Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Real-World RESTful Service Development Problems and Solutions Masoud Kalali, Software.

Published byShauna Morton Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Real-World RESTful Service Development Problems and Solutions Masoud Kalali, Software."— Presentation transcript:

1

2 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Real-World RESTful Service Development Problems and Solutions Masoud Kalali, Software Engineer at ORACLE, @MasoudKalali

3 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

4 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Program Agenda Introduction Basics of RESTful services and Java What to consider when designing resources A little bit of security Performance matters! More common patterns 1 2 3 4 5 6

5 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Speaker Masoud Kalali Software engineer, author, blogger… Listens to high definition Audio (you got what I mean) @MasoudKalali

6 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Basics of RESTful services and Java REST Basics Resource Design Response Desing

7 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | REST Basics The idea Unified predictable interface Maturity of the underlying protocols The ease of use Vast and expanding adoption Age of Apps What is REST?

8 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Resource Design patterns Resources – names – path formation Verbs – Idempotency – Safety, Cache-ability How to design the resources? GET http://cdom.com/api/v1/customers/1 GET http://cdom.com/api/v1/customers/1/orders/1 Not Good: GET http://cdom.com/api/v1/customers/1?delete=truehttp://cdom.com/api/v1/customers/1?delete=true POST http://cdom.com/api/v1/customers/1?delete=truehttp://cdom.com/api/v1/customers/1

9 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | HTTP verbs: Idempotency and safety VerbIdeompotencySafetyCachedData/URI length limit GET ✔✔✔ 2048 Characters PUT ✔✗✗ No Limit POST ✗✗✗ No Limit DELETE ✔✗✗ Depends* PATCH** ✗✗✗ No Limit How to design the resources? * Some older HTTP servers, proxies may reject a DELETE request which carry payload. ** Not supported by all hops

10 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Request/Response patterns Response status codes – There are more than 200, 404 and 500! Unified response style – Predictability of response body – Application specific error code – Human readable message – cause/solution How should a resource respond to a request? < HTTP/1.1 400 Bad Request < Content-Type: application/json < Date: Thu, 25 Sep 2014 05:59:06 GMT < Transfer-Encoding: chunked … { "status": "Can not complete", "details": { "message": "The provided SID [###] is invalid.", "code": "###-010" }

11 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Request and Response…. Content Negotiation Resource Versioning Validation Exception Handling

12 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Content Negotiation Produce multiple types of response – JSON – XML – HTML Produce multiple semantically different response – Based on user agent – Based on custom/domain oriented media types – Base on both Flexible response types

13 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Content Negotiation On the server side – @Produce Should have matching media-type with request accept header Non matching results in 406 - Not Acceptable – @Consume Should have matching media-type with request content-type header Non matching results in 415 - Unsupported Media Type On the client side – Set correct content-type – Set expected accept header JAX-RS and flexible response types

14 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Resource Versioning Request and or response evolves to be incompatible Business semantic evolves to become incompatible Version added to resource (URI) – Client is locked to the version Problems like linked resource address stored in client side… Version is negotiated as part of the request – Serve code need to handle all supported previous versions No version, the big bang migration – Too costly for clients – Too hard to coordinate How to evolve a resource?

15 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Validation Validation goes with versioning and content negotiation Unified validation patterns across the codebase – Codified response format – Unified response body Use annotations and standard validation as much as possible – Supports common media-types – Unified with custom coding/template being added Validation before action!

16 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Exception Handling Please don’t send back stack trace – Use an ExceptionMapper as Provider as last line of cleanup! – Unless in development environment (with some considerations) Codify all failures and include cause/action in the response – Use right http status code – Add application level code for codifying issues – Add human understandable message Traceability – ECDI to track one request throughout the system – Unified logging There are always unforeseen corner cases!

