Lectures Log - A.Y. 2023/2024
Lecture 1: Introduction to (RESTful) web services
2024-03-01, 11:30 (2 hours)
Slides WS-Rest
- (1-1)Course presentation
- (1-2)Why (web) services are an effective way to develop software
- (1-3)The distributed (web) services story: from RPC to RESTful
- (1-4)Course topics: RESTful web services
- (1-5)Example RESTful services as an extension to standard web applications
- (1-6)Example RESTful services as a base for client-side applications like SPA (Angular, React, etc.)
- (1-7)Example RESTful services as a base for hybrid modile apps (Cordova, etc.)
- (1-8)Course topics: RESTful web services design
- (1-9)Course topics: RESTful web services implementation (Java, PHP)
- (1-10)Course topics: RESTful clients implementation (Java, PHP, Javascript)
- (1-11)Web services and Web 2.0
- (1-12)What web services really are?
- (1-13)What is the role of web services in web 2.0?
- (1-14)Example Analysis of some services published by the Public Administration on the web
- (1-15)Example An example of real web services: Amazon
Lecture 2: RESTful services semantics 1
2024-03-08, 11:30 (2 hours)
Slides Restful
- (2-1)Example Making the Public Administration services real web services
- (2-2)RESTful web services: when to use them, and what alternatives exist
- (2-3)The REST paradigm
- (2-4)Web services with REST paradigm: RESTful web services
- (2-5)Basic features of a RESTful service: protocols, formats, methods
- (2-6)Semantics of a RESTful web service: what kind of application it is best suited for?
- (2-7)RESTful services URL structure
- (2-8)Mapping resources to URLs: the basic collection-item structure
- (2-9)Example Mapping relational structures to RESTful URLs
- (2-10)CRUD RESTful operations: the GET method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET - (2-11)Example GET on collections: SELECT
- (2-12)Example GET on collections with a query string: SELECT * WHERE
- (2-13)Encoding of data returned by a GET and the Accept/Content-Type headers
- (2-14)The return value of GET on collections: records or keys list?
- (2-15)Example GET on collections: use of the query string to create a LIMIT clause
- (2-16)Example GET on item: SELECT * WHERE id = ...
- (2-17)Example GET on attributes: SELECT a WHERE id = ...
- (2-18)
- (2-19)CRUD RESTful operations: the PUT method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PUT - (2-20)Example PUT on item: global UPDATE of a specific record
- (2-21)The payload of the PUT method and the Content-Type header
- (2-22)Example PUT on attributes: UPDATE of individual attributes in a specific record
- (2-23)Example PUT on collections: replacement of an entire collection
- (2-24)PUT: HTTP return status
- (2-25)CRUD RESTful operations: the PATCH method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/PATCH - (2-26)Example PATCH on item: partial UPDATE of a specific record
- (2-27)Extension of PUT semantics in environments not supporting the PATCH
Lecture 3: RESTful services semantics 2
2024-03-15, 11:30 (2 hours)
Slides Restful
- (3-1)CRUD RESTful operations: the POST method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/POST - (3-2)Example POST on collections: INSERT of a new record
- (3-3)The payload of the POST method and the Content-Type header
- (3-4)POST: HTTP return status and values
- (3-5)CRUD RESTful operations: the DELETE method
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/DELETE - (3-6)Example DELETE on item: DELETE of a specific record
- (3-7)Example DELETE on collections: emptying a table
- (3-8)DELETE: HTTP return status
- (3-9)Other HTTP methods: HEAD, OPTIONS
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/HEAD
link https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS - (3-10)Example HEAD on resource: metadata check
- (3-11)Example HEAD used to control resource caching
- (3-12)Example OPTIONS on a resource: allowed methods check
- (3-13)The same-origin-policy issue for services
link https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy - (3-14)How to grant access to RESTful services from outside (their domain): CORS
link https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS - (3-15)OPTIONS and CORS: the resource preflight
link https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request - (3-16)RESTful RMI-type operations
- (3-17)How to specify an object (context) and a method to be invoked thorugh an URL
- (3-18)Example The POST method used to make an RMI
- (3-19)Encoding the parameters and the return value of a method invoked via POST
- (3-20)Payload and result for the POST method: Accept and Content-Type header
- (3-21)POST for RMI: HTTP return status
- (3-22)Example RESTful RMI-type operations: GET for read methods (derived attributes)
- (3-23)Example The POST method as an alternative to GET on collections to define complex filters
- (3-24)Example A RESTful API advanced pattern: asynchronous long running operations
link http://restalk-patterns.org/long-running-operation-polling.html
link https://learn.microsoft.com/en-us/azure/architecture/patterns/async-request-reply
Lecture 4: RESTful services security
2024-03-22, 11:30 (2 hours)
- (4-1)Security in RESTful APIs
- (4-2)The role of the access token in API security
- (4-3)How to exchange the access token: from base methods (query string, path) to Bearer Authorization
link https://datatracker.ietf.org/doc/html/rfc7519 - (4-4)Managing the expiration and refreshing access tokens
- (4-5)Generating access tokens: authentication schemes
- (4-6)Example How to implement the login/logout technique in a RESTful service
- (4-7)OAuth: an advanced authentication system for services
link https://datatracker.ietf.org/doc/html/rfc6749
link https://datatracker.ietf.org/doc/html/rfc6750
link https://oauth.net/2 - (4-8)The OAuth 2 authorization flow
- (4-9)The benefits of OAuth: no stored credentials and scoped authorization codes
- (4-10)Example OAuth in the real world
link https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-auth-code-flow - (4-11)
Lecture 5: RESTful services: a case study
2024-04-05, 11:30 (2 hours)
- (5-1)Defining the JSON structures required by a service (or inherit them from the code!)
