SlideShare a Scribd company logo

Modern web application network architecture

Marc Bächinger
Marc Bächinger

Talk about web application architecture for Java web applications targeted to JavaScript single page applications

Technology
1 of 21
Download to read offline
ARCHITECTURE Dienstag, 11. Februar 14
FROM PRESENTATION TO SERVICE LAYER Dienstag, 11. Februar 14
OLD STYLE PRESENTATION LAYER Server Browser GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 render markup 200/OK (HTML) POST /servlet/contacts HTTP/1.1 200/OK (HTML) Dienstag, 11. Februar 14 render markup
DATA CENTRIC SERVICE LAYER Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /api/contacts HTTP/1.1 render markup 200/OK (JSON) PUT /api/contacts/12 HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
WHERE ARE WE HEADING TO ? Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 200/OK (HTML) ts ! cke o ws://future.now/ws S eb W render markup Dienstag, 11. Februar 14 PUT /api/contacts/12 HTTP/1.1 200/OK (JSON) render markup
REST AND CRUD Dienstag, 11. Februar 14
JAX-RS @GET @Produces("application/json") public Collection<ToDo> getAll() throws ServiceException { ... } @GET @Path("/{uuid}") @Produces("application/json") public ToDo get(@PathParam("uuid")String id) throws ServiceException { ... } @PUT @Consumes("application/json") @Produces("application/json") public ToDo createToDo(ToDo toDo) throws ServiceException { ... } Dienstag, 11. Februar 14
CORS CROSS ORIGIN RESOURCE SHARING Dienstag, 11. Februar 14
PREFLIGHT REQUEST curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo > OPTIONS /baas/api/todo HTTP/1.1 ... < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
CORS Browser Server of origin Service provider GET /index.html HTTP/1.1 200/OK (HTML) ! est qu pr ht re eflig OPTIONS /api/contacts HTTP/1.1 200/OK (WADL) GET /api/contacts HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
SETTING CORS HEADERS JEE WebFilter (Glassfish 4.0) @WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"}) public class CorsFilter implements Filter { private void doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse)response; httpResponse.addHeader("Access-Control-Allow-Origin", "*"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpResponse.addHeader("Access-Control-Allow-Headers", "x-requested-with, accept, origin, authorization"); httpResponse.addHeader("Access-Control-Max-Age", "1728000"); } } ... // netbeans default Filter pattern Dienstag, 11. Februar 14
CORS curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
WADL <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> <resources base="https://localhost:8181/baas/api/"> <resource path="todo"> <method id="createToDo" name="PUT"> <request> <representation mediaType="application/json"/> </request> <response> <representation mediaType="application/json"/> </response> </method> ... </resource> </resources> </application> Dienstag, 11. Februar 14
AUTHENTICATION Dienstag, 11. Februar 14
WEB.XML <security-constraint> <display-name>REST API</display-name> <web-resource-collection> <web-resource-name>web-api</web-resource-name> <url-pattern>/api/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> S <transport-guarantee>CONFIDENTIAL</transport-guarantee> HTTP </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> uth a <realm-name>file</realm-name>basic </login-config> <security-role> <role-name>user</role-name> </security-role> Dienstag, 11. Februar 14
HTTPS AND BASIC AUTH • + easy to implement • - password is sent on every request • (- browser stores credentials for session) • (- browser may store creds permanently) • corporate proxies • not for really sensitive data Dienstag, 11. Februar 14
BASIC AUTHENTICATION curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo > GET /baas/api/todo HTTP/1.1 ... < < < < < < < < < < < HTTP/1.1 401 Unauthorized X-Powered-By: Servlet/3.0 JSP/2.2 [...] Server: GlassFish Server Open Source Edition 3.1.2.2 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET WWW-Authenticate: Basic realm="file" Content-Type: text/html Content-Length: 1073 Date: Wed, 14 Aug 2013 23:33:48 GMT Dienstag, 11. Februar 14
BASIC AUTHENTICATION curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo > > > > > > GET /baas/api/todo HTTP/1.1 Authorization: Basic bWFyYzpnZWhlaW0= User-Agent: ... Host: localhost:8181 Accept: */* < HTTP/1.1 200 OK Dienstag, 11. Februar 14
EXERCISES ecture/baas-gf ~/ws/05-Archit ~/ws/05-Architecture/jquery-rest Dienstag, 11. Februar 14
HTTPS AND FORM AUTH • auth method form in web.xml • credential sent only once (+) • SSO (+) • corporate proxies (-) Dienstag, 11. Februar 14
SETTING CORS HEADERS Jersey (eg. Jersey/Tomcat) public class CrossOriginResourceSharingFilter implements ContainerResponseFilter { @Override public ContainerResponse filter( ContainerRequest request, ContainerResponse response) { } } Dienstag, 11. Februar 14 response.getHttpHeaders().putSingle( "Access-Control-Allow-Origin", "*"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Headers", "content-type,authorization,x-requested-with"); response.getHttpHeaders().putSingle( "Access-Control-Max-Age", "3600"); return response;

Recommended

Play Framework
Play FrameworkPlay Framework
Play Frameworkmozgkarakaya
 
Implementing Early Hints in Chrome - Approaches and Challenges
Implementing Early Hints in Chrome - Approaches and ChallengesImplementing Early Hints in Chrome - Approaches and Challenges
Implementing Early Hints in Chrome - Approaches and ChallengesViet-Hoang Tran
 
Node.js Socket.IO
Node.js Socket.IONode.js Socket.IO
Node.js Socket.IOEyal Vardi
 
Making the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolMaking the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolArmenuhi Abramyan
 
Writing highly scalable WebSocket using the Atmosphere Framework and Scala
Writing highly scalable WebSocket using the Atmosphere Framework and ScalaWriting highly scalable WebSocket using the Atmosphere Framework and Scala
Writing highly scalable WebSocket using the Atmosphere Framework and Scalajfarcand
 
The Atmosphere Framework
The Atmosphere FrameworkThe Atmosphere Framework
The Atmosphere Frameworkjfarcand
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
Building WebSocket and Server Side Events Applications using Atmosphere
Building WebSocket and Server Side Events Applications using AtmosphereBuilding WebSocket and Server Side Events Applications using Atmosphere
Building WebSocket and Server Side Events Applications using Atmospherejfarcand
 

Recommended

Play Framework
Play FrameworkPlay Framework
Play Frameworkmozgkarakaya
 
Implementing Early Hints in Chrome - Approaches and Challenges
Implementing Early Hints in Chrome - Approaches and ChallengesImplementing Early Hints in Chrome - Approaches and Challenges
Implementing Early Hints in Chrome - Approaches and ChallengesViet-Hoang Tran
 
Node.js Socket.IO
Node.js Socket.IONode.js Socket.IO
Node.js Socket.IOEyal Vardi
 
Making the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolMaking the secure communication between Server and Client with https protocol
Making the secure communication between Server and Client with https protocolArmenuhi Abramyan
 
Writing highly scalable WebSocket using the Atmosphere Framework and Scala
Writing highly scalable WebSocket using the Atmosphere Framework and ScalaWriting highly scalable WebSocket using the Atmosphere Framework and Scala
Writing highly scalable WebSocket using the Atmosphere Framework and Scalajfarcand
 
The Atmosphere Framework
The Atmosphere FrameworkThe Atmosphere Framework
The Atmosphere Frameworkjfarcand
 
Config websocket on apache
Config websocket on apacheConfig websocket on apache
Config websocket on apachebaran19901990
 
Building WebSocket and Server Side Events Applications using Atmosphere
Building WebSocket and Server Side Events Applications using AtmosphereBuilding WebSocket and Server Side Events Applications using Atmosphere
Building WebSocket and Server Side Events Applications using Atmospherejfarcand
 
WSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayWSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayProfesia Srl, Lynx Group
 
Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!jfarcand
 
Dancing with websocket
Dancing with websocketDancing with websocket
Dancing with websocketDamien Krotkine
 
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)PROIDEA
 
Web sockets
Web socketsWeb sockets
Web socketsbodokaiser
 
Cache is king
Cache is kingCache is king
Cache is kingedrone
 
Cache is the king
Cache is the kingCache is the king
Cache is the kingKasia Przybylska
 
