REST; WebScket (RFC 6455) Web Oriented Technlgies and Systems Prf. Michele Ruta Master s Degree Curse in Cmputer Engineering - (A.Y. 2016/2017)
REST REST = Representatinal State Transfer. Anther architectural paradigm fr Web-based services. Term intrduced in 2000 in the PhD thesis by Ry Fielding (ne f the authrs f the HTTP prtcl). The REST paradigm is brn as an abstractin f sme basic features f HTTP, that made it ppular and useful fr higher-level prtcls and services. RESTful Web services are thse Web-based services that meet the cnstraints f REST paradigm. Prf. Michele Ruta Web Oriented Technlgies and Systems 2 f 20
REST paradigm A distributed applicatin is RESTful if it meets 6 fundamental prperties (cnstraints): Client-server. Stateless. Cacheable (clients can cache server respnses). Layered system: a client can cnnect directly t the server r t an intermediary (which may be designed t increase the scalability r the security). Cde n demand (ptinal requirement): the server may temprarily extend the client capabilities allwing her t btain additinal cde. Unifrm interface: the interface between client and server is simple and unifrm. Prf. Michele Ruta Web Oriented Technlgies and Systems 3 f 20
Is the WWW RESTful? Client-server: yes Stateless: yes Cacheable: yes Layered systems: yes Prxy Cde n demand: yes Client-side scripting, embedded bjects Unifrm interface: yes URI t identify resurces and get their representatin A few simple methds t manipulate resurces (methd = actin, resurce = bject required) HTTP messages are self-descriptive: they specify resurce frmats, the pssibility t cache data, etc. Prf. Michele Ruta Web Oriented Technlgies and Systems 4 f 20
RESTful Web Service There is nt an "fficial" standard fr RESTful Web services. The RESTful Web services are "Web services bradly speaking (they are crss-platfrm, interperable and queried thrugh a public interface), nt in the strict sense (n use f WSDL, SOAP, etc.). Fr RESTful Web service we means a Web API that adheres t the REST paradigm: HTTP is the cmmunicatin prtcl; each resurce is identified by an URI; resurces are represented in interperable frmats (the mst cmmn are: HTML, JSON, XML); methds PUT, GET, POST, DELETE perfrm the fur basic manipulatins f each resurce: create, read, update, delete (CRUD). Prf. Michele Ruta Web Oriented Technlgies and Systems 5 f 20
AJAX limitatins AJAX enables mre interactive Web applicatins: refresh data withut relading the entire page; reduce latency and netwrk traffic. Hwever there are sme limitatins: cmmunicatin is always riginated by a client request; refresh f data nly thrugh plling; it is nt pssible t cver mre advanced scenaris, such as: peer t peer Web-based applicatins; real-time data update. This is because the HTTP cmmunicatin is basically halfduplex. Prf. Michele Ruta Web Oriented Technlgies and Systems 6 f 20
WebScket W3C candidate recmmendatin in 2012. Slutin based n: a cnnectin-riented and full-duplex applicatin prtcl in additin t HTTP; an HTML5 API t use it. It allws t send data in real time t Web applicatins running within a brwser. Prf. Michele Ruta Web Oriented Technlgies and Systems 7 f 20
Frm HTTP t WebScket The prtcl has tw phases: handshake; data transfer. WebScket: explits the same TCP prts f HTTP (80) and HTTPS (443); reuses the infrastructural elements f HTTP: prxy; authenticatin. it has the fllwing URI scheme: ws:// fr unencrypted cnnectins; wss:// fr encrypted cnnectins with TLS. Prf. Michele Ruta Web Oriented Technlgies and Systems 8 f 20
Client side handshake (1) The client side handshake is a regular HTTP request. the request URI is the endpint f the WebScket cnnectin; Cnnectin: Upgrade, requires t mdify the current cnnectin; Upgrade: webscket, specifies the new prtcl; Origin, tells the server which client riginated the request. It is mandatry if the client is a brwser. Prf. Michele Ruta Web Oriented Technlgies and Systems 9 f 20
Client side handshake (2) Other mandatry header fields: Sec-WebScket-Versin: required prtcl versin; the first definitive versin is the 13; Sec-WebScket-Key: 16-byte pseud-randm value, encded in base64; The client in the request can specify several ptins: Sec-WebScket-Prtcl: list f applicatin layer sub-prtcls that the client wants t use. IANA hlds the register f valid names; Sec-WebScket-Extensins: cllectin f WebScket extensins supprted by the client. IANA hlds the register f valid names; Ckie; Authenticatin. Prf. Michele Ruta Web Oriented Technlgies and Systems 10 f 20
Server respnse Structure f the server respnse. In rder that the handshake is cmpleted: the status cde must be 101; Upgrade and Cnnectin header fields must be present; Sec-WebScket-Accept is used t cnfirm acceptance f the request: must be equal t the SHA1 hash f the cncatenatin f the Sec-WebScket-Key value sent by the client with the unique string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11. Optinal header fields: Sec-WebScket-Prtcl, indicates the applicatin sub-prtcl selected by the server frm thse prpsed by the client; Set-Ckie. Prf. Michele Ruta Web Oriented Technlgies and Systems 11 f 20
Data transfer During the data transfer, WebScket prtcl adds the bare minimum t run a TCP scket in the applicatin infrastructure f the WWW: a security mdel fr brwsers based n the rigin f the data: in fact, by nly using HTML and JavaScript, brwsers d nt allw t send requests with header field starting with Sec-. addressing (t supprt multiple hst names n a single IP) and indicatin f the applicatin prtcl (t supprt multiple services n a single prt); a framing mechanism such as TCP, but withut size limits; a tear dwn prcedure that cmplements that f the TCP in the presence f prxies and ther intermediaries. Prf. Michele Ruta Web Oriented Technlgies and Systems 12 f 20
WebScket frame Prf. Michele Ruta Web Oriented Technlgies and Systems 13 f 20
Frame fields (1/2) FIN (1 bit): it is used t clse the cnnectin. RSV1, RSV2, RSV3 (1 bit each): reserved fr extensins. Opcde (4 bit): 0000 cntinuatin; 0001 text frame; 0010 binary frame; 1000 cnfirm cnnectin clsure (and ptinally the paylad may cntain a status cde with the mtivatin); 1001 ping; 1010 ping respnse; ther values are reserved. Prf. Michele Ruta Web Oriented Technlgies and Systems 14 f 20
Frame fields (2/2) Mask (1 bit): it indicates whether the bit masking f the paylad is active. Fr security reasns, all frames sent frm client t server must have this bit set t 1. Paylad length ( 7 bit): frm 0 t 125: paylad length; 126: the length is expressed in the fllwing 16-bit; 127: the length is expressed in the fllwing 64-bit. Masking key (32 bit, if present): bit mask t be applied t paylad Prf. Michele Ruta Web Oriented Technlgies and Systems 15 f 20
WebScket API In brwsers that supprt WebScket, the JavaScript interpreter prvides a new template bject, WebScket. Methds: WebScket(url, [prtcls]) cnstructr. Cmmunicatin event handlers nopen, nmessage, nerrr and nclse. clse([cde, reasn]) functin. send functin t transmit HTML / XML, text and binary data. Prf. Michele Ruta Web Oriented Technlgies and Systems 16 f 20
Example (1) WebScket ech client. Prf. Michele Ruta Web Oriented Technlgies and Systems 17 f 20
Example (2) Prf. Michele Ruta Web Oriented Technlgies and Systems 18 f 20
Example (3) Prf. Michele Ruta Web Oriented Technlgies and Systems 19 f 20
Example (4) Prf. Michele Ruta Web Oriented Technlgies and Systems 20 f 20