这是Project Student的一部分。 其他职位包括带有Jersey的Webservice Client , 业务层和带有Spring Data的持久性 。
RESTful Web应用程序洋葱的第一层是Web服务客户端。 它可以用来模仿包含AJAX内容的网页,也可以被webapp的编程用户用来模仿。 注意,后者可能包括其他Web应用程序,例如,如果您的内部RESTful服务器被许多创建常规网页的演示服务器包围着。
设计决策
Jersey –我将Jersey库用于REST调用。 我考虑了几种选择,但决定选择Jersey,因为它是轻量级的,不会对开发人员施加太多限制。 相比之下,例如,使用Spring库除了引入其他库外,还可能在EJB3环境中引起问题。
UUID –数据库将使用整数主键,但是Web服务将使用UUID标识值。 这是出于安全考虑–如果攻击者知道帐户ID 1008存在,那么可以肯定地说帐户ID 1007存在。 更重要的是,用户ID 0可能存在,并且具有比普通用户更多的特权。
UUID并非如此-在大多数情况下,知道一个UUID并不能洞悉其他UUID。 这不是100%准确的-一些UUID是由IP地址或时间戳组成的,因此,知识渊博的攻击者可以极大地减少可能的值的范围-但是,随机UUID目前“足够好”。
局限性
我采用的是“实现所需的最少功能”方法,因此初始实现存在许多限制。
身份验证 –没有尝试提供身份验证信息。
加密 –没有尝试加密Web服务调用。
仅CRUD方法 –仅支持基本CRUD方法。
记住–限制是可以的, 但必须清楚地记录在案 。 在最好的情况下,它们将被添加到敏捷积压中。
客户端API
客户端API是基本的CRUD。 我们可以稍后添加功能。
public interface CourseRestClient {/*** Get list of all courses.*/Course[] getAllCourses();/*** Get details for specific course.* @param uuid*/Course getCourse(String uuid);/*** Create specific course.* @param name*/Course createCourse(String name);/*** Update specific course.* @param uuid* @param name*/Course updateCourse(String uuid, String name);/*** Delete course.* @param uuid*/void deleteCourse(String uuid);
}例外情况
该API包括三个运行时异常。 第一个是RestClientException,它是抽象的运行时异常,它是所有其他异常的基类。
缺少期望值时将引发ObjectNotFoundException。 (实施说明:这是由404状态代码触发的。)此异常包含足够的信息以唯一地标识期望的对象。
public class ObjectNotFoundException extends RestClientException {private static final long serialVersionUID = 1L;private final String resource;private final Class<? extends PersistentObject> objectClass;private final String uuid;public ObjectNotFoundException(final String resource,final Class<? extends PersistentObject> objectClass,final String uuid) {super("object not found: " + resource + "[" + uuid + "]");this.resource = resource;this.objectClass = objectClass;this.uuid = uuid;}public String getResource() {return resource;}public Class<? extends PersistentObject> getObjectClass() {return objectClass;}public String getUuid() {return uuid;}
}RestClientFailureException是用于意外或未处理状态代码的通用处理程序。
public class RestClientFailureException extends RestClientException {private static final long serialVersionUID = 1L;private final String resource;private final Class<? extends PersistentObject> objectClass;private final String uuid;private final int statusCode;/*** Constructor* * @param resource* @param objectClass* @param uuid* @param response*/public RestClientFailureException(final String resource,final Class<? extends PersistentObject> objectClass,final String uuid, final ClientResponse response) {super("rest client received error: " + resource + "[" + uuid + "]");this.resource = resource;this.objectClass = objectClass;this.uuid = uuid;this.statusCode = response.getStatus();}public String getResource() {return resource;}public Class<? extends PersistentObject> getObjectClass() {return objectClass;}/*** Get UUID, "<none>" (during listAllX()) or "(name)" (during createX())* * @return*/public String getUuid() {return uuid;}/*** Get standard HTTP status code.* * @return*/public int getStatusCode() {return statusCode;}
}添加客户端身份验证后,我们将希望添加UnauthorizedOperationException。
客户实施
基本的CRUD实现通常是样板,因此我们可以使用抽象类来完成大部分繁重的工作。 更高级的功能可能需要此类来直接进行Jersey呼叫。
/*** This is the Course-specific implementation.*/
public class CourseRestClientImpl extends AbstractRestClientImpl<Course>implements CourseRestClient {private static final Course[] EMPTY_COURSE_ARRAY = new Course[0];/*** Constructor.* * @param courseResource*/public CourseRestClientImpl(final String resource) {super(resource, Course.class, Course[].class);}/*** Create JSON string.* * @param name* @return*/String createJson(final String name) {return String.format("{ \"name\": \"%s\" }", name);}/*** @see com.invariantproperties.sandbox.student.webservice.client.CourseRestClient#getAllCourses()*/public Course[] getAllCourses() {return super.getAllObjects(EMPTY_COURSE_ARRAY);}/*** @see com.invariantproperties.sandbox.student.webservice.client.CourseRestClient#getCourse(java.lang.String)*/public Course getCourse(final String uuid) {return super.getObject(uuid);}/*** @see com.invariantproperties.sandbox.student.webservice.client.CourseRestClient#createCourse(java.lang.String)*/public Course createCourse(final String name) {if (name == null || name.isEmpty()) {throw new IllegalArgumentException("'name' is required");}return createObject(createJson(name));}/*** @see com.invariantproperties.sandbox.student.webservice.client.CourseRestClient#updateCourse(java.lang.String,* java.lang.String)*/public Course updateCourse(final String uuid, final String name) {if (name == null || name.isEmpty()) {throw new IllegalArgumentException("'name' is required");}return super.updateObject(createJson(name), uuid);}/*** @see com.invariantproperties.sandbox.student.webservice.client.CourseRestClient#deleteCourse(java.lang.String)*/public void deleteCourse(final String uuid) {super.deleteObject(uuid);}
