REST; WebSocket (RFC 6455)

Similar documents

Simple Object Access Protocol (SOAP)

Getting the Most from REST and JSON

Lecture 6 -.NET Remoting

Dynamic Storage (ECS)

Preparing a REST API. Rules of REST APIs, API patterns, Typical CRUD operations

INVENTION DISCLOSURE

To start your custom application development, perform the steps below.

CCNA 1 Chapter v5.1 Answers 100%

Digital Imaging and Communications in Medicine (DICOM) Supplement 204 TLS Security Profiles

Planning, installing, and configuring IBM CMIS for Content Manager OnDemand

These tasks can now be performed by a special program called FTP clients.

VMware AirWatch Certificate Authentication for Cisco IPSec VPN

Developing Java Web Services. Duration: 5 days

Practical Exercises in Computer Networks and Distributed Systems

DICOM Correction Proposal

Single Sign-On (SSO) Release Notes Spring, 2010

JAVA. Java Syllabus. Introduction to Sun Technologies Pre-requirements of Java Development

Network programming 14/01/2013. Introduction. Session objectives. Client/Server working model. Advanced Java Programming Course

EView/400i Management Pack for Systems Center Operations Manager (SCOM)

CNS-222-1I: NetScaler for Apps and Desktops

Ephorus Integration Kit

Quick Start Guide. Basic Concepts. DemoPad Designer - Quick Start Guide

CaseWare Working Papers. Data Store user guide

White Paper. Contact Details

Paraben s Phone Recovery Stick

HARTING MICA Firmware 2.0 Release Notes

cloud services access to everything over the web

2. When logging is used, which severity level indicates that a device is unusable?

Programming Project: Building a Web Server

Cisco Tetration Analytics, Release , Release Notes

Dolby Conference Phone Support Frequently Asked Questions

Stock Affiliate API workflow

CCNA Security v2.0 Chapter 10 Exam Answers

Chapter 2. The OSI Model and TCP/IP Protocol Suite. PDF created with FinePrint pdffactory Pro trial version

Web Services SOAP. Lecture "XML in Communication Systems" Chapter 12

PAY EQUITY HEARINGS TRIBUNAL. Filing Guide. A Guide to Preparing and Filing Forms and Submissions with the Pay Equity Hearings Tribunal

App Center User Experience Guidelines for Apps for Me

THttpServer class. Sergey Linev (GSI)

TLS 1.2 for On-Premises Cisco Collaboration Deployments

Please contact technical support if you have questions about the directory that your organization uses for user management.

Uploading Files with Multiple Loans

KNX integration for Project Designer

Common Language Runtime

Transmission Control Protocol Introduction

Stealing passwords via browser refresh

Xerox WorkCentre 7120/7125 Series User Instructions

Kindle Fire Guide. Requires OverDrive Account/Adobe ID authorization.

Knowledge Exchange (KE) System Cyber Security Plan

UDS Enterprise Configuring UDS Enterprise in HA

Avocent Power Management Distribution Unit (PM PDU) Release Notes Firmware Version April 18, 2011

Getting started. Roles of the Wireless Palette and the Access Point Setup Utilities

ONTARIO LABOUR RELATIONS BOARD. Filing Guide. A Guide to Preparing and Filing Forms and Submissions with the Ontario Labour Relations Board

CNS-220-1I: Citrix NetScaler Essentials and Traffic Management

Developing Microsoft SharePoint Server 2013 Core Solutions

TRAINING GUIDE. Overview of Lucity Spatial

ROCK-POND REPORTING 2.1

Creating Relativity Dynamic Objects

Mapping between DFDL 1.0 Infoset and XML Data Model

IMPORTING INFOSPHERE DATA ARCHITECT MODELS INFORMATION SERVER V8.7

An Introduction to Crescendo s Maestro Application Delivery Platform

Course 10262A: Developing Windows Applications with Microsoft Visual Studio 2010 OVERVIEW

Contents: Module. Objectives. Lesson 1: Lesson 2: appropriately. As benefit of good. with almost any planning. it places on the.

Launching Xacta 360 Marketplace AMI Guide June 2017

MySabre API RELEASE NOTES MYSABRE API VERSION 2.0 (PART OF MYSABRE RELEASE 7.0) OCTOBER 28, 2006 PRODUCTION

Log shipping is a HA option. Log shipping ensures that log backups from Primary are

HTML5 and Digital Signatures. Signature Creation Service 1.1. Nov 22, 2017

MySabre API RELEASE NOTES MYSABRE API VERSION 2.1 (PART OF MYSABRE RELEASE 7.1) DECEMBER 02, 2006 PRODUCTION

NiceLabel LMS. Installation Guide for Single Server Deployment. Rev-1702 NiceLabel

WS-I Usage Scenarios for the WS-I Attachments Profile 1.0

Configure Data Source for Automatic Import from CMDB

Admin Report Kit for Exchange Server

Course 6368A: Programming with the Microsoft.NET Framework Using Microsoft Visual Studio 2008

Getting Started with the Web Designer Suite

Relius Documents ASP Checklist Entry

Spectrum Enterprise SIP Trunking Service Zultys MX Phone System v9.0.4 IP PBX Configuration Guide

CCNA Security v2.0 Chapter 9 Exam Answers

softpanel generic installation and operation instructions for nanobox products

BMC Remedyforce Integration with Remote Support

Date: October User guide. Integration through ONVIF driver. Partner Self-test. Prepared By: Devices & Integrations Team, Milestone Systems

b) The browser is running HTTP version 1.1, as indicated just before the first <cr><lf> pair.

