File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Spring and the fly likes Newbie asking: rest information for spring3 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of EJB 3 in Action this week in the EJB and other Java EE Technologies forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Newbie asking: rest information for spring3" Watch "Newbie asking: rest information for spring3" New topic
Author

Newbie asking: rest information for spring3

Nico Martens
Greenhorn

Joined: Jul 29, 2011
Posts: 5

Hellow,

Ok I'm not quit new in the java world but I am new to spring.
So I managed to create myself a rest controller with spring. I'm trying to call it in my frontend with the mvvc (model view view-controller) framework knockout.

Everything works well so far! Now I wonder, rest services are stateless am I right? So how do I preserve session information or change objects inside a rest service???

I'm probably looking this at a wrong angle but I want to execute some java logic behind a rest service that would influence that rest services within the same session!

In example:
I call a rest servlet that gives back:
{'test_object: test'}

Now I call something else to influence my test_object so it becomes: another test. This may only be visible for my session!
So when I recall the same rest servlet it would give back
{'test_object: another test'}

Is this possible or am I looking this at a wrong angle...

Regards

Nico
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

You can use HttpSession attributes. It is persistent between calls.
Nico Martens
Greenhorn

Joined: Jul 29, 2011
Posts: 5

Kathleen Angeles wrote:You can use HttpSession attributes. It is persistent between calls.


Is that a best practice to use HttpSession. Should I initialize my HttpSession in my servlet? Does the rest controller knows from which session it is called?

Thanks

Regards

Nico
Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 122

Nico Martens wrote:
Is that a best practice to use HttpSession.


The http protocol is stateless.

Rest (when using http under it, and all other types of remote calls for that matter like XML Web Service), do not maintain state unless you make it so. Your way of putting your 'test_object' in the HttpSession indeed makes it stateful.

Your Rest service being stateful is bad in some ways; e.g. in service-oriented architecture, maintainability of code due to clean design, performance, etc. For example, the concerned service is no longer purely independent. But if this is what you want, and what your application calls for (for example, small web applications or modules), you can do so.

Nico Martens wrote: Should I initialize my HttpSession in my servlet?


You can access the HttpSession by adding an HttpSession into your controller method's parameters like below.



Nico Martens wrote: Does the rest controller knows from which session it is called?


Yes, because it is part of the servlet specification. For example, a session id is used (e.g. through cookies, or url parameter), which reminds the server which session it is for.
Nico Martens
Greenhorn

Joined: Jul 29, 2011
Posts: 5

Kathleen Angeles wrote:
Nico Martens wrote:
Is that a best practice to use HttpSession.


The http protocol is stateless.

Rest (when using http under it, and all other types of remote calls for that matter like XML Web Service), do not maintain state unless you make it so. Your way of putting your 'test_object' in the HttpSession indeed makes it stateful.

Your Rest service being stateful is bad in some ways; e.g. in service-oriented architecture, maintainability of code due to clean design, performance, etc. For example, the concerned service is no longer purely independent. But if this is what you want, and what your application calls for (for example, small web applications or modules), you can do so.

Nico Martens wrote: Should I initialize my HttpSession in my servlet?


You can access the HttpSession by adding an HttpSession into your controller method's parameters like below.



Nico Martens wrote: Does the rest controller knows from which session it is called?


Yes, because it is part of the servlet specification. For example, a session id is used (e.g. through cookies, or url parameter), which reminds the server which session it is for.


Off course I meant to ask if rest services are not statefull instead of statefull. My mistake sorry.

But I think where on the same line cause you confirmed what I suspected.

Thanks for the help,

Regards

Nico
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

True REST, has a rule of always stateless. So no HttpSession involved.

Mark


Perfect World Programming, LLC - Two Laptop Bag - Tube Organizer
How to Ask Questions the Smart Way FAQ
Nico Martens
Greenhorn

Joined: Jul 29, 2011
Posts: 5

Mark Spritzler wrote:True REST, has a rule of always stateless. So no HttpSession involved.

Mark


I hear you but I think you can do the same with REST as you can do with a servlet (that's even the reason why I posted in the servlets section).

So why use a servlet as your controller at all. Why use jsp... REST put you in the possition that you can split your view layer.

It's a different way of development I agree, but it would be much smoother for the end-users wouldn't it??

Regards
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

Nico Martens wrote:
Mark Spritzler wrote:True REST, has a rule of always stateless. So no HttpSession involved.

Mark


I hear you but I think you can do the same with REST as you can do with a servlet (that's even the reason why I posted in the servlets section).

So why use a servlet as your controller at all. Why use jsp... REST put you in the possition that you can split your view layer.

It's a different way of development I agree, but it would be much smoother for the end-users wouldn't it??

Regards


What I think you are saying here, and is exactly what I do for my web applications. Is create a single-page web app. All requests are AJAX requests to a REST API using Spring MVC Rest. It is 100% stateless, no HttpSession anywhere. I also have only one jsp page (I hate jsp pages) but that jsp page has ZERO server side rendering. It is just straight HTML5, CSS3, and JQuery Javascript. So it is just an html page, but the extension is .jsp. This is only for the first request so the user get the website (single page app)

But for REST you still have to have a server side implementation. That can be Servlets, Spring MVC Controllers, but requires a Java web container. Or something like vert.x or Node.js, or even the Play Framework(No Servlets or web container)

But for REST it has to be stateless, otherwise it isn't REST.

Mark
Nico Martens
Greenhorn

Joined: Jul 29, 2011
Posts: 5

I agree with you for reusability reasons. But take the example of simply getting user bound data through REST.

If you don't get your user bound variables through something like a session created by a controller, then I would think that the only alternative is to use parameters.

Isn't that insecure? It's all still a javascript call so you can change the parameters inside a session...

I would like to use knockout to make a Model View View-Model in the front-end.

It's especially the backend that I'm interested in...

Thanks for the reply,

Regards

Nico
Mark Spritzler
ranger
Sheriff

Joined: Feb 05, 2001
Posts: 17249
    
    6

Nico Martens wrote:I agree with you for reusability reasons. But take the example of simply getting user bound data through REST.

If you don't get your user bound variables through something like a session created by a controller, then I would think that the only alternative is to use parameters.

Isn't that insecure? It's all still a javascript call so you can change the parameters inside a session...

I would like to use knockout to make a Model View View-Model in the front-end.

It's especially the backend that I'm interested in...

Thanks for the reply,

Regards

Nico


There are plenty of REST Security implementations out there. REST also uses headers and body, never would use request parameters to hold security information. You also have to remember that for REST the client isn't always going to be a browser. It is built for all types of clients, just using http(s) as the protocal.

Mark
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Newbie asking: rest information for spring3
 
Similar Threads
MVC - Current Service instance
Your opinion on MVC please.
how to support multiple clients - controllers & ..
Grails 1.1 Web Application Development
Spring MVC @SessionAttributes - lifespan? Documentation about it?