4413-ProjB

Executive Summary

In this project you will create a number of multithreaded WEB services which utilizes HTTP over TCP. These services will build on the TCP services of Project-A and expose a number of new concepts such as industrial-strength app servers, session management, analytics, and federataed and open authentication. You will later use these services to build a shopping-cart web application.

The Environment

We will continue to use red, but unlike Project-A for which any editor or IDE will do, we will now leverage Eclipse with Java EE features. To set this up, do this:

Launch Eclipse.
The Servers view should be visible (normally in the bottom pane with the console). If not, enable it vis Show view in the Window menu.
Right-click anywhere inside the empty Servers view and choose New then Server.
Add the Tomcat server running at localhost by pointing to its directory at: ~/4413/pkg/tomcat.
Create a new Dynamic Web Project named projB and accept all defaults
Right-click the project and select New Servlet and name it Service (put it in the service package) and accept all defaults.
One time only (since it gets cached), associate the Servlet Javadoc with Eclipse as follows: configure the project's Build Path by expanding the Apache Tomcat in the Libraries tab and locating servlet-api.jar and expanding it. Double-click Source Attachment and make its external location path point to the zip file in ~/4413/pkg/tomcat/webapps/docs/servletapi/.

Right-click Service and select run on the server. You can now visit its URL from a browser. Use this servlet as a testbed to explore features and try out ideas.

The Services

This Project asks that you develop and test five HTTP microservices with the following functional specifications:

FAuth:—A Gateway Web Service
This Federated Authentication service receives two URL-encoded parameters username and password and returns "OK" or "FAILURE" in a text/plain payload based on the authentication of the Auth service of Project-A. In other words, FAuth does not do any authentication itself. Instead, it simply delegate to Auth by turning its URL parameters to a TCP request line and by turning the TCP response line to an HTTP response.
GeoWeb:—A Stateful Web Service
This service is the web counterpart of the stateful GEO2 service of Project-A It receives two URL-encoded parameters lat and lon containing the GPS coordinates of a place on Earth. If this is the first time this client has made such a request then the return would be the text/plain payload "RECEIVED". If not, then the return would be the text/plain payload "The distance from (lat1,lon1) to (lat2,lon2) is XXX", where XXX is the geodesic distance between the previous place (sent in the last request) and the current one (sent in this request). This can continue (to a 3rd, 4th, ... places) as long as the requests are made in the same session. All computations must be made by delegating to the Geo service, not Geo2, of Project-A; i.e. this web service does not do any math and it uses Tomcat's session capabilities (rather than a 3rd parameter) to persist data.
Loc:—An API Web Service
Given a street address (partial or complete) anywhere on Earth as a GET parameter, this service returns in the HTTP payload a JSON object representing the address's specs; most importantly, its latitude and longitude. Use the Google's map API^* (https://maps.googleapis.com/maps/api/geocode/json?) and supply the address and your API key to perform this lookup and capture the "location" element in the return.
Drone:—A Composite Web Service
Given two street addresses, this service returns an estimate of the drone delivery time in minutes for a shipment from one location to the other. Assume an average drone cruising speed of 150km/h.
OAuth:—A ReDirecting Web Service
This Open Authentication service allows users to authenticate using a third-party website; i.e. it does not receive (and hence cannot "sniff" or "leak") any credentials; i.e. it facilitates single sign-on. To authenticate, this service redirects the client (via response.sendRedirect) to this URL:
```
    https://www.eecs.yorku.ca/~roumani/servers/auth/oauth.cgi
```
This website expects a URL parameter named back containing the URL of the OAuth servlet that originated the request. The URL prompts users for their Passport-York Credentials, and if the authentication succeeded, it redirects them back (using the back parameter) and sends the usernamee and full name as parameters named user and name. Otherwise, it issues a 401 Unauthorized and does not redirect back.

Service Implementation

Use the design patterns, methodologies, and hints demonstrated in lecture in order to speed up development and learn best-practice approaches.

Develop all 3 services in one project, but each in its own servlet. The servlet name and its URL mapping should be the same as the service name.
Separate the model (business rules) from the controller (http communication). You can have one model class per service or one model for all three services. It is customary to put all servlet classes in one package named service and the model class(es) in one package named model.

Testing & Deployment

Test your services through a browser using http://localhost:4413?qs, where qs is the query string; i.e. (param=value&)*. Once all is well, switch to the localhost address and test by deploying your services on one workstation and accessing it (via a browser) from a different workstation in the lab.

Persist Your Work

Note that this process is different from that of Project-A

Follow these steps to persist / backup your work:

Right-click your project (in the Project Explorer) and select Export.
Select WAR File.
Provide a destination for the file (e.g. ProjB.war on the Desktop).
Check the box to Export the source files (extremely important)

Now upload the created zip file to the course cloud so you can use it during tests. (You can also upload it to your Google Drive, DropBox, S3, or some other cloud service). If you later need to restore this backup into a fresh workspace, do this:

Launch Eclipse in a new workspace.
Right-click anywhere in the Project Explorer and select Import.
Select WAR file.
Point to your war file and click Finish.

Try the above procedure end-to-end (by using two machines; by switching to a different workspace on the same machine; or by deleting your workspace after the zip file has been created). Make sure you are comfortable backing up and restoring your course project. Do not wait until the day of the test to learn how to do this. Do not delay the backup until the work is done! Do it often (at least after every release). If you are familiar with github then do use it but you still need to upload to the course cloud and to practice the above backup/restore procedure. Finally note that the above WAR file approach is the best way to copy and/or rename your webapp.