Modeling operations in REST

March 25, 2010

billburke REST 23 Comments

A Red Hat Colleague of mine, Bryan Kearney,  recently solicited my advice about a RESTful interface his team was creating for an entitlement system being used for our products.  Here’s what he wrote to me:

The project is called Candlepin, and it is an entitlement engine. You can see it at https://fedorahosted.org/candlepin/ and the code at http://git.fedorahosted.org/git/candlepin.git/. We are using RESTEasy as the engine, and I would say our API is at gen 2. We are no longer doing too much RPC style calls.. but are not yet doing a HATEOAS API.

Our current quandry is around how to model state trnasitions on resources. We have seen a couple of possible approaches, and none leaps out as a best practice yet.

Asssume I have a Consumer who has entitlements. The entitlement resource is really the relationship between the consumer and a product they have purchases. Today, we model this as:

GET /consumers (Gets all)
GET /consumers/{UUID} (Gets a Consumer)
GET /consumers/UID/entitlements (Gets the entitlements for a consumer)
GET /entitlements?consumer={UUID} (Gets the entitlements for a consumer)

if we terminate a consumer, we want to terminate all his entitlements. We also think that we will not want to delete objects from the DB, and instead just filter out the terminated.

Approach 1
———-
First approach is to PUT /consumers/{UUID} the full consumer object with a new state. The method would then look for state changes and do the needful. This seems the most Hateoas-ey

Approach 2
———-
Since we know we wont want to delete objects, we could hijack

DEL /consumers/{uuid}

And not really delete, just terminate. This seems kinda hackey.

Approach 3
———–
Approach 3 would create “action” links. We would therefore support

POST /consumers/{uuid}/terminate

and do the termination logic there. This would mean that the POST to /consumers/{uuid} would be pure object update only. This seems very RPCish

Approach 4
———–
The final one would be to support both

/consumers/
and
/inactiveconsumers/

So.. a

DEL /consumers/{uuid}

would allow me to now do a

GET /inactiveconsumers/{uuid}

We had a bit of an email exchange, but here’s the advice I gave him summarized.

Have your clients consume links, not a URI scheme

Modelling URI schemes is an implementation detail.  You need to do it when designing your application and then finally implementing it because the URI scheme of your restful web services has a huge affect on how they work.

BUT, URIs are an implementation detail of your restful web services.  URIs should be almost completely opaque to your clients.  Instead only one top-level resource’s URI should be published to the outside world.  Representations of this root URI should have links (or link headers) embedded within them to publish other entry points into your suite of web services.  Why is this important?

  1. Location Transparency.  Lets give an analogy.  If you were writing a CORBA, Java RMI, or SOAP based application, would you publish each and every endpoint to the client?  No, you would not.  You would use a Naming service or UDDI to register a logical name for your endpoints.  A client would go to this naming service to obtain the location of your object/service.  Another analogy is, how do you interact with your browser?  You read an HTML page and click on a word that is underlined as a link to go to a new document.  You don’t cut and paste the actual URL in your browser window to go to another page.  The same thing should happen with your web services.
  2. Clients become immune to URI scheme refactorings. Over time as your services evolve, you may want to change how the URI schemes are modeled and defined.  If your clients are using a harded coded URI scheme and you change it, you’ve broken all clients that are using the older scheme.  Links protect clients from refactorings and allow server developers the freedom to refactor to their hearts desire.

Avoid changing the meaning of an HTTP verb: specifically DELETE

I would like to preface this with I used to think the approach Bryan preferred was the best approach.  His preferred approach was to have DELETE change the state of a consumer to make it inactive.  IMO, this is changing the meaning of delete.  Instead of removing a resource, which is what DELETE was designed to do, DELETE (in his example) is actually changing the state of a resource.  This is bad, IMO.  So what approach did I recommend from his list?  Approach 3.

Use links to model operations (Approach 3)

I prefer Approach3.  While it smelled RPCish to Bryan, IMO, it is not, if you model it correctly using link relationships.  For example:

GET /consumers/{UUID}
would return.

