Index
Numbers
1xx, HTTP status code, 275
2xx, HTTP status code, 275
3xx, HTTP status code, 275
4xx, HTTP status code, 275
5xx, HTTP status code, 275
200 -OK, HTTP status code, 68
201 -Created, HTTP status code, 69
202 -Accepted, HTTP status code, 69
304- Not Modified, HTTP status code, 69, 164–165
401 Unauthorized error response, 72
404 Not Found error response, 72
405 Method Not Allowed error response, 72
406 Not Acceptable error response, 72
409 Conflict error response, 72
A
Accept headers
406 Not Acceptable error response and, 72
defining routes for service with Rails 3, 90
using for versioning, 65–66
access authorization screen, OAuth, 248
access token, OAuth
consuming data from external services, 251–252
implementing, 249
pushing data into external service, 253–254
ActiveModel library
overview of, 132
serialization, 134–136
validations, 132–134
ActiveSupport library, 134–136
activity model, Rails social feed reader, 48–49
activity streams, Rails social feed reader features, 46
addressability, URIs and, 266
after_create
creating subscription activities with, 51
initiating tasks or callbacks, 238
Memcached time-based expiration, 160
after_save callback, 238
after_validation callback, 238
achieving with REST. See REST (Representational State Transfer)
defined, 39
of service-oriented design, 36–37
SOA increasing organizational, 28
AJAX widget, 254
algorithms, load balancing, 148–152
Amazon Web Services. See AWS (Amazon Web Services)
AMQP (Advanced Message Queuing Protocol)
client library, 224–227
defined, 217
RabbitMQ and. See RabbitMQ and AMQP
AMQP.start, AMQP client, 225
Apache Commons HTTPClient library, 117
Apache web server
SSL encryption for, 210
URI length limit in, 82
API (application programming interfaces). See also service and API design
data is, in messaging systems, 234–236
design guidelines, 85–86
designing multi-get requests, 81–82
designing service interface, 82–85
overview of, 79–81
architectural constraints, REST as set of, 263–264
architectural elements, REST, 265
architectural views, REST, 265
asterisk (*) wildcard operator, AMQP topic exchanges, 220–223
asynchronous communications
messaging creating more robust, 215
in RabbitMQ with EventMachine, 224
synchronous vs., 216–217
using queues for messaging in, 217
asynchronous I/O, 108–109
asynchronous writes
field value checking and, 232
overview of, 227–230
atomic APIs, 75–76
attributes method, ActiveModel serialization, 134
attributes= method, ActiveModel serialization, 134–136
defined, 185
HTTP, 186–187
and message signing, 187
and message signing, public/private key pairs, 192–196
and message signing, shared secrets with HMAC, 187–192
and message signing, what to sign, 197
OAuth for. See OAuth
overview of, 185–186
for Rails applications, 199–200
SSL certificates for, 198–199
Authlogic, 10
defined, 185
firewalls, 201–203
overview of, 201
RBAC, 203–209
availability
CAP theorem and, 231
eventual consistency and, 231–232
access key ID/secret authorization, 192
development of, 28
parsing XML with EC2 Query API, 168–174
service-oriented design of, 27–28
SOAP requests, 180–184
WSDL in, 178–180
B
backend processes, and load balancing least-connections, 150–151
overview of, 148
round-robin, 149–150
URI-based, 151–152
background processes
current Rails social feed reader setup, 46
with Delayed Job, 43–44
full Rails deployment with, 44–45
simple Rails deployment with, 41–43
before_save callback, 238
before_validation callback, 238
belongs_to relationships, Rails social feed reader
activity model, 48–49
comment model, 53
entry model, 51
follow model, 49–50
subscription model, 51
vote model, 52
BERT-RPC messaging standard, 216
bindings, AMQP
direct exchanges with, 219
exchanges copying messages to all queues with, 219
fanout exchanges with, 220
topic exchanges with, 220–223
using AMQP client, 225
blocking I/O, 107–109
browsers, URI length limits of, 82
Bundler, 124
Bunny client library, 226–227
business logic isolation, service-oriented design, 30–32
C
cacert.pem, SSL authentication, 198
cache constraint, REST design, 264
Cache-Control header, expiration-based caching, 162
Cache-Control: public, HTTP cache header, 69
cache hit ratios, 152
cache keys, generational, 160–161
caching
with Bundler, 124
expiration-based, 158–160, 162–163
headers for service APIs, 69
highest level joins and, 74–75
with HTTP. See HTTP caching
with Memcached. See Memcached
multi-get APIs and, 77
partitioning services on read/write frequencies, 62
call depth, 75
Callable interface, 116
callbacks
overview of, 238
web hook. See web hooks
canonicalized_params, message signing, 197
CAP (consistency, availability, and partition tolerance) theorem, 230–234
capacity, 147–148
conclusion, 58
converting to services, 54–58
typical Rails application, 41–45
case study, Rails social feed reader application, 45–54
activity model, 48–49
comment model, 53–54
current setup overview, 46
entry model, 51–52
features, 46
feed model, 50
follow model, 49–50
overview of, 45
subscription model, 51
