Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

EclipseLink/Release/2.4.0/JPA-RS

The EclipseLink 2.4.0 release introduces an easy to use RESTful interface for accessing JPA persistence units and EJB session bean methods using REST calls with XML or JSON media types. With JPA-RS developers can now more easily expose their persistent data model and application logic over REST for the development of Thin Server Architecture (TSA) clients including HTML5/JavaScript and mobile.

Key Features

  • Simple Enablement: The JPA-RS capability can be easily added to any Java EE application being deployed to any compliant Java EE server by simply adding JPA-RS components to an application.
  • Zero configuration: When enabled the exposed JAX-RS service will allow any persistence unit or related EJB to be accessed using simple REST calls. Optional configuration will be supported for developers who want to limit what capabilities are exposed or wish to customize the resources used in any REST operation.
  • Dynamic JPA-RS: Enable the deployment of a generic JPA-RS application into a compliant Java EE server without requiring any included persistence units. This dynamic service will support provisioning of persistence units on the fly by passing in or providing reference to dynamic JPA configuration XML (persistence.xml and eclipselink-orm.xml using virtual entities).

JPA-RS.png

RESTFul API

When enabled JPA-RS will expose the complete capabilities of the persistence units defined within the application.

EclipseLink/Development/2.4.0/JPA-RS/REST-API

Persistence Unit Access

In order for JPA-RS to access a persistence unit it must be made available through one of the following mechanisms:

  1. Available on classpath of running JPA-RS instance so standard JPA bootstrapping can find it
  2. Provisioned: This requires a PUT call to the service to inform it of a PU
    1. Pass in all of the configuration
    2. Pass in minimal information with information about where to retrieve additional config from

JAX-RS using Jersey

The JAX-RS reference implementation is Jersey ([jersey.java.net]). Additional support will be added to leverage Jersey's (add version) planned support for defining JAX-RS applications and resources using their API. The goal here is to allow JPA-RS to be declaratively configured without requiring any additional code to be included in a user's WAR/EAR.


Security

Security in JPA-RS should be implemented through standard RESTful application security practices.

The REST URLs described in the document linked above give an idea of which URLs could be restricted using a standard user/role based system. Some things to consider:


  • Simple CRUD operations are available at: <base>/{unit-name}/entity/{type}. Reads are GETs, and writes use PUT/POST/DELETE.
  • Queries can also Read, Update and Delete: <base>/{unit-name}/query/<queryName>. You will likely want similar restrictions on queries as other CRUD operations. Reads are GETs and writing queries are POST
    • Single result read queries are at: GET /persistence/{unit-name}/querySingleResult/{name} and should likely be treated like other Read queries
  • Bootstrapping operations should likely be secured as they allow dynamic addition of mappings and persistence units. PUT/DELETE /persistence/{unit-name}
  • Metadata is available by Rest and may need securing: GET /persistence and GET /persistence/unitName

Configurable Content

By default all entity types CRUD operations and named queries will be exposed by JPA-RS. Configuration of which URLs are available is through the security policy described above.

Additional URIs

In addition to the URI's for all defined named queries and entity types there should be support in JPA-RS to access server side application logic within EJB session beans.

Copyright © Eclipse Foundation, Inc. All Rights Reserved.