This is my first question on StackOverflow and I hope someone can help me. :-)
I am planning to build a web-application (backend) with spring roo. For the backend I will use Spring and Hibernate/JPA. In the future I will implement a web client (JSF/Primefaces), a mobile client (Android) and a Windows App.
With spring roo it is easy to create a layered architecture with domain classes, repositories and services. This part is fun.
But now I am thinking about remoting and how to connect all the clients (web, mobile, windows) with my backend.
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource-oriented but how do you implement authentication with REST API?
At the moment I think a REST-API is a good idea. Because I am using spring it is easy to create a Spring MVC controller with REST support. But is this the correct way to implement a REST API for all the three devices? The web client e.g. should be implemented with JSF and Primefaces and I donĀ“t use spring MVC for the web layer.
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
I don't have too much experience with SOAP-WS, but I have a ton of experience with REST-APIs using JSON. There are many implementations for mobile, web and server side clients that are fairly simple to implement.
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource oriented but how to implement authentication with REST API?
If you are already using spring, I recommend securing your API with Spring Security. You can use spring security even if you don't end up going with Spring MVC for your API implementation. There are many ways to secure a rest API with spring security, but I the simplest is to send the basic auth header with every request to a secure URI
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
Spring MVC Controllers will work fine, but I would recommend going with RestEasy or Jersey. I find them to be more flexable.
I agree with #mad_fox. Additionally, i want to add another option regarding your question#2. If you dont want to use Spring security, you can write your own token based authentication mechanism using spring and basic java interceptors.
You can store the token in your browser local storage.
Related
I want to learn the Spring Framework and therefore I decided to make a web application using it, but I don't want to use Spring MVC as it still uses JSP. What all projects from Spring can be used if I want to have a UI which can be made using React / Angular and the backend is managed by Spring.
You have to use REST API, and pass data to front-end JS framework via JSON.
Look here: https://spring.io/guides/gs/rest-service/
Start with creating a simple Rest Controller with Spring Boot.
Then you have to choose your JavaScript framework (jQuery, Angular, React),
and make a HTTP request to URL typed in your #RestController.
You can achieve this by using AJAX method from your JS framework.
Try this,it will speed up your development
Restful Web Service with Spring Boot
by the way,if you want to use Angular/React+Spring Boot you can use JHipster, this tool will just do the basic setup for your Angular/React+Spring Boot application in couple of minutes,the website has a clear video tutorial you can use it will only take about 15 min approx
Jhipster
I just developed a simple restful web service by using Spring 4.0 and Hibernate 4.0, so it is without beans.xml file.
I would like to implement a Spring Security on the web service, since the roles will be performed on the HTTP functions GET, POST and DELETE, i.e. only admin who is allowed to DELETE, manager is allowed to do both POST and GET and the user can only GET data.
I'm looking for a detailed tutorial with example to implement Spring Security? or Do you think there is an easier security mechanism regardless it's strength?
I just found that they in Spring.io added a detailed tutorial with real example developed by Java 8 in their own website, so it is completely annotation-based, which helps for building a RESTful webservice with Spring, testing it and also securing it.
It is really awesome, located HERE
What are the advantages of using Spring Rest Web Services over Core Servlet ?
As we know Spring Rest Web Services also use Servlet internally.
REST is a special kind of web service. Whether this is the right thing for your application varies. If it is you should use a framework/library that is designed for REST to make coding simpler. You might also want to have a look at JAX-RS.
If you need a non-REST web service Servlet may be an option, but there are other options, too.
REST is not a type of Web Service - it is an Architecture and specification - JAX-RS. Spring has its own REST implementation libraries primarily based on its MVC controller. I would recommend you not to go for Spring Rest Web Services until you have any Spring specific requirement (Though I cant think of any such requirement which cant be solved by other light wait JAX-RS implementations). Jersey is the most light weight JAX-RS reference implementation by Sun/Oracle which, has support for Spring as well which, can be plugged in on requirement basis.
Developed Rest API using Java/Spring MVC
Can we provide authentication for RestAPI? If yes, How?
Now I am struggling with authentication for RestApi. Can anyone send some examples regarding the same.
Accessing rest API through AJAX request.
Since you are already using Spring, you can use Spring security to provide security related functionality. This can give you one stop solution for your security needs. Common security mechanisms for Rest API's (basic, digest) and features are supported out of box and it's very easy to add your custom security too. For a start tutorial you can have a look here
I have a RESTful API built with Spring 3.1, using Spring Security as well. I have a web application, also a Spring 3.1 MVC application. I am planning to have mobile clients accessing my REST API. So my API is the central place to authenticate, get data served from, etc.. It all makes sense so far.
Now what I cannot wrap my head around is how to add Spring Social in an easy and smart way. How did you do it? Did you maybe only move the ConnectionRepository to the API? Or did you have the API do it all? I want to prevent double-authorization for each client-technology by all means (preventing double-authorization meaning userA connects to facebook in the webapp, and then starts using our mobile client and should NOT be asked to connect to facebook again just b/c userA is using a different client).
Thanks for sharing your thoughts!
The solution we use it to secure our rest-webservices using spring security, with a cookie based remember me service. This uses well documented traditional spring-security techniques.
We then plugged in spring-social to our system, which then simply logs in the user as normal using spring secruity. The social api looks up the, for example, facebook id in your db table, if it finds existing connection logs the user in using their account on your system (and can redirect to sign up page etc).
I suggest breaking down the question into more specific areas.