This document discusses RESTful web services and compares them to SOAP. It proposes redesigning the Flickr API to be more RESTful by defining resources like users, photos, tags and comments and allowing them to be manipulated via HTTP methods at URI endpoints. It also discusses representing resources in different formats like XML, JSON and addressing challenges of HATEOAS through hypermedia links between related resources.
Overview of web services, SOAP, WSDL and UDDI.
A web service provides a defined set of functionality on a machine-processable interface.
The web service interface is described in a formal language like WSDL that allows creating code to access the service thus simplifying web service consumer (client) and provider (server) development.
In big web services, the interface is typically described in WSDL while the access to the service makes use of the SOAP message protocol.
SOAP has its roots in remote object access but is now a general message based and asynchronous transport mechanism.
SOAP is typically carried in HTTP (HyperText Transmission Protocol), but other message based protocols like SMTP (Email) or plain TCP could be used as well.
WSDL provides a formalized description of an interface that is coarsely separated in an abstract service interface definition containing operations and data types, a transport binding that describes how the web service is accessed and finally a description of the location (address) under which a web service is accessible.
UDDI (Universal Description and Discovery Protocol) was meant to become the standard protocol for some kind of a public yellow pages where publicly accessible web services would be listed. Lack of industry interest, however, prevented UDDI to gain widespread use.
Overview of web services, SOAP, WSDL and UDDI.
A web service provides a defined set of functionality on a machine-processable interface.
The web service interface is described in a formal language like WSDL that allows creating code to access the service thus simplifying web service consumer (client) and provider (server) development.
In big web services, the interface is typically described in WSDL while the access to the service makes use of the SOAP message protocol.
SOAP has its roots in remote object access but is now a general message based and asynchronous transport mechanism.
SOAP is typically carried in HTTP (HyperText Transmission Protocol), but other message based protocols like SMTP (Email) or plain TCP could be used as well.
WSDL provides a formalized description of an interface that is coarsely separated in an abstract service interface definition containing operations and data types, a transport binding that describes how the web service is accessed and finally a description of the location (address) under which a web service is accessible.
UDDI (Universal Description and Discovery Protocol) was meant to become the standard protocol for some kind of a public yellow pages where publicly accessible web services would be listed. Lack of industry interest, however, prevented UDDI to gain widespread use.
The slides provide a major overview on SOAP protocol, and demonstrates a working example that uses SOAP for RPC. It uses WCF/visual studio and Apache Axis for the implementation.
The slides provide a major overview on SOAP protocol, and demonstrates a working example that uses SOAP for RPC. It uses WCF/visual studio and Apache Axis for the implementation.
ASFWS 2012 / Initiation à la sécurité des Web Services par Sylvain MaretSylvain Maret
Avec l’expansion des services en lignes via le cloud ou tout simplement l’interconnexion des SI, le besoin d’exposer des services vers l’extérieur est croissant. Les WebServices sont une solution
maintenant éprouvée depuis longtemps pour répondre à ce besoin.
Que l’on utilise SOAP ou REST un problème se pose toujours : comment faire pour sécuriser l’accès à mon SI alors que j’en ouvre une porte en exposant mon métier ? Cette conférence tentera de répondre à ces questions en présentant des cas concrets d’implémentation.
Un retour d'expérience concernant l'implémentation d'une nouvelle API RESTful pour exposer du contenu JCR au sein d'une installation Jahia Digital Factory.
SophiaConf 2010 Présentation de la conférence du 30 Juin - Gestion des identi...TelecomValley
SophiaConf 2010 Conférence du 30 Juin 2010 à Polytech'Nice Sophia sur la Gestion des identités et Sécurisation des services Web : Réalités et Perspectives par Hubert Le Van Gong et trois retours d'expériences : Maitre Pascal Agosti, Cabinet Caprioli&Associés; Frédéric AIME, Chief Technical Officer de JANUA; Florent Peyraud, CEO et fondateur de TRYPHON
Guide de mise en oeuvre d'une authentification forte avec une cpsBee_Ware
Destiné plus spécifiquement aux chefs de projets et aux architectes techniques et applicatifs, ce guide présente la mise en œuvre d’une authentification forte avec une carte CPS (Carte de Professionnels de Santé).
