SpringOne 2015: Spring Data REST - Data Meets Hypermedia

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software,
Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ SPRINGONE2GX WASHINGTON, DC Spring Data Rest - Data Meets Hypermedia Greg Turnquist and Roy Clarkson

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 2

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Recognize This? 3

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 4

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Is the answer… 5

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ This? 6

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 7 “I am getting frustrated by the number of people calling any HTTP-based interface a REST API. Today’s example is the SocialSite REST API. That is RPC. It screams RPC…”

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 8 “…What needs to be done to make the REST architectural style clear on the notion that hypertext is a constraint? In other words, if the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST API. Period. Is there some broken manual somewhere that needs to be fixed?” - Roy Fielding http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Demo 1 - $1B Idea 9

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Projects • Spring Framework • Spring Boot • Spring Data • Spring HATEOAS • Spring Data REST • Spring Security • Spring Cloud • Spring Cloud Services 10

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What is Spring Data REST? • Leverages HYPERMEDIA & Internet standards • HAL (draft) • ALPS (draft) • JSON Schema (draft) • URI Templates (RFC 6570) • text/uri-list mediatype (RFC 2483) • profile link relation (RFC 6906) 11

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ { "image" : "http://spring-‐a-‐gram.cfapps.io:80/files/plan.jpg1441898618238", "_links" : { "self" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32" }, "item" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32{?projection}", "templated" : true }, "gallery" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32/gallery" } } } 12 Item Resource

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @Data  @Entity  @ToString(exclude = "gallery")  public class Item {    @Id  @GeneratedValue(strategy = GenerationType.AUTO)  private long id;    @Lob  private String image;    @ManyToOne  private Gallery gallery;    @JsonIgnore  @OneToOne  private User user;    }  13 Item Class

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ { "description" : "cats", "_links" : { "self" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/galleries/2" }, "gallery" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/galleries/2" }, "items" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/galleries/2/items" } } } 14 Gallery Resource

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @Data  @Entity  @ToString  public class Gallery {    @Id  @GeneratedValue(strategy = GenerationType.AUTO)  private long id;    private String description;    @OneToMany(mappedBy = "gallery")  private List<Item> items;    protected Gallery() {}    public Gallery(String description) {  this.description = description;  }    } 15 Gallery Class

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Demo 2 - HAL Navigation 16

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ <dependency>  <groupId>org.springframework.boot</groupId>  <artifactId>spring-boot-starter-data-rest</artifactId>  </dependency> <dependency>  <groupId>org.springframework.boot</groupId>  <artifactId>spring-boot-starter-data-jpa</artifactId>  </dependency> 17 How to Get Spring Data REST

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ <dependency>  <groupId>org.springframework.boot</groupId>  <artifactId>spring-boot-starter-hateoas</artifactId>  </dependency> 18 How to Get Spring HATEAOS

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Demo 3 - HAL Browser 19

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ <dependency>  <groupId>org.springframework.data</groupId>  <artifactId>spring-data-rest-hal-browser</artifactId>  </dependency> 20 HAL Browser dependency

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Security 21

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 22 “It’s not real until it’s secured.” “Do not implement security on your own.” Rob Winch, Spring Security Lead Greg Turnquist, Spring Data Dude

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Comprehensive and extensible support for both Authentication and Authorization 23 Spring Security

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Common Attack Vectors • Session fixation • XSS - Cross-Site Scripting • CSRF - Cross Site Request Forgery • clickjacking - User Interface redress attack 24

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @PreAuthorize("hasRole('ROLE_USER')")  public interface ItemRepository extends PagingAndSortingRepository<Item, Long> {    List<Item> findByGalleryIsNull();    @Override  @PreAuthorize("#item?.user == null or #item?.user?.name == authentication?.name")  Item save(@Param("item") Item item);    @Override  @PreAuthorize("#item?.user?.name == authentication?.name or hasRole('ROLE_ADMIN')")  void delete(@Param("item") Item item);    @Override  @PreAuthorize("@itemRepository.findOne(#id)?.user?.name == authentication?.name or hasRole('ROLE_ADMIN')")  void delete(@Param("id") Long id);  }  25 Securing Images

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @RepositoryRestResource(exported = false)  public interface UserRepository extends CrudRepository<User, Long> {    User findByName(String name);  } 26 Securing Users

