Pular para o conteúdo principal

JavaEE, JavaFX and RFID - Part 3: REST API and Security (+ Openshift)

Continuing our series of post about RFID and JavaFX, we are going to show today how to we expose the application database using a REST interface and how we secure it.

Part 1: The Application
Part 2: Reading RFID from Java 
Part 3: REST API and Security
Part 4: The Client


For this part, we will use Wildfly(The JBoss community application server) and we will deploy a REST application to it that access our database.

 

Why REST?

RESTful APIs allow us to access information in a stateless manner. It also allow us to access this information in a remote centralized way, so any application can access it.
RESTful APIs also makes easy to integrate your system. In our blog post we are talking about a simple and small application, now imagine we have a big database of employees or products that we wants to integrate with a RFID system and we want to add thousands of data to our RFID system. It's much easier when the system is exposed using REST.

 

REST and Java

REST Web Services can be created using the JavaEE JAX-RS API, where we can simply annotate Java classes to add HTTP information to it, and deploy it on an Application Server, that will expose our classes methods to be accessed from HTTP.
If we want to activate JAX-RS on our WEB Application that is deployed in an application server that implements JEE 6, we need to use an application that extends Application and uses an annotation ApplicationPath, where we indicate the context for all the JAX-RS resources:

import javax.ws.rs.ApplicationPath;
import javax.ws.rs.core.Application;

@ApplicationPath("rest")
public class JaxRSActivator extends Application {

}

 

 The REST API

To access our database, we use CDI to inject the service class we talked about in the last post. Then we just need to create a class that contains the appropriate JAX-RS annotations, see:





It means that access to the database will be done as summarized in the following lines:

Getting all registered people
GET on /rest/person URI will return a list of the people in the DB in JSON format;
Adding a new Person
POST on /rest/person sending a person representation in JSON format will add it to the DB;
Removing an existing person
DELETE on /rest/person/{person id} will remove it from the DB;
Getting a person by RFID
GET on /rest/person/rfid/{person rfid} the person from DB that contains the given RFID.

 

Securing the REST API

To secure our app, we uses JAAS integrated with Wildfly (see more about security on JEE). That was really simple since we used a security domain that is already available with Wildfly, it's named "other". To add an user to this security domain, we use the add-user.sh script which is located at the bin directory of a Wildfly installation:



Now, we configure our application to use that security domain to authenticate our REST WS. It simply done by declaring the security that will be used in jboss-web.xml then declaring security on web.xml! 



Now our REST methods are secured, see above that all the stuff under rest context will require basic authentication. Of course we could improve the security a lot by using SSL and other authentication ways, however, in this app we will simply use basic authentication...

 

The WAR application

We used Maven to build our application application. See the project structure below:






We use mvn clean package to create a war file in the project target's directory. This file will be ready to be deployed on a JBoss AS 7.1, EAP 6.x or Wildfly application server.

 

Application on cloud

I put my project on Openshift, so anyone can have access to it! The first thing I did was setup my JBDS to use Openshift.  I also had to change the security I just described since it seems that I don't have acess to add-users.sh on Openshift.

What I did was:

  • Edited .openshift/conf/standalone.xml to add files to contains the user information which will be used on the authentication process:

  • Then I had to ssh the openshift server using rhc ssh people to create the files that contains the user information! (rest-users.properties and rest-roles.properties)
I could create another security domain for my application specifically, but I noticed other was empty, so I decided to use it. The other change was that Openshift was doing something with the default JBoss AS database, so I decided to move to MySQL. And it was REALLY easy, I just had to:

  • Added a MySQL cartridge to my application in Openshift administration;
  • JBoss AS is pre-configured with a MySQL DS! I just had to modify persistence.xml to point to the java:jboss/datasources/MySQLDS datasource instead the one I was deploying. The pre-configured DS includes everything using environments variable...

The application on OpenShift is here. Access person resource to see the data we have on DB (restadmin/restadmin123!)

Conclusion

So far what we have is a REST WEB Service to server people information stored in the default filesystem based database. Now we need to add a way to humans interact with it. On next post, we will show a JavaFX client we created to connect to the cloud and send RFID information!

Marcadores:

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Simplest JavaFX ComboBox autocomplete

Based on this Brazilian community post , I've created a sample Combobox auto complete. What it basically does is: When user type with the combobox selected, it will work on a temporary string to store the typed text; Each key typed leads to the combobox to be showed and updated If backspace is type, we update the filter Each key typed shows the combo box items, when the combobox is hidden, the filter is cleaned and the tooltip is hidden:   The class code and a sample application is below. I also added the source to my personal github , sent me PR to improve it and there are a lot of things to improve, like space and accents support.
2 comentários
Leia mais

Genetic algorithms with Java

One of the most fascinating topics in computer science world is Artificial Intelligence . A subset of Artificial intelligence are the algorithms that were created inspired in the nature. In this group, we have Genetic Algorithms  (GA). Genetic Algorithms  To find out more about this topic I recommend the following MIT lecture and the Nature of Code book and videos created by Daniel Shiffman. Genetic Algorithms using Java After I remembered the basics about it, I wanted to practice, so I tried my own implementation, but I would have to write a lot of code to do what certainly others already did. So I started looking for Genetic Algorithm libraries and found Jenetics , which is a modern library that uses Java 8 concepts and APIs, and there's also JGAP . I decided to use Jenetics because the User Guide was so clear and it has no other dependency, but Java 8. The only thing I missed for Jenetics are more small examples like the ones I will show i...
Postar um comentário
Leia mais

Dancing lights with Arduino - The idea

I have been having fun with Arduino these days! In this article I am going to show how did I use an electret mic with Arduino to create a Dancing Lights circuit. Dancing Lights   I used to be an eletronician before starting the IT college. I had my own electronics maintenance office to fix television, radios, etc. In my free time I used to create electronic projects to sell and I made a few "reais" selling a version of Dancing lights, but it was too limited: it simply animated lamps using a relay in the output of a 4017 CMOS IC. The circuit was a decimal counter  controlled by a 555. 4017 decimal counter. Source in the image When I met Arduino a few years ago, I was skeptical because I said: I can do this with IC, why should I use a microcontroller. I thought that Arduino was for kids. But now my pride is gone and I am having a lot of fun with Arduino :-) The implementation of Dancing Lights with Arduino uses an electret mic to capture the sound and light leds...
Postar um comentário
Leia mais