CCNA 1 Chapter v5.1 Answers 100%

Software Defined Networking and OpenFlow. Jeffrey Dalla Tezza and Nate Schloss

Java Programming Course IO

Qlik Sense Mobile February 2018 (version 1.3.1) release notes

DELL EMC VxRAIL vcenter SERVER PLANNING GUIDE

Creating Relativity Dynamic Objects

Enabling Your Personal Web Page on the SacLink

Table of Contents. 1 Introduction Connecting to the API HTTP request syntax API release versions... 4

Telecommunication Protocols Laboratory Course

Enabler Test Specification for SUPL V2.0.2

Enabler Test Specification for SUPL V2.0

HW4 Software version 3. Device Manager and Data Logging LOG-RC Series Data Loggers


PHP / JAVA Summer Training Program 2012

Networks: Communicating and Sharing Resources. Chapter 7: Networks: Communicating and Sharing Resources

CNS-301 Citrix NetScaler 10.5 Advanced Implementation

One reason for controlling access to an object is to defer the full cost of its creation and initialization until we actually need to use it.

AT&T Corporate Voice Mail Unified Messaging (CVM-UM) Quick Start

SOLA and Lifecycle Manager Integration Guide

Transcription:

REST; WebScket (RFC 6455) Web Oriented Technlgies and Systems Prf. Michele Ruta Master s Degree Curse in Cmputer Engineering - (A.Y. 2016/2017)

REST REST = Representatinal State Transfer. Anther architectural paradigm fr Web-based services. Term intrduced in 2000 in the PhD thesis by Ry Fielding (ne f the authrs f the HTTP prtcl). The REST paradigm is brn as an abstractin f sme basic features f HTTP, that made it ppular and useful fr higher-level prtcls and services. RESTful Web services are thse Web-based services that meet the cnstraints f REST paradigm. Prf. Michele Ruta Web Oriented Technlgies and Systems 2 f 20

REST paradigm A distributed applicatin is RESTful if it meets 6 fundamental prperties (cnstraints): Client-server. Stateless. Cacheable (clients can cache server respnses). Layered system: a client can cnnect directly t the server r t an intermediary (which may be designed t increase the scalability r the security). Cde n demand (ptinal requirement): the server may temprarily extend the client capabilities allwing her t btain additinal cde. Unifrm interface: the interface between client and server is simple and unifrm. Prf. Michele Ruta Web Oriented Technlgies and Systems 3 f 20

Is the WWW RESTful? Client-server: yes Stateless: yes Cacheable: yes Layered systems: yes Prxy Cde n demand: yes Client-side scripting, embedded bjects Unifrm interface: yes URI t identify resurces and get their representatin A few simple methds t manipulate resurces (methd = actin, resurce = bject required) HTTP messages are self-descriptive: they specify resurce frmats, the pssibility t cache data, etc. Prf. Michele Ruta Web Oriented Technlgies and Systems 4 f 20

RESTful Web Service There is nt an "fficial" standard fr RESTful Web services. The RESTful Web services are "Web services bradly speaking (they are crss-platfrm, interperable and queried thrugh a public interface), nt in the strict sense (n use f WSDL, SOAP, etc.). Fr RESTful Web service we means a Web API that adheres t the REST paradigm: HTTP is the cmmunicatin prtcl; each resurce is identified by an URI; resurces are represented in interperable frmats (the mst cmmn are: HTML, JSON, XML); methds PUT, GET, POST, DELETE perfrm the fur basic manipulatins f each resurce: create, read, update, delete (CRUD). Prf. Michele Ruta Web Oriented Technlgies and Systems 5 f 20

AJAX limitatins AJAX enables mre interactive Web applicatins: refresh data withut relading the entire page; reduce latency and netwrk traffic. Hwever there are sme limitatins: cmmunicatin is always riginated by a client request; refresh f data nly thrugh plling; it is nt pssible t cver mre advanced scenaris, such as: peer t peer Web-based applicatins; real-time data update. This is because the HTTP cmmunicatin is basically halfduplex. Prf. Michele Ruta Web Oriented Technlgies and Systems 6 f 20

