Book Image

Modern API Development with Spring and Spring Boot

By : Sourabh Sharma

Book Image

Modern API Development with Spring and Spring Boot

By: Sourabh Sharma

Overview of this book

The philosophy of API development has evolved over the years to serve the modern needs of enterprise architecture, and developers need to know how to adapt to these modern API design principles. Apps are now developed with APIs that enable ease of integration for the cloud environment and distributed systems. With this Spring book, you'll discover various kinds of production-ready API implementation using REST APIs and explore async using the reactive paradigm, gRPC, and GraphQL. You'll learn how to design evolving REST-based APIs supported by HATEOAS and ETAGs and develop reactive, async, non-blocking APIs. After that, you'll see how to secure REST APIs using Spring Security and find out how the APIs that you develop are consumed by the app's UI. The book then takes you through the process of testing, deploying, logging, and monitoring your APIs. You'll also explore API development using gRPC and GraphQL and design modern scalable architecture with microservices. The book helps you gain practical knowledge of modern API implementation using a sample e-commerce app. By the end of this Spring book, you'll be able to develop, test, and deploy highly scalable, maintainable, and developer-friendly APIs to help your customers to transform their business.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Section 1: RESTful Web Services

Section 1: RESTful Web Services

Free Chapter

Chapter 1: RESTful Web Service Fundamentals

Chapter 1: RESTful Web Service Fundamentals

Technical requirements

Introducing REST APIs

Handling resources and URIs

Exploring HTTP methods and status codes

Learning HATEOAS

Best practices for designing REST APIs

An overview of the e-commerce app

Further reading

Chapter 2: Spring Concepts and REST APIs

Chapter 2: Spring Concepts and REST APIs

Technical requirements

Introduction to Spring

Learning the basic concepts of the Spring Framework

Purpose of servlet dispatcher

Further reading

Chapter 3: API Specifications and Implementation

Chapter 3: API Specifications and Implementation

Technical requirements

Designing APIs with OAS

Converting OAS to Spring code

Implementing the OAS code interfaces

Adding a Global Exception Handler

Further reading

Chapter 4: Writing Business Logic for APIs

Chapter 4: Writing Business Logic for APIs

Technical requirements

Overview of the service design

Adding a Repository component

@Repository annotation

Adding a Service component

Implementing hypermedia

Enhancing the controller with a service and HATEOAS

Adding ETags to API responses

Testing the APIs

Further reading

Chapter 5: Asynchronous API Design

Chapter 5: Asynchronous API Design

Technical requirements

Understanding Reactive Streams

Exploring Spring WebFlux

Understanding DispatcherHandler

Implementing Reactive APIs for our e-commerce app

Further reading

Section 2: Security, UI, Testing, and Deployment

Section 2: Security, UI, Testing, and Deployment

Chapter 6: Security (Authorization and Authentication)

Chapter 6: Security (Authorization and Authentication)

Technical requirements

Implementing authentication using Spring Security and JWT

Securing REST APIs with JWT

Configuring CORS and CSRF

Understanding authorization

Testing security

Further reading

Chapter 7: Designing a User Interface

Chapter 7: Designing a User Interface

Technical requirements

Learning React fundamentals

Exploring React components and other features

Configuration to remove unused styles in production

Designing e-commerce app components

Consuming APIs using Fetch

Implementing authentication

Further reading

Chapter 8: Testing APIs

Chapter 8: Testing APIs

Technical requirements

Testing APIs and code manually

Testing automation

Further reading

Chapter 9: Deployment of Web Services

Chapter 9: Deployment of Web Services

Technical requirements

Exploring the fundamentals of containerization

Building a Docker image

Deploying an application in Kubernetes

Further reading

Section 3: gRPC, Logging, and Monitoring

Section 3: gRPC, Logging, and Monitoring

Chapter 10: gRPC Fundamentals

Chapter 10: gRPC Fundamentals

Technical requirements

Introduction and gRPC architecture

Understanding service definitions

Exploring the RPC life cycle

Understanding the gRPC server and gRPC stub

Handling errors

Further reading

Chapter 11: gRPC-based API Development and Testing

Chapter 11: gRPC-based API Development and Testing

Technical requirements

Writing an API interface

Developing the gRPC server

Handling errors

Developing the gRPC client

Learning microservice concepts

Further reading

Chapter 12: Logging and Tracing

Chapter 12: Logging and Tracing

Technical requirements

Introducing logging and tracing

Installing the ELK stack

Implementing logging and tracing

Distributed tracing with Zipkin

Further reading

Section 4: GraphQL

Section 4: GraphQL

Chapter 13: GraphQL Fundamentals

Chapter 13: GraphQL Fundamentals

Technical requirements

Introducing GraphQL

Learning about the fundamentals of GraphQL

Designing a GraphQL schema

Testing GraphQL queries and mutations

Solving the N+1 problem

Further reading

Chapter 14: GraphQL API Development and Testing

Chapter 14: GraphQL API Development and Testing

Technical requirements

Workflow and tooling for GraphQL

Implementation of the GraphQL server

Documenting APIs

Test automation

Further reading

Assessments

Chapter 1 – RESTful Web Services Fundamentals

Chapter 2 – Spring Concepts and REST APIs

Chapter 3 – API Specifications and Implementation

Chapter 4 – Writing Business Logic for APIs

Chapter 5 – Asynchronous API Design

Chapter 6 – Security (Authorization and Authentication)

Chapter 7 – Designing the User Interface

Chapter 8 – Testing APIs

Chapter 9 – Deployment of Web Services

Chapter 10 – gRPC Fundamentals

Chapter 11 – gRPC-Based API Development and Testing

Chapter 12 – Logging and Tracing

Chapter 13 – GraphQL Fundamentals

Chapter 14 – GraphQL API Development and Testing

Other Books You May Enjoy

Other Books You May Enjoy

Packt is searching for authors like you

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Chapter 6 – Security (Authorization and Authentication)

The security context stores the principal using SecurityContextHolder and is always available in the same thread of execution. The security context allows you to extract the principal during the flow execution and use it wherever you want. This is where a security annotation such as @PreAuthorize makes use of it for validation. The principal is the currently logged-in user. It can either be an instance of UserDetails or a string carrying a username. You can use the following code to extract it:
```
Object principal = SecurityContextHolder
                   .getContext().getAuthentication().getPrincipal();
if (principal instanceof UserDetails) {
  String username = ((UserDetails)principal).getUsername();
} else {
  String username = principal.toString();
}
```
This is a subjective question. However, there is...