The presentation discusses the basic REST principles and how to define a RESTful API.
The presentation then looks at the various facilities provided by JAX-RS for developing REST API using Java.
All the supported annotations and its usage are discussed with example
Overview of REST web service concepts (Representational State Transfer).
REST is a radically different approach for web services compared to the combo SOAP/WSDL.
REST defines an architectural style for web applications and web services.
REST makes heavy use of the underlying HTTP protocol.
REST itself is not a protocol but defines architectural principles based on the concept of addressable resources and a uniform access to these resources based on the well-known HTTP-methods GET, POST, PUT and DELETE.
The state of a client (web service consumer) is controlled by the REST web service through connected links between resources (resource oriented architecture). The client state however is stored on the client itself thus greatly increasing scalability of REST-based architectures.
The REST paradigm has mostly superseded SOAP / WSDL type web services in many enterprise applications. This is largely owed to the fact that the underlying HTTP protocol is well understood and proved its scalability in the WWW.
Overview of REST web service concepts (Representational State Transfer).
REST is a radically different approach for web services compared to the combo SOAP/WSDL.
REST defines an architectural style for web applications and web services.
REST makes heavy use of the underlying HTTP protocol.
REST itself is not a protocol but defines architectural principles based on the concept of addressable resources and a uniform access to these resources based on the well-known HTTP-methods GET, POST, PUT and DELETE.
The state of a client (web service consumer) is controlled by the REST web service through connected links between resources (resource oriented architecture). The client state however is stored on the client itself thus greatly increasing scalability of REST-based architectures.
The REST paradigm has mostly superseded SOAP / WSDL type web services in many enterprise applications. This is largely owed to the fact that the underlying HTTP protocol is well understood and proved its scalability in the WWW.
This presentation aimed to explain what is REST and why it is commonly misunderstood. It focuses on describing REST from scientific point of view, based on Roy`s Fielding dissertation.
OData (Open Data Protocol) is an ISO/IEC approved, OASIS standard that defines a set of best practices for building and consuming RESTful APIs. OData helps you focus on your business logic while building RESTful APIs without having to worry about the various approaches to define request and response headers, status codes, HTTP methods, URL conventions, media types, payload formats, query options, etc. OData also provides guidance for tracking changes, defining functions/actions for reusable procedures, and sending asynchronous/batch requests.
The Open Data Protocol (OData) enables the creation of REST-based data services, which allow resources, identified using Uniform Resource Identifiers (URIs) and defined in a data model, to be published and edited by Web clients using simple HTTP messages.
An introduction to hypermedia driven APIs. What is Hydra, what are its benefits and how to implement it.
It begins with a description of the current usage of REST APIs and goes until we have a linked API that describes operations and properties.
Hydra is a vocabulary that lives on top of JSON-LD
The presentation provides overview of JAX-RS 2.0 and the cool new things that come with it. It also provides an introduction to OData which is a protocol proposed by Microsoft for data interchange.
The article 'Design Patterns for REST-APIs, plus a quick primer on what they are' is here: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4
This slide show is from my presentation on what JSON and REST are. It aims to provide a number of talking points by comparing apples and oranges (JSON vs. XML and REST vs. web services).
For Impetus’ White Papers archive, visit- http://www.impetus.com/whitepaper
This white paper talks about how search over REST can be simplified. We are not aiming at developing standards for RESTful search, but will be discussing how this problem can be approached.
This session will provide attendees with hands-on experience and in-depth knowledge of using Node.js as a runtime environment and Express.js as a web framework to build scalable and fast backend systems. Additionally, attendees will learn about Passport.js, a popular authentication middleware for Node.js, and how to use Prisma ORM to handle database operations in a type-safe and efficient manner.
The session will be conducted by experienced developers who have worked with these technologies and will be able to provide valuable insights and best practices. The session will be interactive and include plenty of opportunities for attendees to ask questions and work on real-world projects.
This presentation aimed to explain what is REST and why it is commonly misunderstood. It focuses on describing REST from scientific point of view, based on Roy`s Fielding dissertation.
