I have a Java Restful application that uses Jersey for the APIs implementation and that uses Spring for DI. I'm now trying to integrate HDIV for security.
However the official documentation has examples for the integration with Spring MVC, but not Restful Jersey applications.
Documentation here:
https://hdivsecurity.com/technical-documentation/doc.html
I read online that it's possible to integrate HDIV with REST, but I cannot exactly figure out how this is done, as I cannot find examples.
Does anyone know how this is done?
As you said Hdiv can be integrated with REST APIs, particularly RESTFul APIs that implements the whole REST specification, including Hypermedia or HATEOAS level (level 3 within Richarson model)
This REST support is included inside Hdiv Enterprise edition and that's why is not included in the link related to the technical documentation provided by you. The security level offered in that integration is exactly the same that we have been offering till now for server side MVC applications. It means that Hdiv can automate the protection against OWASP top 10 web risks in REST based applications .
Regarding JAX-RS support it can be possible if you are using the new hypermedia support included within JAX-RS 2/Java EE 7.
If you need more detail about the Hdiv support for RESTFul APIs you can review the slides presented in the last Spring I/O conference.
If you want to test within your project this support please contact using Hdiv support web form within hdivsecurity.com web site.
Regards,
Roberto Velasco
Related
I am new to web services and below I am sharing my understanding so far by reading on net:
Apache Axis and Apache CXF - are web services frameworks used to develop Java web services.
JAX-RS - Java API to develop Restful web services.
JAX-WS - Java API to develop SOAP web services.
Is the above correct? Or if you want to add something to it.
In my project, I am going to use web services with Spring framework.I am told that project will have both SOAP and RESTful web services.I am very much new to this.
Can somebody please guide me in this regard by sharing some valuable information or any good link which will make me understand better?
Your statements are correct, but it's not clear whether you've understood one crucial fact: CXF and Axis are both implementations of the JAX-WS standard. CXF additionally implements JAX-RS, and there are some libraries that only implement JAX-RS, such as Jersey (Oracle's reference implementation) and RESTEasy from JBoss.
For your project, the big question is whether you will only consume those webservices, or also publish them. If you need to publish a webservice, you'll have to include the entire implementation library and learn to use it. If you only consume the services, you'll just need some generated client and data binding classes.
Another question is whether your RESTful services will talk XML or JSON (SOAP always uses XML), as you'll need a parser or binding framework for JSON (JAX-B for XML is included in recent JDKs).
Can anyone recommend a Java Security Framework that supports authentication with OAuth and OAuth so that we can offer integration with the likes of Google/Twitter/Facebook etc. as well as other security features such as cryptography, password reset, security questions etc. I've looked at Apache Shiro which looks good but doesn't seem to have the Social side of things covered. I've also investigated Spring Security which seems to cover as lot of areas but I'm not sure whether you need to be using Spring MVC to use this (we're using Wicket + Spring for the service layer).
Any recommendations appreciated.
Spring Security covers all the areas you need (the social stuff is called Spring Social, you can have a look at it).
Also no you don't need to be using Spring MVC. Any web framework can use Spring Security.
Check Oracle Fusion Middleware (Oracle ADF 11g.)
I am in the process of writing a JSON based web service. The service will accept two types of requests: commands (e.g. createOrder) and queries (e.g. getOrders). Each request needs to send user credentials (username/password) for authentication (perhaps in HTTP headers). The service needs to be implemented in Java.
Which frameworks would you recommend for this use case? The very basic stack that I am thinking of is servlets backed by a JSON framework like Jackson. Are they any other frameworks that you would recommend and why? There is no need or desire to make the service RESTful, however smooth integration with Java EE 6 or Spring would be a plus.
Thanks in advance for your time.
Can I then interest you in RESTful Web Services (which is a JAX-RS API)? A library that implements JAX-RS is Jersey, Apache CXF, which is suited to allow JSON Web Service.
A related StackOverflow Post which shows REST clients that conforms to JAX-RS.
You should take a look at spring mvc and read this blog post which cover using spring mvc for restful WS.
Play! Framework would definitely fit your bill. It is not servlet-based but fulfills all of your requirements. Plus development with Play is very fast, you can get a prototype up and running in no time.
