140 likes | 250 Vues
Web Server Design Week 15. Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein <mklein@cs.odu.edu> 4/21/10. Representational State Transfer. HTTP is an implementation of REST http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm
E N D
Web Server DesignWeek 15 Old Dominion University Department of Computer Science CS 495/595 Spring 2010 Martin Klein <mklein@cs.odu.edu> 4/21/10
Representational State Transfer • HTTP is an implementation of REST • http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm • REST is best understood in contrast to Remote Procedure Call (RPC) style interfaces like SOAP • http://en.wikipedia.org/wiki/Representational_State_Transfer • http://en.wikipedia.org/wiki/SOAP_(protocol) • The simplest explanation is RESTful URIs are nouns, and RPC URIs are verbs • it is not true that REST URIs do not have arguments / query strings • Philosophies: • RPC: HTTP is just a transport protocol to tunnel an application-specific protocol; other protocols (e.g., SMTP or future protocols) can be used too • REST (HTTP implementation): HTTP already has basic mechanisms for almost anything you need and will be around forever. Embrace it in your system design.
All You Need is CRUD… http://en.wikipedia.org/wiki/Create,_read,_update_and_delete
Example Design http://example.com/userApp?method=getUser&arg1=X&arg2=Y http://example.com/userApp?method=addUser&arg1=X&arg2=Y http://example.com/userApp?method=removeUser&arg1=X&arg2=Y http://example.com/userApp?method=updateUser&arg1=X&arg2=Y http://example.com/userApp?method=getLocation&arg1=X&arg2=Y http://example.com/userApp?method=addLocation&arg1=X&arg2=Y http://example.com/userApp?method=removeLocation&arg1=X&arg2=Y http://example.com/userApp?method=updateLocation&arg1=X&arg2=Y http://example.com/userApp?method=listUsers&arg1=X&arg2=Y http://example.com/userApp?method=listLocations&arg1=X&arg2=Y http://example.com/userApp?method=findLocation&arg1=X&arg2=Y http://example.com/userApp?method=findUser&arg1=X&arg2=Y RPC: http://example.com/users/ http://example.com/users/{user} (one for each user - where {user} is either the user name or the user id) http://example.com/findUserForm http://example.com/locations/ http://example.com/locations/{location} (one for each location - where {location} is the location name or the location id) http://example.com/findLocationForm REST: adapted from: http://en.wikipedia.org/wiki/Representational_State_Transfer
Amazon S3 • “Simple Storage Service” • http://aws.amazon.com/s3 • part of a family of Amazon Web Services (AWS), including “Elastic Compute Cloud (EC2)” and “Simple Queueing Service (SQS)” • Premise: • cheap, remote storage service accessible via http • no initial fee, no maintenance fee • $0.15 per GB/month storage (first 50TB) • $0.10 per GB transferred • private/public X read/write access available
Core Concepts • Registration: • AWS access key ID • semantic free name space for your account • Secret access key • used to authenticate to AWS • Bucket • namespace for referencing your objects; must be globally unique • you can have 1-100 buckets per AWS access key • buckets hold 0 or more objects • Object • files (placed in buckets); up to 5GB in a single object • “key” is the identifier for the object placed in a bucket
Access Points • SOAP and REST interfaces provided • 3 different URLs for REST access: • http://s3.amazonws.com/bucket/key • http://bucket.s3.amazonws.com/key • http://bucket/key • Where: • bucket = your namespace • key = identifier of the object in the bucket • For more info: • http://docs.amazonwebservices.com/AmazonS3/2006-03-01/VirtualHosting.html
Examples: These are the same (& real): http://s3.amazonaws.com/doc/2006-03-01/AmazonS3.wsdl http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl These would be the same (but not real): http://s3.amazonaws.com/MartinKlein/Voelkl/DNX10 http://martinkleinrackets.s3.amazonaws.com/Voelkl/DNX10 http://rackets.martinklein.org/Voelkl/DNX10
Authenticating to AWS • Can authenticate to AWS via: • “Authorization” HTTP header using the AWS authentication scheme • cf. “Basic” & “Digest in RFC-2616 • URL arguments • http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAuthentication.html • HMAC: Keyed-Hashing for Message Authentication • RFC-2104: http://www.ietf.org/rfc/rfc2104.txt
Authentication Header Example Authorization: AWS AWSAccessKeyId:Signature Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature; Signature = Base64( HMAC-SHA1( UTF-8-Encoding-Of( YourSecretAccessKeyID, StringToSign ) ) ); StringToSign = HTTP-Verb + "\n" + Content-MD5 + "\n" + Content-Type + "\n" + Date + "\n" + CanonicalizedAmzHeaders + CanonicalizedResource; CanonicalizedResource = ….
A Tour of the REST API for S3 • http://docs.amazonwebservices.com/AmazonS3/2006-03-01/RESTAPI.html
Create a Bucket # create bucket request PUT /[bucket-name] HTTP/1.0 Date: Wed, 08 Mar 2006 04:06:15 GMT Authorization: AWS [aws-access-key-id]:[header-signature] Host: s3.amazonaws.com # create bucket response HTTP/1.1 200 OK x-amz-id-2: VjzdTviQorQtSjcgLshzCZSzN+7CnewvHA+6sNxR3VRcUPyO5fm… x-amz-request-id: 91A8CC60F9FC49E7 Date: Wed, 08 Mar 2006 04:06:15 GMT Location: /[bucket-name] Content-Length: 0 Connection: keep-alive Server: AmazonS3
Write an Object # put object request PUT /[bucket-name]/[key-name] HTTP/1.0 Date: Wed, 08 Mar 2006 04:06:16 GMT Authorization: AWS [aws-access-key-id]:[header-signature] Host: s3.amazonaws.com Content-Length: 14 x-amz-meta-title: my title Content-Type: text/plain this is a test # put object response HTTP/1.1 200 OK x-amz-id-2: wc15E1LUrjDZhNtT4QZtsbtadnOMKGjw5QTxkRDVO1owwbA6Y… x-amz-request-id: 7487CD42C5CA7524 Date: Wed, 08 Mar 2006 04:06:16 GMT ETag: "54b0c58c7ce9f2a8b551351102ee0938" Content-Length: 0 Connection: keep-alive Server: AmazonS3
GData: Atom + REST • http://en.wikipedia.org/wiki/Atom_(standard) • http://code.google.com/apis/gdata/ • http://code.google.com/apis/base/docs/2.0/attrs-queries.html