Since I’m so RESTless lately I started thinking about what JBoss could do to help with this effort. We’re involved with JSR-311, which is defining a server-side framework for REST web services, so I decided to contact Heiko Braun, our representative on this specification. I got a copy of the latest draft and dived in. Sometimes the rules of the JCP prevent you from talking about a specification publicly (please correct me if I’m wrong), so I wasn’t sure I could blog about this specification. But, since Brian Leonard has blogged about 311, then I guess I can too.
I don’t want to get into too much detail on 311. Instead please read Brian’s blog and follow the additional links he provides. 311 does seem like it is just standardizing the REST framework Sun has already written. I will though provide example code so that I can reference it later in this blog.
public class Shopping {
@HttpMethod("GET")
@UriTemplate("/shopping/orders")
@ProduceMime("text/xml")
public String getAllOrders(@QueryParam("expand") boolean expand) {...}
@HttpMethod("POST")
@UriTemplate("/shopping/orders")
@ConsumeMime("text/xml")
public String buy(Document order) {...}
@HttpMethod("GET")
@UriTemplate("/shopping/orders/{id}")
@ProduceMime("text/xml")
public String getOrder(@UriParam("id") int orderNum) {...}
@HttpMethod("DELETE")
@UriTemplate("/shopping/orders/{id}")
public void deleteOrder(@UriParam("id") int orderNum) {...}
}
The spec allows you to map http header entries, query parameters, and individual elements within a URI to a method invocation and its parameters and return types. You can also specify what MIME types a method produces and consumes. The spec also provides you with the ability to define factories that can map representations to and from Java objects.
Change suggestions
After reading the specification and browing the Sun REST framework documentation, I have a few suggestions I’d like to make to JSR 311.
Remove magic methods
It seems like @HttpMethod can be placed without a http method identifier on a Java method and the HTTP method type inferred through the Java method name.
@HttpMethod String getOrders()
In this example, HTTP GET would be used because getOrders() begins with the string ‘get’. I never liked the idea of magic method names. They are too fragile and IMO, just bad programming practice. Instead let’s……..
Annotation refactoring of @HttpMethod
Annotation frameworks should be as tiny and concise as possible. Avoid verbosity at all costs. I’d like to see @HttpMethod replace with a more concrete set of http annotations with the additional ability of being able to define a uri template embedded within these applications. So, instead of @javax.ws.rest.HttpMethod (or whatever the package name will be), let’s instead have individual Get, Put, Post, Delete, and Options annotations under the package @javax.ws.rest.httpmethod:
public @interface Get {
String value() default "";
}
The value() of Get, Post, Delete, etc. would be an optional uri template. So, instead of the verbose:
@HttpMethod("GET")
@UriTemplate("/shopping/orders/{id}")
@ProduceMime("text/xml")
public String getOrder(@UriParam("id") int orderNum) {...}
We would get:
@Get("/shopping/orders/{id}")
@ProduceMime("text/xml")
public String getOrder(@UriParam("id") int orderNum) {...}
Reduces one line of typing and also, IMO, makes things easier to read.
Allow annotations on an interface instead
RESTful classes should be allowed to declare their REST annotations on the methods of an interface instead of on the class methods. IMO, this is a better way of isolating the published interface of a service. Doing so would also allow the EJB specification to adopt REST and be able to publish remote, local, and restful interfaces to the outside world. Another interesting side affect of this is….
How about a client side framework?
Another interesting side affect of being able to apply REST annotations to an interface is that this interface could be re-used by a client-side framework to generate a proxy that could invoke on REST web services. The client-side programmer could use the same annotations to describe many REST web services that may or may not be using the server-side implementation of 311 or even Java at all! Doesn’t seem like much more effort to define this client-side API.
@Location annotation?
One common pattern I’ve seen in the REST articles and books I have read is that when you have a service method that creates a new object or queries for an existing object, and Location header should be sent back to the client containing the URI the resource is locatable. The 311 spec seems to support this by allowing the user to return a spec-define Response class. What if instead, we provided the ability to map a return value to a Location header?