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Amitesh Madhur
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTPradeep Mishra
 
WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.bodokaiser
 
Building Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsBuilding Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsSergi Almar i Graupera
 
Presentation (PPT)
Presentation (PPT)Presentation (PPT)
Presentation (PPT)webhostingguy
 
Node worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioNode worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioCaesar Chi
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCLFastly
 
Android and REST
Android and RESTAndroid and REST
Android and RESTRoman Woźniak
 
Getting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsGetting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsArun Gupta
 
Getting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaGetting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaArun Gupta
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integrationOleksandr Semenov
 
Service worker: discover the next web game changer
Service worker: discover the next web game changerService worker: discover the next web game changer
Service worker: discover the next web game changerSandro Paganotti
 
Pandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS
 
p2p
p2pp2p
p2pkazuSW2
 
Hadoop map reduce data flow
Hadoop map reduce data flowHadoop map reduce data flow
Hadoop map reduce data flowIntellipaat
 

More Related Content

What's hot

WSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayWSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayProfesia Srl, Lynx Group
 
Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!jfarcand
 
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)PROIDEA
 
Cache is king
Cache is kingCache is king
Cache is kingedrone
 
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Amitesh Madhur
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTPradeep Mishra
 
WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.bodokaiser
 
Building Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsBuilding Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsSergi Almar i Graupera
 
Node worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioNode worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioCaesar Chi
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCLFastly
 
Getting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsGetting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsArun Gupta
 
Getting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaGetting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaArun Gupta
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integrationOleksandr Semenov
 
Service worker: discover the next web game changer
Service worker: discover the next web game changerService worker: discover the next web game changer
Service worker: discover the next web game changerSandro Paganotti
 
Pandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS
 

What's hot (20)

WSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - MicrogatewayWSO2 Italia Open Break Session #2 - Microgateway
WSO2 Italia Open Break Session #2 - Microgateway
 
Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!Websockets on the JVM: Atmosphere to the rescue!
Websockets on the JVM: Atmosphere to the rescue!
 
Dancing with websocket
Dancing with websocketDancing with websocket
Dancing with websocket
 
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
JDD 2017: Nginx + Lua = OpenResty (Marcin Stożek)
 
Web sockets
Web socketsWeb sockets
Web sockets
 
Cache is king
Cache is kingCache is king
Cache is king
 
Cache is the king
Cache is the kingCache is the king
Cache is the king
 
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
Web rtc, Media stream, Peer connection, Setting up STUN and TURN on Linux and...
 
Configuring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured RESTConfiguring Outbound SSL connection to invoke secured REST
Configuring Outbound SSL connection to invoke secured REST
 
WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.WebSockets - Today, in the Past, in Future and in Production.
WebSockets - Today, in the Past, in Future and in Production.
 
Building Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSocketsBuilding Real-Time Applications with Android and WebSockets
Building Real-Time Applications with Android and WebSockets
 
Presentation (PPT)
Presentation (PPT)Presentation (PPT)
Presentation (PPT)
 
Node worshop Realtime - Socket.io
Node worshop Realtime - Socket.ioNode worshop Realtime - Socket.io
Node worshop Realtime - Socket.io
 
Solving anything in VCL
Solving anything in VCLSolving anything in VCL
Solving anything in VCL
 
Android and REST
Android and RESTAndroid and REST
Android and REST
 
Getting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent EventsGetting Started with WebSockets and Server-Sent Events
Getting Started with WebSockets and Server-Sent Events
 
Getting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in JavaGetting Started with WebSocket and Server-Sent Events in Java
Getting Started with WebSocket and Server-Sent Events in Java
 
Spring + WebSocket integration
Spring + WebSocket integrationSpring + WebSocket integration
Spring + WebSocket integration
 
Service worker: discover the next web game changer
Service worker: discover the next web game changerService worker: discover the next web game changer
Service worker: discover the next web game changer
 
Pandora FMS: Sun One webserver
Pandora FMS: Sun One webserverPandora FMS: Sun One webserver
Pandora FMS: Sun One webserver
 

Viewers also liked

Hadoop map reduce data flow
Hadoop map reduce data flowHadoop map reduce data flow
Hadoop map reduce data flowIntellipaat
 