OData (Open Data Protocol) is an ISO/IEC approved, OASIS standard that defines a set of best practices for building and consuming RESTful APIs. OData helps you focus on your business logic while building RESTful APIs without having to worry about the various approaches to define request and response headers, status codes, HTTP methods, URL conventions, media types, payload formats, query options, etc. OData also provides guidance for tracking changes, defining functions/actions for reusable procedures, and sending asynchronous/batch requests.
The Open Data Protocol (OData) enables the creation of REST-based data services, which allow resources, identified using Uniform Resource Identifiers (URIs) and defined in a data model, to be published and edited by Web clients using simple HTTP messages.
An introduction to hypermedia driven APIs. What is Hydra, what are its benefits and how to implement it.
It begins with a description of the current usage of REST APIs and goes until we have a linked API that describes operations and properties.
Hydra is a vocabulary that lives on top of JSON-LD
The presentation provides overview of JAX-RS 2.0 and the cool new things that come with it. It also provides an introduction to OData which is a protocol proposed by Microsoft for data interchange.
The article 'Design Patterns for REST-APIs, plus a quick primer on what they are' is here: https://hersengarage.nl/rest-api-design-as-a-craft-not-an-art-a3fd97ed3ef4
This slide show is from my presentation on what JSON and REST are. It aims to provide a number of talking points by comparing apples and oranges (JSON vs. XML and REST vs. web services).
For Impetus’ White Papers archive, visit- http://www.impetus.com/whitepaper
This white paper talks about how search over REST can be simplified. We are not aiming at developing standards for RESTful search, but will be discussing how this problem can be approached.
This session will provide attendees with hands-on experience and in-depth knowledge of using Node.js as a runtime environment and Express.js as a web framework to build scalable and fast backend systems. Additionally, attendees will learn about Passport.js, a popular authentication middleware for Node.js, and how to use Prisma ORM to handle database operations in a type-safe and efficient manner.
The session will be conducted by experienced developers who have worked with these technologies and will be able to provide valuable insights and best practices. The session will be interactive and include plenty of opportunities for attendees to ask questions and work on real-world projects.
Talk about Salesforce REST API: how to perform query, search or single-record CRUD operations; how to retrieve versions, list of custom object and object metadata and field metadata and presentation of demo page performing these requests
WordCamp Raleigh 2016 - WP API, What is it good for? Absolutely Everything!Evan Mullins
See the Power of the WP API. Now that every WordPress website has (or will have) an API built-in, what can you do with it? It allows us to further separate the data from the code. Use WordPress to manage our data and then via the API easily access or update that data to power whatever we like. We’ll touch how to set it up and a handful of examples and then explore an iOS app pulling all it’s data and assets from a WordPress site via this API.
This will be geared for developers with some “how to” but also for everyone interested in the power of WordPress and where things are heading.
Learn how to spell WP-API
Learn about the power and flexibility it brings to WordPress
See it working in a live app
Fundamentals of Web Development For Non-DevelopersLemi Orhan Ergin
This is the 2nd material of my technical training about "Fundamentals of Web Development" to non-developers, especially to business people and business analysts. This presentation covers some advanced topics that I did not cover in my previous "Fundamentals of Web" training. Even though most of the information I mention verbally in the training, the slides could help the ones who are not very familiar with web and web applications.
Restful Web Services is a lightweight, manageable and scalable service based on the REST architecture. Restful Web Service exposes your application’s API in a secure, uniform, and stateless manner to the calling client.
This session will provide attendees with hands-on experience and in-depth knowledge of using Node.js as a runtime environment and Express.js as a web framework to build scalable and fast backend systems. Additionally, attendees will learn about Passport.js, a popular authentication middleware for Node.js, and how to use Prisma ORM to handle database operations in a type-safe and efficient manner.
The session will be conducted by experienced developers who have worked with these technologies and will be able to provide valuable insights and best practices. The session will be interactive and include plenty of opportunities for attendees to ask questions and work on real-world projects.
Talk about Salesforce REST API: how to perform query, search or single-record CRUD operations; how to retrieve versions, list of custom object and object metadata and field metadata and presentation of demo page performing these requests
Best practices and advantages of REST APIsAparna Sharma
In this article, I am going to share the best practices and the advantages of REST APIs, as I am working with a team on a REST-based web application. Newsdata.io news API is a REST-based API that fetches news data from thousands of news websites in JSON format. Therefore, I have a basic understanding of REST APIs that I am going to share with you.
