I have a Web application with a db and it uses spring framework, hibernate etc. I need to send data from a mobile client (iphone,android) to web application like login, insert, update db etc. There are many ways to do that I think, however I am looking for a good solution. What would you prefer? Spring Security? REST?
Yes, spring-security to secure your service, and spring-web && spring-mvc with jackson dependencies to create an annotated rest service that you can host in something like tomcat.
Related
and if not what are more things that we can do with spring boot?
i know that we can build a whole web app(frontend and backend) in one spring boot application in the folder resource/template and resource/static but in the real world does somebody uses this method to create web application with the resource/template and resource/static?
and one more question what is used in the real world hibernate(with the SessionFactory or EntityManager) or JpaRepository in the spring data jpa?
No Spring Boot isn't just for REST APIs.
Spring Boot is "just" a mechanism for autoconfiguring a Spring Framework based application.
Therefore you can use and it does get used for all kinds of stuff.
REST APIs for webservices
Full web application using Spring MVC
SOAP services (or are they called SOAP dispensers?)
Reactive web applications
Command line tools
Batch jobs
Swing / JavaFX applications
...
Of course there are many more people writing web applications than Swing applications with or without Spring.
The kind of web application you describe and which I put under "Full web application using Spring MVC" is a very well established model and when done right way better aligned with the principles of REST than the average so called REST service. My very personal guess is: They will still be around when nobody remembers what Angular is.
For your additional question:
Your question sounds a little like the relation between JPA and Spring Data JPA might not be completely clear.
(see Spring Data JDBC / Spring Data JPA vs Hibernate)
Both are certainly used in real world projects. By definition more projects use JPA than Spring Data JPA since the first is a superset of the later.
This involves complete Spring history,
Actual motive of Spring was to enable loose coupling , so that unit tests can be easily performed . Spring MVC was for developing web applications with Model View Controller having their proper boundaries.
Then Spring Boot which enabled developer to focus on business logic then configurations. That's why spring boot is a good choice for microservices.
For JPA or hibernate query , many people prefer using JPARepositoy as again you just have to define entity for the repository and Spring boot automatically provides you queries like findById and so on.
In short Spring boot have made it really easy to run the applications with different configurations and environment smoothly.
Also, any suggestions plz on how to start on this?
My Spring MVC application is only a backend service with no front end screen.
I need to connect to Database and OAuth service in the backend in my application.
Since there are many parts missing (from MVC to boot), I'd recommend to create an empty boot project and fill in the mvc parts in the proper place. I could also recommend to use the Jhipster for generating a full spring boot boilerplate!
I have just built a RESTful web service with Spring Boot.
I now want to utilise the RESTful web service and start making calls to it by building a java console application (eventually adding GUI and security).
I was wondering if I can use any of the Spring functionality outside of the Spring (Boot) environment and use it in my java console application? For example, can I use Spring's RestTemplate in my non-Spring java application to make the REST api calls? I am new to Spring and I want to stick as close to Spring as possible. I think you can't, but I just want to make sure.
If not possible, I know you can create non-web application with Spring. Is it possible to integrate a GUI? Might not be best practice, just exploring what is possible and conventional.
Spring Boot is not coupled, in any way, to an application type. You can run command-line only apps, batch apps, web apps or any other kind of apps with it. You can even benefit from Spring Boot's auto-configuration.
In the case of the RestTemplate you may want to import spring-web directly rather than spring-boot-starter-web. Or you could add the starter and exclude the embedded container (spring-boot-starter-tomcat). Spring Boot will auto-adapt and not start an embedded web server in that case.
I'm in the process of converting a Tomcat deployed web app to a Spring Boot packaged web UI. The original Tomcat WAR used Spring Security to secure URL's exposed by the web app. Within a short while I will be developing a second web app that will be deployed as a second discrete Spring Boot app.
Before using Spring Boot I would probably have encapsulated both web apps into a single WAR file using Spring Security to secure the URL's of both.
However, given that that there are now two distinct JAR's deployed onto two distinct servers, how do I apply a common Spring Security model? If a user is authenticated on web app #1 then I want that authenticated state to be recognized by web app #2, to avoid the user having to login again.
To reduce inter dependence should I configure each Spring Boot app to employ the same underlying Spring Security configuration? Or is there a different appraoch required?
An excellent article for your problem at https://spring.io/guides/tutorials/spring-security-and-angular-js/
You have to use #EnableRedisHttpSession and #EnableZuulProxy annotations.
This is my first question on StackOverflow and I hope someone can help me. :-)
I am planning to build a web-application (backend) with spring roo. For the backend I will use Spring and Hibernate/JPA. In the future I will implement a web client (JSF/Primefaces), a mobile client (Android) and a Windows App.
With spring roo it is easy to create a layered architecture with domain classes, repositories and services. This part is fun.
But now I am thinking about remoting and how to connect all the clients (web, mobile, windows) with my backend.
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource-oriented but how do you implement authentication with REST API?
At the moment I think a REST-API is a good idea. Because I am using spring it is easy to create a Spring MVC controller with REST support. But is this the correct way to implement a REST API for all the three devices? The web client e.g. should be implemented with JSF and Primefaces and I donĀ“t use spring MVC for the web layer.
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).
I don't have too much experience with SOAP-WS, but I have a ton of experience with REST-APIs using JSON. There are many implementations for mobile, web and server side clients that are fairly simple to implement.
2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource oriented but how to implement authentication with REST API?
If you are already using spring, I recommend securing your API with Spring Security. You can use spring security even if you don't end up going with Spring MVC for your API implementation. There are many ways to secure a rest API with spring security, but I the simplest is to send the basic auth header with every request to a secure URI
3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?
Spring MVC Controllers will work fine, but I would recommend going with RestEasy or Jersey. I find them to be more flexable.
I agree with #mad_fox. Additionally, i want to add another option regarding your question#2. If you dont want to use Spring security, you can write your own token based authentication mechanism using spring and basic java interceptors.
You can store the token in your browser local storage.