Department of Computer and Information Science
Master’s thesis
RESTful Mobile Application for Android:
Mobile Version of Inspectera Online
by
Sheikh Ali Arman
LIU-IDA/LITH-EX-A--14/002—SE
2014-01-22
Linköpings universitet
iii
Institutionen för Datavetenskap
Department of Computer and Information Science
Master’s thesis
RESTful Mobile Application for Android:
Mobile Version of Inspectera Online
by
Sheikh Ali Arman
LIU-IDA/LITH-EX-A--14/002—SE
2014-01-22
Examiner: Prof. Kristian Sandahl
Dept. of Computer and Information Science,
Linköping University, Sweden.
Supervisor: Ivan Ukhov
Dept. of Computer and Information Science,
Linköping University, Sweden.
v
vii
Abstract
Web service-based mobile applications have become emergent in the recent
years. Representational State Transfer (REST) architecture style
introduced the concept of Resource Oriented Architecture (ROA), which
has been widely used for building applications for all platforms. This
master’s thesis designs and develops a Web service-based mobile
application for Android platform following the constraints of REST
architectural style. It also proposes an authentication model for RESTful
applications. The master’s thesis is completed at the company Inspectera
HK AB in Norrköping, Sweden. The developed application is called the
“Mobile version of Inspectera Online.”
Keywords: REST, ROA, RPC, SOAP, SOA, Android, mobile application,
Inspectera Online, RESTful authentication.
ix
Acknowledgements
I would like to thank Professor Kristian Sandahl for inspiring me to
pursue my research interest. I thank him for his patience, guidance and
support, without which this work could not be completed.
I would like to thank my supervisor, Ivan Ukhov, for his advice and
feedback, which undoubtedly contributed to my success.
Last but not least, I would like to thank Mr. Anders Ekeberg, CEO of
Inspectera HK AB, for believing in my vision and giving me such a
wonderful thesis opportunity.
xi
1. Introduction ... 1
1.1#Background#...#1
#
1.2#Research#objectives#...#2
#
1.3#How#the#study#is#conducted#...#2
#
1.4#How#the#report#is#organized#...#3
#
2. SOAP ... 4
2.1#Overview#...#4
#
2.2#SOAP#messages#...#5
#
2.3#SOAP#envelope#...#5
#
2.4#SOAP#header#...#6
#
2.5#SOAP#body#...#7
#
2.6#SOAP#fault#...#7
#
2.7#SOAP#communication#model#...#8
#
2.7.1 RPC style communication#...#8
#
2.7.2 Document/message style communication#...#9
#
2.8#SOAP#via#HTTP#...#10
#
3. REST ... 13
3.1#Overview#...#13
#
3.2#Resource#...#14
#
3.3#Representation#...#14
#
3.4#Stateless#interactions#and#self#descriptive#messages#...#15
#
3.5#Uniform#interface#...#16
#
3.5.1 GET/RETRIEVE operation#...#17
#
3.5.2 PUT/CREATE operation#...#18
#
3.5.3 POST/UPDATE operation#...#19
#
3.5.4 DELETE/DELETE operation#...#20
#
3.6#Richardson’s#Maturity#Model#(RMM)#...#21
#
3.6.1 RMM Level 0#...#21
#
3.6.2 RMM Level 1#...#22
#
3.6.3 RMM Level 2#...#22
#
3.6.4 RMM Level 3#...#22
#
4. REST vs SOAP ... 25
4.1#Background#of#study#...#25
#
4.2#Comparative#analysis#...#25
#
4.2.1 Scalability#...#25
#
4.2.2 Coupling#...#27
#
4.2.3 Security#...#27
#
4.2.4 Performance#...#28
#
4.2.5 Protocol transparency and independence#...#29
#
4.2.6 Service discovery#...#29
#
4.3#Empirical#studies#...#29
#
4.4#Decision#in#favor#of#REST#...#31
#
5. System overview ... 32
5.1#Inspectera#Online#...#32
#
5.2#Mobile#version#of#Inspectera#Online#(IOVMobile)#...#33
