Showing posts with label REST. Show all posts
Showing posts with label REST. Show all posts

Thursday, August 2, 2018

REST, REST Security, REST API Methods, REST annotations



REST - Representational State Transfer

1. REST is Architecture Style implementation

2. REST implemenation is based on Json Over HTTP

3. REST implemented based on simple HTTP protocol

4. REST has better scalability and performance

5. REST permits more data formats like JSON,XML etc..

6. REST emphasizes scalability of component interactions, independent deployments of components.

7. REST is design of HTTP and URI standards

8. REST is follow http methods like GET,POST,PUT,DELETE,PATCH

9. HTTP PATCH requests are to make partial update on a resource.
PUT requests also modify a resource entity so to make more clear –
PATCH method is the correct choice for partially updating an existing resource
and PUT should only be used if we are replacing a resource in it’s entirety.

10. REST impelnetations using JAX-RS and Jersy

11. Annotations of JAX-RS

@Context

Injects information into a class field, bean property, or method parameter

@CookieParam

Extracts information from cookies declared in the cookie request header

@FormParam

Extracts information from a request representation whose content type is application/x-www-form-urlencoded

@HeaderParam

Extracts the value of a header

@MatrixParam

Extracts the value of a URI matrix parameter

@PathParam

Extracts the value of a URI template parameter

@QueryParam

Extracts the value of a URI query parameter

12. HTTP Status codes

200 OK - Response to a successful REST API action. The HTTP method can be GET, POST, PUT, PATCH or DELETE.
400 Bad Request - The request is malformed, such as message body format error.
401 Unauthorized - Wrong or no authentication ID/password provided.
403 Forbidden - It's used when the authentication succeeded but authenticated user doesn't have permission to the request resource.
404 Not Found - When a non-existent resource is requested.
405 Method Not Allowed - The error checking for unexpected HTTP method. For example, the RestAPI is expecting HTTP GET, but HTTP PUT is used.


13. REST security

javax.ws.rs.core.SecurityContext interface to implement security programmatically


   GET
        @Produces("text/plain;charset=UTF-8")
        @Path("/hello")
        public String updateUser(@Context SecurityContext sc) {
                if (sc.isUserInRole("admin"))  return "User will be updated";
                throw new SecurityException("User is unauthorized.");
        }

Applying annotations to your JAX-RS classes

DeclareRoles

Declares roles.

DenyAll

Specifies that no security roles are allowed to invoke the specified methods.

PermitAll

Specifies that all security roles are allowed to invoke the specified methods.

RolesAllowed

Specifies the list of security roles that are allowed to invoke the methods in the application.

RunAs

Defines the identity of the application during execution in a J2EE container.


@Path("/helloUser")
@RolesAllowed({"ADMIN", "DEV"})
public class helloUser {

   @GET
   @Path("updateUser")  
   @Produces("text/plain")
   @RolesAllows("ADMIN")
   public String updateUser() {
      return "User Updated!";
   }
}

Updating the web.xml deployment descriptor to define security configuration


         
             Users
             /user
             GET
             POST
         
         
             admin 
         
    
        
            BASIC
            default
        
    
        admin
    
 
 

Thanks for viewing this post. If you like it don't forget to provide comments


AddToAny

Contact Form

Name

Email *

Message *