I came to this also by the Android MOOC offered by Coursera last year, and I found this framework really useful for building event-driven application servers.
In previous posts I talked about Node.js and it’s ease of use when developing web applications. Node.js is also event-driven and it counts with a lot of features and today it counts with very wide community. It has been a great experience to work with Node.js.
Netty Rulez Too
Back in the Java world, Netty tries to achieve Rapid development of maintainable high performance protocol servers & clients, so I wanted to give it a try with my favorite DI framework. The server was drastically more lightweight and feature specific, but I didn’t have Servlet support. This is going to be a next step for sure if you want to fully migrate your webapp from your previous Java Application Server.
I made a very simple Java project with Guice and Netty, a Non-Blocking Event-Driven Server with Dependency Injection integrated.
Following the line with my previous post about Jersey + Guice integration, I wanted to get deeper on the Servlet 3.x specs and the new Asynchronous features in Java.
This was one of the limitations I found in my previous approach. The lack of asynchronous request processing within my Web Application.
My Investigation led me to RESTEasy Framework. I found this framework to be very handy and very updated with Java specs on JAX-RS, JSR-330, and Asynchronous Servlets.
I also bought the book RESTful Java with JAX-RS 2.0 (2nd Edition), which offered a very complete insight about this library and it’s capabilities. It’s also written by Bill Burke, who according to O’Reilly Media “is a Fellow at the JBoss division of Red Hat Inc. A long time JBoss contributor and architect, his current project is RESTEasy, RESTful Web Services for Java”. Big Kudos to Bill Burke for this great book and RESTEasy framework!
This third approach also has Apache Shiro integrated, which I explain in detail in other post, to build a fully Secured Web Application.
The ContextListener is the way of RESTEasy to inject Guice’s Injector into the Web Application Context. it has a methods to enumerate all the Modules (Guice AbstractModule’s implementations) needed for the WebApp and a method to operate with configurations just after the Injector is created.
Noteworthy about JAX-RS API
There are several ways to bootstrap your beans/POJOS in your Web Application. The way JAX-RS proposes to expose its Resource Classes is by its Application class. This class defines the Singleton classes and Prototype classes that will have the RESTful annotations for exposing Resources. It is a good practice to have all the RESTful Endpoints in a dedicated package like “.rest” or “.endpoint”, just like with the Jersey framework and their “packages” parameter, so in my case, migrating a Jersey Resource to a RESTEasy one was a very light task if not a massive file copy&paste among projects.
From my previous post, I created an Maven Archetype to bootstrap a Java Web Application. My next step was to make the Web App Secure somehow, and by recommendation I came into Apache Shiro.
RBAC and Security Management
Apache Shiro has a new way of thinking security, with its Resource Based Access Control (RBAC, not to be mistaken with Role Based Access Control). Basically, instead of giving access to Roles, you give set access to Resources, in this case RESTful endpoints. This can be applied to all JAX-RS Resources.
I also used Shiro’s AOP Module to support Annotations like @RequiresPermission, but in the long run I stuck with the default way for requesting Permissions.
My overall experience with Shiro was very successful, and I found the Permission approach very intuitive. It’s very customizable also, having the chance to modify the behavior of Sessions (or go totally Sesion-less), Permission levels and Realms to save Users, Roles and Permissions according to your existing data structure.
Finally this framework also counts with a Cryptography package, to manage your passwords in multiple formats (MD5, SHA1, SHA-256, et al.) and to encrypt any kind of data to be shared.
This kind of projects are very demanded nowadays because of the SaaS and MBaaS architectures, and like I said in previous post, having Jersey makes your RESTful tier compliant with JAX-RS, Guice and Dependency Injection compliant with JSR-330 and the so long standardized Servlet 2.5 spec compliant with any Java Enterprise Application Servers. This makes the app more portable in terms of code sharing/reviewing and more focused on the BackEnd business logic, allowing a more agile workflow for distributed teams.
My next adventure will involve RESTEasy and Servlet 3.x spec! Stay tuned!
I started my journey into the depths of Google Guice last year during an Android Coursera MOOC, it was really interesting and I really enjoyed using this Framework for the MOOC.
After my previous encounters with Spring Framework (and Spring Boot features), I wanted to give another DI Framework a try, so I could learn more about this fabulous and helpful design pattern.
I wanted to build the ultimate Java Web Application skeleton, having all the necessary frameworks to start coding RESTful web services for my current projects at work and at the same time keep the integrations as simple as possible, making the application extendable without loosing common features.
I started with the standards. I found a lot of blogs and code about Jersey framework, which was developed by the Oracle guys, so I gave it a try. My experience with Jersey was very successful, in fact I had 4 projects in one year involving this framework.
My Main motivation on starting these integrations was to have a way to port all my coding experience and algorithms across different projects, with the less amount of changes as possible and leveraging all the power of the Java language and its annotations.
The main benefit from this approach, was that I found the code very portable and lightweight. I didn’t know when CDI and Oracle’s implementation of JSR-330 was going to get viral, so I decided to use Google Guice’s @Inject and @Provides annotation, but the code is portable enough to use javax’s implementation of @Inject. In this page you can find Google Guice’s doc on JSR-330 and the key differences with Oracle’s Java implementation.
Jersey 1.18.1 (Update: the last 1.x version is 1.19)
Guice 3.0 (Update: The last version is Guice 4)
With this architecture you can stay in the Back-End world with JAX-RS Compliant Endpoints, integrate more frameworks like Hibernate with Guice Persist, use GSON to serialize back and forth POJOS without touching the Jersey’s Jackson configuration. Also this allows you to host your Front-End frameworks in another server or package system, which is a pretty common practice nowadays (MBaaS and SaaS architectures) to decouple Back-End and Front-End. This last also helps when having distributed teams, and their responsibilities.
This was my first Adventure with Google Guice and Java Web Applications, but not the last.
In fact this is going to be the first post in a series of experiences I earned last year. Stay tuned for more Guice Integration Adventures.
Next Adventure: RESTEasy + Servlet 3.x
The next posts will feature Servlet 3.x Spec and RESTEasy implementation of JAX-RS library.