Cross-service linking for HATEOAS micro-services - spring

I have a number of micro-services built with Spring Boot, so for a bit of fun, I thought I'd have a go at adding HATEOAS to them to help set up cross-resource linking. It seems to work quite nicely within a particular project, but I was wondering whether there's a good way to link across APIs. As an example, imagine I have 3 services:
A user details service:
Code:
/users/{userid}
A user calendar service:
Code:
/users/{userid}/appointments
/users/{userid}/appointments/{appointmentid}
A user messaging service:
Code:
/users/{userid}/messages
/users/{userid}/messages/{messageid}
To make this browsable via the API, it would be good to have links from a user resource to its appointments and messages. Similarly, it would be nice to have links back from those resources. This is all very achievable when I have a single API with everything on the classpath, where I can write code such as:
Code:
user.add(linkTo(methodOn(CalendarController.class).appointments(user.getKey())).withRel("appointments"))
However I'm not able to do this if CalendarController is not on the classpath of the service I'm currently hitting.
Is there a good/recommended method for creating links to controllers which are not in the current project?
Referenced from spring forums

Maybe this is a bit more involved than you were hoping, but as mentioned here, this is exactly what Eureka is for. It also has really nice integration with the new Spring Cloud project.

Related

What is the difference between the HATEOAS and RESTful Api doc frameworks, such as Swagger2

The idea behind HATEOAS is actually very simple, that is, in response to a link containing other resources that the client can use to interact with the server, the client cannot know that the server workflow, but can know the next steps in the resource link from the root links, but only the link, not Request parameters and examples This is a far cry from the online documentation generated by Swagger2 (personal feeling)
On the other hand, when it comes to code writing, looking at Spring Hateoas or using Spring ApplicationListener is hard-coded, it feels very cumbersome and feels like no swagger2 annotations are easy to use.
This problem bothers me, I don't know if my API should use the Hatepas way

Web client for spring-data-rest CRUD endpoints?

Spring Data REST creates a CRUD web server with a discoverable API, so it seems it should be possible to write a generalized web client application for it. Is there such an application?
May be you are looking for a HAL browser
https://www.baeldung.com/spring-rest-hal
or
something like https://www.npmjs.com/package/angular-spring-data-rest
https://www.npmjs.com/package/angular4-hal
I hope you mean sample client stubs. Actually a web client cannot be generalized beyond the resources it has. That will not be quite meaningful.
You can try below with swagger. Using swagger here would be really convenient (over raml etc) since spring-data-rest generates swagger it self for you.
Take your swagger spec
Paste it at https://editor.swagger.io/.
Go Generate Client => Your favorite programming language.
Then it will generate sample client stubs for you in the language you have selected.
I think this should be the far most generalized point that makes sense.
-Addition-
The primary problem spring-data-rest has solved is abstracting out all the common functionalities attached to controller (ex: response/request mapping etc) and making them readily available and configurable, so that the developer no longer needs to re-invent/duplicate them every time when they are coding a new endpoint.
So as you have suggested generating client-stubs is completely out of spring-data-rest scope. Please read the documentation for more info.

Spring design pattern for common update service or module

I have a use case where I would like build a common interface or service which can update entities of application. Example case is shown as below:
Now every application has to handle update functionality of entities. Rather than implementing update functionality in n application module. I would like to build a common interface or server in spring boot.
Service will be like below:
My question is how to design service/interface which can used for above scenario. Any api or tool which can help me to achieve this. I dont want to write code for update in every application module.
Thanks in advance.
Last year I was thinking about the similar concept to yours, but in Apache Camel framework context. I haven't got enough time and motivation to do so, but your post encouraged me to give it a try - perhaps mostly because I've found your concept very similar to mine.
This is how I see it:
So basically I considered an environment with application that might uses N modules/plugins that enriches application's features, i.e. processing feature etc. Application uses module/plugin when it is available in the classpath - considering Java background. When the module is not available application works without its functionality like it was never there. Moreover I wanted to implement it purely using framework capabilities - in this case Spring - without ugly hacks/ifs in the source code.
Three solutions come to my mind:
- using request/response interceptors and modifying(#ControllerAdvice)
- using Spring AOP to intercept method invocations in *Service proxy classes
- using Apache Camel framework to create a routes for processing entities
Here's the brief overview of POC that I implemented:
I've chosen Spring AOP because I've never been using it before on my own.
simple EmployeeService that simulates saving employee - EmployeeEntity
3 processors that simulates Processing Modules that could be located outside the application. These three modules change properties of EmployeeEntity in some way.
one Aspect that intercepts "save" method in EmployeeService and handles invocation of available processors
In the next steps I'd like to externalize these Processors so these are some kind of pluggable jar files.
I'm wondering if this is something that you wanted to achieve?
link to Spring AOP introduction here: https://docs.spring.io/spring/docs/5.0.5.RELEASE/spring-framework-reference/core.html#aop
link to repository of mentioned POC: https://github.com/bkpawlowski/spring-aop

