book

RESTful Java with JAX-RS 2.0, 2nd Edition

Name: RESTful Java with JAX-RS 2.0, 2nd Edition
Author: Bill Burke
ISBN: 9781449361457

by Bill Burke

November 2013

Intermediate to advanced

392 pages

8h 59m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Foreword
Preface
Author’s NoteWho Should Read This BookHow This Book Is OrganizedPart I, REST and the JAX-RS StandardPart II, JAX-RS WorkbookConventions Used in This BookUsing Code ExamplesSafari® Books OnlineHow to Contact UsAcknowledgments
I. REST and the JAX-RS Standard
1. Introduction to REST
REST and the Rebirth of HTTPRESTful Architectural PrinciplesAddressabilityThe Uniform, Constrained InterfaceWhy Is the Uniform Interface Important?Representation-OrientedCommunicate StatelesslyHATEOASThe engine of application stateWrapping Up
2. Designing RESTful Services
The Object ModelModel the URIsDefining the Data FormatRead and Update FormatCommon link elementThe detailsCreate FormatAssigning HTTP MethodsBrowsing All Orders, Customers, or ProductsObtaining Individual Orders, Customers, or ProductsCreating an Order, Customer, or ProductCreating with PUTCreating with POSTUpdating an Order, Customer, or ProductRemoving an Order, Customer, or ProductCancelling an OrderOverloading the meaning of DELETEStates versus operationsWrapping Up
3. Your First JAX-RS Service
Developing a JAX-RS RESTful ServiceCustomer: The Data ClassCustomerResource: Our JAX-RS ServiceCreating customersRetrieving customersUpdating a customerUtility methodsJAX-RS and Java InterfacesInheritanceDeploying Our ServiceWriting a ClientWrapping Up
4. HTTP Method and URI Matching
Binding HTTP MethodsHTTP Method Extensions@PathBinding URIs@Path ExpressionsTemplate parametersRegular expressionsPrecedence rulesEncodingMatrix ParametersSubresource LocatorsFull Dynamic DispatchingGotchas in Request MatchingWrapping Up
5. JAX-RS Injection
The Basics@PathParamMore Than One Path ParameterScope of Path ParametersPathSegment and Matrix ParametersMatching with multiple PathSegmentsProgrammatic URI Information@MatrixParam@QueryParamProgrammatic Query Parameter Information@FormParam@HeaderParamRaw Headers@CookieParam@BeanParamCommon FunctionalityAutomatic Java Type ConversionPrimitive type conversionJava object conversionParamConvertersCollectionsConversion failures@DefaultValue@EncodedWrapping Up
6. JAX-RS Content Handlers
Built-in Content Marshallingjavax.ws.rs.core.StreamingOutputjava.io.InputStream, java.io.Readerjava.io.Filebyte[]String, char[]MultivaluedMap<String, String> and Form Inputjavax.xml.transform.SourceJAXBIntro to JAXBJAXB JAX-RS HandlersManaging your own JAXBContexts with ContextResolversJAXB and JSONXML to JSON using BadgerFishJSON and JSON SchemaCustom MarshallingMessageBodyWriterAdding pretty printingPluggable JAXBContexts using ContextResolversMessageBodyReaderLife Cycle and EnvironmentWrapping Up
7. Server Responses and Exception Handling
Default Response CodesSuccessful ResponsesError ResponsesComplex ResponsesReturning CookiesThe Status Enumjavax.ws.rs.core.GenericEntityException Handlingjavax.ws.rs.WebApplicationExceptionException MappingException HierarchyMapping default exceptionsWrapping Up

8. JAX-RS Client API
Client IntroductionBootstrapping with ClientBuilderClient and WebTargetBuilding and Invoking RequestsInvocationException HandlingConfiguration ScopesWrapping Up
9. HTTP Content Negotiation
Conneg ExplainedPreference OrderingLanguage NegotiationEncoding NegotiationJAX-RS and ConnegMethod DispatchingLeveraging Conneg with JAXBComplex NegotiationViewing Accept headersVariant processingNegotiation by URI PatternsLeveraging Content NegotiationCreating New Media TypesFlexible SchemasWrapping Up
10. HATEOAS
HATEOAS and Web ServicesAtom LinksAdvantages of Using HATEOAS with Web ServicesLocation transparencyDecoupling interaction detailsReduced state transition errorsW3C standardized relationshipsLink Headers Versus Atom LinksHATEOAS and JAX-RSBuilding URIs with UriBuilderRelative URIs with UriInfoBuilding Links and Link HeadersWriting Link HeadersEmbedding Links in XMLWrapping Up
11. Scaling JAX-RS Applications
CachingHTTP CachingExpires HeaderCache-ControlRevalidation and Conditional GETsLast-ModifiedETagJAX-RS and conditional GETsConcurrencyJAX-RS and Conditional UpdatesWrapping Up
12. Filters and Interceptors
Server-Side FiltersServer Request FiltersServer Response FiltersReader and Writer InterceptorsClient-Side FiltersDeploying Filters and InterceptorsOrdering Filters and InterceptorsPer-JAX-RS Method BindingsDynamicFeatureName BindingsDynamicFeature Versus @NameBindingException ProcessingWrapping Up
13. Asynchronous JAX-RS
AsyncInvoker Client APIUsing FuturesException handlingUsing CallbacksFutures Versus CallbacksServer Asynchronous Response ProcessingAsyncResponse APIException HandlingCancelStatus MethodsTimeoutsCallbacksUse Cases for AsyncResponseServer-side pushPublish and subscribePriority schedulingWrapping Up
14. Deployment and Integration
DeploymentThe Application ClassDeployment Within a JAX-RS-Aware ContainerDeployment Within a JAX-RS-Unaware ContainerConfigurationBasic ConfigurationEJB IntegrationSpring IntegrationWrapping Up
15. Securing JAX-RS
AuthenticationBasic AuthenticationDigest AuthenticationClient Certificate AuthenticationAuthorizationAuthentication and Authorization in JAX-RSEnforcing EncryptionAuthorization AnnotationsProgrammatic SecurityClient SecurityVerifying the ServerOAuth 2.0Signing and Encrypting Message BodiesDigital SignaturesDKIM/DOSETAJOSE JWSEncrypting RepresentationsWrapping Up
16. Alternative Java Clients
java.net.URLCachingAuthenticationClient Certificate AuthenticationAdvantages and DisadvantagesApache HttpClientAuthenticationClient Certificate authenticationAdvantages and DisadvantagesRESTEasy Client ProxiesAdvantages and DisadvantagesWrapping Up
II. JAX-RS Workbook
17. Workbook Introduction
Installing RESTEasy and the ExamplesExample Requirements and StructureCode Directory StructureEnvironment Setup
18. Examples for Chapter 3
Build and Run the Example ProgramDeconstructing pom.xmlRunning the BuildExamining the Source Code
19. Examples for Chapter 4
Example ex04_1: HTTP Method ExtensionBuild and Run the Example ProgramThe Server CodeThe Client CodeExample ex04_2: @Path with ExpressionsBuild and Run the Example ProgramThe Server CodeThe Client CodeExample ex04_3: Subresource LocatorsBuild and Run the Example ProgramThe Server CodeThe Client Code
20. Examples for Chapter 5
Example ex05_1: Injecting URI InformationThe Server CodeThe Client CodeBuild and Run the Example ProgramExample ex05_2: Forms and CookiesThe Server CodeBuild and Run the Example Program
21. Examples for Chapter 6
Example ex06_1: Using JAXBThe Client CodeChanges to pom.xmlBuild and Run the Example ProgramExample ex06_2: Creating a Content HandlerThe Content Handler CodeThe Resource ClassThe Application ClassThe Client CodeBuild and Run the Example Program
22. Examples for Chapter 7
Example ex07_1: ExceptionMapperThe Client CodeBuild and Run the Example Program
23. Examples for Chapter 9
Example ex09_1: Conneg with JAX-RSThe Client CodeBuild and Run the Example ProgramExample ex09_2: Conneg via URL PatternsThe Server CodeBuild and Run the Example Program
24. Examples for Chapter 10
Example ex10_1: Atom LinksThe Server CodeThe Client CodeBuild and Run the Example ProgramExample ex10_2: Link HeadersThe Server CodeOrderResourceStoreResourceThe Client CodeBuild and Run the Example Program
25. Examples for Chapter 11
Example ex11_1: Caching and Concurrent UpdatesThe Server CodeThe Client CodeBuild and Run the Example Program
26. Examples for Chapter 12
Example ex12_1 : ContainerResponseFilter and DynamicFeatureThe Server CodeThe Client CodeBuild and Run the Example ProgramExample ex12_2: Implementing a WriterInterceptorThe Client CodeBuild and Run the Example Program
27. Examples for Chapter 13
Example ex13_1: Chat REST InterfaceThe Client CodeThe Server CodePosting a new messageHandling poll requestsBuild and Run the Example Program
28. Examples for Chapter 14
Example ex14_1: EJB and JAX-RSProject StructureThe EJBsThe Remaining Server CodeThe ExceptionMappersChanges to Application classThe Client CodeBuild and Run the Example ProgramExample ex14_2: Spring and JAX-RSBuild and Run the Example Program
29. Examples for Chapter 15
Example ex15_1: Custom SecurityOne-Time Password AuthenticationThe server codeAllowed-per-Day Access PolicyThe client codeBuild and Run the Example ProgramExample ex15_1: JSON Web EncryptionBuild and Run the Example Program
Index
Colophon
Copyright

Content preview from RESTful Java with JAX-RS 2.0, 2nd Edition

Chapter 15. Securing JAX-RS

Many RESTful web services will want secure access to the data and functionality they provide. This is especially true for services that will be performing updates. They will want to prevent sniffers on the network from reading their messages. They may also want to fine-tune which users are allowed to interact with a specific service and disallow certain actions for specific users. The Web and the umbrella specification for JAX-RS, Java EE, provide a core set of security services and protocols that you can leverage from within your RESTful web services. These include:

Authentication: Authentication is about validating the identity of a client that is trying to access your services. It usually involves checking to see if the client has provided an existing user with valid credentials, such as a password. The Web has a few standardized protocols you can use for authentication. Java EE, specifically your servlet container, has facilities to understand and configure these Internet security authentication protocols.
Authorization: Once a client is authenticated, it will want to interact with your RESTful web service. Authorization is about deciding whether or not a certain user is allowed to access and invoke on a specific URI. For example, you may want to allow write access (PUT/POST/DELETE operations) for one set of users and disallow it for others. Authorization is not part of any Internet protocol and is really the domain of your servlet container and ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781449361433Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

RESTful Java with JAX-RS 2.0, 2nd Edition

by Bill Burke

Chapter 15. Securing JAX-RS

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.