My Guice Integration Adventures: Building Servlet 3.x RESTful Web Applications

Intro & Motivation

Following the line with my previous post about Jersey + Guice integration, I wanted to get deeper on the Servlet 3.x specs and the new Asynchronous features in Java.

This was one of the limitations I found in my previous approach. The lack of asynchronous request processing within my Web Application.

RESTful Java with JAX-RS 2.0 Book

My Investigation led me to RESTEasy Framework. I found this framework to be very handy and very updated with Java specs on JAX-RS, JSR-330, and Asynchronous Servlets.

I also bought the book RESTful Java with JAX-RS 2.0 (2nd Edition), which offered a very complete insight about this library and it’s capabilities. It’s also written by Bill Burke, who according to O’Reilly Media “is a Fellow at the JBoss division of Red Hat Inc. A long time JBoss contributor and architect, his current project is RESTEasy, RESTful Web Services for Java”. Big Kudos to Bill Burke for this great book and RESTEasy framework!

Third Approach: Apache  Shiro + RESTEasy + Servlet 3 + Guice

This integration was tricky because I had to ditch the so comfortable guice-servlet package. But RESTEasy provides a fancy way to integrate with Guice through their GuiceResteasyBootstrapServletContextListener. Also to complete the whole Servlet/Filter 3 implementation, I used the Filter30Dispatcher.

This third approach also has Apache Shiro integrated, which I explain in detail in other post, to build a fully Secured Web Application.

JBoss RESTEasy Logo

The ContextListener is the way of RESTEasy to inject Guice’s Injector into the Web Application Context. it has a methods to enumerate all the Modules (Guice AbstractModule’s implementations) needed for the WebApp and a method to operate with configurations just after the Injector is created.

Noteworthy about JAX-RS API

There are several ways to bootstrap your beans/POJOS in your Web Application. The way JAX-RS proposes to expose its Resource Classes is by its Application class. This class defines the Singleton classes and Prototype classes that will have the RESTful annotations for exposing Resources. It is a good practice to have all the RESTful Endpoints in a dedicated package like “.rest” or “.endpoint”, just like with the Jersey framework and their “packages” parameter, so in my case, migrating a Jersey Resource to a RESTEasy one was a very light task if not a massive file copy&paste among projects.

Code Template

The github project shiro-guice-async-webapp has the sample webapp. It has the following frameworks integrated:

Again, this project can be turned into a Maven Archetype, with the mvn command.

Next Adventure:

Integrate Google Guice with Netty!

Advertisements

My Guice Integration Adventures: Building Secure RESTful Web Application with Apache Shiro

Intro & Motivation

From my previous post, I created an Maven Archetype to bootstrap a Java Web Application. My next step was to make the Web App Secure somehow, and by recommendation I came into Apache Shiro.

RBAC and Security Management

Apache Shiro has a new way of thinking security, with its Resource Based Access Control  (RBAC, not to be mistaken with Role Based Access Control). Basically, instead of giving access to Roles, you give set access to Resources, in this case RESTful endpoints. This can be applied to all JAX-RS Resources.

Second Approach: Guice + Apache Shiro + Jersey

The way to integrate Shiro into a web application is via the web filters to attach the Security Context into the main context. But I also needed to configure Guice, so it can load the Security Manager and Shiro Realms as Singletons at bootstrap.

I also used Shiro’s AOP Module to support Annotations like @RequiresPermission, but in the long run I stuck with the default way for requesting Permissions.

My overall experience with Shiro was very successful, and I found the Permission approach very intuitive. It’s very customizable also, having the chance to modify the behavior of Sessions (or go totally Sesion-less), Permission levels and Realms to save Users, Roles and Permissions according to your existing data structure.

Finally this framework also counts with a Cryptography package, to manage your passwords in multiple formats (MD5, SHA1, SHA-256, et al.) and to encrypt any kind of data to be shared.