Statistical Significance | Statistics
Statistical Significance | StatisticsStatistical Significance | Statistics
Statistical Significance | StatisticsTransweb Global Inc
 
FTP Client and Server | Computer Science
FTP Client and Server | Computer ScienceFTP Client and Server | Computer Science
FTP Client and Server | Computer ScienceTransweb Global Inc
 
Client server architecture
Client server architectureClient server architecture
Client server architectureBhargav Amin
 
Lecture 5 6 .ad hoc network
Lecture 5 6 .ad hoc networkLecture 5 6 .ad hoc network
Lecture 5 6 .ad hoc networkChandra Meena
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc NetworksJagdeep Singh
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer networkAshita Agrawal
 

Viewers also liked (14)

p2p
p2pp2p
p2p
 
Hadoop map reduce data flow
Hadoop map reduce data flowHadoop map reduce data flow
Hadoop map reduce data flow
 
Map reduce
Map reduceMap reduce
Map reduce
 
Statistical Significance | Statistics
Statistical Significance | StatisticsStatistical Significance | Statistics
Statistical Significance | Statistics
 
FTP Client and Server | Computer Science
FTP Client and Server | Computer ScienceFTP Client and Server | Computer Science
FTP Client and Server | Computer Science
 
Ad hoc networks
Ad hoc networksAd hoc networks
Ad hoc networks
 
Networking
NetworkingNetworking
Networking
 
Client server architecture
Client server architectureClient server architecture
Client server architecture
 
Lecture 5 6 .ad hoc network
Lecture 5 6 .ad hoc networkLecture 5 6 .ad hoc network
Lecture 5 6 .ad hoc network
 
Density Function | Statistics
Density Function | StatisticsDensity Function | Statistics
Density Function | Statistics
 
Client server architecture
Client server architectureClient server architecture
Client server architecture
 
Ad-Hoc Networks
Ad-Hoc NetworksAd-Hoc Networks
Ad-Hoc Networks
 
Mobile Ad hoc Networks
Mobile Ad hoc NetworksMobile Ad hoc Networks
Mobile Ad hoc Networks
 
Introduction to computer network
Introduction to computer networkIntroduction to computer network
Introduction to computer network
 

Similar to Modern web application network architecture

HTTP Caching in Web Application
HTTP Caching in Web ApplicationHTTP Caching in Web Application
HTTP Caching in Web ApplicationMartins Sipenko
 
Cake fest 2012 create a restful api
Cake fest 2012 create a restful apiCake fest 2012 create a restful api
Cake fest 2012 create a restful apiceeram
 
HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?Alessandro Nadalin
 
An introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOsAn introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOsTom Anthony
 
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...Distilled
 
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023Thijs Feryn
 
I got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't oneI got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't oneAdrian Cole
 
Adriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talkaldur999
 
RESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSRESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSCarol McDonald
 
REST and Web API
REST and Web APIREST and Web API
REST and Web APIIT Weekend
 
An introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applicationsAn introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applicationsmrdon
 
Construindo APIs Usando Rails
Construindo APIs Usando RailsConstruindo APIs Usando Rails
Construindo APIs Usando RailsFernando Kakimoto
 
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...Codemotion
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and PythonPiXeL16
 

Similar to Modern web application network architecture (20)

HTTP Caching in Web Application
HTTP Caching in Web ApplicationHTTP Caching in Web Application
HTTP Caching in Web Application
 
Cake fest 2012 create a restful api
Cake fest 2012 create a restful apiCake fest 2012 create a restful api
Cake fest 2012 create a restful api
 
Introduction HTTP via cURL
Introduction HTTP via cURLIntroduction HTTP via cURL
Introduction HTTP via cURL
 
HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?HTTP colon slash slash: the end of the road?
HTTP colon slash slash: the end of the road?
 
Cors michael
Cors michaelCors michael
Cors michael
 
An introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOsAn introduction to HTTP/2 & Service Workers for SEOs
An introduction to HTTP/2 & Service Workers for SEOs
 
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
SearchLove San Diego 2018 | Tom Anthony | An Introduction to HTTP/2 & Service...
 