user model, 47–48
vote model, 52–53
certificates, SSL. See SSL certificates
AMQP client, 224–226
Apache Commons HTTPClient library, 117
Bunny client, 226–227
memcache-client, 156–158
parsing XML, 167
reactor, 108
working with SOAP in Ruby, 177
yajl-ruby. See yajl-ruby library
client libraries, developing for services
with ActiveModel, 132–136
with ActiveSupport, 134–136
connecting to services. See connection and request logic, client libraries
mock, stubs, and tests, 143–146
overview of, 123
packaging, 123–127
parsing logic, 127–131
summary review, 146
creating user, 21–22
defined, 18
destroying user, 24
finding user, 18–21
updating user, 22–23
verifying user, 24–26
client/server constraint, REST design, 264
client.rb file
implementing User.create, 22
implementing User.destroy, 24
implementing User.find, 20
implementing User.login, 25–26
implementing User.update, 23
client_spec.rb file
spec’ing User.create, 21–22
spec’ing User.find, 19–20
spec’ing User.login, 25
spec’ing User.update, 23
CloudFront, Amazon Web Services, 28
code base, developing Rails in single, 41
code-on-demand constraint, REST design, 264
code, scalability of service-oriented design and, 36
comment model, 53–54
comments
activity model, 49
features of, 46
partitioning on logical function, 62
reuse of services for, 38
successful response bodies for, 70–71
URIs and interface design, 67
user model, 48
components, as REST architectural elements, 265
config.ru file
accessing RBAC with Rack adapter, 208–209
implementing Rack: :Throttle, 260–261
Sinatra directory structure, 95–96
user service implementation, 5
confirmation page, OAuth consumer registration, 247
CONNECT method, 268
connecting to services, 107–121
blocking I/O, threading and parallelism, 107–109
client libraries, 136–143
handling error conditions, 118–119
with JRuby, 115–117
logging for performance, 117–118
with multi-threaded requests, 113–115
overview of, 107
requests in development environments, 121
summary review, 121
testing and mocking service calls, 119–120
with Typhoeus, 109–113
connection and request logic, client libraries
overview of, 136
performing data reads, 136–142
performing data writes, 142–143
connector view, REST, 265
connectors, RESTful web services design, 265
CAP theorem and, 231
designing around eventual, 232–234
eventual, 231–232
constraints, architectural. See REST (Representational State Transfer)
consumers, AMQP
AMQP client library, 224–226
Bunny client library, 227
function of, 218
message acknowledgements, 224
pushing messages to, 224
saving persistent messages until pushed off to, 223
consumers, OAuth, 246–249
consuming data, from external services, 251–252
continuous integration servers, web hooks utilized by, 240–241
controllers
breaking up into services, 55–58
current setup, 46
implementing services with Rails, 90–95
partitioning on logical function, 62
quick iterations and, 60
counter caches
comment model, Rails social feed reader, 52–53
customizing in Rack: :Throttle, 260–261
vote model, Rails social feed reader using, 52–53
credentials
encryption preventing attack on, 213
implementing HTTP authentication, 186–187
implementing user verification, 17
Twitter OAuth consumer application, 247
verification of user, 16–17, 24–25
CRUD (create, update, delete) operations service requirements, 2
URIs and interface design, 67
cryptographic hashes, for signed messages, 187
CSS selectors, Nokogiri support for, 174–177
Curb library, 107
curl commands, implementing RBAC, 209
D
data elements, RESTful architecture, 265
data models. See models
data reads, performing
developing client libraries, 136–142
routing through messaging system, 227
data stores, using write exchange, 228
data view, REST, 265
data writes, performing
in eventually consistent system, 231–234
service client libraries and, 142–143
through RESTful HTTP services, 227–230
database server
shared system isolation and, 32
simple Rails deployment, 41–42
Delayed Job, 42–44
DELETE method
client library implementation, 24
as idempotent action, 245
as idempotent method, 268–269
implementing HMAC signing, 189
RESTful services design utilizing, 271
single requests in Typhoeus, 111
in URIs and interface design, 67
user service implementation, 15–16
delete method, Sinatra, 16
denormalization, Rails social feed reader
activity model, 48–49
migrating model to, 87
minimizing joins with, 64
service-oriented design vs., 34–35
dependencies, managing with Bundler, 124
deployment, service-oriented design for, 36
desktop applications, authentication. See OAuth
destroying user, client library implementation, 24
development environments, requests in, 121
direct exchanges, RabbitMQ and AMQP, 218–220
directory structure
Rack, 100
service client libraries, 123–127
Sinatra, 95–96
Distributed Ruby (DRb), 216
down votes, Rails social feed reader, 52–53
DRb (Distributed Ruby), 216
durability, RabbitMQ and AMQP, 223
E
EC2 (Elastic Compute Cloud), AWS, 28
Edge side includes (ESI), 56–58
email notifications, Rails social feed reader, 46, 61
