Executive Summary
In this project you will create a number of multithreaded WEB services which utilizes HTTP over TCP. These services will build on the TCP services of Project-A and expose a number of new concepts such as industrial-strength app servers, session management, analytics, and federataed and open authentication. You will later use these services to build a shopping-cart web application.The Environment
We will continue to use red, but unlike Project-A for which any editor or IDE will do, we will now leverage Eclipse with Java EE features. To set this up, do this:- Launch Eclipse.
- The Servers view should be visible (normally in the bottom pane with the console). If not, enable it vis Show view in the Window menu.
- Right-click anywhere inside the empty Servers view and choose New then Server.
- Add the Tomcat server running at localhost by pointing to its directory at:
~/4413/pkg/tomcat
. - Create a new Dynamic Web Project named
projB
and accept all defaults - Right-click the project and select New Servlet and name it
Service
(put it in theservice
package) and accept all defaults. - One time only (since it gets cached), associate the Servlet Javadoc with Eclipse
as follows:
configure the project's Build Path by expanding the Apache Tomcat in
the Libraries tab and locating
servlet-api.jar
and expanding it. Double-click Source Attachment and make its external location path point to the zip file in~/4413/pkg/tomcat/webapps/docs/servletapi/
.
Service
and select run on the server. You can now visit its
URL from a browser. Use this servlet as a testbed to explore features and try out ideas.
The Services
This Project asks that you develop and test five HTTP microservices with the following functional specifications:- FAuth:—A Gateway Web Service
This Federated Authentication service receives two URL-encoded parametersusername
andpassword
and returns "OK" or "FAILURE" in atext/plain
payload based on the authentication of theAuth
service of Project-A. In other words,FAuth
does not do any authentication itself. Instead, it simply delegate toAuth
by turning its URL parameters to a TCP request line and by turning the TCP response line to an HTTP response. - GeoWeb:—A Stateful Web Service
This service is the web counterpart of the stateful GEO2 service of Project-A It receives two URL-encoded parameterslat
andlon
containing the GPS coordinates of a place on Earth. If this is the first time this client has made such a request then the return would be thetext/plain
payload "RECEIVED". If not, then the return would be thetext/plain
payload "The distance from (lat1,lon1) to (lat2,lon2) is XXX", where XXX is the geodesic distance between the previous place (sent in the last request) and the current one (sent in this request). This can continue (to a 3rd, 4th, ... places) as long as the requests are made in the same session. All computations must be made by delegating to theGeo
service, notGeo2
, of Project-A; i.e. this web service does not do any math and it uses Tomcat's session capabilities (rather than a 3rd parameter) to persist data. - Loc:—An API Web Service
Given a street address (partial or complete) anywhere on Earth as a GET parameter, this service returns in the HTTP payload a JSON object representing the address's specs; most importantly, its latitude and longitude. Use the Google's map API* (https://maps.googleapis.com/maps/api/geocode/json?) and supply the address and your API key to perform this lookup and capture the "location" element in the return. - Drone:—A Composite Web Service
Given two street addresses, this service returns an estimate of the drone delivery time in minutes for a shipment from one location to the other. Assume an average drone cruising speed of 150km/h. - OAuth:—A ReDirecting Web Service
This Open Authentication service allows users to authenticate using a third-party website; i.e. it does not receive (and hence cannot "sniff" or "leak") any credentials; i.e. it facilitates single sign-on. To authenticate, this service redirects the client (viaresponse.sendRedirect
) to this URL:https://www.eecs.yorku.ca/~roumani/servers/auth/oauth.cgi
This website expects a URL parameter namedback
containing the URL of the OAuth servlet that originated the request. The URL prompts users for their Passport-York Credentials, and if the authentication succeeded, it redirects them back (using theback
parameter) and sends the usernamee and full name as parameters nameduser
andname
. Otherwise, it issues a 401 Unauthorized and does not redirect back.
Service Implementation
Use the design patterns, methodologies, and hints demonstrated in lecture in order to speed up development and learn best-practice approaches.- Develop all 3 services in one project, but each in its own servlet. The servlet name and its URL mapping should be the same as the service name.
- Separate the model (business rules) from the controller (http communication).
You can have one model class per service or one model for all three services.
It is customary to put all servlet classes in one package named
service
and the model class(es) in one package namedmodel
.
Testing & Deployment
Test your services through a browser usinghttp://localhost:4413?qs
,
where qs
is the query string; i.e. (param=value&)*
.
Once all is well, switch to the localhost address and test by deploying your
services on one workstation and accessing it (via a browser) from a different
workstation in the lab.
Persist Your Work
Note that this process is different from that of Project-A
Follow these steps to persist / backup your work:- Right-click your project (in the Project Explorer) and select Export.
- Select WAR File.
- Provide a destination for the file (e.g. ProjB.war on the Desktop).
- Check the box to Export the source files (extremely important)
- Launch Eclipse in a new workspace.
- Right-click anywhere in the Project Explorer and select Import.
- Select WAR file.
- Point to your war file and click Finish.
Try the above procedure end-to-end (by using two machines; by switching to a
different workspace on the same machine; or by deleting your workspace after
the zip file has been created). Make sure you are comfortable backing up and
restoring your course project. Do not wait until the day of the test to learn
how to do this.
Do not delay the backup until the work is done! Do it often (at least after every
release). If you are familiar with github
then do use it but you still
need to upload to the course cloud and to practice the above backup/restore procedure.
Finally note that the above WAR file approach is the best way to copy and/or
rename your webapp.