Search Results

Search found 7444 results on 298 pages for 'zend rest'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 50/298 | < Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >

  • Restful Java based web services in json + html5 and javascript no templates (jsp/jsf/freemarker) aka fat/thick client

    - by Ismail Marmoush
    I have this idea of building a website which service JSON data through restful services framework. And will not use any template engines like jsp/jsf/freemarker. Just pure html5 and Javascript libs. What do you think of the pros and cons of such design ? Just for elaboration and brain storming a friend of mine argued with the following concerns: sounds like gwt this way you won't have any control over you service api for example say you wanna charge the user per request how will you handle it? how will you control your design and themes? what about the 1st request the browser make? not easy with this all of the user's requests will come with "Accept" header "application/json" how will you separate browser from abuser? this way all of your public apis will be used by third party apps abusively and you won't be able to lock it since you won't be able to block the normal user browser We won't use compiled html anyway but may be something like freemarker and in that case you won't expose any of your json resources to the unauthorized user but you will expose all the html since any browser can access them all the well known 1st class services do this can you send me links to what you've read? keep in mind the DOM based XSS it will be a nightmare ofc, if what you say is applicable.

    Read the article

  • When should I use AtomPub?

    - by Gary Rowe
    I have been conducting some research into RESTful web service design and I've reached what I think is a key decision point so I thought I'd offer it up to the community to get some advice. In keeping with the principles of a RESTful architecture I want to present a discoverable API, so I will be supporting the various HTTP verbs as fully as possible. My difficulty comes with the choice of representation of those resources. You see, it would be easy for me to come up with my own API that covers how search results are to be presented and how links to other resources are provided, but this would be unique to my application. I've read about the Atom Publishing Protocol (RFC 5023), and how OData promotes its use, but it seems to add an extra level of abstraction over what is (currently) a rather simple API. So my question is, when should a developer select AtomPub as their choice of representation - if at all? And if not, what is the current recommended approach?

    Read the article

  • Jersey 1.8 is released

    - by Jakub Podlesak
    On the last Friday, we have released the 1.8 version of Jersey, the open source, production quality, reference implementation of JAX-RS. The JAX-RS 1.1 specification is available at the JCP web site and also available in non-normative HTML here. For an overview of JAX-RS features read the Jersey user guide. To get started with Jersey read the getting started section of that guide. To understand more about what Jersey depends on read the dependencies section of that guide. See change log here. This, 1.8, version of Jersey is going to be integrated into GlassFish 3.1.1 and contains bug fixes mainly. The most important fix from this perspective is included in the JAX-RS/EJB integration layer. It is now possible to implement JAX-RS resources as EJB Session beans, which implement local and/or remote interfaces. This functionality was broken in previous releases. Another great addition should come into the client space, where Pavel has already done some preparation in the client API (including some breaking changes there) for the non-blocking asynchronous client feature. The implementation is already part of the experimental Jersey space and should be included as part of the stable Jersey bits in some of the coming releases. For feedback send email to: [email protected] (archived here) or log bugs/features here.

    Read the article

  • Restful WebAPI VS Regular Controllers

    - by Rohan Büchner
    I'm doing some R&D on what seems like a very confusing topic, I've also read quite a few of the other SO questions, but I feel my question might be unique enough to warrant me asking. We've never developed an app using pure WebAPI. We're trying to write a SPA style app, where the back end is fully decoupled from the front end code Assuming our service does not know anything about who is accessing/consuming it: WebAPI seems like the logical route to serve data, as opposed to using the standard MVC controllers, and serving our data via an action result and converting it to JSON. This to me at least seems like an MC design... which seems odd, and not what MVC was meant for. (look mom... no view) What would be considered normal convention in terms of performing action(y) calls? My sense is that my understanding of WebAPI is incorrect. The way I perceive WebAPI, is that its meant to be used in a CRUD sense, but what if I want to do something like: "InitialiseMonthEndPayment".... Would I need to create a WebAPI controller, called InitialiseMonthEndPaymentController, and then perform a POST... Seems a bit weird, as opposed to a MVC controller where i can just add a new action on the MonthEnd controller called InitialisePayment. Or does this require a mindset shift in terms of design? Any further links on this topic will be really useful, as my fear is we implement something that might be weird an could turn into a coding/maintenance concern later on?

    Read the article

  • Building non (jsp/freemarker) template based website [on hold]

    - by Ismail Marmoush
    If my web app is supposed to work in one page, something like asana.com, and I wanted to make the whole website free of templates, meaning I would serve data and make js/mobile app call them, or even let other developers create new interfaces for it. So is it acceptable to have such a design for such a problem ? or you think I would eventually have use jsps/freemarker for a certain case. I found something when I started asking the right questions, here is it wiki: Single Page Application

    Read the article

  • RESTFul: state changing actions

    - by Miro Svrtan
    I'am planning to build RESTfull API but there are some architectural questions that are creating some problems in my head. Adding backend bussiness logic to clients is option that I would like to avoid since updating multiple client platforms is hard to maintain in real time when bussiness logic can rapidly change. Lets say we have article as a resource ( api/article ), how should we implement actions like publish, unpublish,activate or deactivate and so on but to try to keep it as simple as possible? 1) Should we use api/article/{id}/{action} since a lot of backend logic can happen there like pushing to remote locations or change of multiple properties. Probably the hardest thing here is that we need to send all article data back to API for updating and multiuser work could not be implemented. For instance editor could send 5 seconds older data and overwrite fix that some other journalist just did 2 seconds ago and there is no way that I could explain to clients this since those publishing an article is really not in any way connected to updating the content. 2) Creating new resource can also be an option, api/article-{action}/id , but then returned resource would not be article-{action} but article which I'am not sure if this is proper. Also in server side code article class is handling actuall work on both resource and I'm not sure if this goes against RESTfull thinking Any suggestions are welcomed..

    Read the article

  • How should an API use http basic authentication

    - by user1626384
    When an API requires that a client authenticates to it, i've seen two different scenarios used and I am wondering which case I should use for my situation. Example 1. An API is offered by a company to allow third parties to authenticate with a token and secret using HTTP Basic. Example 2. An API accepts a username and password via HTTP Basic to authenticate an end user. Generally they get a token back for future requests. My Setup: I will have an JSON API that I use as my backend for a mobile and web app. It seems like good practice for both the mobile and web app to send along a token and secret so only these two apps can access the API blocking any other third party. But the mobile and web app allow users to login and submit posts, view their data, etc. So I would want them to login via HTTP Basic as well on each request. Do I somehow use a combination of both these methods or only send the end user credentials (username and token) on each request? If I only send the end user credentials, do I store them in a cookie on the client?

    Read the article

  • Jersey 2.0 Integrated into GlassFish 4.0

    - by Jakub Podlesak
    The latest promoted build of GlassFish 4.0 (glassfish-4.0-b43.zip) now contains upgraded Jersey version, 2.0-m05. Users are getting an early access to the implementation of some parts of the JAX-RS 2.0 API Early Draft Review 3. The appropriate JAX-RS bundle, version 2.0-m09 , gets bundled into GlassFish 4.0 as well. What should work The simple answer is: all the basic stuff. We have particularly tested the following two examples: simple hello world webapp multipart webapp Both above linked archives contain adjusted projects, so that resulting war files do not bundle any Jersey dependencies. Both also use Jersey 2 specific Servlet class, org.glassfish.jersey.servlet.ServletContainer, for deployment. See Martin's blog post on how to package war applications capable of running with both Jersey 1 and Jersey 2 ServletContainer classes. What has not been covered yet The main areas, which have not been touched yet in Jersey 2 are: EJB integration CDI integration Validation These are also the areas where we are going to spend the most of our cycles in the coming month.

    Read the article

  • Standard -server to server- and -browser to server- authentication method

    - by jeruki
    I have server with some resources; until now all these resources were requested through a browser by a human user, and the authentication was made with an username/password method, that generates a cookie with a token (to have the session open for some time). Right now the system requires that other servers make GET requests to this resource server but they have to authenticate to get them. We have been using a list of authorized IPs but having two authentication methods makes the code more complex. My questions are: Is there any standard method or pattern to authenticate human users and servers using the same code? If there is not, are the methods I'm using now the right ones or is there a better / more standard way to accomplish what I need? Thanks in advance for any suggestion.

    Read the article

  • Web api authentication techniques

    - by Steve
    We have a asp.net MVC web service framework for serving out xml/json for peoples Get requests but are struggling to figure out the best way (fast, easy, trivial for users coding with javascript or OO languages) to authenticate users. It's not that our data is sensitive or anything, we just want users to register so we can have their email address to notify them of changes and track usage. In our previous attempt we had the username in the URI and would just make sure that username existed and increment db tables with usage. This was super basic but we'd notice people using demo as a username etc so we need it to be a little more sophisticated. What authentication techniques are available? What do the major players use/do.

    Read the article

  • How to handle fine grained field-based ACL permissions in a RESTful service?

    - by Jason McClellan
    I've been trying to design a RESTful API and have had most of my questions answered, but there is one aspect of permissions that I'm struggling with. Different roles may have different permissions and different representations of a resource. For example, an Admin or the user himself may see more fields in his own User representation vs another less-privileged user. This is achieved simply by changing the representation on the backend, ie: deciding whether or not to include those fields. Additionally, some actions may be taken on a resource by some users and not by others. This is achieved by deciding whether or not to include those action items as links, eg: edit and delete links. A user who does not have edit permissions will not have an edit link. That covers nearly all of my permission use cases, but there is one that I've not quite figured out. There are some scenarios whereby for a given representation of an object, all fields are visible for two or more roles, but only a subset of those roles my edit certain fields. An example: { "person": { "id": 1, "name": "Bob", "age": 25, "occupation": "software developer", "phone": "555-555-5555", "description": "Could use some sunlight.." } } Given 3 users: an Admin, a regular User, and Bob himself (also a regular User), I need to be able to convey to the front end that: Admins may edit all fields, Bob himself may edit all fields, but a regular User, while they can view all fields, can only edit the description field. I certainly don't want the client to have to make the determination (or even, for that matter, to have any notion of the roles involved) but I do need a way for the backend to convey to the client which fields are editable. I can't simply use a combination of representation (the fields returned for viewing) and links (whether or not an edit link is availble) in this scenario since it's more finely grained. Has anyone solved this elegantly without adding the logic directly to the client?

    Read the article

  • How should I handle a redirect to an identity provider during a web api data request

    - by Erds
    Scenario I have a single-page web app consisting purely of html, css, and javascript. After initial load and during use, it updates various views with data from one or more RESTful apis via ajax calls. The api calls return data in a json format. Each web api may be hosted on independent domains. Question During the ajax callout, if my authorization token is not deemed valid by the web api, the web api will redirect me (302) to the identity provider for that particular api. Since this is an ajax callout for data and not necessarily for display, i need to find a way to display the identity provider's authentication page. It seems that I should trap that redirect, and open up another view to display the identity provider's login page. Once the oauth series of redirects is complete, i need to grab the token and retrigger my ajax data call with the token attached. Is this a valid approach, and if so are there any examples showing the ajax handling of the redirects?

    Read the article

  • Applying DDD principles in a RESTish web service

    - by Andy
    I am developing an RESTish web service. I think I got the idea of the difference between aggregation and composition. Aggregation does not enforce lifecycle/scope on the objects it references. Composition does enforce lifecycle/scope on the objects it contain/own. If I delete a composite object then all the objects it contain/own are deleted as well, while the deleting an aggregate root does not delete referenced objects. 1) If it is true that deleting aggregate roots does not necessary delete referenced objects, what sense does it make to not have a repository for the references objects? Or are aggregate roots as a term referring to what is known as composite object? 2) When you create an web service you will have multiple endpoints, in my case I have one entity Book and another named Comment. It does not make sense to leave the comments in my application if the book is deleted. Therefore, book is a composite object. I guess I should not have a repository for comments since that would break the enforcement of lifecycle and rules that the book class may have. However I have URL such as (examples only): GET /books/1/comments POST /books/1/comments Now, if I do not have a repository for comments, does that mean I have to load the book object and then return the referenced comments? Am I allowed to return a list of Comment entities from the BookRepository, does that make sense? The repository for Book may eventually become rather big with all sorts of methods. Am I allowed to write JPQL (JPA queries) that targets comments and not books inside the repository? What about pagination and filtering of comments. When adding a new comment triggered by the POST endpoint, do you need to load the book, add the comment to the book, and then update the whole book object? What I am currently doing is having a own CommentRepository, even though the comments are deleted with the book. I could need some direction on how to do it correct. Since you are exposing not only root objects in RESTish services I wonder how to handle this at the backend. I am using Hibernate and Spring.

    Read the article

  • POST and PUT requests – is it just the convention?

    - by bckpwrld
    I've read quite a few articles on the difference between POST and PUT and in when the two should be used. But there are still few things confusing me ( hopefully questions will make some sense ): 1) We should use PUT to create resources when we want clients to specify the URI of the newly created resources and we should use POST to create resources when we let service generate the URI of the newly created resources. a) Is it just by convention that POST create request doesn't contain an URI of the newly created resource or POST create request actually can't contain the URI of the newly created resource? b) PUT has idempotent semantics and thus can be safely used for absolute updates ( ie we send entire state of the resource to the server ), but not also for relative updates ( ie we send just changes to the resource state ), since that would violate its semantics. But I assume it's still possible for PUT to send relative updates to the server, it's just that in that case the PUT update won't be idempotent? 2) I've read somewhere that we should "use POST to append a resource to a collection identified by a service-generated URI". a) What exactly does that mean? That if URIs for the resources were generated by a server ( thus the resources were created via POST ), then ALL subsequent resources should also be created via POST? Thus, in such situation no resource should be created via PUT? b) If my assumption under a) is correct, could you elaborate why we shouldn't create some resources via POST and some via PUT ( assuming server already contains a collection of resources created via POST )? REPLY: 1) Please correct me if I'm wrong, but from your post and from the link you've posted, it seems: a) The Request-URI in POST is interpreted by server as the URI of the service. Thus, it could just as easily be interpreted as an URI of a newly created resource, if server code was written to recognize Request-URI as such b) Similarly, PUT is able to send relative updates, it's just that service code is usually written such that it will complain if PUT updates are relative. 2) Usually, create has fallen into the POST camp, because of the idea of "appending to a collection." It's become the way to append a resource to a list of resources. I don't quite understand the reasoning behind the idea of "appending to a collection" and why this idea prefers POST for create. Namely, if we create 10 resources via PUT, then server will contain a collection of 10 resources and if we then create another resource, then server will append this resource to that collection ( which will now contain 11 resources )?! Uh, this is kinda confusing thank you

    Read the article

  • How to indicate to a web server the language of a resource

    - by Nik M
    I'm writing an HTTP API to a publishing server, and I want resources with representations in multiple languages. A user whose client GETs a resource which has Korean, Japanese and Trad. Chinese representations, and sends Accept-Language: en, ja;q=0.7 should get the Japanese. One resource, identified by one URI, will therefore have a number of different language representations. This seems to me like a totally orthodox use of content negotiation and multiple resource representations. But when each translator comes to provide these alternate language representations to the server, what's the correct way to instruct the server which language to store the representation under? I'm having the translators PUT the representation in its entirety to the same URI, but I can't find out how to do this elegantly. Content-Language is a response header, and none of the request headers seem to fit the bill. It seems my options are Invent a new request header Supply additional metadata in a multipart/related document Provide language as a parameter to the Content-Type of the request, like Content-Type: text/html;language=en I don't want to get into the business of extending HTTP, and I don't feel great about bundling extra metadata into the representation. Neither approach seems friendly to HTTP caches either. So option 3 seems like the best way that I can think of, but even then it's decidedly non-standard to put my own specific parameters on a very well established content type. Is there any by-the-book way of achieving this?

    Read the article

  • URIs and Resource vs Resource representation

    - by bckpwrld
    URL is an URI which identifies a resource by location. Resource representation is a view of resource's state. This view is encoded in one or more transferable formats, such as XHTML, Atom, XML, MP3 ... URIs associate resource representations with their resources a) So I assume URI identifies a resource and not resource representation? b) I've read that relationship between an URI and resource representation is one to many. Assuming we're talking about URL, how can a single URL address more than one resource representation? thank you

    Read the article

  • Using a random string to authenticate HMAC?

    - by mrwooster
    I am designing a simple webservice and want to use HMAC for authentication to the service. For the purpose of this question we have: a web service at example.com a secret key shared between a user and the server [K] a consumer ID which is known to the user and the server (but is not necessarily secret) [D] a message which we wish to send to the server [M] The standard HMAC implementation would involve using the secret key [K] and the message [M] to create the hash [H], but I am running into issues with this. The message [M] can be quite long and tends to be read from a file. I have found its very difficult to produce a correct hash consistently across multiple operating systems and programming languages because of hidden characters which make it into various file formats. This is of course bad implementation on the client side (100%), but I would like this webservice to be easily accessible and not have trouble with different file formats. I was thinking of an alternative, which would allow the use a short (5-10 char) random string [R] rather than the message for autentication, e.g. H = HMAC(K,R) The user then passes the random string to the server and the server checks the HMAC server side (using random string + shared secret). As far as I can see, this produces the following issues: There is no message integrity - this is ok message integrity is not important for this service A user could re-use the hash with a different message - I can see 2 ways around this Combine the random string with a timestamp so the hash is only valid for a set period of time Only allow each random string to be used once Since the client is in control of the random string, it is easier to look for collisions I should point out that the principle reason for authentication is to implement rate limiting on the API service. There is zero need for message integrity, and its not a big deal if someone can forge a single request (but it is if they can forge a very large number very quickly). I know that the correct answer is to make sure the message [M] is the same on all platforms/languages before hashing it. But, taking that out of the equation, is the above proposal an acceptable 2nd best?

    Read the article

  • Should HTTP Verbs Be Used Semantically?

