1

This is my first question on StackOverflow and I hope someone can help me. :-)

I am planning to build a web-application (backend) with spring roo. For the backend I will use Spring and Hibernate/JPA. In the future I will implement a web client (JSF/Primefaces), a mobile client (Android) and a Windows App. With spring roo it is easy to create a layered architecture with domain classes, repositories and services. This part is fun.

But now I am thinking about remoting and how to connect all the clients (web, mobile, windows) with my backend.

1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).

2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource-oriented but how do you implement authentication with REST API?

At the moment I think a REST-API is a good idea. Because I am using spring it is easy to create a Spring MVC controller with REST support. But is this the correct way to implement a REST API for all the three devices? The web client e.g. should be implemented with JSF and Primefaces and I don´t use spring MVC for the web layer.

3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?

cryptic_star
  • 1,863
  • 3
  • 26
  • 47
Jensebluemchen
  • 35
  • 5
  • REST isn't useful for a JSF-provided client at all, so the JSF part is irrelevant in the question. Food for read: http://stackoverflow.com/questions/29982657/how-to-implement-jax-rs-restful-service-in-jsf-framework – BalusC Sep 27 '15 at 15:08

2 Answers2

1

1.) What do you prefer for the remoting between client and backend? SOAP-Web Services or a REST-API (e.g. with JSON).

I don't have too much experience with SOAP-WS, but I have a ton of experience with REST-APIs using JSON. There are many implementations for mobile, web and server side clients that are fairly simple to implement.

2.) If REST-API: How should the API look like for authentication/login functionality? REST is resource oriented but how to implement authentication with REST API?

If you are already using spring, I recommend securing your API with Spring Security. You can use spring security even if you don't end up going with Spring MVC for your API implementation. There are many ways to secure a rest API with spring security, but I the simplest is to send the basic auth header with every request to a secure URI

3.)Can I nevertheless use Spring MVC controllers to build the REST API (together with JSF in the web layer)? Or is there a better way?

Spring MVC Controllers will work fine, but I would recommend going with RestEasy or Jersey. I find them to be more flexable.

mad_fox
  • 3,030
  • 5
  • 31
  • 43
  • Thanks! This confirmed my thoughts in using a REST-API and Spring Security for authentication/login. Now I have to decide if I go the Spring MVC Controller way or the Jersey way to implement the REST-API. Does anyone have experience in using a REST-API together with JSF/Primefaces? – Jensebluemchen Sep 28 '15 at 08:46
-1

I agree with @mad_fox. Additionally, i want to add another option regarding your question#2. If you dont want to use Spring security, you can write your own token based authentication mechanism using spring and basic java interceptors. You can store the token in your browser local storage.

Albert Pinto
  • 392
  • 2
  • 6
  • 17