Abstract image of a woman sitting on books and studying on a laptop

Rest with Spring

Eugen Paraschiv, profile picture
Eugen Paraschiv

This document discusses REST APIs using Spring MVC and Spring Data. It covers: 1. The REST constraints of being stateless, using HTTP caching, and having a uniform interface. 2. Implementing RESTful resources and operations in Spring MVC using request mappings, path variables, and response status codes. 3. Using Spring Data JPA repositories to access and query data from the persistence layer. 4. Testing REST services through both live tests of the deployed API and lower level integration and unit tests.

Technology
1 of 27
Downloaded 64 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
REST with Spring BJUG 6 @IBM Eugen Paraschiv
Overview ● Why REST? ● RESTful Constraints and Guidelines ● REST via Spring MVC ● Persistence with Spring Data ● Testing of a RESTful Service ● Q&A
Why REST ● REST is a set of Constraints (it's not the only one) ● Minimize Coupling between Client and Server ● Update the Server frequently without updating the Clients (no control over them) ● Support for many different types of Clients ● Scaling becomes easy(er)
The Four Levels of HTTP APIs - I, II Level I. SOAP (Flickr SOAP API, Google AdSense API) - WSDL describes the interface at design time - no Resources are identified by URI - only Service Endpoints - no difference between Resource and Representation - HTTP treated as transport - no use of HTTP semantics Level II. RPC (Amazon SimpleDB, Flickr 'REST' API) + the API exposes Resources (often corresponding to the application models) - operations are done via actions in the URIs - the URI space is known at design time (ex. /post/make_new) - operations, failure codes are application specific - HTTP treated as transport - no use of HTTP semantics
The Four Levels of HTTP APIs - III Level III. HTTP (Twitter API) + Resources are exposed and identified by URIs + Resources are manipulated via Representations + HTTP semantics used correctly, use of generic media types (e.g. application/xml) - message semantics only known to Client and Server but not intermediaries - Client and Server are coupled by original design - application state machine is known at design time - assumptions about available representations and transitions are hard-coded
The Four Levels of HTTP APIs - IV Level IV. REST (Atom Pub, OpenSearch) + service description comes in the form of media type (and link relations) specifications + Client only knows entry bookmark (the Root URI) and media types and no specifics about the particular service + Client proceeds through application by looking at one response at a time, each time evaluating how best to proceed given its overall goal and the available transitions + Methods to use are known from media type (and link relations) specifications or selected at runtime based on forms (form semantics known from media type specifications)
REST SEC project WHERE - @github - https://github.com/eugenp/REST WHY - Reference Spring implementation of a REST Service - Identity Management Solution as a Service HOW - REST/web: Spring 3.1.x - Marshalling: Jackson 2.x (for JSON) and XStream (for XML) - Persistence: Spring Data JPA and Hibernate 4.1.x - Testing: Junit, Hamcrest, Mockito, rest-assured, RestTemplate (Apache HTTP Client)
RESTful Constraints - I. Stateless "Each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. Session state is therefore kept entirely on the client" In Short - no sessions, no cookies - each request should contain it's authentication credentials With Spring Security <http create-session="stateless" ... >
RESTful Constraints - II. Cache ● Caching is on the Client side ● Goal of Client side Caching - partially or completely eliminate interactions with the Server ● HTTP Caching options: ● ETag/If-None-Match ● Last-Modified/If-Modified-Since
III. Caching - ETag - example - ex: first, retrieve a Privilege resource: curl -H "Accept: application/json" -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Last-Modified: Fri, 05 Oct 2012 11:36:33 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 52 Date: Fri, 05 Oct 2012 11:36:33 GMT
III. Caching - ETags - example (cont) - next, use the etag value from the previous response to retrieve the Privilege resource again: curl -H "Accept: application/json" -H 'If-None-Match: "f88dd058fe004909615a64f01be66a7"' -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Date: Fri, 05 Oct 2012 11:37:55 GMT
REST Constraint - III. Uniform Interface Uniform Interface Constraints 1. Identification of Resources 2. Manipulation of Resources through Representations 3. Self-descriptive Messages 4. Hypermedia As The Engine Of Application State (HATEOAS)
III.1. Identification of Resources - Spring MVC For a sample foo resource: - the Controller @Controller @RequestMapping(value = "foos") public class FooController{ ... } - retrieve by id: GET api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.GET) public Foo findOne(@PathVariable("id") Long id){...} - search: GET api/foos?q=query @RequestMapping(params = {"q"}, method = RequestMethod.GET) public List<Foo> search(@RequestParam("q") String query){...}
III.1. Identification of Resources - Spring MVC (cont) - create single (update the collection): POST api/foos @RequestMapping(method = RequestMethod.POST) @ResponseStatus(HttpStatus.CREATED) public void create(@RequestBody Foo resource) {...} - update/override PUT api/foos/id @RequestMapping(method = RequestMethod.PUT) @ResponseStatus(HttpStatus.OK) public void update(@RequestBody Foo resource) { ... } - delete: DELETE api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) @ResponseStatus(HttpStatus.NO_CONTENT) public void delete(@PathVariable("id") Long id) { ... }
REST Constraint - III. Uniform Interface Supported Representations: - JSON - application/json - XML - application/xml - future: ATOM All read operations will perform Content Negotiation when the Accept header is set on the request All write operations supports the Content-Type header to be set on the request
Spring MVC - the Controller/Web Layer Simple Responsibilities: - mapping of URIs - Marshalling/Unmarshalling of Resource Representations (implicit) - Translation of Exceptions to HTTP Status Codes
REST Constraint - III. Uniform Interface - HATEOAS - Discoverability at the root - the Create operation - making use of `rel` - Advanced Topics: custom Mime Types, HAL
Persistence Layer - Spring Data - DAO only with interfaces - no implementations public interface IUserJpaDAO extends JpaRepository<User, Long> { … } - define a new, simple method: List<User> findByLastname(String lastname); List<User> findByEmailAddressAndLastname(String emailAddress, String lastname); - flexibility to use @Query @Query("select u from User u where u.emailAddress = ?1") User findByEmailAddress(String emailAddress);
Persistence Layer - Spring Data ● Pagination Page<User> findByFirstname(String firstname, Pageable pageable); ● Sorting List<User> findByLastname(String lastname, Sort sort);
Persistence Layer - Spring Data Other out of the box features - support for: ● Audit: create date, created by, last update date, last updated by ● Advanced Persistence APIs: QueryDSL, JPA 2 Specifications
Transactional Semantics - the API Layer Strategy ● the Controller layer is the transactional owner ● the Service layer contains no transactional semantics ● there are no self-invocations or inter- invocations in the Controller layer - each invocation is a client call
Testing of a REST Service ● Live Tests: testing the deployed RESTful service ○ each RESTful service has a corresponding production API and a testing API ○ high level testing is done via the production API ○ lower level testing is done via the testing API ● Integration tests: business, persistence ● Unit tests
Testing - High Level Live Test (over REST) @Test public void givenResourceExists_whenResourceIsRetrievedByName_thenResourceIsFound() { // Given T existingResource = api.create(createNewEntity()); // When T resourceByName = api.findByName(existingResource.getName()); // Then assertNotNull(resourceByName); }
Testing - Low Level Live Test (over REST) @Test public void givenInvalidResource_whenResourceIsUpdated_then409ConflictIsReceived() { // Given User existingUser = RestAssured.given().auth().preemptive().basic (username, password).contentType("application/json").body(resourceAsJson). post(uri).as(User.class); existingUser.setName(null); // When Response updateResponse = RestAssured.given().auth().preemptive(). basic(username, password).contentType("application/json").body (existingUser).put(uri); // Then assertThat(updateResponse.getStatusCode(), is(409)); }
Security Concerns - Basic and Digest Authentication with Spring Security ON THE SAME URI (similar to Content Negotiation): ● Authorization: Basic ... ● Authorization: Digest ...
Conclusion Questions: -? -? -? -?
THANKS