encapsulation
adding to underlying model over time, 88
parsing JSON in Ruby, 131
encryption
defined, 185
overview of, 209–210
public/private keys for, 210–213
SSL for, 210
entitystore, Rack-Cache gateway cache, 166
Entry class, ReadingList service, 141
entry model, Rails social feed reader, 51–52
env variable, Rack, 106
:environment task, implementing user service, 6
Ernie, messaging standard, 216
error responses
handling general data, 118–119
handling with PUT method, 15
implementing service with Rails controller code, 93–94
service API standards for, 72–73
ESI (Edge side includes), 56–58
ETag header, HTTP, 69, 163–165
eventual consistency, 231–234
exchanges, RabbitMQ and AMQP
direct exchanges, 218–220
durable, 223
fanout exchanges, 220
overview of, 218
topic exchanges, 220–223
Executors class, 116
expiration-based caching
Expires header, HTTP, 69
HTTP, 162–163
manual, with Memcached, 159–160
time-based, with Memcached, 158–159
exponential backoff, for callback receivers, 245
external interoperability, service-oriented design, 37
external services
authenticating with OAuth, 245–251
consuming data, 251–252
dealing with failure, 244–245
ensuring performance and reliability, 258–261
overview of, 237
pushing data, 253–254
request lifecycle, 254
summary review, 261
worker processes, 254–258
working with web hooks. See web hooks
failover
load balancing ensuring, 148
request lifecycle of external services and, 254
round-robin load balancer providing, 149
FakeWeb, 120
fanout exchanges, RabbitMQ and AMQP, 220
feed-crawling system, Rails, 68
field operations, messaging systems, 234–236
field value checking, in eventually consistent system, 232
Fielding, Roy, 263–265, 270–271
FIFO (first-in, first-out) data structure, 217
files structure, service client libraries, 123–127
Firefox, URI length limit of, 82
firewalls, 201–203
first-in, first-out (FIFO) data structure, 217
follow model, Rails social feed reader, 49–50, 67
formats
message, 217
for resources, as representations, 267–268
from_xml method, parsing XML, 172–173, 175–176
full isolation, service-oriented design, 32–33
Future class, 116–117
G
gem install command
ActiveRecord, 3
building/deploying library with RubyGems, 127
JSON Ruby, 4
Typhoeus, 4
gemcutter gems, installing Jeweler, 125
gems
creating with gemspec file, 124
creating with Jeweler, 124–125
parsing JSON in Ruby with JSON, 128–129
performing data reads, 136–142
reusing services with, 38
gemspec file, Jeweler, 124
Gem::Specification documentation page, 124
GenerateKeys
encryption with public/private key pairs, 211
public/private key pairs for RSA authentication, 193–194
generational cache keys, Memcached, 160–161
GET method
atomic APIs and, 76
HEAD method vs., 271
in HMAC signing, 189
as idempotent action, 245
as idempotent method, 268
multi-get APIs and, 76–77, 81–82
in Rails controller code, 94
in ReadingList service, 140
in requests in Typhoeus, 111–112
RESTful services design utilizing, 269
as safe method, 268
in URIs and interface design, 67–68
user service implementation, 6–11
git gems, Jeweler, 125
Github, 240–242
global interpreter lock (GIL), 109, 113
Google Gmail, 254
Handsoap library, 177
HAProxy load balancer, 153–155
hardware load balancers, 152–155
Hash-based Message Authentication Code (HMAC) signing, 180–184, 187–192
has_many relationships, Rail social feed reader
entry model, 51
feed model, 50
user model, 47
has_many: through relationship, user model, 47–48
HEAD method
as idempotent method, 245, 268
rare use of, 268
RESTful services design utilizing, 271
as safe method, 268
headers, HTTP, 271–274
highest level, joining at, 74–75
HMAC (Hash-based Message Authentication Code) signing, 180–184, 187–192
HMAC::SHA256 signer, 189
HmacSignature, 189–191
HOOK: INCOMING TRAFFIC, firewalls, 202
host object, data reads, 137–138
Hpricot, 174
.html file, sepcifying representations, 267
HTTP authentication, 186–187
HTTP-based services, 1–2
expiration-based, 162–163
HTTP-based data reads, 227
implementing with Rack-Cache, 165–166
implementing with Squid and Varnish, 166
overview of, 162
validation-based, 163–165
HTTP headers, RESTful services design, 271–274
HTTP libraries
defined, 4
as message transport protocol in SOA, 215
service API standards for responses, 68–73
service interface design methods, 82–85
Typhoeus as preferred, 21
HTTP methods, RESTful services design, 268–271
HTTP requests
in development environments, 121
logging for performance, 117–118
multiple-threaded, 113–115
in parallel with JRuby, 115–117
services responding to, 1
Typhoeus simultaneous, 111–113
Typhoeus single, 109–111
HTTP status codes
RESTful services design, 274–275
service API standards for errors, 72, 93–94, 117–118
service API standards for successful responses, 68–69, 94
hybrid system, designing application as, 60–61
hydra class
defined, 137
logging for performance, 117–118
making single requests, 109–110
performing data reads, 137–139
pushing data into external service, 253–254
I
idempotent methods
defined, 245
overview of, 268–269
info routing key, AMQP direct exchanges, 220
integration servers, web hooks utilized by, 240–242
Integrity integration server, 240
interface design, and URIs, 66–68
internal interoperability, service-oriented design, 37
Internet Explorer, URI length limit of, 82
interoperability
achieving with REST. See REST (Representational State Transfer)
service-oriented design and, 37, 39
invalid credentials, testing for, 17
invalidation, cache, 158–161
IP addresses, and firewalls, 201–203
iprange filter, firewalls, 202
iptables, firewalls, 201–202
iptables-restore command, firewalls, 203
iptables-save command, firewalls, 203
isolation
achieving with REST. See REST (Representational State Transfer)
business logic, 30–32
full, 32–33
service-oriented design and, 38
shared system, 32
testing in, 34
iteration speed, partitioning services on, 60–61
J
Jeweler, 123–126
jeweler-help command, 125
jgem command, 128–129
joins
call depth issues, 75
at highest level, 74–75
overview of, 73
partitioning services by minimizing, 63–64
performing data reads, 137
storing references, 73–74
URIs and interface design, 67
JRuby
connecting to services, 115–117
installing JSON gem on, 128
Nokogiri compatibility with, 174
running requests in parallel with, 115–117
using kernel-level threads, 109
ActiveModel serialization module for, 134–136
implementing service with Sinatra, 96–100
overview of, 3–4
parsing in request body, 94
parsing in Ruby. See parsing JSON in Ruby
parsing with yajl-ruby library, 94
serialization standard, 216
spec’ing POST user, 12
.json file, sepcifying representations, 267
JSON.parse call, 129
K
key/value stores, Memcached, 156
L
languages
interoperability of service-oriented design, 37
specifying for representation of resources, 267–268
Last-Modified header, HTTP caching, 69, 163–165
caching increasing, 155
least-connections load balancer improving, 150
load balancing maintaining, 148
overview of, 147–148
layered system constraint, REST design, 264
least-connections load balancers, 150–151
least-recently used (LRU) eviction algorithm, 160–161
legacy services. See parsing XML, for legacy services
libcurl-multi libraries, 4, 109
libraries. See client libraries
libxml library, installing Nokogiri, 174
LibXml-Ruby, 174
libxslt library, installing Nokogiri, 174
LimitRequestLine directive, Apache, 82
load balancing
defined, 147
implementing, 152–155
least-connections, 150–151
overview of, 148
round-robin, 149–150
URI-based, 151–152
lock service, enforcing uniqueness, 233
logging
handling error conditions, 118
for performance, 117–118
using AMQP client, 225
logical function, partitioning on, 61–62
lower-level services, partitioning, 61–62
LRU (least-recently used) eviction algorithm, 160–161
M
man-in-the-middle attacks, preventing, 187, 209–210
manual expiration, Memcached, 159–160
mapping, Ruby objects with ActiveRecord, 3
Marshal module, memcache-client library, 157–158
memcache-client library, 156–158
Memcached, 155–161
deploying Rails with background processes, 44–45
generational cache keys, 160–161
manual expiration, 159–160
Memcached client and ActiveRecord, 156–158
overview of, 155–156
time-based expiration, 158–159
memory, caching objects in. See Memcached
message signing
authentication using, 187
public/private key pairs with RSA, 192–196
shared secrets with HMAC, 187–192
what to sign, 197
messaging, 215–236
benefits of signing, 185
CAP theorem and, 230–234
creating systems tolerant of usage spikes, 143
data as API, 234–236
formats, 217
moving outside request life cycle with, 243–244
queues, 217
RabbitMQ and AMQP. See RabbitMQ and AMQP
summary review, 236
synchronous vs. asynchronous, 216–217, 227–230
understanding, 215–216
metastore option, Rack-Cache, 166
methods, HTTP, 268–271
metrics, performance of services, 259–260
migration. See also Rails social feed reader application
agility of service-oriented design for, 36
creating user model with, 9–10
MIME types, indicating service versions, 65–66
mocking
service calls, 119–120
service client libraries, 143–146
model file, 9–10
breaking up into into services, 55–58
creating user model, 47–48
current setup, 46
implementing services with, 86–88
quick iterations and, 60
mod_ssl, SSL for encryption, 210
Mongrel, HAProxy with, 154–156
monitoring
latency of services, 147
partitioning on logical function, 61
multi-get APIs, 75–77
multi-get requests, 81–82
multi-threaded requests, connecting to services, 113–115
multiple-model APIs, 77–78
multithreaded I/O, 107–109
N
named scopes, creating models, 86–87
naming conventions
creating gems with Jeweler, 125–126
specifying representation of requested resources, 267
URIs and, 266
native (kernel-level) threads
achieving parallelism, 108–109
thread pools for, 115
NeverBlock library, 108
next page functionality
creating pagination, 94
implementing services, 91–92, 97–98, 103–104
performing data reads, 140
Nginx web server
enabling SSL for encryption, 210
URI length limit of, 82
Nokogiri, 167
notifications, receiving, 228–230
notify exchange, messaging-based writes, 228–230
O
consuming data from external services, 251–252
implementing consumer, 246–249
implementing provider, 249–251
overview of, 245
object/relational mapper (ORM), 3
objects, JSON, 127–128
on_complete handler
logging for performance, 117–118
ReadingList service, 140–141
simultaneous requests in Typhoeus, 112–113
single requests in Typhoeus, 110
online references
ActiveModel built-in validators, 134
ActiveRecord, 3
Amazon EC2 Query API documentation, 168–170
Amazon’s Product Advertising API, 178
AMQP, 218
AMQP client, 224
Apache Commons HTTPClient library, 117
Bundler, 124
Bunny client library, 226–227
creating gem with gemspec file, 124
Delayed Job, 43
ESI (Edge side includes), 57
EventMachine, 224
Gem::Specification documentation page, 124
HTTP request headers, 273
Jeweler, 124–127
libcurl installation, Typhoeus, 109
libraries for working with SOAP, 177
messaging standards for Ruby, 216
mocking service calls, 120
performing data reads, 137
presenter pattern, 94
PubSubHubbub, 239
Rack: :Throttle, 260
reactor design pattern implementations, 108
receiving web hooks, 240
REST concept, 263
REXML, 170
Rspec, 4
ruby-hmac gem, 187
Ruby on Rails guide to security, 200
Sinatra, 3
Typhoeus, 4
vendor tree, 66
worker processes for servolux library, 254
WSDL file, 178
XPath, 170
yajl-ruby project, 129
openssl, public/private key pairs, 193
optimistic locking, for uniqueness, 233
optimistic systems, for transactions, 233
OPTIONS method
rare use of, 268
RESTful services design utilizing, 271
ORM (object/relational mapper), 3
P
packaging library
organizing structure of files and directories, 123–126
with RubyGems, 127
parallel request method, atomic APIs, 76
parallelism
with asynchronous I/O, 108
for data read requests, 136
with JRuby, 115–117
with multiple-threaded requests, 113–115
with multithreaded I/O, 107–109
overview of, 107–108
with Typhoeus, 109
params hash
implementing GET user, 11
pushing data into external service, 253–254
with JSON gem, 128–129
overview of, 127–128
wrapping parsed results, 130–131
yajl-ruby library, 94, 129–130
parsing XML, for legacy services
summary review, 184
using Nokogiri, 174–177
using REXML, 170–174
writing classes using SOAP calls, 177–184
XML, 167–170
partition tolerance, 231–232
partitioning into separate services
on iteration speed, 60–61
on join frequency, 63–64
on logical function, 61–62
on read/write frequencies, 62–63
scalability of service-oriented design, 35
transactions using, 234
HTTP authentication, 186–187
user authentication, 185
user verification, 16–18
validating user model, 10
patterns, AMQP topic exchanges messages based on, 220–223
performance
external services and, 254, 258–261
logging for, 117–118
multiple-threaded requests for, 113–115
persistency slowing, 223
RabbitMQ and AMQP, 223
Squid and Varnish benefits, 166
threaded I/O and, 109
typical Rails issues, 45
persistency, RabbitMQ and AMQP, 223
Phusion Passenger load balancer, 153
pings, PubSubHubbub, 239
plugins
RBAC, 203
reuse of services, 38
ports, restricting with firewalls, 202–203
POST body
encryption with public/private key pairs, 210–211
message signing, 197
POST method
designing service interface, 85
HMAC signing, 189
implementing service with multi-get interface, 81–82
pushing data into external service, 253–254
RESTful services design utilizing, 269
single requests in Typhoeus, 111
URIs and interface design, 67–68
user service implementation, 11–13
post-receive hooks, web hooks, 240–242
pound sign (#) wildcard operator, AMQP topic exchanges, 220–223
presenter pattern, 94
previous page functionality
creating pagination, 94
implementing services, 91–92, 97–98, 103–104
performing data reads, 140
process view, REST, 265
producer, AMQP, 219
profiles, Rails social feed reader, 46
The Programmable Web, 237
provider, implementing OAuth, 249–251
public-facing APIs, reusing services with, 38
public/private key pairs
for encryption, 210–212
generating with RSA, 192–196
PubSubHubbub, 239
pushing data, into external services, 224, 253–254
PUT method
designing service interface, 85
HMAC signing and, 189
as idempotent action, 245
as idempotent method, 268–269
implementing User.update, 23
RESTful services design utilizing, 269–271
single requests in Typhoeus, 111
URIs and interface design, 67
user service implementation, 13–15
Q
query strings
authentication with, 195
encryption with, 210–213
signing, 197
signing requests using HMAC, 187, 190–191
querying user authentication, RBAC service, 204–206, 209
queues
acknowledgement in AMQP-based, 245
basic metrics in, 259
messaging, 217
RabbitMQ and AMQP, 218, 223, 225
running multiple-threaded requests in, 114–115
segregating by service, 259
using worker processes, 254–258
quotas, monitoring external services, 260
R
acknowledgement, 245
client libraries, 224–227
durability and persistence, 223–224
exchanges and bindings, 218–223
moving work outside request life cycle, 243–244
overview of, 217–218
queues in RabbitMQ, 218
Rack
HTTP authentication in, 186–187
implementing services with, 100–106
Rails and Sinatra built on top of, 79, 95
throttling in, 260
Rack adapter
implementing encryption, 212–213
implementing HMAC signing, 190–192
implementing RBAC, 206–209
Rack-Cache gateway cache, HTTP caching, 165–166
Rack: :Throttle, 260–261
Rack::SignatureValidator, 191–192
rackup file, Rack, 100–106
Rails applications
authentication for, 199–200
implementing service with, 79
implementing service with Sinatra vs., 100
Rails 2.3 routes, 88–89
Rails 3 routes, 89–90
Rails controller code, 90–95
typical, 41–45
Rails social feed reader application
activity model, 48–49
breaking up into services, 54–58
comment model, 53–54
current set up, 46
entry model, 51–52
features, 46
feed model, 50
follow model, 49–50
overview of, 45
segmenting into services, 54
service and API design. See service and API design
subscription model, 51
summary review, 58
user model, 47–48
vote model, 52–53
ratings
ActiveModel serialization, 135–136
ActiveModel validation, 132–134
data reads, 137
data writes, 142–143
simultaneous requests in Typhoeus, 113
RBAC authorization service
overview of, 203–206
Rack adapter, 206–209
reactor design pattern, 108
read/write frequencies, partitioning services on, 62–63
read_attribute_for_validation method, ActiveModel, 133
reading data
logic for, 136–142
from queue in RabbitMQ, 218
ReadingList service, 137–142
recording failures, 245
references, storing joined data, 73–74
registration, OAuth, 246
relationships, Rails social feed reader
comment model, 54
current setup, 46
entry model, 52
feed model, 50
subscription model, 51
user model, 47–48
vote model, 53
reliability, external services, 258–261
replay attacks, preventing, 189
replicated data, minimizing joins with, 64
representation headers, RESTful services design, 273
representations, REST and, 267–268
request headers, RESTful services design, 272–273
request lifecycle, external services, 254, 258
request objects, ReadingList service, 142
request signing
authentication and, 187
public/private key pairs with RSA, 192–196
shared secrets with HMAC, 187–192
what to sign, 197
request token, OAuth, 248–249
Request wrapper, Rack, 106
requests, SOAP, 180–184
Resource class, RBAC, 204
resource-oriented architecture (ROA), 29
resources
RBAC roles for, 203–206
REST and, 265–268
response bodies, 70–73
response codes, customizing in Rack: :Throttle, 262
response headers, RESTful services design, 274
response object, Typhoeus, 109–110
response time, 147–148
REST (Representational State Transfer)
service versions, 65
sessions as resources in, 17
SOA vs. service-oriented design vs., 28–29
this book focusing on services for, 2
using HTTP APIs for messaging, 215
REST (Representational State Transfer), understanding
architectural elements, 264–265
architectural views, 265
constraints, 264
HTTP headers, 271–274
HTTP methods, 268–271
HTTP status codes, 274–275
overview of, 263–264
and resources, 265–268
uniform interface of, 268
RESTful Web Services (Richardson and Ruby), 29
retry logic
designing callback receivers, 245
handling error conditions, 119
reuse, 38–39
Revactor library, 108
ROA (resource-oriented architecture), 29
robust architecture, service-oriented design, 34–35
robustness, 39
RoleBased class, RBAC, 204
roles, RBAC, 203–206
round-robin load balancers, 149–150
routers, exchanges vs., 218
routes, defining for services
Rails 2.3, 88–89
Rails 3, 89–90
Sinatra vs. Rails, 100
routes.rb, 88–90
routing keys, RabbitMQ and AMQP
defined, 218
in direct exchanges, 218–220
in fanout exchanges, 220
modifications to field operations, 235–236
in topic exchanges, 220–223
RSA algorithm, public/private key pairs with, 192–196
Rspec, testing library, 4
rssCloud, 239
Ruby bindings to YAJL, 4
ruby-hmac gem, implementing HMAC, 187
Ruby tool set
ActiveRecord, 3
JSON, 3–4
Rspec, 4
Sinatra, 2–3
Typhoeus, 4
RubyGems
building/deploying library, 127
installing memcache-client library, 156–157
structuring library files/directories, 123–126
run call, Typhoeus, 110
S
safe methods, 268
save method, data writes, 142–143
Savon library, 177–178
Savon:Client object, SOAP requests, 183
Savon:Result object, SOAP requests, 182
scalability
achieving with REST. See REST (Representational State Transfer)
defined, 39
load balancing allowing, 148
Rails applications issues, 45
round-robin load balancer providing, 149
in service-oriented design, 35–36
searching, reusing services in, 38
security
authentication. See authentication
authorization. See authorization
encryption, 209–213
overview of, 185
password. See passwords
for SOAP requests, 180
segregating queues by service, 259
serialization
ActiveModel, 134–136
as goal of message formats, 216
JSON. See JSON
XML as format for, 167
service and API design, 59–78
API complexity and, 75–78
handling error responses, 72–73
handling joins, 73–75
partitioning on iteration speed, 60–61
partitioning on join frequency, 63–64
partitioning on logical function, 61–62
partitioning on read/write frequencies, 62–63
successful responses, 68–71
summary review, 78
URIs and interface design, 66–68
versioning, 64–66
service library, 55–58
service-oriented architecture (SOA)
comparing with other design strategies, 28–29
HTTP in, 215
service-oriented design
agility, 36–37
case study. See case study
interoperability, 37
isolation, 30–34
making case for, 29–30
reuse, 38
robustness, 34–35
scalability, 35–36
SOA vs. RESTFUL architecture vs., 28–29
summary review, 38–39
understanding, 27
uses of, 27–28
service.rb file
implementing DELETE user, 15–16
implementing GET user, 10–11
implementing POST user, 12–13
implementing PUT user, 14–15
implementing service with Sinatra, 96–100
implementing user verification, 17–18
spec’ing User.destroy, 24
spec’ing User.find, 18–20
service.ru file, 100
services
breaking up Rails application into, 54–58
requirements, 2
Ruby tool set, 2–4
segmenting Rails application into, 54
understanding, 1–2
API design guidelines, 85–86
creating data models, 86–88
creating full Rails application, 88–95
multi-get interface, 81–82
summary review, 106
using raw Rack interface, 100–106
using Sinatra interface, 95–100
vote interface, 82–85
vote service. See vote service
service_spec.rb file
spec’ing DELETE user, 15
spec’ing GET user, 6–9
spec’ing POST user, 12
spec’ing PUT user, 13
spec’ing user verification, 16
servolux library, worker processes, 254–258
shared key value store, partitioning, 61–62
shared messaging system, partitioning, 61–62
shared secret key, SOAP requests, 182
shared secrets, HMAC signing, 187–192
shared system isolation, service-oriented design, 32–33
SIGHUP, worker processes, 257–258
signature class, creating HMAC, 188–189
signature_is_valid? HMAC signing, 190
SIGTERM, worker processes, 257–258
Simple Object Access Protocol. See SOAP (Simple Object Access Protocol)
Simple Queue Service (SQS), Amazon Web Services, 28, 62
Simple Storage Service (S3), Amazon Web Services, 28, 62
SimpleDB, AWS, 28
simultaneous HTTP requests, Typhoeus, 111–113
Sinatra
handling RBAC service users/roles, 205–206
implementing services with, 95–100
overview of, 2–3
single HTTP requests, Typhoeus, 109–111
single-table inheritance (STI), 49, 52
SOA (service-oriented architecture)
comparing with other design strategies, 28–29
HTTP in, 215
SOAP (Simple Object Access Protocol)
making requests, 180–184
as messaging format, 215–216
overview of, 177
with WSDL file, 177–180
soap4r library, 177
social feed reader case study. See Rails social feed reader application
software load balancers, 152–155
specs, user service implementation
DELETE user, 15
GET user, 6–9
POST user, 12
PUT user, 13–14
User.destroy, 24
User.login, 25
verification, 16–17
SQS (Simple Queue Service), Amazon Web Services, 28, 62
Squid gateway cache, 166
SR/AW (synchronous reads, asynchronous writes)
field value checking and, 232
HTTP-based reads, 227
messaging-based writes, 227–230
understanding, 227
and value uniqueness, 233
authentication with, 198–200
encryption with, 210
using basic HTTP authentication with, 187
stateless constraint, REST design, 264
status codes. See HTTP status codes
status update, Twitter, 253–254
STI (single-table inheritance), 49, 52
feed entry, 60–61
requirements, 2
strings, Memcached storing types other than, 157–158
stubbing, service client libraries, 143–146
subscribe blocks, consumers for Bunny client library, 227
subscriptions
activity model, 48–49
Rails social feed reader, 49, 51
synchronous reads, asynchronous writes and, 229
user model, 47
successful responses, service API standards, 68–71
synchronous communications, 216–217
synchronous reads, asynchronous writes. See SR/AW (synchronous reads, asynchronous writes)
T
tagging systems, reusing services, 38
TCP requests, firewalls, 202
team size
Rails applications issues, 45
scalability of service-oriented design, 36
testing
GET user, 8–9
in isolation, 34
Rails applications, 41
Rspec as preferred library for, 4
service calls, 119–120
service client libraries, 143–146
Thin, HAProxy with, 154
thread pools, 114–117
threading
achieving parallelism with, 108–109
running multiple-threaded requests, 113–115
throttling, monitoring external services, 260
throughput, 147–148
time-based expiration-based caching, Memcached, 158–159, 160
time sensitivity, request lifecycle of external services, 254
time value
HMAC signing in Rack, 191
preventing replay attacks, 189
timestamp_and_signature method, HMAC signing, 182
tokens
OAuth provider, 249–251
OAuth requests, 248–249
topic exchange, RabbitMQ and AMQP, 220–223, 228
topics, PubSubHubbub, 239
TRACE method, 268
transactions, in eventually consistent system, 233–234
tweet, pushing data into Twitter, 253–254
TweetSender module, 256–257
consuming data, 251–252
open access of, 251
pushing data into, 253–254
request lifecycle, 254
using OAuth authentication, 245–251
worker processes, 254–258
Typhoeus
defined, 109
HTTP authentication, 186
as HTTP library, 4
logging for performance, 117–118
making simultaneous requests, 111–113
making single requests, 109–111
mocking service calls, 119–120
using re-try logic, 118–119
Unicorn load balancer, 153–155
uniform interface constraint
HTTP headers, 271–274
HTTP methods, 268–271
HTTP status codes, 274–275
in REST design, 264
uniqueness, eventually consistent systems, 232–233
up votes, Rails social feed reader, 52–53
updates, user
agility of service-oriented design for, 36
client library implementation, 23
PUT method for, 13–15
updating service versions, 64–65
URI-based load balancers, 151–152
URIs (uniform resource identifiers)
defining for Sinatra, 100
GET limitation on length of, 82
handling joins, 73–74
interface design and, 66–68
ReadingList service, 140
REST and, 266
service design implementation, 80–81
service interface design, 82–85
service version indicated in, 64–65
specifying representation of requested resources, 267
spec’ing user verification, 17
successful response bodies and, 70
URLs
messaging, 215
RBAC service implementation, 205
user authentication
HTTP, 186–187
messaging signing for, 185
overview of, 185
for Rails, 199–200
request signing for, 187
reuse of services for, 38
User class, RBAC, 204
user-level threads, 108–109, 113
user login verification, 2
user model
creating, 9–10
Rails social feed reader, 47–48
user name
HTTP authentication, 186–187
implementing user verification, 17–18
as simplest form of user authentication, 185
spec’ing user verification, 16–17
user profiles, 46
user-service directory, 5, 10–11
user service implementation
for authentication, 199–200
deleting user, 15–16
overview of, 5–6
POSTing user, 11–13
PUTing user, 13–15
using GET, 6–11
verifying user, 16–18
User.create, 21–22
User.destroy, 24
User.find, 18–21
User.login, 25–26
user.notify exchange, 229–230
users
client library implementation. See client library implementation
creating/authorizing roles for, 203–206
/users/:name/authorization, 205
User.update, 23
user.write exchange, 229–230
UUIDs, multi-get, 82
V
valid credentials, testing for, 17
validates_acceptance_of, ActiveModel, 133
validates_confirmation_of, ActiveModel, 133
validates_exclusion_of, ActiveModel, 134
validates_format_of, ActiveModel, 134
validates_inclusion_of, ActiveModel, 134
validates_length_of, ActiveModel, 134
validates_numericality_of, ActiveModel, 134
validates_presence_of, ActiveModel, 134
validates_uniqueness_of, 134
validates_with, ActiveModel, 134
validation. See also authentication
ActiveModel, 132–134
creating model, 86–87
creating user model, 10
HTTP caching based on, 163–164
not occuring in client library, 22
with Rails controller code, 93
verifying user credentials, 24–26
Validations module, ActiveModel, 132–134
value uniqueness, eventually consistent systems, 232–233
Varnish gateway cache, 166
vendor tree, defining application MIME types, 66
vendors, interoperability of service-oriented design, 37
verification, user
client library implementation, 25–26
user service implementation, 16–18
versioning services
agility and, 37
overview of, 64–65
version.rb file, Jeweler, 126
views
breaking up into services, 55–58
current setup, 46
partitioning on logical function, 62
quick iterations and, 60
REST architectural, 265
Vogels, Werner, 27–28
vote model, Rails social feed reader, 52–53
API design guidelines, 85–86
creating data models, 86–88
multi-get interface, 81–82
overview of, 79–81
with Rack, 100–106
with Rails, 88–95
with Sinatra, 95–100
summary review, 106
vote interface, 82–85
votes
activity model, 49
features, 46
partitioning services on read/write frequencies, 63
vote model, Rails social feed reader, 52–53
VotesService class, 105–106
W
overview of, 237
providing, 242–244
PubSubHubbub, 239
receiving, 240–242
strategies for dealing with failure, 244–245
summary review, 261
understanding, 238–239
web server
full Rails deployment with, 43–45
simple Rails deployment with, 41–43
Web Services Description Language. See WSDL (Web Services Description Language)
WebhookCallback model, 243–244
wildcards, for AMQP topic exchanges, 220–223
worker processes, external services, 254–258
WorkerPool module, 255–258
wrapping parsed results, JSON, 130–131
write exchange
and field value checking, 232
with minimal writes, 236
overview of, 228–230
writing
classes that make SOAP calls. See SOAP (Simple Object Access Protocol)
classes to parse service responses. See parsing XML, for legacy services
messaging-based writes, 228–230
partitioning services on read/write frequencies, 62–63
performing data writes, 142–143
WSDL (Web Services Description Language)
constructing requests without, 183–184
exploring web services, 177–180
making requests, 180–182
WSSE (WS-Security), SOAP requests, 180
X
X-Auth-Sig header
HMAC signing, 189
using public/private key pairs, 194
X-Auth-User header
HMAC signing, 190
using public/private key pairs, 194
XML
implementing web services. See SOAP (Simple Object Access Protocol)
parsing. See parsing XML, for legacy services
.xml file, sepcifying representations, 267
XPath
defined, 170
REXML full support for, 170