One of the biggest disadvantages of .net security is that the security annotations does not live outside of the mvc controller.
CustomerController calls CustomerService calls CustomerRepository
each of the above are in a different dll.
I want to secure CustomerService with annotations and not CustomerController.
Is it possible to do on servicestack? is it good practice?
Is there any example of n-tier architecture example with servicestack?
thanks
Is it possible to do on servicestack? is it good practice?
Within ServiceStack you can apply authentication/authorization attributes at different levels (Request Dto, Service Action, Service class or a Serivce's base class) . You can also create Filter Attributes as well.
Is there any example of n-tier architecture example with servicestack?
This is not so much an example but the structure of a typical layout of a ServiceStack project.
Related
Suppose I've a bunch of microservices, each written on SpringBoot MVC (REST, Controller, Service, etc..)
Can anybody explain what is DDD's Aggregate in SpringBoot MVC? is it a controller? Or is it a specific microservice which is a root for some other microservices?
In other words, is aggregate something within a service with a controller's endpoint as a root? or is aggregate a sub-set of microservices with a particular SpringBoot application/service as an entry point to them?
It is neither a controller nor specific microservice.
It is a cluster of the domain objects that can be treated as a single unit (e.g. Order and its order line) (see this) which is retrieved , saved and searched by the repository.
The spring framework also provides an more specialised #Component called #Repository to represent the repository concepts (quoted from its javadoc) :
Indicates that an annotated class is a "Repository", originally
defined by Domain-Driven Design (Evans, 2003) as "a mechanism for
encapsulating storage, retrieval, and search behavior which emulates a
collection of objects".
Teams implementing traditional Java EE
patterns such as "Data Access Object" may also apply this stereotype
to DAO classes, though care should be taken to understand the
distinction between Data Access Object and DDD-style repositories
before doing so. This annotation is a general-purpose stereotype and
individual teams may narrow their semantics and use as appropriate.
As we use repository to save JPA #Entity or MongoDB #Document to the underlying datastore , so DDD aggregate is more align to them
Two things here.
Spring MVC is a boundary layer to translate between HTTP and internals of the app. The internals are where all the DDD happens, not the boundary itself
Spring Boot is for bootstrapping an application with all the common tools and making a runnable deployment unit.
So, in case of DDD an HTTP request comes to Spring MVC layer, there a domain request is instantiated and passed to domain core for execution. Domain response then comes back and is translated into HTTP response by Spring MVC layer.
Assuming an application with a traditional UI based on Spring MVC and Thymeleaf, it seems like there are a few ways to expose a REST API...
Add a completely separate set of Controllers using #RestController - Feels like a lot of duplication, but allows complete separation of UI vs REST logic
Use a single Controller for each entity, with a mix of both #ResponseBody methods and ModelAndView methods - Keeps all logic for a given entity in a single place, but requires mixing different concepts
Use a single Controller for each entity, use only ModelAndView, and use content negotiation with a JSON view resolver like the MappingJackson2JsonView (https://spring.io/blog/2013/06/03/content-negotiation-using-views/)
I'm particularly interested in #3 as it feels similar to how Ruby on Rails Controllers work with the respond_to for different content types.
Is this a common approach / best-practice in Spring applications?
Would POST and DELETE requests still require separate methods since they may work differently between a REST API vs the UI? (i.e. posting a form vs posting a json entity)
Would it require separate Exception handling based on whether it was a UI request or API request?
I'd go with option 1. Having a separate set of #Controller and #RestController avoids mixing MVC pattern with your REST api. To avoid code duplication, you should add a service layer and have the REST endpoint and the MVC controller to make use of that service layer.
Lately i've been developing a Spring boot application with Angular 5 frontend and i got a little confused about the architecture of it. I was taught to write repositories, services and controllers in spring and to follow the MVC pattern. I started to write the documentation for the app and im trying to describe the arhitecture. So as i think View is the Angular app, C consists of the controller classes, and i described the third layer as buisniss logic which consists of the entity and service classes. But what is the Model really? Did i manage to follow the MVC pattern? In addition i have a controlleradvice, exception classes and security classes that make the authentication and authorization using jwts, but i guess these classes totally stay out from the MVC.
I've searched for the explanation but didnt seem to find it. Could someone please explain this to me? Thank you!
