REST Web Services Objektumorientált szoftvertervezés Object-oriented software design

Similar documents
04 Webservices. Web APIs REST Coulouris. Roy Fielding, Aphrodite, chp.9. Chp 5/6

Web Services Week 10

RESTful Services. Distributed Enabling Platform

INF5750. RESTful Web Services

ReST 2000 Roy Fielding W3C

REST Easy with Infrared360

KTH ROYAL INSTITUTE OF TECHNOLOGY. Remote Invocation. Vladimir Vlassov and Johan Montelius

SOAP Web Services Objektumorientált szoftvertervezés Object-oriented software design. Web services 11/23/2016. Outline. Remote call.

HTTP Console Documentation

HTTP, REST Web Services

REST. Lecture BigData Analytics. Julian M. Kunkel. University of Hamburg / German Climate Computing Center (DKRZ)

RESTful API Design APIs your consumers will love

Understanding RESTful APIs and documenting them with Swagger. Presented by: Tanya Perelmuter Date: 06/18/2018

Information Network Systems The application layer. Stephan Sigg

RESTFUL WEB SERVICES - INTERVIEW QUESTIONS

PS/2 Web Services

Develop Mobile Front Ends Using Mobile Application Framework A - 2

CSCI-1680 WWW Rodrigo Fonseca

Developing RESTful Services Using JAX-RS

INFOH-511 WEB SERVICES. LECTURE 1: Introduction

Protocol Buffers, grpc

Remote Invocation Vladimir Vlassov and Johan Montelius

CSCI-1680 WWW Rodrigo Fonseca

Introduction to HTTP. Jonathan Sillito

RESTCONF Programmable Interface

All requests must be authenticated using the login and password you use to access your account.

HTTP Reading: Section and COS 461: Computer Networks Spring 2013

Module 3 Web Component

How to work with HTTP requests and responses

The HTTP protocol. Fulvio Corno, Dario Bonino. 08/10/09 http 1

Session 12. RESTful Services. Lecture Objectives

02267: Software Development of Web Services

Using OAuth 2.0 to Access ionbiz APIs

Notes beforehand... For more details: See the (online) presentation program.

Composer Help. Web Request Common Block

Copyright 2012, Oracle and/or its affiliates. All rights reserved.

Aim behind client server architecture Characteristics of client and server Types of architectures

Unraveling the Mysteries of J2EE Web Application Communications

Towards a more RESTful world. Anurup Joseph Elegan Consulting

Scalable applications with HTTP

02267: Software Development of Web Services

Data Avenue REST API. Ákos Hajnal, Zoltán Farkas November, 2015

Writing REST APIs with OpenAPI and Swagger Ada

Web Development and HTML. Shan-Hung Wu CS, NTHU

Outline of Lecture 3 Protocols

Developing Applications for the Java EE 7 Platform 9-2

REST A brief introduction

Lesson 14 SOA with REST (Part I)

CHAPTER - 4 REMOTE COMMUNICATION

Produced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar

REST API s in a CA Plex context. API Design and Integration into CA Plex landscape

HTTP Protocol and Server-Side Basics

JSR 311: JAX-RS: The Java API for RESTful Web Services

Other architectures are externally built or expanded

Management Tools. Management Tools. About the Management GUI. About the CLI. This chapter contains the following sections:

Session 8. Reading and Reference. en.wikipedia.org/wiki/list_of_http_headers. en.wikipedia.org/wiki/http_status_codes

Services Web Nabil Abdennadher

REST Services. Zaenal Akbar

Network Programmability with Cisco Application Centric Infrastructure

DatabaseRESTAPI

Apache Wink Developer Guide. Draft Version. (This document is still under construction)

Web-APIs. Examples Consumer Technology Cross-Domain communication Provider Technology

A Comparison of Service-oriented, Resource-oriented, and Object-oriented Architecture Styles

Controller/server communication

COMPUTER NETWORKS AND COMMUNICATION PROTOCOLS. Web Access: HTTP Mehmet KORKMAZ

Oracle RESTful Services A Primer for Database Administrators

2 Apache Wink Building Blocks

Controller/server communication

Coding Intro to APIs and REST

Getting Some REST with webmachine. Kevin A. Smith

Modern web applications and web sites are not "islands". They need to communicate with each other and share information.

WS-* Standards. Szolgáltatásorientált rendszerintegráció Service-Oriented System Integration. Dr. Balázs Simon BME, IIT

Life on the Web is fast and furious should we be more RESTful?

Computer Networks. Wenzhong Li. Nanjing University

Assignment, part 2. Statement and concepts INFO-0010

Databases and Internet Applications

Introduc)on to Computer Networks

Creating Web Services using IBM Rational HATS For IBM i (5250)

Postman User Guide. Document Reference: July Version: 2

Designing RESTful Web Applications. Ben Ramsey

Application Level Protocols

Lecture Notes course Software Development of Web Services

HTTP, circa HTTP protocol. GET /foo/bar.html HTTP/1.1. Sviluppo App Web 2015/ Intro 3/3/2016. Marco Tarini, Uninsubria 1

Migrating traditional Java EE applications to mobile

Troubleshooting Guide: SAP NetWeaver Gateway

Black Box DCX3000 / DCX1000 Using the API

Introduction to RESTful Web Services. Presented by Steve Ives

EDA095 HTTP. Pierre Nugues. March 30, Lund University

Mobile Computing. Logic and data sharing. REST style for web services. Operation verbs. RESTful Services

REST in a Nutshell: A Mini Guide for Python Developers

Developing RESTful Web services with JAX-RS. Sabyasachi Ghosh, Senior Application Engneer Oracle

Distribution and web services

Data Access and Analysis with Distributed, Federated Data Servers in climateprediction.net

World Wide Web, etc.

HTTP Security. CSC 482/582: Computer Security Slide #1

Agent-Enabling Transformation of E-Commerce Portals with Web Services

Best Practices for developing REST API using PHP

WEB TECHNOLOGIES CHAPTER 1

MTAT Enterprise System Integration. Lecture 2: Middleware & Web Services

RESTful Network API for Notification Channel

Transcription:

REST Web Services Objektumorientált szoftvertervezés Object-oriented software design Dr. Balázs Simon BME, IIT Outline HTTP REST REST principles Criticism of REST CRUD operations with REST RPC operations with REST Dr. Balázs Simon, BME, IIT 2 Remote call Remote communication technologies: Remote Method Invocation (RMI): binary, only within the same framework (Java /.NET) SOAP web services: XML, even between different frameworks and languages Java: Java API for XML-based web services (JAX-WS).NET: Windows Communication Foundation (WCF) REST services: XML, JSON, etc., even between different frameworks and languages Java: Java API for RESTful Web Services (JAX-RS).NET: Windows Communication Foundation (WCF) REST programming Client memory space API Client object Server memory space REST framework Adapter REST programming API REST framework Server interface Proxy Server interface Server implementation Serialization/ Deserialization Network Serialization/ Deserialization DB Dr. Balázs Simon, BME, IIT REST (HTTP) 3 1

HTTP Dr. Balázs Simon, BME, IIT 4 HTTP GET Request: GET /index.html HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 Connection: keep-alive Response: HTTP status code HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Content-Encoding: gzip Server: gws Content-Length: 10200 <!doctype html><html><head> Dr. Balázs Simon, BME, IIT 5 HTTP GET: http://www.abc.com/login?user=xy&pass=123 HTTP Method Local URL Version GET /login?user=xy&pass=123 HTTP/1.1 Host: www.abc.com User-Agent: Mozilla/5.0 Connection: keep-alive Headers+ Empty line Host name Query params Dr. Balázs Simon, BME, IIT 6 2

HTTP POST: http://www.abc.com/login HTTP Method Local URL Version POST /login HTTP/1.1 Host: www.abc.com User-Agent: Mozilla/5.0 Content-Type: application/x-www-form-urlencoded Content-Length: 16 user=xy&pass=123 Headers+ Empty line Host name HTTP Body: Post parameters Dr. Balázs Simon, BME, IIT 7 REST Dr. Balázs Simon, BME, IIT 8 REST REpresentational State Transfer RESTful HTTP HTTP protocol extension GET, POST, PUT, DELETE Input parameters: URL part URL query string POST parameter HTTP body Result: HTTP body Very simple: testable by browser Dr. Balázs Simon, BME, IIT 9 3

