Upgrade to Pro — share decks privately, control downloads, hide ads and more …

IBM Connect 2017: Your Data In the Major Leagues: A Practical Guide to REST Services

sbasegmez
February 22, 2017

IBM Connect 2017: Your Data In the Major Leagues: A Practical Guide to REST Services

IBM Connect 2017 Session on RESTful architectures and their uses in IBM Domino environments (Notes and XPages applications)

sbasegmez

February 22, 2017
Tweet

More Decks by sbasegmez

Other Decks in Technology

Transcript

  1. Your Data In the Major Leagues: A Practical Guide to

    REST Services Serdar Basegmez Managing Director, Developi Information Systems DEV-1383 IBM Connect 2017 Conference, 20-23 February 2017
  2. • IBM Champion (2011 - 2017) • Developi Information Systems,

    Istanbul • OpenNTF / LUGTR / LotusNotus.com • Featured on… • Engage UG, IBM Connect, ICON UK, NotesIn9… Serdar Başeğmez
  3. Agenda • RESTful Architecture • Practical Implications • Advantages of

    RESTful Services • Providing REST Services for IBM Domino • Consuming REST Services for IBM Domino • Wrap-up
  4. RESTful Web Services Representational state transfer (REST) is an architectural

    style used for web development. Systems and sites designed using this style aim for fast performance, reliability and the ability to scale (to grow and easily support extra users). To achieve these goals, developers work with reusable components that can be managed and updated without affecting the system as a whole while it is running. Source: https://en.wikipedia.org/wiki/Representational_state_transfer
  5. Old School Web Applications Source: https://speakerdeck.com/jeffschenck/rest-easy-api-security-done-right User Interface Business Logic

    Datastore Front-end Back-end ASP, PHP, CGI, Web Agents, JSP, etc. ← HTML, CSS, JavaScript Forms →
  6. Web Applications Evolving User Interface Business Logic Datastore Front-end Back-end

    Async web apps, Ruby on Rails, Django, JSF, XPages, etc. ← HTML, CSS, JavaScript Forms, AJAX →
  7. Web Applications Evolving User Interface Business Logic Datastore Front-end Back-end

    Modern Web frameworks, Angular.js, React.js, etc. ← HTML, CSS, JavaScript ← REST →
  8. Web Applications Evolving User Interface Business Logic Datastore Mobile Applications

    Back-end Modern Web frameworks, Angular.js, React.js, etc. ← HTML, CSS, JavaScript ← REST → Front-end
  9. Web Applications Evolving User Interface Business Logic Datastore Mobile Applications

    Back-end Modern Web frameworks, Angular.js, React.js, etc. ← HTML, CSS, JavaScript ← REST → Front-end Microservice Microservice Microservice
  10. RESTful, Everywhere! Solid Architecture Well-defined practices Widespread use in modern

    frameworks Easily consumable, even in micro environments
  11. Stateless / Cacheable / Layered Every request processed independently Everything

    cacheable Client does not care who cooked the meal in the kitchen ⇣ Scalable, Robust, Resilient
  12. The Conversation Makes Sense! GET /twink/contacts/DLEY-ACLH6Y HTTP/1.1 Host: homer.developi.info Cache-Control:

    no-cache { "zip": "13202", "state": "NY", "lastName": "Abbate", "middle": "J", "country": "US", "emailAddress": "[email protected]", "number": "DLEY-ACLH6Y", "city": "Syracuse", "firstName": "Jessica" }
  13. URI GET PUT POST DELETE /contacts/ List Contacts Replace Contacts

    Create New Contact Delete Contacts /contacts/id Retrieve a Contact Replace a Contact N/A (generally) Delete a Contact Source: https://en.wikipedia.org/wiki/Representational_state_transfer Conventions on URLs
  14. Motivation Putting stuff into a small device! Socializing with other

    developers! Opening to the wild… New animals out there! Enough! We are moving… All / Some / None of the above
  15. RESTful Services on Domino IBM Domino Server Web Apps Agents

    IBM Notes Client RESTful Services As Consumer Browser Remote Applications As Provider Provider Consumer
  16. Domino Access Services • Provided and Supported by IBM •

    Fully functional RESTful API for Domino Data • Access to Views/Folders/Documents/Collections/Fields/Calendar • Support for caching • Mail and FreeBusy services added by ExtLib OpenNTF version • Inherently uses standard security model (ACL, readers/authors…) • Server-level/Database-level/Design-level control over availability
  17. Domino Access Services • No coding needed, Immediately available after

    a few settings. Enable on Server Enable For Database Enable For Views
  18. Domino Access Services • Drawbacks: • No control over the

    data! • Reading a document —> Read All fields • Creating a document —> No checkpoints! • No place for business logic! • What about actions? The responsibility is on the consumer • Everything or Nothing • Exposes internals • You should trust consumers and the environment…
  19. REST Components (ExtLib) • Provided and Supported by IBM •

    Access to Views/Folders/Documents/Collections/Fields/Calendar • Customizable component for RESTful access • Custom REST Service with SSJS or Java • Event model helps building business logic on top of REST model • Dojo support for single page model
  20. REST Components (ExtLib) • Setup REST component(s) on your page.

