modern web application network architecture
DESCRIPTION
Talk about web application architecture for Java web applications targeted to JavaScript single page applicationsTRANSCRIPT
![Page 1: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/1.jpg)
ARCHITECTURE
Dienstag, 11. Februar 14
![Page 2: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/2.jpg)
FROM PRESENTATION TO SERVICE LAYER
Dienstag, 11. Februar 14
![Page 3: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/3.jpg)
OLD STYLE PRESENTATION LAYERBrowser Server
GET /index.html HTTP/1.1
200/OK (HTML)
GET /contacts-table.html HTTP/1.1
200/OK (HTML)
POST /servlet/contacts HTTP/1.1
200/OK (HTML)
rendermarkup
rendermarkup
Dienstag, 11. Februar 14
![Page 4: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/4.jpg)
DATA CENTRIC SERVICE LAYERBrowser Server
GET /index.html HTTP/1.1
200/OK (HTML)
GET /api/contacts HTTP/1.1
200/OK (JSON)
PUT /api/contacts/12 HTTP/1.1
200/OK (JSON)
rendermarkup
rendermarkup
Dienstag, 11. Februar 14
![Page 5: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/5.jpg)
WHERE ARE WE HEADING TO ?Browser Server
GET /index.html HTTP/1.1
200/OK (HTML)
GET /contacts-table.html HTTP/1.1
200/OK (HTML)
rendermarkup
ws://future.now/ws
PUT /api/contacts/12 HTTP/1.1
200/OK (JSON)rendermarkup
WebSockets !
Dienstag, 11. Februar 14
![Page 6: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/6.jpg)
REST AND CRUD
Dienstag, 11. Februar 14
![Page 7: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/7.jpg)
JAX-RS@GET@Produces("application/json")public Collection<ToDo> getAll() throws ServiceException { ...}
@GET@Path("/{uuid}")@Produces("application/json")public ToDo get(@PathParam("uuid")String id) throws ServiceException { ...}
@PUT@Consumes("application/json")@Produces("application/json")public ToDo createToDo(ToDo toDo) throws ServiceException { ...}
Dienstag, 11. Februar 14
![Page 8: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/8.jpg)
CORS
CROSS ORIGIN RESOURCE SHARING
Dienstag, 11. Februar 14
![Page 9: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/9.jpg)
PREFLIGHT REQUESTcurl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo
> OPTIONS /baas/api/todo HTTP/1.1...
< HTTP/1.1 200 OK< X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6)< Server: GlassFish Server Open Source Edition 3.1.2.2< Allow: OPTIONS,GET,HEAD,PUT< Last-modified: Do, 15 Aug 2013 00:26:54 MESZ< Access-Control-Allow-Origin: *< Access-Control-Allow-Methods: GET, POST, PUT, DELETE< Access-Control-Allow-Headers: content-type,authorization,x-requested-with< Access-Control-Max-Age: 1728000< Content-Type: application/vnd.sun.wadl+xml< Content-Length: 1642< Date: Wed, 14 Aug 2013 22:44:55 GMT< <?xml version="1.0" encoding="UTF-8" standalone="yes"?><application xmlns="http://wadl.dev.java.net/2009/02">...</application>
Dienstag, 11. Februar 14
![Page 10: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/10.jpg)
Browser Server of origin
GET /index.html HTTP/1.1
200/OK (HTML)
OPTIONS /api/contacts HTTP/1.1
200/OK (WADL)
GET /api/contacts HTTP/1.1
200/OK (JSON)rendermarkup
Service provider
CORS
pre!ight request !
Dienstag, 11. Februar 14
![Page 11: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/11.jpg)
SETTING CORS HEADERS
@WebFilter(filterName = "CorsFilter", urlPatterns = {"/*"})public class CorsFilter implements Filter {
private void doBeforeProcessing(ServletRequest request, ServletResponse response) throws IOException, ServletException { final HttpServletResponse httpResponse = (HttpServletResponse)response; httpResponse.addHeader("Access-Control-Allow-Origin", "*"); httpResponse.addHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); httpResponse.addHeader("Access-Control-Allow-Headers", "x-requested-with, accept, origin, authorization"); httpResponse.addHeader("Access-Control-Max-Age", "1728000"); } ... // netbeans default Filter pattern}
JEE WebFilter (Glassfish 4.0)
Dienstag, 11. Februar 14
![Page 12: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/12.jpg)
CORS
curl -X OPTIONS --verbose --insecure https://localhost:8181/baas/api/todo
< HTTP/1.1 200 OK< X-Powered-By: Servlet/3.0 JSP/2.2 (GlassFish Server Open Source Edition 3.1.2.2 Java/Apple Inc./1.6)< Server: GlassFish Server Open Source Edition 3.1.2.2< Allow: OPTIONS,GET,HEAD,PUT< Last-modified: Do, 15 Aug 2013 00:26:54 MESZ< Access-Control-Allow-Origin: *< Access-Control-Allow-Methods: GET, POST, PUT, DELETE< Access-Control-Allow-Headers: content-type,authorization,x-requested-with< Access-Control-Max-Age: 1728000< Content-Type: application/vnd.sun.wadl+xml< Content-Length: 1642< Date: Wed, 14 Aug 2013 22:44:55 GMT< <?xml version="1.0" encoding="UTF-8" standalone="yes"?><application xmlns="http://wadl.dev.java.net/2009/02"> ...</application>
Dienstag, 11. Februar 14
![Page 13: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/13.jpg)
WADL
<?xml version="1.0" encoding="UTF-8" standalone="yes"?><application xmlns="http://wadl.dev.java.net/2009/02"> <resources base="https://localhost:8181/baas/api/"> <resource path="todo"> <method id="createToDo" name="PUT"> <request> <representation mediaType="application/json"/> </request> <response> <representation mediaType="application/json"/> </response> </method> ... </resource> </resources></application>
Dienstag, 11. Februar 14
![Page 14: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/14.jpg)
AUTHENTICATION
Dienstag, 11. Februar 14
![Page 15: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/15.jpg)
WEB.XML<security-constraint> <display-name>REST API</display-name> <web-resource-collection> <web-resource-name>web-api</web-resource-name> <url-pattern>/api/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint></security-constraint><login-config> <auth-method>BASIC</auth-method> <realm-name>file</realm-name></login-config><security-role> <role-name>user</role-name></security-role>
HTTPS
basic auth
Dienstag, 11. Februar 14
![Page 16: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/16.jpg)
HTTPS AND BASIC AUTH
• + easy to implement
• - password is sent on every request
• (- browser stores credentials for session)
• (- browser may store creds permanently)
• corporate proxies
• not for really sensitive dataDienstag, 11. Februar 14
![Page 17: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/17.jpg)
BASIC AUTHENTICATION
curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo
> GET /baas/api/todo HTTP/1.1...
< HTTP/1.1 401 Unauthorized< X-Powered-By: Servlet/3.0 JSP/2.2 [...]< Server: GlassFish Server Open Source Edition 3.1.2.2< Pragma: No-cache< Cache-Control: no-cache< Expires: Thu, 01 Jan 1970 01:00:00 CET< WWW-Authenticate: Basic realm="file"< Content-Type: text/html< Content-Length: 1073< Date: Wed, 14 Aug 2013 23:33:48 GMT<
Dienstag, 11. Februar 14
![Page 18: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/18.jpg)
BASIC AUTHENTICATION
curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo
> GET /baas/api/todo HTTP/1.1> Authorization: Basic bWFyYzpnZWhlaW0=> User-Agent: ...> Host: localhost:8181> Accept: */*>
< HTTP/1.1 200 OK
Dienstag, 11. Februar 14
![Page 19: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/19.jpg)
EXERCISES
~/ws/05-Architecture/jquery-rest~/ws/05-Architecture/baas-gf
Dienstag, 11. Februar 14
![Page 20: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/20.jpg)
• auth method form in web.xml
• credential sent only once (+)
• SSO (+)
• corporate proxies (-)
HTTPS AND FORM AUTH
Dienstag, 11. Februar 14
![Page 21: Modern web application network architecture](https://reader033.vdocument.in/reader033/viewer/2022051609/547bc5975906b559798b4649/html5/thumbnails/21.jpg)
SETTING CORS HEADERS
public class CrossOriginResourceSharingFilter implements ContainerResponseFilter { @Override public ContainerResponse filter( ContainerRequest request, ContainerResponse response) {
response.getHttpHeaders().putSingle( "Access-Control-Allow-Origin", "*"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Methods", "GET, POST, PUT, DELETE"); response.getHttpHeaders().putSingle( "Access-Control-Allow-Headers", "content-type,authorization,x-requested-with"); response.getHttpHeaders().putSingle( "Access-Control-Max-Age", "3600"); return response; }}
Jersey (eg. Jersey/Tomcat)
Dienstag, 11. Februar 14