I personally use Apache CXF, with JAX-RS and jackson libraries. They are easy to implement and integration is dead easy. JAX-RS is a java standard, Jackson library is fast and handles circular references and Apache CXF needs only a couple of lines of configuration to setup and start running. Go for it!
An Open-Source Services Framework From Apache
-CXF has been designed to provide a pluggable architecture that supports not only XML but also non-XML type bindings, such as JSON and CORBA, in combination with any type of transport.
-Java EE integration: deploy services in Java EE application servers such as Apache Geronimo, JOnAS, Redhat JBoss, OC4J, Oracle WebLogic, and IBM WebSphere
-Standalone Java client/server
I'm researching how best to create a Restful web service on Google app engine. My end goal is to have an Android application call a web service on GAE to post and get data. At this point I not sure what the best approach is.
What I know at this point is Spring MVC 3 provide the ability to create web service but it does not provide a full implementation of JAX-RS. I also have read a few blog that talk about how Spring and Restlet can be integrated together. On the other side I have read that I could only use Restlet in GAE. I would also like provide a light web interface for users to view their posted data
So my questions are the following.
1. Should I just use Restlet.
2. Should I just use Spring MVC to provide my Restful web service.
3. Should I use Spring and Restlet together.
At this point I think I should invest my time in Restlet because that seems to be the best approach for calling web services in Android. I'm also debating if Spring MVC is just over kill.
Any thoughts would be helpful.
Have a look at the following similar questions:
Easiest frameworks to implement Java REST web services and Can anyone recommend a Java web framework that is based on MVC and supports REST?
I recently set up RESTlet on GAE and it was an absolute breeze! There are docs outlining the procedure on the RESTlet website and I was up and running RESTlet on GAE using the Google datastore within two hours.
The major downside is that performance of the Google data store for low volume apps is atrocious. Timeouts are not uncommon. (Google mandates a maximum 30 second request time and your app can easily take up half of that in coming out of hibernation if it hasn't been accessed recently)
Right now I am building another RESTful app and chose to go the Spring 3 MVC / Hibernate / MYSQL route. I am not new to Spring DI or MySQL, but I am new to Spring MVC and it is taking me days to work through all the issues I am encountering. I am disappointed in the quality of available documentation and I have not been able to find a reasonable and complete Spring 3 MVC RESTful CRUD tutorial anywhere. Argh.
I don't have experience with Restlet but Spring MVC 3.0 is quite powerful for building restful webservice AND webapps. So if you also plan for your service to be accessible through browsers then it is a great solution since your controllers can serve both apps and browsers.
Perhaps this is also possible with Restlet but I have not heard of its capabilities for building webapps.
Just beware that Spring has a high loading time. This means that you have to be careful to avoid slow responses from cold starts.
I have a requirement to create RESTful web service.
I have narrowed down on 'Restlet' for the web service implementation.
Can someone tell me the clear pro's and con's of using Restlet and if there are any better alternatives.
thanks in advance
Restlet has an extensive list of extensions for Spring, WADL, XML, JSON as well and many more, including an extension for JAX-RS API.
It is also the sole framework available in six consistent editions:
Java SE
Java EE
Google Web Toolkit
Google AppEngine
Android
OSGi Environments
Its main benefits are:
fully symmetric client and server API when JAX-RS was designed for server-side processing
connectors for other protocols than HTTP (mapping to HTTP semantics) when JAX-RS is HTTP only
much broader feature scope including full URI routing control via the Restlet API (but can integrate with Servlet if needed)
full provision for NIO support
The JAX-RS API can be a good choice if you are restricted to JCP approved APIs (then don't use Spring or any extension of the JAX-RS projects like Jersey and RESTeasy!), but otherwise Restlet is the most mature framework (initially released in 2005) and will give you, in its 2.0 version, all the benefits of annotations combined with a powerful and extensible class-oriented framework.
For a longer list of features, please check this page.
Best regards,
Jerome Louvel
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
For a comparison of JAX-RS frameworks see JAX-RS Frameworks
Jersey API can be used to implement RESTful Web services.
http://jersey.java.net/
Other than RESTful Web services, Jersey also provide many other features.
Some more useful links regarding available REST frameworks and their comparisons:
A Comparison of JAX-RS Implementations
rest-introduction
tilkov-rest-doubts
Rest anti-patterns
JAX-RS Vendor Comparisons - Part I
Apache Cocoon is a very good solution to implementing a RESTfull Web Services.