Whats Changed in the Second Edition?
In the four years or so since the first edition, there has been continuity as well as change.Web services remain a popular and arguably even dominant approach toward distributed software systems that is, systems that require the interaction of softwareon physically distinct devices. The Web itself is a prime example of a distributed system, and thecurrent trend is to blur the distinction between traditional, HTML-centric websites andmodern web services , which typically deliver XML or JSON payloads instead of HTML ones.Web servicesare an appealing way to create distributed systems because these services can piggyback on existing infrastructure suchas HTTP(S) transport, web servers, database systems, modern programming languages of various stripes, widespreadsoftware libraries for JSON and XML processing, security providers, and so on. Indeed, web services are a lightweight and flexibleway to integrate divergent software systems and to make the functionality of such systems readily accessible.
Java remains a major player in web services, and Java support for these services, in the form ofstandard and third-party software libraries and utilities, continues to improve. Yet two importantand related shifts in emphasis have occurred since this book was first published:
- The consumers or clients of web services are increasingly written in JavaScript, particularly inthe jQuery dialect, and these clients naturally prefer response payloads in JSON (JavaScript ObjectNotation) rather than in XML because a JSON document is the text representation of a native JavaScriptobject. A JavaScript client that receives, for example, an array of products as a JSON rather than an XMLdocument can process the array with the usual JavaScript programming constructs. By contrast, a JavaScript client thatreceives an XML payload would face a challenge common across programming languages: the challengeof parsing an XML document to extract its informational content before moving on to specific application logic.Modern web services andweb service frameworks acknowledge the growing popularity of JSON by treating JSON and XMLformats as equals. In some frameworks, such as Rails, JSON even gets the nod over XML.
- REST-style services are increasingly popular among familiar sitessuch as eBay, Facebook, LinkedIn, Tumblr, and Twitter. Amazon, a web service pioneer, continues to support REST-style and SOAP-basedversions of its services.The services from newer players tend to be REST-style for an obvious reason: REST-styleservices are relatively low fuss and their APIs are correspondingly simple. SOAP-based servicesstill are delivered mostly over HTTP(S), although Java and DotNet continue to explore the use of other protocols,especially TCP, for transport. The first edition of this book underscored that SOAP-based services over HTTP can beseen as a special case of REST-style services; the second edition pursues the same theme.
The two changes in web services are reflected in how the second edition is organized. begins with an overview of webservices, including the link between such services and Service-Oriented Architecture (SOA), and the chapterincludes a code-based contrast of SOA and the competing Distributed Object Architecture (DOA). The discussion thenturns to REST: what the acronym means, why HTTP can be treated as an API and not just a transport, and how the RESTfulmindset continues to impact the design and implementation of modernweb services. The first chapter includes sample HTTP clients in Java, clients that can be targeted at either websitesor web services.The first chapterends with a RESTful service implemented as a JSP script withsupport from two backend POJO classes; the service is published with the Tomcat web server. The first chapter goes into thedetails of installing and running Tomcat; the second chapter does the same for the Jetty web server. The aforementionedAnt script is also clarified so that the sample web services can be packaged and deployed automatically.
Although this edition ofthe book starts with REST-style services, SOAP-based services are treated thoroughly. is dedicatedto practical web security, from wire-level security through users/roles security up to WS-Security.
Web Service APIs and Publication Options
In the first edition, the JAX-WS APIs and their Metro implementation were dominant. In this edition, the two are importantbut less dominant. For REST-style services, the book has examples based on the following APIs:
HttpServlet
The HttpServlet
is well designed for REST-style servicesbecause the API is so close to the HTTP metal. Servlet instances encapsulate callbacks such as doPost
, doGet
, doPut
,and doDelete
, which cover the familiar CRUD operations: create (POST), read (GET), update (PUT), and delete (DELETE). There are symbolic versions of HTTP status codes to signal the outcome of an HTTP request, support forMIME types, utilities to access HTTP headers and bodies, and so on. JSP and other Java-based scripts execute asservlet instances and, therefore, fall under the servlet umbrella.The HttpServlet
is grizzled buthardly obsolete. Servlets are still an excellent way to deliver REST-style services. JAX-RS This is a relatively recent and increasingly popular API for delivering REST-style services. The API centerson annotations such as @GET
and @POST
to route HTTP requests to particular Java methods. There is likewise aconvenient @Path
annotation to identify the particular resource targeted in a request. JAX-RS can be configured toautomatically generate XML and JSON responses. This API, like the Restlet API described next, has acontemporary look and feel. At the implementation level, JAX-RS represents a layering atop servlets. The same optionsfor publishing servlet-based services are available for their JAX-RS cousins. Restlet This API is similar in style to JAX-RS, although the claim is likely to upset proponents of both. TheRestlet API also centers on annotations for routing HTTP requests to designated Java methods and forgenerating payloads. Restlet encourages interplay with other APIs. It is possible, for example, touse JAX-RS annotations in a Restlet-based service. Restlet offers an easy-to-use publisher for development andtesting. Restlet services, like their JAX-RS counterparts, represent an implementation level on top of servlets.Programmers should be able to move easily between the JAX-RS and Restlet APIs. JAX-WS