Resteasy JAX-RS Beta 3 Released

May 5, 2008

billburke java, REST, spam, Webservices 1 Comment

This is the thrid release of JBoss’s JSR-311, JAX-RS, Restful Web Services implementation. Nothing special in this release, just a lot of bug fixes the community found as well as more spec-feature complete. We have some more things coming down the pipe in the next month, so stay tuned!

Links to where to download, post user questions, and our documentation are all available on our WIKI.

Release Notes – Resteasy – Version Beta3

Bug

  • [RESTEASY-25] – mime property types ignored when matching resource methods to requests
  • [RESTEASY-26] – MessageBodyWriter matching should use the entity class, not the method’s reflected return type.
  • [RESTEASY-27] – Resource Locators should be dynamically processed

Task

  • [RESTEASY-6] – Implement all methods with decode parameter within UriInfo
  • [RESTEASY-20] – Suport for @Path.limited

Resteasy JAX-RS 1.0 Beta 2 Released!

April 7, 2008

billburke java, JAX-RS, opensource, REST, Webservices 2 Comments

I finally got around to creating a new release for the next rev of our JAX-RS, Java RESTful Web Services, implementation. This release targets the 0.7 release of the JAX-RS specification. There’s a still a few features I haven’t implemented yet, but hope to get them out soon as the spec starts to solidify. Especially new in this release is a new embeddable container so you can run things within junit tests, or just serve up a small restful web service from your classpath. We’ve been using this embeddable container to unit test our implementation and finally made it available to the masses.

Check out our project page or download the new release.

Release Notes – Resteasy – Version Beta2

Bug

  • [RESTEASY-1] – DefaultPlainText.MessageBodyWriter should not write anything (arrays especially)
  • [RESTEASY-2] – If Response has set Content-Type, then that content type should be used
  • [RESTEASY-9] – Subresources erroneously considered as root resources
  • [RESTEASY-17] – Spec mandates supporting MultivaluedMap for form-urlencoded media types
  • [RESTEASY-18] – @QueryParam should not return x-www-form-urlencoded parameters
  • [RESTEASY-24] – WebApplicationException and http status codes

Feature Request

Task

  • [RESTEASY-4] – Implement variants
  • [RESTEASY-13] – Support @Context field injection
  • [RESTEASY-14] – Support @Context injeciton of HttpServletRequest/Response
  • [RESTEASY-16] – Support injection of javax.ws.rs.core.SecurityContext
  • [RESTEASY-19] – Support for StreamingOutput
  • [RESTEASY-23] – Integration test for SecurityContext

Addressing doubts on REST

March 22, 2008

billburke REST, Webservices 2 Comments

A great article by Stefan Tilkov on Addressing doubts on REST.  This and his previous article are a must read for any REST noob.  I wish I had them available when I was researching REST almost a year ago.

RESTFul XML content negotiation

March 5, 2008

billburke REST, Webservices 5 Comments

I’ve been playing around a little bit with the idea of creating a RESTFul MOM/ESB where the client requests a specific format and the server transforms the content if it can. For an ESB, this usecase would normally turn up for various XML-based messages and documents. The client would request an XML document of a certain schema and the ESB would return that format, performing a transformation if applicable.

For a RESTFul ESB, I’d want to use HTTP content negotiation. The problem is, AFAIK, there is no standard MIME type, other than “application/xml”, that allows you to specify an XML format with schema information. Being a REST noob, I emailed my friend Steve, a REST enthusiast, and asked him if it would be ok to embed schema information into the media type. My first thought was the media type would be:

application/myschema+xml

Steve’s response was you can’t just make up a MIME type on your own and expect it to work well on the Internet without registering it. At first I thought, what’s the big freakin deal? But then I realized, what if you want to point your browser to a message in a remote RESTFul queue and just view its content? If you use “application/myschema+xml” your browser ain’t gonna understand it.