    • Minimal coding, no administrator needed. Add to your XPage Add a Service Configure Options
  21. REST Components (ExtLib) • Drawbacks: • Careful with the code

    organization… • You might inevitably end up with a spaghetti code! • Error handling is crucial • Prefer CustomRestService with a Java bean for more advanced stuff… • Difficult to follow RESTful URL Convention • e.g. https://someserver.domain.com/database.nsf/somepage.xsp/service/… • Careful with the security… • Do not trust security by obscurity…
  22. Hardcoding (Web agents, XAgents…) • Obsolete way to create services,

    but still quite useful for some cases. • Great if you have pre-existing code (e.g. Lotusscript libraries, etc.) • Customizable, flexible and simple way to create any service
  23. Hardcoding (Web agents, XAgents…) • Drawbacks: • Hardcode everything… •

    e.g. Header/parameter extraction • Careful with the code organization… • You might inevitably end up with a spaghetti code! • Error handling is crucial • Difficult to follow RESTful URL Convention • e.g. https://someserver.domain.com/database.nsf/xagent.xsp?… • e.g. https://someserver.domain.com/database.nsf/someagent?OpenAgent&…
  24. Apache Wink Servlets • IBM Domino includes Apache Wink 1.1.2

    • Create REST services using OSGi plugins. • Complete Java solution, extensible with custom providers • Conforms RESTful architecture standards using JAX-RS • Code reusability outside IBM Domino world.
  25. Apache Wink Runtime Application Code Apache Wink Basic Architecture Wink

    Servlet (Customizable) HTTP/HTTPS Client Datastore Resource Resource Resource Resource Controllers Data Accessors Tools/Utilities Request Processor Helpers /BaseURI/* /BaseURI/Path-Patterns
  26. @Path("/contacts") public class ContactResource { private DominoAccessor accessor = new

    DominoAccessor(ContextInfo.getUserSession()); @GET() public Response getContactList( @QueryParam("start") int start, @QueryParam("count") int count) { List<Contact> contactList = accessor.pullContacts(start, count); String result = ModelUtils.toJson(contactList).toString(); return Response.ok(result, MediaType.APPLICATION_JSON).build(); } @Path("/{id}") @GET() public Response getContact(@PathParam("id") String id) { Contact contact = accessor.findContact(id); if(null == contact) { throw new WebApplicationException(Response.Status.NOT_FOUND); } else { String result = ModelUtils.toJson(contact).toString(); return Response.ok(result, MediaType.APPLICATION_JSON).build(); } } } { "zip": "13202", "state": "NY", "lastName": "Abbate", "middle": "J", "country": "US", "emailAddress": "[email protected]", "number": "DLEY-ACLH6Y", "city": "Syracuse", "firstName": "Jessica" } Contact Resource Class Contact Resource Short JSON Representation
  27. Apache Wink Servlets • Drawbacks: • Plugin only • Difficult

    if you are not familiar • Takes time to learn • Overkill? • Not suitable for small projects and simple needs • Apache Wink is old school • Not that bad, IBM still using Wink. But Apache took another way. • Alternatives: RESTEasy, Jersey, Apache CXF, etc. • Integrating a new module into Domino might be an issue
  28. Providing RESTful Services on Domino Benefits Challenges Suggested When? Domino

    Access Services
 (DAS) No Backend Code Zero-setup Limited Control No Business Logic Exposes the Internals Simple internal integrations ExtLib Components
 for REST Less Backend Code Minimal Setup Partial/Full Customization Error Handling Spaghetti Code Risk URL Convention Simple needs for a limited scope Hardcoding
 (XAgents, Web agents, Servlets) Tailor-made (Almost) No Learning Curve Hardcoding Everything Spaghetti Code Risk URL Conventions Very specific needs for a limited scope Apache Wink Servlets Tailor-made Based on JAX-RS OSGi Benefits Learning Curve Barrier to Entry Large scope implementation, API Design
  29. How to Consume any RESTful Service? • It is just

    an HTTP Request… • Questions to ask: • Lotusscript or Java or SSJS? • On-demand or Background? • Who is going to be authenticated? • The remote service has an SDK?
  30. Java or SSJS or Lotusscript? • Lotusscript • No internal

    support for Networking… • On Windows platform, we can use COM objects • Server-side JavaScript • Use Java! • Java • Core Java provides URLConnection class for basic operations • Open source libraries are preferred (e.g. Apache HttpComponents)
  31. A Simple Example • Pulling exchange rates (When needed or

    on a schedule) Set rates = CreateObject("msxml2.DOMDocument" ) rates.async = False rates.validateOnParse = False rates.setProperty "ServerHTTPRequest" ,True If rates.load("http://www.tcmb.gov.tr/kurlar/today.xml" ) Then Set currencies =rates.getElementsByTagName("Currency" ) For i=0 To currencies.length - 1 Set node=currencies.item(i) If node.attributes.getNamedItem("Kod").value="USD" Then For j=0 To node.childnodes.length-1 If node.childnodes.item(j).NodeName="ForexBuying" Then forexBuyingUSD = node.childnodes.item(j).nodeTypedValue Elseif node.childnodes.item(j).NodeName="ForexSelling" Then forexSellingUSD = node.childnodes.item(j).nodeTypedValue End If Next ‘ Elseif for others… End If Next GetExchangeRates=True Else GetExchangeRates=False End If Using OLE Automation XML Parsing Windows only!
  32. A Simple Example • Pulling exchange rates (When needed or

    on a schedule) public Double receiveEurUsdRate() throws Exception { CloseableHttpClient httpclient = HttpClients.createDefault(); HttpGet httpGet = new HttpGet("http://api.fixer.io/latest?base=USD"); CloseableHttpResponse response = httpclient.execute(httpGet); try { HttpEntity entity = response.getEntity(); // This is the worst practice ever! // We don't check anything! Everything can go wrong... JsonJavaObject ratesMap = (JsonJavaObject) JsonParser.fromJson(JsonJavaFactory.instanceEx, EntityUtils.toString(entity)); JsonJavaObject rates = ratesMap.getAsObject("rates"); // We can write values into a NotesDocument return rates.getAsDouble("EUR"); } finally { response.close(); } } Create an HTTP client Get a response Convert to JSON
  33. A Simple Example • Pulling exchange rates (When needed or

    on a schedule) <xp:button id="button1" value="What is the exchange rate?"> <xp:eventHandler event="onclick" submit="true" refreshMode="partial" refreshId="computedField1"> <xp:this.action><![CDATA[#{javascript: viewScope.EurUsdRate = test.ExchangeRate.receiveEurUsdRate() }]]></xp:this.action> </xp:eventHandler> </xp:button> We can also call Java!
  34. A Simple Example • Pulling exchange rates (When needed or

    on a schedule) • Lotusscript • Try not to do :) • Running from an Java Agent • Apache HttpComponents and IBM Commons should be imported. • Agent Security should be configured • Running from an XPage / Java or SSJS • Apache HttpComponents should be imported. • Time-outs and service hiccups should be considered • Values should always be cached!
  35. When/How to Connect? • Web Application triggers the RESTful conversation.

    IBM Domino Server Web Apps RESTful Service Web Client 1. Click/Save/Update 2. REST Request 3. REST Response 4. Render Response Latency!!!
  36. When/How to Connect? • Web Application performs the RESTful conversation

    at the browser. IBM Domino Server Web Apps RESTful Service Web Client 1. CSJS Action 2. AJAX Request 3. AJAX Response 4. Process Response Latency!!! CORS (Cross Origin Resource Sharing)?
  37. When/How to Connect? • Notes Client performs the RESTful conversation

    IBM Domino Server Agent Manager RESTful Service Notes Client 1. Run local code (Java/LS) 2. REST Request 3. REST Response Latency!!! 4. Process Results
  38. When/How to Connect? • Notes Client performs the RESTful conversation

    via a Server Agent IBM Domino Server Agent Manager RESTful Service Notes Client 1. Agent.RunOnServer() 2. REST Request 3. REST Response 4. Read Results Latency!!!
  39. When/How to Connect? • RESTful conversation happens on background IBM

    Domino Server Agent Manager RESTful Service 1. Agent or DOTS run on a schedule 2. REST Request 3. REST Response 4. Process Results Latency!!! DOTS
  40. When/How to Connect? • More complicated scenarios… IBM Domino Server

    REST Service RESTful Service RESTful Consumer 1. REST Call 3. REST Request 4. REST Response 6. Return response Latency!!! 2.Process the Request 5. Process More
  41. Authentication • Who is going to be authenticated and how?

    • No authentication • Predefined credential or application key • Single Sign-on • Users with their own credentials on remote (OAuth, Saved password…)
  42. Authentication • No authentication • No problem! • Predefined credential

    or application key • Every REST request should be configured with proper keys. • Credential or Application key should be secured. • Not suitable for CSJS Model
  43. Authentication • Single Sign-on • Valid for integrations when SSO

    is available (e.g. IBM Connections) • Works within the same domain! • The remote system expects a token, generally in cookie form • CSJS model will work without any modification • When HTTP request passes through the server, cookie should be transferred
  44. Authentication • Users with their own credentials on the remote

    system • Saved Password: • Easy for the developer, but not convenient! • Security risk, changing passwords, two-factor authentication, etc. • Many applications do not allow credentials via API. • OAuth • Domino has no native support, but possible with some effort • Need Encryption for user keys (Not yet supported in XPages) • IBM Social Business Toolkit SDK brings the support for OAUTH (well, sort of…)
  45. Why not SDK? • Many remote services provide a Java

    SDK or Wrapper • Wrapper vs SDK • Wrapper: Well-defined data model (e.g. POJO classes) • SDK: No need to deal with low level operations • Generally supported by the provider or the community • But… • Compatibility issues (especially on Java Agents) • e.g. IBM Watson SDK requires Java 7 • JVM Security issues • Too much dependency, Poor documentation, etc.
  46. Consuming RESTful Services Usage Examples XPages
 Java - SSJS Through

    SSJS or Java beans Called when needed Sending message to Slack Integrations to IBM Watson Social Media Interaction Agents Java - Lotusscript Scheduled agents Can be called by Notes Client Periodically pulling exchange rates Pushing data to remote service Training IBM Watson AI Using SDKs XPages - OSGi Access to services using external libraries Called when needed Scheduled using DOTS Accessing IBM Connections Integration to Box
  47. Summary RESTful Services Architecture Providing and Consuming RESTful services for

    Domino Applications Scenarios around RESTful Services Architecture Examples
  48. Takeaway Download and play with demos Experiment simple services Get

    yourself familiar with RESTful Services Download OpenNTF projects Study on RESTful design practices Have a Pet Project
  49. Notices and disclaimers Copyright © 2017 by International Business Machines

    Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM. U.S. Government Users Restricted Rights — Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM. Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided. IBM products are manufactured from new parts or new and used parts. In some cases, a product may not be new and may have been previously installed. Regardless, our warranty terms apply.” Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice. Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary. References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business. Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation. It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
  50. Notices and disclaimers continued Information concerning non-IBM products was obtained

    from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right. IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
  51. Resources • Serdar Başeğmez: Demo for this session
 https://github.com/sbasegmez/IC17RestDemo •

    Serdar Başeğmez: Apache Wink Template and Demo
 https://github.com/sbasegmez/RestAssuredDemo • Graham Acres / Serdar Başeğmez: The Journey to Becoming a Social Application Developer (IBM Connect 2014)
 https://speakerdeck.com/sbasegmez/bp308-the-journey-to-becoming-a-social-application-developer • Stephan H. Wissel: Custom REST service in XPages using a service bean
 https://wissel.net/blog/d6plinks/SHWL-9Q55QL • Eric McCormick: Series on JSON Data with Java in XPages
 https://edm00se.io/json-with-java-in-xpages • Thomas Ladehoff: REST Services with the XPages Extension Library
 https://www.assono.de/blog/d6plinks/REST-Services-with-the-XPages-Extension-Library • Paul Withers: XPages OSGi Plugins series
 http://www.intec.co.uk/xpages-osgi-plugins-1-an-introduction/ • John Cooper: Domino OSGI (Part 1) - Configuring Eclipse for XPages OSGI Plugins
 http://developmentblog.johnmcooper.co.uk/2014/05/configuring-eclipse-for-xpages-osgi-plugins-part1.html • Toby Samples: JAX-RS or THE way to do REST in Domino series
 https://tobysamples.wordpress.com/2015/04/28/jax-rs-or-the-way-to-do-rest-in-domino-part-1/ • Jesse Gallagher: Eclipse Tutorial for Domino Developers
 https://github.com/jesse-gallagher/eclipse-tutorial-oct2015/wiki/Java