0
ARCHITECTURE

Dienstag, 11. Februar 14
FROM PRESENTATION TO
SERVICE LAYER

Dienstag, 11. Februar 14
OLD STYLE PRESENTATION LAYER
Server

Browser

GET /index.html HTTP/1.1

200/OK (HTML)
GET /contacts-table.html HTTP/1.1

r...
DATA CENTRIC SERVICE LAYER
Browser

Server

GET /index.html HTTP/1.1

200/OK (HTML)

GET /api/contacts HTTP/1.1
render
mar...
WHERE ARE WE HEADING TO ?
Browser

Server

GET /index.html HTTP/1.1

200/OK (HTML)
GET /contacts-table.html HTTP/1.1

200/...
REST AND CRUD

Dienstag, 11. Februar 14
JAX-RS
@GET
@Produces("application/json")
public Collection<ToDo> getAll() throws ServiceException {
...
}
@GET
@Path("/{u...
CORS
CROSS ORIGIN RESOURCE SHARING

Dienstag, 11. Februar 14
PREFLIGHT REQUEST
curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo
> OPTIONS /baas/api/todo HTTP/...
CORS
Browser

Server of origin

Service provider

GET /index.html HTTP/1.1

200/OK (HTML)

!
est
qu

pr

ht re
eflig

OPTI...
SETTING CORS HEADERS
JEE WebFilter (Glassfish 4.0)
@WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"})
public class...
CORS
curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo
< HTTP/1.1 200 OK
< X-Powered-By: Servlet/3...
WADL
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<application xmlns="http://wadl.dev.java.net/2009/02">
<resou...
AUTHENTICATION

Dienstag, 11. Februar 14
WEB.XML
<security-constraint>
<display-name>REST API</display-name>
<web-resource-collection>
<web-resource-name>web-api</...
HTTPS AND BASIC AUTH
• + easy to implement
• - password is sent on every request
• (- browser stores credentials for sessi...
BASIC AUTHENTICATION
curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo
> GET /baas/api/todo HTTP/1.1
....
BASIC AUTHENTICATION

curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo
>
>
>
>
>
>

GE...
EXERCISES

ecture/baas-gf
~/ws/05-Archit
~/ws/05-Architecture/jquery-rest
Dienstag, 11. Februar 14
HTTPS AND FORM AUTH
• auth method form in web.xml
• credential sent only once (+)
• SSO (+)
• corporate proxies (-)
Dienst...
SETTING CORS HEADERS
Jersey (eg. Jersey/Tomcat)
public class CrossOriginResourceSharingFilter
implements ContainerResponse...
Upcoming SlideShare
Loading in...5
×

Modern web application network architecture

622

Published on

Talk about web application architecture for Java web applications targeted to JavaScript single page applications

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
622
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Modern web application network architecture"

