REST support for B2B access to your AppServer PUG Challenge Americas - 2014 Michael Jacobs : Senior Software Architect Edsel Garcia : Principal Software.

Slides:



Advertisements
Similar presentations
Server Access The REST of the Story David Cleary
Advertisements

WSUS Presented by: Nada Abdullah Ahmed.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
 The IP address and port combination at which the NetScaler appliance receives client requests for the associated web application.  A public endpoint.
Scale Up Access to your 4GL Application using Web Services
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
1 of 3 Open Outlook On the Tools menu, click Account Settings. 1 Enable Outlook Anywhere 2 Click your Microsoft Exchange account, and then click.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Care and Feeding of the Pacific Application Server for OpenEdge in Production David Cleary Principal Software Engineer Progress Software.
06 | Implementing Web APIs Jon Galloway | Tech Evangelist Christopher Harrison | Head Geek.
REST assured A generic approach to REST EMEA PUG Challenge, Bronco Oostermeyer.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
Installing and Maintaining ISA Server. Planning an ISA Server Deployment Understand the current network infrastructure Review company security policies.
Authenticating REST/Mobile clients using LDAP and OERealm
Deploying Dynamics Applications Thomas Hansen – Director, appSolutions a|s
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
A New Object Model for WebSpeed and HTTP
Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
TAM STE Series 2008 © 2008 IBM Corporation WebSEAL SSO, Session 108/2008 TAM STE Series WebSEAL SSO, Session 1 Presented by: Andrew Quap.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
DONE-10: Adminserver Survival Tips Brian Bowman Product Manager, Data Management Group.
Building Data Driven Applications Using WinRT and XAML Sergey Barskiy, Magenic Microsoft MVP – Data Platform Principal Consultant Level: Intermediate.
MCSE Guide to Microsoft Exchange Server 2003 Administration Chapter Four Configuring Outlook and Outlook Web Access.
Developing Workflows with SharePoint Designer David Coe Application Development Consultant Microsoft Corporation.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.
Section 1: Introducing Group Policy What Is Group Policy? Group Policy Scenarios New Group Policy Features Introduced with Windows Server 2008 and Windows.
Extending ArcGIS for Server
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Tom Castiglia Hershey Technologies
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.
DEV-5: Introduction to WebSpeed ® Stephen Ferguson Sr. Training Program Manager.
Enabling High-Quality Printing in Web Applications
Module 2: Installing and Maintaining ISA Server. Overview Installing ISA Server 2004 Choosing ISA Server Clients Installing and Configuring Firewall Clients.
DEV339 Best Practices for Debugging Visual Studio.NET Applications Keith Pleas Architect, Guided Design
Module 11: Implementing ISA Server 2004 Enterprise Edition.
DEV-09: User Authentication in an OpenEdge™ 10.1 Distributed Computing Environment Michael Jacobs Development Architect.
SOA-14: Deploying your SOA Application David Cleary Principal Software Engineer.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
® IBM Software Group © 2007 IBM Corporation Best Practices for Session Management
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
1 Web Services Web and Database Management System.
Module 7: Advanced Application and Web Filtering.
INT-9: Implementing ESB Processes with OpenEdge ® and Sonic ™ David Cleary Principal Software Engineer.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
A New Object Model for WebSpeed and HTTP
ICM – API Server & Forms Gary Ratcliffe.
RESTful Web Services What is RESTful?
Web Technologies Lecture 10 Web services. From W3C – A software system designed to support interoperable machine-to-machine interaction over a network.
DEV-17: Effective Design and Deployment of OpenEdge® Audit Policies Michael Jacobs Development Architect.
Module 6: Administering Reporting Services. Overview Server Administration Performance and Reliability Monitoring Database Administration Security Administration.
This material is based upon work supported by the U.S. Department of Energy Office of Science under Cooperative Agreement DE-SC Michigan State.
Google Code Libraries Dima Ionut Daniel. Contents What is Google Code? LDAPBeans Object-ldap-mapping Ldap-ODM Bug4j jOOR Rapa jongo Conclusion Bibliography.
1 A Look at the Application Authorized users can access Communicator! NXT from any Internet-capable computer via the Web.
Edsel Garcia Shelley Chase Fantastic Web Apps in 11.6 WebSpeed in the Pacific AppServer for OpenEdge.
CS3220 Web and Internet Programming RESTful Web Service
Integrating ArcSight with Enterprise Ticketing Systems
562: Power of Single Sign-On in OpenEdge
Integrating ArcSight with Enterprise Ticketing Systems
Lesson # 9 HP UCMDB 8.0 Essentials
VIRTUAL HOSTING FEATURES IN GLASSFISH
Node.js Express Web Applications
Data Virtualization Tutorial… CORS and CIS
Securing the Network Perimeter with ISA 2004
NSE4-5.4 Dumps
Testing REST IPA using POSTMAN
WEB API.
Webscarab, an introduction.
Configuring Internet-related services
Chengyu Sun California State University, Los Angeles
Presentation transcript:

REST support for B2B access to your AppServer PUG Challenge Americas Michael Jacobs : Senior Software Architect Edsel Garcia : Principal Software Engineer

© 2014 Progress Software Corporation. All rights reserved. 2 OpenEdge [Rollbase] Mobile

© 2014 Progress Software Corporation. All rights reserved. 3 OpenEdge REST

© 2014 Progress Software Corporation. All rights reserved. 4 Agenda  REST is the hardest easy thing I’ve done  Using the tools  Moving to Deployment  When things go sideways

© 2014 Progress Software Corporation. All rights reserved. 5 REST is the hardest easy thing I’ve done

© 2014 Progress Software Corporation. All rights reserved. 6 When REST Can Be The Right Choice When…  Converting existing SOAP services to REST  Need to call a pre-11.2 AppServer  The AppServer requires access to HTTP request headers, cookies, & URL fields  The REST client requires control over HTTP response headers, and cookies  You need to support ANY type of HTTP compliant client (not limited to JavaScript)

© 2014 Progress Software Corporation. All rights reserved. 7 REST is Easy  Client simply uses standard HTTP messages, responses, verbs, etc  Uses standard web servers – so no firewall issues  The REST service is just a web app and can be written in any number of languages  Use any HTTP 1.1 enabled client  Each REST resource is an object that has data and actions  Each REST resource is identified using the triplicate: URL, verb, & media type  There are NO rules

© 2014 Progress Software Corporation. All rights reserved. 8 Developing a RESTful Client API is HARD…  There are no rules No formal API contact for client developer to use –What is the list of supported REST resources? –What verbs and media type is supported for each resource? –What variable parameter(s) go where in the HTTP messages and responses?  A starting point may be to think of CRUD operations and supporting functions  Follow the same requirements as you use for your application Multiple simultaneous Versions Extensibility Intuitively organized sets of objects and related operations ( i.e. REST services ) Deploy as incrementally added web application(s) and REST service(s) Secure (when it needs to be)

© 2014 Progress Software Corporation. All rights reserved. 9 REST to/from AppServer RPC

© 2014 Progress Software Corporation. All rights reserved. 10 A Good RESTful API Design is Essential  Choose between one monolithic REST service versus multiple REST services Divide API [URL] space into web applications hosting related REST services (example: application administration services versus application data services) Each REST service’s URL path is a hierarchy of related resources Each resource’s URL path can have one or more instance qualifiers Each resource’s URL path has one or more [action] verbs ( & media type)

© 2014 Progress Software Corporation. All rights reserved. 11  Each deployed (OpenEdge REST) web application has A web application name One or more REST services A security configuration ( user authentication and [URL] authorization ) A connection to ONE State-free model AppServer [service]  Example ( for OpenEdge REST web application ): RESTful Web Application Design deployment site defined part OE defined part

© 2014 Progress Software Corporation. All rights reserved. 12 RESTful Service and URL Design  What is a REST Service Has a service-name that appears in the URL A service-name contains one or more REST resources Each resource has a unique URL path within the service Each resource URL path can have –Optional input parameters and/or options  Example / developer designed part You are here…