A REST API involves more than just pushing data back and forth between endpoints. This presentation will explain what REST is and also present a variety of topics and questions you will certainly come across while implementing your API.
By Jeremy Brown @notmessenger http://notmessenger.com
A REST API involves more than just pushing data back and forth between endpoints. REST is a set of principles and not a specification, so as such you have freedom in how to develop your API. This freedom can lead to confusion though, as it’s hard to find concrete examples of its implementation. This presentation will explain what REST is and also present a variety of topics and questions you will certainly come across while implementing your API.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Let's dive deeper into the world of ODC! Ricardo Alves (OutSystems) will join us to tell all about the new Data Fabric. After that, Sezen de Bruijn (OutSystems) will get into the details on how to best design a sturdy architecture within ODC.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. JERRY KURIAN. OVER 20 YEARS EXPERIENCE.
TECHNOLOGY INNOVATOR & ENTREPRENEUR
Started coding with an Intel 486 machine more than 25
years back and enjoying it ever since. Developed using
VB, Pascal, C++, Java Enterprise and OSS, Scala,
Node JS and the saga continues. Started using Spring,
hibernate before it became hip. Started using Scala
when it was in its infancy. After spending 8 years working in various
software companies like Huawei Tech, Quidnunc
across UK, US, China and India, the
entrepreneurship bug bit in 2006 (before it was
hip!!). Built one of the pioneers in SMS social
network called CellZapp, I developed the
product on my own and sold it to marquee
customers like ESPN and Hungama Digital.
Recently launched a product in field informatics
www.isense-tech.co.in. Successfully launched
across 3 pilot customers and on track to sign up
more.
A family man with two kids, I am a passionate
weekend cricketer and an involved dad. I urge my
two sons to follow their dreams, which they do by
staying out of the conventional schooling system
and exploring their passion at a democratic free
school called BeMe. Check it out at
http://beme.org.in
4. WHY REST?
Web is one of the most successful “app” out there
The web has grown exponentially and shows no
sign of stopping
All apps need to learn and adopt from the
underlying architectural principles of the web to be
able to grow similarly
The set of these architectural principles is
called REpresentational State Transfer (REST)
5. REST PRINCIPLE
Addressable resources
The key abstraction of information and data in REST is a
resource, and each resource must be addressable via a URI
(Uniform Resource Identifier).
A uniform, constrained interface
Use a small set of well-defined methods to manipulate your
resources.
Representation-oriented
You interact with services using representations of that
service. For example, browsers need HTML, JavaScript
needs JSON.
Communicate statelessly
Stateless applications are easier to scale.
Hypermedia As The Engine Of Application
State (HATEOAS
Let your data formats drive state transitions in your
applications.
6. ADDRESSABILITY
Addressability is the idea that every object and
resource in your system is reachable through a
unique identifier.
For an SOA, the means to discover a service or
resource is a big problem and addressability
through an identifier is an ideal solution
In the REST world, addressability is managed
through the use of URIs
scheme://host:port/path?queryString#fragment
7. UNIFORM INTERFACE VIA HTTP
REST isn’t protocol specific
But REST over HTTP is the most common way in which
REST applications are developed
There have been other specifications that have
enabled distributed application development over
web
WS-* and SOAP have been most popular. It also used
HTTP but more as a transport later to bypass the
firewalls
REST uses HTTP as a very rich application
protocol that provides multitude of interesting and
useful capabilities for application developers
10. HTTP - METHODS
GET
GET is a read-only operation. It is used to query the server for specific
information. It is both an idempotent and safe operation
PUT
PUT requests that the server store the message body sent with the
request under the location provided in the HTTP message. It is usually
modelled as an insert or update. It is also idempotent.
DELETE
DELETE is used to remove resources. It is idempotent as well.
POST
POST is the only non-idempotent and unsafe operation of HTTP. Each
POST method is allowed to modify the service in a unique way.
HEAD
HEAD is exactly like GET except that instead of returning a response
body, it returns only a response code and any headers associated with
the request.
OPTIONS
OPTIONS is used to request information about the communication
options of the resource you are interested in.
