SlideShare a Scribd company logo

Confoo2013 make your java-app rest enabled

Anthony Dahanne
Anthony Dahanne
1 of 82
Download to read offline
Make your java app REST enabled Anthony Dahanne Confoo 2013 — Feb. 28th, 2013
About me … § Software Engineer at Terracotta – Working on EhCache management REST API and webapp (aka Terracotta Management Console, TMC) – Strong interest in CI, build tools (maven) – Android developer when time permits ... Confoo 2013 2
Terracotta § Founded 2003 in San Francisco, CA § Joined Software AG in 2011 § Present in India, Europe and pretty much all over the globe! § The company behind : Confoo 2013 3
Agenda § The Terracotta Management Console example § Introduction to REST, Java integration – REST – The Java case : JAX-RS § Securing your REST interface – JEE included authc and authz options – Apache Shiro § Final words... 2
The Terracotta Management Console example
Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database JVM 5
Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database JVM 5
Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database JVM 5
Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database EhCache JVM 5
Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database EhCache JVM 5
Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
Simplified architecture : management agents (Web) app EhCache JVM 7
Simplified architecture : management agents (Web) app Rest EhCache Agent JVM 7
Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM 7
Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server 7
Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server REST API 7
Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server REST API Terracotta Management Console JS + CSS Browser 7
Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server REST API Terracotta Management Console cURL JS + CSS HTTP Script Browser 7
What you can do with the TMC § Access your Caches / Cache Managers stats § Restart a Terracotta server § Clear a cache § Dynamically change your Cache / CM config 8
What you can do with the TMC § Access your Caches / Cache Managers stats § Restart a Terracotta server § Clear a cache § Dynamically change your Cache / CM config § Demo ! 8
Introduction to REST, Java Integration
A few words about REST… § Web services leveraging standard HTTP verbs – GET,POST,PUT,DELETE,OPTIONS,HEAD § Conneg (multiple representations) – to negotiate the format (JSON, XML, etc.) § Stateless communication § HATEOAS 10
JAX-RS : Java specification for REST Services § Version 1.1 appeared in Java EE 6 § Server only spec (until 2.0, out Q2 2013) § Annotations driven API § Oracle / Sun Jersey is the reference impl. – Redhat Resteasy, Restlet, Apache CXF are among others 11
JAX-RS : Binding your REST services to your app § Using web.xml: 13
JAX-RS : Binding your REST services to your app § Customizing loading of resources 14
JAX-RS : Annotations available 15
JAX-RS : Annotations available § @Provider § @Path § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces § @Consumes 15
JAX-RS : Annotations available § @Provider § @Path @Path(“/cars/{id}”) § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces § @Consumes 15
JAX-RS : Annotations available § @Provider § @Path @Path(“/cars/{id}”) § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces @Produces(“application/json”,”text/plain”) § @Consumes 15
JAX-RS : Annotations available § @Provider § @Path @Path(“/cars/{id}”) § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces @Produces(“application/json”,”text/plain”) § @Consumes @Consumes(“application/xml”) 15
JAX-RS : Annotations available to bind parameters – @PathParam -> path segment. – @QueryParam -> HTTP query parameter. – @MatrixParam -> HTTP matrix parameter. – @Context ->inject context variables 16
JAX-RS : Annotations available to bind parameters – @PathParam -> path segment. @GET @Path("/groups/{groupId}") public Collection<Agent> getAgents(@PathParam("groupId") String groupId) { return configSvc.getAgentsByGroup(groupId, authorizer.getPrincipal()); } – @QueryParam -> HTTP query parameter. – @MatrixParam -> HTTP matrix parameter. – @Context ->inject context variables 16
JAX-RS : Annotations available to bind parameters – @PathParam -> path segment. @GET @Path("/groups/{groupId}") public Collection<Agent> getAgents(@PathParam("groupId") String groupId) { return configSvc.getAgentsByGroup(groupId, authorizer.getPrincipal()); } – @QueryParam -> HTTP query parameter. – @MatrixParam -> HTTP matrix parameter. – @Context ->inject context variables @GET @Produces(MediaType.APPLICATION_JSON) Collection<CacheManagerEntity> getCacheManagers(@Context UriInfo info) { String cacheManagerNames = info.getPathSegments().get(1).getMatrixParameters().getFirst("names"); MultivaluedMap<String, String> qParams = info.getQueryParameters(); List<String> attrs = qParams.get(ATTR_QUERY_KEY); } 16
JAX-RS : Raw Content Handlers § By default, you can bind your request payload or your response to streams @PUT @Path("/inputstream") @Produces("text/plain") public Response getInputStream(InputStream is) throws IOException { System.out.println(inputStreamToString(is)); return Response.noContent().build(); } 16
JAX-RS : Raw Content Handlers § By default, you can bind your request payload or your response to streams @PUT @Path("/inputstream") @Produces("text/plain") public Response getInputStream(InputStream is) throws IOException { System.out.println(inputStreamToString(is)); return Response.noContent().build(); } @GET @Path("/outputstream") @Produces("text/plain") public StreamingOutput getOutputStream() { return new StreamingOutput() { @Override public void write(OutputStream output) throws IOException, WebApplicationException { output.write("hello".getBytes()); } }; } 16
JAX-RS : Adding your own Content Handler § Implementing – MessageBodyReader<T> : handle the request – MessageBodyWriter<T> : handle the response § Examples : – FileProvider from jersey-core – AbstractJAXBProvider from jersey-core 16
JAX-RS : JAXB Content Handlers § Using JAXB you can convert POJOs to XML (or JSON) and vice versa @XmlRootElement public final class Agent { private TYPE type; private String name; private String groupId; private String agentLocation; private Integer connectionTimeoutMillis; private Integer readTimeoutMillis; //etc... } 16
JAX-RS : Meaningful error responses – Implementing and registering your own ExceptionMapper @Provider public class DefaultExceptionMapper implements ExceptionMapper<Throwable> { public Response toResponse(Throwable exception) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR) .type(MediaType.APPLICATION_JSON_TYPE) .entity( String.format("{"error" : "%s" , "details" : "%s"}", errorMessage, extraErrorMessage)) .build(); } } 16
JAX-RS : Testing anyone ? § Integration testing to validate – the REST API – end to end testing § How to do integration testing against JAX-RS ? – creating a client and making assertions : • java.net.HttpUrlConnection, Apache HttpClient – RestAssured from Jayway : expect().statusCode(404).when().get("/cacheManagers/hello"); String expectedResourceLocation = "/api/config/agents/Local Connection 4343"; expect().contentType(ContentType.JSON).body(containsString("Local Connection 4343"), containsString("10000")).statusCode(200).when().get(expectedResourceLocation); 16
Securing your REST interface
Standard JEE security : certificate authentication § Basic Authentication § Form-based login authentication § Digest Authentication § SSL Authentication 18
Standard JEE security : basic authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Basic realm="Secured Realm" 18
Standard JEE security : basic authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Basic realm="Secured Realm" If the user is “anthony” and password is “terracotta”, the client sends GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Basic YW50aG9ueTp0ZXJyYWNvdHRh Since base64(anthony:terracotta) = YW50aG9ueTp0ZXJyYWNvdHRh 18
Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, Copies cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, counter Copies cnonce="0a4f113b", random response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, Copies cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", H1=md5(“anthony:MyRealm:password”) uri="/private/index.html", qop=auth, H2=md5(“GET:/private/index.html”) nc=00000001, response = md5(“H1:nonce:nc:cnonce:qop:H2) cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
Standard JEE security : form-based authentication Webapp HTTP Client 18
Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 18
Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_password 18
Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_security_check j_password 3. submit login form 18
Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_security_check j_password 3. submit login form Success 4. redirect to the protected resource 18
Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_security_check j_password 3. submit login form Success Failure 4. redirect to the protected resource 4f. returns error page 18
Standard JEE security : certificate authentication HTTP Client Webapp Keystore Truststore Keystore Truststore Server.crt Server.crt Success Failure 18
Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client Webapp Keystore Truststore Keystore Truststore Server.crt Server.crt Success Failure 18
Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client 2. sends cert Webapp Keystore Truststore Keystore Truststore Server.crt Server.crt Success Failure 18
Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client 2. sends cert Webapp Keystore Truststore Keystore Truststore 3. sends cert Client.crt Server.crt Server.crt Client.crt Success Failure 18
Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client 2. sends cert Webapp Keystore Truststore Keystore Truststore 3. sends cert Client.crt Server.crt Server.crt Client.crt Success Failure 4. returns protected resource 18
Standard JEE security : configuration <security-constraint> <display-name>My security constraint</display-name> <web-resource-collection> <web-resource-name>myresource</web-resource-name> <description/> <url-pattern>/protected/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>myuser</role-name> </auth-constraint> web.xml </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>My Realm</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description/> <role-name>myuser</role-name> </security-role> 19
Security with Apache Shiro § Shiro is about : – Authentication – Authorization – Realms – Session Management – Cryptography 20
Why choose Shiro over JEE security ? § Shiro is deployment agnostic – not necessarily a webapp § Shiro secures all the layers of your application – not only the “web layer” § Highly customizable – Realms, filters, listeners, etc... 20
Securing your REST application with Shiro § Register the Listener and the Filter <listener> <listener-class>c.t.m.s.w.s.TMSEnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>securityFilter</filter-name> <filter-class>c.t.m.s.w.s.TMSSecurityFilter</filter-class> </filter> <filter-mapping> <filter-name>securityFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> – <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> 21
Shiro Realms used § For Terracotta REST agents – TCIdentityAssertionRealm § For the Terracotta Management Console – TCIniRealm – LdapRealm – ActiveDirectoyRealm 21
Example of shiro.ini [main] securityManager = org.apache.shiro.web.mgt.DefaultWebSecurityManager ldapRealm = com.terracotta.management.security.shiro.realm.ActiveDirectoryRealm ldapRealm.userDnTemplate = CN={0},CN=Users,DC=mykene,DC=rndlab,DC=loc ldapRealm.searchBase = DC=mykene,DC=rndlab,DC=loc ldapRealm.contextFactory.url = ldap://10.21.32.72:389 securityManager.realm = $ldapRealm securityManager.sessionManager.globalSessionTimeout = 600000 mgmtAuthListener = c.t.m.s.a.ManagementAuthenticationListener securityManager.authenticator.authenticationListeners = $mgmtAuthListener authc.loginUrl = /login.jsp authc.successUrl = /index.jsp – iaauthc = com.terracotta.management.security.shiro.web.filter.TCIdentityAssertionFilter [urls] /login.jsp = authc /logout = logout /** = authc, roles[operator] /rest/** = noSessionCreation, iaauthc, rest[api] 21
Final words...
Switching to REST for management § Brought us : – consumption from outside the Java world – scriptability – “firewalls compatibility” – existing monitoring tools (Nagios, etc...) 18
Lessons learned creating the rest agents ... 18
Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning 18
Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses 18
Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses 18
Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses § Security brings complexity 18
Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses § Security brings complexity 18
Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses § Security brings complexity § Ldap has a lot of different schemas ... 18
Useful tools to develop / debug / test § Fast deploy your REST based application – Maven jetty:run(ner), or tomcat7:run(ner) – JRebel (not to stop/start your container for every change) § Monitor HTTP traffic – Membrane § Hand tailor HTTP messages – Curl – Chrome Advanced REST Client (via Chrome Store) § Inspect your SSL Keystores and Trustores – Keystore Explorer 18
Useful resources § HTTP – Cours du soir, by @paulgreg (en français) § REST – Roy Fielding’s thesis § JAX-RS / Jersey – RESTful Java, by @patriot1burke – Arun Gupta presentation on JAX-RS 2.0 § Shiro – Shiro official documentation 18
terracotta | terracotta.org Vote now ! https://joind.in/7901 Thank you ! twitter | @anthonydahanne email | adahanne@terracottatech.com blog | blog.dahanne.net

