RESTful Web Services Cesare Pautasso Faculty of Informatics University of Lugano http://www.pautasso.info 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
1
SOA without WS*
“
My mental picture of SOA, in the good sense, is just about wiring applications together and you can do that without the WS-*, the "death star“.
”
David Hansson, creator of Ruby on Rails
http://www.infoq.com/interviews/David-Hansson 10.4.2008
http://www.loudthinking.com/arc/000585.html
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
2
1
RESTful Web Services
“
A renaissance of HTTP appreciation is building and, under the banner of REST, shows a credible alternative to what the merchants of complexity are trying to ram down everyone’s throats.
”
David Hansson, creator of Ruby on Rails 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
3
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
4
2
RESTful
XML
JSON
MIME URI
10.4.2008
HTTP
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
5
RESTful Web Services
“
RESTful Web services show you how to use [the principles of the Web] without the big words that have scared a generation of web developers into thinking that Web services are so hard that you have to rely on BigCo implementations to get anything done. From the Preface 10.4.2008
”
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
6
3
Where do Web services come from? •
•
•
•
•
Address the problem of enterprise software standardization Enterprise Computing Standards for Interoperability (WS started 2001) A layered architecture with a variety of messaging, description and discovery specifications Do things from the ground up, quickly, in well factored, distinct, tightly focused specifications Tools will hide the complexity
10.4.2008
•
REST advocates have come to believe that their ideas are just as applicable to solve application integration problems.
•
Are all specifications really composable? “Look ma’, no tools!”
•
7
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
Dealing with Heterogeneity •
•
Enterprise Computing
10.4.2008
Picture from Eric Newcomer, IONA
CICS IMS
Web Applications
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
HTTP
8
4
Application Integration Styles
Shared Database
Remote Procedure Call
REST
10.4.2008
Message Bus
File Transfer
SOAP WS*
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
9
Contents – What is REST? – Building RESTful Web services – Demo – Comparison with SOAP/WS* – Discussion – Outlook
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
10
5
REpresentational State Transfer • REST defines the architecture of the Web • Its four principles can explain the success and the scalability of the HTTP protocol implementing them 1. Resource Identification through URI 2. Uniform Interface for all resources: GET (Query the state, idempotent, can be cached) POST (Modify, transfer the state) PUT (Create a resource) DELETE (Delete a resource) 3. “Self-Descriptive” Messages through Meta-Data 4. Hyperlinks to define the application state (Roy Fielding PhD Dissertation 1994, HTTP 1.0 1989) 10.4.2008
11
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
RESTful Web Application Example HTTP Client
Web Server
Database
(Web Browser)
GET /book?ISBN=222
PUT /order 301 Location: /order/612 POST /order/612 10.4.2008
SELECT * FROM books WHERE isbn=222 INSERT INTO orders UPDATE orders WHERE id=612
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
12
6
Uniform Interface Principle (CRUD Example)
CRUD
REST
CREATE
PUT
READ
GET
UPDATE
POST
DELETE
DELETE
10.4.2008
Initialize the state of a new resource at the given URI Retrieve the current state of the resource Modify the state of a resource Clear a resource, after the URI is no longer valid
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
13
POST vs. GET • GET is a read-only operation. It can be repeated without affecting the state of the resource (idem-potent) • POST is a read-write operation and may change the state of the resource and provoke side effects on the server. Web browsers warn you when refreshing a page generated with POST 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
14
7
URI: Uniform Resource Identifier • Internet Standard for resource naming and identification (originally from 1994, revised until 2005) • Examples: http://tools.ietf.org/html/rfc3986 URI Scheme
Authority
Path
https://www.google.ch/search?q=rest&start=10#1 Query
Fragment
• REST advocates the use of “nice” URIs • In most HTTP stacks URIs cannot have arbitrary length (4Kb) 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
15
What is a “nice” URI? Prefer Nouns to Verbs http://map.search.ch/lugano
Keep them Short http://maps.google.com/lugano
http://maps.google.com/maps?f=q&hl=en&q=lugano, +switzerland&layer=&ie=UTF8&z=12&om=1&iwloc=addr 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
16
8
Resource Representation Formats: XML vs. JSON • XML – PO-XML – SOAP (WS-*) – RSS, ATOM • Standard textual syntax for semi-structured data • Many tools available: XML Schema, DOM, SAX, XPath, XSLT, XQuery • Everyone can parse it (not necessarily understand it) • Slow and Verbose 10.4.2008
• JavaScript Object Notation (JSON) • Wire format introduced for AJAX Web applications (BrowserWeb Server communication) • Textual syntax for serialization of non-recurrent data structures • Supported in most languages (not only JavaScript) • Not extensible (does not need to be) • “JSON has become the X in Ajax”
17
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
Is REST being used?
