# Demo Application Architecture For the hands-on workshop labs you will be provided a complete spring mvc web server application together with a corresponding spring mvc thymeleaf web client app. **Table of Contents** * [Application Component View](#application-components) * [Server Architecture](#server-architecture) * [REST Api](#rest-api) * [Server Layers](#server-layers) * [Users and Roles](#server-users-and-roles) * [Provided application](#provided-server-application) * [Client Architecture](#client-architecture) * [Client Layers](#client-layers) * [Users and Roles](#client-users-and-roles) * [Provided application](#provided-client-application) ## Application Components The server application provides a RESTful service for administering books and users (a very *lightweight* books library). Use cases of this application are: * Administer books (Creating/editing/deleting books) * List available books * Borrow a book * Return a borrowed book * Administer library users ## Server Architecture The RESTful service for books and users is build using the Spring MVC annotation model and Spring HATEOAS. The application also contains a complete documentation for the RESTful API that is automatically generated with spring rest docs. You can find this in the directory *'build/asciidoc/html5'* after performing a full gradle build or online here: [REST API documentation](https://andifalk.github.io/cloud-native-microservices-security/api-doc.html). The initial server application is not secured at all. ### Server Layers The domain model of the server application is quite simple and just consists of *Book* and *User* models.\ The packages of the application are organized according to the different application layers: * **web**: Contains the complete RESTful service * **service**: The service classes (quite simple for workshop, usually these contain the business logic) * **data**: All domain models and repositories Each layer is organized the same way for the *book* and *user* domains. In addition there more packages with supporting functions: * **common**: Classes that are reused in multiple other packages * **config**: All spring configuration classes ### REST API To call the provided REST API you can use curl or httpie. For details on how to call the REST API please consult the [REST API documentation](https://andifalk.github.io/cloud-native-microservices-security/api-doc.html) which also provides sample requests for curl and httpie. ### Server Users and roles There are three target user roles for this application: * LIBRARY\_USER: Standard library user who can list, borrow and return his currently borrowed books * LIBRARY\_CURATOR: A curator user who can add, edit or delete books * LIBRARY\_ADMIN: An administrator user who can list, add or remove users **Important:** We will use the following users in all subsequent labs from now on: | Username | Email | Password | Role | | -------- | -------------------------- | -------- | ---------------- | | bwayne | | wayne | LIBRARY\_USER | | bbanner | | banner | LIBRARY\_USER | | pparker | | parker | LIBRARY\_CURATOR | | ckent | | kent | LIBRARY\_ADMIN | These users are automatically created and persisted upon application start. We will these users later for implementing the different authentication mechanisms. ### Provided Server application You can find the provided initial server application beneath the [lab 1 folder](https://andifalk.gitbook.io/cloud-native-microservices-security/hands-on-labs/lab1) as [library-server](https://github.com/andifalk/cloud-native-microservices-security/tree/d42239788f309efcc28eb7657b176d2968b92bc7/lab1/library-server/README.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://andifalk.gitbook.io/cloud-native-microservices-security/introduction/application-architecture.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.