New Book Review: "Spring REST"

New book review for Spring REST, by Balaji Varanasi and Sudha Belida, Apress, 2015, reposted here:

Phenomenally practical guide for designing and developing REST services using the Spring Framework, Spring Boot, Spring Web MVC, and Spring Data. Unlike many technical books in the marketplace, this guide truly walks the reader step-by-step through the development process from square one, in this case to build a small application that demonstrates all of the core features modern REST services should provide.

In my case, working through this text followed a reading of "RESTful Java Patterns and Best Practices", by Bhakti Mehta, which provides a bigger picture view than is typically offered by other resources concentrating on specific technologies, and is among the very few available newer texts on the subject in the 2015 marketplace. Anyone newer to REST services might want to first check out this other book as well, keeping in mind that it was written from the perspective of the JAX-RS 2.0 API rather than Spring.

After an initial introduction to REST from a conceptual perspective, the authors offer a primer on Spring Web MVC for those who are not familiar with this particular Spring component, followed by an introduction to REST services by using Spring Boot to build a first application, and the design and development of a more complex application that will be worked on in an iterative fashion throughout the rest of the book, complete with error handling, documentation, versioning, paging, sorting, security, and testing.

In addition, the last chapter presents a small chapter on Spring HATEOAS and an even smaller 3-page appendix on installing cURL on Windows. The appendix might be considered convenient for some readers, but the material offered is essentially the same as on the cURL website. While I did not work through the last two chapters (which cover testing and Spring HATEOAS), I did work through 100% of the development covered in the rest of the book (the first eight chapters and the appendix), and for the most part the content offered is phenomenal.

For the most part, the first five chapters (the first 90 of approximately 175 pages) are error-free, with a couple dozen rather small coding issues that are typically mismatches between code and accompanying explanations. While I am surprised at myself for saying so, I actually did not end up minding these issues because it forced me to work them out. The publisher offers the code for this book in a ZIP file, but I do not recommend blindly using this code, because in my experience doing so inhibits the learning process. That said, I did take a look at the code on a couple occasions when issues were insurmountable.

Although the chapter on security (Chapter 7) has a couple issues, in my opinion, such as the magical replacement of @EnableWebSecurity with @EnableWebMvcSecurity in the OAuth 2.0 example, without explaining that this needs to be done, and without explaining the difference between these annotations (the Spring documentation explains that the latter adds AuthenticationPrincipalArgumentResolver), in general this chapter is very well put together, walking the reader through 6 popular approaches used for securing REST services, it is really only the chapter on documenting REST services (chapter 6) where the reader will likely need to turn to other sources.

In my case, I turned to the Springfox Reference Documentation for its guide on setting up Swagger UI. As explained by the guide, the Springfox suite of Java libraries are all about automating the generation of machine and human readable specifications for JSON APIs. The interesting thing, however, that often happens with published technical presentations presented by individuals such as Varanasi and Belida, however, is that information can get quickly outdated. In the case at hand, Swagger is now Springfox, the Maven dependencies now require Swagger2 rather than Swagger, and some of the packages have been completely renamed.

The out-of-the-box configuration of Swagger UI is actually quite good, once you understand how to incorporate it into the project, and quite easy (only two Maven dependencies and a single annotation is all that it takes to get you going). The confusion surrounding what is now being called Springfox can be surpassed relatively quickly, and the decision by the authors to include this chapter was a good one.

As an architect, I especially appreciated Chapter 1 ("Introduction to REST") for its explanations of resources, templates, HTTP methods and status codes, Chapter 3 ("RESTful Spring") for its presentation on the three different options to generate a new Spring Boot project, where I used the command line interface (CLI), Chapter 4 ("Beginning QuickPoll Application") for tying together all of the previously explained topics into workable code that is thoroughly annotated, and Chapter 8 ("Security") for transforming the example code base to use Basic Authentication, and later OAuth 2.0 (albeit with an in-memory token store for the authentication server and resource server).