REST - Taking a Closer Look (Part 7)

We are going to take a little detour and look at the method values available.  These values have very defined intentions for use and how they should be treated on the response side of the transaction.  The w3.org has documented eight different methods in the HTTP v1.1 specification.

• OPTIONS
• GET
• HEAD
• POST
• PUT
• DELETE
• TRACE
• CONNECT

It seems that all communication is now expected to work through the GET and POST methods.  The GET is intended for retrieving data with potential for cache.  The POST is intended to push data onto the server.  These two methods are very common and do not require a lot of discussion.

OPTIONS Method

The OPTIONS method intends to determine what options are available to the client.  This may be useful in the cases of determining a user has access to specific resources on the server.  The w3.org HTTP v1.1 specification has this to say about OPTIONS.

The OPTIONS method represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This method allows the client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval.

Responses to this method are not cacheable.

In the Book example I have been working through, I could it being used to determine if a user has read-only access or may have create, update and delete privileges as well.  The client application could be formed in a way to respect the response of an OPTIONS request to provide certain features to the user based on their authorizations.

HEAD Method

HEAD, is header that I have only read about and never use in practice.  The definition as defined by w3.org from the HTTP v1.1 specification is,

The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response. The metainformation contained in the HTTP headers in response to a HEAD request SHOULD be identical to the information sent in response to a GET request. This method can be used for obtaining metainformation about the entity implied by the request without transferring the entity-body itself. This method is often used for testing hypertext links for validity, accessibility, and recent modification.

Two things come to mind.  Checking the end point is valid and exists, pushing data to the server without sending a response to the client.  Now these two are likely very useful in certain conditions.

My extinct is to avoid HEAD whenever the User's experience is at stake.  Another words, if there is a need to make a request to the server to gather information.  It does not seem practical or feasible to make a HEAD request first to determine if the end point is valid and contains fresher data than the browser's cache.  The result would be in certain situations an additional request to retrieve the data.

I can see this being used in a CDN type implementation, where the delivery nodes are responsible for checking for updates periodically.  In this instance that User is waiting for the response and additional requests.  The node can make requests more often to check staleness using HEAD and then make a GET request to retrieve an update when necessary.

Another useful condition may be to push user activity information to the server.  In this case, the response codes should indicate whether the user is still allowed to access the system.  Otherwise, if the system is dependent on the client pushing data or communicating on a regular basis to avoid a session disruption from the server side.

PUT and DELETE Methods

The PUT and DELETE methods are primarily used in RESTful services.  They are used to indicate the action of updating or deleting some data.  I have already worked through the PUT and DELETE methods in a previous post.  Check it out for what I have discovered there

TRACE Method

TRACE is a method intended for testing and debugging purposes.  The method indicates that the server should do nothing more than reflect the request data back to the client.  HTTP v1.1 identifies this as,

The TRACE method is used to invoke a remote, application-layer loop- back of the request message. The final recipient of the request SHOULD reflect the message received back to the client as the entity-body of a 200 (OK) response. The final recipient is either the origin server or the first proxy or gateway to receive a Max-Forwards value of zero (0) in the request (see section 14.31). A TRACE request MUST NOT include an entity.

This is useful to identify how a request may be processed on the way through all of the various hops between the client application and the server.  If there are no hops between the client and server there is likely going to very little change of the request on the way through to the server.  I have never used this in practice, but I am intrigued to learn more about it and how I may be able to utilize it.

CONNECT Method

This method appears to be reserved but not implemented.  So there is not much to say about it, except it may be used with SSL tunneling.  See the w3.org's HTTP v1.1 specification for more details and updates to the specification.

Java SE for Embedded and Plug Computers

Wednesday night I attended the WJUG meeting on Java SE for Embedded devices.  The presentation was given by Jim Connors of Oracle and previously Sun prior to the buyout.  Jim showed the power of Java SE for embedded devices how there is very little to change in the development process.

During his presentation he showed a hockey scoreboard implementation that he built.  The scoreboard was using a JavaFX front end on his Windows laptop.  He showed that with a similar implementation using jcurses he could show the scoreboard through putty.  The data regarding penalties, time, and period were all managed by the application running from a full-sized laptop.

