Abstract: This tutorial gives an example of a JSP and how to integrate it with the Salesforce REST API. We will walk through the stepbystep process of creating an external client to manage your data with Force.com,while using HTTP(S) and JSON.
In this example, I am using Mac OS X 10.9.2 with Apache Tomcat 7 server and Java 1.7. Eclipse Java EE edition is the IDE used for development and testing. The instructions given in this tutorial should work with minor modifications for other platforms as well.
If you want to access the entire sample code from this tutorial, you can access it here: github.com/seethaa/force_rest_example
All code is updated to work with the httpclient 4.3 libraries.
What Is REST?
REST stands for Representational State Transfer, and is a stateless clientserver communications protocol over HTTP.
Why and When To Use A REST API in Java for Your JSP
A REST API is well suited for browser applications which require a lot of interaction, and uses synchronous communication to transfer data. The Salesforce REST API provides a programming interface for simple web services to interact with Force.com, and supports both XML and JSON formats. The Salesforce REST API works well for mobile applications or dynamic websites to retrieve or update records quickly on your web server. While bulk record retrieval should be reserved for the BulkAPI, this lightweight REST API can be used for common server pages which involve quick updates and frequent user interactions, for example updating a single user record.
Setting Up Your Development Account and Prerequisites
You will need the following:
- Go to https://developer.salesforce.com/signup and register for your Free DE account. For the purposes of this example, I recommend sign up for a Developer Edition even if you already have an account. This ensures you get a clean environment with the latest features enabled.
- Java application Server. I created mine using Apache Tomcat 7 on Mac OS X and Eclipse as the IDE. There is also a free Eclipse plugin at http://developer.salesforce.com/page/Force.com_IDE but the original Eclipse setup was used in this tutorial.
- Configure SSL on your Tomcat server using http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html. If you are developing in Eclipse, make sure to add the Connector piece in server.xml file in your Eclipse environment, e.g.:1
<ConnectorSSLEnabled="true"clientAuth="false"keystoreFile="/Users/seetha/.keystore"keystorePass="password"maxThreads="200"port="8443"protocol="HTTP/1.1"scheme="https"secure="true"sslProtocol="TLS"/> - Add the required jar files to WebContent/WEBINF/lib. You will need commons-codec-1.6.jar, httpclient4.3.3.jar, httpcore-4.3.2.jar, commons-logging-1.1.3.jar, and java-json.jar. For Eclipse, I also had to make sure that all jars were added to the build path (Right click Project → Build Path → Configure build path → Select Libraries tab → Click Add Jars → Select the Jar files from the WEBINF/lib folder.
Create a Connected App
- Back in your Force.com DE, create a new Connected App through the console. Click on Setup → Build → Create → Apps. Scroll down to the Connected Apps section and click on the New button.
- Ensure that the callback URL is http://localhost:8080/<your_app_context_path>/oauth/_callback
(You can find the app context path by going back to Eclipse: Right clicking on Project → Properties → Web Project Settings → Context root)
- Check “Enable OAuth Settings” checkbox
- The required OAuth scopes for this tutorial (see Figure 1) are “Access and manage your data (api)” and “Provide access to your data via the Web (web)”, but these scopes should be changed as per your requirement.
- Save
Figure 1: Creating new Connected App
- Ensure that the callback URL is http://localhost:8080/<your_app_context_path>/oauth/_callback
- Copy the ClientID and Client Secret (see Figure 2), because both of these will be used in the next step.
Figure 2: Connected App Example with Consumer Key and Secret Authentication
There are three files that need to be imported into your JSP project, given below:
index.html
01020304050607080910111213141516<!DOCTYPEhtml PUBLIC "//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html><head><metahttpequiv="ContentType"content="text/html; charset=UTF8"><title>REST/OAuth Example</title></head><body><scripttype="text/javascript"language="javascript">if (location.protocol != "https:") {document.write("OAuth will not work correctly from plain http. "+ "Please use an https URL.");} else {document.write("<ahref=\"oauth\">Run Connected App demo via REST/OAuth.</a>");}</script></body></html>OAuthConnectedApp.java
001002003004005006007008009010011012013014015016017018019020021022023024025026027028029030031032033034035036037038039040041042043044045046047048049050051052053054055056057058059060061062063064065066067068069070071072073074075076077078079080081082083084085086087088089090091092093094095096097098099100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151importjava.io.IOException;importjava.io.InputStream;importjava.io.UnsupportedEncodingException;importjava.net.URLEncoder;importjava.util.ArrayList;importjava.util.List;importjavax.servlet.ServletException;importjavax.servlet.annotation.WebInitParam;importjavax.servlet.annotation.WebServlet;importjavax.servlet.http.HttpServlet;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importorg.apache.http.Consts;importorg.apache.http.HttpEntity;importorg.apache.http.NameValuePair;importorg.apache.http.client.entity.UrlEncodedFormEntity;importorg.apache.http.client.methods.CloseableHttpResponse;importorg.apache.http.client.methods.HttpPost;importorg.apache.http.impl.client.CloseableHttpClient;importorg.apache.http.impl.client.HttpClients;importorg.apache.http.message.BasicNameValuePair;importorg.json.JSONException;importorg.json.JSONObject;importorg.json.JSONTokener;@WebServlet(name ="oauth", urlPatterns = {"/oauth/*","/oauth"}, initParams = {// clientId is 'Consumer Key' in the Remote Access UI//**Update with your own Client ID@WebInitParam(name ="clientId", value ="3MVG9JZ_r.QzrS7jzujCYrebr8kajDEcjXQLXnV9nGU6PaxOjuOi_n8EcUf0Ix9qqk1lYCa4_Jaq7mpqxi2YT"),// clientSecret is 'Consumer Secret' in the Remote Access UI//**Update with your own Client Secret@WebInitParam(name ="clientSecret", value ="2307033558641049067"),// This must be identical to 'Callback URL' in the Remote Access UI//**Update with your own URI@WebInitParam(name ="redirectUri", value ="http://localhost:8080/force_rest_example/oauth/_callback"),/*** Servlet parameters*@authorseetha**/publicclassOAuthConnectedAppextendsHttpServlet {privatestaticfinallongserialVersionUID = 1L;privatestaticfinalString ACCESS_TOKEN ="ACCESS_TOKEN";privatestaticfinalString INSTANCE_URL ="INSTANCE_URL";privateString clientId =null;privateString clientSecret =null;privateString redirectUri =null;privateString environment =null;privateString authUrl =null;privateString tokenUrl =null;publicvoidinit()throwsServletException {clientId =this.getInitParameter("clientId");clientSecret =this.getInitParameter("clientSecret");redirectUri =this.getInitParameter("redirectUri");environment =this.getInitParameter("environment");try{authUrl = environment+"/services/oauth2/authorize?response_type=code&client_id="+ clientId +"&redirect_uri="+ URLEncoder.encode(redirectUri,"UTF8");}catch(UnsupportedEncodingException e) {thrownewServletException(e);}tokenUrl = environment +"/services/oauth2/token";}protectedvoiddoGet(HttpServletRequest request, HttpServletResponse response)throwsServletException, IOException {String accessToken = (String) request.getSession().getAttribute(ACCESS_TOKEN);//System.out.println("calling doget");if(accessToken ==null) {String instanceUrl =null;if(request.getRequestURI().endsWith("oauth")) {// we need to send the user to authorizeresponse.sendRedirect(authUrl);return;}else{System.out.println("Auth successful got callback");String code = request.getParameter("code");// Create an instance of HttpClient.CloseableHttpClient httpclient = HttpClients.createDefault();try{// Create an instance of HttpPost.HttpPost httpost =newHttpPost(tokenUrl);// Adding all form parameters in a List of type NameValuePairList<NameValuePair> nvps =newArrayList<NameValuePair>();nvps.add(newBasicNameValuePair("code", code));nvps.add(newBasicNameValuePair("grant_type","authorization_code"));nvps.add(newBasicNameValuePair("client_id", clientId));nvps.add(newBasicNameValuePair("client_secret", clientSecret));nvps.add(newBasicNameValuePair("redirect_uri", redirectUri));httpost.setEntity(newUrlEncodedFormEntity(nvps, Consts.UTF_8));// Execute the request.CloseableHttpResponse closeableresponse=httpclient.execute(httpost);System.out.println("Response Statusline:"+closeableresponse.getStatusLine());try{// Do the needful with entity.HttpEntity entity = closeableresponse.getEntity();InputStream rstream = entity.getContent();JSONObject authResponse =newJSONObject(newJSONTokener(rstream));accessToken = authResponse.getString("access_token");instanceUrl = authResponse.getString("instance_url");}catch(JSONException e) {// TODO Autogenerated catch block e.printStackTrace();e.printStackTrace();}finally{// Closing the responsecloseableresponse.close();}}finally{httpclient.close();}}// Set a session attribute so that other servlets can get the access tokenrequest.getSession().setAttribute(ACCESS_TOKEN, accessToken);// We also get the instance URL from the OAuth response, so set it in the session toorequest.getSession().setAttribute(INSTANCE_URL, instanceUrl);}response.sendRedirect(request.getContextPath() +"/ConnectedAppREST");}}ConnectedAppREST.java
001002003004005006007008009010011012013014015016017018019020021022023024025026027028029030031032033034035036037038039040041042043044045046047048049050051052053054055056057058059060061062063064065066067068069070071072073074075076077078079080081082083084085086087088089090091092093094095096097098099100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314importjava.io.IOException;importjava.io.InputStream;importjava.io.PrintWriter;importjava.net.URISyntaxException;importjava.util.Iterator;importjavax.servlet.ServletException;importjavax.servlet.annotation.WebServlet;importjavax.servlet.http.HttpServlet;importjavax.servlet.http.HttpServletRequest;importjavax.servlet.http.HttpServletResponse;importorg.apache.http.HttpEntity;importorg.apache.http.HttpStatus;importorg.apache.http.client.methods.CloseableHttpResponse;importorg.apache.http.client.methods.HttpDelete;importorg.apache.http.client.methods.HttpGet;importorg.apache.http.client.methods.HttpPost;importorg.apache.http.client.utils.URIBuilder;importorg.apache.http.entity.ContentType;importorg.apache.http.entity.StringEntity;importorg.apache.http.impl.client.CloseableHttpClient;importorg.apache.http.impl.client.HttpClients;importorg.json.JSONArray;importorg.json.JSONException;importorg.json.JSONObject;importorg.json.JSONTokener;@WebServlet(urlPatterns = {"/ConnectedAppREST"})/*** Demo for Connect App/REST API* @author seetha**/publicclassConnectedAppRESTextendsHttpServlet {privatestaticfinallongserialVersionUID = 1L;privatestaticfinalString ACCESS_TOKEN ="ACCESS_TOKEN";privatestaticfinalString INSTANCE_URL ="INSTANCE_URL";privatevoidshowAccounts(String instanceUrl, String accessToken,PrintWriter writer)throwsServletException, IOException {CloseableHttpClient httpclient = HttpClients.createDefault();HttpGet httpGet =newHttpGet();//add key and valuehttpGet.addHeader("Authorization","OAuth "+ accessToken);try{URIBuilder builder =newURIBuilder(instanceUrl+"/services/data/v30.0/query");builder.setParameter("q","SELECT Name, Id from Account LIMIT 100");httpGet.setURI(builder.build());CloseableHttpResponse closeableresponse = httpclient.execute(httpGet);System.out.println("Response Status line :"+ closeableresponse.getStatusLine());if(closeableresponse.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {// Now lets use the standard java json classes to work with the resultstry{// Do the needful with entity.HttpEntity entity = closeableresponse.getEntity();InputStream rstream = entity.getContent();JSONObject authResponse =newJSONObject(newJSONTokener(rstream));System.out.println("Query response: "+ authResponse.toString(2));writer.write(authResponse.getInt("totalSize") +" record(s) returned\n\n");JSONArray results = authResponse.getJSONArray("records");for(inti =0; i < results.length(); i++) {writer.write(results.getJSONObject(i).getString("Id")+", "+ results.getJSONObject(i).getString("Name")+"\n");}writer.write("\n");}catch(JSONException e) {e.printStackTrace();thrownewServletException(e);}}}catch(URISyntaxException e1) {// TODO Autogenerated catch blocke1.printStackTrace();}finally{httpclient.close();}}privateString createAccount(String name, String instanceUrl,String accessToken, PrintWriter writer)throwsServletException, IOException {String accountId =null;CloseableHttpClient httpclient = HttpClients.createDefault();JSONObject account =newJSONObject();try{account.put("Name", name);}catch(JSONException e) {e.printStackTrace();thrownewServletException(e);}HttpPost httpost =newHttpPost(instanceUrl+"/services/data/v30.0/sobjects/Account/");httpost.addHeader("Authorization","OAuth "+ accessToken);StringEntity messageEntity =newStringEntity( account.toString(), ContentType.create("application/json"));httpost.setEntity(messageEntity);// Execute the request.CloseableHttpResponse closeableresponse = httpclient.execute(httpost);System.out.println("Response Status line :"+ closeableresponse.getStatusLine());try{writer.write("HTTP status "+ closeableresponse.getStatusLine().getStatusCode() +" creating account\n\n");if(closeableresponse.getStatusLine().getStatusCode() == HttpStatus.SC_CREATED) {try{// Do the needful with entity.HttpEntity entity = closeableresponse.getEntity();InputStream rstream = entity.getContent();JSONObject authResponse =newJSONObject(newJSONTokener(rstream));System.out.println("Create response: "+ authResponse.toString(2));if(authResponse.getBoolean("success")) {accountId = authResponse.getString("id");writer.write("New record id "+ accountId +"\n\n");}}catch(JSONException e) {e.printStackTrace();// throw new ServletException(e);}}}finally{httpclient.close();}returnaccountId;}privatevoidshowAccount(String accountId, String instanceUrl,String accessToken, PrintWriter writer)throwsServletException, IOException {CloseableHttpClient httpclient = HttpClients.createDefault();HttpGet httpGet =newHttpGet();//add key and valuehttpGet.addHeader("Authorization","OAuth "+ accessToken);try{URIBuilder builder =newURIBuilder(instanceUrl +"/services/data/v30.0/sobjects/Account/"+ accountId);httpGet.setURI(builder.build());//httpclient.execute(httpGet);CloseableHttpResponse closeableresponse = httpclient.execute(httpGet);System.out.println("Response Status line :"+ closeableresponse.getStatusLine());if(closeableresponse.getStatusLine().getStatusCode() == HttpStatus.SC_OK) {try{// Do the needful with entity.HttpEntity entity = closeableresponse.getEntity();InputStream rstream = entity.getContent();JSONObject authResponse =newJSONObject(newJSONTokener(rstream));System.out.println("Query response: "+ authResponse.toString(2));writer.write("Account content\n\n");Iterator iterator = authResponse.keys();while(iterator.hasNext()) {String key = (String) iterator.next();Object obj = authResponse.get(key);String value =null;if(objinstanceofString) {value = (String) obj;}writer.write(key +":"+ (value !=null? value :"") +"\n");}writer.write("\n");}catch(JSONException e) {e.printStackTrace();thrownewServletException(e);}}}catch(URISyntaxException e1) {// TODO Autogenerated catch blocke1.printStackTrace();}finally{httpclient.close();}}privatevoidupdateAccount(String accountId, String newName, String city, String instanceUrl, String accessToken, PrintWriter writer)throwsServletException, IOException {CloseableHttpClient httpclient = HttpClients.createDefault();JSONObject update =newJSONObject();try{update.put("Name", newName);update.put("BillingCity", city);}catch(JSONException e) {e.printStackTrace();thrownewServletException(e);}HttpPost httpost =newHttpPost(instanceUrl +"/services/data/v30.0/sobjects/Account/"+accountId+"?_HttpMethod=PATCH");httpost.addHeader("Authorization","OAuth "+ accessToken);StringEntity messageEntity =newStringEntity( update.toString(), ContentType.create("application/json"));httpost.setEntity(messageEntity);// Execute the request.CloseableHttpResponse closeableresponse = httpclient.execute(httpost); System.out.println("Response Status line :"+ closeableresponse.getStatusLine());try{writer.write("HTTP status "+ closeableresponse.getStatusLine().getStatusCode() +" updating account "+ accountId +"\n\n");}finally{httpclient.close();}}privatevoiddeleteAccount(String accountId, String instanceUrl, String accessToken, PrintWriter writer)throwsIOException {CloseableHttpClient httpclient = HttpClients.createDefault();HttpDelete delete =newHttpDelete(instanceUrl +"/services/data/v30.0/sobjects/Account/"+ accountId);delete.setHeader("Authorization","OAuth "+ accessToken);// Execute the request.CloseableHttpResponse closeableresponse = httpclient.execute(delete);System.out.println("Response Status line :"+ closeableresponse.getStatusLine());try{writer.write("HTTP status "+ closeableresponse.getStatusLine().getStatusCode() +" deleting account "+ accountId +"\n\n");}finally{delete.releaseConnection();}}/*** @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse* response)*/@OverrideprotectedvoiddoGet(HttpServletRequest request, HttpServletResponse response)throwsServletException, IOException {PrintWriter writer = response.getWriter();String accessToken = (String) request.getSession().getAttribute( ACCESS_TOKEN);String instanceUrl = (String) request.getSession().getAttribute( INSTANCE_URL);if(accessToken ==null) {writer.write("Error no access token");return;}writer.write("We have an access token: "+ accessToken +"\n"+"Using instance "+ instanceUrl +"\n\n");showAccounts(instanceUrl, accessToken, writer);String accountId = createAccount("My New Org", instanceUrl, accessToken, writer);if(accountId ==null) {System.out.println("Account ID null");}showAccount(accountId, instanceUrl, accessToken, writer);showAccounts(instanceUrl, accessToken, writer);updateAccount(accountId,"My New Org, Inc","San Francisco", instanceUrl, accessToken, writer);showAccount(accountId, instanceUrl, accessToken, writer);deleteAccount(accountId, instanceUrl, accessToken, writer);showAccounts(instanceUrl, accessToken, writer);}} - Change OAuthConnectedApp.java to replace Client ID, Client Secret, and Callback URI fields based on the Connected App configuration.
- Start Tomcat server in Eclipse (see Figure 3) or externally, and navigate to https://localhost:8443/<your_app_context_path>/
Figure 3: Running Tomcat Server in Eclipse
Figure 4: Retrieve Objects Screen - Clicking on the link above (see Figure 4) will not work unless it is through HTTPS, and SSL must be configured as endpoint for Tomcat.
If all configurations were done properly, you should see a salesforce.com login screen (see Figure 5). Go ahead and login with your salesforce.com credentials to authorize your web application to access resources.
Figure 5: Salesforce.com Login Screen for OAuth - Logging in will allow the ConnectedAppREST demo to execute methods to create, show, update, and delete records (see Figure 6).
Figure 6: Output from Connected App REST Demo
*Tips & Warnings
- Make sure you have a Developer Edition (DE) account, because there are slight differences between Professional, Enterprise, Developer, etc. The Developer edition is free and does not expire (unless unused after a year).
- The callback URL in the OAuthConnectedApp.java must be same as the URL added to the connected app.
- If you get HTTP 403 error, it means the resource you are requesting is “Forbidden” from being accessed. Check that the username/account you are accessing with has the appropriate permissions.
- Make sure index.html is directly under the WebContent directory.
Resources
For a comprehensive set or resources, check out: http://developer.salesforce.com/en/mobile/resources
References
