3. OLD STYLE PRESENTATION LAYER
Server
Browser
GET /index.html HTTP/1.1
200/OK (HTML)
GET /contacts-table.html HTTP/1.1
render
markup
200/OK (HTML)
POST /servlet/contacts HTTP/1.1
200/OK (HTML)
Dienstag, 11. Februar 14
render
markup
4. DATA CENTRIC SERVICE LAYER
Browser
Server
GET /index.html HTTP/1.1
200/OK (HTML)
GET /api/contacts HTTP/1.1
render
markup
200/OK (JSON)
PUT /api/contacts/12 HTTP/1.1
render
markup
Dienstag, 11. Februar 14
200/OK (JSON)
5. WHERE ARE WE HEADING TO ?
Browser
Server
GET /index.html HTTP/1.1
200/OK (HTML)
GET /contacts-table.html HTTP/1.1
200/OK (HTML)
ts !
cke
o
ws://future.now/ws
S
eb
W
render
markup
Dienstag, 11. Februar 14
PUT /api/contacts/12 HTTP/1.1
200/OK (JSON)
render
markup
10. CORS
Browser
Server of origin
Service provider
GET /index.html HTTP/1.1
200/OK (HTML)
!
est
qu
pr
ht re
eflig
OPTIONS /api/contacts HTTP/1.1
200/OK (WADL)
GET /api/contacts HTTP/1.1
render
markup
Dienstag, 11. Februar 14
200/OK (JSON)
16. HTTPS AND BASIC AUTH
• + easy to implement
• - password is sent on every request
• (- browser stores credentials for session)
• (- browser may store creds permanently)
• corporate proxies
• not for really sensitive data
Dienstag, 11. Februar 14
17. BASIC AUTHENTICATION
curl -X GET --verbose --insecure https://localhost:8181/baas/api/todo
> GET /baas/api/todo HTTP/1.1
...
<
<
<
<
<
<
<
<
<
<
<
HTTP/1.1 401 Unauthorized
X-Powered-By: Servlet/3.0 JSP/2.2 [...]
Server: GlassFish Server Open Source Edition 3.1.2.2
Pragma: No-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 01:00:00 CET
WWW-Authenticate: Basic realm="file"
Content-Type: text/html
Content-Length: 1073
Date: Wed, 14 Aug 2013 23:33:48 GMT
Dienstag, 11. Februar 14
18. BASIC AUTHENTICATION
curl -X GET --verbose --insecure -u marc:geheim https://localhost:8181/baas/api/todo
>
>
>
>
>
>
GET /baas/api/todo HTTP/1.1
Authorization: Basic bWFyYzpnZWhlaW0=
User-Agent: ...
Host: localhost:8181
Accept: */*
< HTTP/1.1 200 OK
Dienstag, 11. Februar 14