Backend code is what executes on the server side. It is written in Scala with few Java wrappers.
The backend is wired and powered by the Spring Framework. It is deployed as a web archive under JBoss application server.
GET / POST flow
- The request goes through the security interceptor before it can touch any controller. This interceptor is part of Spring Security which ensures that a user has required role to access the URL the controller is bound to.
- Every controller is also AOP proxy so the request goes through series of aspects before and after accessing its methods.
- Aspects initialize and populate required objects, set response code, store cookies, catch and report errors.
- Prior to version 1.63 there were no aspects on controllers, chain of interceptors was used instead.
- When the request reaches a controller method, the controller does whatever is necessary to generate response and send it back.
- The controller may use JSP to generate HTML page, VM template to generate JS or CSS file, load a picture or any file.
When a client sends or retrieves data, this is done with AJAX. The client sends request to the server and the server generates and sends back payload. Client chooses how to proceed based on the payload data.
Aspects and Security
- Facade divided into AOP proxy delegate and the facade itself. The reason is because DWR cannot call methods on Scala AOP proxy. Java delegate has empty methods which never execute because the invoker aspect calls the same methods on the real facade. The request goes through series of aspects before and after accessing facade methods.
- Security is implemented as an aspect, which ensures that a user has required role to access the method of the facade.
- Rest of the aspects initialize and populate required objects, validate user input, catch and report errors.
- When a command (converted from JSON by DWR) reaches a facade method, the facade does whatever is necessary to generate payload and send it back.
- The payload is then converted into JSON by DWR.