Some thoughts on JSR 311 - JAX-RS: The Java™ API for RESTful Web Services.The description of the JSR, from the web page is:"This JSR will develop an API for providing support for RESTful (Representational State Transfer) Web Services in the Java Platform."
Here are a few related links:
Some of the positive aspects of the ongoing effort:
It's good to be thinking about some facility to help peoplewith RESTful services, in Java.
This JSR seems to be much, much more transparent than mostJSRs; published meeting minutes (though a bit skimpy), mailing lists, reference implementation work being done in the open, etc. Wonderful.Wonderful!
Even the current drafts of the spec are available, on-line,without a soul-sucking click-through license agreement! Themost recent one is the"Editors draft - July 3rd, 2007 (PDF)".
The general approach as currently implemented / described byJersey feels more or less right. Of course, I say that because I'vebeen recently looking at doing something similar, without havingseen JSR 311, and there's a lot of commonality between the road I was heading down, and the one JSR 311 is going down. Use of annotationsto augment methods and classes which describe the services, specifically.Some of the annotations I had come up with were in fact the exact samenames that Jersey uses!
OK, now for the bad news.
The licensing for the open source side only accommodates theGPL half of the universe. Leaving folks wanting something more likea BSD style license, to fend for themselves. Of course, that's notnecessarily bad, it's always useful to have some competition. But it'salso nice to have a single common implementation that everyone canuse. There aremany licensesthat would be compatible with the GPL and acceptable to a wider audience.
Specific issues from the 2007/07/03 spec draft: Section 1.2 Non-Goals:
Support for Java versions prior to J2SE 5.0:The API will make extensive use of annotations and willrequire J2SE 5.0 or later.
Read: Sorry, J2ME. Sorry, folks stuck on Java 1.4.
Description, registration and discovery: The specification will neither define nor require any service description, registration or discovery capability.
Read: We'll figure this out later; hopefully we won't have to changeanything in this spec once we start thinking about this aspect of the problem.
Client APIs: The specification will not define client-side APIs. Other specifications are expected to providesuch functionality.
Read: We'll figure this out later; hopefully we won't have to change anythingin this spec once we start thinking about this aspect of the problem.
The licensing issue is bad enough that it's really going to force an alternateimplementation to be developed. This might be something thatApache would typically do, but given theApache / Sun disagreement on JCP issues,it's not really clear to me that Apache will ever be interested in working onJSR implementations again.
Another interesting wrench to throw into the gears is Eclipse. As of Eclipse 3.3,the Equinox projecthas been shipping Jetty,along with some goop to allow you to use OSGi within servlets, orstart an HTTP server as an OSGi service.Adding RESTful service support to this story seems like a logicalnext step to me. Note that the existing JSR 311 non-goal ofsupport for <= Java 5 support violates an OSGi constraint ofrunning in their smaller (1.4.x-ish) environments.
Seems to me, if we're going to have to work on an alternate implementationanyway (to solve the licensing issues), we might as well solve some ofthe technical problems as well (J2ME / Java 1.4 support, service descriptions,client apis, etc).
And yes, I do know of RESTlet™but have not looked at it extensively;the licensingandJoint Copyright Agreementandtrademarkissues are non-starters for me.It is also on a pathway towards becoming a JSR.
Anyone up for a "Battle of the RESTful frameworks"?
A few blog posts reverberating in my mind:
I just ran across a post by Joe Gregorio today, where he's comparing WS-* RPC vs. REST, specifically talking about the factthat WS-* RPC only uses the POST request method of HTTP:
"That POST of a generic media type gives no indication if the request is safe, or idempotent, nor is there any indication of the cachability of the response."
I also just read this morning apost by Leonard Richardson on Amazon's new FPS service, commenting on the 'REST'y ness of the service:
"its 'REST' interface is about as RESTful as Flickr's and del.icio.us's 'REST' interfaces"
Note, the Flickr and del.icio.us aren't considered terribly RESTy. :-)
Joe notes a handful of things that "just using POST in HTTP" breaks.Leonard notes that FPS isn't truly RESTy, but is in fact just as non-RESTyas two other fairly popular services.
And I'm left wondering: do we really need to do everything in pure REST?
Perhaps we can identify a small set of characteristics that get us most of the benefits of REST, that would be easier to implement than going'full' REST. And just focus on those. Because apparently, it's hard to do full REST. Or to be even more pessimistic, perhaps there are disadvantages to usingREST. Why would Amazon and Yahoo not use REST?