}抽象基类进行繁重的工作。
public class AbstractRestClientImpl<T extends PersistentObject> {private final String resource;private final Class<T> objectClass;private final Class<T[]> objectArrayClass;/*** Constructor.* * @param resource*/public AbstractRestClientImpl(final String resource,final Class<T> objectClass, final Class<T[]> objectArrayClass) {this.resource = resource;this.objectClass = objectClass;this.objectArrayClass = objectArrayClass;}/*** Helper method for testing.* * @return*/Client createClient() {return Client.create();}/*** List all objects. This is a risky method since there's no attempt at* pagination.*/public T[] getAllObjects(final T[] emptyListClass) {final Client client = createClient();try {final WebResource webResource = client.resource(resource);final ClientResponse response = webResource.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);if (response.getStatus() == Response.Status.OK.getStatusCode()) {T[] entities = response.getEntity(objectArrayClass);return entities;} else {throw new RestClientFailureException(resource, objectClass,"<none>", response);}} finally {client.destroy();}}/*** Get a specific object.*/public T getObject(String uuid) {final Client client = createClient();try {final WebResource webResource = client.resource(resource + uuid);final ClientResponse response = webResource.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);if (response.getStatus() == Response.Status.OK.getStatusCode()) {final T entity = response.getEntity(objectClass);return entity;} else if (response.getStatus() == Response.Status.NOT_FOUND.getStatusCode()) {throw new ObjectNotFoundException(resource, objectClass, uuid);} else {throw new RestClientFailureException(resource, objectClass,uuid, response);}} finally {client.destroy();}}/*** Create an object with the specified values.*/public T createObject(final String json) {final Client client = createClient();try {final WebResource webResource = client.resource(resource);final ClientResponse response = webResource.type(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, json);if (response.getStatus() == Response.Status.CREATED.getStatusCode()) {final T entity = response.getEntity(objectClass);return entity;} else {throw new RestClientFailureException(resource, objectClass, "("+ json + ")", response);}} finally {client.destroy();}}/*** Update an object with the specified json.*/public T updateObject(final String json, final String uuid) {final Client client = createClient();try {final WebResource webResource = client.resource(resource + uuid);final ClientResponse response = webResource.type(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON).post(ClientResponse.class, json);if (response.getStatus() == Response.Status.OK.getStatusCode()) {final T entity = response.getEntity(objectClass);return entity;} else if (response.getStatus() == Response.Status.NOT_FOUND.getStatusCode()) {throw new ObjectNotFoundException(resource, objectClass, uuid);} else {throw new RestClientFailureException(resource, objectClass,uuid, response);}} finally {client.destroy();}}/*** Delete specified object.*/public void deleteObject(String uuid) {final Client client = createClient();try {final WebResource webResource = client.resource(resource + uuid);final ClientResponse response = webResource.accept(MediaType.APPLICATION_JSON).delete(ClientResponse.class);if (response.getStatus() == Response.Status.GONE.getStatusCode()) {// do nothing} else if (response.getStatus() == Response.Status.NOT_FOUND.getStatusCode()) {// do nothing - delete is idempotent} else {throw new RestClientFailureException(resource, objectClass,uuid, response);}} finally {client.destroy();}}
}单元测试
现在我们来看看我们的测试代码。 重要提示:我们要测试代码的行为,而不是代码的实现。
public class CourseRestClientImplTest {private static final String UUID = "uuid";private static final String NAME = "name";@Testpublic void testGetAllCoursesEmpty() {CourseRestClient client = new CourseRestClientMock(200, new Course[0]);Course[] results = client.getAllCourses();assertEquals(0, results.length);}@Testpublic void testGetAllCoursesNonEmpty() {Course course = new Course();course.setUuid(UUID);CourseRestClient client = new CourseRestClientMock(200,new Course[] { course });Course[] results = client.getAllCourses();assertEquals(1, results.length);}@Test(expected = RestClientFailureException.class)public void testGetAllCoursesError() {CourseRestClient client = new CourseRestClientMock(500, null);client.getAllCourses();}@Testpublic void testGetCourse() {Course course = new Course();course.setUuid(UUID);CourseRestClient client = new CourseRestClientMock(200, course);Course results = client.getCourse(course.getUuid());assertEquals(course.getUuid(), results.getUuid());}@Test(expected = ObjectNotFoundException.class)public void testGetCourseMissing() {CourseRestClient client = new CourseRestClientMock(404, null);client.getCourse(UUID);}@Test(expected = RestClientFailureException.class)public void testGetCourseError() {CourseRestClient client = new CourseRestClientMock(500, null);client.getCourse(UUID);}@Testpublic void testCreateCourse() {Course course = new Course();course.setName(NAME);CourseRestClient client = new CourseRestClientMock(Response.Status.CREATED.getStatusCode(), course);Course results = client.createCourse(course.getName());assertEquals(course.getName(), results.getName());}@Test(expected = RestClientFailureException.class)public void testCreateCourseError() {CourseRestClient client = new CourseRestClientMock(500, null);client.createCourse(UUID);}@Testpublic void testUpdateCourse() {Course course = new Course();course.setUuid(UUID);course.setName(NAME);CourseRestClient client = new CourseRestClientMock(200, course);Course results = client.updateCourse(course.getUuid(), course.getName());assertEquals(course.getUuid(), results.getUuid());assertEquals(course.getName(), results.getName());}@Test(expected = ObjectNotFoundException.class)public void testUpdateCourseMissing() {CourseRestClient client = new CourseRestClientMock(404, null);client.updateCourse(UUID, NAME);}@Test(expected = RestClientFailureException.class)public void testUpdateCourseError() {CourseRestClient client = new CourseRestClientMock(500, null);client.updateCourse(UUID, NAME);}@Testpublic void testDeleteCourse() {Course course = new Course();course.setUuid(UUID);CourseRestClient client = new CourseRestClientMock(Response.Status.GONE.getStatusCode(), null);client.deleteCourse(course.getUuid());}@Testpublic void testDeleteCourseMissing() {CourseRestClient client = new CourseRestClientMock(404, null);client.deleteCourse(UUID);}@Test(expected = RestClientFailureException.class)public void testDeleteCourseError() {CourseRestClient client = new CourseRestClientMock(500, null);client.deleteCourse(UUID);}
}最后,我们需要使用模拟的REST客户端创建一个要测试的对象。 由于Client.createClient是静态方法,因此无法使用依赖项注入,但已将该调用包装在可以覆盖的package-private方法中。 该方法创建一个模拟的客户端,该客户端提供Jersey库中所需的其余值。
class CourseRestClientMock extends CourseRestClientImpl {static final String RESOURCE = "test://rest/course/";private Client client;private WebResource webResource;private WebResource.Builder webResourceBuilder;private ClientResponse response;private final int status;private final Object results;CourseRestClientMock(int status, Object results) {super(RESOURCE);this.status = status;this.results = results;}/*** Override createClient() so it returns mocked object. These expectations* will handle basic CRUD operations, more advanced functionality will* require inspecting JSON payload of POST call.*/Client createClient() {client = Mockito.mock(Client.class);webResource = Mockito.mock(WebResource.class);webResourceBuilder = Mockito.mock(WebResource.Builder.class);response = Mockito.mock(ClientResponse.class);when(client.resource(any(String.class))).thenReturn(webResource);when(webResource.accept(any(String.class))).thenReturn(webResourceBuilder);when(webResource.type(any(String.class))).thenReturn(webResourceBuilder);when(webResourceBuilder.accept(any(String.class))).thenReturn(webResourceBuilder);when(webResourceBuilder.type(any(String.class))).thenReturn(webResourceBuilder);when(webResourceBuilder.get(eq(ClientResponse.class))).thenReturn(response);when(webResourceBuilder.post(eq(ClientResponse.class),any(String.class))).thenReturn(response);when(webResourceBuilder.put(eq(ClientResponse.class),any(String.class))).thenReturn(response);when(webResourceBuilder.delete(eq(ClientResponse.class))).thenReturn(response);when(response.getStatus()).thenReturn(status);when(response.getEntity(any(Class.class))).thenReturn(results);return client;}
}整合测试
这是洋葱的最外层,因此没有有意义的集成测试。
源代码
- 可从http://code.google.com/p/invariant-properties-blog/source/browse/student/student-webservices/student-ws-client获取源代码。
参考: 项目学生:来自Invariant Properties博客的JCG合作伙伴 Bear Giles的泽西Web服务客户端 。
翻译自: https://www.javacodegeeks.com/2013/12/project-student-webservice-client-with-jersey.html
:Swagger的使用)
)
