QC 4

Question 1

What does SOA stand for?

Answer 1

Service Oriented Architecture

Question 2

describes applications that have everything built into it. The UI, BL, and DL are all wrapped up in a package.

Answer 2

Monolithic Architecture

Question 3

how does one interact with Monolithic Architecture?

Answer 3

User interface -> Buisness Logic -> Data Interface < – > Database

Question 4

What is the ASP.NET MVC Dilemma?

Answer 4

with asp.net mvc, the view is tightly coupled to the processing logic. This means that the client will have to wait for its request to be processed and also for the view that the server eventually returns

Question 5

Architecture style for building software applications that use services available in a network such as the web

Services are an implementation of a well defined business functionality

So what we want to do is to delegate the whole business logic with the data layer associated with it as a service that returns to the client the necessary data it would need to present to the end user, how to present that data is wholly up to the client

Answer 5

Service oriented architecture (SOA)

Question 6

What is the solution to the asp.net Dilemma?

Answer 6

Decoupling the logic that processes the data (aka your backend logic) from the logic that presents your data (aka your front end logic)

Put those into two different servers

Question 7

What are the SOA Principles?

Answer 7

Standardized Service Contract

Loose Coupling

Service Abstraction

Service Reusability

Service Autonomy

Service Statelessness

Service Discoverability

Service Composability

Service Interoperability

Question 8

Services adhere to a service description. A service must have some sort of description which describes what the service is about. This makes it easier for client applications to understand what the service does.

Answer 8

Standardized Service Contract

Question 9

Less dependency on each other. This is one of the main characteristics of web services which just states that there should be as less dependency as possible between the web services and the client invoking the web service. So if the service functionality changes at any point in time, it should not break the client application or stop it from working.

Answer 9

Loose Coupling

Question 10

Services hide the logic they encapsulate from the outside world. The service should not expose how it executes its functionality; it should just tell the client application on what it does and not on how it does it.

Answer 10

Service Abstraction

Question 11

Logic is divided into services with the intent of maximizing reuse. In any development company re-usability is a big topic because obviously one wouldn’t want to spend time and effort building the same code again and again across multiple applications which require them. Hence, once the code for a web service is written it should have the ability work with various application types.

Answer 11

Service Reusability

Question 12

Services should have control over the logic they encapsulate. The service knows everything on what functionality it offers and hence should also have complete control over the code it contains.

Answer 12

Service Autonomy

Question 13

Ideally, services should be stateless. This means that services should not withhold information from one state to the other. This would need to be done from either the client application. An example can be an order placed on a shopping site. Now you can have a web service which gives you the price of a particular item. But if the items are added to a shopping cart and the web page navigates to the page where you do the payment, the responsibility of the price of the item to be transferred to the payment page should not be done by the web service. Instead, it needs to be done by the web application.

Answer 13

Service Statelessness

Question 14

Services can be discovered (usually in a service registry). We have already seen this in the concept of the UDDI (Universal Description, Discovery, and Integration), which performs a registry which can hold information about the web service.

Answer 14

Service Discoverability

Question 15

Services break big problems into little problems. One should never embed all functionality of an application into one single service but instead, break the service down into modules each with a separate business functionality.

Answer 15

Service Composability

Question 16

Services should use standards that allow diverse subscribers to use the service. In web services, standards as XML and communication over HTTP is used to ensure it conforms to this principle.

Answer 16

Service Interoperability

Question 17

Pros of SOA

Answer 17

Independent location. It doesn’t really matter where the services are located. They can be published on one server or several different ones. Consumer requests would still work fine.

High reusability. Services can be reused regardless of their earlier interactions with other services. This reusability is possible due to the SOA applications infrastructure — a combination of small self-sufficient functions.

Improved scalability. You can easily scale up the system since multiple layers of a single service can run simultaneously on different servers.

Parallel development opportunities. Thanks to the layer-based architecture, developers can work on independent services and have them both delivered fast. This not only increases productivity but also enables businesses to reduce costs.

Question 18

Cons of SOA

Answer 18

Large upfront investment. SOA architecture is a great choice for further business development. It enables your team to work on several applications simultaneously at a smaller cost. However, its implementation is usually a pricey endeavor.

Greater load and increased response time. In SOA, each interaction between services is followed by a full validation of all input parameters. As a result, the load gets extremely heavy, which in turn prolongs the response time.

Vast variety of services. SOA has a very special approach to operation. Services constantly exchange messages while executing tasks. Consequently, the number of those messages gets overwhelming, and this peculiarity makes it difficult to ensure decent service management.

Question 19

Pros and Cons of SOA?

Answer 19

freestyle

Question 20

Monolithic vs SOA? Examples wherein monolithic/soa is preferable.

Answer 20

if you are trying to build a new product with limited resources and programming talent, building a monolithic solution might not be a bad option. It gives you the ability to get to market early and help you build your MVP and test the product-market fit.

Question 21

What are web services?

Answer 21

Web services provide a means of being able to access functionality of different applications online via their interfaces!

Its language agnostic! You can use web services that are coded in other languages!

To be able to use a web service, you only need to know the endpoint and what type of request to send (i.e. what format requests the service expects)

Question 22

Stands for __

Technically, a messaging protocol specification for exchanging structured information in the implementation of web services in computer networks.

Describes services that uses SOAP to communicate with other applications

Protocol Independent , you can send soap messages via SMTP, HTTP, HTTPS, etc

Platform and language independent

Works on a basis of dumb endpoints, smart pipelines

Well documented

Answer 22

Simple Object Access Protocol (SOAP)

Question 23

Stands for __

Describes a web service, specifies endpoints and methods

User guide for your soap service

Contains the ABCs (Address, Binding, Contract) of your SOAP service

Answer 23

Web Service Description Language (WSDL)

Question 24

What is contract first?

Answer 24

create the WSDL first

Question 25

Contract First vs Contract Last?

Answer 25

SOAP services are highly documented, what is written in your WSDL is what you get

In creating a soap service, you could either create the WSDL first (contract first) or create the service first and then generate the WSDL after

Some IDEs provide support to generate a WSDL file for your web service

Question 26

If the WSDL is the menu, the ____ is your actual order

An ordinary XML document containing the following elements:

An envelope element that identifies the XML document as a soap message

A header that would contain header information

A body element that contains call and response info

A fault element containing errors and status info

Answer 26

SOAP message

Question 27

SOAP services rely heavily on __

To be able to format messages to an input expected by the service, you would utilize ____ to declare the tag structure the service would be expecting

Can be used to describe the tag structure of an object
A standardized tag structure would help in parsing data

Answer 27

XML namespace

Question 28

What is the Request & Response Life Cycle?

Answer 28

Enter URL, send HTTP request, process request, crud data in database, send HTTP response, display webpage

Question 29

what is REST?

Answer 29

Stands for REpresentational State Transfer

Architectural style to design your services

Question 30

what are the guiding principles of REST?

Answer 30

Client-Server

Stateless

Cacheable

Uniform Interface

Layered System

Code on Demand

Question 31

Your service would have an interface defined by four interface constraints:

Identification of resources -
You’ll be able to identify what resource you’re trying to access

Manipulation of resources through representations -
Using the appropriate action verb to access and manipulate your resources

Self-descriptive messages -
Including in the response any necessary information to process the data, such as the format of the data (if the body is JSON, HTML, XML, etc…) otherwise the client would process it as text

Hypermedia as the engine of application state (HATEOAS) -
Not really implemented as implementing this is very tedious

Answer 31

Uniform Interface

Question 32

The client app must evolve separately from the server app without any dependency on each other

Decoupling your services from each other

Services should be independent from each other, even if they call upon each other

Answer 32

Client server

Question 33

Constraining the interactions of your components to the ones in the next layer

Ex: You have an Authorization Service, a subsystem of BL Services, and another subsystem of DL Services.
The layers would be UI>Auth & BL>DL, UI components can interact with the authorization service, after being authorized, it should be able to call some of the BL components, but it can never access the DL services

Answer 33

Layered System

Question 34

Server isn’t responsible for storing client state

The server will not store anything about the latest HTTP request the client made

It will treat every request as new

No session, no history

Answer 34

Stateless

Question 35

Resources from the server can be cached if applicable, these resources themselves must declare themselves cacheable

Example of a cacheable request:
Get requests

Example of a non cacheable requests:
Delete requests

Answer 35

Cacheable

Question 36

Allows client functionality to be extended by downloading and executing code in the form of applets or scripts

We usually send out static resources in the form of JSON or XML, but for example, the server can send executable script on the client side to render a part of the UI

Answer 36

Code on demand (optional)

Question 37

A way to describe how REST compliant your service is the ____
Grades your API according to the constraints of REST according to levels

Level 0
Uses HTTP, single URI, one method (usually post)

Level 1
Uses HTTP, multiple URIs, still one method (POST)
Unique URI for each unique resource

Level 2
Uses HTTP, multiple URIs, various http methods
Operations depend on the action method used

Level 3
Uses HTTP, multiple URIs, various http methods, and HATEOAS

Answer 37

Richardson Maturity Model

Question 38

REST vs SOAP

Answer 38

REST:
HTTP
Any format, JSON is easier to parse and is lightweight
Stateless
Good caching support
Just https, not truly end to end security
Simpler, easy to get up and running because http is everywhere and you don’t have to deal with XML
Contract based on HTTP standards & conventions & is either hypermedia or an API description language
Errors: 4xx, 5xx, status codes
Gets told by the client what it wants to do to a resource via http verb

SOAP:
Any protocol over HTTP, just uses POST
XML
Could be stateful
Supports caching but not at the http level
Lots of security support
Contract based on WSDL document
Errors: faults
Gets told by the client what it wants to do to aresource via articulating it in the soap message

Question 39

what is CORS?

Answer 39

Stands for cross origin resource sharing

is an HTTP-header based mechanism that allows a server to indicate any other origins (domain, scheme, or port) than its own from which a browser should permit loading of resources.

Question 40

Browser security prevents a web page from making requests to a different domain than the one that served the web page.

Default Policy

CORS is actually relaxing this security feature by allowing other domains to make requests to your server

Answer 40

Same Origin Policy

Question 41

______ is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other.

Common vulnerability in cookie based systems (yet another good reason to use tokens!)

Answer 41

Cross-site request forgery (CSRF)

Question 42

What is an antiforgery token?

Answer 42

Generates a hidden form field (anti-forgery token) that is validated when the form is submitted. The anti-forgery token can be used to help protect your application against cross-site request forgery.

Question 43

What is HATEOAS?

Answer 43

A HATEOAS request allows you to not only send the data but also specify the related actions

With HATEOAS, a request for a REST resource gives me both data, and actions related to the data.