book

RESTful Java Web Services, Second Edition

Name: RESTful Java Web Services, Second Edition
Author: Jobinesh Purushothaman
ISBN: 9781784399092

by Jobinesh Purushothaman

September 2015

Intermediate to advanced

354 pages

8h 27m

English

Packt Publishing

Read now

Unlock full access

RESTful Java Web Services Second Edition
Table of Contents
RESTful Java Web Services Second Edition
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holders
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Introducing the REST Architectural Style
The REST architectural style
Introducing HTTP
HTTP versionsUnderstanding the HTTP request-response modelUniform resource identifierUnderstanding the HTTP request methodsRepresenting content types using HTTP header fieldsHTTP status codesThe evolution of RESTful web services
The core architectural elements of a RESTful system
ResourcesURIThe representation of resourcesGeneric interaction semantics for REST resourcesThe HTTP GET methodThe HTTP POST methodThe HTTP PUT methodThe HTTP DELETE methodHypermedia as the Engine of Application State
Description and discovery of RESTful web services
Java tools and frameworks for building RESTful web services
Summary
2. Java APIs for JSON Processing
A brief overview of JSONUnderstanding the JSON data syntaxBasic data types available with JSONA sample JSON file representing employee objects
Processing JSON data
Using JSR 353 – Java API for processing JSON
Processing JSON with JSR 353 object model APIsGenerating the object model from the JSON representationGenerating the JSON representation from the object modelProcessing JSON with JSR 353 streaming APIsUsing streaming APIs to parse JSON dataUsing streaming APIs to generate JSON
Using the Jackson API for processing JSON
Processing JSON with Jackson tree model APIsUsing Jackson tree model APIs to query and update dataProcessing JSON with Jackson data binding APIsSimple Jackson data binding with generalized objectsFull Jackson data binding with specialized objectsProcessing JSON with Jackson streaming APIsUsing Jackson streaming APIs to parse JSON dataUsing Jackson streaming APIs to generate JSON
Using the Gson API for processing JSON
Processing JSON with object model APIs in GsonGenerating the object model from the JSON representationGenerating the parameterized Java collection from the JSON representationGenerating the JSON representation from the object modelProcessing JSON with Gson streaming APIsReading JSON data with Gson streaming APIsWriting JSON data with Gson streaming APIs
Summary
3. Introducing the JAX-RS API
An overview of JAX-RS
JAX-RS annotations
Specifying the dependency of the JAX-RS APIUsing JAX-RS annotations to build RESTful web servicesAnnotations for defining a RESTful resource@PathSpecifying the @Path annotation on a resource classSpecifying the @Path annotation on a resource class methodSpecifying variables in the URI path templateRestricting values for path variables with regular expressionsAnnotations for specifying request-response media types@Produces@ConsumesAnnotations for processing HTTP request methods@GET@PUT@POST@DELETE@HEAD@OPTIONSAnnotations for accessing request parameters@PathParam@QueryParam@MatrixParam@HeaderParam@CookieParam@FormParam@DefaultValue@Context@BeanParam@Encoded
Returning additional metadata with responses
Understanding data binding rules in JAX-RS
Mapping the path variable with Java typesMapping the request and response entity body with Java typesUsing JAXB to manage the mapping of the request and response entity body to Java objects
Building your first RESTful web service with JAX-RS
Setting up the environmentBuilding a simple RESTful web service application using NetBeans IDEAdding CRUD operations on the REST resource class
Client APIs for accessing RESTful web services
Specifying a dependency of the JAX-RS client APICalling REST APIs using the JAX-RS clientSimplified client APIs for accessing REST APIs
Summary
4. Advanced Features in the JAX-RS API
Understanding subresources and subresource locators in JAX-RSSubresources in JAX-RSSubresource locators in JAX-RS
Exception handling in JAX-RS
Reporting errors using ResponseBuilderReporting errors using WebApplicationException
Reporting errors using application exceptions
Mapping exceptions to a response message using ExceptionMapper
Introducing validations in JAX-RS applications
A brief introduction to Bean ValidationBuilding custom validation constraintsWhat happens when Bean Validation fails in a JAX-RS application?
Supporting custom request-response message formats
Building a custom entity providerMarshalling Java objects to the CSV representation with MessageBodyWriterMarshalling CSV representation to Java objects with MessageBodyReader
Asynchronous RESTful web services
Asynchronous RESTful web service client
Managing HTTP cache in a RESTful web service
Using the Expires header to control the validity of the HTTP cacheUsing Cache-Control directives to manage the HTTP cacheConditional request processing with the Last-Modified HTTP response headerConditional request processing with the ETag HTTP response headerConditional data update in RESTFul web services
Understanding filters and interceptors in JAX-RS
Modifying request and response parameters with JAX-RS filtersImplementing server-side request message filtersPostmatching server-side request message filtersPrematching server-side request message filtersImplementing server-side response message filtersImplementing client-side request message filtersImplementing client-side response message filtersModifying request and response message bodies with JAX-RS interceptorsImplementing request message body interceptorsImplementing response message body interceptorsManaging the order of execution for filters and interceptorsSelectively applying filters and interceptors on REST resources by using @NameBindingDynamically applying filters and interceptors on REST resources using DynamicFeature
Understanding the JAX-RS resource lifecycle
Summary
5. Introducing the Jersey Framework Extensions
Specifying dependencies for Jersey
Programmatically configuring JAX-RS resources during deployment
A quick look at the static resource configurations
Modifying JAX-RS resources during deployment using ModelProcessor