UPDATE
So basically what i dont understand is how the spring classes + angular meet the requirements of the MVC pattern
For example this is one of the first diagrams on the internet when you search for spring layers but as i see these are different from MVC
enter image description here
As mentioned in the comments, both your backend with Spring boot and your frontend with Angular can be seen as different applications, each following the Model-View-Controller design pattern.
You also posted a screenshot of the three-tier architecture. This type of architecture only tells you about how to structure your code. Typically, the MVC-part of your application is within the presentation layer (in your screenshot it's called the web layer).
So, if you would look at your backend application, you can identify the following parts:
Data tier/Repository layer: Repositories
Business tier/Service layer: Services
Presentation tier/Web layer: Model-View-Controller + Dispatcher
Model: Whatever you expose within your services (could be DTOs)
View: JSON structure/mapping
Controller: Spring controllers
And for your frontend you could identify them as well:
Data tier: HTTP calls
Business tier: Angular services
Presentation tier: Components + Router
Model: Whatever you expose within your services (probably a similar structure as the one you expose in your backend)
View: Templates
Controller: Components
This is a bit oversimplified though, and probably not something everyone will agree with.
I am working on the same project with angular as a frontend and spring boot as a backend, and i am still a little bit confused about it's architecture just like you, but i finally had to adopt the MVC model since i am actually using controllers, defining models and rendering views (the json results).
Obviously your front end uses a CBA (component based architecture and your backend is using an MVC pattern since spring MVC is embedded inside spring boot so it actually uses the same logic.
here's a brief image of how spring boot dispatches between controllers and handles requests, you can consider your dispatcher servlet as the middleware between your front end and your backend (but keep in mind that it is embedded inside the spring boot container)
Angular is an SPA, a single-page-application. It contains everything, Model (changing of business data), View (templates with HTML) and Controller (your click- and other event-handlers in your components).
The Spring backend is an extension of the Model, for performing further data transformation and storing it on a database.
The Model-View-Something (there is also MVVM and derivations) is a pattern that comes from desktop-applications, but it doesn't really fit in the world of SPAs. And the Controller in MVC is often seen as redundant even in desktop-applications (because it just delegates stuff and not taking as big role as View and Model).
Important for you to know when you work with Angular is rather the Component-pattern. It is valid in Angular, in React, Vue and even in Vaadin. A component is chunk of both HTML and script-code manipulating that HTML. And components can nest each other allowing a hierarchical architecture.
I've read the post MVC With Lazy Loading and i still have some questions:
If we use the 4th choice, which part should be in charge of the transform process? The controller or the service? If we use controller, is it good to introduce #Transactional to controller?
I also see a post that suggested to use different query for different usage. It seems like to use different fetch groups JDO fetchgroup for different purpose. Is it good to use this way?
Thanks.
In today's day and age you can and should expose services as REST controllers and return proper domain objects rather than ModelAndView or other such constructs from Spring MVC.
UPDATE: Clarification: There is NO controller class in this approach I am suggesting. Expose Service as #Controller. Expose public methods on service as REST and annotate transnational, authorization etc context on the method. Because from an API point of view this public interface serves all kinds of clients whether it is REST or direct method call.
Also if you have dedicated controllers and services you may see some business logic seeping into your controllers in no time.
I would go to even further and not use option 4 which is essentially leads to a DTO anti-pattern.
Having said that it still depends on the complexity of entities. A very complex entity with many association is going to be a performance hog due to the queries it fires. Yet your MVC (JSPs) may actually resolve the associations whenever needed. (In a side note with full REST full architecture this is an issue.)
Could anyone please give some examples of possible service. I am going through the book, but cannot understand what can the service do? It provides processed data for modelAndView to controller, but what it looks like is it java bean connecting and retrieving results from database, what can it be?
A service component is where all your DAOs come together and have the business logic. You can think of it this way.
DAO - should only load data from db. Nothing more.
Services - can use daos to load multiple objects and do some kind of business logic
controllers - use services to load objects. They should have nothing more than simple logic because complicated logics should really belong in the service. Reason for this is in the future when you want to reuse this logic, you can do so if its a in service but not if its in the controller.
Example:
BookDAO - Loads the book
BookService - loads the books for a person that is logged in
Finally, I'd like to quote the grails doc for a clean concise quote.
As well as the Web layer, Grails
defines the notion of a service layer.
The Grails team discourages the
embedding of core application logic
inside controllers, as it does not
promote re-use and a clean separation
of concerns.
An example of an Service could be an Email Service in an Business Application (not in an Email-Client). This Service offer other Components the functionality (service) to send emails to notify users about stuff.