Slide 1

Slide 1 text

Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Data REST: Data Meets Hypermedia

Slide 2

Slide 2 text

No content

Slide 3

Slide 3 text

Greg Turnquist @gregturn [email protected] github.com/gregturn Roy Clarkson @royclarkson [email protected] github.com/royclarkson

Slide 4

Slide 4 text

Recognize this?

Slide 5

Slide 5 text

Recognize this? Is something missing?

Slide 6

Slide 6 text

Recognize this? How about this?

Slide 7

Slide 7 text

Recognize this? How about this?

Slide 8

Slide 8 text

Is the answer…

Slide 9

Slide 9 text

…this?

Slide 10

Slide 10 text

“I am getting frustrated by the number of people calling any HTTP-based interface a REST API. Today’s example is the SocialSite REST API. That is RPC. It screams RPC…” –Roy Fielding http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven

Slide 11

Slide 11 text

–Roy Fielding http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven “…What needs to be done to make the REST architectural style clear on the notion that hypertext is a constraint? In other words, if the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST API. Period. Is there some broken manual somewhere that needs to be fixed?”

Slide 12

Slide 12 text

Spring Data REST DEMO

Slide 13

Slide 13 text

SQL GET /api

Slide 14

Slide 14 text

SQL GET /api

Slide 15

Slide 15 text

SQL GET /api Spring HATEOAS Spring Security Spring Framework

Slide 16

Slide 16 text

SQL GET /api Spring HATEOAS Spring Security Spring Framework Spring Data

Slide 17

Slide 17 text

What is Spring Data REST? • Leverages HYPERMEDIA & Internet standards • HAL (draft) • ALPS (draft) • URI Templates (RFC 6570) • text/uri-list mediatype (RFC 2483) • profile link relation (RFC 6906)

Slide 18

Slide 18 text

Item resource

Slide 19

Slide 19 text

Item defined in Java

Slide 20

Slide 20 text

Gallery resource

Slide 21

Slide 21 text

Gallery defined in Java

Slide 22

Slide 22 text

How to get 
 org.springframework.boot
 spring-boot-starter-data-rest
 
 
 org.springframework.boot
 spring-boot-starter-data-jpa


Slide 23

Slide 23 text

–Greg Turnquist “It’s not real until it’s secured.”

Slide 24

Slide 24 text

No content

Slide 25

Slide 25 text

–Rob Winch, Mr. Spring Security “Do not implement security on your own.”

Slide 26

Slide 26 text

Use HTTPS

Slide 27

Slide 27 text

Authentication

Slide 28

Slide 28 text

Authorization

Slide 29

Slide 29 text

Attack Vectors • XSS - Cross-Site Scripting • CSRF - Cross Site Request Forgery • clickjacking - User Interface redress attack • HSTS - HTTP Strict Transport Security

Slide 30

Slide 30 text

Spring Security

Slide 31

Slide 31 text

Security for images

Slide 32

Slide 32 text

Security for users

Slide 33

Slide 33 text

Security for users

Slide 34

Slide 34 text

Tailoring data with projections

Slide 35

Slide 35 text

Tailoring data with projections

Slide 36

Slide 36 text

How to get 
 org.springframework.boot
 spring-boot-starter-security
 
 
 org.springframework.security.oauth
 spring-security-oauth2
 2.0.6.RELEASE


Slide 37

Slide 37 text

Spring Data REST DEMO

Slide 38

Slide 38 text

Links • github.com/gregturn/spring-a-gram • https://github.com/royclarkson/spring-rest-service-oauth • twitter.com/springcentral • spring.io • spring.io/guides • spring.io/video • spring.io/questions

Slide 39

Slide 39 text

Unless otherwise indicated, these slides are © 2013-2014 Pivotal Software, Inc. and licensed under a Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Data REST: Data Meets Hypermedia