GET examples GET /api/movies returns all movies GET /api/movies/12 returns the movie with identifier 12 GET /api/movies/12/actors returns the list of actors for the movie with identifier 12 GET /api/movies?orderby=title returns all movies sorted by their titles Dr. Balázs Simon, BME, IIT 10 GET GET is for reading, retrieving resources Must not modify any resources! HTTP specification for GET Input parameters: usually in the URL or in query parameter identifiers, paging, filtering and sorting criteria HTTP body is usually empty Output: in the HTTP body, usually XML or JSON success: 200 (OK) error: 404 (Not found) or 400 (Bad request) Dr. Balázs Simon, BME, IIT 11 POST examples POST /api/movies creates a new movie the content of the movie is passed in the HTTP body: { } "title": "Batman Begins", "year": 2005, "director": "Cristopher Nolan" Dr. Balázs Simon, BME, IIT 12 4

POST POST is for creating new resources usually for creating a new item under an existing resource item Care must be taken when resending POST requests HTTP specification (e.g. credit card transaction) the server creates the resource whenever a POST request is made multiple identical POST requests may result in more than one resources with the same content Input: URL: location of the parent resource HTTP body: the content of the child resource to be created Output: usually the identifier or location (Location HTTP header) of the resource created success: 201 (Created) error: 404 (Not found) or 409 (Conflict) Dr. Balázs Simon, BME, IIT 13 PUT examples PUT /api/movies/12 updates the movie with identifier 12 or creates a new movie if it does not exist the content of the movie is passed in the HTTP body: { } "title": "Batman Begins", "year": 2005, "director": "Cristopher Nolan" Dr. Balázs Simon, BME, IIT 14 PUT PUT is for updating a resource or creating a new one if it did not exist Input: URL of the resource to be updated the URL contains the identifier of the resource this will be the identifier on creation so no multiple resources are created when repeating the PUT operation HTTP body: the new content of the resource Output: HTTP body may be empty no identifier or location is necessary success: 204 (No content), 201 (Created), 200 (OK) error: 404 (Not found) Dr. Balázs Simon, BME, IIT 15 5

DELETE examples DELETE /api/movies/12 deletes the movie with identifier 12 DELETE /api/movies/12/actors/65 deletes the actor 65 from the movie 12 Dr. Balázs Simon, BME, IIT 16 DELETE DELETE is for deleting a resource Input: URL of the resource to be deleted the URL contains the identifier of the resource HTTP body is usually empty Output: either an empty HTTP body or the content of the deleted resource careful with this: it may be very large success: 204 (No content) or 200 (OK) error: 404 (Not found) Dr. Balázs Simon, BME, IIT 17 REST parameter passing Dr. Balázs Simon, BME, IIT 18 6

Input parameters Query parameter: http:// /calculator/add?left=3.0&right=5.0 Path parameter: http:// /calculator/add/3.0/5.0 Matrix parameter: http:// /calculator/add;left=3.0;right=5.0 POST parameter: http:// /calculator/add like the query parameter but inside the HTTP body HTTP body: a serialized resource (e.g. in XML or JSON) Expected result data format: HTTP Accept header for XML: application/xml for JSON: application/json Dr. Balázs Simon, BME, IIT 19 Output result In HTTP body Actual data format: HTTP Content-Type header or if the server could not support the requested data format: HTTP 406 (Not acceptable) Usual data formats: XML JSON Dr. Balázs Simon, BME, IIT 20 Interface description No standard and widely supported interface descriptor Possible interface descriptors: Swagger WADL WSDL 2.0 HTML for humans... Dr. Balázs Simon, BME, IIT 21 7

XML result curl -v -X GET -H"Accept: application/xml" http://localhost:8080/restapp1/resources/person/getpb > GET /RestApp1/resources/person/getpb HTTP/1.1 > User-Agent: curl/7.20.1 (i686-pc-cygwin) > Host: localhost:8080 > Accept: application/xml > < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 < Server: GlassFish Server Open Source Edition 3.0.1 < Content-Type: application/xml < Content-Length: 227 < Date: Sun, 13 Mar 2011 12:21:17 GMT < <?xml version="1.0" encoding="utf-8" standalone="yes"?> <person><name>peter Bishop</name><age>27</age> <friends><name>olivia Dunham</name><age>26</age></friends> <friends><name>bolivia Dunham</name><age>26</age></friends> </person> Dr. Balázs Simon, BME, IIT 22 JSON result curl -v -X GET -H"Accept: application/json" http://localhost:8080/restapp1/resources/person/getpb > GET /RestApp1/resources/person/getpb HTTP/1.1 > User-Agent: curl/7.20.1 (i686-pc-cygwin) > Host: localhost:8080 > Accept: application/json > < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 < Server: GlassFish Server Open Source Edition 3.0.1 < Content-Type: application/json < Transfer-Encoding: chunked < Date: Sun, 13 Mar 2011 12:21:19 GMT < {"name":"peter Bishop","age":"27", "friends":[{"name":"olivia Dunham","age":"26"}, {"name":"bolivia Dunham","age":"26"}]} Dr. Balázs Simon, BME, IIT 23 REST principles Dr. Balázs Simon, BME, IIT 24 8