17 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | A little bit of security Authentication Access control Auditing

18 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Authentication Authentication enabled for all resources Happens before any other validation Exclude the resource patterns that requires no authentication No access without validating the authentication token Know who is requesting a resource

19 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Access control Happens after detecting a valid authentication Requests are easy to check – Unless column level checks are required, can be done in simple filter – Column level access control can be done using media types Happens before any validation – unless params are being used as part of the access check Check who can access a resource

20 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Auditing/ Access logs Keep a rich access log – Depending on the server you use Include the usual who, when, what Try using W3C Extended Log File Format if supported by server Configure security realm for logging Think ahead about incident detection/isolation, etc. Keep record of security incidents!

21 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Performance matters! Caching Partial Updates & HTTP PATCH Asynchronous And long running jobs in REST

22 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Caching Local Cache Proxy Cache reverse-proxy (cache) Server(Application) Level Cache Being stingy with the resource usage is OK!

23 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Caching Use HTTP caching features Client aware of provided caching support Server evaluate caching related headers intermediately hops Types of Caching Headers – Absolute Caching Headers – Conditional Caching Headers Application Level Cache

24 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Caching From Server side: – Cache-Control and directives – Last-Modified Absolute Caching HTTP/1.1 200 OK Content-Type: application/json Cache-Control: private, max-age=86400 Last-Modified: Thur, 01 Apr 2014 11:30 PST private public no-cache no-store max-age (overrides Expires) Cache Control Directives

25 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Caching From client side send headers: – If-None-Match = "If-None-Match" ":" ( "*" | 1#entity-tag ) – If-Modified-Since = "If-Modified-Since" ":" HTTP-date At the server side produce headers: – Etag, when last-modified is hard to determine Conditional Caching HTTP/1.1 200 OK Content-Type: application/json Etag: "8b329b598fcdad4fd33432e78128da48f72198829640882”

26 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | @GET @Consumes({JSON_TYPE}) @Produces({JSON_TYPE, MediaType.APPLICATION_JSON, MediaType.TEXT_PLAIN}) @Path("simple") public Response myGetter(@PathParam("simple") int id, @Context Request request) { Simple simple = new Simple(id,"John", "Due", new Date()); if (request.evaluatePreconditions(simple.getLastModified()) == null) { CacheControl cacheControl = new CacheControl(); cacheControl.setMaxAge(3600); cacheControl.setPrivate(true); Response.ResponseBuilder responseBuilder = Response.ok(simple); responseBuilder.cacheControl(cacheControl).lastModified(simple.getLastModified()); EntityTag entityTag = new EntityTag(getEtagFor(simple), false); return responseBuilder.tag(entityTag).build(); } return Response.notModified().build(); } curl -v -X GET -H "Content-Type:application/json" -H "Accept:application/json" -H "If-Modified-Since:Mon, 08 Sep 2014 15:08:27 GMT" http://.../simple/1

27 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Caching Can be used for conflict resolution Cache on GET request Invalidate cache on PUT, POST or DELETE Periodically purge cache entries Cache invalidation, eviction is not deterministic Give http://www.jboss.org/resteasy a tryhttp://www.jboss.org/resteasy – Provides @Cache and @NoCache – Extension to JAX-RS More on Caching

28 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Partial Updates & HTTP PATCH Partial Updates with PUT Partial Updates with POST Partial updates with PATCH JSON Patch is the future Only update what needs to be updated!

29 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Partial Updates & HTTP PATCH Partially update a JSON document Works with HTTP PATCH Requires special body syntax and directives JavaScript Object Notation (JSON) Patch, RFC 6902 PATCH /coffee/orders/1234 HTTP/1.1 Host: api.foo.com Content-Length: 100 Content-Type: application/json-patch [ {“op”:"replace", ”path”: "/status", "value": "COMPLETED"} ]

30 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Partial Updates & HTTP PATCH Supports six operations in the payload – op : can be “add”, “replace”, “move”, “remove”, “copy” or “test” Another three attributes to describe the op – path: Location of the target attribute in the JSON document – value: The new value to be added or to replace another – from: (Only for move op) specifies the source location JavaScript Object Notation (JSON) Patch, RFC 6902

31 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Asynchronous And long running jobs in REST On the serverside: – @Asynchronous: Annotate a sub-resource as Asynchronous – AsyncResponse: Provides results an actions on the running request setting timeout registering callbacks resume, cancel suspended request processing updating the response – @Suspended: To inject a suspended AsyncResponse into a sub-resource parameter Don’t keep unnecessary resources for where not needed!

