tailieunhanh - O’Reilly Securing Ajax Applications phần 9

SOAP tiêu đề xuất hiện ngay lập tức sau khi tuyên bố phong bì SOAP bắt đầu với phần tử con đầu tiên. Thêm chức năng và siêu dữ liệu được sử dụng để xử lý yêu cầu (chẳng hạn như phong cách mã hóa) có thể được khai báo. Các tiêu đề SOAP là một trong những địa điểm nơi SOAP có thể được mở rộng bằng cách thêm tính năng hoặc định chức năng cao cấp. | fact nothing is allowed to change the resource directly thus reducing the surface area for attacks. With REST we use the standard HTTP verbs in building applications HTTP GET Gets a representation HTTP POST PUT Posts data to the system potentially changing a representation HTTP DELETE Removes a representation So using the already existing HTTP verbs we can do anything that a traditional SOAP RPC or any other RPC type web service could do. GET versus POST As mentioned in Chapter 1 the HTTP protocol states that HTTP GET should be used only for retrieving data and not for changing state. For example http service changePassword user Chris oldPassword boola newPassword mowgli Sending parameters as preconditions to a request is allowed but if the parameters are going to be used to alter data on the server they should be POSTed. Another thing to consider when designing your RESTful service is how exactly you want the communication to occur. There are three common methods for implementing REST type services let s take a closer look. Communication choices 1. Client knows where to go. In this case the client knows the URL where to find the service already and knows what to do. 2. Client provides desires via headers. In this case the client specifies via HTTP header and parameter information what the client wants from the service and how it wants the response delivered. 3. Client discovers where to go via URL. In this case the client knows just the top level end point of the web service and drills down in to links the service provides to navigate through the information data. After you have decided how you are going to communicate next decide exactly how you re going to format your data. A common approach is to use SOAP as the document and message format. Again why reinvent the wheel Out of all the web service specifications SOAP is the most mature. 186 Chapter Building Secure APIs Download at Do you really need to publish to a UDDI directory Can t