Ask questions and see you at April, 4th, 8.PM. CET: youtube.com/c/bienadam
Also checkout recent episode:
Please keep the questions Jakarta EE-stic. Means: as short and as concise as only possible. Feel free to ask several, shorter questions. Upcoming airhacks.tv events are also going to be announced at meetup.com/airhacks
I have Struts 1.x application. I want to migrate to more modern framework.
One option is Struts 2.x. How would you execute such migration?
Is there a reason to migrate to MicroProfile application. What would that mean? What would be benefits? Would that mean rewrite of templates to SPA + API? How would you execute such migration if it is meaningful?
Is there any Java API spec that would help for easy maintaince or cheap upgrades to such systems?
Can you comment on Jakarta MVC as contract https://projects.eclipse.org/projects/ee4j.mvc ?
Hi Adam,
another question ;), is about security in an application with REST architecture and web frontend.
The initial approach is to use the groups of a JWT token and the @RolesAllowed annotation in the backend, but if I want to make it dynamic I have chosen to have a database table to configure the permissions and a RequestFilter where to perform the validations.
The first problem is maintenance, it would have to have the allowed groups/roles for each endpoint.
The second, that due to functional requirements, the possibility of a menu option being read-only is requested, the problem is the navigation between screens since it has to be inherited between screens, but being a REST architecture (stateless) I do not see how to do it without compromising security, I don't know if I explained myself well.
In the end, the goal is that a user, even if authenticated, cannot call all the endpoints, only those that have permissions, but without the management being so complicated, the only way I can think of is to put security per endpoint although it is difficult to maintain, is there any other approach?