32 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Asynchronous And long running jobs in REST On the serverside: – CompletionCallback: Async response processing completion callback Response processing completed and sent to client Response processing failed with exception – ConnectionCallback: Client server connection events callback Client is disconnected abruptly (before or during writing back the response) Server side callbacks

33 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Asynchronous And long running jobs in REST @GET @Produce(“application/json”) @Asynchronous public void getOrder(@Suspended AsyncResponse ar, String orderId) { final String result = prepareResponse(orderId); ar.resume(result) } Some small sample code Future future = client.target(“/coffees/orderId").request().async().get(Coffee.class); try { Coffee coffee = future.get(30, TimeUnit.SECONDS); } catch (TimeoutException ex) { // } Client Code: Server Code: ** Alternative to Future is using InvocationCallback to get called when response is back

34 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Asynchronous And long running jobs in REST Send 202 where response is not ready with Location header – Intelligent enough client can query the resource location with the given Retry-After header – Beware of transactional multi step long running tasks Use message queues to process tasks in background Don’t keep unnecessary resources for where not needed!

35 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Few more topics Response Paginating Usage Throttling REST and plug-ability and extensibility

36 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Response Paginating Offset based pagination – Page and limit Cursor based pagination – A pointer to the next and previous set – Possible use of HATEOAS Time based pagination – Since and to for indicating a time based query Paginate the record sets when possible

37 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Response Paginating Patterns Include defaults incase client does not specify page number and number of results per page Include meta data in response so client knows what is the next set of results to navigate to Paginate the record sets when possible

38 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Throttling Patterns Why use Rate Limiting? – Prevent and handle abuse – Provide better support for premium users How Rate Limiting works? – Servlet filter sits in front – User user tokens or IP addresses as identifiers – Use in-memory cache for book keeping – Prevents requests reaching endpoints when limit reached – Reset update cached counters when needed Keep tap on how many request one user can send!

39 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Throttling Patterns Response status, headers – HTTP 429 Too Many Requests error code – Retry-After header – X-RateLimit-Limit: ### – X-RateLimit-Remaining: ### – X-RateLimit-Reset: EPOCH_SECONDS Descriptive response in the requested media type Headers and response

40 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Throttling Patterns Client side – Use caching – keep tap on number of requests – Pay attention to headers – No brainless loops (polling) Server side – Support caching (etags and max-age) – provide streaming endpoints when possible (feeds, news, public data) Best practices

41 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | REST and plug-ability and extensibility Micro services vs Monolithic services Advantages – Simplicity – Isolation of problems – Scale up and Scale down – Easy deployment – Clear Separation of concerns Micro services design pattern!

42 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | REST extensibility Uniform interface constraint Standard HTTP methods Well defined representations of resources Easy to use by myriad of clients from web, to mobile clients to other applications Improves scalability, visibility and reliability How is REST extensbile?

43 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | WebHooks User defined custom HTTP callbacks Event producer sends event to the endpoint provided by client Github WebHooks RESTful services brethren!

44 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Comments, Questions?

45 Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | RESTful Services Patterns and best practices By Bhakti Mehta, http://www.amazon.com/RESTful-Java-Patterns-Best-Practices/dp/1783287969/ http://www.amazon.com/RESTful-Java-Patterns-Best-Practices/dp/1783287969/ http://tools.ietf.org/html/rfc6902 http://tools.ietf.org/html/rfc6901 http://resteasy.jboss.org/ https://jersey.java.net/documentation/latest/ http://tools.ietf.org/html/rfc6585 http://tools.ietf.org/html/rfc5789 CCL photos used in slides: https://www.flickr.com/photos/treehouse1977/2892417805/ https://www.flickr.com/photos/essjay/165928100/ https://www.flickr.com/photos/jforth/4413370462/ https://www.flickr.com/photos/sakalak/8737872379/ https://www.flickr.com/photos/jbparrott/8980026600 https://www.flickr.com/photos/pentadact/36593493/ https://www.flickr.com/photos/jasohill/4442279347/ https://www.flickr.com/photos/mdsharpe/5075953655 https://www.flickr.com/photos/chuqvr/8329512894/ https://www.flickr.com/photos/longo/2684733921 https://www.flickr.com/photos/_davor/14757399908 Resources