<consumer id="333">
   <name>Bill</name>
   ...
   <atom:link rel="terminate" href="/consumers/333/terminate"/>
</consumer>

The href here is *IRRELEVANT*.  URI’s should be opaque to the client (just as they are opaque when a human surfs the web through a browser).

Think of a link almost as a form.  When you get the representation of the consumer, the atom:link elements act like forms.  They tell client of possible state transitions, what representational information is expected, and what URL to post the representation too.

Having terminate as a link gives you a lot of flexibility.  1st iteration of the link might be an empty POST.  2nd iteration you might want simple form parameters to specify the parameters of the termination.   3rd iteration you might define a actual media type for termination.  Because termination is now a resource you can store this type of information there and link it within your consumer representation.

Another interesting thing that can be done is to publish (or not publish) different links based on the state of the resource.  For example, if a consumer in Bryan’s service has been terminated, a GET of that consumer resource might publish a “reinstate” link and remove the “terminate” link.

But isn’t this RPCish? No, it is not.  Why?  Well, think how you would implement something like this through an HTML/browser-based UI.  How would you model terminate in this situation?  From the consumer HTML page you would either have a link that brought you to a page with a HTML Form you had to fill out to terminate the consumer, or, the consumer HTML page would have a mini form that terminated the consumer.  In each case, the form would point to a specific URI that handled the state transition.

There’s some other interesting aspects that came out of my dialogue with Bryan, but I’ll save those for another blog.  Thoughts?  Do you think it is ok to model operations as links?


Webinar on REST, RESTEasy, JBoss – March 23rd

March 23, 2010

billburke JAX-RS, jboss, REST, REST-star, RESTEasy Leave a comment

I’m doing a webinar tomorrow on REST, JAX-RS, RESTEasy, and REST-*.  I only have 40 minutes, so it will be a brief overview of all those subjects and how they fit into our EAP product.  I’ll be giving it twice:

9am – EST

2pm – EST

For more information, click here

REST-* Messaging Draft 5: new post and subscribe patterns

March 4, 2010

billburke REST, REST-star 1 Comment

I’ve made some small changes to REST-* Message Draft 5.  First is to the reliable posting of messages to a message destination.  The second is to the push model default subscription creation method.

New post-message-once protocol

Previously, the post-message-once link used the POE pattern to avoid duplicate message posting.  I asked around and it seems that the POE pattern isn’t used a lot in practice.  I’m glad because it kinda breaks the uniform interface (unsafe GET) and isn’t really consistent with the other protocols I defined.  It is also very inefficient as you have to make two round trips to post each message.  Nathan Winder, on the reststar-messaging list suggested using a one-off link generated with each message post.  Here’s how it looks:

The post-message-once link URL provided by this link is not used to actually create a message, but rather to obtain a new, one-off, URL. An empty POST should be executed on the post-message-once link. The response provides a new “create-next” link which the client can then post their message to. The link is a “one-off” URL. What that means is that is that if the client re-posts the message to the create-next URL it will receive a 405 error response if the message has already successfully been posted to that URL. If the client receives a successful response or a 405 response, there should be a Link header returned containing a new “create-next” link that the client can post new messages to. Continuously providing a “create-next” link allows the client to avoid making two round-trip requests each and every time it wants to post a message to the destination resource. It is up to the server on whether the create-next URL is a permanent URL for the created message. If it is not permanent, the server should return a Content-Location header to the message.

post-message-once example

  1. Query the destination root resource for links.Request: 
    HEAD /topics/mytopic HTTP/1.1
Host: example.com

    Response:

    HTTP/1.1 200 OK
Link: <...>; rel="post-message",
      <...>; rel="post-batch",
      <http://example.com/topics/mytopic/messages>; rel="post-message-once",
      <...>; rel="message-factory"
  2. Client performs a POST request to the post-message-once Link to obtain a create-next link.Request: 
    POST /topics/mytopic/messages
Host: example.com

    Response:

    HTTP/1.1 200 OK
Link: <http://example.com/topics/mytopic/messages/111>; rel="create-next"
  3. Client POSTs message to create-next LinkRequest: 
    POST /topics/mytopic/messages/111
Host: example.com
Content-Type: application/json

{'something' : 'abitrary'}

    Response:

    HTTP/1.1 200 Ok
Link: <http://example.com/topics/mytopic/messages/112>; rel="create-next"

Change to push model subscription

I also added a minor change to the push model’s subscriber registration protocol.  In the previous version of the spec, the client would post form parameters to a subscribers URL on the server.  The form parameter would define a URL to forward messages to and whether or not to use the POE protocol to post this message.  I changed this to simple require the client to post an Atom Link.  Since links define protocol semantics, the server can look at the link relationship registered to know how to interact with the subscriber when forwarding messages.  So, if the client registers a post-message-once link when it creates its subscription, the server knows how to interact with the link.  This gives the client and server a lot of simple flexibility in describing how messages should be forwarded.  For example:

This example shows the creation of a subscription and the receiving of a message by the subscriber.

  1. Client consumer queries topic resource for subscribers link.
    Request:

    HEAD /mytopic
Host: example.com

    Response:

    HTTP/1.1 200 OK
Link: <http://example.com/mytopic/subscribers, rel=subscribers, type=application/atom+xml
      ...
  2. Client does POST-Created-Location pattern to create subscriber
    Request:

    POST /mytopic/subscribers
Host: example.com
Content-Type: applicatin/atom+xml

<atom:link rel="post-message-once" href="http://foo.com/messages"/>

    Response:

    HTTP/1.1 201 Created
Location: /mytopic/subscribers/333
  3. A message comes in, the message service does a POST to this subscriber based on the interaction pattern described for post-message-once
    Request:

    POST /messages
Host: foo.com

    Response:

    HTTP/1.1 200 OK
Link: <http://foo.com/messages/624>; rel=create-next

    Request:

    POST /messages/624
Host: foo.com
Link: <http://example.com/mytopic/messages/111>; rel=self,
      <http://example.com/mytopic>; rel=generator
Content-Type: whatever

body whateve

Mapping response on client side

February 19, 2010

billburke java, JAX-RS, jboss, REST, RESTEasy 8 Comments

I’ve been prototyping a bit lately for the REST-* effort, specifically for BPM.  I rely heavily on Link headers to pass links around.  RESTEasy has become pretty decent at handling links on the client side.  Here’s an example of client request/responses and link following via link headers:

      InputStream jpdl = Thread.currentThread().getContextClassLoader().getResourceAsStream(file);
      ApacheHttpClientExecutor executor = new ApacheHttpClientExecutor();

      ClientRequest request = executor.createRequest("http://localhost:8081/bpm/definitions");
      request.body(mediaType, jpdl);
      Link definition = request.create();
      Assert.assertNotNull(definition);
      ClientResponse response = null;

      response = definition.request().head();
      Assert.assertEquals(200, response.getStatus());
      Link instanceFactory = response.getLinkHeader().getLinkByTitle("instances");

      MultipartFormDataOutput form = new MultipartFormDataOutput();
      form.addFormData("order", "$199.99", MediaType.APPLICATION_XML_TYPE);
      response = instanceFactory.request()
              .body(MediaType.MULTIPART_FORM_DATA_TYPE, form)
              .post();
      Assert.assertEquals(201, response.getStatus());
      System.out.println(response.getLinkHeader().toString());
      Link instance = response.getLocation();
      Assert.assertNotNull(instance);

      Link next = response.getLinkHeader().getLinkByTitle("continue");
      Assert.assertNotNull(next);

      Link variables = response.getLinkHeader().getLinkByTitle("variables");
      Link newVariables = response.getLinkHeader().getLinkByTitle("variable-template");

      response = variables.request().head();
      Assert.assertEquals(200, response.getStatus());
      System.out.println(response.getLinkHeader().toString());
      Link order = response.getLinkHeader().getLinkByTitle("order");
      String xml = order.request().getTarget(String.class);
      request = newVariables.request();
      response = request.pathParameter("var", "customer")
             .body(MediaType.APPLICATION_XML_TYPE, "bill")
              .put();
      Assert.assertEquals(201, response.getStatus());
      response = request.pathParameter("var", "customer")
             .body(MediaType.APPLICATION_XML_TYPE, "bill burke")
              .put();
      Assert.assertEquals(204, response.getStatus());

      response = next.request().post();
      Assert.assertEquals(204, response.getStatus());

The thing about this code, it is a little hard to read.  Because HTTP is being treated like a messaging API, the code is a conglomeration of simple API calls.  The RESTEasy client proxy framework provides a nice way to map Java method calls to HTTP requests.  It also allows you to map automatically, a response body to a Java object.  Unfortunately though, this doesn’t work that well for my usecases.  Because I’m relying a lot on Link headers to pass information around in REST-*, I need something that can represent an HTTP response as a whole in a nice way.

A POJO Response Mapping

So, I thought, why not define (or reuse JAX-RS annotations) to map an HTTP response to a Java POJO?  It would kind of be the opposite of the RESTEasy @Form feature (where form maps an incoming request to a POJO).  It could look something like this:

@ResponseMapping
@ExpectedCode(200)
public interface MyResponse {

   @Body
   public Customer getCustomer();

   @LinkHeader
   public Link getNext();

   @LinkHeader("last")
   public Link getLastCustomer();

   @Header("ETag")
   public String getHash();

}

In this example, the client code would be expecting a response code of 200 (OK), a message body converted to a Customer object, a Link header named “next”, and a HTTP response header “ETag”. Using the RESTEasy proxy framework, you could then return this as a method return value, i.e.

@Path("/customers")
public interface CustomerClient {

   @Path("{id}")
   @Produces("application/xml")
   public MyResponse getCustomer(@PathParam("id") int custId);
}

What about errors?

For responses where the response code does not match, you could define similar mappings on an exception class.

@ResponseMapping
@ExpectedCode(404)
public class NotFoundException extends RuntimeException {}

You’d integrate it with the RESTEasy proxy framework by putting it within the throws clause.

@Path("/customers")
public interface CustomerClient {

   @Path("{id}")
   @Produces("application/xml")
   public MyResponse getCustomer(@PathParam("id") int custId) throws NotFoundException;
}

What do you think?
Maybe I’m going a little overboard here. Maybe not? I don’t know. Let me know what you think.

Speaking at new Boston JBoss User Group 2/9

February 2, 2010

billburke JAX-RS, jboss, REST, REST-star Leave a comment

Jesper Pederson has created a Boston JBoss User Group.  Our first meeting is next Tuesday, February 9th.  I’m the first speaker and will be giving an intro to REST, JAX-RS, and, if I have time, some of the stuff that we’re doing at REST-* (rest-star.org).  Please click here for more details.

Speaking in DC on REST, JAX-RS, and REST-*

January 8, 2010

billburke JAX-RS, REST Leave a comment

I’ll be speaking for NOVAJUG in WashingtonDC on Wednesday, January 20th 6:30pm-9:00pm. You can sign up for the event here.

The presentation will be about REST, JAX-RS, and REST-* specifically I will provide a short introduction to REST along with an explanation of the JAX-RS specification and how you can build RESTful web services with it. I will then get into how REST intersects with middleware services like messaging, transactions, and workflow.  Hope to see you there!

Possible POE support in Resteasy

December 3, 2009

billburke JAX-RS, REST, RESTEasy Leave a comment

I was thinking about some POE support for Resteasy.  On the client side add a poe() set of methods on ClientRequest and a @POE annotation for the Proxy framework.  I.e.

