I'm using HTML+JQuery as UI, Spring-Roo to generate service layer which contains Json object string conversion. It works well for us like the following sample code:
@RequestMapping(headers = "Accept=application/json")
@ResponseBody
public ResponseEntity<String> ArticleController.listJson() {
HttpHeaders headers = new HttpHeaders();
headers.add("Content-Type", "application/json; charset=utf-8");
List<Article> result = Article.findAllArticles();
return new ResponseEntity<String>(Article.toJsonArray(result), headers, HttpStatus.OK);
}
but after several sample pages developed, I have some questions:
1) We want to use Spring-Security as Access Control module, is that OK for this framework? How can server knows it is the same session request from the browser?
2) Instead of jsp server technology, pure HTML + JQuery is really OK? Because I see many Ajax code injected in the html, and many of them cannot be reused. As we know server technologies have the template that can maximizing the reusage of code. I'm worrying about the develop difficulty and maintenance efforts.
PS: Why we decided using HTML+JQuery+Json is because we directly get HTML+CSS from Art designer,
and we have plan to support different client besides browser, so Json might be a good choice.
Thanks.
1) We want to use Spring-Security as Access Control module, [...] How can server knows it is the same session request from the browser?
First the session must be somehow established on the server side. Use standard Spring Security login screen or call spring_security_login using ajax. In return the server will send a cookie with JSESSIONID. This cookie sent with every subsequent request (including AJAX requests) so the server knows which user calls REST methods. This is completely transparent.
Also when you logout (by calling j_spring_security_logout) the session as well as cookies are destroyed.
We are using this approach successfully (more over, due to historical reasons we are calling soap services from JavaScript!) and it works really well.
2) [...]pure HTML + JQuery is really OK? Because I see many Ajax code injected in the html, and many of them cannot be reused. [...]
True separation of concerns is the king. Keep JavaScript in one place (.js) file and HTML in other place (.html). They should never be mixed. Also keep your JavaScript code layered and stay away from DOM manipulations as much as possible (e.g. use client-side templating engines).
Moreover there is nothing preventing you from generating HTML during build so that common HTML snippets like headers and footers are included in every page.