Show HN: Java REST without annotations, DI nor reactive streams (github.com)

144 points by moring ↗ HN
grumpyrest is a Java REST server framework that does not use annotations, automatic dependency injection or reactive streams, and minimizes the use of reflection. I created this because I got fed up with annotation-mad frameworks that you cannot easily understand, step into or reason about. grumpyrest uses the type system to guide JSON mapping and validation, and (possibly virtual) threads for parallelism. It's for grumpy people who don't like what REST server programming in Java has become.

I made this because I intend to use it in one of my own projects, but at the same time I want to make it available to others to (hopefully) get some good ideas on how to extend it.

140 comments

[ 3.8 ms ] story [ 155 ms ] thread
Kudos to you for trying this. Every time I open a Java project after spending time in literally any other language I get saddened by just how...cluttered? wordy? tedious? it is...hard to find the right word, but it's not good.
Vertx is pretty good. I have two vertx services in prod without a single annotation.
I've been doing some Angular-/Nest-ish TypeScript projects, and it's basically Spring with more bugs and = signs.
As a year long spring (boot) dev, I felt right at home with angular 2+ -it‘s literally the spring framework of frontend frameworks.
I haven’t used Angular but I have used Nest and I agree with this sentiment. Java Spring’s annotations are similar to Nest’s custom decorators.
> basically Spring with more bugs and = signs

The worst parts of Spring is Spring. Nest lacks the IDE, the performance in the JVM, etc... there is nothing to gain.

Sure, other languages without semi-colons and using invisible tabs for syntax are fantastic. What I love best are magic object types where you only discover invalid type casting when running the code.

And lest we forget the fabulous unit testing for those non-tedious languages. Oh.. I forgot testing is tedious and therefore unavailable for most of those languages.

But hey, just look at that really short code without a single comment. The word you're looking for is: Fantasticc! :-)

This doesn’t describe any language or framework I’ve worked in so hard not to conclude that it’s some sort of straw man
That is what one can say about verbosity and "tedious".
That was me specifically talking about Java. You can disagree with it, but it’s certainly not a straw man.
Wouldn't this add more cluttered boilerplate? Annotations are pretty clean looking but the backlash is from the "magic" they provide, not the clutter.
Of all web frameworks, with perhaps the exception of Ruby on Rails. I really struggle with lack of documentation or the quality of documentation. And lesser popular frameworks has a lot less volunteers sharing knowledge.

Spring Boot is one of the most popular web frameworks in the world. It is by far easier to figure out how to do build something that solves business problems in Spring / Hibernate than alternatives(except maybe RoR).

For example, do you want to use Micronaut, the Spring Boot killer? Good luck fetching a collection with string type. I takes basically 2 minutes to google how do this with Spring Boot / Hibernate, and it will take you a day or two to figure out it isn't possible at all with Micronaut without writing massive amount of code that binds the results from your SQL to your objects. This is one example, and it shows the madness in web frameworks. Why are we switching frameworks that only ends up slowing us down?

Spring Framework is a big framework, that solves many problems. It may be overwhelming the first year, but with a few years experience you do not want to switch, because other frameworks lacks or has ugly hacks for many Spring Framework features.

Other advantages, massive access to experts for hire. There are literally thousands of Spring Framework developers in my area. Also, since I am an expert myself, I can share my knowledge between these people, and together we are improving our knowledge at a rate other frameworks cannot offer and this gives us a massive innovation pace that brings increased business value.

The next time I will try another web framework, I need to see that my productivity gets improved immediately. Otherwise, is just noise.

Plus it's old enough that chat gpt is quite helpful. Would be good if they could update it for spring boot 3 though.
Needs more code examples in the readme.
Thank you for the feedback. I'll keep that in mind for the next version.
Agreed, it's hard to get a sense for what using this would actually be like. Prose describing code just doesn't work for most developers, myself including.
I added a simple example to the README that shows for to build a single-endpoint API and also how to do things in JSON with the type system instead of annotations.
Moring, this is looking really simple to adopt, good work.

First question: is there maven already available for this library? Mostly to ease upgrades in the future.

Second question: what strategy would you recommend for adding https on the communication channel?

Thanks.

Hi, thanks for your feedback.

Maven integration is not there yet. Gradle makes it easy to generate a POM, but I have honestly never published anything to central, and I don't even know what is necessary for that. I have added this to my to-do list.

HTTPS is something I won't have to deal with myself, because I'll be running it in a context (Cloud Run on Google Cloud Platform) with external HTTPS termination. If you have any chance to do the same, I'd highly recommend it, because you can use standardized solutions. Other than that, the current version runs on embedded Jetty, but is actually just a servlet code-wise, so any servlet container would do. Again, this is not possible out-of-the-box (unless you don't mind cloning grumpyrest and modifying the code), but likely will be in the future. Once you can use a standard servlet container, such as Tomcat, you can just follow the normal how-tos on how to add HTTPS.

Still not clear how one is supposed to wire this to the servlet container.

You instantiate a RestApi object and then . . . . magic?