ClienRequest request = ...;
request.body("<stuff/>", "appliation/xml");
ClientResponse response = request.poe();

@Path("/")
public interface MyService {
   @POE
   @Consumes("application/xml")
   public void poeIt(Data data);
}

The way they’d both work is a HEAD to the base URL would be sent to get the POE-Link, then a POST to the POE-Link would be done using the message body.  A Retry-like exception would be thrown if the POST fails.  For the serverside it could look something like this:

@Path("/foo/{sub}/{id}")
@POE
public void poeIt(@PathParam("sub") String subpath, @PathParam("id") @PoeGenerated int id) {...}

@PathParam combined with @PoeGenerated is an automatically uniquely generated id.  So, the user would invoke on /foo/{sub} and get back a POE link of /foo/{sub}/{id}.  i.e.

HEAD /foo/stuff

HTTP/1.1 200 OK
POE: 1
POE-Link: /foo/stuff/3333

Thoughts?

RESTEasy 1.2.1 Released

November 23, 2009

billburke JAX-RS, REST, RESTEasy Leave a comment

Minor bug fix release.  Also, had to remove one of the referenced maven repositories because it was screwing up the build.

“rel” name requirement overloaded

November 19, 2009

billburke REST 2 Comments

The Atom link element and the Link header name their links using the “rel” attribute.  There is a requirement in the Atom Syndication Format and Link header RFCs that states that if the relationship is not registered with IANA, that you must use a IRI instead of a simple name.  Maybe I’m misinterpreting things, but it seems that this IRI must point to an actual resource that describes the link relationship.  IMO, this will make using links awkward as REST permeates into the application development space.  Why?  Applications will define new links.  It would be rather silly for each application to register themselves at IANA for every link they define.  So, they are stuck putting in an IRI that may change over time.  Clients that consume resources will be looking for specific relationships to do their processing.  The Link header specification, I think, tries to mitigate this problem by introducing a “title” attribute.  Which, still will be weird, because clients will be looking up “rel” or “title” attributes depending on what link relationships that want to traverse.  Seems very inconsistent to me.

What I wish they had done (or would do) is define a “relref” that is an optional URL to the description of the non-standard link relationship.  That way the rel attribute remains simple and not overloaded.

If I’m misinterpreting things, apologies.  But thats what I seem to read and what I see in examples.

Overview of REST-* Messaging Draft 4

November 19, 2009

billburke REST, REST-star 2 Comments

Just finished draft 4 of REST-* Messaging.  Please check our our discussion group if you want to talk more about it.  Here’s a list of resources and their corresponding relationships for a high level overview.  See the spec for more details.  It relies heavily on Link headers.  The current draft shows a lot of example HTTP request/responses to give you a good idea of what is going on.

Destination

A queue or a topic resource.

Relationships:

  • post-message – link to POST/create a message to a queue or topic.  This can be
  • post-message-once – link to POST/create a message to a queue or topic using the POST-Once-Exactlly (POE) pattern
  • post-batch – POST/create a batch of messages using Atom or Multipart
  • post-batch-once – POST/create a batch using the POE pattern.

Message

Every message posted creates a message resource that can be viewed for adminstration, auditing, monitoring, or usage.

Links Relationships:

  • reply-to.  Destination that you can reply to
  • reply-to-once.  Destination that you can reply to once using the POST-Only-Once pattern
  • reply-to-batch. Destination that you can reply with a batch of messages
  • reply-to-batch-once.  Batch using POE.
  • next.  If pulling from a topic, messages will have this link.  This is the next message after this one.
  • acknowledgement.  If pulling from a queue, this link allows you to change the state of the message to acknowleged or not.
  • generator. Destination that the message came from

Topic

Has the same links as Destination with these added:

Link Relationships:

  • next.  GET the next incoming message.  Clients should use the Accept-Wait header to set a blocking timeout (see later).
  • last.  Last posted message to the topic
  • first.  First message posted to topic, or, the first message that is still around.
  • subscribers. URL that allows you to view (GET) or create/register (POST) a list of URLs to forward messages to.

Queue

Same as Destination, but these additional link relationships:

Link Relationships:

  • poller.  Alias to the next available message in the queue.  Returns a message representation along with a Content-Location header pointing to the real one.  a POST is required to access this because the state of the queue is changed.
  • subscribers.  Same as topic push model.


Older Entries Newer Entries