Web Server Design Week 15 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein 4/21/10
Representational State Transfer HTTP is an implementation of REST – REST is best understood in contrast to Remote Procedure Call (RPC) style interfaces like SOAP – – The simplest explanation is RESTful URIs are nouns, and RPC URIs are verbs –it is not true that REST URIs do not have arguments / query strings Philosophies: –RPC: HTTP is just a transport protocol to tunnel an application-specific protocol; other protocols (e.g., SMTP or future protocols) can be used too –REST (HTTP implementation): HTTP already has basic mechanisms for almost anything you need and will be around forever. Embrace it in your system design.
All You Need is CRUD… OperationSQLHTTP CreateInsertPOST, PUT Read/RetrieveSelectGET Update PUT Delete/DestroyDeleteDELETE
Example Design (one for each user - where {user} is either the user name or the user id) (one for each location - where {location} is the location name or the location id) RPC: REST: adapted from:
Amazon S3 “Simple Storage Service” – –part of a family of Amazon Web Services (AWS), including “Elastic Compute Cloud (EC2)” and “Simple Queueing Service (SQS)” Premise: –cheap, remote storage service accessible via http –no initial fee, no maintenance fee –$0.15 per GB/month storage (first 50TB) –$0.10 per GB transferred –private/public X read/write access available
Core Concepts Registration: –AWS access key ID semantic free name space for your account –Secret access key used to authenticate to AWS Bucket –namespace for referencing your objects; must be globally unique –you can have buckets per AWS access key –buckets hold 0 or more objects Object –files (placed in buckets); up to 5GB in a single object –“key” is the identifier for the object placed in a bucket
Access Points SOAP and REST interfaces provided 3 different URLs for REST access: – – – Where: –bucket = your namespace –key = identifier of the object in the bucket For more info: –
Examples: These are the same (& real): These would be the same (but not real):
Authenticating to AWS Can authenticate to AWS via: –“Authorization” HTTP header using the AWS authentication scheme cf. “Basic” & “Digest in RFC-2616 –URL arguments 01/RESTAuthentication.htmlhttp://docs.amazonwebservices.com/AmazonS3/ /RESTAuthentication.html HMAC: Keyed-Hashing for Message Authentication –RFC-2104:
Authentication Header Example Authorization: AWS AWSAccessKeyId:Signature Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature; Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( YourSecretAccessKeyID, StringToSign ) ) ); StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedAmzHeaders + CanonicalizedResource; CanonicalizedResource = ….
A Tour of the REST API for S3 nS3/ /RESTAPI.htmlhttp://docs.amazonwebservices.com/Amazo nS3/ /RESTAPI.html
Create a Bucket # create bucket request PUT /[bucket-name] HTTP/1.0 Date: Wed, 08 Mar :06:15 GMT Authorization: AWS [aws-access-key-id]:[header-signature] Host: s3.amazonaws.com # create bucket response HTTP/ OK x-amz-id-2: VjzdTviQorQtSjcgLshzCZSzN+7CnewvHA+6sNxR3VRcUPyO5fm… x-amz-request-id: 91A8CC60F9FC49E7 Date: Wed, 08 Mar :06:15 GMT Location: /[bucket-name] Content-Length: 0 Connection: keep-alive Server: AmazonS3
Write an Object # put object request PUT /[bucket-name]/[key-name] HTTP/1.0 Date: Wed, 08 Mar :06:16 GMT Authorization: AWS [aws-access-key-id]:[header-signature] Host: s3.amazonaws.com Content-Length: 14 x-amz-meta-title: my title Content-Type: text/plain this is a test # put object response HTTP/ OK x-amz-id-2: wc15E1LUrjDZhNtT4QZtsbtadnOMKGjw5QTxkRDVO1owwbA6Y… x-amz-request-id: 7487CD42C5CA7524 Date: Wed, 08 Mar :06:16 GMT ETag: "54b0c58c7ce9f2a8b ee0938" Content-Length: 0 Connection: keep-alive Server: AmazonS3
GData: Atom + REST queries.htmlhttp://code.google.com/apis/base/docs/2.0/attrs- queries.html