Expose webservice directly to webclients or keep a thin server-side script layer in between?

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by max on Stack Overflow See other posts from Stack Overflow or by max
Published on 2010-04-20T13:08:13Z Indexed on 2010/04/20 13:23 UTC
Read the original article Hit count: 168

Filed under:
|
|

Hi,

I'm developing a REST webservice (Java, Jersey). The people I'm doing this for want to directly access the webservice via Javascript. Some instinct tells me this is not a good idea, but I cannot really explain that instinct. My natural approach would have been to have the webservice do the real logic and database access, but also have some (relatively thin) server-side script layer (e.g. in PHP). Clients would talk to the PHP layer which in turn would talk to the webservice. (The webservice would be pretty local to the apache/PHP server and implicitly trust calls from the script layer. The script layer would take care of session management.) (Btw, I am not talking about just hiding the webservice behind an Apache which simply redirects calls.)

But as I find myself at a lack of words/arguments to explain my instinct, I wonder whether my instinct is right - note that while I have been developing all kinds of software in all kinds of languages and frameworks for like 17 years, this is the first time I develop a webservice.

So my question is basically: what are your opinions? Are there any standard setups? Is my instinct totally wrong? Or partially? ;P

Many thanks,

Max

PS: I might add a few bits of information about the planned usage of the whole application:

  • will be accessed by different kinds of users, partly general public, partly privileged
  • thus, all major OS/browser combinations can be expected as clients
  • however, writing the client is not my responsibility
  • will potentially have very high load/traffic
  • logic of webservice will later be massively expanded for another product which is basically a superset of the functionality of the current project
  • there is a significant likelihood that at some point an API should be exposed which can be used by 3rd party developers - obviously, with some restrictions
  • at some point, the public view of the product should become accessible via smartphones, too (in other words, maybe a customized version of the site to adapt to the smaller display and different input methods)

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about web-services

Related posts about java

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle