Web Server Design Week 15 Old Dominion University Martin Klein <>
advertisement
Web Server Design
Week 15
Old Dominion University
Department of Computer Science
CS 495/595 Spring 2010
Martin Klein <mklein@cs.odu.edu>
4/21/10
Representational State Transfer
• HTTP is an implementation of REST
– http://www.ics.uci.edu/~fielding/pubs/dissertation/rest_arch_style.htm
• REST is best understood in contrast to Remote
Procedure Call (RPC) style interfaces like SOAP
– http://en.wikipedia.org/wiki/Representational_State_Transfer
– http://en.wikipedia.org/wiki/SOAP_(protocol)
• The simplest explanation is RESTful URIs are
nouns, and RPC URIs are verbs
– it is not true that REST URIs do not have arguments / query strings
• Philosophies:
– RPC: HTTP is just a transport protocol to tunnel an application-specific protocol;
other protocols (e.g., SMTP or future protocols) can be used too
– REST (HTTP implementation): HTTP already has basic mechanisms for almost
anything you need and will be around forever. Embrace it in your system design.
All You Need is CRUD…
Operation
SQL
HTTP
Create
Insert
POST, PUT
Read/Retrieve
Select
GET
Update
Update
PUT
Delete/Destroy
Delete
DELETE
http://en.wikipedia.org/wiki/Create,_read,_update_and_delete
Example Design
RPC:
REST:
http://example.com/userApp?method=getUser&arg1=X&arg2=Y
http://example.com/userApp?method=addUser&arg1=X&arg2=Y
http://example.com/userApp?method=removeUser&arg1=X&arg2=Y
http://example.com/userApp?method=updateUser&arg1=X&arg2=Y
http://example.com/userApp?method=getLocation&arg1=X&arg2=Y
http://example.com/userApp?method=addLocation&arg1=X&arg2=Y
http://example.com/userApp?method=removeLocation&arg1=X&arg2=Y
http://example.com/userApp?method=updateLocation&arg1=X&arg2=Y
http://example.com/userApp?method=listUsers&arg1=X&arg2=Y
http://example.com/userApp?method=listLocations&arg1=X&arg2=Y
http://example.com/userApp?method=findLocation&arg1=X&arg2=Y
http://example.com/userApp?method=findUser&arg1=X&arg2=Y
http://example.com/users/
http://example.com/users/{user}
(one for each user - where {user} is either the user name or the user id)
http://example.com/findUserForm
http://example.com/locations/
http://example.com/locations/{location}
(one for each location - where {location} is the location name or the location id)
http://example.com/findLocationForm
adapted from: http://en.wikipedia.org/wiki/Representational_State_Transfer
Amazon S3
• “Simple Storage Service”
– http://aws.amazon.com/s3
– part of a family of Amazon Web Services (AWS),
including “Elastic Compute Cloud (EC2)” and “Simple
Queueing Service (SQS)”
• Premise:
–
–
–
–
–
cheap, remote storage service accessible via http
no initial fee, no maintenance fee
$0.15 per GB/month storage (first 50TB)
$0.10 per GB transferred
private/public X read/write access available
Core Concepts
• Registration:
– AWS access key ID
• semantic free name space for your account
– Secret access key
• used to authenticate to AWS
• Bucket
– namespace for referencing your objects; must be
globally unique
– you can have 1-100 buckets per AWS access key
– buckets hold 0 or more objects
• Object
– files (placed in buckets); up to 5GB in a single object
– “key” is the identifier for the object placed in a bucket
Access Points
• SOAP and REST interfaces provided
• 3 different URLs for REST access:
– http://s3.amazonws.com/bucket/key
– http://bucket.s3.amazonws.com/key
– http://bucket/key
• Where:
– bucket = your namespace
– key = identifier of the object in the bucket
• For more info:
–
http://docs.amazonwebservices.com/AmazonS3/2006-03-01/VirtualHosting.html
Examples:
These are the same (& real):
http://s3.amazonaws.com/doc/2006-03-01/AmazonS3.wsdl
http://doc.s3.amazonaws.com/2006-03-01/AmazonS3.wsdl
These would be the same (but not real):
http://s3.amazonaws.com/MartinKlein/Voelkl/DNX10
http://martinkleinrackets.s3.amazonaws.com/Voelkl/DNX10
http://rackets.martinklein.org/Voelkl/DNX10
Authenticating to AWS
• Can authenticate to AWS via:
– “Authorization” HTTP header using the AWS
authentication scheme
• cf. “Basic” & “Digest in RFC-2616
– URL arguments
• http://docs.amazonwebservices.com/AmazonS3/2006-0301/RESTAuthentication.html
• HMAC: Keyed-Hashing for Message
Authentication
– RFC-2104: http://www.ietf.org/rfc/rfc2104.txt
Authentication Header Example
Authorization: AWS AWSAccessKeyId:Signature
Authorization = "AWS" + " " + AWSAccessKeyId + ":" + Signature;
Signature = Base64( HMAC-SHA1(
UTF-8-Encoding-Of( YourSecretAccessKeyID, StringToSign ) ) );
StringToSign =
HTTP-Verb + "\n" +
Content-MD5 + "\n" +
Content-Type + "\n" +
Date + "\n" +
CanonicalizedAmzHeaders +
CanonicalizedResource;
CanonicalizedResource = ….
A Tour of the REST API for S3
• http://docs.amazonwebservices.com/Amazo
nS3/2006-03-01/RESTAPI.html
Create a Bucket
# create bucket request
PUT /[bucket-name] HTTP/1.0
Date: Wed, 08 Mar 2006 04:06:15 GMT
Authorization: AWS [aws-access-key-id]:[header-signature]
Host: s3.amazonaws.com
# create bucket response
HTTP/1.1 200 OK
x-amz-id-2: VjzdTviQorQtSjcgLshzCZSzN+7CnewvHA+6sNxR3VRcUPyO5fm…
x-amz-request-id: 91A8CC60F9FC49E7
Date: Wed, 08 Mar 2006 04:06:15 GMT
Location: /[bucket-name]
Content-Length: 0
Connection: keep-alive
Server: AmazonS3
Write an Object
# put object request
PUT /[bucket-name]/[key-name] HTTP/1.0
Date: Wed, 08 Mar 2006 04:06:16 GMT
Authorization: AWS [aws-access-key-id]:[header-signature]
Host: s3.amazonaws.com
Content-Length: 14
x-amz-meta-title: my title
Content-Type: text/plain
this is a test
# put object response
HTTP/1.1 200 OK
x-amz-id-2: wc15E1LUrjDZhNtT4QZtsbtadnOMKGjw5QTxkRDVO1owwbA6Y…
x-amz-request-id: 7487CD42C5CA7524
Date: Wed, 08 Mar 2006 04:06:16 GMT
ETag: "54b0c58c7ce9f2a8b551351102ee0938"
Content-Length: 0
Connection: keep-alive
Server: AmazonS3
GData: Atom + REST
• http://en.wikipedia.org/wiki/Atom_(standard)
• http://code.google.com/apis/gdata/
• http://code.google.com/apis/base/docs/2.0/attrsqueries.html
