I would go for Stateless – the server can generate many instances of the bean and process incoming requests in parallel. Singleton sounds like a potential bottleneck – the default @Lock value is @Lock(WRITE) but may be changed to @Lock(READ) for the bean or individual methods.
Yes, that is sort of the difference. Except with the stateful component you can also change the state, using this.setState for example: var React = require(‘react’); var Header = React.createClass({ getInitialState: function() { return { imageSource: “mypicture.png” }; }, changeImage: function() { this.setState({imageSource: “differentpicture.png”}); }, render: function() { return( <img src={this.state.imageSource} onClick={this.changeImage.bind(this)} /> ); } … Read more
It’s a question of degree. The advantages to using a functional language for functional programming are the carrot and the stick. The carrot is that functional languages have functional syntax and semantics and come with functional libraries. The stick is that functional languages can force you to adhere to certain standards. If you do FP … Read more
My sample app does exactly this – securing REST endpoints using Spring Security in a stateless scenario. Individual REST calls are authenticated using an HTTP header. Authentication information is stored on the server side in an in-memory cache and provides the same semantics as those offered by the HTTP session in a typical web application. … Read more
OAuth tokens are explicitly a session identifier, interaction is not stateless between requests in the OAuth token negotiation protocol as the requests must be performed in a specific sequence, and they do require per-client storage on the server as you need to track things like when they were issued. So yes, OAuth does violate the … Read more
Stateless means there is no memory of the past. Every transaction is performed as if it were being done for the very first time. Stateful means that there is memory of the past. Previous transactions are remembered and may affect the current transaction. Stateless: // The state is derived by what is passed into the … Read more
Ah, I love these questions – maintaining a session without a session. I’ve seen multiple ways to do this during my stints during application assessments. One of the popular ways is the playing tennis way that you mentioned – sending the username and password in every request to authenticate the user. This, in my opinion, … Read more
I found some information about CSRF + using no cookies for authentication: https://auth0.com/blog/2014/01/07/angularjs-authentication-with-cookies-vs-token/ “since you are not relying on cookies, you don’t need to protect against cross site requests” http://angular-tips.com/blog/2014/05/json-web-tokens-introduction/ “If we go down the cookies way, you really need to do CSRF to avoid cross site requests. That is something we can forget when … Read more
Even though multiple requests can be sent over the same HTTP connection, the server does not attach any special meaning to their arriving over the same socket. That is solely a performance thing, intended to minimize the time/bandwidth that’d otherwise be spent reestablishing a connection for each request. As far as HTTP is concerned, they … Read more