Recommended

Java EE7 Demystified
Java EE7 DemystifiedJava EE7 Demystified
Java EE7 DemystifiedAnkara JUG
 
Java EE7 in action
Java EE7 in actionJava EE7 in action
Java EE7 in actionAnkara JUG
 
Ankara JUG Ağustos 2013 - Oracle ADF
Ankara JUG Ağustos 2013 - Oracle ADFAnkara JUG Ağustos 2013 - Oracle ADF
Ankara JUG Ağustos 2013 - Oracle ADFAnkara JUG
 
JEE Course - JEE Overview
JEE Course - JEE OverviewJEE Course - JEE Overview
JEE Course - JEE Overviewodedns
 
GlassFish REST Administration Backend
GlassFish REST Administration BackendGlassFish REST Administration Backend
GlassFish REST Administration BackendArun Gupta
 
5050 dev nation
5050 dev nation5050 dev nation
5050 dev nationArun Gupta
 
Java Enterprise Edition 6 Overview
Java Enterprise Edition 6 OverviewJava Enterprise Edition 6 Overview
Java Enterprise Edition 6 OverviewEugene Bogaart
 
JAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web ServicesJAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web ServicesArun Gupta
 

Recommended

Java EE7 Demystified
Java EE7 DemystifiedJava EE7 Demystified
Java EE7 DemystifiedAnkara JUG
 
Java EE7 in action
Java EE7 in actionJava EE7 in action
Java EE7 in actionAnkara JUG
 
Ankara JUG Ağustos 2013 - Oracle ADF
Ankara JUG Ağustos 2013 - Oracle ADFAnkara JUG Ağustos 2013 - Oracle ADF
Ankara JUG Ağustos 2013 - Oracle ADFAnkara JUG
 