REST principles Identifying resources Linking things CRUD operations Multiple data representation Stateless communication Dr. Balázs Simon, BME, IIT 25 Identifying resources URI: Universal Resource Identifier base of resource identification (URN, URL) URN: Universal Resource Name URI that does not contain location information e.g. urn:isbn:0307346617 pro: valid forever con: contain no information on their resolution URL: Universal Resource Locator URI that contains location information con: may not be valid forever, especially if they contain technology-specific parts, e.g. http://someserver.com/actionservlet?blah=blah but they can be used correctly, e.g. http://company1.com/customer/123456 Dr. Balázs Simon, BME, IIT 26 Identifying resources Use URLs! unique identifier for the resource easy to resolve due to the location information should be independent of the underlying technology Examples for resources: documents (blogs, news, etc.) data (calculation result, metadata, etc.) services (SOAP web service, REST, etc.) concepts (people, organizations, etc.) Dr. Balázs Simon, BME, IIT 27 9

Linking things URLs must be chosen carefully Has a lot of advantages: easy to forward resource behind it can be accessed later analogy: C++ pointers more secure: easier to configure access rights to the resource Dr. Balázs Simon, BME, IIT 28 Processing URLs URL seems hierarchic Client: should not process the contents of an URL should only use it as a reference like browsers the structure of the URL may change by time Hence, no need for interface description The four basic operations are enough for handling resources: GET, POST, PUT, DELETE Dr. Balázs Simon, BME, IIT 29 Standard operations on resources CRUD: create, read, update, delete Properties (from the HTTP specification): safe: the client only retrieves data, it is not responsible for side effects idempotent: repeating the same operation results in the same state Repeating different idempotent operations may result in different results e.g. read-delete-read Repeating operations without side effects has the same results Dr. Balázs Simon, BME, IIT 30 10

Standard operations CRUD safe idempotent cacheable GET read yes yes yes POST create no no no PUT update/ create no yes no DELETE delete no yes no POST: the servers assigns the identifier PUT: the client assigns the identifier Dr. Balázs Simon, BME, IIT 31 Multiple data representation HTML: only for humans structure may often change computers require more formal representation (e.g. XML, JSON) The client should be able to choose between the representations A possible but bad solution: http://company1.com/2009/report.html http://company1.com/2009/report.xml http://company1.com/2009/report.xls Correct solution: Accept HTTP header, e.g. GET /2009/report HTTP/1.1 Host: company1.com Accept: application/xml If the server does not support it, it may send: HTTP 406 Error Dr. Balázs Simon, BME, IIT 32 Stateless communication REST is stateless But the application may have a state: stored in a resource (not in memory) stored on the client side (always sent to the server) Advantage: scalability: no session required on the server side different server instances may serve the same client with serial requests server instances can be stopped and restarted Dr. Balázs Simon, BME, IIT 33 11

Criticism of REST Dr. Balázs Simon, BME, IIT 34 REST criticism Only usable for CRUD operations No interface description Reveals too many internal details Lack of design guidelines Lack of middleware functions No publish-subscribe and asynchronous communication Dr. Balázs Simon, BME, IIT 35 Only usable for CRUD operations It can be used for RPC operations, e.g.: http://example.com/sum?a=2&b=3 But this is cheating: the URI must uniquely identify the resource No cheating: the resource is the sum of two and three Question: which HTTP method to use? GET is sufficient: cacheable, no side effect, safe, idempotent But: usually we need side effects. Which HTTP method to use in this case? POST the server can respond with a URI pointing to the result the result can be retrieved by a redirect, it is reusable, cacheable Dr. Balázs Simon, BME, IIT 36 12

