With the extreme prevalence of mobile apps, web apps, and desktop apps, REST services are more important than ever to provide data to its users. This data could be used for the native app, or for 3rd party developers to expand your service's reach into other apps. Either way, the REST service needs to be easy to use and easily modified in order to keep up with the ever-changing demand of the end users.
Java provides many options for creating REST services, including JAX-RS, Apache Camel, and Spring MVC. All are good frameworks and would be sufficient for just about any project, but I personally prefer to use Apache Camel. It is so flexible and easy to use that it's impossible to pass up.
The example code given here is intended to be used to authenticate a user via a REST route (keep in mind that there may be security concerns that aren't addressed in this route). Using Jetty, we expose a route on the api/v1.0/auth path, which passes a HttpServletRequest instance to our authenticationProcessor bean. From here, we can extract all of the required information to determine if the credentials are valid. If they are valid, then we set the authenticated header to true in the message, and then pass back a unique token for the client to use. Otherwise we return JSON to notify the client that the authentication has failed.
import java.util.UUID;
...
private static final String AUTH_FAILED = "{"
+ "\"success\": false,"
+ "\"message\": \"Authentication failed.\""
+ "\"token\": null"
+ "}";
private static final String AUTH_SUCCEEDED = "{"
+ "\"success\": true,"
+ "\"message\": \"Authentication succeeded.\""
+ "\"token\": \"%s\""
+ "}";
...
@Override
public void configure() {
from("jetty:http://localhost:8080/api/v1.0/auth")
.process(authenticationProcessor)
.choice()
.when(header("authenticated").isEqualTo(true))
.setBody().constant(String.format(AUTH_SUCCEEDED, UUID.randomUUID().toString()))
.otherwise()
.setBody().constant(AUTH_FAILED)
.end();
}
This simple example is meant to show how easily we can use Camel for REST services. Sure, other frameworks might take even less code to get authentication to work, but the power of Camel is realized when we start utilizing other Camel components in our route. Maybe, for example, we later decide that we'd prefer that our clients authenticate using Google's OAuth service. In this case, we'd simply replace .process(authenticationProcessor) with the Camel GAuth component: .to("gauth:authorize?callback=" + encodedCallback + "&scope=" + encodedScope);, where encodedCallback and encodedScope are callback URLs to fully handle Google's authentication service. See Camel's GAuth page for a full example.
Given that Camel plays nice with over 100 different information sources, and ServiceMix, it should be obvious that with just a few lines of code we'll be able to add some pretty useful functionality to our REST service.
