OK (HTML) Dienstag, 11. Februar 14 render markup
  • DATA CENTRIC SERVICE LAYER Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /api/contacts HTTP/1.1 render markup 200/OK (JSON) PUT /api/contacts/12 HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • WHERE ARE WE HEADING TO ? Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 200/OK (HTML) ts ! cke o ws://future.now/ws S eb W render markup Dienstag, 11. Februar 14 PUT /api/contacts/12 HTTP/1.1 200/OK (JSON) render markup
  • REST AND CRUD Dienstag, 11. Februar 14
  • JAX-RS @GET @Produces("application/json") public Collection<ToDo> getAll() throws ServiceException { ... } @GET @Path("/{uuid}") @Produces("application/json") public ToDo get(@PathParam("uuid")String id) throws ServiceException { ... } @PUT @Consumes("application/json") @Produces("application/json") public ToDo createToDo(ToDo toDo) throws ServiceException { ... } Dienstag, 11. Februar 14
  • CORS CROSS ORIGIN RESOURCE SHARING Dienstag, 11. Februar 14
  • PREFLIGHT REQUEST curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo > OPTIONS /baas/api/todo HTTP/1.1 ... < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • CORS Browser Server of origin Service provider GET /index.html HTTP/1.1 200/OK (HTML) ! est qu pr ht re eflig OPTIONS /api/contacts HTTP/1.1 200/OK (WADL) GET /api/contacts HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • SETTING CORS HEADERS JEE WebFilter (Glassfish 4.0) @WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"}) public class CorsFilter implements Filter { private void doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse)response; httpResponse.addHeader("Access-Control-Allow-Origin", "*"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpResponse.addHeader("Access-Control-Allow-Headers", "x-requested-with, accept, origin, authorization"); httpResponse.addHeader("Access-Control-Max-Age", "1728000"); } } ... // netbeans default Filter pattern Dienstag, 11. Februar 14
  • CORS curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • WADL <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> <resources base="https://localhost:8181/baas/api/"> <resource path="todo"> <method id="createToDo" name="PUT"> <request> <representation mediaType="application/json"/> </request> <response> <representation mediaType="application/json"/> </response> </method> ... </resource> </resources> </application> Dienstag, 11. Februar 14
  • AUTHENTICATION Dienstag, 11. Februar 14
  • WEB.XML <security-constraint> <display-name>REST API</display-name> <web-resource-collection> <web-resource-name>web-api</web-resource-name> <url-pattern>/api/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> S <transport-guarantee>CONFIDENTIAL</transport-guarantee> HTTP </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> uth a <realm-name>file</realm-name>basic </login-config> <security-role> <role-name>user</role-name> </security-role> Dienstag, 11. Februar 14
  • HTTPS AND BASIC AUTH • + easy to implement • - password is sent on every request • (- browser stores credentials for session) • (- browser may store creds permanently) • corporate proxies • not for really sensitive data Dienstag, 11. Februar 14
  • BASIC AUTHENTICATION curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo > GET /baas/api/todo HTTP/1.1 ... < < < < < < < < < < < HTTP/1.1 401 Unauthorized X-Powered-By: Servlet/3.0 JSP/2.2 [...] Server: GlassFish Server Open Source Edition 3.1.2.2 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET WWW-Authenticate: Basic realm="file" Content-Type: text/html Content-Length: 1073 Date: Wed, 14 Aug 2013 23:33:48 GMT Dienstag, 11. Februar 14
  • BASIC AUTHENTICATION curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo > > > > > > GET /baas/api/todo HTTP/1.1 Authorization: Basic bWFyYzpnZWhlaW0= User-Agent: ... Host: localhost:8181 Accept: */* < HTTP/1.1 200 OK Dienstag, 11. Februar 14
  • EXERCISES ecture/baas-gf ~/ws/05-Archit ~/ws/05-Architecture/jquery-rest Dienstag, 11. Februar 14
  • HTTPS AND FORM AUTH • auth method form in web.xml • credential sent only once (+) • SSO (+) • corporate proxies (-) Dienstag, 11. Februar 14
  • SETTING CORS HEADERS Jersey (eg. Jersey/Tomcat) public class CrossOriginResourceSharingFilter implements ContainerResponseFilter { @Override public ContainerResponse filter( ContainerRequest request, ContainerResponse response) { } } Dienstag, 11. Februar 14 response.getHttpHeaders().putSingle( "Access-Control-Allow-Origin", "*"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Headers", "content-type,authorization,x-requested-with"); response.getHttpHeaders().putSingle( "Access-Control-Max-Age", "3600"); return response;