I have been Googling a lot lately, but I find myself coming up short on answers.
I have a complete Spring MVC application secured by Spring Security and with services exposing logic to controllers (controllers -> service -> repository -> POJO's).
Currently all my controllers, except the login controller, serve nothing but JSON/XML and I want it to stay this way. I do not want to render different views on each controller.
However, what I want to be able to, is to separate the web application from the backend because in time I want to be able to integration with my service using more platforms than just a web browser.
Currently I have the regular Spring MVC application:
Login is done using a Thymeleaf rendered view and Spring Security which does nothing more than filtering all urls under the application root. After this, it is just a bunch of static files being served as resources:
Spring Controllers send a "{ontrollerName}/layout" to serve the AngularJS HTML partial used for all data under that given Spring Controller.
What I want, is a way to separate everything in the /webapp directory from the rest of my project. I have looked into a few different solutions here such as using Apache Proxy where my Apache Http server hosts the client code which communicate with the backend using Ajax to rest controllers, and Tomcat hosting the backend. However, I hear that proxying like this is not safe. I could however be dead wrong here.
So, the questions I hope to receive answers to are: 1. Is it fine to just write a client that uses Apache http server's Proxy to provide access to Ajax on the server?
If not; How should I proceed? Is it any point in trying to extract the client side from the /webapp directory or is this just some stupid idea I created because it seemed cool to be able to deploy them without having to relay on each others?
Is there any best practices in regards to how I structure a project with separate modules? Think Gradle build scripts for multi modules.
Should I think in different terms and use an approach not based on Spring MVC at all? If so, please advice me.
I hope this was clear enough to make sense for you guys.
The solution was to use the simpler approach of a restful API that did authentication over OAuth 2.
Basically the two best alternatives are a hybrid solution (part restful API and part server side rendering of pages) or a full blown restful API where you implement all functionality in a static web client. This way there is no need for multi-module projects and packing things together in one package.