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
Core web vitals meten om je site sneller te maken - Combell Partner Day 2023
 
I got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't oneI got 99 problems, but ReST ain't one
I got 99 problems, but ReST ain't one
 
RESTful design
RESTful designRESTful design
RESTful design
 
Adriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI TalkAdriano Di Luzio - Davvy - PyconSEI Talk
Adriano Di Luzio - Davvy - PyconSEI Talk
 
RESTful Web Services with JAX-RS
RESTful Web Services with JAX-RSRESTful Web Services with JAX-RS
RESTful Web Services with JAX-RS
 
Oredev 2009 JAX-RS
Oredev 2009 JAX-RSOredev 2009 JAX-RS
Oredev 2009 JAX-RS
 
REST and Web API
REST and Web APIREST and Web API
REST and Web API
 
REST and Web API
REST and Web APIREST and Web API
REST and Web API
 
An introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applicationsAn introduction to Struts 2 and RESTful applications
An introduction to Struts 2 and RESTful applications
 
Construindo APIs Usando Rails
Construindo APIs Usando RailsConstruindo APIs Usando Rails
Construindo APIs Usando Rails
 
Rest
RestRest
Rest
 
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
RESTFUL SERVICES MADE EASY: THE EVE REST API FRAMEWORK - Nicola Iarocci - Co...
 
REST with Eve and Python
REST with Eve and PythonREST with Eve and Python
REST with Eve and Python
 

More from Marc Bächinger

Introduction to web components
Introduction to web componentsIntroduction to web components
Introduction to web componentsMarc Bächinger
 
Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)Marc Bächinger
 

More from Marc Bächinger (9)

Introduction to web components
Introduction to web componentsIntroduction to web components
Introduction to web components
 
High-Quality JavaScript
High-Quality JavaScriptHigh-Quality JavaScript
High-Quality JavaScript
 
HTML5 unplugged
HTML5 unpluggedHTML5 unplugged
HTML5 unplugged
 
JavaScript toolchain
JavaScript toolchainJavaScript toolchain
JavaScript toolchain
 
JQuery primer
JQuery primerJQuery primer
JQuery primer
 
With your bare hands
With your bare handsWith your bare hands
With your bare hands
 
Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)Architecting non-trivial browser applications (Jazoon 2012)
Architecting non-trivial browser applications (Jazoon 2012)
 
Jax-rs-js Tutorial
Jax-rs-js TutorialJax-rs-js Tutorial
Jax-rs-js Tutorial
 
Html5 communication
Html5 communicationHtml5 communication
Html5 communication
 

Recently uploaded

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfNeo4j
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Alkin Tezuysal
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 

Recently uploaded (20)

Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Connecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdfConnecting the Dots for Information Discovery.pdf
Connecting the Dots for Information Discovery.pdf
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
Unleashing Real-time Insights with ClickHouse_ Navigating the Landscape in 20...
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 

Modern web application network architecture

  • 2. FROM PRESENTATION TO SERVICE LAYER Dienstag, 11. Februar 14
  • 3. OLD STYLE PRESENTATION LAYER Server Browser GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 render markup 200/OK (HTML) POST /servlet/contacts HTTP/1.1 200/OK (HTML) Dienstag, 11. Februar 14 render markup
  • 4. DATA CENTRIC SERVICE LAYER Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /api/contacts HTTP/1.1 render markup 200/OK (JSON) PUT /api/contacts/12 HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • 5. WHERE ARE WE HEADING TO ? Browser Server GET /index.html HTTP/1.1 200/OK (HTML) GET /contacts-table.html HTTP/1.1 200/OK (HTML) ts ! cke o ws://future.now/ws S eb W render markup Dienstag, 11. Februar 14 PUT /api/contacts/12 HTTP/1.1 200/OK (JSON) render markup
  • 6. REST AND CRUD Dienstag, 11. Februar 14
  • 7. JAX-RS @GET @Produces("application/json") public Collection<ToDo> getAll() throws ServiceException { ... } @GET @Path("/{uuid}") @Produces("application/json") public ToDo get(@PathParam("uuid")String id) throws ServiceException { ... } @PUT @Consumes("application/json") @Produces("application/json") public ToDo createToDo(ToDo toDo) throws ServiceException { ... } Dienstag, 11. Februar 14
  • 8. CORS CROSS ORIGIN RESOURCE SHARING Dienstag, 11. Februar 14
  • 9. PREFLIGHT REQUEST curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo > OPTIONS /baas/api/todo HTTP/1.1 ... < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • 10. CORS Browser Server of origin Service provider GET /index.html HTTP/1.1 200/OK (HTML) ! est qu pr ht re eflig OPTIONS /api/contacts HTTP/1.1 200/OK (WADL) GET /api/contacts HTTP/1.1 render markup Dienstag, 11. Februar 14 200/OK (JSON)
  • 11. SETTING CORS HEADERS JEE WebFilter (Glassfish 4.0) @WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"}) public class CorsFilter implements Filter { private void doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse)response; httpResponse.addHeader("Access-Control-Allow-Origin", "*"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpResponse.addHeader("Access-Control-Allow-Headers", "x-requested-with, accept, origin, authorization"); httpResponse.addHeader("Access-Control-Max-Age", "1728000"); } } ... // netbeans default Filter pattern Dienstag, 11. Februar 14
  • 12. CORS curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo < HTTP/1.1 200 OK < X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6) < Server: GlassFish Server Open Source Edition 3.1.2.2 < Allow: OPTIONS,GET,HEAD,PUT < Last-modified: Do, 15 Aug 2013 00:26:54 MESZ < Access-Control-Allow-Origin: * < Access-Control-Allow-Methods: GET, POST, PUT, DELETE < Access-Control-Allow-Headers: content-type,authorization,x-requested-with < Access-Control-Max-Age: 1728000 < Content-Type: application/vnd.sun.wadl+xml < Content-Length: 1642 < Date: Wed, 14 Aug 2013 22:44:55 GMT < <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> ... </application> Dienstag, 11. Februar 14
  • 13. WADL <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <application xmlns="http://wadl.dev.java.net/2009/02"> <resources base="https://localhost:8181/baas/api/"> <resource path="todo"> <method id="createToDo" name="PUT"> <request> <representation mediaType="application/json"/> </request> <response> <representation mediaType="application/json"/> </response> </method> ... </resource> </resources> </application> Dienstag, 11. Februar 14
  • 16. HTTPS AND BASIC AUTH • + easy to implement • - password is sent on every request • (- browser stores credentials for session) • (- browser may store creds permanently) • corporate proxies • not for really sensitive data Dienstag, 11. Februar 14
  • 17. BASIC AUTHENTICATION curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo > GET /baas/api/todo HTTP/1.1 ... < < < < < < < < < < < HTTP/1.1 401 Unauthorized X-Powered-By: Servlet/3.0 JSP/2.2 [...] Server: GlassFish Server Open Source Edition 3.1.2.2 Pragma: No-cache Cache-Control: no-cache Expires: Thu, 01 Jan 1970 01:00:00 CET WWW-Authenticate: Basic realm="file" Content-Type: text/html Content-Length: 1073 Date: Wed, 14 Aug 2013 23:33:48 GMT Dienstag, 11. Februar 14
  • 18. BASIC AUTHENTICATION curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo > > > > > > GET /baas/api/todo HTTP/1.1 Authorization: Basic bWFyYzpnZWhlaW0= User-Agent: ... Host: localhost:8181 Accept: */* < HTTP/1.1 200 OK Dienstag, 11. Februar 14
  • 20. HTTPS AND FORM AUTH • auth method form in web.xml • credential sent only once (+) • SSO (+) • corporate proxies (-) Dienstag, 11. Februar 14
  • 21. SETTING CORS HEADERS Jersey (eg. Jersey/Tomcat) public class CrossOriginResourceSharingFilter implements ContainerResponseFilter { @Override public ContainerResponse filter( ContainerRequest request, ContainerResponse response) { } } Dienstag, 11. Februar 14 response.getHttpHeaders().putSingle( "Access-Control-Allow-Origin", "*"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Headers", "content-type,authorization,x-requested-with"); response.getHttpHeaders().putSingle( "Access-Control-Max-Age", "3600"); return response;