46

Download ppt "Copyright © 2014, Oracle and/or its affiliates. All rights reserved. | Real-World RESTful Service Development Problems and Solutions Masoud Kalali, Software."

Similar presentations

Chapter 6 Server-side Programming: Java Servlets

Chapter 6 Server-side Programming: Java Servlets
Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.

Hypertext Transfer PROTOCOL ----HTTP Sen Wang CSE5232 Network Programming.
SOAP.

SOAP.
1 Caching in HTTP Representation and Management of Data on the Internet.

1 Caching in HTTP Representation and Management of Data on the Internet.
HTTP – HyperText Transfer Protocol

HTTP – HyperText Transfer Protocol
Hypertext Transfer Protocol Kyle Roth Mark Hoover.

Hypertext Transfer Protocol Kyle Roth Mark Hoover.
HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.

HTTP Hypertext Transfer Protocol. HTTP messages HTTP is the language that web clients and web servers use to talk to each other –HTTP is largely “under.
How the web works: HTTP and CGI explained

How the web works: HTTP and CGI explained
What’s a Web Cache? Why do people use them? Web cache location Web cache purpose There are two main reasons that Web cache are used:  to reduce latency.

What’s a Web Cache? Why do people use them? Web cache location Web cache purpose There are two main reasons that Web cache are used:  to reduce latency.
1 The HyperText Transfer Protocol: HTTP Nick Smith Stuart Alley Tara Tjaden.

1 The HyperText Transfer Protocol: HTTP Nick Smith Stuart Alley Tara Tjaden.
Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Title Slide without Picture Subtitle Presenter’s Name Presenter’s Title Organization,

Copyright © 2015, Oracle and/or its affiliates. All rights reserved. | Title Slide without Picture Subtitle Presenter’s Name Presenter’s Title Organization,
2005 1 HTTP HyperText Transfer Protocol Part 3.

HTTP HyperText Transfer Protocol Part 3.
HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.

HTTP Overview Vijayan Sugumaran School of Business Administration Oakland University.
2/9/2004 Web and HTTP February 9, 2004. 2/9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.

2/9/2004 Web and HTTP February 9, /9/2004 Assignments Due – Reading and Warmup Work on Message of the Day.
Hypertext Transport Protocol CS - 328 Dick Steflik.

Hypertext Transport Protocol CS Dick Steflik.
Nikolay Kostov Telerik Corporation www.telerik.com.

Nikolay Kostov Telerik Corporation
 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.

 What is it ? What is it ?  URI,URN,URL URI,URN,URL  HTTP – methods HTTP – methods  HTTP Request Packets HTTP Request Packets  HTTP Request Headers.
CS 415 N-Tier Application Development By Umair Ashraf July 6,2013 National University of Computer and Emerging Sciences Lecture # 9 Introduction to Web.

CS 415 N-Tier Application Development By Umair Ashraf July 6,2013 National University of Computer and Emerging Sciences Lecture # 9 Introduction to Web.
Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.

Form Handling, Validation and Functions. Form Handling Forms are a graphical user interfaces (GUIs) that enables the interaction between users and servers.
Simple Web Services. Internet Basics The Internet is based on a communication protocol named TCP (Transmission Control Protocol) TCP allows programs running.

Simple Web Services. Internet Basics The Internet is based on a communication protocol named TCP (Transmission Control Protocol) TCP allows programs running.

Similar presentations

Ads by Google