EVERYWARE the dawning age of ubiquitous computingQWEB.ECO
A small summary of the Adam Greenfields's book : Everyware. This is a most impressive book which clearly leads the reader through the implications of ubiquitous computing
This presentation provides an introduction to RESTful service design patterns by starting at the HTTP basics, then looking at good designs and finally covering good and bad practices.
Web services are a treasure trove of tools, content and data. I'll be exploring how we can use Drupal's frameworks to tap into these services. From strategy and selecting the right approach, to triggering, encoding and sending HTTP messages, I'll walk through how you might go about writing a custom integration that puts your Drupal build into a conversation with the outside world. I'll follow up with real world examples I've built to interact with NASA's ECHO Earth science data service (http://earthdata.nasa.gov/echo) and the Agile Zen project management tool (http://agilezen.com).
Sandboxes for the code demoed in this session are available at:
* ECHO - http://drupal.org/sandbox/dbassendine/1829568
* AgileZen - http://drupal.org/sandbox/dbassendine/1828082
Presented by David Bassendine on 10/27/2012 at Drupalcamp Atlanta (https://www.drupalcampatlanta.com/session/talking-web-services).
“Markets are certainly looking at election results with some apprehension, but what is also true is that they are in for a correction. Elections might act as the trigger for such a correction,” said Jagannadham Thunuguntla, equity head at SMC Capitals.
Gentle introduction to Pyramid. Where it comes from, how simple it, how fast, how flexible and why the future will be pyramid shaped.
Made for pyconau 2011
Apache and PHP: Why httpd.conf is your new BFF!Jeff Jones
Apache's configuration files can be used to configure how Apache operates, but they can also be used to configure PHP and how Apache httpd interacts with PHP. In this talk, Jeff explains the different ways Apache can be configured, explains many of the useful config options available for Apache modules, including our own mod_php, and showcases example of how they can be used with, and instead of, your PHP code.
Yahoo has developed the de facto standard for building fast front-ends for websites. The bad news: you have to follow 34 rules to get there. The good news: I'll take a subset of those rules, explain them, and show how you can implement those rules in an automated fashion to minimize impact on developers and designers for your high-traffic website.
200, 404, 302. Is it a lock combination? A phone number? No, they're HTTP status codes! As we develop Web applications, we encounter these status codes and others, and often we make decisions about which ones to return without giving much thought to their meaning or context. It's time to take a deeper look at HTTP. Knowing the methods, headers, and status codes, what they mean, and how to use them can help you develop richer Internet applications. Join Ben Ramsey as he takes you on a journey through RFC 2616 to discover some of the gems of HTTP.
Une immense majorité de développeurs connaissent jQuery, mais pas vraiment JavaScript. Nous verrons comment faire en pur JS ce que vous avez l’habitude de faire avec jQuery et jQuery UI, en mettant l’accent sur le support par les navigateurs des fonctionnalités JS utilisées, et sur les polyfills disponibles.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
1. Services web
RESTful
Raphaël Rougeron
Conférence PHPQuébec 2009
2. A propos de moi
Raphaël Rougeron <goldoraf@gmail.com>
depuis... bien longtemps !
Expert technologies web chez
Contributeur d'
Framework Stato
http://stato-framework.org
http://raphael-rougeron.com
4. Principes de SOAP
SOAP = RPC via HTTP
Remote Procedure Call
Invocation de méthodes d'objets distants
Héritage de CORBA, DCOM, mais plus lourd
Nécessite des outils (IDEs, génération WSDL)
5. Principe du web
L'hypertexte permet la navigation au sein de
nuages de données distribuées
8. The web is agreement
http://www.flickr.com/photos/psd/1805709102/
9. quot;Il existe deux manières de concevoir un logiciel.
La première, c’est de le faire si simple qu’il est
évident qu’il ne présente aucun problème. La
seconde, c’est de le faire si compliqué qu’il ne
présente aucun problème évident. La première
méthode est de loin la plus complexe.quot;
C.A.R. Hoare
10. quot;Things should be made as simple as possible,
but not simpler.quot;
Albert Einstein
14. HTTP
Code de réponse
HTTP/1.x 200 OK
Connection: Keep-Alive
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Entêtes
Server: gws
Content-Length: 2614
Date: Wed, 12 Dec 2007 08:57:47 GMT
Content-Encoding: gzip
<html><head><meta http-equiv=quot;content-typequot;
content=quot;text/html; charset=UTF-8quot;><title>Google</title>.....
Corps
15. REST
Qu'est ce que REST ?
3 définitions possibles
16. Representational State Transfer
Thèse de Roy Fielding, 2000
Un ensemble de critères de conception, bâti sur
4 principes simples
L'architecture originale du web par l'un des
pères du protocole HTTP...
...définie a posteriori
17. Services / applications RESTful
Ce dont nous allons parler :
Une architecture web utilisant HTTP, URI, et
autres standards correctement
18. REST-RPC
XML via HTTP sans SOAP
Approche RPC
Requêtes GET ou POST
Egalement appelé quot;POXquot;
Hélas beaucoup de services étiquettés REST
tombent dans cette catégorie...
http://api.flickr.com/services/rest/?method=flickr.photos.getRecent
20. Ressources
Peuvent être n'importe quelle entité, physique ou
non !
Un utilisateur
Une conférence
Une pièce mécanique
La dernière version d'un logiciel
Un pays
21. URIs et adressabilité
Donner à chaque ressource un identifiant :
http://example.com/users/fred
http://example.com/conference/2009
http://example.com/products/1234
http://example.com/downloads/latest
http://example.com/wiki/Canada
22. Absence d'état
Chaque requête HTTP est isolée des autres
Chaque requête comprend toutes les
informations nécessaires au serveur pour y
répondre :
http://example.com/fr/users/me/profile
Conséquences heureuses :
Mise en cache possible (proxies)
Performances
Scalability
23. Représentations
XHTML
XML
JSON L'idée est de retourner
différentes représentations
PNG
d'une ressource en fonction
PDF
des souhaits du client
YAML
CSV
...
25. Interface uniforme
GET Récupérer une information
PUT Modifier une ressource
(ou la créer si on peut deviner son URI)
POST Créer une sous-ressource
DELETE Dois-je le préciser ?
Sans oublier HEAD et OPTIONS...
27. Flickr
GET http://api.flickr.com/services/rest/
?method=flickr.photos.getRecent&extras=geo,tags
GET http://api.flickr.com/services/rest/
?method=flickr.photos.getInfo&photo_id=12345
POST http://api.flickr.com/services/rest/
?method=flickr.photos.addTags
POST http://api.flickr.com/services/rest/
?method=flickr.photos.delete
GET http://api.flickr.com/services/rest/
?method=flickr.photos.comments.getList&photo_id=12345
POST http://api.flickr.com/services/rest/
?method=flickr.photos.comments.add
POST http://api.flickr.com/services/rest/
?method=flickr.photos.comments.edit
32. Flickr v.2.0
3. Exposer certaines méthodes
de l'interface uniforme
33. Flickr v.2.0
Méthode URI
GET /users
POST /users
GET /users/fred
PUT /users/fred
DELETE /users/fred
Méthode URI
GET /users/fred/photos
GET /users/fred/photos/recent
POST /users/fred/photos
GET /users/fred/photos/12345
PUT /users/fred/photos/12345
DELETE /users/fred/photos/12345
34. Flickr v.2.0
Méthode URI
GET /users/fred/photos/12345/tags
POST /users/fred/photos/12345/tags
PUT /users/fred/photos/12345/tags/toto
DELETE /users/fred/photos/12345/tags/toto
Méthode URI
GET /users/fred/photos/12345/comments
POST /users/fred/photos/12345/comments
PUT /users/fred/photos/12345/comments/23
DELETE /users/fred/photos/12345/comments/23
39. Flickr v.2.0
GET : 200 OK | 404 Not found
POST : 201 Created | 409 Conflict
PUT, DELETE : 200 0K
Rien ne va plus : 500 Internal server error ;)
40. Flickr v.2.0
6. Implémenter le tout ?
Il reste encore un problème...