So, I decided to do a search on “decentralized mime types” and came across a few blogs from Stefan Tilkov, Dan Diephouse, and James Strachan. Here’s a summary (sorry if I left out anything)

Use AtomPub

One idea was to use AtomPub . I don’t like this idea at all. One, I just want to send a bloody XML document! KISS baby KISS! Second, if I’m going to use an envelope format, why not just use SOAP and WS-*? (no thanks). This, IMO, sort of defeats one of the general principles of REST.

Define a new decentralized MIME type

The idea would be to define a decentralized MIME type like this:

application/data-format;uri=http://mediatypes.example.com/foo/bar

The uri would point to something like an RDDL document that defined the real format. Beyond KISS, what I don’t like about this approach is that again, I have no way of pointing my browser (or some other generic client) at the resource and just viewing it.

Use MIME properties

I saved the best for last. The final idea was to embed format information within MIME properties:

application/xml; schema="http:/..."

application/octet-stream; data-format=java

Use a registered MIME type, but append extra format information as a MIME property. I did a test on this with Firefox and Safari and it doesn’t screw up the viewing. So for me, MIME properties it is! I would be interested in links to other thoughts on this.

Resteasy Project: JAX-RS Restful Web Services implementation

February 25, 2008

billburke java, jboss, REST, Webservices 12 Comments

I’m pleased to announce the first beta release of the JBoss Resteasy JAX-RS implementation!

After about 4 months of on and off development, I finally have a working version of the new JSR-311, JAX-RS specification. For those of you who don’t know, JSR-311 is a RESTFul Web Services implementation for Java and is slated to be included within Java EE 6. The spec is still a bit of a moving target, but its still pretty useful. Let me know what you think!

Features:

  • JAX-RS implementation (almost full, still have a few minor things here and there)
  • Portable to any app-server/Tomcat that runs on JDK 5 or higher
  • EJB 3.0 and Spring integration
  • Client framework to make writing HTTP clients easy (JAX-RS only define server bindings)

Where can I find out more?

All information, including where to download it, is available on our Resteasy WIKI.

Is JAX-RS (Restful Java) just another IDL?

January 21, 2008

billburke java, JAX-RS, REST, Webservices 3 Comments

I was reading a bit of Steve Vinoski’s blog on how some think REST requires a definition language like WSDL or IDL. He first mentions it within Serendipitous Reuse, and further expands on it in the blogs Lying Through Their Teeth: Easy vs. Simple, IDL vs. Human Documentation and More REST and IDL. If you are a REST fan or detractor these blogs as well as the blogs they link to are a good read and gets you thinking about things.

I’ve been implementing JAX-RS, JSR-311, off and on the past few months. Vinoski’s blogs made me think, is JSR-311 just another definition language? The language being Java + JAX-RS anotations? Maybe I’m dwelling over the obvious here, but let’s do the exercise anyways…

Vinoski paraphrases Ryan Tomayko on what might be the erroneous use of a RESTful definition language:

Among other things, Ryan touches on one of the favorite assertions of the REST detractors, which is that REST can’t be effective without an interface/service/resource definition language. After all, without such a language, how can you generate code, which in turn will ease the development of the distributed system by making it all look like a local system? Not surprisingly, the first comment on Ryan’s blog entry is exactly along these lines.

First of all, I don’t think JAX-RS is trying to make a distributed system look like a local one. Yes, its trying to remove a lot of boilerplate code. Yes, using JAX-RS could turn a POJO into a distributed RESTful resource.

public class BookStore {
    @GET @Path("/books/{id}")
    @ProduceMime("application/json")
    public String getBook(@PathParam("id") int id) {
         ... return a json representation of the Book
    }
}

JAX-RS does have some characteristics of a definition language. From the @GET and @Path annotations, you can determine how the resource is going to be invoked on. But, IMO though, it is more of a mapping language than a definition language. Its mapping a URI and http request/response to the invocation of a Java method. Its not trying to make our distributed system look like a local system.

