REpresentational State Transfer (REST) is a stateless client-server architecture in which the web services are viewed as resources that can be identified by their URIs
RE refers to the variety of representation types, such as XML, JSON, and more
REST is not protocol-specific, however people link it to HTTP
REST is not secure by default
Lack of statefulness enables scalability. Many concurrent clients can access a REST endpoint.
What is a resource?
- Web resources are provided by a Web Service, in a textual representation and can be read and modified with a stateless protocol and a predefined set of operations (GET, POST, .. )
- Resource is identified by a unique URI
- Resource can be image, file, html, etc..
- example: www.codeinpackets.com/certifications/Spring/5
Is REST secure? What can you do to secure it?
- No
- Connection Security level: Api should provide only HTTPS endpoints to ensure communication is encrypted with SSL/TLS
- API Access Control level:
- HTTP Basic Auth - credentials sent in HTTP header encoded
- JSON Web Tokens - credentials as JSON data structures (can be signed cryptographically)
- OAuth - for authentication and authorization
What are safe REST operations?
- Safe operations do not alter the state of the resources on the server
- GET, HEAD, OPTIONS, TRACE
What are idempotent operations? Why is idempotency important?
- GET, PUT, DELETE
- Idempotent operations cannot alter resources, no matter how many times they are executed
Is REST scalable and/or interoperable?
- Yes, both scalable and interoperable
- Scalable because the server can send a response to client request regardless of any session afinity or sticky session, as such there is not. This lack of session information enables serving a large quantity of request simultaneously.
- Interoperable: REST is platform independent like the web services and language independent. CRUD can be freely implemented by any language. Also, supports many data formats, like xml,j son
Which HTTP methods does REST use?
- GET Read
- PUT Update/Replace
- PATCH Partial Update/Modify
- DELETE Delete
What is an HttpMessageConverter?
- Used to marshall and unmarshall Java Objects to and from JSON, XML, etc over HTTP.
- Each HttpMessageConverter implementation has one or several associated MIME Types.
- MappingJackson2HttpMessageConverter is used for JSON format
- When receiving a new request, Spring matches the "Content-Type" header with "consumes" attribute of @RequestMapping, to decide what HttpMessageConverter to use for reading the message
- and matches “Accept” header with "produces" attribute of @RequestMapping, to determine the media type that it needs to respond with. It will then try to find a registered converter that's capable of handling that specific media type. Finally, it will use this to convert the entity and send back the response.
- More: https://codingnconcepts.com/spring-boot/jackson-json-request-response-mapping/
Is @Controller a stereotype? Is @RestController a stereotype?
- @Controller, @Repository and @Service are annotated with @Component, so they are stereotypes. @RestController is annotated with @Controller, so it's a stereotype.
- The @RestController annotation in Spring is essentially just a combination of @Controller and @ResponseBody.
- Stereotype annotations are markers for any class that fulfills a role within an application. This helps remove, or at least greatly reduce, the Spring XML configuration
What is the difference between @Controller and @RestController?
- The @RestController annotation in Spring is essentially just a combination of @Controller and @ResponseBody.
- All @RestController handler methods return straight to the response body, not in a Model or View in MVC terms
When do you need to use @ResponseBody?
- The @ResponseBody annotation tells a controller that the object returned is automatically serialized into JSON and passed back into the HttpResponse object.
- Use in class level in @Controller, when we need a REST controller
- Use in method level to return serialized data to response body (using HttpMessageConverter), instead of just passing the model and view.
What are the HTTP status return codes for a successful GET, POST, PUT or DELETE operation?
- PUT - 200 (OK), 201(Created), 204 (No Content)
- DELETE - 20, 202(Accepted), 204
- POST - 201
- GET - 200
- Generally, response codes:
- 1**: Informs about ongoing request process
- 2**: Success (parsed correctly and accepted)
- 3**: Redirection must take place for completion
- 4**: Client error - Invalid request
- 5**: Server error - Server unavailable
When do you need to use @ResponseStatus?
- Annotate exception class to define returning error code and reason
- Annotate controller methods to override original response status (also disables DispatcherServlet from acquiring a view)
Where do you need to use @ResponseBody? What about @RequestBody?
@RequestBody annotation maps the HttpRequest body to a transfer or domain object, enabling automatic deserialization of the inbound HttpRequest body onto a Java object.
What Spring Boot starter would you use for a Spring REST application?
The spring-boot-starter-web is a starter for building web, including RESTful, applications using Spring MVC. It uses Tomcat as the default embedded container.
If you saw an example using RestTemplate, would you understand what it is doing?
- RestTemplate implements a synchronous HTTP client that facilitates sending and receiving requests in a RESTful manner.
- URI template creation and encoding is supported
- Conversion between domain and HTTP is supported
- Provides a high-level API for setting up requests, for example: getForObject, getForEntity, headForHeaders, postForObject
- Example:
-----------------------------------------------------------------------------------------------------
Questions from EDU-1202 exam (2021)
Does Spring implements JAX-RS, or provides some implementation of it, or it is irrelevant?
- Spring's REST does not relate to JAX-RS specification.
Δεν υπάρχουν σχόλια:
Δημοσίευση σχολίου
What may be missing, or could get better?