Our Java Spring application receives header information in request calls, such as Authorization information. What would be the best way in Spring to ensure that the header information is passed on in all sub-sequent outward http calls?
Related
I'm writing a JAX-RS 2.0 client to send RESTful requests and process the returned responses. To aid in debugging, I would like to log the actual HTTP request sent to the server and the HTTP response returned from the server. Is there a way to do this using the JAX-RS 2.0 API (without depending on specific implementation classes)?
I've looked at JAX-RS 2.0 filtering (see "How to log request body in JAX-RS client"); however the ClientResponseFilter and ClientResponseContext Interfaces are higher level abstractions and don't give access to the actual HTTP request and response sent over the socket connection. I even briefly looked at JAX-WS logging (see Log jax-ws http request and response), but this seems to offer server logging rather than client logging.
I am coming from servlet/web application world and started learning web services(SOAP based). I have gone through some of the webservice
tutorials. I am trying to draw the parallel between normal http request and webservice request. Here are my observations ;-
1)Both are HTTP request. Webservice is a also post request which contains soap envelope as request body. Soap envelope
is just a normal xml which contains the data
2)java Stub internally marshal the XML , creates HTTP request and send it to consumer
3)Servlet at consumer side intercpets that request and unrmashal it to java object and send it to corresponding service.
Is my observation correct ? I know there may be other complexities but i tried to put the comparison in simple manner.
Your assumptions are generally correct. Yet, the subtelties can lead to huge differences.
Claim 1 : both are HTTP.
SOAP is generally used with an HTTP "binding". Yet it does not have to be that way. SOAP is designed to be fairly transport agnostic. It is not uncommon to have SOAP being used over JMS (although one might consider this an overuse of JMS, and an over architected protocol), it is certainly in production in many places. Rarely seen are SOAP/SMTP or SOAP/TCP without HTTP, but these exist too.
Webservice is a also post request which contains soap envelope as request body
A SOAP call over HTTP is a POST request. It may not be of content-type xml, though, as some variants such as SwA (SOAP with attachments) or XOP+MTOM variants may produce HTTP payloads that are MIME/Multipart (the first part of which is the SOAP Enveloppe in its pure XML form).
This use cas is most common when on is to send large binary content over a SOAP Call, and for which binary encoding may add a large weight to the request (base64 is a 1.3x factor in weight).
java Stub internally marshal the XML, creates HTTP request and send it to consumer
That is the usual way it is done, Axis framework and JAXWS frameworks work primarily this way.
The older SAAJ API, a standard EE API, requires you to build your SOAP Message by hand, using the DOM APIs, (see SOAPMessageFactory), and then send it.
If you look at Spring WS, you'll have something close to your claim, but where each part is fairly exposed and in your control (you may elect to build certain calls with a DOM Api, others by using JAXB marshalling, ...).
3)Servlet at consumer side intercpets that request and unrmashal it to java object and send it to corresponding service
Again, this is how things generaly work. But you can also have an implementation that works outside a servlet container. (See Endpoint Service API in JAX WS).
Your assumptions are right:-
Yes, Servlet request and Web service request both are normal HTTP request and yes, SOAP web service internally use HTTP POST.
Yes,java internally marshal the XML. Also, at client end one java web service client(may be a wrapped in servlet) un-marshal it. A SOAP message or SOAP type web service has many characteristics like:-
SOAP message mostly send data using XML format. XMLs are technology independent. So, SOAP can interact with two heterogeneous web applications built in two separate technologies and exchange data using XML.
SOAP web services send XML using HTTP protocol. Data are sent wrapped in an XML using the payload of HTTP.
SOAP web services can be secured. For an example, all the payment related transactions using credit card and bank info are done using secured SOAP web services.
A SOAP web service accepts XML in request and returns XML in response. In case of errors this return XMLs can also contain SOAP faults. SOAP faults contain the description of error and an error code.
Web services can carry attachment document also like PDF, Word etc. with its XML payload. Java provides separate API for this type of web services. There is an API available in java called SAAJ to accomplish this.
I think that you can find a very good response in this blog post by Ben Klopfer.
Mainly the difference between XML/SOAP vs HTTP/REST is that the former is most response verbose while the latter is lighter.
But this is not the only aspect you have to take into account.
REST represents the state of the resource and is a little bit easier to use and to understand, and always remember that it comes afterwards compared to SOAP.
In addition SOAP it is not limited to using HTTP/HTTPS, but can be also used with other transports like SMTP, JMS, etc.
Resuming the post reminds you:
Use SOAP when:
All you need is simple operations, like read only methods
Implementing a one-way or one-object service for something like data exchange or transfer
You want finer control over the specific transport of data, or can’t always use HTTP
Rigid specifications need to be enforced on incoming requests, and you want to minimize additional documentation needed for use
You can rely on client ability to parse XML, or more preferably SOAP itself
You need built-in error handling when things go wrong with requests
Use REST when:
Operations are complex, like create/read/update/delete on objects
Implementing a multi-faceted service for a variety of different objects
You want to easily and quickly target a variety of consumer end user devices as clients
Requests are generally stateless, like call and response compared to a conversation
Your clients may have limited bandwidth or processing power
You can leave it up to the client to get their requests correct and to deal with problems
I want to intercept/sniff incoming HTTP request and filter/modify their contents (before they reach the application).
"Fiddler" seems to have this functionality, but for the sake of integration and portability I would rather have some library in Java/C to do this. Like JPCAP, for example. It intercepts IP packets, but, as stated, I need to intercept the -higher level- HTTP requests.
Furthermore, how can SSL encrypted (HTTPS) requests be read/modified in the same way?