Now, what about the idea I had of providing a client framework using JAX-RS annotations?

public interface BookStore {
    @GET @Path("/books/{id}")
    @ProduceMime("application/json")
    public String getBook(@PathParam("id") int id);
}

The idea here would be you generate a RESTful client proxy from a JAX-RS annotated interface that you could invoke on without writing http client code. Are we blurring the lines here? Are we hiding too much the fact that our BookStore is a remote distributed service? I’ll leave that up to you to decide…

Do we need complex restful content negotiation?

November 30, 2007

billburke REST, Webservices 3 Comments

A couple of weeks ago I finally got down to implementing the JSR-311 Restful web services specification I talked about in a previous blog.  In reading the JSR mail list and looking into HTTP content negotiation, a few questions popped up in regards to the programmatic web.

  • Why would a client ever send more than one Accept header?
  • Why would a client or server ever produce or consume wildcard content types?  i.e. “text/*” or even “*/*”?

I know in theory that the idea is that an application can dynamically search for resources, on the web and just invoke on them.  But when does any real application not have complete determinism?  When you’re writing a distributed application, you research the services you are going to interact with.  What exact data formats do they product?  What exact formats do they consume?  Otherwise its nearly impossible to implement your application.  Coding isn’t guess work.  You’re not going to invoke a service and hope it gives you back something you understand and vice-versa.  So please, somebody, give me real live use cases for this type of complex content negotiation.

Client driven business activity

October 15, 2007

billburke REST, transactions, Webservices 3 Comments

In my previous blog, Distributed Compensation with REST and jBPM, I talked about removing complexity from both the distributed protocol and the server by forcing (or enabling, depending on your perspective) the client to handle things like business activity and compensating transactions. I asked the question, where does this leave WS-BA or more importantly, JBoss’s Business Activity Framework? It could easily still be used in a one process, web application. Many web applications are long running transactions that require compensation. But, I still think JBoss’s Business Activity Framework could be useful to help orchestrate distributed services, even restful ones, if we make compensation metadata available to the client so a local-only business activity coordinator could do its work locally. This would give us the decoupling benefit of BA, but would also allow us to keep our remote services stateless (and restful). The idea would be to move the BA annotations from the bean class, to the business interface:

public interface TravelAgent {
	@BACompensatedBy(value="cancel")
        @BAResult("reservationNumber")
        public int book(int room);

        public void cancel(@BAParam("reservationNumber") int reserverationNumber);
}

A client-side smart proxy could hide the interaction with the local activity coordinator. Another idea would be for the business process engine to introspect service references to see if they are annotated with compensation metadata, and interact with the coordinator themselves. A nice side effect of putting the metadata within the interface is that your service becomes self documenting. The user of this service knows exactly what’s going on by looking at the code.

You could combine this annotation-driven approach with the restful client-side framework I suggested in my comments on JSR-311.

public interface TravelAgent {
	@BACompensatedBy(value="cancel")
        @BAResult("$r.getId()")
        @UriTemplate("/hotel/reservations")
        @HttpMethod("POST")
        @Location("/hotel/reservations/$r.id")
        public Reservation book(@QueryParam("room") int room);

        @UriTemplate("/hotel/reservations/{reservationNumber}")
        @HttpMethod("DELETE")
        public void cancel(@BAParam("reservationNumber")  @UriParam("reservationNumber") int reserverationNumber);
}

This could make it fairly easy and metadata driven to have restful services interact with business activity.

In Java-to-Java calls, for example a remote or local EJB invocation, you wouldn’t necessarily need an interface-driven approach. The JBoss EJB 3.0 implementation, for instance, allows you to define both client-side and server side interceptors. At deployment time, the EJB container could scan the bean class for BA metadata, create a client interceptor initialized with this meta information, and attach the client interceptor to the proxy that is published to clients.

I think client driven conversations where the client holds all state makes for better written distributed services as they can be written in a more stateless, scalable manner. This doesn’t mean that you’d be able to apply this pattern to all scenarios. That’s why I think it might be interesting to make this approach configurable. The client must drive the compensation, the server must be allowed to participate in resource registration, or even a configuration of the client can decide whether it wants drive the coordination or not are all valid scenarios. Anyways, if you experiment with any of these patterns let me know. It would be cool to hear some real, live user experience instead of just guessing on whether or not this would be a good approach.

