Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Jump into Java microframeworks, Part 3: Spark

Matthew Tyson | Jan. 8, 2016
An extra lightweight, flexible, and scalable architecture for single-page web apps.

Next we add a login handler, starting with this new line in"/login", (req, res) -> { return controller.login(req); });

We then update our controller, as shown in Listing 22:

Listing 22. Session management

public String login(Request req) {

		Map<String,Object> data =  mapper.readValue(req.body(), Map.class);

		// Do some login logic

		req.session().attribute("username", data.get("username"));

		return "{\"message\":\"Success!\"}";  


You'll note that the above login method is silly, with no real authentication logic. What it does do, is to show off Spark's session management API. Notice that we passed in the actual request object to the controller, and used that to add the username to the session. Now let's make use of the "authenticated" user. Listing 23 has our authorization credential check, which is added to

Listing 23. Authorization check

Spark.before((request, response) -> {

    	    boolean authenticated = request.session().attribute("username") != null;

    	    if (!authenticated && request.body().toLowerCase().contains("hendrix")) {

    	        Spark.halt(401, "Only logged in users are allowed to mess with Jimi.");



Listing 23 wouldn't cut it for a real-world application, but it demonstrates Spark's implementation of filters, which we've used to handle authorization. In this case, we add a before filter and check to see whether the user is logged in. If the user isn't logged in, they won't be allowed to submit any post with "Hendrix" in it. This ensures that unauthorized users won't be able to mess with Jimi.

You can verify the authorization mechanism by attempting to create your own Jimi Hendrix Person in the UI without a login, and then again with one.

Something else to note in Listing 23 is the Spark.halt API. This API returns an HTTP error with a specified status code; in this case it's 401, unauthorized.


Spark's API is so lean that we've covered a good percentage of its functionality in this short tutorial. If you've followed the example application since Part 1, then you've set up Spark's service and persistence layers, built a basic UI, and seen enough of Spark's authorization and authentication services to understand how they work. For very small projects, Spark is a clear winner. It makes mapping endpoints dead simple, while introducing no obstacles to building out a larger infrastructure. For a use case where you definitely wanted to use JPA and work in an IoC container, Ninja might be a better choice. But for great flexibility with a lean footprint (even on large projects) Spark is a very good bet. Of the great wealth of open-source excellence available to us as Java developers, Spark is another fine entry.

Stay tuned for the final article in this series, an in-depth introduction to Play!


Previous Page  1  2  3  4  5  6  7  8 

Sign up for CIO Asia eNewsletters.