Q Why should we handle response time out while calling Rest End point?
- When we connect to server those connections are made with the help of threads. If a connection has not been established so thread will be blocked. So we will be having multiple blocked threads for each request since server is not responding. To avoid this situation and to release the threads we have to do a time out.
- All these threads are available in thread pool in a server.
Q What is the difference between read time out and server time out?
- Server timeout is when we are unable to establish a connection to the server.
- Read time out happens when we are able to connect to server but unable to read the data that is we are not getting response back.
Q What is versioning in Rest?
- When we update functionality in Rest and want user to use new one instead of old obsolete one.
- We use versioning to mark these two different versions of functionality.
- Versioning can be defined using.
- Request parameters
- @GetMapping(value="/courses", params="ver=2")
- Headers
- @GetMapping(value="/courses", headers="api-version=2")
- Produces
- @GetMapping(value="/courses", produces="application/version2+json")
- URI
- @GetMapping(value="/courses/v2")
- We do it using SecurityConfiguration class in the API which extends to WebSecurityConfigurationAdapter.
- When we hit the request it goes to AuthenticationFilter. The filter gives us an authentication object. This object is passed to AuthenticationManagerBuilder which will find the AuthenticationProvider. This provider will validate an authentication object.
- There are various authentication providers like
- DaoAuthenticationProvider
- We can have our own custom authentication object provider.
- This AuthenticationProvider will pass object to AuthenticationManagerBuilder. The builder will further pass the object to the SecurityContextHolder.
- So SecurityContextHolder holds the SecurityContext object so when user signs in next time it won't ask for security credentials. It will check authentication credentials from the SecurityContextHolder itself. It will allow user to sign in without any credentials.
- For authentication we can pass jwt authentication token in the headers which is used for authentication whenever we are giving call to the micro service.
- This token is authenticated by the server.
- This is called as token based authentication.
Q Which is better jwt based authentication or session based authentication?
- Token based authentication should be followed in rest API's because those are stateless.
- The server does not stores state of client side. Client sends all the information in the header so that server is able to process that request.
- The client will give us a jwt token in every server we will have our public key or private key using which we will verify signature of the token and we will validate the token.
- When we use basic token based authorization in the "Authorization Header" of the request we send "basic encoded_token_value".
- Basic is the key word for basic authentication.
- When we use jwt authentication we are writing bearar in place of basic which implies that we don't have any responsibility as a provider as we are using clients token. There is no further authentication needed once we have that token we are the owner of the token. The token has been generated after authentication with server.
- jwt token is used for authorization of user and not authentication. Because the user who has jwt token is already authenticated.
- Session based authentication is restricted to the particular session only. So if we hit a request do another system then that system won't recognize our session.
- We may have many servers/instances running in microservices environment as we scale up our application.
- Since session is limited to a server we can't use such an authentication in such a architecture.
Q What is content negotiation?
- Content negotiation is what kind of requests should the API accept and what kind of response should API provide.
- It is achieved by media type class in produces or consumes parameter of @Getmapping annotation as follows.
- @GetMapping(value="/courses", consumes={MediaType.Application_XML_value}, produces={MediaType.Application_Json_Value})
Q What is the difference between @EnableDiscoveryClient and @EnableEurekaClient?
Ans
Ans
@EnableDiscoveryClient
- This annotation is based on
spring-cloud-commons
Dependent and implemented in the classpath - If it is another registration center like (consul, zookeeper) then Eureka, @EnableDiscoveryClient is recommended
@EnableEurekaClient
- The annotation is based on
spring-cloud-netflix
Dependence can only be used for eureka; - if the registered center is eureka, then @EnableEurekaClient is recommended
Q Give some Examples of the different Rest Clients?
- RestTemplate
- OpenFin
Q How are rest templates used in a Project?
- Rest Templates act as a client for consuming our Rest Data by hitting a url.
- The url may send response in xml or json.
- Example of Rest Template is
- ProductDto productDto=restTemplate.getForObject(url,ProductDto.class,id);
- Here ProductDto will be class with data members as same as what response is returned from url.
Q What is the difference between getForEntity() and getForObject()
- Both methods belong to Rest Template
- getForObject will only return an object i.e. response Object.
- getForEntity will return a response Entity.
- In getForEntity we also get values like statusCode(),getBody(),getHeaders().
- We also have exchange() method to get Rest values.
Q What are the uses of Response Entity?
- Using response Entity we can send the appropriate http status, response body, response headers.
- For Example
- return ResponseEntity.status(HTTPStatus.Accepted).body(restObject)
Q When an object is deleted and access is made what status code should we return?
- Content not Found i.e. 204 we can return 200 too.