3

We are evaluating the technology to be used for a web based application and some suggestions are to go with RESTful based services approach. Tech Stack

1) Spring 2) Apache CXF ( JAX-RS)

My questions are

1) How state is managed between requests. For example, a user has been authenticated and now he is making a series of requests lets say going through a paginated report. I would imagine the URL for this will be like

domain.com/reports/customreport/page/1 domain.com/reports/customreport/page/2 etc...

a) Where is the user information & request parameters are stored so that it can be shared between requests. b) Lets say the result is being streamed, where is Rowset is stored?

Is there a complete sample application something similar to Petclinic that can provide the best practices for such an application.

user325643
  • 353
  • 1
  • 8
  • 20

2 Answers2

5

If you are doing RESTful strictly / properly, then user authentication is done in each request and there is no concept of a session. Each request contains enough context information (in the URL and/or request parameters) to allow it to work independent of a session.

1) How state is managed between requests.

It must be managed by the client.

a) Where is the user information & request parameters are stored so that it can be shared between requests.

User authentication information is stored by the client and provided to the server with each request. The server will recalculate any derived information about the user on each request. Any request parameters that would normally be stored in a server-side "session" must be passed afresh with each request.

b) Lets say the result is being streamed, where is Rowset is stored?

In the first instant, nowhere. The query is reissued each time with a parameter saying where to skip to. If performance was an issue, you could

  • read-ahead a few pages of the result set and store them in a server-side cache, or
  • tune the database query caching for the query.
Stephen C
  • 698,415
  • 94
  • 811
  • 1,216
3

1) The user information is not stored anywhere, the user has to send his credentials (or whatever authentication method you're using) on every single request.

2) Streaming doesn't make much sense in a RESTful API, if you would like to do streaming I'd greatly advice you to look for something like WebSockets (in Java you can easily do this with Jetty)

If you said streaming but you meant paginated results, same as 1, there is no state kept, the client has to send a new request with all the information and the server has to query the database (or go to a cache, or do anything needed) and return the result to the customer.

You should also read more about REST, as your question is quite vague, one good start is the Restful Web Services book or, if you feel adventurous, you can try Roy Fielding dissertation that defined what we call REST today.

MaurĂ­cio Linhares
  • 39,901
  • 14
  • 121
  • 158