JEE Course - JEE Overview
JEE Course - JEE OverviewJEE Course - JEE Overview
JEE Course - JEE Overviewodedns
 
GlassFish REST Administration Backend
GlassFish REST Administration BackendGlassFish REST Administration Backend
GlassFish REST Administration BackendArun Gupta
 
5050 dev nation
5050 dev nation5050 dev nation
5050 dev nationArun Gupta
 
Java Enterprise Edition 6 Overview
Java Enterprise Edition 6 OverviewJava Enterprise Edition 6 Overview
Java Enterprise Edition 6 OverviewEugene Bogaart
 
JAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web ServicesJAX-RS 2.0: RESTful Web Services
JAX-RS 2.0: RESTful Web ServicesArun Gupta
 
Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reza Rahman
 
Introducing WebLogic 12c OTN Tour 2012
Introducing WebLogic 12c OTN Tour 2012Introducing WebLogic 12c OTN Tour 2012
Introducing WebLogic 12c OTN Tour 2012Bruno Borges
 
JavaFX and JEE 7
JavaFX and JEE 7JavaFX and JEE 7
JavaFX and JEE 7Vijay Nair
 
Java Summit Chennai: JAX-RS 2.0
Java Summit Chennai: JAX-RS 2.0Java Summit Chennai: JAX-RS 2.0
Java Summit Chennai: JAX-RS 2.0Arun Gupta
 
GlassFish REST Administration Backend at JavaOne India 2012
GlassFish REST Administration Backend at JavaOne India 2012GlassFish REST Administration Backend at JavaOne India 2012
GlassFish REST Administration Backend at JavaOne India 2012Arun Gupta
 
F428435966 odtug web-logic for developers
F428435966 odtug web-logic for developersF428435966 odtug web-logic for developers
F428435966 odtug web-logic for developersMeng He
 
Java EE 7 and HTML5: Developing for the Cloud
Java EE 7 and HTML5: Developing for the CloudJava EE 7 and HTML5: Developing for the Cloud
Java EE 7 and HTML5: Developing for the CloudArun Gupta
 
Building Java Desktop Apps with JavaFX 8 and Java EE 7
Building Java Desktop Apps with JavaFX 8 and Java EE 7Building Java Desktop Apps with JavaFX 8 and Java EE 7
Building Java Desktop Apps with JavaFX 8 and Java EE 7Bruno Borges
 
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012Arun Gupta
 
Oracle History #5
Oracle History #5Oracle History #5
Oracle History #5Kyung Sang Jang
 
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012Arun Gupta
 
Websocket 1.0
Websocket 1.0Websocket 1.0
Websocket 1.0Arun Gupta
 
PaaSing a Java EE 6 Application at Geecon 2012
PaaSing a Java EE 6 Application at Geecon 2012PaaSing a Java EE 6 Application at Geecon 2012
PaaSing a Java EE 6 Application at Geecon 2012Arun Gupta
 
Have You Seen Java EE Lately?
Have You Seen Java EE Lately?Have You Seen Java EE Lately?
Have You Seen Java EE Lately?Reza Rahman
 
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012Arun Gupta
 
Java EE 7: Developing for the Cloud at Geecon, JEEConf, Johannesburg
Java EE 7: Developing for the Cloud at Geecon, JEEConf, JohannesburgJava EE 7: Developing for the Cloud at Geecon, JEEConf, Johannesburg
Java EE 7: Developing for the Cloud at Geecon, JEEConf, JohannesburgArun Gupta
 
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010Arun Gupta
 
JavaFX Uni Parthenope
JavaFX Uni ParthenopeJavaFX Uni Parthenope
JavaFX Uni ParthenopeEmanuela Giannetta
 
JavaOne India 2011 - Servlets 3.0
JavaOne India 2011 - Servlets 3.0JavaOne India 2011 - Servlets 3.0
JavaOne India 2011 - Servlets 3.0Arun Gupta
 
JAX-RS 2.0: What’s New in JSR 339 ?
JAX-RS 2.0: What’s New in JSR 339 ?JAX-RS 2.0: What’s New in JSR 339 ?
JAX-RS 2.0: What’s New in JSR 339 ?Arun Gupta
 
Have Some Rest Building Web2.0 Apps And Services
Have Some Rest Building Web2.0 Apps And ServicesHave Some Rest Building Web2.0 Apps And Services
Have Some Rest Building Web2.0 Apps And ServicesNenad Nikolic
 
Devoxx 2010 | LAB : ReST in Java
Devoxx 2010 | LAB : ReST in JavaDevoxx 2010 | LAB : ReST in Java
Devoxx 2010 | LAB : ReST in JavaNGDATA
 

More Related Content

What's hot

Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reza Rahman
 
Introducing WebLogic 12c OTN Tour 2012
Introducing WebLogic 12c OTN Tour 2012Introducing WebLogic 12c OTN Tour 2012
Introducing WebLogic 12c OTN Tour 2012Bruno Borges
 
JavaFX and JEE 7
JavaFX and JEE 7JavaFX and JEE 7
JavaFX and JEE 7Vijay Nair
 
Java Summit Chennai: JAX-RS 2.0
Java Summit Chennai: JAX-RS 2.0Java Summit Chennai: JAX-RS 2.0
Java Summit Chennai: JAX-RS 2.0Arun Gupta
 
GlassFish REST Administration Backend at JavaOne India 2012
GlassFish REST Administration Backend at JavaOne India 2012GlassFish REST Administration Backend at JavaOne India 2012
GlassFish REST Administration Backend at JavaOne India 2012Arun Gupta
 
F428435966 odtug web-logic for developers
F428435966 odtug web-logic for developersF428435966 odtug web-logic for developers
F428435966 odtug web-logic for developersMeng He
 
Java EE 7 and HTML5: Developing for the Cloud
Java EE 7 and HTML5: Developing for the CloudJava EE 7 and HTML5: Developing for the Cloud
Java EE 7 and HTML5: Developing for the CloudArun Gupta
 
Building Java Desktop Apps with JavaFX 8 and Java EE 7
Building Java Desktop Apps with JavaFX 8 and Java EE 7Building Java Desktop Apps with JavaFX 8 and Java EE 7
Building Java Desktop Apps with JavaFX 8 and Java EE 7Bruno Borges
 
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012Arun Gupta
 
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012Arun Gupta
 
PaaSing a Java EE 6 Application at Geecon 2012
PaaSing a Java EE 6 Application at Geecon 2012PaaSing a Java EE 6 Application at Geecon 2012
PaaSing a Java EE 6 Application at Geecon 2012Arun Gupta
 
Have You Seen Java EE Lately?
Have You Seen Java EE Lately?Have You Seen Java EE Lately?
Have You Seen Java EE Lately?Reza Rahman
 
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012Arun Gupta
 
Java EE 7: Developing for the Cloud at Geecon, JEEConf, Johannesburg
Java EE 7: Developing for the Cloud at Geecon, JEEConf, JohannesburgJava EE 7: Developing for the Cloud at Geecon, JEEConf, Johannesburg
Java EE 7: Developing for the Cloud at Geecon, JEEConf, JohannesburgArun Gupta
 
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010Arun Gupta
 
JavaOne India 2011 - Servlets 3.0
JavaOne India 2011 - Servlets 3.0JavaOne India 2011 - Servlets 3.0
JavaOne India 2011 - Servlets 3.0Arun Gupta
 
JAX-RS 2.0: What’s New in JSR 339 ?
JAX-RS 2.0: What’s New in JSR 339 ?JAX-RS 2.0: What’s New in JSR 339 ?
JAX-RS 2.0: What’s New in JSR 339 ?Arun Gupta
 

What's hot (20)

Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!Reactive Java EE - Let Me Count the Ways!
Reactive Java EE - Let Me Count the Ways!
 
Introducing WebLogic 12c OTN Tour 2012
Introducing WebLogic 12c OTN Tour 2012Introducing WebLogic 12c OTN Tour 2012
Introducing WebLogic 12c OTN Tour 2012
 
JavaFX and JEE 7
JavaFX and JEE 7JavaFX and JEE 7
JavaFX and JEE 7
 
Java Summit Chennai: JAX-RS 2.0
Java Summit Chennai: JAX-RS 2.0Java Summit Chennai: JAX-RS 2.0
Java Summit Chennai: JAX-RS 2.0
 
GlassFish REST Administration Backend at JavaOne India 2012
GlassFish REST Administration Backend at JavaOne India 2012GlassFish REST Administration Backend at JavaOne India 2012
GlassFish REST Administration Backend at JavaOne India 2012
 
F428435966 odtug web-logic for developers
F428435966 odtug web-logic for developersF428435966 odtug web-logic for developers
F428435966 odtug web-logic for developers
 
Java EE 7 and HTML5: Developing for the Cloud
Java EE 7 and HTML5: Developing for the CloudJava EE 7 and HTML5: Developing for the Cloud
Java EE 7 and HTML5: Developing for the Cloud
 
Building Java Desktop Apps with JavaFX 8 and Java EE 7
Building Java Desktop Apps with JavaFX 8 and Java EE 7Building Java Desktop Apps with JavaFX 8 and Java EE 7
Building Java Desktop Apps with JavaFX 8 and Java EE 7
 
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012
The Java EE 7 Platform: Productivity & HTML5 at JavaOne Latin America 2012
 
Oracle History #5
Oracle History #5Oracle History #5
Oracle History #5
 
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012
JAX-RS 2.0: RESTful Web services on steroids at Geecon 2012
 
Websocket 1.0
Websocket 1.0Websocket 1.0
Websocket 1.0
 
PaaSing a Java EE 6 Application at Geecon 2012
PaaSing a Java EE 6 Application at Geecon 2012PaaSing a Java EE 6 Application at Geecon 2012
PaaSing a Java EE 6 Application at Geecon 2012
 
Have You Seen Java EE Lately?
Have You Seen Java EE Lately?Have You Seen Java EE Lately?
Have You Seen Java EE Lately?
 
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012
Java EE 7: Developing for the Cloud at Java Day, Istanbul, May 2012
 
Java EE 7: Developing for the Cloud at Geecon, JEEConf, Johannesburg
Java EE 7: Developing for the Cloud at Geecon, JEEConf, JohannesburgJava EE 7: Developing for the Cloud at Geecon, JEEConf, Johannesburg
Java EE 7: Developing for the Cloud at Geecon, JEEConf, Johannesburg
 
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010
Servlets 3.0 - Asynchronous, Extensibility, Ease-of-use @ JavaOne Brazil 2010
 
JavaFX Uni Parthenope
JavaFX Uni ParthenopeJavaFX Uni Parthenope
JavaFX Uni Parthenope
 
JavaOne India 2011 - Servlets 3.0
JavaOne India 2011 - Servlets 3.0JavaOne India 2011 - Servlets 3.0
JavaOne India 2011 - Servlets 3.0
 
JAX-RS 2.0: What’s New in JSR 339 ?
JAX-RS 2.0: What’s New in JSR 339 ?JAX-RS 2.0: What’s New in JSR 339 ?
JAX-RS 2.0: What’s New in JSR 339 ?
 

Viewers also liked

Have Some Rest Building Web2.0 Apps And Services
Have Some Rest Building Web2.0 Apps And ServicesHave Some Rest Building Web2.0 Apps And Services
Have Some Rest Building Web2.0 Apps And ServicesNenad Nikolic
 
Devoxx 2010 | LAB : ReST in Java
Devoxx 2010 | LAB : ReST in JavaDevoxx 2010 | LAB : ReST in Java
Devoxx 2010 | LAB : ReST in JavaNGDATA
 
Using Java to implement RESTful Web Services: JAX-RS
Using Java to implement RESTful Web Services: JAX-RSUsing Java to implement RESTful Web Services: JAX-RS
Using Java to implement RESTful Web Services: JAX-RSKatrien Verbert
 
The glory of REST in Java: Spring HATEOAS, RAML, Temenos IRIS
The glory of REST in Java: Spring HATEOAS, RAML, Temenos IRISThe glory of REST in Java: Spring HATEOAS, RAML, Temenos IRIS
The glory of REST in Java: Spring HATEOAS, RAML, Temenos IRISGeert Pante
 
JEST: REST on OpenJPA
JEST: REST on OpenJPAJEST: REST on OpenJPA
JEST: REST on OpenJPAPinaki Poddar
 
Terracotta Ehcache : Simpler, faster, distributed
Terracotta Ehcache : Simpler, faster, distributedTerracotta Ehcache : Simpler, faster, distributed
Terracotta Ehcache : Simpler, faster, distributedAnthony Dahanne
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsCarol McDonald
 
OAuth and REST web services
OAuth and REST web servicesOAuth and REST web services
OAuth and REST web servicessullis
 
Introduction to REST and JAX-RS
Introduction to REST and JAX-RSIntroduction to REST and JAX-RS
Introduction to REST and JAX-RSTed Pennings
 
Writing a Jenkins / Hudson plugin
Writing a Jenkins / Hudson pluginWriting a Jenkins / Hudson plugin
Writing a Jenkins / Hudson pluginAnthony Dahanne
 
Docker and java, at Montréal JUG
Docker and java, at Montréal JUGDocker and java, at Montréal JUG
Docker and java, at Montréal JUGAnthony Dahanne
 
TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8
TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8
TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8Stefan Teixeira
 
Java Web Services [5/5]: REST and JAX-RS
Java Web Services [5/5]: REST and JAX-RSJava Web Services [5/5]: REST and JAX-RS
Java Web Services [5/5]: REST and JAX-RSIMC Institute
 
Developing, Testing and Scaling with Apache Camel - UberConf 2015
Developing, Testing and Scaling with Apache Camel - UberConf 2015Developing, Testing and Scaling with Apache Camel - UberConf 2015
Developing, Testing and Scaling with Apache Camel - UberConf 2015Matt Raible
 
Interoperable Web Services with JAX-WS
Interoperable Web Services with JAX-WSInteroperable Web Services with JAX-WS
Interoperable Web Services with JAX-WSCarol McDonald
 
Building microservices with Scala, functional domain models and Spring Boot
Building microservices with Scala, functional domain models and Spring BootBuilding microservices with Scala, functional domain models and Spring Boot
Building microservices with Scala, functional domain models and Spring BootChris Richardson
 

Viewers also liked (20)

Have Some Rest Building Web2.0 Apps And Services
Have Some Rest Building Web2.0 Apps And ServicesHave Some Rest Building Web2.0 Apps And Services
Have Some Rest Building Web2.0 Apps And Services
 
Devoxx 2010 | LAB : ReST in Java
Devoxx 2010 | LAB : ReST in JavaDevoxx 2010 | LAB : ReST in Java
Devoxx 2010 | LAB : ReST in Java
 
Using Java to implement RESTful Web Services: JAX-RS
Using Java to implement RESTful Web Services: JAX-RSUsing Java to implement RESTful Web Services: JAX-RS
Using Java to implement RESTful Web Services: JAX-RS
 
The glory of REST in Java: Spring HATEOAS, RAML, Temenos IRIS
The glory of REST in Java: Spring HATEOAS, RAML, Temenos IRISThe glory of REST in Java: Spring HATEOAS, RAML, Temenos IRIS
The glory of REST in Java: Spring HATEOAS, RAML, Temenos IRIS
 
Asynctasks
AsynctasksAsynctasks
Asynctasks
 
JEST: REST on OpenJPA
JEST: REST on OpenJPAJEST: REST on OpenJPA
JEST: REST on OpenJPA
 
Ci for-android-apps
Ci for-android-appsCi for-android-apps
Ci for-android-apps
 
Terracotta Ehcache : Simpler, faster, distributed
Terracotta Ehcache : Simpler, faster, distributedTerracotta Ehcache : Simpler, faster, distributed
Terracotta Ehcache : Simpler, faster, distributed
 
REST made simple with Java
REST made simple with JavaREST made simple with Java
REST made simple with Java
 
Rest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.jsRest with Java EE 6 , Security , Backbone.js
Rest with Java EE 6 , Security , Backbone.js
 
OAuth and REST web services
OAuth and REST web servicesOAuth and REST web services
OAuth and REST web services
 
Introduction to REST and JAX-RS
Introduction to REST and JAX-RSIntroduction to REST and JAX-RS
Introduction to REST and JAX-RS
 
Writing a Jenkins / Hudson plugin
Writing a Jenkins / Hudson pluginWriting a Jenkins / Hudson plugin
Writing a Jenkins / Hudson plugin
 
Docker and java, at Montréal JUG
Docker and java, at Montréal JUGDocker and java, at Montréal JUG
Docker and java, at Montréal JUG
 
Spring Boot Intro
Spring Boot IntroSpring Boot Intro
Spring Boot Intro
 
TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8
TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8
TDC 2016 Floripa - Criando APIs REST em minutos com Spark + Java 8
 
Java Web Services [5/5]: REST and JAX-RS
Java Web Services [5/5]: REST and JAX-RSJava Web Services [5/5]: REST and JAX-RS
Java Web Services [5/5]: REST and JAX-RS
 
Developing, Testing and Scaling with Apache Camel - UberConf 2015
Developing, Testing and Scaling with Apache Camel - UberConf 2015Developing, Testing and Scaling with Apache Camel - UberConf 2015
Developing, Testing and Scaling with Apache Camel - UberConf 2015
 
Interoperable Web Services with JAX-WS
Interoperable Web Services with JAX-WSInteroperable Web Services with JAX-WS
Interoperable Web Services with JAX-WS
 
Building microservices with Scala, functional domain models and Spring Boot
Building microservices with Scala, functional domain models and Spring BootBuilding microservices with Scala, functional domain models and Spring Boot
Building microservices with Scala, functional domain models and Spring Boot
 

Similar to Confoo2013 make your java-app rest enabled

CM WebClient for CA Plex
CM WebClient for CA PlexCM WebClient for CA Plex
CM WebClient for CA PlexCM First Group
 
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise ArchitecturesBIOVIA
 
Wakanda - apps.berlin.js - 2012-11-29
Wakanda - apps.berlin.js - 2012-11-29Wakanda - apps.berlin.js - 2012-11-29
Wakanda - apps.berlin.js - 2012-11-29Alexandre Morgaut
 
Eclipse & die Microsoft cloud
Eclipse & die Microsoft cloudEclipse & die Microsoft cloud
Eclipse & die Microsoft cloudPatric Boscolo
 
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...Joonas Lehtinen
 
Dev309 from asgard to zuul - netflix oss-final
Dev309 from asgard to zuul - netflix oss-finalDev309 from asgard to zuul - netflix oss-final
Dev309 from asgard to zuul - netflix oss-finalRuslan Meshenberg
 
Sun Java EE 6 Overview
Sun Java EE 6 OverviewSun Java EE 6 Overview
Sun Java EE 6 Overviewsbobde
 
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...jaxconf
 
(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...
(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...
(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...Amazon Web Services
 
Google App Engine At A Glance
Google App Engine At A GlanceGoogle App Engine At A Glance
Google App Engine At A GlanceStefan Christoph
 
Is Enterprise Java Still Relevant (JavaOne 2015 session)
Is Enterprise Java Still Relevant (JavaOne 2015 session)Is Enterprise Java Still Relevant (JavaOne 2015 session)
Is Enterprise Java Still Relevant (JavaOne 2015 session)Ian Robinson
 
Web Server/App Server Connectivity
Web Server/App Server ConnectivityWeb Server/App Server Connectivity
Web Server/App Server Connectivitywebhostingguy
 
WebClient Overview and 1.8 Roadmap
WebClient Overview and 1.8 RoadmapWebClient Overview and 1.8 Roadmap
WebClient Overview and 1.8 RoadmapCM First Group
 
A Tale of a Server Architecture (Frozen Rails 2012)
A Tale of a Server Architecture (Frozen Rails 2012)A Tale of a Server Architecture (Frozen Rails 2012)
A Tale of a Server Architecture (Frozen Rails 2012)Flowdock
 

Similar to Confoo2013 make your java-app rest enabled (20)

CM WebClient for CA Plex
CM WebClient for CA PlexCM WebClient for CA Plex
CM WebClient for CA Plex
 
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
(ATS3-GS02) Accelrys Enterprise Platform in Enterprise Architectures
 
Wakanda - apps.berlin.js - 2012-11-29
Wakanda - apps.berlin.js - 2012-11-29Wakanda - apps.berlin.js - 2012-11-29
Wakanda - apps.berlin.js - 2012-11-29
 
Eclipse & die Microsoft cloud
Eclipse & die Microsoft cloudEclipse & die Microsoft cloud
Eclipse & die Microsoft cloud
 
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...
Vaadin - Rich Web Applications in Server-side Java without Plug-ins or JavaSc...
 
Java EE 7 - Overview and Status
Java EE 7 - Overview and StatusJava EE 7 - Overview and Status
Java EE 7 - Overview and Status
 
Dev309 from asgard to zuul - netflix oss-final
Dev309 from asgard to zuul - netflix oss-finalDev309 from asgard to zuul - netflix oss-final
Dev309 from asgard to zuul - netflix oss-final
 
V fabric overview
V fabric overviewV fabric overview
V fabric overview
 
Sun Java EE 6 Overview
Sun Java EE 6 OverviewSun Java EE 6 Overview
Sun Java EE 6 Overview
 
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...
Vaadin, Rich Web Apps in Server-Side Java without Plug-ins or JavaScript: Joo...
 
Sun Web Server Brief
Sun Web Server BriefSun Web Server Brief
Sun Web Server Brief
 
Sun Web Server Brief
Sun Web Server BriefSun Web Server Brief
Sun Web Server Brief
 
(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...
(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...
(DEV309) From Asgard to Zuul: How Netflix’s Proven Open Source Tools Can Help...
 
Google App Engine At A Glance
Google App Engine At A GlanceGoogle App Engine At A Glance
Google App Engine At A Glance
 
Is Enterprise Java Still Relevant (JavaOne 2015 session)
Is Enterprise Java Still Relevant (JavaOne 2015 session)Is Enterprise Java Still Relevant (JavaOne 2015 session)
Is Enterprise Java Still Relevant (JavaOne 2015 session)
 
Web Server/App Server Connectivity
Web Server/App Server ConnectivityWeb Server/App Server Connectivity
Web Server/App Server Connectivity
 
WebClient Overview and 1.8 Roadmap
WebClient Overview and 1.8 RoadmapWebClient Overview and 1.8 Roadmap
WebClient Overview and 1.8 Roadmap
 
A Tale of a Server Architecture (Frozen Rails 2012)
A Tale of a Server Architecture (Frozen Rails 2012)A Tale of a Server Architecture (Frozen Rails 2012)
A Tale of a Server Architecture (Frozen Rails 2012)
 
What's new in JSR-283?
What's new in JSR-283?What's new in JSR-283?
What's new in JSR-283?
 
Resthub
ResthubResthub
Resthub
 

More from Anthony Dahanne

Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Anthony Dahanne
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!Anthony Dahanne
 
CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023Anthony Dahanne
 
Buildpacks: the other way to build container images
Buildpacks: the other way to build container images Buildpacks: the other way to build container images
Buildpacks: the other way to build container imagesAnthony Dahanne
 
Tu changes d'emploi - retour d'experience d'un développeur
Tu changes d'emploi - retour d'experience d'un développeurTu changes d'emploi - retour d'experience d'un développeur
Tu changes d'emploi - retour d'experience d'un développeurAnthony Dahanne
 
Java applications containerized and deployed
Java applications containerized and deployedJava applications containerized and deployed
Java applications containerized and deployedAnthony Dahanne
 
Contribuer à la traduction française de kubernetes
Contribuer à la traduction française de kubernetesContribuer à la traduction française de kubernetes
Contribuer à la traduction française de kubernetesAnthony Dahanne
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Anthony Dahanne
 
Kubernetes Java Operator
Kubernetes Java OperatorKubernetes Java Operator
Kubernetes Java OperatorAnthony Dahanne
 
Caching in applications still matters
Caching in applications still mattersCaching in applications still matters
Caching in applications still mattersAnthony Dahanne
 
Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Anthony Dahanne
 
Kubernetes for Java Developers
Kubernetes for Java DevelopersKubernetes for Java Developers
Kubernetes for Java DevelopersAnthony Dahanne
 

More from Anthony Dahanne (13)

Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024Not a Kubernetes fan? The state of PaaS in 2024
Not a Kubernetes fan? The state of PaaS in 2024
 
No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!No more Dockerfiles? Buildpacks to help you ship your image!
No more Dockerfiles? Buildpacks to help you ship your image!
 
CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023CNCF Québec Meetup du 16 Novembre 2023
CNCF Québec Meetup du 16 Novembre 2023
 
Buildpacks: the other way to build container images
Buildpacks: the other way to build container images Buildpacks: the other way to build container images
Buildpacks: the other way to build container images
 
Tu changes d'emploi - retour d'experience d'un développeur
Tu changes d'emploi - retour d'experience d'un développeurTu changes d'emploi - retour d'experience d'un développeur
Tu changes d'emploi - retour d'experience d'un développeur
 
Java applications containerized and deployed
Java applications containerized and deployedJava applications containerized and deployed
Java applications containerized and deployed
 
Contribuer à la traduction française de kubernetes
Contribuer à la traduction française de kubernetesContribuer à la traduction française de kubernetes
Contribuer à la traduction française de kubernetes
 
Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !Get you Java application ready for Kubernetes !
Get you Java application ready for Kubernetes !
 
Kubernetes Java Operator
Kubernetes Java OperatorKubernetes Java Operator
Kubernetes Java Operator
 
Caching in applications still matters
Caching in applications still mattersCaching in applications still matters
Caching in applications still matters
 
Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018Kubernetes for java developers - Tutorial at Oracle Code One 2018
Kubernetes for java developers - Tutorial at Oracle Code One 2018
 
Kubernetes for Java Developers
Kubernetes for Java DevelopersKubernetes for Java Developers
Kubernetes for Java Developers
 
Docker and java
Docker and javaDocker and java
Docker and java
 

Confoo2013 make your java-app rest enabled

  • 1. Make your java app REST enabled Anthony Dahanne Confoo 2013 — Feb. 28th, 2013
  • 2. About me … § Software Engineer at Terracotta – Working on EhCache management REST API and webapp (aka Terracotta Management Console, TMC) – Strong interest in CI, build tools (maven) – Android developer when time permits ... Confoo 2013 2
  • 3. Terracotta § Founded 2003 in San Francisco, CA § Joined Software AG in 2011 § Present in India, Europe and pretty much all over the globe! § The company behind : Confoo 2013 3
  • 4. Agenda § The Terracotta Management Console example § Introduction to REST, Java integration – REST – The Java case : JAX-RS § Securing your REST interface – JEE included authc and authz options – Apache Shiro § Final words... 2
  • 5. The Terracotta Management Console example
  • 6. Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database JVM 5
  • 7. Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database JVM 5
  • 8. Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database JVM 5
  • 9. Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database EhCache JVM 5
  • 10. Terracotta EhCache : Simplified architecture (Web) app Business logic DAO Database EhCache JVM 5
  • 11. Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
  • 12. Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
  • 13. Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
  • 14. Terracotta EhCache : Simplified architecture (Web) app (Web) app Database Business logic Business logic DAO DAO EhCache EhCache JVM JVM 5
  • 15. Simplified architecture : management agents (Web) app EhCache JVM 7
  • 16. Simplified architecture : management agents (Web) app Rest EhCache Agent JVM 7
  • 17. Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM 7
  • 18. Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server 7
  • 19. Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server REST API 7
  • 20. Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server REST API Terracotta Management Console JS + CSS Browser 7
  • 21. Simplified architecture : management agents (Web) app Rest Rest EhCache Agent Agent JVM Http Client Http Client Terracotta Management Server REST API Terracotta Management Console cURL JS + CSS HTTP Script Browser 7
  • 22. What you can do with the TMC § Access your Caches / Cache Managers stats § Restart a Terracotta server § Clear a cache § Dynamically change your Cache / CM config 8
  • 23. What you can do with the TMC § Access your Caches / Cache Managers stats § Restart a Terracotta server § Clear a cache § Dynamically change your Cache / CM config § Demo ! 8
  • 24. Introduction to REST, Java Integration
  • 25. A few words about REST… § Web services leveraging standard HTTP verbs – GET,POST,PUT,DELETE,OPTIONS,HEAD § Conneg (multiple representations) – to negotiate the format (JSON, XML, etc.) § Stateless communication § HATEOAS 10
  • 26. JAX-RS : Java specification for REST Services § Version 1.1 appeared in Java EE 6 § Server only spec (until 2.0, out Q2 2013) § Annotations driven API § Oracle / Sun Jersey is the reference impl. – Redhat Resteasy, Restlet, Apache CXF are among others 11
  • 27. JAX-RS : Binding your REST services to your app § Using web.xml: 13
  • 28. JAX-RS : Binding your REST services to your app § Customizing loading of resources 14
  • 29. JAX-RS : Annotations available 15
  • 30. JAX-RS : Annotations available § @Provider § @Path § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces § @Consumes 15
  • 31. JAX-RS : Annotations available § @Provider § @Path @Path(“/cars/{id}”) § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces § @Consumes 15
  • 32. JAX-RS : Annotations available § @Provider § @Path @Path(“/cars/{id}”) § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces @Produces(“application/json”,”text/plain”) § @Consumes 15
  • 33. JAX-RS : Annotations available § @Provider § @Path @Path(“/cars/{id}”) § @GET, @PUT, @POST, @DELETE and @HEAD § @Produces @Produces(“application/json”,”text/plain”) § @Consumes @Consumes(“application/xml”) 15
  • 34. JAX-RS : Annotations available to bind parameters – @PathParam -> path segment. – @QueryParam -> HTTP query parameter. – @MatrixParam -> HTTP matrix parameter. – @Context ->inject context variables 16
  • 35. JAX-RS : Annotations available to bind parameters – @PathParam -> path segment. @GET @Path("/groups/{groupId}") public Collection<Agent> getAgents(@PathParam("groupId") String groupId) { return configSvc.getAgentsByGroup(groupId, authorizer.getPrincipal()); } – @QueryParam -> HTTP query parameter. – @MatrixParam -> HTTP matrix parameter. – @Context ->inject context variables 16
  • 36. JAX-RS : Annotations available to bind parameters – @PathParam -> path segment. @GET @Path("/groups/{groupId}") public Collection<Agent> getAgents(@PathParam("groupId") String groupId) { return configSvc.getAgentsByGroup(groupId, authorizer.getPrincipal()); } – @QueryParam -> HTTP query parameter. – @MatrixParam -> HTTP matrix parameter. – @Context ->inject context variables @GET @Produces(MediaType.APPLICATION_JSON) Collection<CacheManagerEntity> getCacheManagers(@Context UriInfo info) { String cacheManagerNames = info.getPathSegments().get(1).getMatrixParameters().getFirst("names"); MultivaluedMap<String, String> qParams = info.getQueryParameters(); List<String> attrs = qParams.get(ATTR_QUERY_KEY); } 16
  • 37. JAX-RS : Raw Content Handlers § By default, you can bind your request payload or your response to streams @PUT @Path("/inputstream") @Produces("text/plain") public Response getInputStream(InputStream is) throws IOException { System.out.println(inputStreamToString(is)); return Response.noContent().build(); } 16
  • 38. JAX-RS : Raw Content Handlers § By default, you can bind your request payload or your response to streams @PUT @Path("/inputstream") @Produces("text/plain") public Response getInputStream(InputStream is) throws IOException { System.out.println(inputStreamToString(is)); return Response.noContent().build(); } @GET @Path("/outputstream") @Produces("text/plain") public StreamingOutput getOutputStream() { return new StreamingOutput() { @Override public void write(OutputStream output) throws IOException, WebApplicationException { output.write("hello".getBytes()); } }; } 16
  • 39. JAX-RS : Adding your own Content Handler § Implementing – MessageBodyReader<T> : handle the request – MessageBodyWriter<T> : handle the response § Examples : – FileProvider from jersey-core – AbstractJAXBProvider from jersey-core 16
  • 40. JAX-RS : JAXB Content Handlers § Using JAXB you can convert POJOs to XML (or JSON) and vice versa @XmlRootElement public final class Agent { private TYPE type; private String name; private String groupId; private String agentLocation; private Integer connectionTimeoutMillis; private Integer readTimeoutMillis; //etc... } 16
  • 41. JAX-RS : Meaningful error responses – Implementing and registering your own ExceptionMapper @Provider public class DefaultExceptionMapper implements ExceptionMapper<Throwable> { public Response toResponse(Throwable exception) { return Response.status(Response.Status.INTERNAL_SERVER_ERROR) .type(MediaType.APPLICATION_JSON_TYPE) .entity( String.format("{"error" : "%s" , "details" : "%s"}", errorMessage, extraErrorMessage)) .build(); } } 16
  • 42. JAX-RS : Testing anyone ? § Integration testing to validate – the REST API – end to end testing § How to do integration testing against JAX-RS ? – creating a client and making assertions : • java.net.HttpUrlConnection, Apache HttpClient – RestAssured from Jayway : expect().statusCode(404).when().get("/cacheManagers/hello"); String expectedResourceLocation = "/api/config/agents/Local Connection 4343"; expect().contentType(ContentType.JSON).body(containsString("Local Connection 4343"), containsString("10000")).statusCode(200).when().get(expectedResourceLocation); 16
  • 43. Securing your REST interface
  • 44. Standard JEE security : certificate authentication § Basic Authentication § Form-based login authentication § Digest Authentication § SSL Authentication 18
  • 45. Standard JEE security : basic authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Basic realm="Secured Realm" 18
  • 46. Standard JEE security : basic authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Basic realm="Secured Realm" If the user is “anthony” and password is “terracotta”, the client sends GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Basic YW50aG9ueTp0ZXJyYWNvdHRh Since base64(anthony:terracotta) = YW50aG9ueTp0ZXJyYWNvdHRh 18
  • 47. Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
  • 48. Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
  • 49. Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, Copies cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
  • 50. Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, counter Copies cnonce="0a4f113b", random response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
  • 51. Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, Copies cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
  • 52. Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", uri="/private/index.html", qop=auth, nc=00000001, cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
  • 53. Standard JEE security : digest authentication GET /private/index.html HTTP/1.1 Host: www.example.org HTTP/1.1 401 Authorization Required Content-type: text/html WWW-Authenticate: Digest realm="MyRealm", qop="auth, auth-int", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", opaque="5ccc069c403ebaf9f0171e9517f40e41" GET /private/index.html HTTP/1.1 Host: www.example.org Authorization: Digest username="anthony", realm="MyRealm", nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093", H1=md5(“anthony:MyRealm:password”) uri="/private/index.html", qop=auth, H2=md5(“GET:/private/index.html”) nc=00000001, response = md5(“H1:nonce:nc:cnonce:qop:H2) cnonce="0a4f113b", response="6629fae49393a05397450978507c4ef1", opaque="5ccc069c403ebaf9f0171e9517f40e41" 18
  • 54. Standard JEE security : form-based authentication Webapp HTTP Client 18
  • 55. Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 18
  • 56. Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_password 18
  • 57. Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_security_check j_password 3. submit login form 18
  • 58. Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_security_check j_password 3. submit login form Success 4. redirect to the protected resource 18
  • 59. Standard JEE security : form-based authentication 1. request protected resource Webapp HTTP Client 2. redirect to the login page j_username j_security_check j_password 3. submit login form Success Failure 4. redirect to the protected resource 4f. returns error page 18
  • 60. Standard JEE security : certificate authentication HTTP Client Webapp Keystore Truststore Keystore Truststore Server.crt Server.crt Success Failure 18
  • 61. Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client Webapp Keystore Truststore Keystore Truststore Server.crt Server.crt Success Failure 18
  • 62. Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client 2. sends cert Webapp Keystore Truststore Keystore Truststore Server.crt Server.crt Success Failure 18
  • 63. Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client 2. sends cert Webapp Keystore Truststore Keystore Truststore 3. sends cert Client.crt Server.crt Server.crt Client.crt Success Failure 18
  • 64. Standard JEE security : certificate authentication 1. request HTTPS protected resource HTTP Client 2. sends cert Webapp Keystore Truststore Keystore Truststore 3. sends cert Client.crt Server.crt Server.crt Client.crt Success Failure 4. returns protected resource 18
  • 65. Standard JEE security : configuration <security-constraint> <display-name>My security constraint</display-name> <web-resource-collection> <web-resource-name>myresource</web-resource-name> <description/> <url-pattern>/protected/*</url-pattern> </web-resource-collection> <auth-constraint> <description/> <role-name>myuser</role-name> </auth-constraint> web.xml </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>My Realm</realm-name> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/error.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description/> <role-name>myuser</role-name> </security-role> 19
  • 66. Security with Apache Shiro § Shiro is about : – Authentication – Authorization – Realms – Session Management – Cryptography 20
  • 67. Why choose Shiro over JEE security ? § Shiro is deployment agnostic – not necessarily a webapp § Shiro secures all the layers of your application – not only the “web layer” § Highly customizable – Realms, filters, listeners, etc... 20
  • 68. Securing your REST application with Shiro § Register the Listener and the Filter <listener> <listener-class>c.t.m.s.w.s.TMSEnvironmentLoaderListener</listener-class> </listener> <filter> <filter-name>securityFilter</filter-name> <filter-class>c.t.m.s.w.s.TMSSecurityFilter</filter-class> </filter> <filter-mapping> <filter-name>securityFilter</filter-name> <url-pattern>/*</url-pattern> <dispatcher>REQUEST</dispatcher> – <dispatcher>FORWARD</dispatcher> <dispatcher>INCLUDE</dispatcher> <dispatcher>ERROR</dispatcher> </filter-mapping> 21
  • 69. Shiro Realms used § For Terracotta REST agents – TCIdentityAssertionRealm § For the Terracotta Management Console – TCIniRealm – LdapRealm – ActiveDirectoyRealm 21
  • 70. Example of shiro.ini [main] securityManager = org.apache.shiro.web.mgt.DefaultWebSecurityManager ldapRealm = com.terracotta.management.security.shiro.realm.ActiveDirectoryRealm ldapRealm.userDnTemplate = CN={0},CN=Users,DC=mykene,DC=rndlab,DC=loc ldapRealm.searchBase = DC=mykene,DC=rndlab,DC=loc ldapRealm.contextFactory.url = ldap://10.21.32.72:389 securityManager.realm = $ldapRealm securityManager.sessionManager.globalSessionTimeout = 600000 mgmtAuthListener = c.t.m.s.a.ManagementAuthenticationListener securityManager.authenticator.authenticationListeners = $mgmtAuthListener authc.loginUrl = /login.jsp authc.successUrl = /index.jsp – iaauthc = com.terracotta.management.security.shiro.web.filter.TCIdentityAssertionFilter [urls] /login.jsp = authc /logout = logout /** = authc, roles[operator] /rest/** = noSessionCreation, iaauthc, rest[api] 21
  • 72. Switching to REST for management § Brought us : – consumption from outside the Java world – scriptability – “firewalls compatibility” – existing monitoring tools (Nagios, etc...) 18
  • 73. Lessons learned creating the rest agents ... 18
  • 74. Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning 18
  • 75. Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses 18
  • 76. Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses 18
  • 77. Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses § Security brings complexity 18
  • 78. Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses § Security brings complexity 18
  • 79. Lessons learned creating the rest agents ... § Prepare for classloading issues – JBoss wants to deploy REST resources using RestEasy – OSGI does not play nice with Jersey resource scanning § Be a nice REST citizen – respect the HTTP status codes – return meaningful error responses § Security brings complexity § Ldap has a lot of different schemas ... 18
  • 80. Useful tools to develop / debug / test § Fast deploy your REST based application – Maven jetty:run(ner), or tomcat7:run(ner) – JRebel (not to stop/start your container for every change) § Monitor HTTP traffic – Membrane § Hand tailor HTTP messages – Curl – Chrome Advanced REST Client (via Chrome Store) § Inspect your SSL Keystores and Trustores – Keystore Explorer 18
  • 81. Useful resources § HTTP – Cours du soir, by @paulgreg (en français) § REST – Roy Fielding’s thesis § JAX-RS / Jersey – RESTful Java, by @patriot1burke – Arun Gupta presentation on JAX-RS 2.0 § Shiro – Shiro official documentation 18
  • 82. terracotta | terracotta.org Vote now ! https://joind.in/7901 Thank you ! twitter | @anthonydahanne email | adahanne@terracottatech.com blog | blog.dahanne.net