- (5-2)Identifying the collection-item pattern within the API
- (5-3)Defining an URL structure consistent with the API
- (5-4)Outside the pattern: when violating the standard RESTful semantic helps us to be more efficient
- (5-5)Mapping methods and payloads on URLs
- (5-6)Managing binaries correctly and effectively
- (5-7)
- (5-8)Introduction to JSON Schema
Lecture 6: JSON Schema
2024-04-12, 11:30 (2 hours)
Slides JSONSchema
- (6-1)
- (6-2)JSON Schema: meaning of the empty schema and "modeling by restrictions" technique
- (6-3)JSON Schema: data types
- (6-4)JSON Schema: string type and constraints
- (6-5)JSON Schema: numeric types and constraints
- (6-6)JSON Schema: object type and property specification
- (6-7)JSON Schema: object type constraints
- (6-8)JSON Schema: array type and constraints
- (6-9)JSON Schema: enumerations
- (6-10)JSON Schema: schema composition (allOf, anyOf, oneOf, not)
- (6-11)JSON Schema: schema references and modularization ($ref property)
- (6-12)Example The event data structure defined with JSON Schema
material Event_Object.json
material Event_Object_Schema.json - (6-13)
- (6-14)Relationships between YAML and JSON
- (6-15)YAML syntax: scalars, objects and arrays
Lecture 7: OpenAPI /1
2024-04-19, 11:30 (2 hours)
Slides OpenAPI
- (7-1)Introduction to OpenAPI 3
- (7-2)OpenAPI online tools and specification
link https://www.openapis.org/
link https://swagger.io/tools/open-source/ - (7-3)OpenAPI: basic structure
- (7-4)OpenAPI: info object
- (7-5)OpenAPI: tags object
- (7-6)OpenAPI: externalDocs object
- (7-7)OpenAPI: servers
- (7-8)OpenAPI: specification factorization and components object
- (7-9)OpenAPI: schema components
- (7-10)OpenAPI: parameter components
- (7-11)OpenAPI: response components
- (7-12)Example The events RESTful service specification with OpenAPI 3: base structure, schemas, parameters and responses
Lecture 8: OpenAPI /2
2024-05-03, 11:30 (2 hours)
Slides OpenAPI
- (8-1)OpenAPI: requestBody components
- (8-2)OpenAPI: securityScheme components
- (8-3)OpenAPI: endpoints: basic structure of the paths object
- (8-4)OpenAPI: parametric URLs in the paths object
- (8-5)OpenAPI: endpoint parameters (parameters)
- (8-6)Path-level and method-level parameters
- (8-7)OpenAPI: response status and corresponding content (responses)
- (8-8)OpenAPI: request content (requestBody)
- (8-9)OpenAPI: security requirements of an endpoint (security)
- (8-10)
- (8-11)
- (8-12)JAX-RS dependencies in a Maven web application project
- (8-13)Using Jackson as a JSON provider for JAX-RS
link https://github.com/FasterXML/jackson-jaxrs-providers
Lecture 9: JAX-RS /1
2024-05-10, 11:30 (2 hours)
Material JAXRS_Examples
- (9-1)
- (9-2)
- (9-3)Configuring JAX-RS with service providers and resources: the Application class and @ApplicationPath annotation
- (9-4)Marking classes as (root) RESTful resources: the @Path annotation
- (9-5)Marking class methods to answer HTTP methods: the @GET annotation
- (9-6)RESTful output type for a method: the @Produces annotation
- (9-7)JAX-RS method return types and automatic type conversion
- (9-8)Automatic JSON encoding of complex return types: lists, maps, objects
- (9-9)Required structure for Java objects to be automatically encoded and decoded in JSON
- (9-10)The @JsonIgnore annotation used to exclude class fields from the JSON output
- (9-11)Creating advanced custom (de)serializers
- (9-12)Example Creating a custom (de)serializer for the Java Calendar class
- (9-13)Using the Response class to build RESTful responses
- (9-14)Returning status codes and building complex responses with the Response class
- (9-15)Handling and encapsulating exceptions: the WebApplicationException class
- (9-16)Handling exceptions: the ExceptionMapper class
- (9-17)How to inject a query parameter in a method with the @QueryParam annotation
- (9-18)The @Path annotation on methods to identify sub-resources
- (9-19)The @Path annotation with parameters
- (9-20)How to inject a URL parameter in a method with the @PathParam annotation
Lecture 10: JAX-RS /2
2024-05-17, 11:30 (2 hours)
Material JAXRS_Examples
- (10-1)Returning a binary download
- (10-2)Returning a stream: StreamingOutput
- (10-3)Implementation of REST methods: the @POST annotation
- (10-4)RESTful input type for a method: the @Consumes annotation
- (10-5)How to inject the request payload in a method
- (10-6)Data types for payloads: strings, numbers, InputStreams
- (10-7)Automatic Java bean decoding from a JSON payload
- (10-8)Using the UriInfo class to generate URIs to internal resources of a REST application
- (10-9)Implementation of REST methods: the @PUT annotation
- (10-10)Implementation of REST methods: the @DELETE annotation
- (10-11)Summary of JAX-RS techniques for single-class resources
- (10-12)
- (10-13)A development pattern for RESTful services: sub-resources
- (10-14)Define and return a REST sub-resource with the @Path annotation
- (10-15)RESTful design with JAX-RS: when and how to use sub-resources?
- (10-16)How to define authentication-related annotations in JAX-RS
- (10-17)Limit access to a RESTful method with an authentication annotation
- (10-18)How to write a authentication filter in JAX-RS
- (10-19)How to inject authenticated user information in a RESTful method
Lecture 11: RESTful services implementation and best practices
2024-05-30, 09:30 (2 hours)
- (11-1)RESTful API and authentication: returning an authentication token (authentication header, cookie or plain payload)
- (11-2)How to add CORS headers and handle preflight requests with a filter
- (11-3)RESTful in PHP with the Slim framework
- (11-4)
- (11-5)RESTful in PHP with the Slim framework
- (11-6)Beyond RESTful: notes on gRPC, Protobuf, GraphQL...
link https://grpc.io/
link https://protobuf.dev/
link https://graphql.org/ - (11-7)RESTful best practices: rules of the right linguistic design
link https://doi.org/10.1109/SCC55611.2022.00017 - (11-8)Common RESTful errors: Over and underfetching, N+1 request problem, poor type safety
- (11-9)Developing clients for RESTful services
Lecture 12: RESTful clients
2024-05-31, 11:30 (2 hours)
- (12-1)RESTful clients in Java with the Apache HTTPComponents Client library
- (12-2)
- (12-3)RESTful clients in PHP with the HTTPful library
- (12-4)
- (12-5)RESTful clients in Javascript with the XMLHttpRequest object (AJAX)
- (12-6)Synchronous and asynchronous RESTful calls
- (12-7)Example A Javascript client for the events RESTful service: XHR client
material EventsREST_Client_JS - (12-8)RESTful clients in Javascript with the Fetch API object
link https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API - (12-9)Example A Javascript client for the events RESTful service: Fetch client
material EventsREST_Client_JS - (12-10)
- (12-11)When it is correct to use JQuery in a web project?
- (12-12)The $ function and the different ways to use it
- (12-13)Wrapping the DOM in JQuery objects
- (12-14)Selecting items with JQuery: CSS3 selectors and traversal functions
- (12-15)Traversing the DOM with JQuery
- (12-16)JQuery DOM manipulation functions
- (12-17)Modifying the DOM with JQuery
- (12-18)Modifying the CSS styles with JQuery
- (12-19)Event handling in JQuery: binding (in bubbling phase)
- (12-20)Event handling in JQuery: the normalized event object
- (12-21)JQuery and AJAX: the main $ .ajax function
- (12-22)Automatic decoding of data received via AJAX
- (12-23)Example The Jsonp dataType and the AJAX cross-origin calls executed without XMLHTTPRequest
- (12-24)JQuery and AJAX: the "shortcut"methods $ .get, $ .post, and $ .getJSON
- (12-25)RESTful clients in Javascript with JQuery
- (12-26)Example A Javascript client for the events RESTful service: JQuery client
material EventsREST_Client_JS