Thursday, August 2, 2018

REST, REST Security, REST API Methods, REST annotations

REST - Representational State Transfer

1. REST is Architecture Style implementation

2. REST implemenation is based on Json Over HTTP

3. REST implemented based on simple HTTP protocol

4. REST has better scalability and performance

5. REST permits more data formats like JSON,XML etc..

6. REST emphasizes scalability of component interactions, independent deployments of components.

7. REST is design of HTTP and URI standards

8. REST is follow http methods like GET,POST,PUT,DELETE,PATCH

9. HTTP PATCH requests are to make partial update on a resource.
PUT requests also modify a resource entity so to make more clear –
PATCH method is the correct choice for partially updating an existing resource
and PUT should only be used if we are replacing a resource in it’s entirety.

10. REST impelnetations using JAX-RS and Jersy

11. Annotations of JAX-RS


Injects information into a class field, bean property, or method parameter


Extracts information from cookies declared in the cookie request header


Extracts information from a request representation whose content type is application/x-www-form-urlencoded


Extracts the value of a header


Extracts the value of a URI matrix parameter


Extracts the value of a URI template parameter


Extracts the value of a URI query parameter

12. HTTP Status codes

200 OK - Response to a successful REST API action. The HTTP method can be GET, POST, PUT, PATCH or DELETE.
400 Bad Request - The request is malformed, such as message body format error.
401 Unauthorized - Wrong or no authentication ID/password provided.
403 Forbidden - It's used when the authentication succeeded but authenticated user doesn't have permission to the request resource.
404 Not Found - When a non-existent resource is requested.
405 Method Not Allowed - The error checking for unexpected HTTP method. For example, the RestAPI is expecting HTTP GET, but HTTP PUT is used.

13. REST security interface to implement security programmatically

        public String updateUser(@Context SecurityContext sc) {
                if (sc.isUserInRole("admin"))  return "User will be updated";
                throw new SecurityException("User is unauthorized.");

Applying annotations to your JAX-RS classes


Declares roles.


Specifies that no security roles are allowed to invoke the specified methods.


Specifies that all security roles are allowed to invoke the specified methods.


Specifies the list of security roles that are allowed to invoke the methods in the application.


Defines the identity of the application during execution in a J2EE container.

@RolesAllowed({"ADMIN", "DEV"})
public class helloUser {

   public String updateUser() {
      return "User Updated!";

Updating the web.xml deployment descriptor to define security configuration


Thanks for viewing this post. If you like it don't forget to provide comments


Contact Form


Email *

Message *