Book Image

RESTful Java Web Services - Third Edition

By : Balachandar Bogunuva Mohanram, Jobinesh Purushothaman

Book Image

RESTful Java Web Services - Third Edition

By: Balachandar Bogunuva Mohanram, Jobinesh Purushothaman

Overview of this book

Representational State Transfer (REST) is a simple yet powerful software architecture style to create lightweight and scalable web services. The RESTful web services use HTTP as the transport protocol and can use any message formats, including XML, JSON(widely used), CSV, and many more, which makes it easily inter-operable across different languages and platforms. This successful book is currently in its 3rd edition and has been used by thousands of developers. It serves as an excellent guide for developing RESTful web services in Java. This book attempts to familiarize the reader with the concepts of REST. It is a pragmatic guide for designing and developing web services using Java APIs for real-life use cases following best practices and for learning to secure REST APIs using OAuth and JWT. Finally, you will learn the role of RESTful web services for future technological advances, be it cloud, IoT or social media. By the end of this book, you will be able to efficiently build robust, scalable, and secure RESTful web services using Java APIs.

Preface

What this book covers

What you need for this book

Who this book is for

Reader feedback

Customer support

Free Chapter

Introducing the REST Architectural Style

Introducing the REST Architectural Style

The REST architectural style

Introducing HTTP

The evolution of RESTful web services

The core architectural elements of a RESTful system

The description and discovery of RESTful web services

Java tools and frameworks for building RESTful web services

Java APIs for JSON Processing

Java APIs for JSON Processing

A brief overview of JSON

Processing JSON data

Using JSR 353 – Java API for processing JSON

Using the Jackson API for processing JSON

Using the Gson API for processing JSON

Java EE 8 enhancements for processing JSON

Introducing the JAX-RS API

Introducing the JAX-RS API

An overview of JAX-RS

JAX-RS annotations

Returning additional metadata with responses

Understanding data binding rules in JAX-RS

Building your first RESTful web service with JAX-RS

Client APIs for accessing RESTful web services

Advanced Features in the JAX-RS APIs

Advanced Features in the JAX-RS APIs

Understanding subresources and subresource locators in JAX-RS

JAX-RS response builder explained

Exception handling in JAX-RS

Reporting errors using application exceptions

Introducing validations in JAX-RS applications

Supporting custom request-response message formats

Asynchronous RESTful web services

Asynchronous RESTful web service client

Server-sent events

Managing an HTTP cache in a RESTful web service

Understanding filters and interceptors in JAX-RS

Understanding the JAX-RS resource life cycle

Introducing JAX-RS Implementation Framework Extensions

Introducing JAX-RS Implementation Framework Extensions

Jersey framework extensions

Generating a chunked output using Jersey APIs

RESTEasy framework extensions

Securing RESTful Web Services

Securing RESTful Web Services

Securing and authenticating web services

HTTP basic authentication

HTTP digest authentication

JWT authentication

Securing RESTful web services with OAuth

Authorizing the RESTful web service accesses via the security APIs

Input validation

Key considerations for securing RESTful services

Description and Discovery of RESTful Web Services

Description and Discovery of RESTful Web Services

The need for an interface contract

Web Application Description Language

RESTful API Modeling Language

Revisiting the features offered in WADL, RAML, and Swagger

RESTful API Design Guidelines

RESTful API Design Guidelines

Designing RESTful web APIs

Fine-grained and coarse-grained resource APIs

Using header parameters for content negotiation

Multilingual RESTful web API resources

Representing date and time in RESTful web resources

Implementing partial response

Implementing partial update

Returning modified resources to the caller

Paging a resource collection

Implementing search and sort operations

Versioning RESTful web APIs

Caching RESTful web API results

Using HTTP status codes in RESTful web APIs

Overriding HTTP methods

Documenting RESTful web APIs

Asynchronous execution of RESTful web APIs

Microservice architecture style for RESTful web application

The Role of RESTful APIs in Emerging Technologies

The Role of RESTful APIs in Emerging Technologies

Internet of things

Modern web applications

Using Open Data Protocol with RESTful web APIs

Useful Features and Techniques

Useful Features and Techniques

Tools for building a JAX-RS application

Integration testing of JAX-RS resources with Arquillian

Using third-party entity provider frameworks with Jersey

Packaging and deploying JAX-RS applications

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Key considerations for securing RESTful services

In the previous sections, we covered in detail the various techniques for securing the RESTful services. Some of the best practices, apart from authentication and authorization, that are worth considering for securing RESTful services are listed as follows:

A whitelist is a list of allowable actions on an entity; it is the reverse of blacklisting. It is important for a RESTful service to mention only the allowable action verbs such as GET/POST, so the other actions, even if triggered by the client, are denied.
Validation of the URL is a must for RESTful services, as attackers tamper with the URL to perform injection attacks. Avoid encoding sensitive information in the URL.
Ensure that the RESTful service definition includes the allowed content type.
Ensure that the perimeter-level security is enabled using firewalls for enterprise...