Slide from Paul Downey, BT
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
18
9
Building RESTful Web services – Design Methodology – Risk Report Demo – Server • RESTful Web Service Example (with Java Servlet)
– The Universal Client • It’s just a browser (no code required) • AJAX Example (in JavaScript)
– Performance Evaluation • SOAP/XML vs. JSON 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
19
RESTful Web Services Design Methodology 1. Identify resources to be exposed as services (e.g., yearly risk report, book catalog, purchase order, open bugs) 2. Define “nice” URLs to address them 3. Understand what it means to do a GET, POST, PUT, DELETE on a given resource URI 4. Design and document resource representations 5. Model relationships (e.g., containment, reference, state transitions) between resources with hyperlinks that can be followed to get more details 6. Implement and deploy on Web server 7. Test with a Web browser 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
20
10
Risk Report RESTful Web Service Interface Description
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
Example from http://soadecisions.org/
• The resource is the “Yearly Risk Report” of a number of years, starting from a given year • The URI of the Risk Report is: http://localhost:8080/Risk/Report/firstYear,numYears • Use GET to retrieve the report representation – All other verbs are not allowed (HTTP 405 – Method Not Allowed) • Resource represented using JavaScript Object Notation (JSON) – Content-Type: application/json
21
Risk Report JSON Example
Array
10.4.2008
{"riskReportResponseData": [ {"year":2000, "report":{ "policyCount":34, "totalClaimValue":279080.37, "totalInsuredValue":2996932.42, "claimCount":29} } , {"year":2001, "report":{ "policyCount":3906, "totalClaimValue":125591.37, "totalInsuredValue":8.92368089e7, "claimCount":31 }} ] Value String }
Object
Object
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
22
11
Demo Setup • http://localhost:8080/Risk/Report/2000,5 Client
Server
Web Browser (Firefox)
Web Server (Tomcat)
Web Page
Java Servlet
Input Form
doGet(…) parse request URL
JavaScript
Report Service Logic serialize result in JSON
Result Table
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
23
Server (Java Servlet) protected void doGet(HttpServletRequest request, request HttpServletResponse response) response throws Exception { String[] args = request.getPathInfo().substring(1).split(","); request int firstYear = Integer.parseInt(args[0]); int numYears = Integer.parseInt(args[1]); RiskReportResponse result = logic(firstYear,numYears); String json = getSerializer().toJSON(result); }
response.getWriter().println(json); response
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
24
12
Client: Browser/JavaScript • Simple testing RESTful services can be done in a browser – GET, type in the URL – POST, use an HTML form – PUT, DELETE, … cannot be done with HTML forms • The demo was written in JavaScript using AJAX techniques – Asynchronous GET response handling with XMLHttpRequest – eval(json) to deserialize the object (could be unsafe) – No need to generate client stubs! (JavaScript uses dynamic typing) – Note: this code has only been tested on the Firefox browser! 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
25
Client Asynchronous JavaScript var firstYear = document.getElementById("year").value; var numYears = document.getElementById("num").value; url = "Report/"+firstYear +","+ numYears; GET(url url, function(json json){ var result = eval("(" + json + ")"); // present the result to the user on the web page document.getElementById("report").innerHTML = result; }); 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
26
13
Client: Asynchronous GET in JavaScript/Firefox function GET(url url, callback) callback { var xmlhttp = new XMLHttpRequest(); xmlhttp.open("GET", url, url true); xmlhttp.onreadystatechange = function() { if (xmlhttp.readyState == 4) { callback(xmlhttp.responseText); callback }; } xmlhttp.send(null); }
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
27
SOAP vs. REST Comparison – Performance Comparison • XML vs. JSON
– Example – Conceptual Comparison – Conclusion: Strenghts and Weaknesses of RESTful Web services
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
28
14
SOAP vs. HTTP/JSON Performance Comparison Setup JavaScript Client
Java Client App
Mozilla Firefox 2
Client Axis 1.2.1
JSON HTTP
SOAP HTTP Tomcat 5.0.28 Servlet Axis 1.2.1
Servlet + JSON
Risk Report Web Service
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
29
Payload Size Comparison (Absolute) 100000000
JSON JSON-RPC SOAP
Payload Size (bytes)
10000000 1000000 100000 10000 1000 100 10 1 1 10.4.2008
10
100
1000
numYears
10000 100000
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
30
15
Risk Report JSON-RPC Example {"javaClass":"com.premerquotes.risk.response.RiskReportResponse", "riskReportResponseData": [ {"javaClass":"com.premerquotes.risk.response.RiskRecordType", "year":2000, "report": {"javaClass":"com.premerquotes.risk.response.RiskAssessmentResultType", "policyCount":7125, "totalClaimValue":344297.76, "totalInsuredValue":6.2045490462e8, "claimCount":41} } , {"javaClass":"com.premerquotes.risk.response.RiskRecordType", "year":2001, "report": {"javaClass":"com.premerquotes.risk.response.RiskAssessmentResultType", "policyCount":5974, "totalClaimValue":312275.51, "totalInsuredValue":5.3063755856e8, "claimCount":43} } ] }
