Newbie asking: rest information for spring3

Hellow,

Ok I'm not quit new in the java world but I am new to spring.
So I managed to create myself a rest controller with spring. I'm trying to call it in my frontend with the mvvc (model view view-controller) framework knockout.

Everything works well so far! Now I wonder, rest services are stateless am I right? So how do I preserve session information or change objects inside a rest service???

I'm probably looking this at a wrong angle but I want to execute some java logic behind a rest service that would influence that rest services within the same session!

In example:
I call a rest servlet that gives back:
{'test_object: test'}

Now I call something else to influence my test_object so it becomes: another test. This may only be visible for my session!
So when I recall the same rest servlet it would give back
{'test_object: another test'}

Is this possible or am I looking this at a wrong angle...

Regards

Nico

You can use HttpSession attributes. It is persistent between calls.

Kathleen Angeles wrote:You can use HttpSession attributes. It is persistent between calls.

Is that a best practice to use HttpSession. Should I initialize my HttpSession in my servlet? Does the rest controller knows from which session it is called?

Thanks

Regards

Nico

Nico Martens wrote:
Is that a best practice to use HttpSession.

The http protocol is stateless.

Rest (when using http under it, and all other types of remote calls for that matter like XML Web Service), do not maintain state unless you make it so. Your way of putting your 'test_object' in the HttpSession indeed makes it stateful.

Your Rest service being stateful is bad in some ways; e.g. in service-oriented architecture, maintainability of code due to clean design, performance, etc. For example, the concerned service is no longer purely independent. But if this is what you want, and what your application calls for (for example, small web applications or modules), you can do so.

Nico Martens wrote: Should I initialize my HttpSession in my servlet?

You can access the HttpSession by adding an HttpSession into your controller method's parameters like below.

@RequestMapping(value = "/getMyPizza") public @ResponseBody MyPizzaDto getMyPizza(HttpSession httpSession) { httpSession.setAttribute("test_object","another test");

Nico Martens wrote: Does the rest controller knows from which session it is called?

Yes, because it is part of the servlet specification. For example, a session id is used (e.g. through cookies, or url parameter), which reminds the server which session it is for.

Kathleen Angeles wrote:

Nico Martens wrote:
Is that a best practice to use HttpSession.

The http protocol is stateless.

Rest (when using http under it, and all other types of remote calls for that matter like XML Web Service), do not maintain state unless you make it so. Your way of putting your 'test_object' in the HttpSession indeed makes it stateful.

Your Rest service being stateful is bad in some ways; e.g. in service-oriented architecture, maintainability of code due to clean design, performance, etc. For example, the concerned service is no longer purely independent. But if this is what you want, and what your application calls for (for example, small web applications or modules), you can do so.

Nico Martens wrote: Should I initialize my HttpSession in my servlet?

You can access the HttpSession by adding an HttpSession into your controller method's parameters like below.

@RequestMapping(value = "/getMyPizza") public @ResponseBody MyPizzaDto getMyPizza(HttpSession httpSession) { httpSession.setAttribute("test_object","another test");

Nico Martens wrote: Does the rest controller knows from which session it is called?

Yes, because it is part of the servlet specification. For example, a session id is used (e.g. through cookies, or url parameter), which reminds the server which session it is for.

Off course I meant to ask if rest services are not statefull instead of statefull. My mistake sorry.

But I think where on the same line cause you confirmed what I suspected.

Thanks for the help,

Regards

Nico

True REST, has a rule of always stateless. So no HttpSession involved.

Mark

Mark Spritzler wrote:True REST, has a rule of always stateless. So no HttpSession involved.

Mark

I hear you but I think you can do the same with REST as you can do with a servlet (that's even the reason why I posted in the servlets section).

So why use a servlet as your controller at all. Why use jsp... REST put you in the possition that you can split your view layer.

It's a different way of development I agree, but it would be much smoother for the end-users wouldn't it??

Regards

Nico Martens wrote:

Mark Spritzler wrote:True REST, has a rule of always stateless. So no HttpSession involved.

Mark

I hear you but I think you can do the same with REST as you can do with a servlet (that's even the reason why I posted in the servlets section).

So why use a servlet as your controller at all. Why use jsp... REST put you in the possition that you can split your view layer.

It's a different way of development I agree, but it would be much smoother for the end-users wouldn't it??

Regards

What I think you are saying here, and is exactly what I do for my web applications. Is create a single-page web app. All requests are AJAX requests to a REST API using Spring MVC Rest. It is 100% stateless, no HttpSession anywhere. I also have only one jsp page (I hate jsp pages) but that jsp page has ZERO server side rendering. It is just straight HTML5, CSS3, and JQuery Javascript. So it is just an html page, but the extension is .jsp. This is only for the first request so the user get the website (single page app)

But for REST you still have to have a server side implementation. That can be Servlets, Spring MVC Controllers, but requires a Java web container. Or something like vert.x or Node.js, or even the Play Framework(No Servlets or web container)

But for REST it has to be stateless, otherwise it isn't REST.

Mark

I agree with you for reusability reasons. But take the example of simply getting user bound data through REST.

If you don't get your user bound variables through something like a session created by a controller, then I would think that the only alternative is to use parameters.

Isn't that insecure? It's all still a javascript call so you can change the parameters inside a session...

I would like to use knockout to make a Model View View-Model in the front-end.

It's especially the backend that I'm interested in...

Thanks for the reply,

Regards

Nico

Nico Martens wrote:I agree with you for reusability reasons. But take the example of simply getting user bound data through REST.

If you don't get your user bound variables through something like a session created by a controller, then I would think that the only alternative is to use parameters.

Isn't that insecure? It's all still a javascript call so you can change the parameters inside a session...

I would like to use knockout to make a Model View View-Model in the front-end.

It's especially the backend that I'm interested in...

Thanks for the reply,

Regards

Nico

There are plenty of REST Security implementations out there. REST also uses headers and body, never would use request parameters to hold security information. You also have to remember that for REST the client isn't always going to be a browser. It is built for all types of clients, just using http(s) as the protocal.

Mark