I am having REST API with JPA and for login framework I am using Apache Shiro. Is it possible to integrate Apache Shiro with AngularJS and If YES Please give some example to workout with it.
Thanks
I know this is old, but if someone is looking for a solution still (as of Oct 2016) there is this. Requires some effort to integrate.
Thats a valid ques... in fact I am scoping this out now prototyping.
I wont get to it soon though I am tied up
create your login.html which is the view and to a home page
create your controller (angular style)
create your model (angular style)
write your java model
include shiro libs inside your maven project xml file
implement a shiro realm configuring such
implement a java security service which should be triggered by shiro onlogin
operate your doMethods for shiro within the service
allow room for java permission and role logic
build deploy...
DONE
wish I could give you more just haven't had a chance to grudge thru it. I will eventually though.
I am sure someone else will clean this up but shiro and angular I say are ok...
in fact all JAVA and Angular are perfect... nobody realizes http has been abused and misused for twenty years... (ok 15)... and REST puts the old days away for good.
here is your new architecture
Bootstrap,Angular,MVC JavaScript,REST,Hibernate JPA
BackBone is another alternative to Angular but its listener implementation is mandatory. Angular does more for you without need for listeners and is how HTMl would have been implemented if it were app centric when it was invented.
All these do is implement MVC and bury your ajax so your got a clean lookin html.
Related
I am planning to start a project and I am looking for the best approach to make a RIA application using AngularJS.
Right know I am pretty sure of those technologies:
AngularJS (+ bootstrap CSS) for the client UI, logic and server
requests.
Spring for bootstrapping the server business logic.
Hibernate + MySQL for persistent data access
Jersey for the Restful web service API.
Spring Security for url and data protection over authentication.
The only piece I feel is not ok is that my application will not be the typical one page app, because it will be large and I want to break it into multiple one page apps, some protected and others public. To serve every index.html I want another technology like Spring MVC, making those small one page apps secure for this points, and also not allowing the access to some resources.
¿Do you think this is a good approach or you would change any of this technologies (like supressing jersey/Spring MVC redundant dependencies)?
i think that in general your aprroach is a good one, but maybe you could use the webapp generator yeoman with the JHispster, a java web app generator.
Or if you don't like the ideia you could add to your data access layer the Spring-Data-JPA, because you will avoid to write the boilerplate code.
I would like to add a Web User Interface for an existing Java project I did time ago. I learned basics of AngularJS on codeschool.com courses and now I know how to send an http or REST request to get data for my web UI.
My Java project has a set of methods that elaborate some data from a local database and return integers or integers arrays.
The goal of the interface would be to show a bunch of charts and data directly from that Java project.
What would be the most appropriate way to do this? I heard of implementing REST services on my Java project but it seems overkill for the purpose and i'm totally confused by all the frameworks for this. What would you use?
Thanks everyone for your answers!
I would use SprinvMVC to provide data from server to client side.
Here is my project from which you can start and learn basics :
https://github.com/xwid/thaimaster
Basicly you should create spring controllers mapped to urls, by doing it this way, you will be able to retrive server data using angular js.
http://www.javabeat.net/spring-mvc-angularjs-integration/
If you don't want to use a full REST framework such as Jersey, another possibility would be to use an embeddable HTTP server (there are several) and handle the requests yourself. This would mean that requests to something like /myapp/ would return your AngularJS filled HTML page, and requests to /resources/* would provide with REST functionality.
This would give you a standalone Java program that doesn't need a servlet container, but it would be a somewhat hacky solution. Not production grade, but you'd probably learn something from having to handle the HTTP traffic yourself.
With the Spring Framework's SprigBoot, it's quite easy to implement a REST service and have a runnable java application. You can follow this Building a RESTful Web Service guide from spring.io. They are clear and quickly understandable.
Also if you are not already familiar, through these guides you can have a glimpse of gradle and maven as well.
At work I have to regularly work on a site that uses Tomcat, Hybris and (I think?) Spring. Although I'm slowly learning, I'm quite unfamiliar with all of these technologies.
Is there a simple way to handle 301 redirects through Hybris? Perhaps through the Hybris administration console or Hybris management console?
Currently, we are using http://www.tuckey.org/urlrewrite/ and functionally, it works great. But adding a vanity URL or a URL redirect to the website involves editing / testing on localhost, then pushing urlrewrite.xml to stage and testing, then finally pushing urlrewrite.xml to the production environment.
Is there a better way to handle 301's with the technology we're using?
Hybris is built almost entirely upon the Spring framework. I'm not sure if the site you are maintaining uses the Accelerator template for the storefront, but if it is, then you'll want to look into Spring MVC. Look for methods that are annotated with #Controller. You can do just about anything you want with Spring MVC including 301 redirects.
There is no simple way to do this immediately in a nice configurable way in hybris. And frankly you would not want to. You should handle this in your web server.
But if you really want to, you should add a filter to the Accelerator storefront to check incoming requests against a list of items (perhaps RedirectURL Items) and redirect as required.
Could you explain exactly what you are trying to achieve ? I think like it has been said, in most cases redirection at the web server level would be more appropriate.
I'm starting to study GWT now, and have a very general question, I could maybe teach myself with a little more experience, but I don't want to start it wrong, so I decided to ask you.
I always develop using JSF, having separate packages for beans, controllers and managedbeans.
However, as the GWT uses RPC, I will not have managedbeans, right?
So, GWT automatically handles user session for me, or do I have to do it myself?
What is the best package structure for the project?
It is best to use RPC, or create a webservice and access the webservice in GWT?
It's hard to host the application on a tomcat server?
Is there a test saying which server is faster for GWT?
Thank you.
However, as the GWT uses RPC, I will not have managedbeans, right?
True, GWT RPC uses POJOs.
So, GWT automatically handles user session for me, or do I have to do it myself?
GWT is pure AJAX APP - client code (normally) runs in one browser window (similar to gmail) and does not reload the web page. This means that the application state is always there - no need for sessions (as a means of saving state). You still might need sessions for user authentication, but this is usually handled by servlet container.
What is the best package structure for the project?
Three packages: client, server and shared. Client for GWT client code, server for server (also RPC) code and shared for POJOs that are used by both client and server.
It is best to use RPC, or create a webservice and access the webservice in GWT?
Go with GWT-RPC or (better, newer) with RequestFactory.
It's hard to host the application on a tomcat server?
It's straightforward: GWT client code is compiled to JS/html and is hosted as any static content. RPC server code is just Servlets - normal web.xml registration.
Is there a test saying which server is faster for GWT?
No clue, but IMHO does not matter, because most of the latency will come from database and network.
Also have a look at http://code.google.com/p/gwt-platform/
This framework is really great and follow all suggested best practices(e.g. MVP) by google and give you as well great support for gin, gwt dispatcher, website crawling, history with tokens, code splitting via gwt async etc.
If you want to set up a good project structure try to use the maven gwt plugin(http://mojo.codehaus.org/gwt-maven-plugin/) it helps you a lot with setting up an initial structure and manage your build process.
Which one is the best approach/method to implement security in Java EE?(JPA/JSPs)
I'm working on a personal project so I can learn Java EE and I am a little confused on how to approach the AUTHORIZATION and AUTHENTICATION process on my website.
I have different roles and I don't want certain users to access certain parts of the website. So I've been searching for docs and tutorials and etc, but everything I find dates to more than 3-4 years ago. Is there anything more recent that I should look into?
Here are some of the things I found:
http://www.oracle.com/technetwork/developer-tools/jdev/oc4j-jaas-login-module-083975.html
Any help would be greatly appreciated!!! :)
Spring Security. Although it is branded as Spring, you might find it useful for web applications; do note that you don't need to write a Spring app to use Spring Security.
If you wish to stick to JAAS, I would suggest using one of the container's login modules, just to get started, before you attempt to write your own login module. Be forewarned that you might end up writing one, if the container supplied modules do not meet your requirements. And, there is a good book on JAAS to help you understand it in detail.
Moreover, take a look at Servlet spec 3.0, to see how annotations can be used declare the roles (#DeclareRoles, which came in servlet spec 2.5) in the servlet itself, before defining what roles have access to what HTTP method (using #RolesAllowed). You can also employ annotations like #DenyAll and #PermitAll, to permit or forbid access to all users. #TransportProtected will ensure that the HTTP method is accessed over HTTPS. All one needs to do, is to map these roles in the source code, to actual roles in the JAAS realm; this often done using a container specific descriptor file.
ADDENDUM
Since you are using JSPs and not Facelets or any other technology for the presentation tier, you might be interested in the JSP tags offered by Spring Security. It is much cleaner that maintaining all of the authorization metadata in a humongous web.xml file.
As far as JPAs are concerned, well, the underlying access to them is usually enforced at the servlets or EJBs. Of course, you can build in more programmatic security, based on your needs - using entity listeners would help in this process as you would be able to intercept load, update and persist operations (if you are that particular, but for the most part building security before your business logic is executed usually is sufficient).
And oh, take a look at JBoss Seam (and Seam security), for it is a complete application development framework built on Java EE.
Something more recent than JAAS is the Spring Security framework. It supports JSR-350 (EJB 3) and thus would work fine in Java EE.
I worked on a Java EE application recently with JAAS. It's pretty current, you can check it's home page at Oracle.
It works with roles, authentication, etc.
You can use it in JBoss and Glassfish, probably the rest of the ASs too.
Spring security tutorial https://www.packtpub.com/spring-security-3/book. Highly recommended.