1 / 14

Web Server Design Week 15

This document explores Representational State Transfer (REST) as an architectural style for designing web services, contrasting it with Remote Procedure Call (RPC) interfaces like SOAP. It emphasizes the practical aspects of using RESTful URIs, CRUD operations, and the advantages of embracing HTTP in system design. Additionally, it introduces Amazon S3, a scalable cloud storage service, detailing its core concepts like buckets and objects, access methods, and authentication processes, highlighting its utility in modern web applications.

asha
Télécharger la présentation

Web Server Design Week 15

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Web Server DesignWeek 15 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein <mklein@cs.odu.edu> 4/21/10

  2. Representational State Transfer • HTTP is an implementation of REST • http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm • REST is best understood in contrast to Remote Procedure Call (RPC) style interfaces like SOAP • http://en.wikipedia.org/wiki/Representational_State_Transfer • http://en.wikipedia.org/wiki/SOAP_(protocol) • The simplest explanation is RESTful URIs are nouns, and RPC URIs are verbs • it is not true that REST URIs do not have arguments / query strings • Philosophies: • RPC: HTTP is just a transport protocol to tunnel an application-specific protocol; other protocols (e.g., SMTP or future protocols) can be used too • REST (HTTP implementation): HTTP already has basic mechanisms for almost anything you need and will be around forever. Embrace it in your system design.

  3. All You Need is CRUD… http://en.wikipedia.org/wiki/Create,_read,_update_and_delete

  4. Example Design http://example.com/userApp?method=getUser&arg1=X&arg2=Y http://example.com/userApp?method=addUser&arg1=X&arg2=Y http://example.com/userApp?method=removeUser&arg1=X&arg2=Y http://example.com/userApp?method=updateUser&arg1=X&arg2=Y http://example.com/userApp?method=getLocation&arg1=X&arg2=Y http://example.com/userApp?method=addLocation&arg1=X&arg2=Y http://example.com/userApp?method=removeLocation&arg1=X&arg2=Y http://example.com/userApp?method=updateLocation&arg1=X&arg2=Y http://example.com/userApp?method=listUsers&arg1=X&arg2=Y http://example.com/userApp?method=listLocations&arg1=X&arg2=Y http://example.com/userApp?method=findLocation&arg1=X&arg2=Y http://example.com/userApp?method=findUser&arg1=X&arg2=Y RPC: http://example.com/users/ http://example.com/users/{user} (one for each user - where {user} is either the user name or the user id) http://example.com/findUserForm http://example.com/locations/ http://example.com/locations/{location} (one for each location - where {location} is the location name or the location id) http://example.com/findLocationForm REST: adapted from: http://en.wikipedia.org/wiki/Representational_State_Transfer

  5. Amazon S3 • “Simple Storage Service” • http://aws.amazon.com/s3 • part of a family of Amazon Web Services (AWS), including “Elastic Compute Cloud (EC2)” and “Simple Queueing Service (SQS)” • Premise: • cheap, remote storage service accessible via http • no initial fee, no maintenance fee • $0.15 per GB/month storage (first 50TB) • $0.10 per GB transferred • private/public X read/write access available

  6. Core Concepts • Registration: • AWS access key ID • semantic free name space for your account • Secret access key • used to authenticate to AWS • Bucket • namespace for referencing your objects; must be globally unique • you can have 1-100 buckets per AWS access key • buckets hold 0 or more objects • Object • files (placed in buckets); up to 5GB in a single object • “key” is the identifier for the object placed in a bucket

  7. Access Points • SOAP and REST interfaces provided • 3 different URLs for REST access: • http://s3.amazonws.com/bucket/key • http://bucket.s3.amazonws.com/key • http://bucket/key • Where: • bucket = your namespace • key = identifier of the object in the bucket • For more info: • http://docs.amazonwebservices.com/AmazonS3/2006-03-01/VirtualHosting.html

  8. Examples: These are the same (& real): http://s3.amazonaws.com/doc/2006-03-01/AmazonS3.wsdl http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl These would be the same (but not real): http://s3.amazonaws.com/MartinKlein/Voelkl/DNX10 http://martinkleinrackets.s3.amazonaws.com/Voelkl/DNX10 http://rackets.martinklein.org/Voelkl/DNX10

  9. Authenticating to AWS • Can authenticate to AWS via: • “Authorization” HTTP header using the AWS authentication scheme • cf. “Basic” & “Digest in RFC-2616 • URL arguments • http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAuthentication.html • HMAC: Keyed-Hashing for Message Authentication • RFC-2104: http://www.ietf.org/rfc/rfc2104.txt

  10. Authentication Header Example Authorization: AWS AWSAccessKeyId:Signature Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature; Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( YourSecretAccessKeyID, StringToSign ) ) ); StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedAmzHeaders + CanonicalizedResource; CanonicalizedResource = ….

  11. A Tour of the REST API for S3 • http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAPI.html

  12. Create a Bucket # create bucket request PUT /[bucket-name] HTTP/1.0 Date: Wed, 08 Mar 2006 04:06:15 GMT Authorization: AWS [aws-access-key-id]:[header-signature] Host: s3.amazonaws.com # create bucket response HTTP/1.1 200 OK x-amz-id-2: VjzdTviQorQtSjcgLshzCZSzN+7CnewvHA+6sNxR3VRcUPyO5fm… x-amz-request-id: 91A8CC60F9FC49E7 Date: Wed, 08 Mar 2006 04:06:15 GMT Location: /[bucket-name] Content-Length: 0 Connection: keep-alive Server: AmazonS3

  13. Write an Object # put object request PUT /[bucket-name]/[key-name] HTTP/1.0 Date: Wed, 08 Mar 2006 04:06:16 GMT Authorization: AWS [aws-access-key-id]:[header-signature] Host: s3.amazonaws.com Content-Length: 14 x-amz-meta-title: my title Content-Type: text/plain this is a test # put object response HTTP/1.1 200 OK x-amz-id-2: wc15E1LUrjDZhNtT4QZtsbtadnOMKGjw5QTxkRDVO1owwbA6Y… x-amz-request-id: 7487CD42C5CA7524 Date: Wed, 08 Mar 2006 04:06:16 GMT ETag: "54b0c58c7ce9f2a8b551351102ee0938" Content-Length: 0 Connection: keep-alive Server: AmazonS3

  14. GData: Atom + REST • http://en.wikipedia.org/wiki/Atom_(standard) • http://code.google.com/apis/gdata/ • http://code.google.com/apis/base/docs/2.0/attrs-queries.html

More Related