Part 1: Creating the Basic Application

In a series of blogs we will look at how to create a REST service using the latest version of Spring. Our service will have validation so we can make sure the data stored meets the requirements and it will be secured so only the correct people can view the data and make updates.

Traditionally Spring Framework requires quite a bit of XML configuration. The first versions have been referred to as "XML hell" but this has alleviated with each major release. As of Spring 3.0 a separate project called Spring JavaConfig has been brought in to the core. We will use no XML to configure Spring and only a few files to configure other things.

Creating the Basic Application

We are going to create a system that tracks packages. This will be an over simplified system but it will be enough for the purpose of this blog. What REST is will be more clear in the second part of the blog.

Let's look at the requirements that our simple tracking system should fulfill. Our ticket system should support the following operations.

  • Get details for a package
  • List packages
  • Add a new package
  • Update a package
  • Cancel a package

To track the location of a package we need a support service that should have the following operations.

  • Add a location the package has been scanned at
  • List locations a package has been scanned at
  • Remove a location from a package
  • Get details about a location

Some non functional requirements are also necessary.

  • Any users of the system should be able to see information.
  • Updating the information should be restricted to a higher level of access.
  • All data should be validated for data consistency.

Technologies We'll Be Using

We will be using several open source frameworks to get this done. Some, like Spring Framework, are major parts of the application while others will only do a very specific small task.
Spring Framework - all dependency injection as well as the REST framework.
Spring Security - for authentication and authorization.
Spring Data JPA - simplifies the dao layer by adding CRUD operations through the use of proxies.
Hibernate - JPA implementation for storing data.
Hibernate Validator - to use the JSR 303 validation support for validating the input data and data model.
Dozer - a very powerful mapping tool that takes away a lot of boilerplate code.

With REST services the most common technology stack includes JAX-RS but in this blog we are going to focus on using Spring MVC instead. This is not to say that JAX-RS isn't good or that Spring Framework is better, I only wanted to explore the possibility of using only Spring.

Data Layer

We need three entity classes, Ticket, Location and LocationScan. We don't need dao objects, all we need to create are interfaces and add some annotations. The actual implementation have been left out but you can find a link to the complete source code at the bottom of the page.

Service Layer

Our services perform the operations on our data objects using the dao objects. This is also a trivial task to implement so it is not part of this blog but full source is available.

Data Transport Layer

In our application we map our requests to a data transport layer before updating our persistence entities. One of the reasons for this is that we want to validate the data coming in but not all those constraints would work well on our entities. Take for instance the case where you want to create a user and the user should enter a password twice to confirm it. We don't want that in our data model so we have a data transport layer for this very reason. More on how to add validation later. Another reason is that it simplifies partial updates, more on this later.


This entry went through some very basic application setup but it was necessary to explain the basics of our application before going into the details of our REST service.

Each part of this blog will add functionality to our application.

Part 1: Creating the Basic Application
Part 2: Configuring The Application
Part 3: Adding the REST Services
Part 4: Adding Validation
Part 5: Adding Security to the Services
Part 6: Customising the Security for REST

In the next entry we will look at configuring our application using only Java Config.

The code examples are all heavily edited excerpts but the complete source code can be found on GitHub.