No interface description Interface description: describes the operation and their parameters no semantics used for: generating client proxy and server skeleton REST: only 4 operations data: usually in XML (can be checked by XSD), or in JSON Recommended solution: textual description about the semantics of the operations e.g. description in HTML for a GET There are formal descriptors: Swagger WADL: Web Application Description Language WSDL 2.0 but they are not widely supported (e.g..net does not support them) Dr. Balázs Simon, BME, IIT 37 Reveals too many internal details Other operations besides CRUD these can be as complex as a SOAP or RPC call REST does not mean that the inner representation must be published REST is data centric instead of operation centric Rule: publish the resources through a URI they can be protected easier Dr. Balázs Simon, BME, IIT 38 Lack of design guidelines No official best-practices No standard solution for the usual tasks No recommendation for transforming existing services to REST No recommendation for the URI format These critics are true, but practice and common sense help Dr. Balázs Simon, BME, IIT 39 13

Lack of middleware functions No transactions: true No security: message-level security: true point-to-point security: there is HTTPS but: don t pass parameters in the URL No reliable messaging we cannot be sure whether the operation succeeded if HTTP 200 OK: we know it s a success if no answer: we can t be sure but: idempotent operations (GET, PUT, DELETE) can be resent we have to be careful with POST Dr. Balázs Simon, BME, IIT 40 No publish-subscribe and asynchronous communication REST: client-server model Publish-subscribe: RSS is a possible solution GET operation, can be cached but: the client is the initiator notification-by-polling Asynchronous operations: if the server has to perform a long task solution: reply with HTTP 202 Accepted responses: the server can return the URI of the result, the client can poll at this URI the client passes a URI to the server, the server can send the result here Dr. Balázs Simon, BME, IIT 41 CRUD operations with REST Dr. Balázs Simon, BME, IIT 42 14

CRUD operations POST: creating a new resource (create) GET: retrieving resources (read) PUT: updating a resource (update) PATCH: partially updating a resource but PATCH is not widely supported DELETE: deleting a resource (delete) Dr. Balázs Simon, BME, IIT 43 Resource types Collection (~ database table) a collection of instances e.g. /api/movies, /api/movies/12/actors Instance (~ database record) a single entity with attributes and values selected from a collection by its identifier e.g. /api/movies/12, /api/movies/12/actors/53 Dr. Balázs Simon, BME, IIT 44 GET: read GET /api/movies returns all the movies GET /api/movies/12 returns the movie with identifier 12 Dr. Balázs Simon, BME, IIT 45 15

DELETE: delete DELETE /api/movies/12 deletes the movie with identifier 12 DELETE /api/movies deletes all movies often not intended: do not use it! Dr. Balázs Simon, BME, IIT 46 PUT: full update or create PUT /api/movies/12 updates the movie with identifier 12 full update: the resource will be completely replaced question: how to make partial updates? PATCH method? it is not widely supported... or creates a movie with identifier 12 if it does not exists Dr. Balázs Simon, BME, IIT 47 POST: create or partial update POST /api/movies creates a new movie identifier is assigned by the server the identifier or the new resource should be returned POST /api/movies/12 invalid for creation: the server should assign the identifier but it can be used for partial update: only the fields sent in the request will be updated the updated resource should be returned Dr. Balázs Simon, BME, IIT 48 16

RPC operations with REST Dr. Balázs Simon, BME, IIT 49 RPC with REST REST is not designed for RPC REST is for handling resources But: REST can be used for RPC Request: always POST other HTTP methods are not used wrapper message in the HTTP body for the operations of the service root name: the name of the operation children of the root: parameters of the operation other parameter passing methods are not used Response: wrapper message containing the single return result Like SOAP document/wrapped but without the SOAP envelope Interface description: interface must be documented provide XSD for the clients Dr. Balázs Simon, BME, IIT 50 RPC service example struct Complex { double Re; double Im; } interface Calculator { Complex Add(Complex left, Complex right); Complex Subtract(Complex left, Complex right); Complex Multiply(Complex left, Complex right); Complex Divide(Complex left, Complex right); } Dr. Balázs Simon, BME, IIT 51 17

REST request example Recommended: POST /api/calculator/add POST /api/calculator/subtract etc. HTTP body: <Add> <left> <Re>4.5</Re> <Im>3.1</Im> </left> <right> <Re>7.2</Re> <Im>9.3</Im> </right> </Add> { "left": { "Re": "4.5", "Im": "3.1" }, "right": { "Re": "7.2", "Im": "9.3" } } Dr. Balázs Simon, BME, IIT 52 REST response example HTTP body: <AddResponse> <AddResult> <Re>11.7</Re> <Im>12.4</Im> </AddResult> </AddResponse> { "AddResult": { "Re": "11.7", "Im": "12.4" } } Dr. Balázs Simon, BME, IIT 53 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback