SlideShare a Scribd company logo

Practical REST in Grails 2.3

Download as PPTX, PDF
Daniel Woods
Daniel Woods
Technology
1 of 13
PRACTICAL REST IN GRAILS 2.3 dan woods @danveloper
Introduction to Grails 2.3 REST The Concept of a “Resource” • Map data to a URL Endpoint • Traverse object graph through URL mappings • Provide serialization in your favorite format • Driven by the HTTP Request’s Accept header • Limitations: • The whole URL graph needs to be explicitly defined for mapping nested Resources
Introduction to Grails 2.3 REST Defining a Resource • • • • Decorate your domain object with the @Resource Annotation Map to a URI via Annotation or UrlMapping Use built-in, good-for-most-things RestfulController, or… Build a custom controller to handle your specific use-case
Introduction to Grails 2.3 REST Customizing Resource Behavior • • • Regulate response formats through the @Resource annotation Determine read/write behavior • In turn, writable actions will get 405 Customizing response
Introduction to Grails 2.3 REST Resource Renderers • • Provides inherent support for versioning Built-in Renderers like DefaultJsonRenderer, HalJsonRenderer offer some standard support • include/exclude properties • Handling versioning
Introduction to Grails 2.3 REST Resource Renderers • • • • • • Custom Renderers satisfy specific needs Intercept the response activity to influence the output Allow for changing the response structure This is the place to put business logic that responds with a nonstandard view Preferred over JSON.registerObjectMarshaller Auto-wireable Spring beans
Introduction to Grails 2.3 REST Resource Controllers From the JAX-RS Spec… "Adopting the MVC terminology, JAX-RS resource classes are comparable to controllers" https://jcp.org/en/jsr/detail?id=339 • Grails maps a RestfulController to the Resource’s URL, so the @Resource is not the handler, it just represents the handler!
Beyond the Basics Custom RestfulController • • • • Overload how resources are resolved Custom binding logic Interface with services for object composition • Business Logic: “Only show me healthy applications” Using the respond method • Control the response format this way
Getting Practical Let’s get practical…
Getting Practical Obscuring Ids • • • Custom RestfulController • Overload queryForResource, listAllResources Custom Renderer • Only expose the properties that you want people to see The @RestIdProperty strategy for building HAL Navigation
Getting Practical Resources as a Concept • Nothing hard-ties a Resource to a domain object • Can be backed simply by a command object • Good choice for providing data in a format that is domainspecific, but brought in via service call
Getting Practical Using Hyper-Media Practically • Built-in Grails rendering constructs don’t favor reusability • grails-rest-renderers plugin can provide some simplifications to building pragmatic hyper-media renderers http://grails.org/plugins/grails-rest-renderers
Getting Practical Security? Great article about REST Security from Dave Syer (@david_syer): http://blog.cloudfoundry.com/2012/10/09/securing-restful-webservices-with-oauth2/ Summary: Oauth: "one of the key reasons for OAuth2 to exist is so that Client applications do not need to collect user credentials. Here is where the learning curve for OAuth2 gets steeper.” Form Login: Difficult to drive RESTful interactions since failures are redirected to login page Basic Auth: Maybe the best choice

Recommended

OMA Strategy on Open API Standardization
OMA Strategy on Open API StandardizationOMA Strategy on Open API Standardization
OMA Strategy on Open API Standardization
Musa Unmehopa
 
Building a RESTful API on Heroku for Your Force.com App
Building a RESTful API on Heroku for Your Force.com AppBuilding a RESTful API on Heroku for Your Force.com App
Building a RESTful API on Heroku for Your Force.com App
Salesforce Developers
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
Mohammed A. Imran
 
Pragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee WebinarPragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee Webinar
Apigee | Google Cloud
 
Grails Plugin Best Practices
Grails Plugin Best PracticesGrails Plugin Best Practices
Grails Plugin Best Practices
Burt Beckwith
 
High Performance Microservices with Ratpack and Spring Boot
High Performance Microservices with Ratpack and Spring BootHigh Performance Microservices with Ratpack and Spring Boot
High Performance Microservices with Ratpack and Spring Boot
Daniel Woods
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
Apigee | Google Cloud
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 

Recommended

OMA Strategy on Open API Standardization
OMA Strategy on Open API StandardizationOMA Strategy on Open API Standardization
OMA Strategy on Open API Standardization
Musa Unmehopa
 
Building a RESTful API on Heroku for Your Force.com App
Building a RESTful API on Heroku for Your Force.com AppBuilding a RESTful API on Heroku for Your Force.com App
Building a RESTful API on Heroku for Your Force.com App
Salesforce Developers
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
Mohammed A. Imran
 
Pragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee WebinarPragmatic RESTful API Design: Apigee Webinar
Pragmatic RESTful API Design: Apigee Webinar
Apigee | Google Cloud
 
Grails Plugin Best Practices
Grails Plugin Best PracticesGrails Plugin Best Practices
Grails Plugin Best Practices
Burt Beckwith
 
High Performance Microservices with Ratpack and Spring Boot
High Performance Microservices with Ratpack and Spring BootHigh Performance Microservices with Ratpack and Spring Boot
High Performance Microservices with Ratpack and Spring Boot
Daniel Woods
 
RESTful API Design, Second Edition
RESTful API Design, Second EditionRESTful API Design, Second Edition
RESTful API Design, Second Edition
Apigee | Google Cloud
 
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...
CA API Management
 
Continuous Delivery with Spinnaker and OpenStack
Continuous Delivery with Spinnaker and OpenStackContinuous Delivery with Spinnaker and OpenStack
Continuous Delivery with Spinnaker and OpenStack
Daniel Woods
 
Groovy in the Cloud
Groovy in the CloudGroovy in the Cloud
Groovy in the Cloud
Daniel Woods
 
Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015
Daniel Woods
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
Daniel Woods
 
Microservices: The Right Way
Microservices: The Right WayMicroservices: The Right Way
Microservices: The Right Way
Daniel Woods
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
Daniel Woods
 
Facilitating Continuous Delivery at Scale
Facilitating Continuous Delivery at ScaleFacilitating Continuous Delivery at Scale
Facilitating Continuous Delivery at Scale
Daniel Woods
 
Continuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSSContinuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSS
Daniel Woods
 
Server-Side JavaScript with Nashorn
Server-Side JavaScript with NashornServer-Side JavaScript with Nashorn
Server-Side JavaScript with Nashorn
Daniel Woods
 
Future of Grails
Future of GrailsFuture of Grails
Future of Grails
Daniel Woods
 
Groovy for System Administrators
Groovy for System AdministratorsGroovy for System Administrators
Groovy for System Administrators
Daniel Woods
 
Message Driven Architecture in Grails
Message Driven Architecture in GrailsMessage Driven Architecture in Grails
Message Driven Architecture in Grails
Daniel Woods
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in Ratpack
Daniel Woods
 
Gainesville Web Developer Group, Sept 2012
Gainesville Web Developer Group, Sept 2012Gainesville Web Developer Group, Sept 2012
Gainesville Web Developer Group, Sept 2012
Daniel Woods
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
Zilliz
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
ThousandEyes
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
Anna Loughnan Colquhoun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
Product Anonymous
 

More Related Content

More from Daniel Woods

More from Daniel Woods (14)

Continuous Delivery with Spinnaker and OpenStack
Continuous Delivery with Spinnaker and OpenStackContinuous Delivery with Spinnaker and OpenStack
Continuous Delivery with Spinnaker and OpenStack
 
Groovy in the Cloud
Groovy in the CloudGroovy in the Cloud
Groovy in the Cloud
 
Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015Ratpack - SpringOne2GX 2015
Ratpack - SpringOne2GX 2015
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
 
Microservices: The Right Way
Microservices: The Right WayMicroservices: The Right Way
Microservices: The Right Way
 
Ratpack Web Framework
Ratpack Web FrameworkRatpack Web Framework
Ratpack Web Framework
 
Facilitating Continuous Delivery at Scale
Facilitating Continuous Delivery at ScaleFacilitating Continuous Delivery at Scale
Facilitating Continuous Delivery at Scale
 
Continuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSSContinuous Delivery with NetflixOSS
Continuous Delivery with NetflixOSS
 
Server-Side JavaScript with Nashorn
Server-Side JavaScript with NashornServer-Side JavaScript with Nashorn
Server-Side JavaScript with Nashorn
 
Future of Grails
Future of GrailsFuture of Grails
Future of Grails
 
Groovy for System Administrators
Groovy for System AdministratorsGroovy for System Administrators
Groovy for System Administrators
 
Message Driven Architecture in Grails
Message Driven Architecture in GrailsMessage Driven Architecture in Grails
Message Driven Architecture in Grails
 
Building Web Apps in Ratpack
Building Web Apps in RatpackBuilding Web Apps in Ratpack
Building Web Apps in Ratpack
 
Gainesville Web Developer Group, Sept 2012
Gainesville Web Developer Group, Sept 2012Gainesville Web Developer Group, Sept 2012
Gainesville Web Developer Group, Sept 2012
 

Recently uploaded

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Recently uploaded (20)

Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
A Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source MilvusA Beginners Guide to Building a RAG App Using Open Source Milvus
A Beginners Guide to Building a RAG App Using Open Source Milvus
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu SubbuApidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 

Practical REST in Grails 2.3

  • 1. PRACTICAL REST IN GRAILS 2.3 dan woods @danveloper
  • 2. Introduction to Grails 2.3 REST The Concept of a “Resource” • Map data to a URL Endpoint • Traverse object graph through URL mappings • Provide serialization in your favorite format • Driven by the HTTP Request’s Accept header • Limitations: • The whole URL graph needs to be explicitly defined for mapping nested Resources
  • 3. Introduction to Grails 2.3 REST Defining a Resource • • • • Decorate your domain object with the @Resource Annotation Map to a URI via Annotation or UrlMapping Use built-in, good-for-most-things RestfulController, or… Build a custom controller to handle your specific use-case
  • 4. Introduction to Grails 2.3 REST Customizing Resource Behavior • • • Regulate response formats through the @Resource annotation Determine read/write behavior • In turn, writable actions will get 405 Customizing response
  • 5. Introduction to Grails 2.3 REST Resource Renderers • • Provides inherent support for versioning Built-in Renderers like DefaultJsonRenderer, HalJsonRenderer offer some standard support • include/exclude properties • Handling versioning
  • 6. Introduction to Grails 2.3 REST Resource Renderers • • • • • • Custom Renderers satisfy specific needs Intercept the response activity to influence the output Allow for changing the response structure This is the place to put business logic that responds with a nonstandard view Preferred over JSON.registerObjectMarshaller Auto-wireable Spring beans
  • 7. Introduction to Grails 2.3 REST Resource Controllers From the JAX-RS Spec… "Adopting the MVC terminology, JAX-RS resource classes are comparable to controllers" https://jcp.org/en/jsr/detail?id=339 • Grails maps a RestfulController to the Resource’s URL, so the @Resource is not the handler, it just represents the handler!
  • 8. Beyond the Basics Custom RestfulController • • • • Overload how resources are resolved Custom binding logic Interface with services for object composition • Business Logic: “Only show me healthy applications” Using the respond method • Control the response format this way
  • 10. Getting Practical Obscuring Ids • • • Custom RestfulController • Overload queryForResource, listAllResources Custom Renderer • Only expose the properties that you want people to see The @RestIdProperty strategy for building HAL Navigation
  • 11. Getting Practical Resources as a Concept • Nothing hard-ties a Resource to a domain object • Can be backed simply by a command object • Good choice for providing data in a format that is domainspecific, but brought in via service call
  • 12. Getting Practical Using Hyper-Media Practically • Built-in Grails rendering constructs don’t favor reusability • grails-rest-renderers plugin can provide some simplifications to building pragmatic hyper-media renderers http://grails.org/plugins/grails-rest-renderers
  • 13. Getting Practical Security? Great article about REST Security from Dave Syer (@david_syer): http://blog.cloudfoundry.com/2012/10/09/securing-restful-webservices-with-oauth2/ Summary: Oauth: "one of the key reasons for OAuth2 to exist is so that Client applications do not need to collect user credentials. Here is where the learning curve for OAuth2 gets steeper.” Form Login: Difficult to drive RESTful interactions since failures are redirected to login page Basic Auth: Maybe the best choice

Editor's Notes

  1. show default url-mappings-reportshow querying the graph
  2. Show @Resource(formats = …)Show url-mappings-report with UrlMapping and w/ uri defined on Resource
  3. > Demonstrate include/exclude properties on DefaultJsonRendererDemonstrate Application HalJsonRendererapplicationRenderer(JsonRenderer, Application, new MimeType("application/json", [v: "1.0"]))Our persistence model (ie our domain model) doesn’t always make sense as a View Model, so for that we need some finer-grained control
  4. > Demonstrate include/exclude properties on DefaultJsonRenderer> Demonstrate Application HalJsonRendererOur persistence model (ie our domain objects) doesn’t always make sense as a View Model, so for that we need some finer-grained controlShow Android app view model consumer example.
  5. curl -X PUT -H "Content-type: application/json" -d "{ \"healthy\": false }" http://localhost:8080/practical-rest/rest/applications/1
  6. curl -X PUT -H "Content-type: application/json" -d "{ \"healthy\": false }" http://localhost:8080/practical-rest/rest/applications/1
  7. curl http://localhost:8080/eidyia/api/repository?org=netflix
  8. curl -H "Accept: application/json" http://localhost:8080/practical-rest/rest/applications/abcassandra/autoScalingGroups
  9. This is a topic all in itself…