SpringOne 2015: Spring Data REST - Data Meets Hypermedia

Slide 1

Slide 1 text

Slide 2

Slide 2 text

Slide 3

Slide 3 text

Slide 4

Slide 4 text

Slide 5

Slide 5 text

Slide 6

Slide 6 text

Slide 7

Slide 7 text

Slide 8

Slide 8 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 7 “I am getting frustrated by the number of people calling any HTTP-based interface a REST API. Today’s example is the SocialSite REST API. That is RPC. It screams RPC…”

Slide 9

Slide 9 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 8 “…What needs to be done to make the REST architectural style clear on the notion that hypertext is a constraint? In other words, if the engine of application state (and hence the API) is not being driven by hypertext, then it cannot be RESTful and cannot be a REST API. Period. Is there some broken manual somewhere that needs to be fixed?” - Roy Fielding http://roy.gbiv.com/untangled/2008/rest-apis-must-be-hypertext-driven

Slide 10

Slide 10 text

Slide 11

Slide 11 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Spring Projects • Spring Framework • Spring Boot • Spring Data • Spring HATEOAS • Spring Data REST • Spring Security • Spring Cloud • Spring Cloud Services 10

Slide 12

Slide 12 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ What is Spring Data REST? • Leverages HYPERMEDIA & Internet standards • HAL (draft) • ALPS (draft) • JSON Schema (draft) • URI Templates (RFC 6570) • text/uri-list mediatype (RFC 2483) • profile link relation (RFC 6906) 11

Slide 13

Slide 13 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ { "image" : "http://spring-‐a-‐gram.cfapps.io:80/files/plan.jpg1441898618238", "_links" : { "self" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32" }, "item" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32{?projection}", "templated" : true }, "gallery" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32/gallery" } } } 12 Item Resource

Slide 14

Slide 14 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @Data  @Entity  @ToString(exclude = "gallery")  public class Item {    @Id  @GeneratedValue(strategy = GenerationType.AUTO)  private long id;    @Lob  private String image;    @ManyToOne  private Gallery gallery;    @JsonIgnore  @OneToOne  private User user;    }  13 Item Class

Slide 15

Slide 15 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ { "description" : "cats", "_links" : { "self" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/galleries/2" }, "gallery" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/galleries/2" }, "items" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/galleries/2/items" } } } 14 Gallery Resource

Slide 16

Slide 16 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @Data  @Entity  @ToString  public class Gallery {    @Id  @GeneratedValue(strategy = GenerationType.AUTO)  private long id;    private String description;    @OneToMany(mappedBy = "gallery")  private List items;    protected Gallery() {}    public Gallery(String description) {  this.description = description;  }    } 15 Gallery Class

Slide 17

Slide 17 text

Slide 18

Slide 18 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/   org.springframework.boot  spring-boot-starter-data-rest    org.springframework.boot  spring-boot-starter-data-jpa  17 How to Get Spring Data REST

Slide 19

Slide 19 text

Slide 20

Slide 20 text

Slide 21

Slide 21 text

Slide 22

Slide 22 text

Slide 23

Slide 23 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 22 “It’s not real until it’s secured.” “Do not implement security on your own.” Rob Winch, Spring Security Lead Greg Turnquist, Spring Data Dude

Slide 24

Slide 24 text

Slide 25

Slide 25 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Common Attack Vectors • Session fixation • XSS - Cross-Site Scripting • CSRF - Cross Site Request Forgery • clickjacking - User Interface redress attack 24

Slide 26

Slide 26 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @PreAuthorize("hasRole('ROLE_USER')")  public interface ItemRepository extends PagingAndSortingRepository {    List findByGalleryIsNull();    @Override  @PreAuthorize("#item?.user == null or #item?.user?.name == authentication?.name")  Item save(@Param("item") Item item);    @Override  @PreAuthorize("#item?.user?.name == authentication?.name or hasRole('ROLE_ADMIN')")  void delete(@Param("item") Item item);    @Override  @PreAuthorize("@itemRepository.findOne(#id)?.user?.name == authentication?.name or hasRole('ROLE_ADMIN')")  void delete(@Param("id") Long id);  }  25 Securing Images

Slide 27

Slide 27 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @RepositoryRestResource(exported = false)  public interface UserRepository extends CrudRepository {    User findByName(String name);  } 26 Securing Users

Slide 28

Slide 28 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ { "user" : { "name" : "roy", "roles" : [ "ROLE_USER" ] }, "image" : "http://spring-‐a-‐gram.cfapps.io:80/files/plan.jpg1441898618238", "_links" : { "self" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32" }, "item" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32{?projection}", "templated" : true }, "gallery" : { "href" : "http://spring-‐a-‐gram.cfapps.io/api/items/32/gallery" } } } 27 Resource with Projection

Slide 29

Slide 29 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ @Projection(name = "owner", types = Item.class)  public interface Owner {    public User getUser();    public String getImage();    } 28 Owner Projection

Slide 30

Slide 30 text

Slide 31

Slide 31 text

Slide 32

Slide 32 text

Slide 33

Slide 33 text

Slide 34

Slide 34 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ 33 “the microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API.” http://martinfowler.com/articles/microservices.html

Slide 35

Slide 35 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Twelve Factor Apps (12factor.net) • Codebase - One codebase tracked in revision control, many deploys • Dependencies - Explicitly declare and isolate dependencies • Config - Store config in the environment • Backing Services - Treat backing services as attached resources • Build, release, run - Strictly separate build and run stages • Processes - Execute the app as one or more stateless processes • Port binding - Export services via port binding • Concurrency - Scale out via the process model • Disposability - Maximize robustness with fast startup and graceful shutdown • Dev/prod parity - Keep development, staging, and production as similar as possible • Logs - Treat logs as event streams • Admin processes - Run admin/management tasks as one-off processes 34

Slide 36

Slide 36 text

Slide 37

Slide 37 text

Slide 38

Slide 38 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Application Diagram Spring-a-Gram Spring-a-Gram Backend MongoDB FileService SQL Database SQL Database MongoDB

Slide 39

Slide 39 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Application Diagram Spring-a-Gram Spring-a-Gram Backend MongoDB FileService SQL Database SQL Database MongoDB

Slide 40

Slide 40 text

Slide 41

Slide 41 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ org.springframework.cloud Dependencies • spring-‐cloud-‐starter-‐zuul • spring-‐cloud-‐starter-‐eureka • spring-‐cloud-‐starter-‐hystrix • spring-‐cloud-‐starter-‐hystrix-‐amqp • spring-‐cloud-‐starter-‐config-‐client 39

Slide 42

Slide 42 text

Slide 43

Slide 43 text

Slide 44

Slide 44 text

Slide 45

Slide 45 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/   io.pivotal.spring.cloud  spring-cloud-services-starter-parent  1.0.0.M1  43 Spring Cloud Services Parent POM

Slide 46

Slide 46 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/   io.pivotal.spring.cloud  spring-cloud-services-starter-service-registry    io.pivotal.spring.cloud  spring-cloud-services-starter-circuit-breaker      io.pivotal.spring.cloud  spring-cloud-services-starter-config-client  44 Spring Cloud Services Dependencies

Slide 47

Slide 47 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Additional Sessions • The State of Securing RESTful APIs with Spring  Tue 4:30 Salon I-L - Rob Winch • Hands on Spring Security  Wed 8:30 Salon I-L - Rob Winch • Cloud Native Java with Spring Cloud Services  Wed 2:30 Salon E-H - Craig Walls and Scott Frederick • Securing Microservices with Spring Cloud Security  Thurs 10:30 Salon E-H - Will Tran 45

Slide 48

Slide 48 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ More Information • github.com/gregturn/spring-a-gram • github.com/royclarkson/spring-rest-service-oauth • twitter.com/springcentral • spring.io • spring.io/guides • spring.io/video • spring.io/questions 46

Slide 49

Slide 49 text

Unless otherwise indicated, these slides are © 2013-2015 Pivotal Software, Inc. and licensed under a  Creative Commons Attribution-NonCommercial license: http://creativecommons.org/licenses/by-nc/3.0/ Safe Harbor Statement The following is intended to outline the general direction of Pivotal's offerings. It is intended for information purposes only and may not be incorporated into any contract. Any information regarding pre-release of Pivotal offerings, future updates or other planned modifications is subject to ongoing evaluation by Pivotal and is subject to change. This information is provided without warranty or any kind, express or implied, and is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions regarding Pivotal's offerings. These purchasing decisions should only be based on features currently available. The development, release, and timing of any features or functionality described for Pivotal's offerings in this presentation remain at the sole discretion of Pivotal. Pivotal has no obligation to update forward looking information in this presentation. 47

Slide 50

Slide 50 text