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ { "user" : { "name" : "roy", "roles" : [ "ROLE_USER" ] }, "image" : "http://spring-‐a-‐gram.cfapps.io:80/files/plan.jpg1441898618238", "_links" : { "self" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32" }, "item" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32{?projection}", "templated" : true }, "gallery" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32/gallery" } } } 27 Resource with Projection

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @Projection(name = "owner", types = Item.class)  public interface Owner {    public User getUser();    public String getImage();    } 28 Owner Projection

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Demo 4 - Security Configuration 29

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ <dependency>  <groupId>org.springframework.boot</groupId>  <artifactId>spring-boot-starter-security</artifactId>  </dependency> 30 How to get Spring Security

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Use it. No excuses. Seriously. 31 HTTPS

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Microservices 32

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 33 “the microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API.” http://martinfowler.com/articles/microservices.html

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Twelve Factor Apps (12factor.net) • Codebase - One codebase tracked in revision control, many deploys • Dependencies - Explicitly declare and isolate dependencies • Config - Store config in the environment • Backing Services - Treat backing services as attached resources • Build, release, run - Strictly separate build and run stages • Processes - Execute the app as one or more stateless processes • Port binding - Export services via port binding • Concurrency - Scale out via the process model • Disposability - Maximize robustness with fast startup and graceful shutdown • Dev/prod parity - Keep development, staging, and production as similar as possible • Logs - Treat logs as event streams • Admin processes - Run admin/management tasks as one-off processes 34

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 35 No microservice is an island

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Cloud • Intelligent Proxy • Service Discovery • Circuit Breaker • External Configuration 36

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Application Diagram Spring-a-Gram Spring-a-Gram Backend MongoDB FileService SQL Database SQL Database MongoDB

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ <parent>  <groupId>io.pivotal.spring.cloud</groupId>  <artifactId>spring-cloud-starter-parent</artifactId>  <version>Angel.SR3</version>  </parent> 38 Spring Cloud Parent POM

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ org.springframework.cloud Dependencies • spring-‐cloud-‐starter-‐zuul • spring-‐cloud-‐starter-‐eureka • spring-‐cloud-‐starter-‐hystrix • spring-‐cloud-‐starter-‐hystrix-‐amqp • spring-‐cloud-‐starter-‐config-‐client 39

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Demo 5 - Microservice Code 40

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Cloud Services • Circuit Breaker • Service Registry • Config Client 41

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Demo 6 - PWS Showcase 42

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ <parent>  <groupId>io.pivotal.spring.cloud</groupId>  <artifactId>spring-cloud-services-starter-parent</artifactId>  <version>1.0.0.M1</version>  </parent> 43 Spring Cloud Services Parent POM

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ <dependency>  <groupId>io.pivotal.spring.cloud</groupId>  <artifactId>spring-cloud-services-starter-service-registry</artifactId>  </dependency> <dependency>  <groupId>io.pivotal.spring.cloud</groupId>  <artifactId>spring-cloud-services-starter-circuit-breaker</artifactId>  </dependency>  <dependency>  <groupId>io.pivotal.spring.cloud</groupId>  <artifactId>spring-cloud-services-starter-config-client</artifactId>  </dependency> 44 Spring Cloud Services Dependencies

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Additional Sessions • The State of Securing RESTful APIs with Spring  Tue 4:30 Salon I-L - Rob Winch • Hands on Spring Security  Wed 8:30 Salon I-L - Rob Winch • Cloud Native Java with Spring Cloud Services  Wed 2:30 Salon E-H - Craig Walls and Scott Frederick • Securing Microservices with Spring Cloud Security  Thurs 10:30 Salon E-H - Will Tran 45

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ More Information • github.com/gregturn/spring-a-gram • github.com/royclarkson/spring-rest-service-oauth • twitter.com/springcentral • spring.io • spring.io/guides • spring.io/video • spring.io/questions 46

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation. 47

Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 48 Learn More. Stay Connected. @springcentral Spring.io/video

SpringOne 2015: Spring Data REST - Data Meets Hypermedia

SpringOne 2015: Spring Data REST - Data Meets Hypermedia

More Decks by Greg Turnquist

Other Decks in Technology

Featured

Transcript