Upgrade to Pro — share decks privately, control downloads, hide ads and more …

DevNexus 2015 - Spring Data REST: Data Meets Hypermedia

DevNexus 2015 - Spring Data REST: Data Meets Hypermedia

Is an application without links really solved by an out-of-band document? Find out how Spring Data REST makes it simpler than ever to create RESTful endpoints driven by hypermedia. Also discover how to lock down your app, web page and REST endpoints, using Spring Security.

43e9a9d63f7f4f9891c9fcd592b89cfa?s=128

Greg Turnquist

March 11, 2015
Tweet

Transcript

  1. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Data REST: Data Meets Hypermedia
  2. None
  3. Greg Turnquist @gregturn gturnquist@pivotal.io github.com/gregturn Roy Clarkson @royclarkson rclarkson@pivotal.io github.com/royclarkson

  4. Recognize this?

  5. Recognize this? Is something missing?

  6. Recognize this? How about this?

  7. Recognize this? How about this?

  8. Is the answer…

  9. …this?

  10. “I am getting frustrated by the number of people calling

    any HTTP-based interface a REST API. Today’s example is the SocialSite REST API. That is RPC. It screams RPC…” –Roy Fielding http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven
  11. –Roy Fielding http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven “…What needs to be done to make

    the REST architectural style clear on the notion that hypertext is a constraint? In other words, if the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST API. Period. Is there some broken manual somewhere that needs to be fixed?”
  12. Spring Data REST DEMO

  13. SQL GET /api

  14. SQL GET /api

  15. SQL GET /api Spring HATEOAS Spring Security Spring Framework

  16. SQL GET /api Spring HATEOAS Spring Security Spring Framework Spring

    Data
  17. What is Spring Data REST? • Leverages HYPERMEDIA & Internet

    standards • HAL (draft) • ALPS (draft) • URI Templates (RFC 6570) • text/uri-list mediatype (RFC 2483) • profile link relation (RFC 6906)
  18. Item resource

  19. Item defined in Java

  20. Gallery resource

  21. Gallery defined in Java

  22. How to get <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-data-rest</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-data-jpa</artifactId>


    </dependency>
  23. –Greg Turnquist “It’s not real until it’s secured.”

  24. None
  25. –Rob Winch, Mr. Spring Security “Do not implement security on

    your own.”
  26. Use HTTPS

  27. Authentication

  28. Authorization

  29. Attack Vectors • XSS - Cross-Site Scripting • CSRF -

    Cross Site Request Forgery • clickjacking - User Interface redress attack • HSTS - HTTP Strict Transport Security
  30. Spring Security

  31. Security for images

  32. Security for users

  33. Security for users

  34. Tailoring data with projections

  35. Tailoring data with projections

  36. How to get <dependency>
 <groupId>org.springframework.boot</groupId>
 <artifactId>spring-boot-starter-security</artifactId>
 </dependency>
 <dependency>
 <groupId>org.springframework.security.oauth</groupId>
 <artifactId>spring-security-oauth2</artifactId>


    <version>2.0.6.RELEASE</version>
 </dependency>
  37. Spring Data REST DEMO

  38. Links • github.com/gregturn/spring-a-gram • https://github.com/royclarkson/spring-rest-service-oauth • twitter.com/springcentral • spring.io •

    spring.io/guides • spring.io/video • spring.io/questions
  39. Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software,

    Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Data REST: Data Meets Hypermedia