41. HATEOS
Hypermedia as the engine of application state
quot;A REST API should be entered with no prior knowledge beyond
the initial URI (bookmark) and set of standardized media types that
are appropriate for the intended audience (i.e., expected to be
understood by any client that might use the API). From that point
on, all application state transitions must be driven by client
selection of server-provided choices that are present in the
received representations or implied by the user’s manipulation of
those representations.quot;
Roy Fielding
42. Flickr
Exemple : construction des URIs vers les photos
Une documentation est nécessaire pour naviguer dans l'API !!!
http://farm{farm-id}.static.flickr.com/{server-id}/{id}_{secret}.jpg
http://farm{farm-id}.static.flickr.com/{server-id}/{id}_{secret}_[mstb].jpg
http://farm{farm-id}.static.flickr.com/{server-id}/{id}_{o-secret}_o.(jpg|gif|png)
46. URI Templates
Proposé à l'IETF par Joe Grégorio :
http://www.google.com/search?{-join|&|q,num}
http://www.google.com/notebook/feeds/{userID}
/{prefix|/notebooks/|notebookID}{-opt|/-/|categories}{-listjoin|/|
categories}?{-join|&|updated-min,updated-max,alt,start-
index,max-results,entryID,orderby}
49. Authentification
HTTP Basic
Mot de passe en clair (base64)
À n'utiliser qu'en HTTPS
HTTP Digest
Nécessite un module Apache rarement activé
WSSE Username Token
Utilisé pour Atom
Algorithme SOAP ;)
52. WSSE Username Token
Simple à implémenter
Rien à installer (sauf peut-être pecl_http...)
N'envoie pas les mots de passe en clair
Empêche les quot;replay attacksquot;
Facilement implémentable côté client Ajax
56. PHP et REST
Nombreux outils XML
json_encode, json_decode
Extension curl pour consommer les services
pecl_http peut aider (en-têtes)
Un gotcha : pas de $_PUT !
$params = array();
parse_str(file_get_contents('php://input'), $params);
58. CakePHP
// app/config/routes.php
Router::mapResources('posts');
Router::parseExtensions();
// app/controllers/posts_controller.php
class PostsController extends AppController {
var $components = array('RequestHandler');
function index() {
$posts = $this->Posts->find('all');
$this->set(compact('posts'));
}
function view($id) {
...
}
function edit($id) {
GET /posts PC::index()
...
} GET /posts/123 PC::view(123)
function delete($id) {
POST /posts PC::add()
...
}
PUT /posts/123 PC::edit(123)
}
POST /posts/123 PC::edit(123)
// app/views/posts/xml/index.ctp
DELETE /posts/123 PC::delete(123)
<posts>
<?php echo $xml->serialize($posts); ?>
</posts>
59. Symfony
De grands progrès en 1.2
quot;Routes as first-class objectsquot;
SfRequestRoute permet de préciser les
méthodes HTTP et les représentations
disponibles :
article:
url: /article/:id
class: sfRequestRoute
requirements:
sf_method: get
sf_format: (?:xml|json|yaml)
60. Zend Framework
Zend_Rest_Server, un mauvais choix :
seuls GET et POST sont supportés
(REST-RPC)
conçu pour retourner du XML, pas d'autre type
de représentation possible
problablement déprécié en 2.0, à ne pas utiliser
pour de nouveaux projets
61. Zend Framework
Une autre approche :
Profiter de l'extensibilité des composants MVC
Zend_Controller_Request_Http supporte les
méthodes PUT, DELETE, HEAD, OPTIONS
Utiliser le helper d'action ContextSwitch
Proposition de Luke Crouch :
Zend_Controller_Router_Route_Rest
http://framework.zend.com/wiki/display/ZFPROP/Zend_Controller_Router_R
oute_Rest+-+Luke+Crouch
62. Epilogue
Soyez sceptiques
Apprenez en plus sur REST
Des problèmes restent à résoudre
Retournez à la nature... du web !