Friday, February 10, 2012

State management in Restful Application



                                   First of all, let’s discuss about why should we prefer to use REST Services: 
       
            Advantages:
  • Simple.
  •  You can make good use of HTTP cache and proxy server to help you handle high load.
  • It helps you organize even a very complex application into simple resources.
  • It makes it easy for new clients to use your application
  •  It makes it easy for new clients to use your application, even if you haven't designed it specifically for them  probably, because they weren't around when you created your app.
  • Also, because REST relies on the semantics of HTTP, requests for data (GET requests) can be cached.


A REST web application requires a different design approach than an RPC application. In RPC, the emphasis is on the diversity of protocol operations, or verbs; for example, an RPC application might define operations such as the following:
With REST, on the other hand, the emphasis is on the diversity of resources, or nouns; for example, a REST application might define the following two resource types

The problem is that although it is easy to model resources as services as shown in the example in many cases it is quite difficult to model a service as a resource.

RESTful services are stateless. Each request from client to server must contain all the information necessary to understand the request, and cannot take advantage of any stored context on the server.”

Use Case:
Consider a scenario where a user logs in to an ecommerce site. He adds few items into his basket. Then he will proceed for buying the product followed by transaction.

Problem:
If the e-commerce web site runs on restful services running somewhere on Himalayas. The server running at the top hill needs to know about all the requests which are coming by the same user.Right?.

Dialogue:

Client: Hey, I want to buy few Reebok shoes. Please proceed.
Services: Sorry, I could not identify you? Give me few more details.
Client: I have already logged in to your application!
Server: I do not remember any things. Sorry.

Solution:

Server should know the state of the client call .We need to provide some hook to track the requests.

What we need to do:
  • Verify if all the requests coming to the server are authenticated.
  • If no, then send authentication error in the response code.
  • In case of request for authentication request generate Session , you are free to use any authentication Mechanism say Oauth 2.0,/ Basic Authentication/ Digest Authentication.
  • If yes, verify the rest call has have some token through which the server will identify the User.
  • Update the profile of the user say if the user has added items into his basket then the basket Items need to be updated in his profile.
  • For any request, you validate the session by inspecting the information stored inside the session.
  • Persist the profile somewhere in Memory or Cache.
  • When the user’s log’s out take appropriate action whether the state needs to be persisted somewhere into the data base or simply clean the session. 
  Client side Implementation: Use Cookie for Browser, Application memory for Smart Phone.
  Server side Implementation: Use Request and Response Handler or In/Out Interceptor, Security      Interceptors

Conclusion:
Conforming to REST constraints is definitely not simple. Squeezing complex business operations into four standard verbs is actually really hard sometimes.Also, REST has no support for distributed transactions.
So design your application client adaptable enough to rely on both rest and SOAP based Services.

at

No comments:

Post a Comment