This is the thrid release of JBoss’s JSR-311, JAX-RS, Restful Web Services implementation. Nothing special in this release, just a lot of bug fixes the community found as well as more spec-feature complete. We have some more things coming down the pipe in the next month, so stay tuned!

Links to where to download, post user questions, and our documentation are all available on our WIKI.

Release Notes - Resteasy - Version Beta3

Bug

• [RESTEASY-25] - mime property types ignored when matching resource methods to requests
• [RESTEASY-26] - MessageBodyWriter matching should use the entity class, not the method’s reflected return type.
• [RESTEASY-27] - Resource Locators should be dynamically processed

Task

• [RESTEASY-6] - Implement all methods with decode parameter within UriInfo
• [RESTEASY-20] - Suport for @Path.limited

I finally got around to creating a new release for the next rev of our JAX-RS, Java RESTful Web Services, implementation. This release targets the 0.7 release of the JAX-RS specification. There’s a still a few features I haven’t implemented yet, but hope to get them out soon as the spec starts to solidify. Especially new in this release is a new embeddable container so you can run things within junit tests, or just serve up a small restful web service from your classpath. We’ve been using this embeddable container to unit test our implementation and finally made it available to the masses.

Check out our project page or download the new release.

Release Notes - Resteasy - Version Beta2

Bug

• [RESTEASY-1] - DefaultPlainText.MessageBodyWriter should not write anything (arrays especially)
• [RESTEASY-2] - If Response has set Content-Type, then that content type should be used
• [RESTEASY-9] - Subresources erroneously considered as root resources
• [RESTEASY-17] - Spec mandates supporting MultivaluedMap for form-urlencoded media types
• [RESTEASY-18] - @QueryParam should not return x-www-form-urlencoded parameters
• [RESTEASY-24] - WebApplicationException and http status codes

Feature Request

• [RESTEASY-11] - Standalone server

Task

• [RESTEASY-4] - Implement variants
• [RESTEASY-13] - Support @Context field injection
• [RESTEASY-14] - Support @Context injeciton of HttpServletRequest/Response
• [RESTEASY-16] - Support injection of javax.ws.rs.core.SecurityContext
• [RESTEASY-19] - Support for StreamingOutput
• [RESTEASY-23] - Integration test for SecurityContext

A great article by Stefan Tilkov on Addressing doubts on REST.  This and his previous article are a must read for any REST noob.  I wish I had them available when I was researching REST almost a year ago.

I’ve been playing around a little bit with the idea of creating a RESTFul MOM/ESB where the client requests a specific format and the server transforms the content if it can. For an ESB, this usecase would normally turn up for various XML-based messages and documents. The client would request an XML document of a certain schema and the ESB would return that format, performing a transformation if applicable.

For a RESTFul ESB, I’d want to use HTTP content negotiation. The problem is, AFAIK, there is no standard MIME type, other than “application/xml”, that allows you to specify an XML format with schema information. Being a REST noob, I emailed my friend Steve, a REST enthusiast, and asked him if it would be ok to embed schema information into the media type. My first thought was the media type would be:

application/myschema+xml

Steve’s response was you can’t just make up a MIME type on your own and expect it to work well on the Internet without registering it. At first I thought, what’s the big freakin deal? But then I realized, what if you want to point your browser to a message in a remote RESTFul queue and just view its content? If you use “application/myschema+xml” your browser ain’t gonna understand it.

So, I decided to do a search on “decentralized mime types” and came across a few blogs from Stefan Tilkov, Dan Diephouse, and James Strachan. Here’s a summary (sorry if I left out anything)

Use AtomPub

One idea was to use AtomPub . I don’t like this idea at all. One, I just want to send a bloody XML document! KISS baby KISS! Second, if I’m going to use an envelope format, why not just use SOAP and WS-*? (no thanks). This, IMO, sort of defeats one of the general principles of REST.

Define a new decentralized MIME type

The idea would be to define a decentralized MIME type like this:

application/data-format;uri=http://mediatypes.example.com/foo/bar

The uri would point to something like an RDDL document that defined the real format. Beyond KISS, what I don’t like about this approach is that again, I have no way of pointing my browser (or some other generic client) at the resource and just viewing it.

Use MIME properties

I saved the best for last. The final idea was to embed format information within MIME properties:

application/xml; schema="http:/..."

application/octet-stream; data-format=java

Use a registered MIME type, but append extra format information as a MIME property. I did a test on this with Firefox and Safari and it doesn’t screw up the viewing. So for me, MIME properties it is! I would be interested in links to other thoughts on this.

I’m pleased to announce the first beta release of the JBoss Resteasy JAX-RS implementation!

After about 4 months of on and off development, I finally have a working version of the new JSR-311, JAX-RS specification. For those of you who don’t know, JSR-311 is a RESTFul Web Services implementation for Java and is slated to be included within Java EE 6. The spec is still a bit of a moving target, but its still pretty useful. Let me know what you think!

Features:

• JAX-RS implementation (almost full, still have a few minor things here and there)
• Portable to any app-server/Tomcat that runs on JDK 5 or higher
• EJB 3.0 and Spring integration
• Client framework to make writing HTTP clients easy (JAX-RS only define server bindings)

Where can I find out more?

All information, including where to download it, is available on our Resteasy WIKI.

I was reading a bit of Steve Vinoski’s blog on how some think REST requires a definition language like WSDL or IDL. He first mentions it within Serendipitous Reuse, and further expands on it in the blogs Lying Through Their Teeth: Easy vs. Simple, IDL vs. Human Documentation and More REST and IDL. If you are a REST fan or detractor these blogs as well as the blogs they link to are a good read and gets you thinking about things.

I’ve been implementing JAX-RS, JSR-311, off and on the past few months. Vinoski’s blogs made me think, is JSR-311 just another definition language? The language being Java + JAX-RS anotations? Maybe I’m dwelling over the obvious here, but let’s do the exercise anyways…

Vinoski paraphrases Ryan Tomayko on what might be the erroneous use of a RESTful definition language:

Among other things, Ryan touches on one of the favorite assertions of the REST detractors, which is that REST can’t be effective without an interface/service/resource definition language. After all, without such a language, how can you generate code, which in turn will ease the development of the distributed system by making it all look like a local system? Not surprisingly, the first comment on Ryan’s blog entry is exactly along these lines.

First of all, I don’t think JAX-RS is trying to make a distributed system look like a local one. Yes, its trying to remove a lot of boilerplate code. Yes, using JAX-RS could turn a POJO into a distributed RESTful resource.

public class BookStore {
    @GET @Path("/books/{id}")
    @ProduceMime("application/json")
    public String getBook(@PathParam("id") int id) {
         ... return a json representation of the Book
    }
}

JAX-RS does have some characteristics of a definition language. From the @GET and @Path annotations, you can determine how the resource is going to be invoked on. But, IMO though, it is more of a mapping language than a definition language. Its mapping a URI and http request/response to the invocation of a Java method. Its not trying to make our distributed system look like a local system.

Now, what about the idea I had of providing a client framework using JAX-RS annotations?

public interface BookStore {
    @GET @Path("/books/{id}")
    @ProduceMime("application/json")
    public String getBook(@PathParam("id") int id);
}

The idea here would be you generate a RESTful client proxy from a JAX-RS annotated interface that you could invoke on without writing http client code. Are we blurring the lines here? Are we hiding too much the fact that our BookStore is a remote distributed service? I’ll leave that up to you to decide…

I agree with new JBossian, Andy Rubinger. Plumbing sucks. Andy talks about how he hates Struts, et al. and wished he could rip it out for a more lightweight model where the client is Ajax/JavaScript talking directly to EJBs on the server side. Andy is a young guy (still in his 20’s I believe) so he possibly missed all the 3-tiered application development done in the mid-90’s with VB, VC++, and Power Builder. Personally, I miss those days because GUI development was fun and productive.

If Andy likes this idea so much, he should take a look at what Jeff, Nolan, and Ben are doing at Appcelerator. The Appcelerator approach is interesting in that it is very much like Andy wants. They turn HTML/Ajaxey based applications into an event/message based model. What I think is interesting about their approach is:

• You can mock-up your server interactions directly within your web pages. This allows the client app developers to create a working application that doesn’t require a server to run and that can be developed independently of server side business logic
• Your server can become stateless. Since AJAX applications can hold state, this means no more HTTP Session replication on the server side and that the server needs less memory.
• Client architecture is decoupled from the server side architecture (but not completely, I’ll explain later). With JSF, Seam, Spring, or (insert your favorite Java webflow framework here), you’re basically married to Java. This means no experimenting with Ruby, Groovy, Rails, Grails (why you’d want to, I don’t really know but hey, you have the option). Appcelerator works with Java, Ruby, Python, and even .Net.
• Things like validation are done on the client by marking up the validation logic directly on HTML elements. Other AJAX frameworks do validation on the server by sending tons of mini messages back and forth. What a silly idea guys. You wonder why you have to do unnecessary rearchitectures like Jetty’s continuations. Anybody who has ever written a distributed application realizes that to scale you must minimize message passing.
• You don’t write much Javascript. You embed event modeling directly with HTML attributes.

There’s a billion AJAX frameworks out there. I couldn’t find any out there that had all these attributes. (If you know of one, I’d be happy to add and edit this blog). What I didn’t like about their project was:

• You still have to edit HTML. Not sure how well app-dev lifecycle would work if you used a professional designer app with Appcelerator.
• I’m not sure how they would handle localization/internationalization.
• Their widget set is still relatively small
• Appcelerator’s distributed messaging architecture is Appcelerator specific. Yeah, it works on Ruby, Java, et al. but you still have a coupling between your client and server architectures via Appcelerator’s messaging layer. Which brings me to my next point…

What if you replace EJB invocations in Andy’s utopia and appcelerator messages in Appceleratorland with a REST based approach? Bill Higgins wrote a great article about AJAX + REST awhile back. If this approach goes mainstream, we’re just turning the clocks back to a 3-tiered architecture. I dont’ think that’s a bad thing though!

There is at least one drawback I can thinking of. Hyperlinks. Hyperlinks are just so important in integration and propagation of information. In a pure AJAX+REST approach, you give up on hyperlinking and your app behaves really like a traditional Swing/VB/PB app.  Another thing is that sometimes it does make a lot of sense for the server to render content.  In these situations I still believe we can keep the server stateless and combine it somehow with teh AJAX+REST approach.  Whoever can pick out the valuable pieces of Struts-like apps and combine it with the AJAX+REST approach will truly have something compelling.

A couple of weeks ago I finally got down to implementing the JSR-311 Restful web services specification I talked about in a previous blog.  In reading the JSR mail list and looking into HTTP content negotiation, a few questions popped up in regards to the programmatic web.

• Why would a client ever send more than one Accept header?
• Why would a client or server ever produce or consume wildcard content types?  i.e. “text/*” or even “*/*”?

I know in theory that the idea is that an application can dynamically search for resources, on the web and just invoke on them.  But when does any real application not have complete determinism?  When you’re writing a distributed application, you research the services you are going to interact with.  What exact data formats do they product?  What exact formats do they consume?  Otherwise its nearly impossible to implement your application.  Coding isn’t guess work.  You’re not going to invoke a service and hope it gives you back something you understand and vice-versa.  So please, somebody, give me real live use cases for this type of complex content negotiation.

In my previous blog, Distributed Compensation with REST and jBPM, I talked about removing complexity from both the distributed protocol and the server by forcing (or enabling, depending on your perspective) the client to handle things like business activity and compensating transactions. I asked the question, where does this leave WS-BA or more importantly, JBoss’s Business Activity Framework? It could easily still be used in a one process, web application. Many web applications are long running transactions that require compensation. But, I still think JBoss’s Business Activity Framework could be useful to help orchestrate distributed services, even restful ones, if we make compensation metadata available to the client so a local-only business activity coordinator could do its work locally. This would give us the decoupling benefit of BA, but would also allow us to keep our remote services stateless (and restful). The idea would be to move the BA annotations from the bean class, to the business interface:

public interface TravelAgent {
	@BACompensatedBy(value="cancel")
        @BAResult("reservationNumber")
        public int book(int room);

        public void cancel(@BAParam("reservationNumber") int reserverationNumber);
}

A client-side smart proxy could hide the interaction with the local activity coordinator. Another idea would be for the business process engine to introspect service references to see if they are annotated with compensation metadata, and interact with the coordinator themselves. A nice side effect of putting the metadata within the interface is that your service becomes self documenting. The user of this service knows exactly what’s going on by looking at the code.

You could combine this annotation-driven approach with the restful client-side framework I suggested in my comments on JSR-311.

public interface TravelAgent {
	@BACompensatedBy(value="cancel")
        @BAResult("$r.getId()")
        @UriTemplate("/hotel/reservations")
        @HttpMethod("POST")
        @Location("/hotel/reservations/$r.id")
        public Reservation book(@QueryParam("room") int room);

        @UriTemplate("/hotel/reservations/{reservationNumber}")
        @HttpMethod("DELETE")
        public void cancel(@BAParam("reservationNumber")  @UriParam("reservationNumber") int reserverationNumber);
}

This could make it fairly easy and metadata driven to have restful services interact with business activity.

In Java-to-Java calls, for example a remote or local EJB invocation, you wouldn’t necessarily need an interface-driven approach. The JBoss EJB 3.0 implementation, for instance, allows you to define both client-side and server side interceptors. At deployment time, the EJB container could scan the bean class for BA metadata, create a client interceptor initialized with this meta information, and attach the client interceptor to the proxy that is published to clients.

I think client driven conversations where the client holds all state makes for better written distributed services as they can be written in a more stateless, scalable manner. This doesn’t mean that you’d be able to apply this pattern to all scenarios. That’s why I think it might be interesting to make this approach configurable. The client must drive the compensation, the server must be allowed to participate in resource registration, or even a configuration of the client can decide whether it wants drive the coordination or not are all valid scenarios. Anyways, if you experiment with any of these patterns let me know. It would be cool to hear some real, live user experience instead of just guessing on whether or not this would be a good approach.

Since I’m so RESTless lately I started thinking about what JBoss could do to help with this effort. We’re involved with JSR-311, which is defining a server-side framework for REST web services, so I decided to contact Heiko Braun, our representative on this specification. I got a copy of the latest draft and dived in. Sometimes the rules of the JCP prevent you from talking about a specification publicly (please correct me if I’m wrong), so I wasn’t sure I could blog about this specification. But, since Brian Leonard has blogged about 311, then I guess I can too.

I don’t want to get into too much detail on 311. Instead please read Brian’s blog and follow the additional links he provides. 311 does seem like it is just standardizing the REST framework Sun has already written. I will though provide example code so that I can reference it later in this blog.

public class Shopping {
   @HttpMethod("GET")
   @UriTemplate("/shopping/orders")
   @ProduceMime("text/xml")
   public String getAllOrders(@QueryParam("expand") boolean expand) {...}

   @HttpMethod("POST")
   @UriTemplate("/shopping/orders")
   @ConsumeMime("text/xml")
   public String buy(Document order) {...}

   @HttpMethod("GET")
   @UriTemplate("/shopping/orders/{id}")
   @ProduceMime("text/xml")
   public String getOrder(@UriParam("id") int orderNum) {...}

   @HttpMethod("DELETE")
   @UriTemplate("/shopping/orders/{id}")
   public void deleteOrder(@UriParam("id") int orderNum) {...}
}

The spec allows you to map http header entries, query parameters, and individual elements within a URI to a method invocation and its parameters and return types. You can also specify what MIME types a method produces and consumes. The spec also provides you with the ability to define factories that can map representations to and from Java objects.

Change suggestions

After reading the specification and browing the Sun REST framework documentation, I have a few suggestions I’d like to make to JSR 311.

Remove magic methods

It seems like @HttpMethod can be placed without a http method identifier on a Java method and the HTTP method type inferred through the Java method name.

@HttpMethod String getOrders()

In this example, HTTP GET would be used because getOrders() begins with the string ‘get’. I never liked the idea of magic method names. They are too fragile and IMO, just bad programming practice. Instead let’s……..

Annotation refactoring of @HttpMethod

Annotation frameworks should be as tiny and concise as possible. Avoid verbosity at all costs. I’d like to see @HttpMethod replace with a more concrete set of http annotations with the additional ability of being able to define a uri template embedded within these applications. So, instead of @javax.ws.rest.HttpMethod (or whatever the package name will be), let’s instead have individual Get, Put, Post, Delete, and Options annotations under the package @javax.ws.rest.httpmethod:

public @interface Get {

   String value() default "";

}

The value() of Get, Post, Delete, etc. would be an optional uri template. So, instead of the verbose:

   @HttpMethod("GET")
   @UriTemplate("/shopping/orders/{id}")
   @ProduceMime("text/xml")
   public String getOrder(@UriParam("id") int orderNum) {...}

We would get:

   @Get("/shopping/orders/{id}")
   @ProduceMime("text/xml")
   public String getOrder(@UriParam("id") int orderNum) {...}

Reduces one line of typing and also, IMO, makes things easier to read.

Allow annotations on an interface instead

RESTful classes should be allowed to declare their REST annotations on the methods of an interface instead of on the class methods. IMO, this is a better way of isolating the published interface of a service. Doing so would also allow the EJB specification to adopt REST and be able to publish remote, local, and restful interfaces to the outside world. Another interesting side affect of this is….

How about a client side framework?

Another interesting side affect of being able to apply REST annotations to an interface is that this interface could be re-used by a client-side framework to generate a proxy that could invoke on REST web services. The client-side programmer could use the same annotations to describe many REST web services that may or may not be using the server-side implementation of 311 or even Java at all! Doesn’t seem like much more effort to define this client-side API.

@Location annotation?

One common pattern I’ve seen in the REST articles and books I have read is that when you have a service method that creates a new object or queries for an existing object, and Location header should be sent back to the client containing the URI the resource is locatable. The 311 spec seems to support this by allowing the user to return a spec-define Response class. What if instead, we provided the ability to map a return value to a Location header?

@Post("/shopping/orders")
@Location("/shopping/orders/{$r}")
public int buy(Document order) {...}

The $r would represent the string representation of the returned value of the buy() method. The client would receive an empty response with a Location header pointing to the new resource created by the buy() method. We could get even funkier in the @Location annotation and allow Unified EL expressions.

@Post("/shopping/orders")
@Location("/shopping/orders/{$r.getId()}")
public Order buy(Document order) {...}

This kind of flexibility could allow one object to be used both RESTfully and locally.

Security?

Another thing I see missing is security hooks. For instance, how about an annotation specifiying whether the resource should be accessed over HTTPS or not? How about an annotation that allows you to plug in an authentication mechanism? IMO, 311 shouldn’t be diving into defining security protocols, but should at least think about providing metadata that allows you to plug in your own implementation. Then again, maybe authentication is best left to being implemented in servlet filters. I don’t know…

XML Descriptor?

There are some bigots out there that despise annotations. An XML descriptor should be created that can define this type of metadata. It should follow the style of other EE components so that we can do things like integrating JAX-RS with EJB.

EJB bridge

The 311 specification does talk about how JAX-RS interacts in a servlet environment. I’d also like to see some work done so that EJBs can become restful as well. This will probably require some work around define lifecycle and creating an annotation like @Restful to ping the container that it needs to perform restful bindings. This would also require work with the EJB 3.1 JSR to expose JAX-RS XML descriptors within EJB 3.1. Red hat would be happy to drive this in the EJB 3.1 expert group.

More to come

I’m seriously thinking about implementing 311 with the changes I’ve suggested here and integrating it with our EJB3 implementation. Hopefully I have the time. Maybe somebody in the community would be interested? I’d be happy to help as long as the individual showed initiative and ability to work on their own. I’ll also talk to Heiko more on what he thinks should be massaged in the specification and blog about them here.