RESTful和J2EE

Question

I have developed a web application with Java EE, which connects to a DB. The app is deployed on Tomcat 8. The app is divided in three layers: db layer, business layer, and presentation layer. Now I need to develop a RESTful API that will use the business layer and will provide most of the functions that the presentation layer provides. Clients will have two options to choose from: open a browser, connect to the APP and use it or consume the RESTful web services from their own software.

My question is: should I deploy the RESTful API on the same server where the APP is deployed or separately? What are your suggestions? And, what kind of authentication would you suggest for the REST web services?

Thanks!

Answer 1

It is a rather broad question and the short answer is it depends .

Functionnally, you have three parts here:

• the presentation layer
• the API interface
• the back office : business and db layers behind the 2 first ones

Common technical architectures are:

• one app for the API and business and db layers, one app for the web layer using the API
• everything (API, Web and business) on the same application.

The former offer a better separation and can be interesting for heavy loaded applications, or if you plan to move to a javascript interface (AngularJS ofr example), the latter will be simpler to implement.

For the authentication, it is simpler to pass the credentials along with each request for an API, but you should considere managing it outside the application itself through filters and/or AOP concepts. Spring Security is an example of how this is possible and gives a very loose coupling between the business code and the authentication and authorization ones. You can then choose and change your authentication methods with little impact on the core of the application.