Download presentation
Presentation is loading. Please wait.
1
By Loukik Purohit & Rohit Ghatol
Restful Web Services By Loukik Purohit & Rohit Ghatol
2
Web Service Browser Messages(xml/json ) Desktop CricInfo Mobile
3
Using Browser User Intervention Cab Booking Plane Booking
Hotel Booking Vacation Subsystem User Intervention
4
Automated Machines interacting with each other Cab Booking
Plane Booking SMS/ Hotel Booking Vacation Subsystem Machines interacting with each other
5
Rest in terms of Layman HR Accounts Admin
6
Organized structure To get address of user 1 , go to : \Organisation\Users\1\address
7
Same analogy applies to Web
Request to get all users Request to get user 1 Request to get address of user 1
8
Request-Response GET Response <users> <id>1</id>
<name>Loukik</address> <address>Pune</address> <skill>java</skill> </id> <id>2</id> <name>...</address> <address>…</address> <skill>…</skill> </users> GET Request GET /users/1 HTTP/1.1 Host: xyz.com Accept: application/xml
9
Request-Response POST Response
POST Request GET /users HTTP/1.1 Host: xyz.com Content Type: application/xml Accept: application/xml <users> <name>Rohit</address> <address>Pune</address> <skill>C++</skill> </id> </users> POST Response <result> <id>3</id> </result>
10
HTTP http://xyz.com/services/users HTTP Headers Method:PUT
Accept:application/xml Content-Type:application/xml HTTP Body <users> <name>Rohit</address> <address>Pune</address> <skill>C++</skill> </id> </users>
11
Four verbs for every noun
GET POST DELETE PUT
12
JSON Can Data be Represented in form of List and a Map?? Here’s JSON
var myObject = eval('(' + myJSONtext + ')');
13
JSON Parser
14
How JSON looks like Accessing json in javascript code
var result= { "users":[{ "id":"1", "name":"loukik", "address":"Pune", "skill":"java" }, { "id":"2", "name":"rohit", "skill":"C++“ } ] Accessing json in javascript code result.users[0].name=“loukik”
15
REST
16
Your Source to 3000+ Web Service APIs
Programmable Web Your Source to Web Service APIs
17
programmableweb.com
18
Implement Restful Webservice
Write a Servlet Implement doGet, doPost, doDelete Write business logic Create your Messages, that too JSON
19
JAX-RS To rescue Marrying to API EJB Servlet
Being POJO (Single) is Great! JAX-RS
20
JAX-RS JSR 311: JAX-RS More info at
21
JAXB-@XMLRootElement
JAX-RS Flow HTTP Request JSON POJO Model JAX-RS Servlet Business Logic HTTP Response POJO Model JSON
22
Spring REST Based on Spring MVC
23
Spring REST Negotiated view-based rendering HTTP message converters
24
Enunciate Enunciate Your Web service API Your Web service API
Full HTML documentation + Client-side libraries Enunciate
25
What does Enunciate do for me?
Java Doc C JAX-RS ObjC POJO Client SOAP Comm .Net GWT AMF Java Json What does Enunciate do for me?
26
Enunciate Enunciate is an engine for dramatically enhancing your Java Web service API. Enunciate is primarily a build-time tool. Develop your Web service API. Attach Enunciate to your build process.
27
Cross Site Scripting Single Origin Policy http://geochirp.com
maps.google.com Ajax Calls twitter.com
28
Single Origin Policy Imposed by Browser Ajax Restrictions
Accessing iFrame’s DOM ABC.com JavaScript Iframe XYZ.com
29
So How to do Mashups? Use Proxy http://geochirp.com/proxy
maps.google.com twitter.com
30
So How to do Mashups? Use JSONP http://geochirp.com maps.google.com
JSONP Call twitter.com JSONP Call
31
AJAX Call Not Allowed By Browser
What is JSONP? ABC.com ABC.com Static Script XYZ.com XYZ.com JS Including Scripts hosted on other domains is allowed AJAX Call Not Allowed By Browser
32
AJAX Call Not Allowed By Browser
What is JSONP? ABC.com ABC.com Dynamic Script XYZ.com XYZ.com JS Including Scripts hosted on other domains is allowed AJAX Call Not Allowed By Browser
33
JSONP Explained Single Origin Policy No Such Restriction
JSON JSONP { "id":"1", "name":"loukik", "address":"Pune", "skill":"java“ } myfunc({ "id":"1", "name":"loukik", "address":"Pune", "skill":"java“ }); Single Origin Policy No Such Restriction
34
JSONP Code Example
35
<html> <head> <script> function myfunc(data){ table
<html> <head> <script> function myfunc(data){ table.update(data); } </script> </head> <body> <table> <!-- employee table --> <tr><td>Name </td><td> Address </td><td> Role</td></tr> <tr><td>Rohit </td><td> Pune </td><td> Architect</td></tr> <tr><td>Loukik </td><td> Pune </td><td>Geek</td></tr> </table> <button id="add employee" >Add </button> <button id="next100" >NExt 100</button> <script src=" </body> </html>
36
XSS Attacker Hacked!!! ScrapBook WebSite User
<script> attack script</script> Login Hacked!!! ScrapBook WebSite User
38
How to do XSS? Server needs an XSS Vulnerability
What if I put an html with some JavaScript here? Server needs an XSS Vulnerability Say Dev uses div.innerHTML in code TextArea function postScrap(){ div.innerHTML = textarea.value; } Post DIV
39
How to do XSS? Server needs an XSS Vulnerability
Say Dev uses div.innerHTML in code <h1>Look at this cool image</h1> <img src=' + encodeURI(document.cookie)'> </img> function postScrap(){ div.innerHTML = textarea.value; }
40
XSRF Cross Site Request Forgery.
Unauthorized commands are transmitted from a user that the website trusts. Exploits the trust that a site has in a user's browser.
41
XSRF User ScrapBook WebSite Hacked!!! Attacker Login Opens Mail
Send Mail with Script ScrapBook WebSite Hacked!!! Attacker
42
How to do XSRF Is it Possible?
Browser holds your sessions What if I made you visit a page which uses your session to do hack? Is it Possible?
43
Aye Mate! How come I can use Google + and Facebook Like here?
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.