HTML+JavaScript • JSON Controller • Web endpoints • Mobile API • REST API • External calendar push Service • Timetables • User profiles Model • Timetable backend (API or database) • User profile storage
call you” – Container initialises your objects (beans/POJOs) • Dependency Injection (DI) – Any classes you depend on are provided (“wired”) by container • Loose coupling – Contracts (interfaces) separate from implementation http://docs.spring.io/spring/docs/current/spring-framework-reference/html/beans.html#beans-basics
with student information systems – Can provide list of enrolled courses – Present a full, preset timetable to student • Authentication standards – SAML 2.0, LDAP, Active Directory, CAS, ...
– /admin only for administrators – Maybe require login for entire app • Which business objects? – Teacher timetables – Concept timetable • Or which parts of business objects (fields)? – Teacher names private
security logic from business logic – Easily change security configuration – Better testability of business logic • Some disadvantages – Needs AOP container or compiler (e.g. AspectJ) – Possible to break security without noticing (so test!) – Proxies cause slight overhead