Remote access to data sources
RESTjee™ is a Java Enterprise Edition (JEE) web data service that provides HTTP client applications remote access to disparate data sources. RESTjee™'s design adheres to the principles of the Representational State Transfer (REST) architectural style. Through RESTjee™, one can easily implement and publish a set of REST Application Program Interfaces (APIs) that are invoked by client applications to access remote data sources. The published API set can provide full Create, Read, Update, and Delete (CRUD) functionality to the client applications.
One important aspect of RESTjee™ functionality is its contribution to secure data access through its protection against SQL injection attacks.
Features & Benefits
- Implemented as a black-box solution, simply configure, package and deploy onto any JEE servlet container as a Web application ARchive (WAR file).
- Does not require specialized knowledge of the server environment, and there is no software to develop. The RESTjee™ user guide describes how the REST APIs can be defined by anyone having knowledge of the data schema.
- Connects to any disparate data source that has a Java Database Connectivity (JDBC) driver.
- Uses JDBC connection pooling for efficient use of connections to the data source.
- Enables any HTTP application, written in any programming language, to access one or more data sources through one or more REST APIs.
- Allows access to stored procedures and functions defined in databases.
- Allows for batch updates.
- Many instances of RESTjee™ can be deployed onto a JEE servlet container. Each instance can access one or more data sources. With each instance, you can define and publish many REST APIs.
Built-In Sql Injection Countermeasures
- Uses JDBC prepared statements and not dynamic database queries (which are susceptible to SQL injection attacks).
- A list of agent types can be configured to limit access to only those agent types specified in the list.
- Ability to restrict access through a secure HTTPS connection between the application and RESTjee™.
- Access control can be implemented to require "in- session" service to ensure application requests have been authenticated and authorized by the servlet container.
- Fields must be assigned JDBC types (e.g., string, integer, etc.).
- User configurable blacklist of characters to validate input field values, e.g. the ";" character can be blacklisted by disallowing any field which contains that character.
RESTjee™ Interaction with Disparate Data Sources
- Any servlet container, e.g. Tomcat, Jetty, WebSphere, Geronimo, JBoss, etc.
- Java 6 (1.6) or later release
- Any data source that provides JDBC driver access, e.g. Teradata, Informix, Oracle, mySQL, SQL Server, etc.
- HTTP, Java Servlet API, JDBC, JSON, REST
- RESTjee™ WAR file (JEE Web Application ARchive)
- RESTjee™ User Guide for installation, configuration, etc.
TTM offers the RESTjee™ software solution, while continuing TTM's philosophy of building simple to use, affordable, industry standards based software complete with world-class documentation and support. TTM's heritage includes 15 years serving and supporting our customers including Walmart, Citi, SEARS, Caesars, HP, NCR and Teradata.
An enterprise class monitoring system for ActiveMQ.
An ActiveMQ Reference Guide to help you get started with ActiveMQ.
Dynamically reconfigurable ActiveMQ security plugins.
An introduction to messaging and ActiveMQ.
Remote access to data sources via J2EE web service.