quinta-feira, 14 de agosto de 2014

JavaEE, JavaFX and RFID - Part 3: REST API and Security (+ Openshift)

Continuing our series of post about RFID and JavaFX, we are going to show today how to we expose the application database using a REST interface and how we secure it.

Part 1: The Application
Part 2: Reading RFID from Java 
Part 3: REST API and Security
Part 4: The Client


For this part, we will use Wildfly(The JBoss community application server) and we will deploy a REST application to it that access our database.

 

Why REST?

RESTful APIs allow us to access information in a stateless manner. It also allow us to access this information in a remote centralized way, so any application can access it.
RESTful APIs also makes easy to integrate your system. In our blog post we are talking about a simple and small application, now imagine we have a big database of employees or products that we wants to integrate with a RFID system and we want to add thousands of data to our RFID system. It's much easier when the system is exposed using REST.

 

REST and Java

REST Web Services can be created using the JavaEE JAX-RS API, where we can simply annotate Java classes to add HTTP information to it, and deploy it on an Application Server, that will expose our classes methods to be accessed from HTTP.
If we want to activate JAX-RS on our WEB Application that is deployed in an application server that implements JEE 6, we need to use an application that extends Application and uses an annotation ApplicationPath, where we indicate the context for all the JAX-RS resources:

import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;

@ApplicationPath("rest")
public class JaxRSActivator extends Application {

}

 

 The REST API

To access our database, we use CDI to inject the service class we talked about in the last post. Then we just need to create a class that contains the appropriate JAX-RS annotations, see:





It means that access to the database will be done as summarized in the following lines:

Getting all registered people
GET on /rest/person URI will return a list of the people in the DB in JSON format;
Adding a new Person
POST on /rest/person sending a person representation in JSON format will add it to the DB;
Removing an existing person
DELETE on /rest/person/{person id} will remove it from the DB;
Getting a person by RFID
GET on /rest/person/rfid/{person rfid} the person from DB that contains the given RFID.

 

Securing the REST API

To secure our app, we uses JAAS integrated with Wildfly (see more about security on JEE). That was really simple since we used a security domain that is already available with Wildfly, it's named "other". To add an user to this security domain, we use the add-user.sh script which is located at the bin directory of a Wildfly installation:



Now, we configure our application to use that security domain to authenticate our REST WS. It simply done by declaring the security that will be used in jboss-web.xml then declaring security on web.xml! 



Now our REST methods are secured, see above that all the stuff under rest context will require basic authentication. Of course we could improve the security a lot by using SSL and other authentication ways, however, in this app we will simply use basic authentication...

 

The WAR application

We used Maven to build our application application. See the project structure below:






We use mvn clean package to create a war file in the project target's directory. This file will be ready to be deployed on a JBoss AS 7.1, EAP 6.x or Wildfly application server.

 

Application on cloud

I put my project on Openshift, so anyone can have access to it! The first thing I did was setup my JBDS to use Openshift.  I also had to change the security I just described since it seems that I don't have acess to add-users.sh on Openshift.

What I did was:

  • Edited .openshift/conf/standalone.xml to add files to contains the user information which will be used on the authentication process:

  • Then I had to ssh the openshift server using rhc ssh people to create the files that contains the user information! (rest-users.properties and rest-roles.properties)
I could create another security domain for my application specifically, but I noticed other was empty, so I decided to use it. The other change was that Openshift was doing something with the default JBoss AS database, so I decided to move to MySQL. And it was REALLY easy, I just had to:

  • Added a MySQL cartridge to my application in Openshift administration;
  • JBoss AS is pre-configured with a MySQL DS! I just had to modify persistence.xml to point to the java:jboss/datasources/MySQLDS datasource instead the one I was deploying. The pre-configured DS includes everything using environments variable...

The application on OpenShift is here. Access person resource to see the data we have on DB (restadmin/restadmin123!)

Conclusion

So far what we have is a REST WEB Service to server people information stored in the default filesystem based database. Now we need to add a way to humans interact with it. On next post, we will show a JavaFX client we created to connect to the cloud and send RFID information!

Um comentário: