database rest apis for microservices · •no knowledge of sql, pl/sql or query...

Copyright © 2019, eProseed and/or its affiliates. All rights reserved.

DATABASE REST APIS FOR MICROSERVICES

Oracle REST Data Services (ORDS) for building effective data access APIs

1

Speaker : Peter de VaalEvent : APEX World 2019Date : 25-Mar-2019

Copyright © 2019, eProseed and/or its affiliates. All rights reserved.3

Peter de Vaal

eProseed

Work In Oracle technology since 1992

Database, Middleware, Cloud

Application Dev. in SQL/PLSQL,Forms, Apex, JET, ADF

Mountain biker: Finished Cape Pioneer Trek 2018

WHO AM I


PROGRAM AGENDA

The future of the Oracle RDBMS as a service: REST

The tooling: Oracle REST Data Services (ORDS)

REST enabling database schemas and tables

Building REST APIs for service virtualisation

REST enabled SQL Service

1

2

3

4

5

4







1

2

3

4

5

5


WHAT IS REST?

• Representational State Transfer

• Based on the HTTP protocol

• A stateless way to communicate with a back-end service

• Technology independent, no drivers or adapters needed

• Uses HTTP GET to retrieve data

• Uses HTTP POST, PUT and DELETE to manipulate (insert, update, delete) data

• Is non-transactional, i.e. no (two-phase) commit or rollback operations

6


WHY REST FOR THE DATABASE?

• Implementation by the database supplier means technology independence– No need for database drivers on the consumer side (the app server or client)

• No knowledge of SQL, PL/SQL or query optimisation required by the consumer– Any SQL or PL/SQL programming only on the database side: separation of abilities– Enables modern technology on top of the SmartDB1 architecture

• Access over HTTPS– Easy integration with web applications– Standard security implementation, such as basic authentication or OAUTH2.

1. The SmartDB architecture is an idea developed by Toon Koppelaars and Bryn Llewellyn, see:http://stevenfeuersteinonplsql.blogspot.com/2018/05/the-smartdb-resource-center.html

7


PROGRAM AGENDA






1

2

3

4

5

8


ORACLE’S IMPLEMENTATION: REST DATA SERVICES: ORDS

• Light-weight Java EE application

• Can run on: – Java EE servers (WebLogic, Tomcat, GlassFish) …– … or stand-alone (Jetty)

• Returns JSON or CSV result• Build-in (optional) security: Basic or OAuth2 authentication• Database based definition of REST Modules• Auto-REST enablement of database tables• Tools for defining REST modules: SQL Developer, APEX 18.1+, scripts

9


PROGRAM AGENDA






1

2

3

4

5

10


INSTALLING AND DEPLOYING ORDS

• Unzip distribution

– On a middletier host (preferred), the database server or a client (only for demo/testing)

• Run setup with 2 goals:

– Installing (or upgrading) the ORDS database objects

– Configuring the ORDS application on the application server

java –jar ords.war <command> (<command> = configdir, install)

• Start stand alone ORDS or deploy on WebLogic/Tomcat

11


REST ENABLE DATABASE SCHEMAS

• At least one database schema must be enabled for REST

– A REST enabled schema can be used to define REST Modules

– A REST enabled schema can have the AUTO-REST feature set

12


WHAT IS AUTO-REST?

• The AUTO-REST feature gives the possibility to enable tables for REST access– Automatically generates a REST interface for each table, with GET, POST, PUT and DELETE handlers

– Indicate per table which operations are allowed

13


USE OF AUTO-REST

• Mainly for prototyping and testing

• Do not use it in real systems:– It’s not an API, any table change will change the REST service– Security risk: Do not expose tables this way, use smarter APIs to manipulate data only according to the

specification of the service– Limited query possibilities

14


PROGRAM AGENDA






1

2

3

4

5

15


DEFINING REST MODULES: COMPONENTS

• Modules– Defines an URI prefix of a collection of related services, e.g. /depemp/

• Templates – Defines an URI template for a service, e.g. employees making e.g. /depemp/employees– Each Module can have any number of templates– Combine related REST API templates into a module

• Handlers:– Define the HTTP method, source type, format and parameters of the service– Each template can have 1-4 handlers for GET, POST, PUT and DELETE– Each handler can have zero or more parameters– Parameters can be URI parameters or HTTP headers

16


DEFINING REST HANDLERS. EXAMPLE 1: GET USING URI

• Most basic REST call: Operate on a single resource

• Unique identifier of the resource is in the URL (for GET and DELETE)

• Any other attributes (for POST or PUT) are in canonical URL

Source Type : Query Single RowURI Pattern : employee/:empnoSource : SELECT * FROM emp WHERE empno = :empno

Example GET URL:http://<host>:<port>/ords/depemp/employee/1234

17


DEFINING REST MODULES. EXAMPLE 2: GET USING PARAMETER

• More flexible using (optional) parameters instead of patterns• Can return multiple rowsSource Type : QueryURI Pattern : employeesParameter : empno, depno (both of type URI parameter)Source : SELECT * FROM emp

WHERE empno = NVL(:empno,empno) AND deptno = NVL(:deptno, deptno)

Example GET URL:http://<host>:<port>/ords/depemp/employees?depno=40

18


INTERMEZZO: PERFORMANCE

• The performance overhead of REST is very low– The query time determines the total time, not the formatting of JSON etc.– Example: A REST service fetching 600,000 rows performed in 1.8 sec– Optimized in version 17.3

19


INTERMEZZO: WHICH HANDLER FOR DATA MANIPULATION?

• PUT– For Inserts and Updates– Insert/Update object on indicated location– Needs a unique key in the location

• POST– Insert/Update detail/child data of object on indicated location– Can do multiple rows add a time, e.g. order_lines of indicated order

• DELETE– Delete object on indicated location

• It is also possible to do everything with POST (though not strictly conform REST)

20


DEFINING REST MODULES. EXAMPLE 3: PUT USING PL/SQL

Source Type : PL/SQLURI Pattern : employeeSource : BEGIN emp_package.put_emp(:body_text); END;

Or : BEGIN emp_package.put_emp(:empno,:ename,:deptno,:job,:sal,:comm,:mgr); END;

Example PUT URL:http://<host>:<port>/ords/depemp/employee {

<JSON body containing values for all (mandatory) columns>}

21


CUSTOMISING THE RESPONSE

• The default response of a PUT, POST or DELETE request is not always desired

• Use implicit parameter forward_location to define a URI to the response– This will often be the GET of the same resource

– This will also contain any values set by database triggers, such as an ID value from a sequence which was not known when posting the request

22


PROGRAM AGENDA






1

2

3

4

5

23


REST ENABLED SQL SERVICE

You have no Oracle client or JDBC driver and still want to be able to send SQL or PL/SQL commands to the database?• The REST enabled SQL Service in ORDS makes this possible!• It supports execution of: – any SQL statement– anonymous PL/SQL blocks – A complete SQL*Plus or SQLcl script including commands specific for these tools

24


USAGE OF REST ENABLED SQL SERVICE

• NOT for external exposure: Security!

• Ideal for Continuous Integration: – No need for Oracle client on CI server– URL based deployment, like most other components

25


REST JDBC DRIVER

• Stateless JDBC driver

• Uses ORDS REST Enabled SQL Service• Does not require changes in Java application using traditional JDBC

26

database rest apis for microservices · •no knowledge of sql, pl/sql or query...

Documents