#
xii
5.4$Functionalities$and$interface$design$...$39
$
5.4.1 Login and main menu$...$39
$
5.4.2 Inspections/Controls$...$41
$
5.4.3 Search inspections$...$46
$
5.4.4 Inspection photo evidence$...$46
$
5.4.5 News$...$48
$
5.4.6 Maps$...$48
$
6. IO-Mobile architecture ... 50
6.1$Architecture$overview$...$50
$
6.2$IOEMobile$architecture$...$51
$
6.3$IOEMobile$layers$...$52
$
6.3.1 Presentation layer$...$52
$
6.3.2 Business logic layer$...$53
$
6.3.3 Data access layer$...$53
$
6.4$IOEMobile$packages$...$54
$
6.4.1 io.mobile.applogic$...$54
$
6.4.2 io.mobile.uilogic$...$55
$
6.4.3 io.mobile.comm$...$56
$
6.4.4 io.mobile.model$...$57
$
6.4.5 io.mobile.ui$...$57
$
6.4.6 io.mobile.ui.builder, io.mobile.ui.builder.criterion$...$57
$
6.4.7 io.mobile.exceptions$...$57
$
6.5$IOEMobile$operations$...$58
$
7. RESTful Web API ... 62
7.1$Overview$...$62
$
7.2$Resources,$URIs$and$HTTP$methods$...$62
$
7.2$Design$and$implementation$...$64
$
7.3$RESTful$Web$API$samples$...$65
$
7.3.1 Instrumentation for sampling$...$65
$
7.3.2 Control resource$...$66
$
7.3.3 Routine resource$...$72
$
7.3.4 ControlPhoto resource$...$73
$
7.3.5 Map resource$...$75
$
7.3.6 News resource$...$76
$
7.3.7 Unit resource$...$80
$
7.3.8 User resource$...$82
$
7.4$Deployment$...$83
$
8. REST Compliance ... 84
8.1$Conformance$to$REST$constraints$...$84
$
8.2$HATEOAS$implementation$...$86
$
8.3$RESTful$security$and$authentication$...$92
$
8.4$RMM$Compliance$Level$...$94
$
8.4.1 Level 0 compliance$...$94
$
8.4.2 Level 1 compliance$...$95
$
8.4.3 Level 2 compliance$...$95
$
8.4.4 Level 3 compliance$...$95
$
9. Conclusions ... 96
xiii
Bibliography ... 99
Appendices ... 102
A. RESTful Web API code ... 103
A.1$$WebApiControlService.java$...$103
$
A.2$WebApiControlServiceImpl.java$...$103
$
A.3$WebApiMapService.java$...$113
$
A.4$WebApiMapServiceImpl.java$...$113
$
A.5$WebApiNewsService.java$...$116
$
A.6$WebApiNewsServiceImpl.java$...$116
$
A.7$WebApiUnitService.java$...$123
$
A.8$WebApiUnitServiceImpl.java$...$123
$
A.9$WebApiUserService.java$...$125
$
A.10$WebApiUserServiceImpl.java$...$125
$
A.11$WebApiUtil.java$...$127
$
A.12$WebApiSecurity.java$...$129
$
A.13$UriManager.java$...$131
$
A.14$Link.java$...$131
$
A.15$DataConverter.java$...$132
$
A.16$DataConverterImpl.java$...$132
$
B. IO-Mobile code ... 137
B.1$$se.inspectera.io.mobile.ui$...$137
$
B.1.1$$LoginActivity.java$...$137
$
B.1.2 ControlListActivity.java$...$141
$
B.1.3 ControlEditorActivity.java$...$146
$
B.2$$se.inspectera.io.mobile.uilogic$...$152
$
B.2.1 ControlsHelper.java$...$152
$
B.2.2 MapHelper.java$...$159
$
B.2.3 NewsHelper.java$...$161
$
B.2.4 UnitHelper.java$...$164
$
B.2.5$SecurityHelper.java$...$165
$
B.2.6 UriHelper.java$...$167
$
B.3$$se.inspectera.io.mobile.applogic$...$169
$
B.3.1 ControlsManager.java$...$169
$
B.3.2 ControlPhotoManager.java$...$172
$
B.3.3 RoutineManager.java$...$174
$
B.3.4 MapManager.java$...$174
$
B.3.5 NewsManager.java$...$175
$
B.3.6 UnitManager.java$...$178
$
B.3.7 UserManager.java$...$179
$
B.3.8 SecurityManager.java$...$179
$
B.4$$se.inspectera.io.mobile.comm$...$181
$
B.4.1 CommunicationManager.java$...$181
$
B.4.2 Request.java$...$186
$
B.4.3 GetRequest.java$...$187
$
B.4.4 PostRequest.java$...$189
$
B.4.5 PutRequest.java$...$192
$
B.4.6 DeleteRequest.java$...$192
$
xiv
Figure 2.1: Distributed messaging using SOAP [3:124].!...!4!
Figure 2.2: SOAP message structure described in UML [3:126].!...!5!
Figure 2.3: Usage of the SOAP HTTP POST method [3:141].!...!12!
Figure 3.1: RESTful Web services architecture [7].!...!16!
Figure 3.2: GET/RETRIEVE operation example [6:14].!...!17!
Figure 3.3: PUT/CREATE operation example [6:17].!...!18!
Figure 3.4: POST/UPDATE operation example [6:19].!...!19!
Figure 3.5: DELETE/DELETE operation example [6:20].!...!20!
Figure 3.6: Richardson's Maturity Model (RMM) for REST [10].!...!21!
Figure 5.1: Inspectera Online dashboard.!...!32!
Figure 5.2: IO-Mobile on Google play store.!...!33!
Figure 5.3: Use case diagram.!...!34!
Figure 5.4: Login screen.!...!39!
Figure 5.5: Main menu screen.!...!40!
Figure 5.6: Process steps for inspection category.!...!42!
Figure 5.7: Inspections grouped into a process step.!...!42!
Figure 5.8: Inspection editor for submitting inspection data.!...!43!
Figure 5.9: Inspection editor showing details of a completed inspection.!.!43!
Figure 5.10: Inspection editor dynamic UI example 1.!...!44!
Figure 5.11: Inspection editor dynamic UI example 2.!...!44!
Figure 5.12: Deviations from quality standards indicated.!...!45!
Figure 5.13: Follow up information in case of a deviation.!...!45!
Figure 5.14: Inspection list with colored deviation markers.!...!45!
Figure 5.15: Search operation.!...!46!
Figure 5.16: Search filters.!...!46!
Figure 5.17: Photo upload screen.!...!47!
Figure 5.18: Uploading evidence photo.!...!47!
Figure 5.19: Inspection with an evidence photo.!...!47!
Figure 5.20: Evidence photo displayed.!...!47!
Figure 5.21: Company news and notices.!...!48!
Figure 5.22: Posting news.!...!48!
Figure 5.23: List of maps.!...!49!
Figure 5.24: Map displayed.!...!49!
Figure 6.1: High-level architecture.!...!50!
Figure 6.2: IO-Mobile layered architecture.!...!51!
Figure 6.3: IO-Mobile package diagram.!...!52!
Figure 6.4: Class diagram of io.mobile.applogic.!...!54!
Figure 6.5: Class diagram of io.mobile.uilogic.!...!55!
Figure 6.6: Class diagram of io.mobile.comm.!...!56!
Figure 6.7: IO-Mobile state machine diagram.!...!59!
Figure 6.8: Controls state machine.!...!60!
xv
Figure 7.2: RESTful Web API deployed on Amazon EC2 server.!...!83!
Figure 8.1: Login information being submitted for User ‘arman’.!...!87!
Figure 8.2: Main menu screen of IO-Mobile.!...!90!
Figure 8.3: Control editor showing the Control specified in Listing 8.5.!....!91!
xvi
Table 3.1: CRUD operations associated to HTTP verbs [6].!...!17!
Table 6.1: HTTP methods for IO-Mobile CRUD operations.!...!58!
Table 7.1: Resource, URI and HTTP methods mapping.!...!64!
!
xvii
Listing 2.1: SOAP envelope structure [3:127].!...!6!
Listing 2.2: SOAP header example [3:129].!...!7!
Listing 2.3: Fault element example [2].!...!8!
Listing 2.4: Example of an RPC-style SOAP request [3:135].!...!8!
Listing 2.5: Example of an RPC-style response message [3:136].!...!9!
Listing 2.6: Example of a document style SOAP message [3:136].!...!10!
Listing 2.7: Sample HTTP/SOAP enveloped request [3:142].!...!11!
Listing 2.8: Sample HTTP/SOAP response [3:142].!...!11!
Listing 3.1: HATEAOS example – an Order entity [9:116-117].!...!23!
Listing 7.1: GET request for Control resource.!...!67!
Listing 7.2: Response for Control resource GET request.!...!68!
Listing 7.3: POST request for Control resource.!...!69!
Listing 7.4: Response for Control resource POST request.!...!70!
Listing 7.5: Control search GET request.!...!70!
Listing 7.6: Response for Control search GET request.!...!72!
Listing 7.7: GET request for Routine resource.!...!72!
Listing 7.8: Response for Routine resource GET request!...!72!
Listing 7.9: PUT request for Control-Photo resource.!...!73!
Listing 7.10: Response for Control-Photo PUT request.!...!74!
Listing 7.11: GET request for Control-Photo resource.!...!74!
Listing 7.12: Response for Control-Photo GET request.!...!74!
Listing 7.13: GET request for Map resource.!...!75!
Listing 7.14: Response for Map resource GET request.!...!75!
Listing 7.15: GET request for Map list.!...!76!
Listing 7.16: Response for Map list GET request.!...!76!
Listing 7.17: GET request for News resource.!...!77!
Listing 7.18: Response for News resource GET request.!...!77!
Listing 7.19: PUT request for News resource.!...!78!
Listing 7.20: Response for News resource PUT request.!...!78!
Listing 7.21: POST request for News resource.!...!78!
Listing 7.22: Response for News resource POST request.!...!79!
Listing 7.23: DELETE request for News resource.!...!79!
Listing 7.24: Response for News resource DELETE request.!...!79!
Listing 7.25: GET request for News list.!...!79!
Listing 7.26: Response for News list GET request.!...!80!
Listing 7.27: GET request for Unit resource.!...!81!
Listing 7.28: Response for Unit resource GET request.!...!82!
Listing 7.29: GET request for User resource.!...!82!
Listing 7.30: Response for User resource GET request.!...!83!
Listing 8.1: Initial URI defined in the CommunicationManager class.!...!87!
Listing 8.2: GET request for User ‘arman’.!...!88!
1
1
Introduction
1.1 Background
Mobile devices such as smartphones and digital tablets have become very
popular over the last few years. Millions of such devices are being sold
each year, and they are rapidly becoming the next major platform for
computing. With this growing trend, the demand for mobile applications
has increased significantly. Most public and private organizations offering
services through their websites are now releasing mobile applications with
similar functionalities corresponding to their websites. This phenomenon
has been appreciated greatly by general users. Today we can check
everything—from weather to bank balance—using applications running
on our mobile phones.
These mobile applications often use Web services in order to execute their
business logics. Web-based systems are now offering their functionalities
through Service Oriented Architecture (SOA), which is being consumed
and used by the corresponding mobile applications in order to perform
their necessary back-end operations. Pure SOA-based mobile applications
and mashup applications are also growing in number. There are many
technologies for implementing SOA, such as SOAP, REST, DCOM,
CORBA, Java RMI and WCF. Finding the technology and architecture
style most suitable for Web service-based mobile applications is a very
important research objective for the days ahead.
1.2 Research objectives
This master’s thesis is focused on the design and development of a Web
service-based
mobile
application
following
the
principles
of
Representational State Transfer (REST) architectural style. The
primary objective is to implement the REST architectural style correctly
and efficiently in order to achieve full REST compliance. Special emphasis
is put into making the mobile application modular and maintainable. The
experience obtained from this implementation will provide a guideline for
building RESTful mobile applications.
A secondary objective is to conduct a literature review on REST
architectural style, its benefits, limitations and comparison with other
prominent Web service technologies (e.g., SOAP). The outcome of the
literature review will help comment on the suitability of REST
architecture style for Web service-based mobile applications. ,
As an additional objective, a stateless RESTful authentication model is to
be implemented for the mobile application.
1.3 How the study is conducted
The study for this master’s thesis is conducted at the Swedish company
Inspectera HK AB located in Norrköping, Sweden. Inspectera HK AB is
an ISO-9001 certified company specialized in various quality and
regulatory inspections. The company provides its IT solutions and services
through a Web-based system called “Inspectera Online.”
At the beginning of the thesis, a literature review is conducted on
Representational State Transfer (REST) architecture style in order to
ascertain its applicability for building service-oriented mobile
applications. Then, a fully REST-compliant mobile application is designed
and developed. The mobile application is written in Java for Android
mobile operating system. The mobile application utilizes a set of RESTful
Web services, which is also built as part of the thesis work.
1.4 How the report is organized
The report begins with descriptive chapters on two most prominent
technologies for building Web service-based applications - namely SOAP
(Chapter 2: SOAP) and REST (Chapter 3 - REST). Chapter 4: REST
vs SOAP presents a comparative study between SOAP and REST. The
results obtained through the comparative study were the basis for
choosing REST architectural style for building the mobile application.
Chapter 5: System overview and Chapter 6: IO-Mobile architecture
present the design and implementation of the mobile application.
Chapter 7: RESTful Web API provides the details on the RESTful Web
services built for the mobile application. Chapter 8: REST compliance
explains how the implementation of the mobile application and the
RESTful Web services satisfy the constraints of REST architectural style.
Chapter 9: Conclusion makes conclusions based on the experience
obtained through the thesis work.
Since the developed mobile application will be used commercially, its
features and implementation will change rapidly in the production
environment. To facilitate readers’ understanding, appendices containing
relevant source code are included along with the thesis. Appendix A
contains the source code of the RESTful Web API and Appendix B
contains the source code of the mobile application. However, due to the
sheer size of the code and confidentiality, the entire source code cannot be
included. Only important parts of the implementation are made available
in the aforementioned appendices to establish clear understanding.
Chapter 2
2
SOAP
2.1 Overview
Simple Object Access Protocol or SOAP is a protocol specification designed
for the exchange of information in a distributed computing environment
[1]. The primary purpose of SOAP is to act as a messaging protocol
between Web services in a distributed system. SOAP uses XML and relies
heavily on the XML standards such as XML Schema and XML
Namespaces for its definition and function [2]. SOAP utilizes application
protocols such as HTTP, SMTP etc. for its message transmission.
Figure 2.1: Distributed messaging using SOAP [3:124].
The following sections provide brief overview of different parts of SOAP.
Detailed discussion of SOAP and its underlying mechanisms is beyond the
scope of this thesis.
2.2 SOAP messages
In SOAP, the communication process is carried out by the exchange of
SOAP messages. A SOAP message is packaged in an XML document
called an envelope [1][2][3]. The envelope has a predefined structure
following the SOAP specification [4]. It contains an optional header
element and a single mandatory body element [2][3]. The header element
contains information regarding how the message is going to be handled,
which includes the routing and delivery settings, authentication or
authorization assertions, transaction contexts etc. [2][3]. The actual
message, which is to be delivered and processed, is contained in the body
element.