@Post("/shopping/orders")
@Location("/shopping/orders/{$r}")
public int buy(Document order) {...}
The $r would represent the string representation of the returned value of the buy() method. The client would receive an empty response with a Location header pointing to the new resource created by the buy() method. We could get even funkier in the @Location annotation and allow Unified EL expressions.
@Post("/shopping/orders")
@Location("/shopping/orders/{$r.getId()}")
public Order buy(Document order) {...}
This kind of flexibility could allow one object to be used both RESTfully and locally.
Security?
Another thing I see missing is security hooks. For instance, how about an annotation specifiying whether the resource should be accessed over HTTPS or not? How about an annotation that allows you to plug in an authentication mechanism? IMO, 311 shouldn’t be diving into defining security protocols, but should at least think about providing metadata that allows you to plug in your own implementation. Then again, maybe authentication is best left to being implemented in servlet filters. I don’t know…
XML Descriptor?
There are some bigots out there that despise annotations. An XML descriptor should be created that can define this type of metadata. It should follow the style of other EE components so that we can do things like integrating JAX-RS with EJB.
EJB bridge
The 311 specification does talk about how JAX-RS interacts in a servlet environment. I’d also like to see some work done so that EJBs can become restful as well. This will probably require some work around define lifecycle and creating an annotation like @Restful to ping the container that it needs to perform restful bindings. This would also require work with the EJB 3.1 JSR to expose JAX-RS XML descriptors within EJB 3.1. Red hat would be happy to drive this in the EJB 3.1 expert group.
More to come
I’m seriously thinking about implementing 311 with the changes I’ve suggested here and integrating it with our EJB3 implementation. Hopefully I have the time. Maybe somebody in the community would be interested? I’d be happy to help as long as the individual showed initiative and ability to work on their own. I’ll also talk to Heiko more on what he thinks should be massaged in the specification and blog about them here.
Bill the Plumber 
Oct 02, 2007 @ 04:59:39
Great analysis. The spec sounds promising, and I think your recommendations are spot on. It would be a mistake for the EG not to have JavaEE considerations in mind from the beginning. Being able to map URIs directly to EJB methods or fill in URI values with EL would be exceptionally cool.
Also, how about these:
– A @UriTemplate defined at the class level, so I can map the services to a “base” URL in one place. The @UriTemplate at the method level would be appended to the class-level value (unless the “complete” attribute was true?).
– A @UriTemplates annotation to map the same component or method to multiple URIs.
– Optional JAXB bindings for params and return values. Working with Documents and raw XML strings is UUU-gly!
– Eric
Oct 02, 2007 @ 12:04:24
Eric:
* @UriTemplate is definable at class level
* @UriTemplates sounds good. I’ll ping Heiko
* Pretty sure JAXB bindings are there too. There are provider plugins and XML is one of them.
Sorry I didn’t go in deeper. I’m pretty sure the links I provided here should give a lot more detail on the spec. I just wanted to focus on specific things I want to add.
Oct 11, 2007 @ 01:02:22
This feedback is really great. I love the @Location idea! It’s a very elegant way of declaring a redirect response when creating a new resource. Awesome!
In regards to the @Get, @Post, @Delete, @Put annotations: the idea is great but it could also be limiting as well. The idea behind the @HttpMethod is that allows an implementation to use lesser used HTTP methods as well as those from the WebDAV spec. Therefore, one could do:
@HttpMethod("MKCOL")
@UriTemplate("/shopping/orders/{id}")
public void buy(Orders orders) {...}
If we went the annotation approach, we’d need to define an annotation for every possible method. An hybrid approach could be:
@UriTemplate("MKCOL","/shopping/orders/{id}")
public void buy(Orders orders) {...}
But then it looses some of the readability.
Eric:
JAX-RS does work quite nicely with JAXB. In fact, the spec mandates that a provider must include a JAXB Element Entity Provider. So you are not limited to working with raw Documents. Otherwise, this would suck š
Oct 11, 2007 @ 01:15:30
Ryan, so define an annotation for each webdav and http method:
javax.ws.rest.httpmethod.@Get, etc….
javax.ws.rest.webdevmethod.@Whatever
Then what you have is typesafe and the compiler can catch typos rather than waiting for deployment or runtime to find the problem. Its also great for IDE’s autocompletion as well. Have @HttpMethod as a fallback just in case new methods are added in the future maybe, i don’t know.