The best web login approach

I am developing a jsp dynamic web project on eclipse.
I want to create an website with login functionality. I intend to store users' accounts and passwords in MySQL database. Of course, different users have different roles and rights to access different web pages. What is the best approach to implement it?
So far, I know these approaches:
1) Users enter accounts/passwords in login.jsp. LoginServlet then connects to MySQL database to check if it is correct. AuthenticationFilters will make sure only users with rights can access certain pages.
2) Use Role Based Authentication by declaring user roles in web.xml. I find this approach is not flexible, because I need to declare roles in advance.
3) Use HttpServletRequest's login/logout methods. I have not studied it.
Is my understanding correct? Could someone gives me some suggestions? Some clues would be very helpful!
Besides, I know that using POST alone to send passwords is not safe enough. Many websites suggest to use HTTPS connections. So if using HTTPS connections, does it affect the approach I choose to implement the login function?
Thanks!
--
Now, I know I need to use Spring. But Spring seems difficult for me... In Spring website I cant find out the link to download jar files. The user guide says I need to use Gradle or Maven, which I haven't used before, and have no idea why I need them. Besides, there are many Spring projects. Which one should I choose? Spring framework?
--
Have you looked into using Spring Security? It's built for just that. You don't need to be familiar with Spring but it may help.
Here are a couple of tutorials that use database authentication:
1: Spring Security Authentication and Authorization Example with Database Credentials
2: Spring Security Login Example with Database
Edit:
You don't have to Maven or Gradle. You can simply add the jars to your build path and they will work. The only projects you need to implement for the login to work is the Spring Framework and Spring Security.
To use Spring Security without Maven or Gradle:
Download the Spring Framework jars, unzip them, and add them to your project and build path. It's probably a good idea to find a hello world tutorial using Spring to get you started. A quick Google search should turn up many results.
After you have Spring implemented in your project, download the Spring Security jars, unzip those, and add them to your build path. The links to the tutorials that I previously posted will get you started. They may take a little while to go through and you may not understand exactly what is happening behind the scenes, but once you get it set up is works outstanding. I'm also not sure if you are using xml configuration or Java config but I believe those tutorials are for xml.
Spring Security was built so that it could be added to any project and have you up and running with basic configuration in about 15 minutes. After you get the basic login going (it will use the generic login form), you can search for how to implement your own custom login form, add permissions or restrictions to users and url patters, adding custom filters, etc. I encourage you to spend some time learning it as it is highly flexible and customizable.

Secure Spring REST Service using spring-security-oauth2 2.0.5.RELEASE

I have been searching for an example Spring Webservice which is being protected using oauth 2.0..
Looking around I found https://github.com/spring-projects/spring-security-oauth/tree/master/samples/oauth2 but there some files seems to be missing from the project.
Two things that I am looking for is :
When user authenticates, user name and password goes to /login.do , now I can not understand how this Servlet is being configured, if its not controller. web.xml is missing.
When I try to see how beans configured then applicationContext.xml is also missing. I am not able to find those files in order to see how things are configured.
Help Required :
Should I use annotation in order to configure my web service or xml configuration. I am willing to use the latest version, and leverage advanced configurations, for better security.
I have another Single page application ( HTML5 ) , which accesses data from this spring web service, which is being hosted on Google App Engine. My ultimate objective is to create a chrome plugin of (html5) pages and use my service from there..
Please suggest a better path so that I can achieve my objectives.
Best regards,
Shashank Pratap
Apologize for late reply.
1) Regarding Oauth2.0 implementation : Since GAE does not support Servlet 3.0 therefore, developer is restricted to servlet 2.5. Therefore I found that we are restricted to 1.0.5.RELEASE. I was able to configure it successfully.
Best Practice on GAE : Rather than following this approach, I would suggest others to use Google Endpoints. As it supports oauth2.0 as well as we can develop REST API relatively quickly.
Scale ability and Response time : Since I was using Spring dependency injection along with spring security, application responded slower than the combination of Google Endpoints and Google Juice, as juice does injection just in time, where as spring prepares everything as soon as new instance starts, which created problem for me.
2) Chrome Plugin is completely different story. :-)
Please correct if I am wrong.
Thanks,
Shashank Pratap

Resources