WebScket W3C candidate recmmendatin in 2012. Slutin based n: a cnnectin-riented and full-duplex applicatin prtcl in additin t HTTP; an HTML5 API t use it. It allws t send data in real time t Web applicatins running within a brwser. Prf. Michele Ruta Web Oriented Technlgies and Systems 7 f 20

Frm HTTP t WebScket The prtcl has tw phases: handshake; data transfer. WebScket: explits the same TCP prts f HTTP (80) and HTTPS (443); reuses the infrastructural elements f HTTP: prxy; authenticatin. it has the fllwing URI scheme: ws:// fr unencrypted cnnectins; wss:// fr encrypted cnnectins with TLS. Prf. Michele Ruta Web Oriented Technlgies and Systems 8 f 20

Client side handshake (1) The client side handshake is a regular HTTP request. the request URI is the endpint f the WebScket cnnectin; Cnnectin: Upgrade, requires t mdify the current cnnectin; Upgrade: webscket, specifies the new prtcl; Origin, tells the server which client riginated the request. It is mandatry if the client is a brwser. Prf. Michele Ruta Web Oriented Technlgies and Systems 9 f 20

Client side handshake (2) Other mandatry header fields: Sec-WebScket-Versin: required prtcl versin; the first definitive versin is the 13; Sec-WebScket-Key: 16-byte pseud-randm value, encded in base64; The client in the request can specify several ptins: Sec-WebScket-Prtcl: list f applicatin layer sub-prtcls that the client wants t use. IANA hlds the register f valid names; Sec-WebScket-Extensins: cllectin f WebScket extensins supprted by the client. IANA hlds the register f valid names; Ckie; Authenticatin. Prf. Michele Ruta Web Oriented Technlgies and Systems 10 f 20

Server respnse Structure f the server respnse. In rder that the handshake is cmpleted: the status cde must be 101; Upgrade and Cnnectin header fields must be present; Sec-WebScket-Accept is used t cnfirm acceptance f the request: must be equal t the SHA1 hash f the cncatenatin f the Sec-WebScket-Key value sent by the client with the unique string "258EAFA5-E914-47DA-95CA-C5AB0DC85B11. Optinal header fields: Sec-WebScket-Prtcl, indicates the applicatin sub-prtcl selected by the server frm thse prpsed by the client; Set-Ckie. Prf. Michele Ruta Web Oriented Technlgies and Systems 11 f 20

Data transfer During the data transfer, WebScket prtcl adds the bare minimum t run a TCP scket in the applicatin infrastructure f the WWW: a security mdel fr brwsers based n the rigin f the data: in fact, by nly using HTML and JavaScript, brwsers d nt allw t send requests with header field starting with Sec-. addressing (t supprt multiple hst names n a single IP) and indicatin f the applicatin prtcl (t supprt multiple services n a single prt); a framing mechanism such as TCP, but withut size limits; a tear dwn prcedure that cmplements that f the TCP in the presence f prxies and ther intermediaries. Prf. Michele Ruta Web Oriented Technlgies and Systems 12 f 20

WebScket frame Prf. Michele Ruta Web Oriented Technlgies and Systems 13 f 20

Frame fields (1/2) FIN (1 bit): it is used t clse the cnnectin. RSV1, RSV2, RSV3 (1 bit each): reserved fr extensins. Opcde (4 bit): 0000 cntinuatin; 0001 text frame; 0010 binary frame; 1000 cnfirm cnnectin clsure (and ptinally the paylad may cntain a status cde with the mtivatin); 1001 ping; 1010 ping respnse; ther values are reserved. Prf. Michele Ruta Web Oriented Technlgies and Systems 14 f 20

Frame fields (2/2) Mask (1 bit): it indicates whether the bit masking f the paylad is active. Fr security reasns, all frames sent frm client t server must have this bit set t 1. Paylad length ( 7 bit): frm 0 t 125: paylad length; 126: the length is expressed in the fllwing 16-bit; 127: the length is expressed in the fllwing 64-bit. Masking key (32 bit, if present): bit mask t be applied t paylad Prf. Michele Ruta Web Oriented Technlgies and Systems 15 f 20

WebScket API In brwsers that supprt WebScket, the JavaScript interpreter prvides a new template bject, WebScket. Methds: WebScket(url, [prtcls]) cnstructr. Cmmunicatin event handlers nopen, nmessage, nerrr and nclse. clse([cde, reasn]) functin. send functin t transmit HTML / XML, text and binary data. Prf. Michele Ruta Web Oriented Technlgies and Systems 16 f 20

Example (1) WebScket ech client. Prf. Michele Ruta Web Oriented Technlgies and Systems 17 f 20

Example (2) Prf. Michele Ruta Web Oriented Technlgies and Systems 18 f 20

Example (3) Prf. Michele Ruta Web Oriented Technlgies and Systems 19 f 20

Example (4) Prf. Michele Ruta Web Oriented Technlgies and Systems 20 f 20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback