I'm currently working on a project to develop some web services, and we've chosen Apache CXF as the technology of choice. We're working with a contract-last methodology (We're coding our service and allowing CXF to generate the wsdl for us.) While we have been able to use Java-WS annotations to set certain fields as required, we have been unable to figure out how to impose character limits on strings elements in the wsdl. While it isn't a huge deal (we're fairly close with the vendor we're working with, so a casual agreement to not let the requests coming to us exceed said length is enough for now), we are curious is there is a way to do this.
Is there a way to with CFX to impose something like a 20 character limit on an input string?
This isn't something that JAXB provides. However, there is a project that has forked the jaxb-ri that adds support for this:
https://github.com/whummer/jaxb-facets
If you don't need to have the facet reflected in the WSDL, you could just do the validation as part of the setter method of the JAXB beans.
setName(String s) {
if (s.length() > 20) thrown new Exception(....);
name = s;
}
There are also some events that the JAXB bean could respond to after unmarshalling where you could validate things. See the afterUnmarshall descriptions in the javadoc: http://docs.oracle.com/javase/6/docs/api/javax/xml/bind/Unmarshaller.html
When you do a bottom up approach to webservice(i.e. impl first, WSDL later), you are at the webservice engine's mercy wrt to thew restrictions on the datatypes.
But if you go thru the top-down approach(WSDL first, impl later), you can eliminate those kind of problems, but would require you to know how to develop WSDLs and apply facets (restrictions).
Fortunately, CXF supports both, and you can give a try to wsdl2java.
Also remember, adding a facet doesn't mean that it will be enforced by the webservice engine. Most of the engines just ignore it, though I am not sure about CXF.
Related
I am learning the spring 5 webflux and reactive streams. And there are new HandlerFunctions and RouterFunctions to implement the Http requests and response.
and as per the documentations:
The annotation counterpart to a handler function would be a method with #RequestMapping.
As #RequestMapping is quite easy to handle, implement and understand, then why is there a need of more complex and difficult way to handle Http request and response via this HandlerFunctions and RouterFunction utility?
Please suggest.
Spring WebFlux gives you two different styles: annotations and functional.
Depending on the type of application that you'd like to build, the constraints that you have to deal with - one or the other might be more relevant. You can even mix both in the same application.
The annotation-based model is very successful, but it also comes with a few limitations, mostly because of Java annotations themselves:
the code path is not always clear, unless you know the internals of Spring Framework (do you know where handler mappings are detected? matched against incoming requests?)
it's using reflection, which has a cost
it can be hard to debug and extend
The functional variant tries to fix those issues and embrace a functional style (with the JDK8 function API) and immutability. It's got a "more library; less framework" touch to it, meaning that you're more in control of things. Here's an example: with RouterFunction, you can chain RequestPredicates and they are executed in order, so you're in full control of what ultimately handles the incoming request. With the annotations model, the most specific handler will be selected, by looking at the annotations on the method and the incoming request.
If you're perfectly happy with the annotations model, there's no reason to switch. But again, you can mix both and maybe you'll find the functional model handy. In my opinion, trying it even if you don't plan on adopting it won't hurt - worst case scenario this will broaden a bit your perspective as a developer and show you a different way of doing things.
For more on that, you can check out Arjen Poutsma's talk on the functional web framework in Spring WebFlux.
It's not needed, and doesn't break webflux. I'd use #RequestMapping, if you don't have special needs making HandlerFunction neccessary.
For RouterFunctions: If you don't want to use JSON parsing, and want to modify the ServerRequest directly (e.g. have the raw InputStream), you'd have to use the RouterFunctions (AFAIK). You'd then return a raw stream (Mono), too. I had a case, where I needed to play proxy with a little bit extra, and thus needed to avoid the JSON parsing, that you'd usually have with #RequestMapping
I really like all the boilerplate code Spring Data Rest writes for you, but I'd rather have just a 'regular?' REST server without all the HATEOAS stuff. The main reason is that I use Dojo Toolkit on the client side, and all of its widgets and stores are set up such that the json returned is just a straight array of items, without all the links and things like that. Does anyone know how to configure this with java config so that I get all the mvc code written for me, but without all the HATEOAS stuff?
After reading Oliver's comment (which I agree with) and you still want to remove HATEOAS from spring boot.
Add this above the declaration of the class containing your main method:
#SpringBootApplication(exclude = RepositoryRestMvcAutoConfiguration.class)
As pointed out by Zack in the comments, you also need to create a controller which exposes the required REST methods (findAll, save, findById, etc).
So you want REST without the things that make up REST? :) I think trying to alter (read: dumb down) a RESTful server to satisfy a poorly designed client library is a bad start to begin with. But here's the rationale for why hypermedia elements are necessary for this kind of tooling (besides the probably familiar general rationale).
Exposing domain objects to the web has always been seen critically by most of the REST community. Mostly for the reason that the boundaries of a domain object are not necessarily the boundaries you want to give your resources. However, frameworks providing scaffolding functionality (Rails, Grails etc.) have become hugely popular in the last couple of years. So Spring Data REST is trying to address that space but at the same time be a good citizen in terms of restfulness.
So if you start with a plain data model in the first place (objects without to many relationships), only want to read them, there's in fact no need for something like Spring Data REST. The Spring controller you need to write is roughly 10 lines of code on top of a Spring Data repository. When things get more challenging the story gets becomes more intersting:
How do you write a client without hard coding URIs (if it did, it wasn't particularly restful)?
How do you handle relationships between resources? How do you let clients create them, update them etc.?
How does the client discover which query resources are available? How does it find out about the parameters to pass etc.?
If your answers to these questions is: "My client doesn't need that / is not capable of doing that.", then Spring Data REST is probably the wrong library to begin with. What you're basically building is JSON over HTTP, but nothing really restful then. This is totally fine if it serves your purpose, but shoehorning a library with clear design constraints into something arbitrary different (albeit apparently similar) that effectively wants to ignore exactly these design aspects is the wrong approach in the first place.
Hi Guys : It seems like the SOAP/WSDL world was very high on generating objects from data models, but I cannot tell wether the REST approach to web services favors the same approach. In my opinion, it seems as though JSON is emerging as the new common, native object format for most languages, thus obviating any need for language specific APIs. However, I'm new to the web services game.
Thus my question is : Are there tools which can autogenerate REST client side objects for us? And secondarily, is it customary in the web-services world, to provide client side objects for dealing with REST data (as is neccessary for dealing with SOAP data) ?
What the "REST world" doesn't quite have in the same way as the "SOAP world" is a service description language like WSDL. At least, it's not quite as uniform.
There is of course HTML. Behind REST is the Web, and it would be unfair to dismiss HTML, since it has precisely the purpose of describing what you can do with the service. The downside is that it's not very computer-friendly in its most common form. Hence, there is no html2java that will turn your forms into objects. In addition, the programming model would be quite different to remote objects, which tools like wsdl2java tend to incur.
There is WADL, but it's not necessarily wide-spread. There is a wadl2java tool (see this question too perhaps).
It also depends on what you call a "REST" web service: does it really make proper use of the hypermedia, or is it just sending XML/JSON to a nice-looking URL.
We run multiple websites which use the same rich functional backend running as a library. The backend is comprised of multiple components with a lot of objects shared between them. Now, we need to separate a stateless rule execution component into a different container for security reasons. It would be great if I could have access to all the backend objects seamlessly in the rules component (rather than defining a new interface and objects/adapters).
I would like to use a RPC mechanism that will seamlessly support passing our java pojos (some of them are hibernate beans) over the wire. Webservices like JAXB, Axis etc. are needing quite a bit of boiler plate and configuration for each object. Whereas those using Java serialization seem straightforward but I am concerned about backward/forward compatibility issues.
We are using Xstream for serializing our objects into persistence store and happy so far. But none of the popular rpc/webservice framework seem use xstream for serialization. Is it ok to use xstream and send my objects over HTTP using my custom implementation? OR will java serialization just work OR are there better alternatives?
Advance thanks for your advise.
The good thing with standard Java serialization is that it produces binary stream which is quite a bit more space- and bandwidth-efficient than any of these XML serialization mechanisms. But as you wrote, XML can be more back/forward compatibility friendly, and it's easier to parse and modify by hand and/or by scripts, if need arises. It's a trade-off; if you need long-time storage, then it's advisable to avoid plain serialization.
I'm a happy XStream user. Zero problems so far.
I've inherited this really weird codebase where they've built an external web service over a bunch of internal web services just to add authentication/authorization using WS-Security, WS-Encryption, et al. Less than a month into this engagement, I'm already feeling the pain of coupling volatile components through rigid WSDL, esp considering some of them use WCF and other choose to go WSDL first. Managing various versions of generated proxies and wrappers at various levels is a nightmare!
I'll admit the design is over-complicated and could have been much better, but my question essentially is:
Would you ever build a web service just to provide a cross cutting concern over a bunch of services?
Would this be better implemented as web service handlers?
and lastly...
Would you categorize this under the Web Service Gateway pattern?
I saw that very thing being built one year ago. I almost cried when the team took months to build 4 web services, 2 of which simply wrapped other internal ones, using WCF and some serious encryption. The only reason they wrapped the internal ones was to change the potential error numbers coming back.
So, would I ever intentionaly do that? Nope.
Would it be better implemented as almost anything else? yep.
Would I categorize it under the WTF pattern? absolutely.
UPDATE:
One thing I just remembered is that there is an architecture called "Enterprise Service Bus" It's purpose is to provide a common interface into other SOA systems. This way it doesn't matter what the different applications use for their end point mechanisms (WCF, WSE 1/2/3, RESTful, etc).
BizTalk is one example of an ESB and there are many other off the shelf programs that can be used. Basically, your app passes a message to the ESB and it handles sending that message, in a reliable way, to the other systems as well as marshalling any responses back.
This also means that you could insulate other applications from many types of changes to the end points. Of course, if the new end points require additional information, then you'd have to modify the callers. However, if all they are changing is the mechanism then a good ESB would be able to handle those changes without impacting your app.
I have seen similar implementations if you are exposing the services to the outside world and if you need to tighten down the security..check this MSDN column..