Thanks in advance.
Have you tried Servlet Filters?
They wrap the HTTP request and so can modify the request before it gets to the servlet, and can modify the response as well. They can (and are) used to wrap third-party servlets and JSPs.
Because they are in the servlet container, you have secure, unencrypted access to both the request and response.
If I have some APIs using SOAP, how do I know if the methods requires a GET, POST or other?
Also, What are the consequence (not even sure it would work) if I use a GET for a SOAP web service requiring a POST? or vice-versa?
Thanks, I'm still trying to get a good understanding on how to consume web services. I got some working with simple API's, but really having problem using a web service that returns is used to download files. Thanks again.
HTTP GET requests generally do not have a content part which how the SOAP message is transmitted to the server. This is why POST is used.
Specifically from RFC 2616 Section 4.3. Emphasis mine.
A message-body MUST NOT be included in a request if the specification
of the request method (section 5.1.1) does not allow sending an
entity-body in requests. A server SHOULD read and forward a
message-body on any request; if the request method does not include
defined semantics for an entity-body, then the message-body SHOULD be
ignored when handling the request.
EDIT:
As of SOAP 1.2 it is possible to use HTTP GET method and get a SOAP response back. I recommend reading the SOAP 1.2 primer Section 4.1 for details about which HTTP methods are appropriate in what situations.
can anyone tell me. What exactly is Ajax request? Is it different from Servlet Request?
An Ajax call is an asynchronous request initiated by the browser that does not directly result in a page transition. A servlet request is a Java-specifc term (servlets are a Java specification) for servicing an HTTP request that could get a simple GET or POST (etc) or an Ajax request.
An Ajax ("Asynchronous Javascript and XML") request is sometimes called an XHR request ("XmlHttpRequest"), which is the name most browsers give the object used to send an Ajax request, because at least initially Ajax calls involved the sending and receiving of XML but now it's just as common to send/receive JSON, plain text or HTML.
A good example of an Ajax request is the comment system on Stackoverflow. You can enter a comment in the textbox and click submit. It doesn't submit the whole page (like a traditional HTML form submission would, which translates into usually a POST but sometimes a GET HTTP request). Instead the browser will send probably a POST request via XHR to the server and be notified of the response (hence "asynchronous"). But the server typically can't distinguish between an Ajax request or a page transition because both simply come down to HTTP requests.
Ajax, or Asynchronous JavaScript and XML, is an approach to Web application development that uses client-side scripting to exchange data with the Web server. As a result, Web pages are dynamically updated without a full page refresh interrupting the interaction flow.
With Ajax, you can create richer, more dynamic Web application user interfaces.i.e. client side.
On the other hand servlet requests are on server side to handle request sent from the UI.
When the visitor requests a page, the server will send the full HTML and CSS code at once. After the visitor fills in a form and submits it, the server processes the information( Servlet Request object provides client request information to a servlet. The servlet container creates a ServletRequest object and passes it as an argument to the servlet's service method) and rebuilds the page. It then sends the full page back to the client. And so on.
When using AJAX, the page is loaded entirely only once, the first time it is requested. Besides the HTML and CSS code that make up the page, some JavaScript files are also downloaded: the AJAX engine. All requests for data to the sever will then be sent as JavaScript calls to this engine. The AJAX engine then requests information from the web server asynchronously ( servlet request object contains request parameters,which have got changed). Thus, only small page bits are requested and sent to the browser, as they are needed by the user. The engine then displays the information without reloading the entire page. This leads to a much more responsive interface, because only the necessary information is passed between the client and server, not the whole page.
For more info on ajax implementation we can refer http://www.ibm.com/developerworks/library/j-ajax1/
The problem is that, like so many terms used in IT1 there is no clear definition of either an "AJAX request" or a "Servlet request". The best I can come up with is the following:
AJAX is short for "Asynchronous Javascript and XML", but these days the term is stretched to include JSON or YAML as well as XML. The key idea is that logic embedded in the web page (in Javascript) makes asynchronous HTTP requests back to the "home" server to request more information, rather than triggering a refresh of the entire webpage.
An AJAX request is a request made by an AJAX application. Typically, it is an HTTP request made by (browser-resident) Javascript that uses XML to encode the request data and/or response data. The standard way of making an AJAX request in Javascript is to use an XmlHttpRequest object, but that is an implementation detail ... not fundamental to the definition of AJAX.
A Servlet request is a request made to a Servlet. In theory it need not even be an HTTP request, since Servlet technology is (in theory) designed to work over other protocols as well. To my mind, this is not a particularly useful term.
So ... an AJAX request can be a Servlet request or not, and a Servlet request can be an AJAX request or not.
It is worth pointing out that there is a Java interface called ServletRequest that forms part of the J2EE APIs. This interface is a type of the object that is used to pass details of a web request around in a J2EE-based web application container. So when you see someone use the term "Servlet request" they may actually be talking about a ServletRequest instance.
1 - Actually, this is no different from any other natural language. Words and phrases gain meaning depending on how people use them, not based on any definition you may find in a dictionary. The dictionary "definition" tends to arrive years or decades after a word or phrase comes into common usage, and it gives a meaning based how the word is (or was) used, rather than being a specification of a meaning.
Ajax is not a programming language or a tool, but a concept. Ajax is a client-side script that communicates to and from a server/database without the need for a postback or a complete page refresh
An AJAX request is made (using Javascript) from the client, while a servlet request is made (using, I suppose, Java) from the server.
I suggest you look it up on Wikipedia or some other place.
Ajax requests are calls to the web server. It is up to you how you want to handle it. Servlet is definitely one way.