He showed there was an important distinction between the Java SE platform and Java SE for Embedded.  First off, the size of the embedded jre was reduced by nearly half.  This was to accomodate the size constraints of the flash drive with the device.  Secondly, there are specific builds for each embedded based device.  The download site for Java SE Embedded has several to choose from and may have the binaries for most devices available on the market.

The embedded space will likely grow into a larger market.  It seems reasonable that Developers and IT shops alike should start to take notice.  The advantages of this platform are low cost and low power consumption.  Both making it an easy adoption for any hosting environment.  Jim had two Global Scale devices on hand.  They have two devices that are priced at $99.

In wrapping up the presentation, he showed a web farm with six nodes.  The first node was the load balancer running Apache Tomcat with mod_proxy.  The last five nodes were responsible for handling the traffic.  The advantage of this implementation is the cost.  These machines may not be that powerful today, but there is growing demand for smaller more powerful and ecological embedded type devices.  Did I mention that these devices only run on 5W of power.  Slap an external hard drive on this machine and suddenly you have a lower powered server that can handle a reasonable amount of traffic.

Check out Jim's blog of tomcat micro cluster to see it in action.  It's very cool and as Jim put it, inspired by the old days of google and their first rack mount systems.

REST - Taking a Closer Look (Part 6)

In my last post, I talked a bit more about the PUT and DELETE methods of a request.  I raised a concern regarding the Grails and it's support for PUT and DELETE due to my inabilities to make a PUT request from a form.  After further investigation, I found a reference in the HTML5 changelogs posted on June 24, 2010 indicating that PUT and DELETE methods were removed from the specification.

As expected, the following code works without any issues.

jQuery.ajax({ url: "http://localhost:8080/research-grails-rest/book/delete/2", type: "DELETE" });

This further proves the point that only the form submission using these methods are affected.  This restriction may not be an issue for applications that are primarily Ajax driven.  However, I have read in several API docs now something similar to this from the jQuery Ajax documentation.

"The type of request to make ("POST" or "GET"), default is "GET". Note: Other HTTP request methods, such as PUT and DELETE, can also be used here, but they are not supported by all browsers."

The trend in several stackoverflow articles is a POST tunneling concept.  Essentially, instead of using the PUT or DELETE methods, send everything over POST.  Then specify through a hidden form input or HTTP header the correct method.  This resolves the problem for form submissions and lack of browser support.

With that resolved, it is time to look closer at more complex structures.  My next post will be centered around understanding how the state of a collection of books is transferred.  After that investigating how to perform operations against that collection.

Citations from stackoverflow.com regarding POST tunneling:

• Are the PUT, DELETE, HEAD, etc methods available in most web browsers?
• Is there any reason not to use HTTP PUT and DELETE in a web application?

REST - Taking a Closer Look (Part 5)

In this post, we'll take a closer look at the update process using PUT with the Grails project.   REST defines updates as a HTTP PUT method.

First we need to make a few adjustments to the code to make the update operation respond to the PUT method and alter the edit form to ensure it is sending in a method of PUT.

Alter the allowedMethods array to recognize PUT for the update method.

Alter the form method to ensure it sends PUT as the method.

Now that we have ensured the method is set to PUT on the form and the controller will accept PUT as the method from the client let's test.  (After selecting a specific book, click the Edit button along the bottom of the view.)  Altering some data and clicking the Update button we should be in business to see the transaction.  The following screenshot details the HTTP headers transferred during the state transition.

Here we can see that the request was actually done using POST.  Internally within the request parameters a PUT method is specified.  This is detailed further in the Grails 2.0.0 documentation.

Issuing a request with a method other than GET or POST from a regular browser is not possible without some help from Grails.

This doesn't seem to be consistent with the REST architecture or the HTTP v1.1 specification.  Grails is also blocking a method of PUT coming from the browser with a 405 - Method Not Allowed response.  Requests made with cUrl go through without error.

$ curl --request PUT http://localhost:8080/research-grails-rest/book/update/1 --verbose
* About to connect() to localhost port 8080 (#0)
*   Trying ::1... connected
* Connected to localhost (::1) port 8080 (#0)
> PUT /research-grails-rest/book/update/1 HTTP/1.1
> User-Agent: curl/7.21.4 (universal-apple-darwin11.0) libcurl/7.21.4 OpenSSL/0.9.8r zlib/1.2.5
> Host: localhost:8080
> Accept: */*
>
< HTTP/1.1 302 Moved Temporarily
< Server: Apache-Coyote/1.1
< Set-Cookie: JSESSIONID=F91DEA3433A1F745B249C0F7E3E9988E; Path=/research-grails-rest/; HttpOnly
< Location: http://localhost:8080/research-grails-rest/book/show/1
< Content-Length: 0
< Date: Tue, 24 Jan 2012 10:45:05 GMT
<
* Connection #0 to host localhost left intact
* Closing connection #0

The response location,  http://localhost:8080/research-grails-rest/book/show/1, indicates the controller received the request correctly and performed the update.

What am I trying to get at?  One concern I have is support by most/all browsers for the HTTP v1.1 specification.  Another concern is around the heavy handiness around the method support on Grails part.  I concede I am now Grails expert and there may be a very simple solution to this.  I haven't found it yet if there is.  Furthermore, quick check of delete operation from the browser blocks the DELTE method even after altering the allowedMethods.

So what have we learned?  The PUT and DELETE methods have special considerations when involving the Grails built views.  It may be worth approaching another framework to interact with the REST services provided.  However, the controller has tightly integrated the responses on each call with the next view.  I think this is intended due to the nature of Grails application development.

REST - Taking a Closer Look (Part 4)

In the previous posts, we've discussed the general project, defined the concept of REST and taken a look at the list, show and save operations.  Now, let's talk a little shop and dissect the concept of REST a bit further.

REST has some very important design concepts that need to be leveraged to be successful.  First, a rich and easy interface.  This is important for two reasons.  Building a client implementation around a set of REST services can focus on user experience and ignore the data needs.  That is to say, the data is well-defined and the developer building the client can rely on those services to provide specific data.  The application will be built around that data without intermixing the client specific code.

The second important reason is, a developer can build any client around a set of REST services.  Why?  The data has no complicating details blurring the line between the user experience and the data.  In doing so, it makes it more adaptable to move from a purely web-based client to say a mobile web client.  Later, moving to a native client or game console becomes a reality.  Later on down the road, the REST API is published and developers are developing custom applications, much like Twitter, Amazon and others.

Another idea I have read about but do not fully understand is the concept of idempotent resources.  Idempotent is defined as an element multiplied by itself remains unchanged.  The simplest case I can come up with is 1.  1 multiplied by 1 is still 1.

So how does this apply to resource in your system?  Making a request to the same URI should result in the same operation time and time again.  In other words, creating an entry for a book with the same title should result in the same book being created or denied every time.  Only one book is created with that title.  Both PUT and DELETE methods are idempotent.  The GET method is also idempotent given that there are no lasting changes on the resource being requested.  POST is an update operation and can result in attributes of a given resource being altered.  It does not qualify as an idempotent method.

Now, we have defined why REST has good qualities. It provides a rich and easy interface to resources or decouples the client from the data, in doing so, making the data and services scalable.  We have cleared up the concept of idempotent and what that means to a resource in our system.

It is important to remember that REST isn't a specification like SOAP.  It is merely a suggestion of an architectural design around how to serve data.  There are goals within the design to decouple data from the client so that these services are scalable, reliable and well-defined for future client implementations.

REST - Taking a Closer Look (Part 3)

In the previous posts, we've discussed the general project, defined the concept of REST and taken a look at how the list or read operation.  Now as promised in REST - Taking a Closer Look (Part 2) we'll look at the POST method or create operation.

After clicking the 'Create Book' button, a form for the attributes about the book is displayed.  After entering the required values, we can click the 'Create' button.

Create Book Form

After clicking the 'Create' button the new book properties will be sent to the server and stored in the database.  The following screenshot details the request/response transaction from the browser with the client.  