Most of the obvious advantages with REST revolve around the GET verb. Make sure youonly put safe, idempotent actions behind the logic of your GET processing.Use ETags, or even better, cache directives, in your HTTP responses onthe GETs to allow clients to intelligently cache things.
What else? Are there really other benefits? If there are, why are peoplestill not jumping on the RESTy bandwagon?
Here's my thought on the lack of adoption of REST: it's complicatedfor anything but the GETs. Namely, the mutating verbs POST, PUT, and DELETE.Not technically, but semantically. Check therest-discuss mailing listsometime. I've been having conversations with folks here recently regardingsome of the semantics of 'updates' as well; ask 5 people their thoughts, you'llget 10 different answers.
Martin Nally had told me a few months ago that he thought people shouldbe able to do 90-95% of their services in a RESTy style, and for thoseinterfaces that didn't fit the REST mold, you could do 'em in non-RESTy style(ie, some kind of RPC-ish non-GET mutation operation), butit should cost you a $1000. I think I'm ready to lower the price to $100.
Updated on 2007/08/03 to fix a syntax error in the image element.
Marc Hadley respondedquite quickly to my blog entry on JSR 311.Excellent. I'm really digging the transparency. I'm thinking Twittermay have played a part in the quick response.
w/r/t the GPL vs CDDL licensing issue; sorry, I'm sure I saw CDDL on some of the pages,I should have included it in the blog post. I frankly am not all that familiar with theCDDL, but Dave Johnson got me curious about something, and sure enough, it looks like Apache allows CDDL licensed binary software to be shipped with Apache projects.Note that the link above is a proposal, but it sounds like Apache is already doing this in somecases with CDDL. Very cool.
As for the other issues Marc raised; it's silly to debate via blog posts; looks like firstname.lastname@example.org be the most appropriate place to have the discussion.
But I can't resist making two notes.
From Marc: "On the Java ME side, the fact that 311 is primarily a server side API ... means it is less suitable for the ME environment anyway."
To quote from the Java ME Sun Products overview,"As CDC is not limited to just the wireless market, and expands into other emerging markets like digital television, telematics, multi-function printers, ...".Those sound like platforms that could make use of a server supporting RESTful web services.
From Marc: "Jersey will automatically produce a WADL description"
Wonderful. The point isn't even necessarily that you should make this part of the spec,but to ensure that this is do-able within the current spec's design. Because you don't want to find out later, after the spec has been finalized, that the design preventssomething like generating a description. Sounds like you're doing that with the WADLgeneration. I'd like to see the same done with the client.
Dan Jemiolo: What kind of client generation are you looking for?
I suppose I must not have gotten around to telling Dan my horror stories of using WSDL in the early, early days of Jazz.The low point was when it once took me two working days to getthe code working again, after we made some slight changes to the WSDL.Of course, we were doing some evil, evil things, like parsing Javacode with a JDT jar in an ant task, and replacing generated codefrom the WSDL generation process. But still, code generation ofthis ilk leaves a bad taste in my mouth.
Also see Dare's issues with bananas.
The best code generation is no code generation.
And that's what we changed in Jazz. Because we already had complete control over thedata typing story (EMF),we had no problem generating the XML and JSON we wanted, completely dynamically, by reflecting over the dataused in our services. But we had to do something about the service methods themselves.
So we rolled our own client and server side stack for this.
We kept the notion of defining the operations in a web service in a Java interface,because this makes a lot of sense to do in Java. We can reflect over it to look at themethods and signatures. On the server, you can write a class to implement the interface,and that's your service implementation. The low-level server interface (ie, Servlet for Java)can figure out what service to invoke, and then call the service implementation reflectively.And on the client, you can use Proxyand friends to build an object which implements the interface by making the HTTP requeston your behalf.
(Quick aside to note that Jazz services are largely RPC styled, though there are some that are more RESTy flavored - stay tuned; they've caught the REST bug.I think the 'client library' or invocation style is largely independent of the architectural style, so I think everything I'm saying here completely holds forREST as well as RPC, and everything in between.)
By having the client and server work completely reflectively, all we had to do wasmake sure the data classes and service interfaces were the same (or at least compatible)between the client and server. Understand, "all we had to do" can be a problem; butat least we didn't have the generated code to deal with as well, nor did we have a separate build step for it that can be an agility killer.