Idempotent means that no matter how many times you apply the operation, the result is always the same
11. REPRESENTATION ORIENTATION
With a GET operation, you receive a representation
of the current state of a resource.
A PUT or POST passes a representation of the
resource to the server so that the underlying
resource’s state can change
In a RESTful system, the complexity of the client-
server interaction is within the representations
being passed back and forth. These
representations could be XML, JSON, YAML, or
really any format you can come up with.
12. HATEOAS
The final principle of REST is the idea of using
Hypermedia As The Engine Of Application State
(HATEOAS).
Hypermedia and Hyperlinks compose complex sets
of information from disparate sources.
<order id="111">
<customer>http://customers.myintranet.com/customers/32133</customer>
<order-entries>
<order-entry>
<quantity>5</quantity>
<product>http://products.myintranet.com/products/111</product>
13. DEVELOPING A RESTFUL JAVA APP
For a Java programmer, the ideal scenario is to
ensure they stick to Java as much as possible
As with frameworks and specs like Hibernate and
JPA, which bridges the Relational database world
with Java world, we need a way to do REST
programming using mainly Java constructs
The steps to developing RESTful application are as
follows
14. STEPS TO DEVELOPING RESTFUL APPS
Define object
model
Model the URIs
Define
representation
format
Assign HTTP
methods
15. DEFINE OBJECT MODEL
Developing enterprise applications often start with
defining its object model
The object model defined for an application can be
used to define the various resources in our RESTful
application too
Consider a typical Order entry system.
Each order in the system represents a single
transaction or purchase and is associated with a
particular customer. Orders are made up of one or more
line items. Line items represent the type and number of
each product purchased.
17. MODEL THE URIS
Java addresses a class or an entity via its package
and class name
This format is well known within a JVM for a class
to access another class
How do you make a Java class representing a
resource be known and accessible over the web?
The answer lies in providing a URI for the java
based resources
18. URIS
In our object model, we will be interacting
with Orders, Customers, and Products
We can make these resources addressable as
follows
/orders
/orders/{id}
/products
/products/{id}
/customers
/customers/{id}
19. DEFINE REPRESENTATIONAL DATA FORMAT
Within JVM, two objects talk to each other through
the state of the object or by serializing/de-serializing
object over the wire
How can the state of a Java object be made known
to a client over the web?
The representation of the state of a resource is one
of the most important things to do in a RESTful
application
XML and JSON are two of the most popular way to
represent the resource states
22. ASSIGNING HTTP METHODS
The URIs defined earlier are a means to access as
well as perform operations on the resources
A client typically would want to perform CRUD
operations on the resources
To obtain all the products, you would typically
define GET method on the URI
GET /products HTTP/1.1
To limit the number of products returned, we can
pass the limiting parameters as query parameters
GET /products?startIndex=0&size=5 HTTP/1.1
23. HTTP METHODS
To obtain an individual product, the GET operation
would be defined as
/products/{id}
GET /products/233 HTTP/1.1
To create a new product, use the PUT operation
PUT /products/664 HTTP/1.1
Drawback of using PUT is that the client is expected to
generate the ID of the new resource
POST can also be used to create a new resource
24. HTTP METHODS
Updating a resource can be achieved via a PUT
method
To delete a resource, use the DELETE method
DELETE /orders/233
Cancellation of a resource is also update of a state
and can be achieved through DELETE with specific
query parameter
DELETE /orders/233?cancel=true
25. OPERATIONS ON RESOURCES
We might need to perform operations on resources
that do not strictly result in update of resource
states
Eg of an operation would be purging of a resources,
which ultimately updates states of multiple
resources
We can model operations as sub-resources and
trigger a POST operation
POST /orders/purge HTTP/1.1
The sub-resource URI can be further extended to
add interfaces as desired
27. FIRST APPLICATION
Create the model class
Define service
Define Path and parameters
Create the Application class
Deploy
Test Using Browser
29. JAX RS ANNOTATIONS FOR HTTP METHODS
As seen in the examples, the JAX-RS API defines
support for various HTTP methods through
annotations
The annotations supported are
@javax.ws.rs.GET
@javax.ws.rs.PUT
@javax.ws.rs.POST
@javax.ws.rs.HEAD
@javax.ws.rs.DELETE
30. BINDING URIS
The resources need to be addressed in a way that
is accessible over the web
The path to the resource is annotated using
@javax.ws.rs.Path
For a Java class to be eligible to receive any HTTP
requests, the class must be annotated with at least
the @Path("/") expression
The value of the @Path annotation is an expression
that denotes a relative URI to the context root of
your JAX-RS application
31. BINDING OPERATIONS
@Path can also be applied to the java operations
The URI matching pattern is a concatenation of the
class’s @Path expression and that of the method’s
The URI pattern for getUnpaidOrders() would be
the relative URI /orders/unpaid
32. @PATH EXPRESSIONS
@Path annotations support complex expressions
/customers/200 will match the path for method
getCustomer. While /customers/foo-bar will match
following
33. REGULAR EXPRESSIONS
The .+ is a regular expression that will match any
stream of characters after /customers
The getAddress() method has a more specific
expression. Will map any characters
after/customers that ends with /address. The GET
/customers/foo/bar/address request would route to
the getAddress() method
34. SUBRESOURCE LOCATORS
JAX-RS also allows you to dynamically dispatch requests
yourself through subresource locators
Subresource locators are Java methods annotated
with @Path, without HTTP method annotation
This returns a JAX-RS annotated service which dispatches
the remaining request
Dispatches URI pattern /customers/{database}-
db/{customerId}
36. ACQUIRING DATA
Every service requires a way to acquire data being
sent by the client and respond appropriately
As seen earlier, the Jax RS services are normal
classes with operations being implemented using
the methods
There is a need to ensure that data passed by the
client is receive by the appropriate methods
Jax RS provides various annotations that bind to
input data and makes it available to methods
37. @PATHPARAM
@PathParam allows you to inject the value of named
URI path parameters that were defined
in @Path expressions
38. MATRIX PARAMS
There are times when you would want to pass an
input attribute via the path of the URI instead of
using the query params.
Such params passed via the pat are called Matrix
Params
Example. GET /cars/mercedes/e55;color=black/2006
In the example, the attribute color is passed as a
matrix parameter
40. USING @MATRIXPARAM
JAX-RS specification allows you to inject matrix
parameter values directly through
the @javax.ws.rs.MatrixParam annotation
41. USING THE QUERY STRING - @QUERYPARAM
Generally attributes to a web resources are passed
using the Query String of the HTTP protocol
The @javax.ws.rs.QueryParam annotation allows
you to inject individual URI query parameters into
your Java parameter
GET /customers?start=0&size=10
42. INJECTING VIA FORM ELEMENT -
@FORMPARAM
The @javax.ws.rs.FormParam annotation is used
to access application/x-www-form-url encoded
request bodies
43. @HEADERPARAM
The @javax.ws.rs.HeaderParam annotation is used
to inject HTTP request header values.
You could access the HTTP Referer header using
the @HeaderParam annotation
44. RAW HEADERS
In case you need access to all the headers passed
in by the request, then it can be accessed via
HttpHeaders object set via @Context
45. @COOKIEPARAMS
HTTP is stateless, but many applications might
require a state to be maintained
Maintaining states is accomplished via tools like
Sessions
Cookies
If a client app stores info in a cookie then it is also
responsible to send the data via request headers
@CookieParams annotation allows service to
access data
46. AUTOMATIC TYPE CONVERSION
Although, data sent via HTTP is usually represented as
String, the java method can receive the data in specific
type
JAX-RS converts String into desired type as long as the
type conversion matches following criteria
1. The desired type is a primitive value
2. The desired type is a Java class with a constructor that
takes a single String as input
3. The desired type is a java class that has a static method
named valueOf() that takes a single String argument and
returns an instance of the class
4. It is a java.util.List<T>, java.util.Set<T>,
or java.util.SortedSet<T>, where T is a type that satisfies
criteria 2 or 3
47. COLLECTION OF PARAMETERS
The client can pass a parameter multiple times, in
case there are multiple values to the parameter
GET /customers?orderBy=last&orderBy=first
JAX-RS provider represents these two parameters
as a java.util.List and injects this list
with one @QueryParam annotation
48. DEFAULT VALUE
Many times the client may not have value for a
specific param and may not pass it
This makes the value null. The null value may
cause problems to the service
A default value can be set in such cases
49. ENCODED VALUES
By default, JAX-RS decodes the input values
before converting them into Java types
If you wish to make use of the raw encoded values,
then it is possible via @Encoded annotation
51. WRITING RESTFUL CLIENTS
One of the major challenges in working with a
REST application is writing a client app
Most of the annotations defined earlier are for
creating a RESTful service
For writing clients, there are two options
Develop client app using java.net.URL or Apache HTTP
Client
Use JAX-RS API Client API, which makes working with
Jax RS much simpler
52. USING JERSEY FOR DEVELOPING CLIENT
The Jersey based implementation can be used for
writing JAX-RS 2 clients
Add the following dependency in pom.xml to make
use of the library
<dependencies>
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-client</artifactId>
<version>2.23.2</version>
</dependency>
</dependencies>
53. CREATING A CLIENT
API provides a class called javax.ws.rs.client.Client
which represents a JAX-RS client
Create a new Client object using ClientBuilder
Client client = ClientBuilder.newClient();
Create the invocation target
WebTarget target =
client.target("http://localhost:8080/SecondApp/services/c
ustomers/eg;color=black/2000");
Send a GET request
Response response = target.request().get();
Analyze the response
response.readEntity(String.class)
Close the resources
response.close()
client.close()
54. WEBTARGET
The WebTarget interface represents a specific URI
you want to invoke on.
Some of the important methods it provides are
55. WEBTARGET
Request invoker can be obtained from the
Webtarget via its request methods
Invocation.Builder allows setting up of different
types of headers
57. NEED FOR CONTENT TRANSFORMATION
Aim of a Java developer is to deal with Java object
as much as possible
RESTful services often represent data in the form
of XML or JSON
There is a need to seamlessly convert from the raw
XML or JSON format to Java object format so that
the developers can handle it easily
58. BUILT-IN CONTENT MARSHALLING
StreamingOutput is a simple callback interface
that you implement when you want to do raw
streaming of response bodies
59. READING DATA
For reading request message bodies, you can use
a raw InputStream or Reader for inputting any
media type
60. RECEIVING OR RETURNING FILES
Instances of java.io.File can also be used for input
and output of any media type.
61. JAXB
JAXB is a specification defined to map Java
classes to XML
JAX-RS has built in support for JAXB
62. JAXB JAX-RS HANDLERS
JAX-RS spec is required to marshall and un-
marshall JAXB objects
63. CUSTOM MARSHALLING
In case where there is no direct support for
marshalling and unmarshalling of JAXB objects,
JAX-RS supports creating custom marshallers
The interface to be implemented are
MessageBodyWriter
MessageBodyReader
65. PASSING OBJECTS FROM CLIENT
JAX-RS client implementation environment may not
have in-built support for JAXB transformation
In such cases it is required that the
MessageBodyReader and MessageBodyWriter is
implemented
To make the class usable, it needs to be registered
with the WebTarget
WebTarget target =
client.target("http://localhost:8080/SecondApp/services/
customers").register(CustomerReader.class).register
(CustomerWriter.class)
67. SUCCESSFUL RESPONSES
Successful HTTP response code numbers range
from 200 to 399
If a service returns null or empty body, then the
response code will be 204, “No Content”
68. ERROR RESPONSE
Standard HTTP error response code numbers
range from 400 to 599
If the client provides a URI that is not found then
the response code will be 404, “Not Found,”
If a client requests text/html response for a
resource URI that is not returning anything then the
status code will be 406, “Not Acceptable,
If the client invokes an HTTP method on a valid URI
to which no JAX-RS resource method is bound, the
JAX-RS runtime will send an error code of 405,
“Method Not Allowed.”
Example, issuing PUT request to a resource that
supports only POST
69. COMPLEX RESPONSE
For the cases where you need to control the
response, your JAX-RS resource methods can
return instances of javax.ws.rs.core.Response
A ResponseBuilder can be used to construct a
Response
70. EXCEPTION HANDLING
Errors can be reported to a client either by creating
and returning the appropriate Response object or
by throwing an exception
JAX-RS provides
the javax.ws.rs.WebApplicationException. This can
be thrown by application code and automatically
processed by JAX-RS
A Response object can be set in the exception
object which will be returned by JAX-RS service to
the client
If there is no Response object set then the server
returns 500, “Internal Server Error,”
72. SECURING APPLICATIONS
Authentication
Authentication is about validating the identity of a client
that is trying to access your services.
Authorization
Authorization is about deciding whether or not a certain
user is allowed to access and invoke on a specific URI
Encryption
Sensitive data should be protected with cryptographic
services like SSL
73. BASIC AUTHENTICATION
Basic Authentication is the simplest protocol available
for performing authentication over HTTP
It involves sending a Base 64–encoded username and
password within a request header to the server
If invoking a secure resource
GET /customers/333 HTTP/1.1
Pass Base 64 encoded username and password in
header username:password
This has to be passed in every request
Prone to hostile interception
74. AUTHORIZATION
While authentication is about establishing and
verifying user identity, authorization is about
permissions.
Authorization requires users to have one or more
roles
Roles need to be assigned permissions to perform
operations
75. AUTHORIZATION USING JAX-RS
Authentication and Authorization in JAX-RS can be
enabled either using web.xml or via Annotations
JAX-RS defines following annotations
@RolesAllowed – Lists the roles that are allowed
access
@DenyAll – Denies access to all roles
@PermitAll – Allows all roles
76. ENABLING AUTHORIZATION
For the server to check for authorization, you need
to register certain interceptors
The interceptors are specific to the implementation
Jboss Resteasy expects you to register a
@Provider that is a PreProcessInterceptor
The Pre-Processor should be registered with the
Application
78. THE WEB PARADIGM
The Internet is commonly referred to as “the Web”
because information is connected together through
a series of hyperlinks embedded within HTML
documents
The architectural principle that describes linking
and form submission is called HATEOAS
HATEOAS stands for Hypermedia As The Engine
Of Application State
79. IMPLEMENTING HATEOAS
Most XML-based RESTful applications use syntax
from the Atom Syndication Format as a means to
implement HATEOAS
80. ATOM LINKS
Atom links have some key attributes
rel
It is the logical, simple name used to reference the link
href
This is the URL you can traverse in order to get new
information or change the state of your application.
type
This is the exchanged media type of the resource the
URL points to
hreflang
Represents the language the data format is translated
into.
81. HATEOAS AND JAX-RS
HATEOAS is to be defined by the application, so
JAX-RS restricts itself to some helper methods to
construct the links
82. BUILD FROM PATH
Given a path, the builder can help create a URI
This would result in a URI
http://example.com/customers/333?param=value
85. CACHING
Caching is one of the most powerful technique to
improve performance
Any service that provides static unchanging data is
an obvious candidate for caching
Browser knows when to cache using the response
header called Expires
88. CONCURRENCY
In a highly concurrent RESTful application, care
should be taken that the a resource is not getting
updated with invalid data
This can happen if a client has obtained a resource
with a particular state and before making the
update, some other client updates the data
This problem can be overcome using conditional
PUT or POST
89. CONDITIONAL UPDATE
A client receives a GET response with its Etag and
Last-Modified headers set
When performing conditional PUT or POST, the
request should have If-Match or If-Unmodified-
Since header
90. CONDITIONAL UPDATE WITH JAX-RS
To do conditional updates with JAX-RS, you use
the Request.evaluatePreconditions() method
92. CONNEG
Clients set an Accept request header that is a
comma-delimited list of preferred formats.
The client is asking the server for /stuff formatted in
either XML or JSON. It can also specify wildcards
If the server is unable to provide the desired
format, it will respond with a status code of 406,
“Not Acceptable.”
93. JAX-RS AND CONNEG
JAX-RS does method dispatching based on the
ACCEPT header values
JAX-RS can pick one of these methods based on
what is in the Accept header
94. JAXB FOR CONNEG
You can implement one Java method that can
service both formats
The method would return representation as per the
ACCEPT header
96. EJB
Java EE requires that EJB containers support
integration with JAX-RS
When manually registering your resources via
your Application class, you must register the bean
class of the EJB via
the Application.getClasses() method.
97. EXAMPLE
Create an app with following features
Create a Product (Only allowed for Admin)
Place an Order.
Order Can include multiple Products
View Pending Order (Only allowed for Admin)
List All Customers
Also return the list of orders as HATEOAS