Application Architecture
The generated application uses clearly separated layers (separation of concern) and patterns. This results in clear, concise and high quality code.
JPA Beans and DTO
This layer contains all JPA beans and DTO (Data Transfer Objects). Beans and DTO move data horizontally across all the layers. The JPA beans are converted to JSON objects by the REST layer and the UI layer uses the same objects as the back end.
DAO Layer
DAO (Data Access Object) layer deals with persistence and retrieval of data from the underlying database. All the common methods are abstracted to an AbstractDao class. This is a thin layer.
Service Layer
Service layer contains all functional code. Service uses Dao layer to persist and retrieve data from the database.
REST Layer
This is a thin layer and invokes the service layer. There is no business logic in this layer. It uses Jersey implementation of REST.
UI Layer
The UI layer is implemented by AngularJS and it has its own architecture including controllers, partials (html views), routers, services (rest calls) etc. All the interface to the backend are using REST calls. Since the UI runs in the client (Browser), the response time is many times better than server-side UI technologies like JSF, JSP, Struts etc.
Since UI layer and server side code interacts through REST, it possible to replace the UI with an entirely different technology. It is also possible for your existing systems integrate with application without making any changes.
Security
There is an additional generic security component packaged with the generated application. Security component also has the same layers as described above in this chapter. This is an optional component, if the customer wants authentication and authorization done by the application. It has following entities used. Security configurations can only be updated by a user with 'admin' role.
Service
the granularity of the authorization goes down to the particular service. (e.g., getCustomer, deleteCustomer etc). When a permission is associated with a service, the service becomes secured. By default none of the services are secured. You can make a service secured through the security admin pages of the application.
Permission
There is a permission for each of the services (e.g., getCustomer, deleteCustomer etc). You can assign permission to User or Role. Also permission need to be attached to service to make the service secure.
Role
Users with admin role can create any number of roles. Then roles are assigned permissions. A user can belong to multiple roles.
User
Users are assigned roles and/or permissions. A user gets all the permissions assigned to roles they have as well as directly assigned permissions. User can access any service whose permission is assigned to them either directly or through the roles.