JSR 311, JAX-RS: Comment and suggestions

October 1, 2007

billburke JAX-RS, jboss, REST, Webservices 12 Comments

Since I’m so RESTless lately I started thinking about what JBoss could do to help with this effort. We’re involved with JSR-311, which is defining a server-side framework for REST web services, so I decided to contact Heiko Braun, our representative on this specification. I got a copy of the latest draft and dived in. Sometimes the rules of the JCP prevent you from talking about a specification publicly (please correct me if I’m wrong), so I wasn’t sure I could blog about this specification. But, since Brian Leonard has blogged about 311, then I guess I can too.

I don’t want to get into too much detail on 311. Instead please read Brian’s blog and follow the additional links he provides. 311 does seem like it is just standardizing the REST framework Sun has already written. I will though provide example code so that I can reference it later in this blog.

public class Shopping {
   @HttpMethod("GET")
   @UriTemplate("/shopping/orders")
   @ProduceMime("text/xml")
   public String getAllOrders(@QueryParam("expand") boolean expand) {...}

   @HttpMethod("POST")
   @UriTemplate("/shopping/orders")
   @ConsumeMime("text/xml")
   public String buy(Document order) {...}

   @HttpMethod("GET")
   @UriTemplate("/shopping/orders/{id}")
   @ProduceMime("text/xml")
   public String getOrder(@UriParam("id") int orderNum) {...}

   @HttpMethod("DELETE")
   @UriTemplate("/shopping/orders/{id}")
   public void deleteOrder(@UriParam("id") int orderNum) {...}
}

The spec allows you to map http header entries, query parameters, and individual elements within a URI to a method invocation and its parameters and return types. You can also specify what MIME types a method produces and consumes. The spec also provides you with the ability to define factories that can map representations to and from Java objects.

Change suggestions

After reading the specification and browing the Sun REST framework documentation, I have a few suggestions I’d like to make to JSR 311.

Remove magic methods

It seems like @HttpMethod can be placed without a http method identifier on a Java method and the HTTP method type inferred through the Java method name.

@HttpMethod String getOrders()

In this example, HTTP GET would be used because getOrders() begins with the string ‘get’. I never liked the idea of magic method names. They are too fragile and IMO, just bad programming practice. Instead let’s……..

Annotation refactoring of @HttpMethod

Annotation frameworks should be as tiny and concise as possible. Avoid verbosity at all costs. I’d like to see @HttpMethod replace with a more concrete set of http annotations with the additional ability of being able to define a uri template embedded within these applications. So, instead of @javax.ws.rest.HttpMethod (or whatever the package name will be), let’s instead have individual Get, Put, Post, Delete, and Options annotations under the package @javax.ws.rest.httpmethod:

public @interface Get {

   String value() default "";

}

The value() of Get, Post, Delete, etc. would be an optional uri template. So, instead of the verbose:

   @HttpMethod("GET")
   @UriTemplate("/shopping/orders/{id}")
   @ProduceMime("text/xml")
   public String getOrder(@UriParam("id") int orderNum) {...}

We would get:

   @Get("/shopping/orders/{id}")
   @ProduceMime("text/xml")
   public String getOrder(@UriParam("id") int orderNum) {...}

Reduces one line of typing and also, IMO, makes things easier to read.

Allow annotations on an interface instead

RESTful classes should be allowed to declare their REST annotations on the methods of an interface instead of on the class methods. IMO, this is a better way of isolating the published interface of a service. Doing so would also allow the EJB specification to adopt REST and be able to publish remote, local, and restful interfaces to the outside world. Another interesting side affect of this is….

How about a client side framework?

Another interesting side affect of being able to apply REST annotations to an interface is that this interface could be re-used by a client-side framework to generate a proxy that could invoke on REST web services. The client-side programmer could use the same annotations to describe many REST web services that may or may not be using the server-side implementation of 311 or even Java at all! Doesn’t seem like much more effort to define this client-side API.