More Related Content

PDF
Building RESTful applications using Spring MVC
IndicThreads
 
PDF
Microservices with Spring Boot
Joshua Long
 
PDF
Spring Mvc Rest
Craig Walls
 
PDF
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Joshua Long
 
PDF
Effective Web Application Development with Apache Sling
Robert Munteanu
 
PDF
REST APIs with Spring
Joshua Long
 
PPTX
Microservices/dropwizard
FKM Naimul Huda, PMP
 
PDF
Apache Sling as an OSGi-powered REST middleware
Robert Munteanu
 
Building RESTful applications using Spring MVC
IndicThreads
 
Microservices with Spring Boot
Joshua Long
 
Spring Mvc Rest
Craig Walls
 
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy Clarkson
Joshua Long
 
Effective Web Application Development with Apache Sling
Robert Munteanu
 
REST APIs with Spring
Joshua Long
 
Microservices/dropwizard
FKM Naimul Huda, PMP
 
Apache Sling as an OSGi-powered REST middleware
Robert Munteanu
 

What's hot (19)

PDF
Dropwizard Spring - the perfect Java REST server stack
Jacek Furmankiewicz
 
KEY
Multi Client Development with Spring
Joshua Long
 
PPTX
Spring boot Introduction
Jeevesh Pandey
 
PDF
Building Beautiful REST APIs with ASP.NET Core
Stormpath
 
PDF
Introduction to Spring Boot
Trey Howard
 
PPTX
Android and REST
Roman Woźniak
 
PPTX
The Past Year in Spring for Apache Geode
VMware Tanzu
 
PDF
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
PPTX
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
reneechemel
 
PPTX
Spring Boot & WebSocket
Ming-Ying Wu
 
PDF
Spring 4 Web App
Rossen Stoyanchev
 
PPTX
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
PPTX
Spring Boot
Jiayun Zhou
 
PPTX
Content-centric architectures - case study : Apache Sling
Fabrice Hong
 
PDF
The never-ending REST API design debate
Restlet
 
PDF
Lecture 7 Web Services JAX-WS & JAX-RS
Fahad Golra
 
PPT
Using Java to implement SOAP Web Services: JAX-WS
Katrien Verbert
 
PDF
Angularjs & REST
Corley S.r.l.
 
PDF
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2
 
Dropwizard Spring - the perfect Java REST server stack
Jacek Furmankiewicz
 
Multi Client Development with Spring
Joshua Long
 
Spring boot Introduction
Jeevesh Pandey
 
Building Beautiful REST APIs with ASP.NET Core
Stormpath
 
Introduction to Spring Boot
Trey Howard
 
Android and REST
Roman Woźniak
 
The Past Year in Spring for Apache Geode
VMware Tanzu
 
JavaCro'14 - Building interactive web applications with Vaadin – Peter Lehto
HUJAK - Hrvatska udruga Java korisnika / Croatian Java User Association
 
REST Easy with AngularJS - ng-grid CRUD EXAMPLE
reneechemel
 
Spring Boot & WebSocket
Ming-Ying Wu
 
Spring 4 Web App
Rossen Stoyanchev
 
Best Practices for Architecting a Pragmatic Web API.
Mario Cardinal
 
Spring Boot
Jiayun Zhou
 
Content-centric architectures - case study : Apache Sling
Fabrice Hong
 
The never-ending REST API design debate
Restlet
 
Lecture 7 Web Services JAX-WS & JAX-RS
Fahad Golra
 
Using Java to implement SOAP Web Services: JAX-WS
Katrien Verbert
 
Angularjs & REST
Corley S.r.l.
 
