We'll be developing mobile applications (for both iOS and Android platforms) that will be using web services. I'll be the one implementing the web services part and I plan on using Apache CXF.
It would be the first time I'm using CXF but I'm highly considering it because of its integration with Spring.
What are the potential issues (if any) with using CXF for mobile apps? If there are, is there supposed to be a better alternative to CXF? If there are none, any best practices I should also be considering?
Thanks!
I've been through the mobile ringer... WAP, J2ME, Brew, embedded languages, etc. Mobile development is exciting and also a bit scary...
Spring Integration: There is a big difference between * and **... be careful when setting up filters. It's easy to get out of hand securing end-points.
Authentication: How will your mobile devices authenticate and what is their role in Authentication, Authorization, and Access? Session management on occasionally connected devices - can get interesting. If a session goes stale how are you going to handle challenge / response?
App Security: Does your solution require SSL? Managing self-signed certificates is painful and time consuming. Do yourself and your mobile devs a favor and get a CA certificate in place up-front. You will save time (money) and a great deal of headache.
Proxy Power: Ideally, the people writing the front-end should be using an IDE that supports some kind of tethering for realtime debugging. Being able to add a breakpoint and introspect what's going on in the code... is mint. However, I haven't seen an IDE yet that gives front-end mobile devs the same experience as back-end devs. My guess is that your mobile devs are going all goo-goo eyes over jQuery. Understandably so! WebStorm and Aptana are good in the JS arena - but they're still evolving.
This is a problem front-end mobile devs need to work out... right? Yes... and no. Without proper tools everyone in the dev-chain will have to cook-up their own ways of answering questions like:
What did the mobile app send?
Was the request formed correctly?
What was the response?
Again, save yourself some time and finger-pointing and just sit down together (front and back-end devs) and work out a tech-stack that provides everyone optimal access to all app communications. Configurable logging on the server is a good idea to have in place from inception. Are you familiar with Firebug or Charles Proxy? A proxy can greatly simplify the debugging equation - just sayin'
Exceptions: Oh... and beware HTTP response codes. Exceptions on the server-side should be gracefully handled to prevent mobile consumers from choking on responses. Yikes - that's all I can say is YIKES!
Service / Life Cycle: Have you calculated the duration of the service and / or life cycle of your application? Knowing this can greatly impact architectural decisions.
Web Services: My knee-jerk reaction - is this the best technology for your product? Why Web Services? Can you come up with three concrete reasons why WS is the best option? From my experience, the most compact protocol will usually lead to the best user experience.
Food for thought... ASP.NET and JSon make a good pair.
http://encosia.com/using-jquery-to-consume-aspnet-json-web-services/
SOAP-XML is cumbersome. :-(
http://openlandscape.net/2009/09/25/call-soap-xm-web-services-with-jquery-ajax/
Have you considered RESTful Web Services? If you're using CXF... there are three different ways to build RESTful Web Services.
JAX-RS (CXF has an implementation of JSR-311 baked-in)
JAX-WS (more complicated - meh)
HTTP Binding (deprecated... may be removed from CXF in the future - fair warning)
More at: http://cxf.apache.org/docs/restful-services.html
Examples: http://solutionsfit.com/blog/2010/04/21/enterprise-mashups-with-restful-web-services-and-jquery-part-1/
Alternatives: There are so many great projects out there... Axis2 and Shiro come to mind. Without knowing more about your solution - it's difficult to recommend anything.
Final Thoughts: As a back-end dev, I would recommend getting familiar with the entire app tech stack and kick-off development with a series of small but functional samples that light the way through the obstacles mentioned above. Hold-on to the samples! They may prove useful in zeroing in on regression.
Mobile devices are getting faster and faster every day... it's true, but any dev worth their salt will know that they need to code to a common denominator if they want a mobile product to be widely consumed, adopted, and embraced.
Related
Me and some friends are going to develop a web site with playframework and a mobile application (android and iphone). So we need to make some webservices for the mobile application(CRUD). So we thought about using this web services in our playframework application instead of wasting time and creating the CRUD with anorm(writing all the sql requests).
Well, I'm here to ask for your opinion. Is this a good thing to do ? What's the best advised method here ?
Thank you.
PS: the web services are automatically generated with Netbeans from our database.
There are various reasons why I would advice against this approach.
A general design rule is not to expose your internal data model to the user. This rule comes in many flavors in which the layered architecture is probably the most known one.
In detail there will be issues like:
Tuning performance: This is hard to achieve because your have no, or not much control over the generated web services. When your application is really taking of your will suffer from this limitation
Access the service: I don't know whether you generate RESTful web services or WS-* ones. The latter will get you in trouble when accessing them via iphone.
Design Play vs. synchronous web services: Also somehow related to performance is the issue that the generated service is likely synchronous, blocking, which does not fit well with the non-blocking approach which the play framework is taking.
Abstraction level: Because your database is based on sets but your business model is likely not, you will have issues developing a decent client, tuning the performance, doing proper validation, security, etc.
Authentication, authorization and accounting: Hard to do because the database only knows the db system users
Change: What if you change your database model? Will the generated services continue to work? Do your have do adopt them event if you just add a column?
...
Some of those reasons do overlap, but I think the general problem should be clear.
Instead of this approach I would recommend the following. Develop a RESTfull endpoint for your app, which is not that hard to to. This is the external contract against which the clients should be developing. play-mini for example has a very need, Unfiltered based, API to do this. While doing this, focus on the operations your app really needs. CRUD in general is a bad model when thinking about production ready software.
How you access your database is another decision your have to make but probably it is not that important because it is not your external contract so your can change it when your have the need for doing so.
I was wondering if someone has successfully implemented a RESTful Shopping Cart Web service. I am perticularly interested in Production level implementation rather than test app.
Would there be any advantage in this approch rather than SOAP-style?
Personally, I haven't. I would be completely astonished if somewhere in the world "someone" has not. I know of plenty of equivalently important RESTful services running in production or production ready. As an example one of my employer, IBM's, flagship products WebSphere Process Server, exposes restful services.
I'm guessing that you are asking the question from the perspective that suspects that RESTful services are not yet mature. My experience is that because of their relative simplicity the support stack for such services reached maturity quite quickly. In the Java world JAX/RS is very easy to use and seems to me to be very stable.
Advantages: Simplicity, really easy to consume from JavaScript, especially with JSON payloads, potential for much simpler life-cycles and versioning than with WSDL.
Disadvantages: the more advanced WS-* capabilties are not available as standard.
This is sort of a generalized question.
What is the best possible solution/strategy/technique/technology to create an HTTP API/web-service using PHP + MySQL, which can be called from any platform - web (html), Flash, Mobile etc. - that supports call to web services or API.
I am going to develop this API/web-service primarily for games (they will be called from games being played on any platform), so speed, scalability and security - all are highly significant factors.
How to choose from SOAP, REST, XML-RPC etc. ?
Any idea about ready-made solutions that can help fulfill my requirement ?
Thanks
In this case I'd recommend a REST API. SOAP is a more complicated standard, and it makes it more difficult for those to interface to your API (for example, some PHP servers don't have SOAP enabled). As far as using PHP and MySQL to create a REST API, you can use something like Zend Rest Server to make the process easy.
Trying to find a way to rapidly develop web services on the Mac Server platform that will be served via Apache and need to be able to write to flat files or SQL Lite on the Mac.
We have .net, ObjC, C++, Python, and Java skills. We have done lots of web service work before on Windows and will probably go with Azure when we build out the product.
Our development server is on Mac OSX 10.5.8 and we are on a tight time and cost budget to get a prototype done for a small beta group (< than 500 transactions per day) that we can later rework.
We are thinking SOAP, possibly REST. Not sure what is available for Mac?
Any help appreciated // :)
If you are developing a service, you must have some idea what clients you are trying to serve. If those clients expect to talk to a SOAP service, you'll need SOAP. If you are just serving JavaScript code-in-a-browser, REST is probably sufficient.
Apache CXF, being 100% Open Source Java, can be used to build REST or SOAP services on MacOS or anywhere else. There are, of course, other options.
What about Ruby on Rails? Easy to deploy, runs great on the Mac - and is trivial to setup RESTful web services for.
If you dont need all the magic of Rails, the other (albeit) Ruby option would be to use Sinatra - I would challenge anyone to find a RESTful webservices library easier to use than that - its so elegant and so easy. I am primarilly a .Net developer, but I picked up Ruby and Sinatra in a heartbeat.
In either case, I would stay away from SOAP - In my opinion it's just too inflexible these days. In a web 2.0 world of live internet APIs making the webservices RESTful is the easier, faster (and smaller) option. We used to use SOAP exclusively where I work, but the reality is that it just doesnt deliever in the same way that REST does. With the accessibility of JSON and XML serialization frameworks out for any languge even the object passing is trivial. SOAP is harder to scale, is harder to test, uses more bandwidth and is not as flexible. Not everything can talk SOAP (out of the box), but tell me something that cant do a HTTP request?
I'm beginning a project right now that will require a pretty extensive web back end. Of the different calling conventions, we have found that the easier and more cost effective approach is to build a standard SOAP web service.
So now, we are in the process of looking at the different web service frameworks in order to determine which will meet the business needs:
Security
Cost
Time
I've only worked with WCF, which I was fairly content with, but I would like to explore all other options before I make a definite decision. In your experience, what do you feel is the best web service framework?
Web Services Interoperability Technology (Java)?
WCF (.NET)?
ActionWebService (Ruby)?
On a side note, we need a framework that can securely be accessed via iPhones, Windows Mobile Devices, and Blackberries.
Thanks in advance for your help.
Chris
WCF can be used to make both SOAP and RESTful Web Services. Interoperability is guaranteed as long as you stick to standards. But the more standards you put on it, less platform can catch up. In that sense REST on Basic Auth over https would be very light weight. Also see WS-I Basic Profile. Java vs .NET would be matter of taste, I think. WCF is not perfect, but it mostly seems to do the job.
One thing to consider about WCF is that it has a very rich extensibility model. Anything it doesn't do out of the box, you can teach it to do, with little or no change to your basic service.