0

I have made a Java EE 6 application where a user can browse a set of questions, add new questions and so on. The user can optionally log in so that he/she gets "credit" for adding the question or reporting it as bad.

Now I want to make a iPhone application where the user can do pretty much the same. So the answer is web service I assume. I have not worked with web service before but I see there are at least to alternatives: SOAP and REST.

Which one should I choose? I want the user to be able to log in from the application as well a as browse the questions in the database...pretty much many of the actions you can do on the web site.

I don't know much about the security and overhead they introduce.

Also I want the user to be able to retrieve the list of questions thorugh the web server and have the option to save it, so he/she won't need to have internet unless he/she wants to update it. Can I achieve this with both web services?

LuckyLuke
  • 47,771
  • 85
  • 270
  • 434

4 Answers4

1

REST has less overhead than SOAP (WSDL contract, XML messages, supporting frameworks) so when the client is a mobile device REST seems more suitable. You could use JAX-RS (Jersey) to easily create REST services on the server side. The client request consists of the url structure and/or parameters like http://yourserver/questions/view/342 (to view question 342) or http://yourserver/questions/search?q=REST+vs+SOAP (to search for questions about REST vs SOAP). The response can be anything you want, but XML or JSON is pretty common.

Choosing REST means you will be leaning heavily on the HTTP protocol. For security a common approach is to use HTTP Basic authentication in combination with https. Basic authentication means you add an 'Authentication:' header to your HTTP request containing a Base64 encoded username:password pair. Note that Base64 does not encrypt anything, it just obfuscates. To avoid eavesdropping you need to use at least https meaning requests are encrypted using the server's public key. These requests can only be decrypted with the server's private key. To use https you need to set up the server with a certificate. If you want to avoid warnings about the certificate being 'untrusted' it needs to be issued by a recognized SSL certificate provider. For testing you can just generate it yourself.

Finally you asked about saving a list of questions for offline usage. This is a concern of the app, not of the service. To do this you need to store the retrieved data on the device and access that data if the device goes offline. I am not an iPhone developer, but I can imagine you could use a flat file or some lightweight database to store the data. When the device is offline, the app component that retrieves data should switch from network access to local storage access. Also some app functionalities like adding a question might need to be disabled. If you don't disable these, you would need to temporarily store any data entered by the user and send it to the server when the device comes online again. This could be a bit tricky to get right so my advice would be to leave this for later.

Adriaan Koster
  • 15,870
  • 5
  • 45
  • 60
0

Short answer: Yes, you can achieve that with web services.

Web services are only a facade to your system - they can expose (or not) any behavior you want to. If you have security concerns, you'll have to approach them anyway in both methods.

Personally, I'd use a RESTful approach as its usually simpler to implement and use. From Wikipedia:

A RESTful web service (also called a RESTful web API) is a simple web service implemented using HTTP and the principles of REST. It is a collection of resources, with four defined aspects:

  • the base URI for the web service, such as http://example.com/resources/
  • the Internet media type of the data supported by the web service. This is often JSON, >XML or YAML but can be any other valid Internet media type.
  • the set of operations supported by the web service using HTTP methods (e.g., GET, >PUT, POST, or DELETE).
  • The API must be hypertext driven.[11]

So you'd have a URL, say http://mywebsite.com/users and perform HTTP actions (GET, PUT, etc) on them. A GET request on /users/17 could return user 17, for instance, while a POST request on it would update said user.

As for login, when your users "log in" you would call a GET method that sends username:password (probably encrypted) and returns a login token. Every time the user executes an action, you would send said token with the request as an additional parameter.

Marcelo
  • 4,580
  • 7
  • 29
  • 46
  • Okey, so users will able to log in thorugh a REST webservice too? Then after they are authenticated and authorized I return a boolean or something? Do they need to have internet connectivity as long as they are connected? – LuckyLuke Jan 27 '12 at 09:30
  • Pjotr, in a REST webservice you would not have a 'proper' login - will update the answer. – Marcelo Jan 27 '12 at 09:55
  • Okey, so do I need to change the code and do something with token in every method then? Or are there frameworks etc I can use? – LuckyLuke Jan 27 '12 at 10:12
  • There are many RESTful frameworks/APIs you can use, I think that would be more appropriate on another question. – Marcelo Jan 27 '12 at 10:16
0

You can take a look at this previous SO post for some guidance. I would recommend using REST, it seems to be less messy than SOAP and Java has support available for it as shown here.

Through the use of annotations, you can simply created a facade to which users will connect. In turn, this facade will call the relevant logic which I am presuming you already have.

Community
  • 1
  • 1
npinti
  • 51,780
  • 5
  • 72
  • 96
0

Well on a simple search REST vs SOAP, you will eventually get to this

There are plenty of other articles and even in-depth research papers, so it's only a matter of - do you really want to get serious with your research VS not really

Good luck!

tartak
  • 485
  • 3
  • 17