JSR 371 (MVC 1.0)

What’s “popular” changes all the time and specifically server and client side has risen and fallen in popularity many times before.

A (from Florian Hirsch): I don’t think that the current SPA trend will last for long and it makes sense to be prepared when the trend goes back to the server 😉 Java EE has a great framework for building RESTful services but if you want to build a RESTful website you don’t get too much support. I think there’s definitely a need for a such a framework.

A (from Christian Kaltepoth): I absolutely agree that server-side rendered web frameworks have quite some advantages over the SPA approach.

I definitely agree that we need more examples like the javaee7-samples and more documentation.

A (from Christian Kaltepoth): I agree with Florian that we should provide more sample applications. That will help people to get started.

A (from Florian Hirsch): If you have a JAX-RS resource which returns a list of customers you can easily return them as JSON, XML or plain text depending on the Accept header of the client. If the client requests text/html you need to render HTML which is more than a data representation and can’t be easily done by a JAX-RS MessageBodyWriter. MVC will fill this gap. I would not like it to use two classes for the same resource just to support different Content Types.

A (from Christian Kaltepoth): I actually like being able to combine all the server side code related to a single page in a single class which handles the HTML rendering AND the ajax requests. Of cause this only makes sense if the class doesn’t get too big. For more complex use cases splitting the code into MVC controllers and JAX-RS resources (for ajax stuff) definitely makes sense.

A (from Ivar Grimstad): Agree. It is all about flexibility. The specification should not dictate how application developers should structure their apps. Whether it is a good idea or not to have hybrid controllers are up to the users of the API.

“[…] In general, the toString method returns a string that “textually represents” this object. The result should be a concise but informative representation that is easy for a person to read. […]”

Isn’t (ab)using the toString method for ‘other Java types’ to get a view path a violation of this contract?

• Use Java enums for type safe navigation like implemented in Apache DeltaSpike and its type safe view config
• The use of builder-like classes that provide a more fluent way to build view names and/or redirection URLs.

A (from Florian Hirsch): The idea was to allow to use enums for view names. An example can be found in the mvc-toolbox:https://github.com/mvc-toolbox/mvc-toolbox/wiki/Type-safe-Views

Would it help if we add more explanation why toString is used?

A (from Christian Kaltepoth): It is interesting that you are mentioning this. Especially because I got similar feedback in the past.

The reason for this was to allow a bit more flexibility as it provides a simple way to add support for other types returned from the controller (like the enums Florian mentioned). Actually we have only two choices. Either the spec mandates that the MVC implementation will throw an exception if some other type is returned from a controller or we try to handle other types gracefully which even provides a very simple way of extending the return type processing.

BTW: JSF does it the same way. The specification states that toString() is called on the result returned from an action method. But actually everyone just returns a string and only a few people know that the spec supports other return types.

• Why allow void methods at all? Isn’t is strange to substitute an actual return type with an annotation?
• When non-void methods return anything other than a valid view path, the behaviour is not specified (Ozark seems to return a 404 status code). Why create a special case for a null value?

A (from Christian Kaltepoth): +1 for changing the sentence like suggested!

A (from Ivar Grimstad): +1

A (from Christian Kaltepoth): I think most JAX-RS applications use exception mappers for reporting errors to the user. The special case for MVC is basically that web applications typically need to render just a standard response (which is the HTML page) in this case. In JAX-RS you will actually never want to send a 200 status code with the standard response in case of invalid input parameters.

But that’s just my view. Anyone else has a different opinion?

A (from Ivar Grimstad): I agree, the fine grained control does not make much sense for JAX-RS.

A (from Florian Hirsch): When a constraint violation occurs you have to decide how to proceed: show the form again with error messages, redirect to another page where missing data can be created, redirect to an error page etc.

With JAX-RS you return the constraint violations to the client and he decides how to proceed. That’s why it’s usually enough to have one place for mapping constraint violations to a format the client can read. For MVC this does not work as we are the client and how a violated @NotNull should be handled varies.

However there may be use cases where you also want more control in JAX-RS: Wouldn’t it be nice to additionally return a link where a user can create a billing address instead of just the message “billing address must not be null”?

A (from Christian Kaltepoth): I agree that escaping characters is typically performed by the corresponding MessageBodyWriter. Not sure about the CSRF case to be honest.

A (from Ivar Grimstad): Not sure about CSRF for JAX-RS either. If someone could come up with a nice example where it makes sense, it would be welcome.

A (from Florian Hirsch): Here’s an explanation when a JSON WebService can be prone to CSRF attacks:http://stackoverflow.com/a/11024387/1353722