This course shows experienced Java programmers how to build RESTful web services using the Java API for RESTful Web Services, or JAX-RS. We develop a clear sense of the key concepts of REST — ultimately the thorough and thoughtful use of URLs, HTTP methods, and media types to design and implement scalable and maintainable enterprise services. Then we dive into the elegant JAX-RS standard for building RESTful services, learning how to manage URLs and URL patterns and methods, how to bind input and control response production, and how to manage HTTP entities in popular content types such as XML and JSON. From here students investigate intermediate features including dependency injection, error handling, and JSR-303 validation, and use Java generics to implement patterns for common operations over an application’s domain classes. We explore the JAX-RS client API, and filters and interceptors, before closing with a summary chapter on REST security that includes implementations of HTTP BASIC security and HMAC signatures.
Objectives
Understand the advantages of the REST architecture for web services.
Use JAX-RS to develop simple RESTful services.
Control dispatching to service methods based on URL patterns and HTTP methods.
Bind request values to method parameters when expressed as HTTP query parameters, form values, headers, cookies, and more.
Manage XML and JSON content using XML Schema and JAXB — or without JAXB using leading JAX-RS providers and Reflection-driven entity providers such as MOXy and Jackson.
Handle error conditions by producing appropriate HTTP responses.
Use JSR-303 validation for request parameters, headers, and entities.
Use Java generics to implement REST API patterns for various domain classes.
Take advantage of lifecycle and context services available to JAX-RS services.
Implement REST clients using the JAX-RS standard API.
Build filters and interceptors to adapt service endpoint behavior.
Detailed Outline
- Overview of REST and JAX-RS
- The REST Vision
- Use of HTTP
- Use of URIs
- Use of Content Types
- CRUD Operations and Business Operations
- HATEOAS and the Richardson Maturity Model
- JAX-RS
- Applications, Resources, and Providers
- Configuration and Lifecycle
- The JAX-RS Application
- XML Configuration
- Annotation-Driven Configuration
- Applications
- Root Resource Classes
- Per-Request vs. Singleton Lifecycle
- Providers
- Dispatching Requests
- The Application Path
- The @Path Annotation
- The HTTP Method Annotations
- Sub-Resource Locators
- Annotation Inheritance and overriding
- @XXXParam Annotations
- The @DefaultValue Annotation
- Parameter Types
- Parameter Converters
- Handling Requests
- The Application Path
- The @Path Annotation
- The HTTP Method Annotations
- Sub-Resource Locators
- Annotation Inheritance and overriding
- @XXXParam Annotations
- The @DefaultValue Annotation
- Parameter Types
- Parameter Converters
- Producing Responses
- Supported Return Types
- The Response Class
- Response Entities
- Binary Content
- Delivering a File
- Entity Translation
- Entity Parameter and Return Type
- Entity Providers
- @Consumes and @Produces Annotations
- Built-In Entity Providers
- Custom Entity Provider
- Working with XML and JSON
- The JAXB Entity Provider
- Driving XML Representations from Schema
- Driving JSON Representations with JAXB
- JSON without JAXB: Jackson, MOXy, etc.
- CRUD Patterns
- Error Handling
- Sub-Resources
- Dependency Injection
- The @Context Annotation
- Injectable Types
- The Application Subclass
- Servlet Configuration and Context
- Impact of Lifecycle Policies
- Context Providers
- Using CDI
- Validation and Error Handling
- Using Response
- Throwing WebApplicationException
- Exception Mapping Providers
- Selection of Exception Mappers
- Support for JSR-303
- Annotating Method Parameters
- Annotating Entity Classes
- Error Reporting
- Generic Services
- Generic Entities
- Generic Entity Providers
- ParameterizedType
- Reflection-Driven Entity Providers
- Annotation Inheritance
- CRUD Patterns, II
- Serialization, Recursion, and Scope
- Dynamic Sub-Resources
- Working with Databases
- Persistence Services
- The Java Persistence API
- JPA Support for JSR-303
- Handling IDs and Keys
- Cascading
- Caching
- Error Handling
- Hypermedia Challenges
- The Client API
- The Builder Pattern
- Client
- WebTarget
- Invocation
- Basic Usage
- Managing Content Types and Entities
- Error Handling
- Registering Providers
- The Service Locator Pattern
- Generic Clients
- Filters and Interceptors
- The Filter Interfaces
- Processing Pattern
- The Request and Response Context Interfaces
- Aborting a Request
- The Interceptor Interfaces
- Adaptive Streams
- Filters on the Client Side
- Interceptor Strategy for Hypermedia
- Security
- Concerns for RESTful Services
- Authentication and Authorization
- HTTP BASIC and DIGEST
- HTTPS
- Programmatic Security
- SQL Injection
- Cross-Site Request Forgery
- Message-Level Security
- HMACs
- The Java API for XML Binding
- The Need for Data Binding
- XML Schema
- Two Paths
- JAXB Compilation
- Mapping Schema Types to Java
- Java-to-XML Mapping Using Annotations
- Marshalling and Un-marshalling
- Working with JAXB Object Models