Save Book Transition

The important pieces to note are:

• Request URI is http://localhost:8080/research-grails-rest/book/save.
• Request method is POST.
• Response status code is 302.
• Response location is http://localhost:8080/research-grails-rest/book/show/1.

The rest of the request and response headers are standard protocol speak.  The ones identified above indicate exactly how the data was saved and how the following response to the show state.

We have now seen three URIs in the transition between book listing, saving and showing a book.  The list operation is done with the GET method and the URI was formed as, http://localhost:8080/research-grails-rest/book/list.  The save operation is done using the POST method and the URI was, http://localhost:8080/research-grails/rest/book/save.  Lastly, the show operation also used a GET method, however specified an id to identify one of the items in the collection like so, http://localhost:8080/research-grails-rest/show/1.  

What we have seen so far is the basic blocks to working with a single resource.  Later we'll dig in further to understand the request model for updating, deleting and multiple items in the collection.  Next we'll take a closer look at REST and put a little more definition around what it is.

REST - Taking a Closer Look (Part 2)

First goal is understanding the request model as stated in my previous post REST - Taking a Closer Look (Part 1).  For this portion of the exercise, I will start take a closer look at the Book implementation.

The book model is simple concept and one that we would recognize from our daily lives.  A book has basic properties,

• title
• description
• author
• ISBN

What is REST?  REST is representational state transfer (see Wikipedia for more details).  More or less, it's a software architecture by which we transfer state from one place to another.  In terms of the web, transferring state of resources from the client (browser) to the server (web server->database).  I strongly suggest reading the Wikipedia entry, as it has some very useful and important details on implementation and separation of concerns.

REST sets out to model the concept of CRUD operations (Create, Read, Update, Delete).  It mimics these operations by using POST to Create, GET to Read, PUT to Update, DELETE to, well, Delete. 

With a simple understanding of REST, let's look a little closer at a Book implementation.  Initially, you'll want to see a list of books that are available.  We would model a URL using the guidance of REST like this.

GET http://localhost:8080/research-grails-rest/book/list

This URL has no unique pieces to it.  The resource is defined by book and the operation is defined by list. As a result, all defined knowledge of the representation of a book will be listed.  We can say this about any resource that is available in the system that provides an authorized list operation.  Within the context of the Grails application, all of the work is done on the server and returned in an HTML page.  However, in an Ajax based client, the list operation would return all of the data as a data structure and decouple the operation from the client view.

Screenshot: Result of book/list.

As a part of the architecture, the GET request could be marked as cacheable.  In other words, the browser could use a copy of this data from it's local cache rather than making a request to the server.  The resource, book, would have to mark the list operation as cacheable and provide a timeframe in which that cached data is considered fresh.  Once that cache entry is considered stale by the browser or by revalidation by the server, a new version of the resource will be made available to the end user.

For a simple operation like, GET, this about the extent of it.  In the next post, I will discuss the POST method (Create).

REST - Taking a Closer Look (Part 1)

One of the challenges that I have found in regards to REST is really understanding how it used in practice.  Looking across the internet, there appears to be a vast amount of documentation that talks about the basics.  I have two goals for gathering a better understanding of REST.  First, understand the request model which is well documented all over the internet.  The best way learn something is by doing.  Secondly, look at how more complex operations are constructed and how they impact the design of application.

To frame this out, I am working with Grails and building on top of the implementation discussed in the screencast, Jump Into Grails 2.0.  My experience with Groovy is limited, but I have a good background in Java which I am hoping to leverage in learning/understanding Groovy.  The screencast takes an approach of building a basic application in Grails encompassing the following,

• Setting up application configuration and plugins
• Building basic model, view and controller implementations of 
• User
• Role
• User Role mapping
• Discuss Unit testing - in my opinion very handy and largely automated
• Building a new model, view and controller of a Book.

I don't intend to reproduce the screencast here.  However, as part of this first part I would like to make sure there is enough understanding about the Grails project and how it is built for those looking to understand and answer the same questions I am setting out to answer.

For complete source, access the git repository through git : git://github.com/mhorner/research-grails-rest.git or view it at https://github.com/mhorner/research-grails-rest.