It goes without saying that you can get by with a lot less configuration in such a situation. Reflection over Configuration. Don't Repeat Yourself.
Looking back on this, I think this was a great trade-off in the time expendedto build the stacks. For instance, we were able to tweak the system in variousways that would have been impossible to do with a code-gen built system. I suspect this is going to be the case for any medium- to large-scaled system built using a number of services. You can either lock yourself into a system under which you have very limited control, and spend your time working around it and fighting it, or you can write code customized to yourneeds and spend time tweaking as you need.
Let's get back to your original question, but tweak it a bit:What should we do to make it easier for people to build clients?
- Provide machine-readable descriptions of the data flowing over the wire.Not just the HTTP content, but query string parameters where appropriate.
If you can reflect on your service interfaces and data dynamically in the server,then you can generate all this meta-data reflectively as well.
Saturday was day 2 of the Ruby Hoedown 2007. I had to leave early and so missed "Using C to Tune Your Ruby (or Rails) Application" by Jared Richardson,and the final keynote by Marcel Molina, Jr.
Nathaniel Talbott, one of the conference organizers, mentioned before one of the sessions that thesessions are being recorded, audio and video, along with the slidespresented, and will be available on the web shortly. With some kindof a Creative Commons license. Wow! I wish more conferences did that.I won't dive into details on the sessions below, since the info will beavailable soon, verbatim.
Sessions I did attend:
Building Games with Ruby - Andrea O.K. Wright
Andrea discussed a handful of gaming toolkits for Ruby.Supporting everything from MUDs to 3D. A few of thetoolkits were wrappers over SDL.
- test/spec -Clinton Nixon - layers an RSpec-inspired interface on top of Test::Unit
- a strategy game written in JRuby, using Swing - didn't get the presenter's name
- methodphitamine - Jay Phillips - a more powerful alternative to Symbol#to_proc
- Ruleby - Joe Kutner - a pure Ruby rule engine
- tyrant - Patrick Reagan - a way to run Rails applications without each user needing a development environment
- generating Ruby classes - Luke Kanies - dynamic code gen
- Iron Ruby - Brian Hitney - Ruby implemented on the CLR
- static sites with Rails - Brian Adkins - how to enable mostly static pages with Rails
- Thoughtworks test strategies - Dan Manges - how TW designs tests for teams
- myDecisionHelper - Tyler Start (sp?) - self-help web app
BOFs over lunch
Went to Rick Denatale's "Smalltalk for Rubyists; Ruby for Smalltalkers". More the former than thelatter, unfortunately for me. But still interesting and informative.
Does Ruby Have a Chasm to Cross? - Ken Auer
Great talk; like Bruce Tate's keynote on Friday, referencedthe book"Crossing the Chasm"(just added it to my 'wanna read' list).Ken's talk came at it from a different angle: being there, when Smalltalk was just aboutto 'cross the chasm', but didn't make it. Why didn't it? What can we learn from Smalltalk's tragic history?
All in all, great conference. I'll be there next year, assuming they have it again.Maybe I'll have some more Ruby under my belt by then.
Forgot to mention in the previous post that I used my Nintendo DS-Lite with theOpera browser, again, to do some lite surfing, email checking, twittering, duringthe conference. Very convenient.
theRab tweets: "i'm afraid to google 'ruby hoedown' so i'll just patiently wait for your blog post". Here you go. BTW, no need to be afraid of Google (at the moment).
TheRuby Hoedown 2007 is a small conferencecovering Ruby topics, held in Raleigh, NC. At Red Hat HQ, the same place wherebarcampRDUwas held last week.
Friday was just a half day afternoon session, though there was a testing workshopin the morning that I didn't attend. A bit over a hundred attendees, I'd guess, manyfrom out of town. Usual list of sponsors, with one surprise: Microsoft; thoughobviously that's not a complete surprise.
I recognized a lot of folks there from last week's barcamp, and some from theerlounge meet-up.Some"Old Dudes Who Know Smalltalk"were present, including my evil twin, Rick Denatale, and someone I hadn't talked to in ages, Ken Auer.
Sessions this afternoon:
Exploring Merb - Ezra Zygmuntowicz
Merbis Ezra's pocket-framework for web serving. Lighter thanRails. Ezra stressed twice that Merb "doesn't use cgi.rb" - I'm showingmy n00by-ness by assuming this is a good thing.
Between this session, and the campingsession at barcamp, there appears to be active and interesting developmentstill in the web server framework arena, at the lowest levels.Like the days in Java, before servlet. Sigh.
One cool feature of Merb is supporting directstreaming of content. For example, if you need to returnthe contents of a file, you just return the file handleof the file where you would normally return the content,and the file gets streamed on your behalf. Handles uploadstoo, and it sounded like a lot of people use it just forthe upload capability. Ezra also mentioned someone using Amazon S3 as their store, and making use ofthis feature, where Merb was really just the gatewaybetween the streams (to/from S3, to/from client).
Next-Gen VoIP Development with Ruby and Adhearsion - Jay Phillips
General notion here is that setting upAsteriskis hard, because the configuration files are large, monolithic, and complicated.Adhearsionmakes that simpler,as your configuration becomes small Ruby programs.Which maybe you could imagine sharing with other people("Want my call-center scripts?"), compared to the situation today where granular sharing isn't reallypossible.
I don't have much need to set up a VoIP box, otherwiseI'm sure this would be fun to play with. Jay did mentionthat Asterisk has VMWare images available, which wouldmake it even easier to play with, although Adhearsionis not current available on those images. If I onlyhad more time.
Keynote - Bruce Tate
Really good talk discussing how Ruby became aspopular as it is, how Java became as popular as it was (is?), what has dragged Java down in recent years, and some future thinking and advice.
Best piece of advice: "Java didn't start assomething that was complicated, it evolved into somethingthat was complicated. Ruby is not immune to this."
SmallTalk was mentioned; yes, sadly, withthe capital T; so Bruce wasn't one of us I guess,he at least knew it was good stuff.OTIwas even mentioned.
Bruce mentioned the ultimate plan for Ruby: TGD - Total Global Domination. Hmmm, thatreminds me of something.
I asked whether the presentations would be available on the web, and theanswer was yes. In addition, the sessions are being recorded (audio and video)and will also be available on the web at some point.
Looking forward to Saturday's sessions.
On Saturday I attendedBarCampRDU 2007, and here's a quick round-up.
First, thanks to the organizers and sponsors; it was fun geeky way to spend aSaturday, and the amenities were fantastic,especially considering the price of admission. Especially enjoyed the catered coffee bar andlunch from Neomonde.
Here's a list of some of the sessions that were run:
- Distributed SCM - Bazaar, GIT, etc
- Camping in 10 (Ruby)
- Linux virtualization
- Bug House, a chess variant
- Ruby and X-10
- Extending SketchUp with Ruby
- Geeks for Good
- Startup Weekend
- What's stopping you from doing something?
- Open Services
- Digital Identity Management
- FaceBook application development
Lots o' pictureshere,and lots o' blog entrieshere.
Some of the sessions I went to:
Camping at 10
Very cool; I really need to dive deeper into Ruby. Completely random factoid: of the15 laptops in the room for this session, 12 were Macs.
FaceBook application development
Quite illuminating. I had thought all those 'user generated' FaceBook apps were actuallyhosted by/on FaceBook, but they aren't. Which makes me even more leery of whatthose applications are doing with the data we're giving them. hmmm
Whereas Open Source / Free Software has defined freedoms surrounding source code,the next battleground on the freedom front are the services we use on theweb. What does it mean for something to be an "Open Service"?Not sure why Luis thought he "trivialized the discussion"; absolutely not.Lots of really interesting things to think about here. Especiallyas we find our data getting mashed up and otherwise reused in ways we never expected.
Other notes ...
Rather than take my laptop into the unconference, I decided to tryliving with just my Nintendo DS-Lite with theOpera browser.I've surfed a bit here and there with it, but not for an entire day.While it's quite capable at handling degraded 'mobile' sites, available for Google Reader, GMail, and Twitter, for instance,it's rather painful for websites designed for desktops. Most folks probablywon't tolerate the slow, small device, especially compared to the iPhone.But having worked on embedded devices for years, I can easily overlookthe limitations. It's a lot cheaper than the iPhone also.
All in all, worked out pretty good; checked my mail, checked twitter,checked blogs; posted a few twitters. A bit painful, pecking outmessages on a tiny touch screen with a stylus, but worth it to nothave to lug my MacBook around in a backpack. Just had to lug around my man purse.
Lastly, one thing I already knew, but had reinforced, was that all the kewlkidswear bright yellow / orange shirts fromThreadless.