    - by Xophmeister
    If I'm making a web application which integrates with a server-side backend, would it be considered best practice to use HTTP methods semantically? That is, for example, if I'm fetching data (e.g., to populate a menu, etc.), I would use GET, but to update data (e.g., save a record), I would use POST. (I realise there are other methods that may be even more appropriate, but we need to consider browser support.) I can see the benefits of this in the sense that it's effectively a RESTful API, but at a slightly increased development cost. In my previous projects, I've POST'd everything: Is it worth switching to a RESTful mindset simply for the sake of best practice?

    Read the article

  • Alternatives to OAuth?

    - by sdolgy
    The Web industry is shifting / has shifted towards using OAuth when extending API services to external consumers & developers. There is some elegance in simple....and well, the 3-step OAuth process isn't too bad ... i just find it is the best of a bad bunch of options. Are there alternatives out there that could be better, and more secure? The security reference is derived from the following URLs: http://www.infoq.com/news/2010/09/oauth2-bad-for-web http://hueniverse.com/2010/09/oauth-2-0-without-signatures-is-bad-for-the-web/

    Read the article

  • Initiating processing in a RESTful manner

    - by tom
    Let's say you have a resource that you can do normal PUT/POST/GET operations on. It represents a BLOB of data and the methods retrieve representations of the data, be they metadata about the BLOB or the BLOB itself. The resource is something that can be processed by the server on request. In this instance a file that can be parsed multiple times. How do I initiate that processing? It's a bit RPC like. Is there best practice around this? (First time on programmers. This is the right place for this sort of question, right?)

    Read the article

  • how should I change the representation (not mimetype) of a resource?

    - by xenoterracide
    I'm looking at how I can change the representation of a payload at runtime for varied potential advantages, but I'm not sure how to do it. Specifically collections. Array of Pairs [{ <resource_uri> : { <entity> }, ...}] Array of Objects [<entity>,...] Array of Resources [<resource_uri>] Map of entities { <resource_uri> : { <entity> }, ... } My problem is, I'm not sure if I should put these different representations of the sets at different URI's, give them slightly varied mime types, e.g. application/foomap+json or perhaps use an optional query parameter ?format=map, or resource /entities/map. The UI is going to hide this, this is for programmatic web service access only (which the "UI's JS will have to call).

    Read the article

  • Is is OK to use a non-primary key as the id in a rails resource?

    - by nPn
    I am getting ready to set up a resource for some new api calls to my rails application. I am planning on calling the resource devices ie resources :devices This is going to represent a android mobile devices I know this will get me routes such as GET devices/:id In most cases :id would be an integer representing the primary key, and in the controller we would use :id as such: GET devices/1 @device = Device.find(params[:id]) In this case I would like to use :id as the google_cloud_messaging_reg_id So I would like to have requests like this: GET devices/some_long_gcm_id and then in the controller , just us params[:id] to look up the device by the gcm registration id. This seem more natural, since the device will know it's gcm id rather than it's rails integer id. Are there any reasons I should avoid doing this?

    Read the article

  • Building Website with JAX-RS (Jersey)

    - by 0xMG
    Is it discouraged/not-common to build Websites (not web-services!) using Jersey or any other JAX-RS implementation ? I didn't find any guide/tutorial/article regarding that.. At first impression , it seems to me that building website using Jersey (with JSPs as Viewables) is easier and more efficient than using Servlets & JSPs. If anyone did it before , I will be pleased to get tips, Do's & Don'ts, best practices etc... And maybe a good tutorial.

    Read the article

  • Exception: Zend Extension ./filename.php does not exist

    - by safarov
    When i try to execute php file though CLI this message appear: Exception: Zend Extension ./filename.php does not exist But while run like this /usr/local/bin/php -q -r "echo 'test';" works as expected I tried to figure out what causing this, no success yet. Here some information about enviroment may be usefull: I have eaccelerator installed (working ok). In php.ini: zend_extension="/usr/local/lib/php/extensions/no-debug-non-zts-20100525/eaccelerator.so" eaccelerator.shm_size="16" eaccelerator.cache_dir="/var/cache/eaccelerator" eaccelerator.enable="1" eaccelerator.optimizer="1" eaccelerator.check_mtime="1" eaccelerator.debug="0" eaccelerator.filter="" eaccelerator.shm_ttl="0" eaccelerator.shm_prune_period="0" eaccelerator.shm_only="0" Apache and all sites are working Content of filename.php #!/usr/local/bin/php -q <?php echo 'test'; ?> What is the problem ?

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 46 47 48 49 50 51 52 53 54 55 56 57  | Next Page >