10.4.2008
31
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
Payload Size Comparison (Relative) 450%
JSON JSON-RPC SOAP
400% 350% 300% 250% 200% 150% 100% 50% 0% 1
10
100
1000
10000
100000
numYears 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
32
16
Response Time Comparison
Response Time (ms)
100000
JSON JSON-RPC SOAP
10000 1000
110x
1.7x
100x
100x
5x
30x
100 10 1 1
10
100
1000
10000
100000
numYears 10.4.2008
33
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
RESTful Web Application Example HTTP Client
Web Server
Database
(Web Browser)
GET /book?ISBN=222
PUT /order 301 Location: /order/612 POST /order/612 10.4.2008
SELECT * FROM books WHERE isbn=222 INSERT INTO orders UPDATE orders WHERE id=612
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
34
17
Web Service Example (from REST perspective) HTTP Client
Web Service
Web Server
Implementation
(Stub Object)
POST /soap/router
return getBook(222)
POST /soap/router
return new Order()
POST /soap/router
10.4.2008
order.setCustomer(x)
35
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
Main difference: REST vs. SOAP • “The Web is the universe of globally accessible information” (Tim Berners Lee) – Applications should publish their data on the Web (through URI)
POX (Plain Old XML) HTTP HTTP HTTP HTTP GET POST PUT DEL
10.4.2008
•
“The Web is the universal transport for messages” – Applications get a chance to interact but they remain “outside of the Web”
SOAP (WS-*) SMTP
HTTP POST
MQ…
Resource URI
Endpoint URI
Application
Application
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
36
18
REST Strengths • Simplicity – Uniform interface is immutable (no problem of breaking clients) • HTTP/POX is ubiquitous (goes through firewalls) • Stateless/Synchronous interaction • Proven scalability – “after all the Web works”, caching, clustered server farms for QoS • Perceived ease of adoption (light infrastructure) – just need a browser to get started - no need to buy WS-* middleware • Grassroots approach • Leveraged by all major Web 2.0 applications – 85% clients prefer Amazon RESTful API (*) – Google recently announced it would no longer support its SOAP/WSDL API (*) http://www.oreillynet.com/pub/wlg/3005 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
37
REST Weaknesses • Confusion (high REST vs. low REST) – Is it really 4 verbs? (HTTP 1.1. has 8 verbs: HEAD, GET, POST, PUT, DELETE, TRACE, OPTIONS, and CONNECT) • Mapping REST-style synchronous semantics on top of back end systems creates design mismatches (when they are based on asynchronous messaging or event driven interaction) • Cannot deliver enterprise-style “-ilities” beyond HTTP/SSL • Challenging to identify and locate resources appropriately in all applications • Apparent lack of standards (other than URI, HTTP, XML, MIME, HTML) • Semantics/Syntax description very informal (user/human oriented)
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
38
19
Conclusion and Outlook • Service-Oriented Architecture can be implemented in different ways. • You should generally focus on whatever architecture gets the job done and recognize the significant value of open standards but try to avoid being religious about any specific architectures or technologies. • SOAP and the family of WS-* specifications have their strengths and weaknesses and will be highly suitable to some applications and positively terrible for others. Likewise with REST. The decision of which to use depends entirely on the circumstances of the application. • In the near future there will be a single scalable middleware stack, offering the best of the Web in simple scenarios, and scaling gracefully with the addition of optional extensions when more robust quality of service features are required. • The right steps have been taken in the development of some of the more recent WS-* specifications to enable this vision to become reality 10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
39
References • • • • • • • • • •
Leonard Richardson, Sam Ruby, RESTful Web Services, O’Reilly, May 2007 Roy Fielding, Architectural Styles and the Design of Network-based Software Architectures, University of California, Irvine, 2000, Chapter 5 http://roy.gbiv.com/pubs/dissertation/fielding_dissertation.pdf W3C Workshop on Web of Services for Enterprise Computing, 27-28 February 2007 http://www.w3.org/2007/01/wos-ec-program.html Sun, JSR311 - Java API for RESTful Web Services http://jcp.org/en/jsr/detail?id=311 Marc J. Hadley (Sun), Web Application Description Language (WADL) https://wadl.dev.java.net/ Thomas Bayer, REST Web Services – Eine Einfuehrung (November 2002) http://www.oio.de/public/xml/rest-webservices.pdf Michi Henning, The Rise and Fall of CORBA, Component Technologies, Vol. 4. No. 5, June 2006 Jacob Nielsen, URI are UI, http://www.useit.com/alertbox/990321.html Douglas Crockford, JSON - the fat-free alternative to XML, XML 2006. Cesare Pautasso, Olaf Zimmermann, Frank Leymann, RESTful Web Services vs. Big Web Services: Making the Right Architectural Decision, 17th International World Wide Web Conference (WWW2008), Bejing,China, April 2008. http://www.jopera.org/docs/publications/2008/restws
10.4.2008
Web Services and Service Oriented Architectures ©2008 Cesare Pautasso
40
20