File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Services and the fly likes What is the size of Restful webservice payload? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Web Services
Bookmark "What is the size of Restful webservice payload?" Watch "What is the size of Restful webservice payload?" New topic
Author

What is the size of Restful webservice payload?

Swaroop Kunduru
Ranch Hand

Joined: May 22, 2006
Posts: 33
What is the size of a restful webservice payload ideal size? I have to return about 20KB data shall I use Rest or SOAP?

Thanks in advance.

Regards,

Swaroop Kunduru.


Regards,
Swaroop Kunduru
H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 471
    
    4
I just scan over this http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.4.10
and note. Not sure if my reading is correct.

10.4.14 413 Request Entity Too Large
The server is refusing to process a request because the request entity is larger than the server is willing or able to process. The server MAY close the connection to prevent the client from continuing the request.

If the condition is temporary, the server SHOULD include a Retry- After header field to indicate that it is temporary and after what time the client MAY try again.

So does your question depends on the server and/or web service engine(rest or soap) ? (is my understanding correct?)

Just do a test to see.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
I think the decision should depend on other factors.
H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 471
    
    4
1. It's good to hear from you. Tim :-D

2. Like what?
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12835
    
    5
1. There is nothing built in to RESTful architecture that causes a size limit
2. There are numerous comparisons between REST and SOAP to be found in articles in the Web Services FAQ here at the ranch.
3. Since SOAP will always be slower and more complicated - due to the XML creation and parsing - one would only use SOAP if he needed the special WS-* security/authentication/encryption/ etc capabilities.

Bill

Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
H Paul wrote:Like what?

Simplicity (in favor of REST), security (more in favor of SOAP than REST), how it fits into the general architecture, SOAP skills of the developers (SOAP requires a good deal more time to get into) etc. But both REST and SOAP over HTTP are subject to the same size limitations as William said.
H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 471
    
    4
Tim Moores wrote:security (more in favor of SOAP than REST), .


Can you explain and/or justify with an example if possible?
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12835
    
    5
Can you explain and/or justify with an example if possible?


I already gave you a link to numerous discussions of REST and SOAP - go read some of the literature that thoughtful authors have put together for education of programmers such as yourself.

Expecting a custom discussion when so much published discussion is readily available is preposterous.

Bill
H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 471
    
    4
"You don't lead by hitting people over the head-that's assault, not leadership."


1. Yes, I already read and aware of what you said and posted. Thanks.

2. My question was for Tim because what he said was not clear to me. My rule, when in doubt, ask for a clarification.
(Is it too much.)
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
REST has only HTTP mechanisms for security, like Basic/Digest Authentication and SSL - transport security, in other words. WS-Security, OTOH, offers message security, which is a lot more flexible.

And I agree with William - you should read quite bit of what is linked in that FAQ.
H Paul
Ranch Hand

Joined: Jul 26, 2011
Posts: 471
    
    4
"Trust but verify"


Thanks.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Tim Moores wrote:REST has only HTTP mechanisms for security, like Basic/Digest Authentication and SSL - transport security, in other words. WS-Security, OTOH, offers message security, which is a lot more flexible.


In general, when application designers and application programers get to define "flexible" security, they nearly always screw it up. In my experience, they screw it up 100% of the time, but some may be a bit better.

Any serious web usage these days *has to* use SSL/TLS. Its the minimum to be credible.

I fail to see (1) why the flexibility is better or (2) why it is even desirable.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Pat Farrell wrote:Any serious web usage these days *has to* use SSL/TLS. Its the minimum to be credible.

No. The mechanisms defined by WS-Security are perfectly fine.

I fail to see (1) why the flexibility is better or (2) why it is even desirable.

For starters, SOAP isn't just used over HTTP, so HTTP mechanisms may not even be available. And transport-level security ends the minute a message reaches the end point, whereas message-level security as defined by WS-Security can stay in place until a message needs decrypting. SOAP can be used (and is used) to implement processing pipelines that go beyond simple endpoint-to-endpoint scenarios.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Tim Moores wrote:For starters, SOAP isn't just used over HTTP, so HTTP mechanisms may not even be available.


Which begs the question: why are you using SOAP?
It sure isn't Simple.

If HTTP is not available, you are, by definition, working in a very special world. Protocols other than HTTP and HTTPS simply can't get through
corporate firewalls.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Using SOAP w/o HTTP is no more complicated than using SOAP over HTTP. But I don't see how that question is related to what we're talking about here.

If HTTP is not available, you are, by definition, working in a very special world. Protocols other than HTTP and HTTPS simply can't get through corporate firewalls.

Nobody said anything about HTTP not being available. And, with all due respect, making absolute statements that are just plain false -although possibly outside the range of your experience- makes me wonder if you're just trying to be contrarian in an attempt to further your point, whatever that is (I'm not sure at this point, it seems to shift from post to post).
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Tim Moores wrote:Nobody said anything about HTTP not being available.


Tim, I quoted you. Verbatim. You said it was not available. Read your post and how I quoted it.

My position on SOAP is simple, to be clear: I have never used it in production. I have evaluated it for possible use many times over the years. Each time
I found that the complexity of it exceeded any conceivable benefit. So I have zero experience in using it in production. In my professional view,
if SOAP is the answer, you are asking the wrong question. YMMV.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
To be precise, I said that HTTP security mechanisms are not available if HTTP is not being used (which can be an architectural choice). But the main point is: message-level security has advantages over transport-level security, and that's where WS-Security shines.
Pat Farrell
Rancher

Joined: Aug 11, 2007
Posts: 4659
    
    5

Tim Moores wrote:To be precise, I said that HTTP security mechanisms are not available if HTTP is not being used (which can be an architectural choice). But the main point is: message-level security has advantages over transport-level security, and that's where WS-Security shines.


I quoted you. I don't see how you can argue with that.

I believe that using something other than HTTP is a bad architectural choice in at least 99.99% of all designs. IMHO, etc.

For a long time I have felt that transport level security is a weak choice, because most designers simply place all of their trust in the transport layer and do not bother to engage their brains on security within the system. But practice shows that most folks who attempt to design and specify security do it poorly.
Tim Moores
Rancher

Joined: Sep 21, 2011
Posts: 2408
Pat Farrell wrote:I quoted you. I don't see how you can argue with that.

Easy: because you quoted something I didn't actually say, which I pointed out in my previous post. You seem to think I said HTTP was not available, but I said HTTP security is not available if HTTP is not being used. And X not being used is simply not the same as X not being available.

But practice shows that most folks who attempt to design and specify security do it poorly.

Yep, we're all entitled to our opinions. I happen to believe that message level security as defined by WS-Security is done well, and is preferable to using the transport-level security of HTTP. Which works well, too, I hasten to point out, but is not as flexible. (As I've said already said above.)
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: What is the size of Restful webservice payload?