What is Jersey ModelProcessor and how does it work?A brief look at the ModelProcessor interface
Building Hypermedia as the Engine of Application State (HATEOAS) APIs
Formats for specifying JSON REST API hypermedia linksProgrammatically building entity body links using JAX-RS APIsProgrammatically building header links using JAX-RS APIsDeclaratively building links using Jersey annotationsSpecifying the dependency to use Jersey declarative linkingEnable Jersey declarative linking feature for the applicationDeclaratively adding links to resource representationGrouping multiple links using @InjectLinksDeclaratively building HTTP link headers using @InjectLinks
Reading and writing binary large objects using Jersey APIs
Building RESTful web service for storing imagesBuilding RESTful web service for reading images
Generating chunked output using Jersey APIs
Jersey client API for reading chunked input
Supporting Server Sent Event in RESTful web services
Understanding the Jersey server-side configuration properties
Monitoring RESTful web services using Jersey APIs
Summary
6. Securing RESTful Web Services
Securing and authenticating web services
HTTP basic authentication
Building JAX-RS clients with basic authenticationSecuring JAX-RS services with basic authenticationConfiguring JAX-RS application for basic authenticationDefining groups and users in the GlassFish server
HTTP digest authentication
Securing RESTful web services with OAuth
Understanding the OAuth 1.0 protocolBuilding the OAuth 1.0 client using Jersey APIsUnderstanding the OAuth 2.0 protocolUnderstanding the grant types in OAuth 2.0Building the OAuth 2.0 client using Jersey APIs
Authorizing the RESTful web service accesses via the security APIs
Using SecurityContext APIs to control accessUsing the javax.annotation.security annotations to control access with the Jersey frameworkUsing Jersey's role-based entity data filtering
Input validation
Summary
7. The Description and Discovery of RESTful Web Services
Introduction to RESTful web services
Web Application Description Language
An overview of the WADL structureGenerating WADL from JAX-RSGenerating the Java client from WADLMarket adoption of WADL
RESTful API Modeling Language
An overview of the RAML structureGenerating RAML from JAX-RSGenerating RAML from JAX-RS via CLIGenerating JAX-RS from RAMLGenerating JAX-RS from RAML via CLIA glance at the market adoption of RAML
Swagger
A quick overview of Swagger's structureAn overview of Swagger APIsGenerating Swagger from JAX-RSSpecifying dependency to SwaggerConfiguring the Swagger definitionAdding Swagger annotations on a JAX-RS resource classGenerating Java client from SwaggerA glance at the market adoption of Swagger
Revisiting the features offered in WADL, RAML, and Swagger
Summary
8. RESTful API Design Guidelines
Identifying resources in a problem domain
Transforming operations to HTTP methods
Understanding the difference between PUT and POST
Naming RESTful web resources
Fine-grained and coarse-grained resource APIs
Using header parameter for content negotiation
Multilingual RESTful web API resources
Representing date and time in RESTful web resources
Implementing partial response
Implementing partial update
Returning modified resources to the caller
Paging resource collection
Implementing search and sort operations
Using HATEOAS in response representation
Hypertext Application LanguageRFC 5988 – Web Linking
Versioning RESTful web APIs
Including the version in resource URI – the URI versioningIncluding the version in a custom HTTP request header – HTTP header versioningIncluding the version in a HTTP Accept header – the media type versioningHybrid approach for versioning APIs
Caching RESTful web API results
HTTP Cache-Control directiveHTTP conditional requests
Using HTTP status codes in RESTful web APIs
Overriding HTTP methods
Documenting RESTful web APIs
Asynchronous execution of RESTful web APIs
Microservice architecture style for RESTful web applications
Using Open Data Protocol with RESTful web APIs
A quick look at ODataURI convention for OData-based REST APIsReading resourcesQuerying dataModifying dataRelationship operations
Summary
A. Useful Features and Techniques
Tools for building a JAX-RS application
Integration testing of JAX-RS resources with Arquillian
Adding Arquillian dependencies to the Maven-based projectConfiguring the container for running testsAdding Arquillian test classes to the projectRunning Arquillian tests
Implementing PATCH support in JAX-RS resources
Defining the @PATCH annotationDefining a resource method to handle HTTP PATCH requests
Using third-party entity provider frameworks with Jersey
Transforming the JPA model in to OData-enabled RESTful web services
Packaging and deploying JAX-RS applications
Packaging JAX-RS applications with an Application subclassPackaging the JAX-RS applications with web.xml and an Application subclassConfiguring web.xml for a servlet 2.x containerConfiguring web.xml for a Servlet 3.x containerPackaging the JAX-RS applications with web.xml and without an Application subclassConfiguring web.xml for the servlet 2.x containerConfiguring web.xml for the servlet 3.x container
Summary
Index

Content preview from RESTful Java Web Services, Second Edition

Chapter 6. Securing RESTful Web Services

Security is an important part of any enterprise application. In the era of cloud and the Internet of Things, controlling access to the application via the public web API is an essential requirement for any enterprise. The security implementation in a RESTful web service application decides who can access the RESTful web APIs and what they can do once they are logged in. This chapter describes how you can secure the REST APIs from unauthorized and malicious access.

In this chapter, we take the point of view of the architect and not of the creator of the infrastructures supporting our applications. Nevertheless, by the end of the chapter, you will have a good understanding of how to secure your web services ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

RESTful Java Web Services - Third Edition

Publisher Resources

ISBN: 9781784399092

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

RESTful Java Web Services, Second Edition

by Jobinesh Purushothaman

Chapter 6. Securing RESTful Web Services

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.