0

I am following a tutorial to develop a RESTful web service in java based on JAX-RS. I have modified the POST method in order to upload a file to service from client (see code below). In tutorial, a .WAR package is deployed into tomcat apache server.

My application is very simple, just to use a POST method. I have only one client, no user management is needed. RESTful is stateless so no caching is needed. To me, a full fledge tomcat seems to be redundant.

I went through different answers here already embedded-server and server-2 and they suggested to make a main method in Java which will listen on a certain port using jax-ws.

javax.xml.ws.Endpoint.publish("http://localhost:8000/myService/", myServiceImplementation);

I suspect that this simple solution will go wrong, may be I miss some security related things? Can it deteriorate the reliability of the services? etc. can somebody explain what can go wrong if I use a simple solution instead of full fledge tomcat?

@Path("/file")
public class RESTfulHelloWorld 
{

@POST
@Path("/upload")
@Consumes(MediaType.MULTIPART_FORM_DATA)
public Response uploadFile(
    @FormDataParam("file") InputStream uploadedInputStream,
    @FormDataParam("file") FormDataContentDisposition fileDetail) 
{
    //String uploadedFileLocation = "d:/uploaded/" + fileDetail.getFileName();
    String uploadedFileLocation = "d:/test.txt";
    // save it
    writeToFile(uploadedInputStream, uploadedFileLocation);
    String output = "File uploaded to : " + uploadedFileLocation;
    return Response.status(200).entity(output).build();
}
private void writeToFile(InputStream uploadedInputStream,
    String uploadedFileLocation) 
{
    try {
        OutputStream out = new FileOutputStream(new File(
                uploadedFileLocation));
        int read = 0;
        byte[] bytes = new byte[1024];
        out = new FileOutputStream(new File(uploadedFileLocation));
        while ((read = uploadedInputStream.read(bytes)) != -1) {
            out.write(bytes, 0, read);
        }
        out.flush();
        out.close();
    } catch (IOException e) {
        e.printStackTrace();
    }
}
Community
  • 1
  • 1
Wafeeq
  • 869
  • 1
  • 16
  • 34
  • 3
    Everything. Everything can go wrong. Do you know how long it took to develop reliable, secure web servers? Either use an existing solution (for example embed [Jetty](https://eclipse.org/jetty/) or even [Tomcat](https://devcenter.heroku.com/articles/create-a-java-web-application-using-embedded-tomcat)) or abandon all hope of having something even remotely production ready for a year or so of development time. – Boris the Spider Dec 16 '16 at 15:10
  • Yes, using the JDK provided endpoint solution will only work for testing / training purposes. This solution will not be production ready because it won't be scalable, won't be secure. What is impeding you from using a normal server? – ACV Dec 19 '16 at 11:27
  • @ACV this is just my curiosity, and I am also afraid of server maintenance. What about new releases of tomcat? updates? I will have to take care of all those things if I want to deploy commercially. It seems me to be an overhead. – Wafeeq Dec 19 '16 at 11:42
  • @ACV when you say `won't be secure` what do you mean? can you explain? what kind of security tomcat provides? – Wafeeq Dec 19 '16 at 11:43
  • 1
    I understand your concerns about servers... but you can update only when you want or there is a critical security risk. Tomcat provides container services (BASIC security for example, or JNDI, ...). In tomcat you can define users, roles, ... and therefor you can implement authentication and authorization properly. – ACV Dec 19 '16 at 13:32

0 Answers0