Code Template Project

My github example is in shiro-guice-jersey-bootstrap project. This integrates the following frameworks and libraries:

  • Servlet 2.5
  • Jersey 1.18.1
  • Guice 3.0
  • Apache Shiro 1.2.3
  • guice-persist 3.0
  • gson 2.2.4
  • joda-time 2.4
  • JUnit 4.10

I also made a Maven Archetype from this template in secure-rest-webapp-archetype project.

Conclusions

This kind of projects are very demanded nowadays because of the SaaS and MBaaS architectures, and like I said in previous post, having Jersey makes your RESTful tier compliant with JAX-RS, Guice and Dependency Injection compliant with JSR-330 and the so long standardized Servlet 2.5 spec compliant with any Java Enterprise Application Servers. This makes the app more portable in terms of code sharing/reviewing and more focused on the BackEnd business logic, allowing a more agile workflow for distributed teams.

Next Adventure

My next adventure will involve RESTEasy and Servlet 3.x spec! Stay tuned!

Cheers!

My Guice Integration Adventures: Building Portable RESTful Web Services Applications

Intro & Motivation

I started my journey into the depths of Google Guice last year during an Android Coursera MOOC, it was really interesting and I really enjoyed using this Framework for the MOOC.

After my previous encounters with Spring Framework (and Spring Boot features), I wanted to give another DI Framework a try, so I could learn more about this fabulous  and helpful design pattern.

Google Guice doesn’t have a logo, sorry! 😛

I wanted to build the ultimate Java Web Application skeleton, having all the necessary frameworks to start coding RESTful web services for my current projects at work and at the same time keep the integrations as simple as possible, making the application extendable without loosing common features.

I started with the standards. I found a lot of blogs and code about Jersey framework, which was developed by the Oracle guys, so I gave it a try. My experience with Jersey was very successful, in fact I had 4 projects in one year involving this framework.

My Main motivation on starting these integrations was to have a way to port all my coding experience and algorithms across different projects, with the less amount of changes as possible and leveraging all the power of the Java language and its annotations.

First Approach: Jersey + Guice

My first approach was an integration of Jersey 1.x with Google Guice 3.0.

The main benefit from this approach, was that I found the code very portable and lightweight. I didn’t know when CDI and Oracle’s implementation of JSR-330 was going to get viral, so I decided to use Google Guice’s @Inject and @Provides annotation, but the code is portable enough to use javax’s implementation of @Inject. In this page you can find Google Guice’s doc on JSR-330 and the key differences with Oracle’s Java implementation.

You can check my sample project in GitHub: jersey-guice-bootstrap

As I stated before, this kind of projects were very demanded, so I decided to do a Maven Archetype. This way I could automate my project bootstrapping.

Automate The Bootstrap Process: Maven Archetype

The Archetype is jersey-guice-webapp-archetype and it has the following frameworks integrated:

  • Servlet 2.5 provided by Guice-Servlet package
  • Jersey 1.18.1 (Update: the last 1.x version is 1.19)
  • Guice 3.0 (Update: The last version is Guice 4)
  • guice-persist 3.0
  • gson 2.2.4
  • joda-time 2.4
  • JUnit 4.10

Conclusions

With this architecture you can stay in the Back-End world with JAX-RS Compliant Endpoints, integrate more frameworks like Hibernate with Guice Persist, use GSON to serialize back and forth POJOS without touching the Jersey’s Jackson configuration. Also this allows you to host your Front-End frameworks in another server or package system, which is a pretty common practice nowadays (MBaaS and SaaS architectures) to decouple Back-End and Front-End. This last also helps when having distributed teams, and their responsibilities.

This was my first Adventure with Google Guice and Java Web Applications, but not the last.

In fact this is going to be the first post in a series of experiences I earned last year. Stay tuned for more Guice Integration Adventures.

Next Adventure: RESTEasy + Servlet 3.x

The next posts will feature Servlet 3.x Spec and RESTEasy implementation of JAX-RS library.

Cheers!