@Location annotation?

One common pattern I’ve seen in the REST articles and books I have read is that when you have a service method that creates a new object or queries for an existing object, and Location header should be sent back to the client containing the URI the resource is locatable. The 311 spec seems to support this by allowing the user to return a spec-define Response class. What if instead, we provided the ability to map a return value to a Location header?

@Post("/shopping/orders")
@Location("/shopping/orders/{$r}")
public int buy(Document order) {...}

The $r would represent the string representation of the returned value of the buy() method. The client would receive an empty response with a Location header pointing to the new resource created by the buy() method. We could get even funkier in the @Location annotation and allow Unified EL expressions.

@Post("/shopping/orders")
@Location("/shopping/orders/{$r.getId()}")
public Order buy(Document order) {...}

This kind of flexibility could allow one object to be used both RESTfully and locally.

Security?

Another thing I see missing is security hooks. For instance, how about an annotation specifiying whether the resource should be accessed over HTTPS or not? How about an annotation that allows you to plug in an authentication mechanism? IMO, 311 shouldn’t be diving into defining security protocols, but should at least think about providing metadata that allows you to plug in your own implementation. Then again, maybe authentication is best left to being implemented in servlet filters. I don’t know…

XML Descriptor?

There are some bigots out there that despise annotations. An XML descriptor should be created that can define this type of metadata. It should follow the style of other EE components so that we can do things like integrating JAX-RS with EJB.

EJB bridge

The 311 specification does talk about how JAX-RS interacts in a servlet environment. I’d also like to see some work done so that EJBs can become restful as well. This will probably require some work around define lifecycle and creating an annotation like @Restful to ping the container that it needs to perform restful bindings. This would also require work with the EJB 3.1 JSR to expose JAX-RS XML descriptors within EJB 3.1. Red hat would be happy to drive this in the EJB 3.1 expert group.

More to come

I’m seriously thinking about implementing 311 with the changes I’ve suggested here and integrating it with our EJB3 implementation. Hopefully I have the time. Maybe somebody in the community would be interested? I’d be happy to help as long as the individual showed initiative and ability to work on their own. I’ll also talk to Heiko more on what he thinks should be massaged in the specification and blog about them here.

Mark’s rebuttal on compensations with REST and JBPM

September 18, 2007

billburke jbpm, REST, transactions, Webservices 3 Comments

I got what I hoped for. Mark Little responded to my previous blog. Cool, now I’ll really start to learn something…. Let me respond to some of his comments:

Bill: “One of my concerns is the complexity of the WS-* layer and how it affects maintainability and evolvability of a distributed system. WS-* requires both the client and server to have the necessary middleware components and libraries installed to work.”

Mark: Yes, but that’s the case for any distributed system: the endpoints have got to be able to understand each other or go through some intermediary that can do the protocol/data translation. The same is true for HTTP though.
Mark’s right, I said something obvious, but I think the layers you have to have in sync are very different in size and complexity. While a REST over HTTP web service only really requires an HTTP client, HTTP web service, and maybe an XML parser, WS-* requires those plus all the WS-* libraries, plus any generated stubs. What I like about REST over HTTP you can actually tell the server what data format you’re sending (content-type) and what format you want back (accept). Maybe there is something equivalent in the WS soup of specifications, but it doesn’t seem like that is what the industry is pushing as its default framework.

Bill: “What I continually like about REST over HTTP is that there is little to no requirement on either the client or server side for additional libraries or generated stubs other than a http client library and a http server.

Mark: So let’s assume we can get everyone to agree to use HTTP (not a big assumption, so I’m happy with this). Then we have to get them to agree to the protocol data, the format, representation, etc. that actually flows between the endpoints. It’s no good someone saying “because we agree on PUT or GET that’s the end of the story.” That’s a bit like saying that because we agree on using letters and envelopes to send mail around the world the recipients will be able to understand what’s being sent!

