I have been Googling a lot lately, but I find myself coming up short on answers.
I have a complete Spring MVC application secured by Spring Security and with services exposing logic to controllers (controllers -> service -> repository -> POJO's).
Currently all my controllers, except the login controller, serve nothing but JSON/XML and I want it to stay this way. I do not want to render different views on each controller.
However, what I want to be able to, is to separate the web application from the backend because in time I want to be able to integration with my service using more platforms than just a web browser.
Currently I have the regular Spring MVC application:
Configuration
Domain(POJO's)
Repository
Service
Controller
Login is done using a Thymeleaf rendered view and Spring Security which does nothing more than filtering all urls under the application root. After this, it is just a bunch of static files being served as resources:
Spring Controllers send a "{ontrollerName}/layout" to serve the AngularJS HTML partial used for all data under that given Spring Controller.
What I want, is a way to separate everything in the /webapp directory from the rest of my project. I have looked into a few different solutions here such as using Apache Proxy where my Apache Http server hosts the client code which communicate with the backend using Ajax to rest controllers, and Tomcat hosting the backend. However, I hear that proxying like this is not safe. I could however be dead wrong here.
So, the questions I hope to receive answers to are:
1. Is it fine to just write a client that uses Apache http server's Proxy to provide access to Ajax on the server?
If not; How should I proceed? Is it any point in trying to extract the client side from the /webapp directory or is this just some stupid idea I created because it seemed cool to be able to deploy them without having to relay on each others?
Is there any best practices in regards to how I structure a project with separate modules? Think Gradle build scripts for multi modules.
Should I think in different terms and use an approach not based on Spring MVC at all? If so, please advice me.
I hope this was clear enough to make sense for you guys.
The solution was to use the simpler approach of a restful API that did authentication over OAuth 2.
Basically the two best alternatives are a hybrid solution (part restful API and part server side rendering of pages) or a full blown restful API where you implement all functionality in a static web client. This way there is no need for multi-module projects and packing things together in one package.
Related
Is there a way to create a web app with multiple pages using Spring Boot and Vue.js?
I used to work with Laravel which allows the use of vue components in blade files which is why I found it weird that all of the tutorials that I have found about Spring Boot and Vue.js were only directed to creating single page applications.
Basically, I don't support having the background framework rely on a front-end framework or vice versa. These must be two separate entities. See microservice architecure. Of course, multiple Vue projects can use the same server, thus implementing the "two-sided" principle. From now on, we can also expand to multi-browser (more Vue or Angular projects) and mobile platforms, which are served by a specific server via API interfaces.
Spring has security, filtering modules that you use some logic to determine if project "A" can call a particular endpoint, but project "B" can no longer and will get forbidden. Or you can even put in a separate API Gateway for that purpose with Nginx or Spring Gateway before API.
For example, you can implement an application token that accepts or deny on the server-side.
Broadly just a theoretical model. You can do this better, of course.
This is my first question on StackOverflow and I hope someone can help me. :-)
I am planning to build a web-application (backend) with spring roo. For the backend I will use Spring and Hibernate/JPA. In the future I will implement a web client (JSF/Primefaces), a mobile client (Android) and a Windows App.
With spring roo it is easy to create a layered architecture with domain classes, repositories and services. This part is fun.
But now I am thinking about remoting and how to connect all the clients (web, mobile, windows) with my backend.
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource-oriented but how do you implement authentication with REST API?
At the moment I think a REST-API is a good idea. Because I am using spring it is easy to create a Spring MVC controller with REST support. But is this the correct way to implement a REST API for all the three devices? The web client e.g. should be implemented with JSF and Primefaces and I donĀ“t use spring MVC for the web layer.
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
I don't have too much experience with SOAP-WS, but I have a ton of experience with REST-APIs using JSON. There are many implementations for mobile, web and server side clients that are fairly simple to implement.
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource oriented but how to implement authentication with REST API?
If you are already using spring, I recommend securing your API with Spring Security. You can use spring security even if you don't end up going with Spring MVC for your API implementation. There are many ways to secure a rest API with spring security, but I the simplest is to send the basic auth header with every request to a secure URI
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
Spring MVC Controllers will work fine, but I would recommend going with RestEasy or Jersey. I find them to be more flexable.
I agree with #mad_fox. Additionally, i want to add another option regarding your question#2. If you dont want to use Spring security, you can write your own token based authentication mechanism using spring and basic java interceptors.
You can store the token in your browser local storage.
I have started to write two web application projects
RESFful API for mobile clients using Spring REST API
GWT WebApp Server for web clients using Servlets
My problem is that both web applications are using the same database and that I think that instead of having two web applications I actually should have started this project using just one web application that handles the requests for web and mobile clients.
The problem I got now is that I don't have any idea how I could "merge" those two guys and whether I should stick to Spring REST API or if I should use RestyGWT.
GWT Server-Project using Servlets
RESTful Server using Spring
All projects (in the middle of a major refactoring mission)
Is there a way that would allow me to launch the web application as a whole and have access to the REST API from my mobile clients and to the Servlets from my web clients?
It depends on your business logic implementation. If you have it in a separate module/package, then it should be easy to merge your two applications.
You will have to rework the mappings in web.xml and how you pass the input/output data to the business logic methods from both the REST implementation and your servlet code.
Personally I will recommend a single approach such as only going with the REST based approach that you already have and migrate your servlet functionality to it.
I have a working Spring BOOT application that has a custom security provider and REST API controllers. I would also like to add a GUI interface to the application for access from a browser through jsps, html, and a login page which uses my existing custom security provider I used with the REST APIs. Maybe using Spring MVC since that is needed for the REST API support. I could not find a single example of doing this on the web. Also, I do NOT want to use any web XML based configuration files - as I am currently only using Java config for the implementation of the REST APIs. I am also currently using SSL for REST API access through SSL in a Jetty embedded web container. Please help if you can? Thanks in advanced.
Paul there is a rather large amount of information on view technologies that are compatible with Spring BOOT. You need to decide what you want to use and do relevant research for it.
As a guiding hand here check this page out for just one of the many types:
http://kielczewski.eu/2014/04/spring-boot-mvc-application/
You may follow this procedure :
lets assume that u have an endpoint for which you need both REST and view controllers,your REST endpoint exposes your data in JSON as RESTController and your view Endpoint returns the view name as Simple old controller.
lets say your base url is at localhost:8080 and your endpoint of interest is /students
you could have both in same application but at different endpoints like this :
REST : localhost:8080/api/v1/students -- exposes json
VIEW : localhost:8080/students -- returns a view
hope this make clear ..
I have a restful web service written using Spring WebMVC that will mostly be used to orchestrate other services. In some cases these services are on the same server, in some cases they are not. I have a few requests (GET and POST) that will be direct pass throughs to another service. Is there a way to blindly forward all GET and POST data from a request for certain URLs without knowing anything about the data in the request?
Ideally, I would like to be able to say all requests for http://server1/myService/user/... should forward to http://server2/user/... with all of the GET and POST parameters forwarded with it.
For the services on the same server, if they're being served by the same Spring MVC application, you could use RedirectViews and/or the "redirect:" prefix.
For those on another server, the best thing I can think of would be to use a servlet filter, similar to the approach suggested by this post: spring mvc redirect path and all children to another domain