WSO2Con Asia 2014 - WSO2 AppDev Platform for the Connected Business
WSO2
 
Ad

Similar to Rest with Spring (20)

PDF
20 Most Asked Question on Rest APIs .pdf
TechSkills7
 
PPTX
ASP.NET Mvc 4 web api
Tiago Knoch
 
PPT
APITalkMeetupSharable
Obaidur (OB) Rashid
 
PDF
Networked APIs with swift
Tim Burks
 
PDF
REST APIs
Arthur De Magalhaes
 
PPTX
Service approach for development Rest API in Symfony2
Sumy PHP User Grpoup
 
PPTX
REST API Best Practices & Implementing in Codeigniter
Sachin G Kulkarni
 
PDF
Xamarin Workshop Noob to Master – Week 5
Charlin Agramonte
 
PPSX
Restful web services rule financial
Rule_Financial
 
PDF
RESTful API-centric Universe
Tihomir Opačić
 
PPT
nguyenhainhathuy-building-restful-web-service
hazzaz
 
PPTX
Apitesting.pptx
NamanVerma88
 
PPTX
ASP.NET WEB API Training
Chalermpon Areepong
 
PPTX
Design Summit - RESTful API Overview - John Hardy
ManageIQ
 
ODP
Embrace HTTP with ASP.NET Web API
Filip W
 
PPTX
Best Practices in Api Design
Muhammad Aamir ...
 
PDF
Rest api titouan benoit
Titouan BENOIT
 
PPTX
Apex REST
Boris Bachovski
 
PPTX
Web api
Sudhakar Sharma
 
PPTX
Cloud Side: REST APIs - Best practices
Nicolas FOATA
 
20 Most Asked Question on Rest APIs .pdf
TechSkills7
 
ASP.NET Mvc 4 web api
Tiago Knoch
 
APITalkMeetupSharable
Obaidur (OB) Rashid
 
Networked APIs with swift
Tim Burks
 
REST APIs
Arthur De Magalhaes
 
Service approach for development Rest API in Symfony2
Sumy PHP User Grpoup
 
REST API Best Practices & Implementing in Codeigniter
Sachin G Kulkarni
 
Xamarin Workshop Noob to Master – Week 5
Charlin Agramonte
 
Restful web services rule financial
Rule_Financial
 
RESTful API-centric Universe
Tihomir Opačić
 
nguyenhainhathuy-building-restful-web-service
hazzaz
 
Apitesting.pptx
NamanVerma88
 
ASP.NET WEB API Training
Chalermpon Areepong
 
Design Summit - RESTful API Overview - John Hardy
ManageIQ
 
Embrace HTTP with ASP.NET Web API
Filip W
 
Best Practices in Api Design
Muhammad Aamir ...
 
Rest api titouan benoit
Titouan BENOIT
 
Apex REST
Boris Bachovski
 
Web api
Sudhakar Sharma
 
Cloud Side: REST APIs - Best practices
Nicolas FOATA
 
Ad

Recently uploaded (20)

PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PDF
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
Unlock new opportunities with location data.pdf
Precisely
 
PDF
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
DOCX
search engine optimization ppt fir known well about this
StandardCodeLearning
 
PDF
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
PDF
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
PPTX
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
August Patch Tuesday
Ivanti
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PPTX
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
Developing a website for English-speaking practice to English as a foreign la...
IAESIJAI
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
Unlock new opportunities with location data.pdf
Precisely
 
Taming the Chaos: How to Turn Unstructured Data into Decisions
Safe Software
 
search engine optimization ppt fir known well about this
StandardCodeLearning
 
A contest of sentiment analysis: k-nearest neighbor versus neural network
IAESIJAI
 
A review of recent deep learning applications in wood surface defect identifi...
IAESIJAI
 
Final SEM Unit 1 for mit wpu at pune .pptx
anishtilekar08
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
August Patch Tuesday
Ivanti
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
The various Industrial Revolutions .pptx
bandileshozi3
 
MicrosoftCybserSecurityReferenceArchitecture-April-2025.pptx
SilvioHayashi
 

Rest with Spring

  • 1. REST with Spring BJUG 6 @IBM Eugen Paraschiv
  • 2. Overview ● Why REST? ● RESTful Constraints and Guidelines ● REST via Spring MVC ● Persistence with Spring Data ● Testing of a RESTful Service ● Q&A
  • 3. Why REST ● REST is a set of Constraints (it's not the only one) ● Minimize Coupling between Client and Server ● Update the Server frequently without updating the Clients (no control over them) ● Support for many different types of Clients ● Scaling becomes easy(er)
  • 4. The Four Levels of HTTP APIs - I, II Level I. SOAP (Flickr SOAP API, Google AdSense API) - WSDL describes the interface at design time - no Resources are identified by URI - only Service Endpoints - no difference between Resource and Representation - HTTP treated as transport - no use of HTTP semantics Level II. RPC (Amazon SimpleDB, Flickr 'REST' API) + the API exposes Resources (often corresponding to the application models) - operations are done via actions in the URIs - the URI space is known at design time (ex. /post/make_new) - operations, failure codes are application specific - HTTP treated as transport - no use of HTTP semantics
  • 5. The Four Levels of HTTP APIs - III Level III. HTTP (Twitter API) + Resources are exposed and identified by URIs + Resources are manipulated via Representations + HTTP semantics used correctly, use of generic media types (e.g. application/xml) - message semantics only known to Client and Server but not intermediaries - Client and Server are coupled by original design - application state machine is known at design time - assumptions about available representations and transitions are hard-coded
  • 6. The Four Levels of HTTP APIs - IV Level IV. REST (Atom Pub, OpenSearch) + service description comes in the form of media type (and link relations) specifications + Client only knows entry bookmark (the Root URI) and media types and no specifics about the particular service + Client proceeds through application by looking at one response at a time, each time evaluating how best to proceed given its overall goal and the available transitions + Methods to use are known from media type (and link relations) specifications or selected at runtime based on forms (form semantics known from media type specifications)
  • 7. REST SEC project WHERE - @github - https://github.com/eugenp/REST WHY - Reference Spring implementation of a REST Service - Identity Management Solution as a Service HOW - REST/web: Spring 3.1.x - Marshalling: Jackson 2.x (for JSON) and XStream (for XML) - Persistence: Spring Data JPA and Hibernate 4.1.x - Testing: Junit, Hamcrest, Mockito, rest-assured, RestTemplate (Apache HTTP Client)
  • 8. RESTful Constraints - I. Stateless "Each request from client to server must contain all of the information necessary to understand the request, and cannot take advantage of any stored context on the server. Session state is therefore kept entirely on the client" In Short - no sessions, no cookies - each request should contain it's authentication credentials With Spring Security <http create-session="stateless" ... >
  • 9. RESTful Constraints - II. Cache ● Caching is on the Client side ● Goal of Client side Caching - partially or completely eliminate interactions with the Server ● HTTP Caching options: ● ETag/If-None-Match ● Last-Modified/If-Modified-Since
  • 10. III. Caching - ETag - example - ex: first, retrieve a Privilege resource: curl -H "Accept: application/json" -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Last-Modified: Fri, 05 Oct 2012 11:36:33 GMT Content-Type: application/json;charset=UTF-8 Content-Length: 52 Date: Fri, 05 Oct 2012 11:36:33 GMT
  • 11. III. Caching - ETags - example (cont) - next, use the etag value from the previous response to retrieve the Privilege resource again: curl -H "Accept: application/json" -H 'If-None-Match: "f88dd058fe004909615a64f01be66a7"' -i http://localhost: 8080/rest-sec/api/privileges/1 HTTP/1.1 304 Not Modified Server: Apache-Coyote/1.1 Link: <http://localhost:8080/rest-sec/api/privileges>; rel="collection" ETag: "f88dd058fe004909615a64f01be66a7" Date: Fri, 05 Oct 2012 11:37:55 GMT
  • 12. REST Constraint - III. Uniform Interface Uniform Interface Constraints 1. Identification of Resources 2. Manipulation of Resources through Representations 3. Self-descriptive Messages 4. Hypermedia As The Engine Of Application State (HATEOAS)
  • 13. III.1. Identification of Resources - Spring MVC For a sample foo resource: - the Controller @Controller @RequestMapping(value = "foos") public class FooController{ ... } - retrieve by id: GET api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.GET) public Foo findOne(@PathVariable("id") Long id){...} - search: GET api/foos?q=query @RequestMapping(params = {"q"}, method = RequestMethod.GET) public List<Foo> search(@RequestParam("q") String query){...}
  • 14. III.1. Identification of Resources - Spring MVC (cont) - create single (update the collection): POST api/foos @RequestMapping(method = RequestMethod.POST) @ResponseStatus(HttpStatus.CREATED) public void create(@RequestBody Foo resource) {...} - update/override PUT api/foos/id @RequestMapping(method = RequestMethod.PUT) @ResponseStatus(HttpStatus.OK) public void update(@RequestBody Foo resource) { ... } - delete: DELETE api/foos/id @RequestMapping(value = "/{id}", method = RequestMethod.DELETE) @ResponseStatus(HttpStatus.NO_CONTENT) public void delete(@PathVariable("id") Long id) { ... }
  • 15. REST Constraint - III. Uniform Interface Supported Representations: - JSON - application/json - XML - application/xml - future: ATOM All read operations will perform Content Negotiation when the Accept header is set on the request All write operations supports the Content-Type header to be set on the request
  • 16. Spring MVC - the Controller/Web Layer Simple Responsibilities: - mapping of URIs - Marshalling/Unmarshalling of Resource Representations (implicit) - Translation of Exceptions to HTTP Status Codes
  • 17. REST Constraint - III. Uniform Interface - HATEOAS - Discoverability at the root - the Create operation - making use of `rel` - Advanced Topics: custom Mime Types, HAL
  • 18. Persistence Layer - Spring Data - DAO only with interfaces - no implementations public interface IUserJpaDAO extends JpaRepository<User, Long> { … } - define a new, simple method: List<User> findByLastname(String lastname); List<User> findByEmailAddressAndLastname(String emailAddress, String lastname); - flexibility to use @Query @Query("select u from User u where u.emailAddress = ?1") User findByEmailAddress(String emailAddress);
  • 19. Persistence Layer - Spring Data ● Pagination Page<User> findByFirstname(String firstname, Pageable pageable); ● Sorting List<User> findByLastname(String lastname, Sort sort);
  • 20. Persistence Layer - Spring Data Other out of the box features - support for: ● Audit: create date, created by, last update date, last updated by ● Advanced Persistence APIs: QueryDSL, JPA 2 Specifications
  • 21. Transactional Semantics - the API Layer Strategy ● the Controller layer is the transactional owner ● the Service layer contains no transactional semantics ● there are no self-invocations or inter- invocations in the Controller layer - each invocation is a client call
  • 22. Testing of a REST Service ● Live Tests: testing the deployed RESTful service ○ each RESTful service has a corresponding production API and a testing API ○ high level testing is done via the production API ○ lower level testing is done via the testing API ● Integration tests: business, persistence ● Unit tests
  • 23. Testing - High Level Live Test (over REST) @Test public void givenResourceExists_whenResourceIsRetrievedByName_thenResourceIsFound() { // Given T existingResource = api.create(createNewEntity()); // When T resourceByName = api.findByName(existingResource.getName()); // Then assertNotNull(resourceByName); }
  • 24. Testing - Low Level Live Test (over REST) @Test public void givenInvalidResource_whenResourceIsUpdated_then409ConflictIsReceived() { // Given User existingUser = RestAssured.given().auth().preemptive().basic (username, password).contentType("application/json").body(resourceAsJson). post(uri).as(User.class); existingUser.setName(null); // When Response updateResponse = RestAssured.given().auth().preemptive(). basic(username, password).contentType("application/json").body (existingUser).put(uri); // Then assertThat(updateResponse.getStatusCode(), is(409)); }
  • 25. Security Concerns - Basic and Digest Authentication with Spring Security ON THE SAME URI (similar to Content Negotiation): ● Authorization: Basic ... ● Authorization: Digest ...