Your SlideShare is downloading. ×
0
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Modern web application network architecture
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Modern web application network architecture

597

Published on

Talk about web application architecture for Java web applications targeted to JavaScript single page applications

Talk about web application architecture for Java web applications targeted to JavaScript single page applications

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
597
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
2
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. ARCHITECTURE Dienstag, 11. Februar 14
  • 2. FROM PRESENTATION TO SERVICE LAYER Dienstag, 11. Februar 14
  • 3. OLD STYLE PRESENTATION LAYER Server Browser GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 render markup 200/OK (HTML) POST /servlet/contacts HTTP/1.1 200/OK (HTML) Dienstag, 11. Februar 14 render markup
  • 4. DATA CENTRIC SERVICE LAYER Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /api/contacts HTTP/1.1 render markup 200/OK (JSON) PUT /api/contacts/12 HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • 5. WHERE ARE WE HEADING TO ? Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 200/OK (HTML) ts ! cke o ws://future.now/ws S eb W render markup Dienstag, 11. Februar 14 PUT /api/contacts/12 HTTP/1.1 200/OK (JSON) render markup
  • 6. REST AND CRUD Dienstag, 11. Februar 14
  • 7. JAX-RS @GET @Produces("application/json") public Collection<ToDo> getAll() throws ServiceException { ... } @GET @Path("/{uuid}") @Produces("application/json") public ToDo get(@PathParam("uuid")String id) throws ServiceException { ... } @PUT @Consumes("application/json") @Produces("application/json") public ToDo createToDo(ToDo toDo) throws ServiceException { ... } Dienstag, 11. Februar 14
  • 8. CORS CROSS ORIGIN RESOURCE SHARING Dienstag, 11. Februar 14
  • 9. PREFLIGHT REQUEST curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo > OPTIONS /baas/api/todo HTTP/1.1 ... < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • 10. CORS Browser Server of origin Service provider GET /index.html HTTP/1.1 200/OK (HTML) ! est qu pr ht re eflig OPTIONS /api/contacts HTTP/1.1 200/OK (WADL) GET /api/contacts HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • 11. SETTING CORS HEADERS JEE WebFilter (Glassfish 4.0) @WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"}) public class CorsFilter implements Filter { private void doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse)response; httpResponse.addHeader("Access-Control-Allow-Origin", "*"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpResponse.addHeader("Access-Control-Allow-Headers", "x-requested-with, accept, origin, authorization"); httpResponse.addHeader("Access-Control-Max-Age", "1728000"); } } ... // netbeans default Filter pattern Dienstag, 11. Februar 14
  • 12. CORS curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • 13. WADL <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> <resources base="https://localhost:8181/baas/api/"> <resource path="todo"> <method id="createToDo" name="PUT"> <request> <representation mediaType="application/json"/> </request> <response> <representation mediaType="application/json"/> </response> </method> ... </resource> </resources> </application> Dienstag, 11. Februar 14
  • 14. AUTHENTICATION Dienstag, 11. Februar 14
  • 15. WEB.XML <security-constraint> <display-name>REST API</display-name> <web-resource-collection> <web-resource-name>web-api</web-resource-name> <url-pattern>/api/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> S <transport-guarantee>CONFIDENTIAL</transport-guarantee> HTTP </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> uth a <realm-name>file</realm-name>basic </login-config> <security-role> <role-name>user</role-name> </security-role> Dienstag, 11. Februar 14
  • 16. HTTPS AND BASIC AUTH • + easy to implement • - password is sent on every request • (- browser stores credentials for session) • (- browser may store creds permanently) • corporate proxies • not for really sensitive data Dienstag, 11. Februar 14
  • 17. BASIC AUTHENTICATION curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo > GET /baas/api/todo HTTP/1.1 ... < < < < < < < < < < < HTTP/1.1 401 Unauthorized X-Powered-By: Servlet/3.0 JSP/2.2 [...] Server: GlassFish Server Open Source Edition 3.1.2.2 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET WWW-Authenticate: Basic realm="file" Content-Type: text/html Content-Length: 1073 Date: Wed, 14 Aug 2013 23:33:48 GMT Dienstag, 11. Februar 14
  • 18. BASIC AUTHENTICATION curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo > > > > > > GET /baas/api/todo HTTP/1.1 Authorization: Basic bWFyYzpnZWhlaW0= User-Agent: ... Host: localhost:8181 Accept: */* < HTTP/1.1 200 OK Dienstag, 11. Februar 14
  • 19. EXERCISES ecture/baas-gf ~/ws/05-Archit ~/ws/05-Architecture/jquery-rest Dienstag, 11. Februar 14
  • 20. HTTPS AND FORM AUTH • auth method form in web.xml • credential sent only once (+) • SSO (+) • corporate proxies (-) Dienstag, 11. Februar 14
  • 21. SETTING CORS HEADERS Jersey (eg. Jersey/Tomcat) public class CrossOriginResourceSharingFilter implements ContainerResponseFilter { @Override public ContainerResponse filter( ContainerRequest request, ContainerResponse response) { } } Dienstag, 11. Februar 14 response.getHttpHeaders().putSingle( "Access-Control-Allow-Origin", "*"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Headers", "content-type,authorization,x-requested-with"); response.getHttpHeaders().putSingle( "Access-Control-Max-Age", "3600"); return response;

×