I would want organize multithreaded access via the rest api to a resource using Spring Boot.
There is information (I found it here) that SrpingBoot can parallelize requests (which I doubt) to the controller with scope-singlotone.
How to start the design of such a controller, or what approach to apply for this?
Spring handles requests in parallel - that means your singleton controllers have to be thread-safe.
If you have a single resource which cannot handle parallel access you have to use Java's synchronized or locks to serialize the access.
Spring Rest Controllers do handle request using a thread pool. Since Spring beans are singleton, your Spring Beans should be Stateless or we can say bean should have a sheared state. Which means you cannot have a state that will change with the time.
Related
I'm splitting up a monolith web service into several microservices using spring boot. To reduce duplicated code I extracted shared parts in a maven module that is used in the different microservices.
The monolith application had a healthcheck page that showed various information about the state of the service and some debbuging infos. It is implemented with Spring MVC and jsp.
I'd like to use this view in each of the microservices. Whats the best way to do this without duplicating the view/controller?
I was thinking of adding a web module to the shared maven project that contains the controller, view, spring mvc settings,...
But I'm not sure if it is good to have two web modules in one microservice.
Have you considered using spring boot actuator to retrieve health (and more) application information?
http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready
You could then have another microservice that retrieves that information from each of your services, or just simply check it on then hitting the different endpoints (/health, /env, etc.).
UPDATE:
If you have you custom health logic you can even implement your own actuator endpoint for it. Furthermore, you can create your own library to reuse it in all your microservices:
http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#production-ready-customizing-endpoints-programmatically
46.4 Adding custom endpoints
If you add a #Bean of type Endpoint then it will automatically be exposed over JMX and HTTP (if there is an
server available). An HTTP endpoints can be customized further by
creating a bean of type MvcEndpoint. Your MvcEndpoint is not a
#Controller but it can use #RequestMapping (and #Managed*) to expose
resources.
[Tip]
If you are doing this as a library feature consider adding a
configuration class annotated with #ManagementContextConfiguration to
/META-INF/spring.factories under the key
org.springframework.boot.actuate.autoconfigure.ManagementContextConfiguration.
If you do that then the endpoint will move to a child context with all
the other MVC endpoints if your users ask for a separate management
port or address. A configuration declared this way can be a
WebConfigurerAdapter if it wants to add static resources (for
instance) to the management endpoints.
I have a vanilla Spring Boot application that consists of a controller, a service and a DAO layer. The controller code calls the service code and so on.
To implement some semblance of security, I am currently using Spring Security 4.0.x's global method security annotations in combination with Spring Security ACL to lock down my service methods.
Requests that go through my controllers are auth-ed and authorized just fine because a principal / user is in context. HOWEVER, I also have some additional non-user facing code that listens for messages from an AWS queue. Within this listener code I invoke some secured services (to stay DRY and not duplicate business logic) but for this situation no user is in scope.
Generally speaking:
For a situation like the one I'm describing, what is a good / acceptable way to authenticate user-less method invocations e.g. ones that don't come through an HTTP request (or to bypass the check)? I am considering manually setting the SecurityContextHolder with a "system user" in my message listener code but this has some code smell.
Is method level security better applied at the controller level?
I'm working on a prototype that initiates Spring Batch jobs from web requests. The jobs consist of a series of Tasklets, and I'd like the Tasklets to have some of their members auto-wired in with a session scope.
I'd also like to be able to use the role of the user who initiated the request in Spring Security if possible.
Is there a sensible way to do this?
I have following architecture in my application.
Client (GWT) <--calls--> Servlet <--calls--> Service <--calls--> Dao
I want to make this architecture easier for changes.
For example: when I want return the inserted id of an object from the Dao layer, because I need it in the client, I have to update the service and the servlet layer as well. So for this little change I have to update all 3 layers (3 classes and 3 interfaces) makes a change on 6 places.
I see why I need the Dao Layer.
I also get why I need the service layer.
What I don't get is why the service layer can't also be a servlet. At the moment all my servlets do is forwarding the request to the service layer.
The Wikipedia Article about Java Servlets says:
Servlets are most often used to
1 process or store data that was submitted from an HTML form
2 provide dynamic content such as the results of a database query
3 manage state information that does not exist in the stateless HTTP protocol
1 and 2 are just database calls, which I make in my dao layer and the service layer makes extra business logic already possible.
3 I am currently not working with sessions. I don't have a login so far and I am just playing around with my architecture, but I think the service layer could handle this as well.
I want to know the cos and pros for this architecture change:
pros:
One layer less to update if a change happens.
cons
Service Layer gets complexer.
Thx for your answers.
You need the servlet layer because that is what allows access to the session.
Also, you don't want your service layer to need to know anything about HTTP since you want to be able to re-use the service and DAO layers in other applications (e.g. if you write a desktop application re-using those layers) and needing to include the servlet API would not make sense there.
If needed you could call the DAO layer directly from a servlet for simple cases in order to not duplicate methods in the service and DAO layers.
The servlet API has filters which are a good place to implement security in your web application.
You can use Spring Security if you are already using the Spring framework for your web application.
I'd like to call methods of my DAOs by AJAX. I'm quite new in that so I would like to ask what is the best way to do that. Is it possible to publish my beans as web services and call them with e.g. jQuery? I think it is not possible :) I've also read about Direct Web Remoting but I don't know which way to go...
As I see, there are lot of experienced guys here so I think you can show me direction.. thanks in advance
Rather than exposing your DAO beans directly, you should create some Spring MVC controller beans, and call those from the client-side (using AJAX). Ideally, the controllers should not call the DAOs directly, but should instead call service beans (and the service beans should call the DAOs). One advantage of this approach is that you can define your service methods to be transactional, i.e. whenever a service method begins a transaction is started, and whenever a service method returns (without an exception) the transaction is committed. If the boundaries of your transactions are your DAO methods then it is not possible to wrap several database calls in a single transaction.
Of course there's no reason why you need to use Spring MVC - any web framework would suffice.
You have to expose your DAO's or beans by means of http. Typically you create a layer above the DAO layer to expose your services through HTTP, which are available to any AJAX framework such as jQuery. What jQuery and other frameworks ends up doing is using a special asynchronous request called XMLHttpRequest and then parse the server response (can be anything, pure HTML, JSON, XML, etc) and process it.
Here's a link I found that shows Spring & DWR with AJAX: Bram Smeets Blog.