No, I don’t like the @UriTemplate(“MKCOL”, “/shopping/orders/{ID}”) syntax either.
DamnHandy : » The potential of a JAX-RS client API
Oct 11, 2007 @ 13:10:17
Oct 13, 2007 @ 17:55:33
Hi Bill. I presume you have already provided your feedback to the JSR-311 EG through Heiko, but, if not, I’d encourage you to also use that channel, in addition to this blog; I know that Marc and Paul are trying very hard to run a public Expert Group.
Re: the relationship between the implementation (Jersey, at http://jersey.dev.java.net) and the Specification, the implementation follows the specification, but it also helps try things out and ensure the specification is implementable and useful. But definitively, the specification drives the implementation, not the other way.
– eduard/o
Client driven business activity « Angry Bill
Oct 15, 2007 @ 19:29:56
The rise of meta-annotations « Angry Bill
Oct 22, 2007 @ 11:58:51
Oct 25, 2007 @ 17:36:00
Bill,
I really like your analysis and suggestions but there are few code smells that remain for me. Perhaps you simply haven’t covered all these things.
1) Formatting – It seems to me that the annotations assign specific output and input mime types. This breaks the model of separating presentation from behaviour that we get from MVC, doesn’t it? Why should my code care if the client wants XML or JSON or HTML or PDF for that matter? Same with incoming data. It seems to me that what is needed is some standard facility to take incoming data (either as JSON, XML or HTTP parameters (get & post) and convert it into some standard structure that can be consumed by my methods. In addition, I should be able to assign some set of views to the output of my method to the format required by the client. Rails does an excellent job of this.
2) Verbs – As Ryan pointed out, its necessary to be able to handle arbitrary verbs to do new things. In addition, browsers are not RESTful clients since users can only create POST and GET requests, some standard facility for “faking” PUT and DELETE with a POST will be useful. Yes, I know that you can do PUT and DELETE using AJAX; that only means that XMLHTTPRequest is a restful client. Perhaps I should say HTML User Agents.
3) Adjectives – Often its beneficial to supply an adjective to the request. For example, normally I’d POST to /blogs/123/posts/12210/comments to create a new comment. However if I want to get a preview of my comment then I’ve seen it suggested that I want to post to /blogs/123/posts/12210/comments;preview. That is create a real, but temporary, comment and return it. Another example is if I’m making requests from a browser for HTML. If I ask for /blogs/123/posts/12210 then I get the post, but if I want to edit it, I’m stuck, unless I can ask for /blogs/123/posts/12210;edit.
4) Pluralization – Personally I think that you should GET from /blogs for a list of blogs and /blog/123 for a specific blog.
Oct 26, 2007 @ 09:29:44
Start Raving…
1) The specification has “Entity Providers” which allow you to encapsulate the mapping between objects and the wire format. Please travel the links I provided in the blog for more information. As far as your “separation” concern, I don’t think its a big deal. If you want the decoupling just have your Restful webservice delegate to a POJO, EJB, or Spring bean. Also, the separation is another reason I want to be able to restfully annotation interfaces instead of just the bean class. IN EJB I always saw the interface as the view you wanted to publish over a particular protocol.
2-4) Thanks for the suggestions. I’m a total REST noob, have never written a RESTful application, so its good to hear best practices and such.
Dec 01, 2007 @ 17:26:06
We should be able to use JAX-RS with EJB 3.1 components and WebBean components too
Sep 08, 2008 @ 20:12:15
Bill,
Since I’m having trouble reaching you via email, I figured I’ll try this route instead. I’m not sure whether you know this or not, but neither Sun spec leads of JSR 311 (Marc Hadley, Paul Sandoz) have any interest in integrating JAX-RS with EJB 3.1, despite a lengthy debate with me as to why this is a sound idea. Instead, they appear to be forwarding Spring/JAX-RS integration!
I have a feeling somehow that the EJB 3.1 EG/spec lead is equally sedate :-).
Can you/the Red Hat reps in the EJB 3.1/JAX-RS EGs kindly give me a hand?
Thanks in advance,
Reza