Its eerie. I gave the same argument to Vinoski over private email months ago, but then I thought about it a bit more. Don’t you have to do the same thing with WS? You still have to agree on the message you are sending. What is the name of the remote method call you are invoking. What are its parameters. What is the data format of its parameters, and so on. What allowed me to break the internal conflict I had was when I came to this realization: What if you think of PUT, GET, POST, DELETE, and OPTIONS as a set of metadata?

@Put void createOrder(Document theOrder);
@Delete void deleteOrder(int orderNum);
@Get Document getOrder();

Maybe I’m crazy, but these HTTP operations are really nothing more than annotations on a method. In using REST over HTTP, yes, you still have to agree on the data format exchange, but you are providing clearly defined, distinct, exact, metadata on the behavior of your endpoint. Behavior that can be generically communicated to mature tools and services that have been around forever that your operations department knows how to operate and fine tune your application with.

Mark: The Web works because the standards/specifications on which it is based were laid down back in the early 1990’s and haven’t really changed. The W3C manages them and everyone agreed to abide by them very early on; there’s strong commercial incentive not to change things. That has nothing to do with REST and everything to do with protocol agreement: same thing has happened with WS-*.

I am officially in my late 30s. I did work through both the short-lived DCE and long-lived CORBA eras that touted the same story of interoperability. Sorry if I am skeptical and worried that the industry will yet again re-invent itself in another 5-10 years.

Mark: Yes, we have interoperability on the WWW (ignoring the differences in HTML syntax and browsers). But we do not have interoperabilty for transactions, reliable messaging, workflow etc.

A wise man once told me if you run into a wall, redefine the problem. To me, that’s what the whole REST exercise is, redefining the problem in distributed computing. The whole underlying point of my previous blog was that maybe you don’t need interoperability for transactions, reliable messaging, and workflow in a distributed environment, if you let the client drive the application. Yes, you need transactions, reliable messaging and workflow at the client. The idioms I described with jBPM use all three of these subsystems, but they do not require a remote protocol definition. As responsible engineers, we should be questioning the need for WS-*. The amount of investment is just too huge for any organization. There’s too much money and time to be lost.

Bill’s next point was around flexibility. He mentions the ordering of compensations can sometimes (often?) be important and that you can’t rely on ordering within WS-BA. Unfortunately that’s not correct, as was pointed out several years ago.
Apologies. I didn’t make this mistake intentionally. The article Mark points out was one of the things I read before writing my previous blog. The talk of scopes was a little confusing there. Seemed more of talk of nested transactions than the control of ordering. But, even so, I still don’t get the need for it. Why the need for BA if it is not going to do things automatically for you? If the line between your business process and your compensation engine is starting to blur, why not have your bpm and compensation engine be the same thing? Cuts out one less piece of infrastructure you have to install and manage.

So just because I decide to use REST and HTTP doesn’t mean I get instant portability and interoperability. Yes, I get interoperability at the low level, but it says nothing about interoperability at the payload. That’s damn hard to achieve, as we’ve seen over the past 7+ years.

Not so sure this is true. If your content type is text/xml, you’ll probably have an XSD associated with it. If you use the design by contract to implement your web services that people like the Spring guys are pushing, you really have the same thing.

Bill: You still have strong decoupling in a bpm driven activity. The difference is that instead of compensation being hidden by the server, it is visible, and in your face, embedded directly in the business process. With jBPM, you can look at the process diagram and know exactly the flow of success and failure conditions of your distributed application. With BA, you would have to dive into the documentation and code to determine how your application functions.”

Mark: Yes, that’s right, but no different to what you’d find with a good WS-BPEL implementation.

See? I knew I’d learn something. But when I said “a bpm engine like jBPM might be a better solution to manage compensations.” I meant any bpm engine. What I really want here is to have the client drive the application and simplify the complexity of the distributed protocol. This is why I said I really liked the idea of using BA with a web application. It would all be local and controllable. After reading up on BPEL compensation handlers, I also like the idea of using them with RESTful web services. Again, put all the responsibility on the client for managing the coordination.  Then we don’t have a dual dependency on an in-sync client and server.

Older Entries Newer Entries