  1. 1. ARCHITECTURE Dienstag, 11. Februar 14
  2. 2. FROM PRESENTATION TO SERVICE LAYER Dienstag, 11. Februar 14
  3. 3. OLD STYLE PRESENTATION LAYER Server Browser GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 render markup 200/OK (HTML) POST /servlet/contacts HTTP/1.1 200/OK (HTML) Dienstag, 11. Februar 14 render markup
  4. 4. DATA CENTRIC SERVICE LAYER Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /api/contacts HTTP/1.1 render markup 200/OK (JSON) PUT /api/contacts/12 HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  5. 5. WHERE ARE WE HEADING TO ? Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 200/OK (HTML) ts ! cke o ws://future.now/ws S eb W render markup Dienstag, 11. Februar 14 PUT /api/contacts/12 HTTP/1.1 200/OK (JSON) render markup
  6. 6. REST AND CRUD Dienstag, 11. Februar 14
  7. 7. JAX-RS @GET @Produces("application/json") public Collection<ToDo> getAll() throws ServiceException { ... } @GET @Path("/{uuid}") @Produces("application/json") public ToDo get(@PathParam("uuid")String id) throws ServiceException { ... } @PUT @Consumes("application/json") @Produces("application/json") public ToDo createToDo(ToDo toDo) throws ServiceException { ... } Dienstag, 11. Februar 14
  8. 8. CORS CROSS ORIGIN RESOURCE SHARING Dienstag, 11. Februar 14
  9. 9. PREFLIGHT REQUEST curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo > OPTIONS /baas/api/todo HTTP/1.1 ... < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  10. 10. CORS Browser Server of origin Service provider GET /index.html HTTP/1.1 200/OK (HTML) ! est qu pr ht re eflig OPTIONS /api/contacts HTTP/1.1 200/OK (WADL) GET /api/contacts HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  11. 11. SETTING CORS HEADERS JEE WebFilter (Glassfish 4.0) @WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"}) public class CorsFilter implements Filter { private void doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse)response; httpResponse.addHeader("Access-Control-Allow-Origin", "*"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpResponse.addHeader("Access-Control-Allow-Headers", "x-requested-with, accept, origin, authorization"); httpResponse.addHeader("Access-Control-Max-Age", "1728000"); } } ... // netbeans default Filter pattern Dienstag, 11. Februar 14
  12. 12. CORS curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  13. 13. WADL <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> <resources base="https://localhost:8181/baas/api/"> <resource path="todo"> <method id="createToDo" name="PUT"> <request> <representation mediaType="application/json"/> </request> <response> <representation mediaType="application/json"/> </response> </method> ... </resource> </resources> </application> Dienstag, 11. Februar 14
  14. 14. AUTHENTICATION Dienstag, 11. Februar 14
  15. 15. WEB.XML <security-constraint> <display-name>REST API</display-name> <web-resource-collection> <web-resource-name>web-api</web-resource-name> <url-pattern>/api/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> S <transport-guarantee>CONFIDENTIAL</transport-guarantee> HTTP </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> uth a <realm-name>file</realm-name>basic </login-config> <security-role> <role-name>user</role-name> </security-role> Dienstag, 11. Februar 14
  16. 16. HTTPS AND BASIC AUTH • + easy to implement • - password is sent on every request • (- browser stores credentials for session) • (- browser may store creds permanently) • corporate proxies • not for really sensitive data Dienstag, 11. Februar 14
  17. 17. BASIC AUTHENTICATION curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo > GET /baas/api/todo HTTP/1.1 ... < < < < < < < < < < < HTTP/1.1 401 Unauthorized X-Powered-By: Servlet/3.0 JSP/2.2 [...] Server: GlassFish Server Open Source Edition 3.1.2.2 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET WWW-Authenticate: Basic realm="file" Content-Type: text/html Content-Length: 1073 Date: Wed, 14 Aug 2013 23:33:48 GMT Dienstag, 11. Februar 14
  18. 18. BASIC AUTHENTICATION curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo > > > > > > GET /baas/api/todo HTTP/1.1 Authorization: Basic bWFyYzpnZWhlaW0= User-Agent: ... Host: localhost:8181 Accept: */* < HTTP/1.1 200 OK Dienstag, 11. Februar 14
  19. 19. EXERCISES ecture/baas-gf ~/ws/05-Archit ~/ws/05-Architecture/jquery-rest Dienstag, 11. Februar 14
  20. 20. HTTPS AND FORM AUTH • auth method form in web.xml • credential sent only once (+) • SSO (+) • corporate proxies (-) Dienstag, 11. Februar 14
  21. 21. SETTING CORS HEADERS Jersey (eg. Jersey/Tomcat) public class CrossOriginResourceSharingFilter implements ContainerResponseFilter { @Override public ContainerResponse filter( ContainerRequest request, ContainerResponse response) { } } Dienstag, 11. Februar 14 response.getHttpHeaders().putSingle( "Access-Control-Allow-Origin", "*"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Headers", "content-type,authorization,x-requested-with"); response.getHttpHeaders().putSingle( "Access-Control-Max-Age", "3600"); return response;
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×