© 2014 Progress Software Corporation. All rights reserved. 13 You Choose What GOES Where  Resource URL path  Resource URL options  Resource URL query  HTTP request verb  HTTP request/response header  HTTP request/response Cookie  HTTP request/response Body [tunneled RPC parameters]  OO/procedure object path  OO/procedure run-time model {external | singleton | single-run}  Object internal procedure/method  Procedure/method Input parameters  Procedure/method parameters HTTP to/from AppServer mapping file (.paar) HTTP message/response AppServer service-interface / business-entity PDSOE generated Developer generated

© 2014 Progress Software Corporation. All rights reserved. 14  A web server has a max number of web applications before memory is exhausted  The more web applications – the longer to start the server  Deleting Mobile/REST web application does not necessarily recover memory  Low memory symptoms: hung requests, does not start, process crash, no errors logged  Tips: Tip: fewer web applications –Combine Mobile App & Service in a single WAR using PDSOE Export… –Combine multiple REST services into a single WAR using PDSOE Export… Tip: turn off PDSOE auto-publish Tip: restart web server periodically after n publishes Tomcat Reality

© 2014 Progress Software Corporation. All rights reserved. 15 Tuning REST Service Security  Edit the REST service’s security defaults in PDSOE  Spring Security always performs an Authentication process [ even for anonymous ] Authorization process [ even for anonymous ]  Do not run production systems with the anonymous security model  Recommendation: unit test with at least one restricted access security policy to verify your clients handle error conditions  The Spring Security authorization uses roles [ format: ROLE_ ] Roles name are obtained from where the user accounts are authenticated Tip: group all of your public access information into one REST service Tip: the REST urls access controls are evaluated in the order found in the appSecurity file Tip: put the exception cases first, and general cases later Tip: DO NOT REMOVE THE DENY ALL FOUND AT THE END

© 2014 Progress Software Corporation. All rights reserved. 16 Using the tools

© 2014 Progress Software Corporation. All rights reserved. 17 Developing REST Services using PDSOE 1.Design the RESTful API’s web services and resource URL space 2.Design URLs and verbs and map them to AppServer OO classes 1 /procedures 3.Design the HTTP message and response for each URL & verb combination a.Is the HTTP body a single data object or multiple RPC parameters? 4.Create OO classes/procedures in PDSOE project 5.Turn class/procedure into a ‘service interface’ 6.Create REST service in PDSOE project 7.Use PDSOE’s mapper utility to map REST requests to OO class/procedure 8.Configure AppServer connection, logging, and web application security 9.Publish (Export) for development debugging

© 2014 Progress Software Corporation. All rights reserved. 18 Special Considerations for 10.2B& 11.1  Cannot use dataset/temp-table as parameters (no automatic JSON export/import) Can send/receive JSON or XML as Character parameter  Cannot use Singleton Classes in AppServer Can use remote, Single-Run, Singleton procedures  No AppServer SSO by REST service

© 2014 Progress Software Corporation. All rights reserved. 19 PDSOE Features Specific to REST Service Generation  REST, Mobile, or AppServer project  Service Interfaces  Business entities  Customizing security  Procedures, classes, and annotations  REST mapping tool  Publish for debug and testing (to built-in debug Tomcat version)  Export.war web applications for production deployment Proceed to Demo

© 2014 Progress Software Corporation. All rights reserved. 20 Moving to Production

© 2014 Progress Software Corporation. All rights reserved. 21 Moving Your REST Service to Deployment  Update and test the REST service’s security templates [ if needed ]  Set default logging and AppServer connection properties  Export unit tested REST service from PDSOE as a.war file  Use a production configured Tomcat web server  Use Tomcat tools to deploy your service’s war file [ under a different name ]  Configure the REST service’s AppServer connection Security [ appSecurity-xxxx.xml ] template in web.xml –User account server connection –Roles CORS module [ if accessed by JavaScript clients ] AppServer SSO  Enable and test access to your REST service

© 2014 Progress Software Corporation. All rights reserved. 22 When things go sideways

© 2014 Progress Software Corporation. All rights reserved. 23 Debug Guide  Tools A good proxy debug tool Turning on HTTP message tracking in the web application Web server logs Web application logs Web application logging configuration  Flow Ping the web application Get the RESTful API description Ping the AppServer Access the AppServer’s RESTful API

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.