The demo code (now in subproject grumpyrest-demo) has a complete example. It works like this:

  public static class MyServlet extends RestServlet {
    public MyServlet() {
      super(buildApi());
    }
    private static RestApi buildApi() {
      RestApi api = new RestApi();
      ...
      return api;
    }
  }
It's a bit annoying right now, but that's because the servlet is supposed to be constructed by the servlet container using a no-arg constructor. I hope I can improve this in the future.
> it calls constructors to create dependency objects, and passes constructor parameters to inject them

So, basically DI. This is the recommended mode of operation of Guice & Spring.

Keep in mind that I had to cram as much useful information as possible into a single headline. The GitHub page says "without _automatic_ dependency injection". What grumpyrest does is sometimes called "poor man's DI", although this term has been discouraged because it is quite useful. The important thing is that it does not rely on any DI framework / container, and especially not on automatic construction of dependencies or annotations.
To be clear, most (all?) DI frameworks are available with plain classes without annotations. They do use reflection to figure out which parameter goes where, but that's it.

    public class Foo {
      public Foo(Bar bar, Baz baz) {}
    }
Is a perfectly valid class as far as most DI frameworks are concerned.
I don't find value in runtime DI frameworks, however I'm assuming there is a valid use case for them since they exist.
Interoperability with libraries that can be loaded at runtime, and in general skipping a build step that would make development annoying to do.
The main issue with Java-based projects (possibly using Spring) is the amount of existing resources: there are thousands/millions of example projects, code snippets, answers on StackOverflow etc. and majority of them is very old (as far as software development is considered). Even fresh resource are often using outdated techniques.

Modern Java is pretty good (although Kotlin is a bit cleaner IMO), but you should really use Spring documentation (if you are using Spring) and avoid code snippets from SO/Github.

The issues that I see with Spring aren't really code snippets from SO, but the fact that annotations drop all the advantages that Java had as a language. Just two examples:

When you create an Object of the wrong class and try to pass it to a method, you get a compile-time error. When you use the wrong annotation, nothing happens during startup of your application... but you don't even know at which point in time something should happen. Or if.

When a method you call throws an exception, you can run the application in a debugger and single-step into the method, then single-step until the exception gets thrown. This doesn't always just solve the problem but more often than not it gives you a good indication. If an exception gets thrown due to an annotation, you get an enormous stacktrace from some code you have never seen and didn't even know was run, or why it was run, from a thread you have never seen, complaining about wrong parameters that you have never seen, passed from another method you have never seen.

These is just (another) reason for avoiding Spring. Whenever I'm tempted because of XY module that looks good, I'm reminded with feedback like yours that things are still the same.

Oh well, will continue using java far away from that framework.

Another one of my favorites. When you make an API for a library it's usually pretty clear what the user can do with it. When you make an annotation API for a spring library it's evidently impossible to expect how the user will use it. Random feature of a library won't work because the context you're using their annotation in aren't compatible with whatever assumptions they made.
> you get an enormous stacktrace from some code you have never seen and didn't even know was run, or why it was run, from a thread you have never seen, complaining about wrong parameters that you have never seen, passed from another method you have never seen

Aka using a library

That's more typical of a framework than a library. This is one of the areas where the difference becomes clear: with a library, you will see your own methods in the call stack somewhere, and be able to tell what got called and why; with a framework, it's often not so simple.
Regardless, this isn't an annotations phenomenon.
(comment deleted)
I love java, and especially modern java, but I also love Ruby and python and the majority of my web dev has been in Rails.

I'm now working on a Java side project, and while typically in the past I've just done the backend in java and then used rails for the web UI and had them share a DB, I'm trying to see if I can use Java for the web part without going insane.

Part of the problem is that historically the big players in java web are HUGE enterprises that was to be able to have 50 teams all do a small part of a backend in parallel and then just deploy them all together. Thus was born the servlet API and application servers.

But there's so many assumptions and bizarre requirements that come out of trying to do this perverse form of engineering that the whole thing ends up nigh unusable for someone who could otherwise just "rails g" 85% of their project.

Jetty has always struck me as a bit of a middle man where if you want, you can do the servlet thing but it's also a production grade application framework that doesn't force you to do the java EE dance if you don't want to. Though there is some leakage. But it's a lot less magical than Spring and is also just the http server bits, not the rest of the db and view and etc.

But since virtual threads are pretty stable now, I really want to use them, and jetty is the first reasonably complete and robust option that seems to have included support for them.

So - you know how these things go. I'm currently writing an HTTP url path router that supports the rails syntax from routes.rb. And then I'm going to write a Handler implementation that wrangles all the database stuff and does convenient/terse parsing of params (like how rails folds path params, url params, and form params into a single params object) and rendering of responses (so I can render a json object without having to call Content.Sink.[...] and use gson all over the place.

It's meant to all be very non magical and you can step through the code in a debugger and not see a billion reflective invocations of methods. And I'm hoping I can make the API of my Handler convenient enough that you don't regret that it's not annotation magic-based.

Also - I know there are various attempts at easier/less annoying Java web things like vertx and such, but they a) don't support virtual threads yet, and b) many of them are small enough im worried they'll rot eventually. Jetty meanwhile isn't going anywhere.

> Also - I know there are various attempts at easier/less annoying Java web things like vertx and such, but they a) don't support virtual threads yet, and b) many of them are small enough im worried they'll rot eventually. Jetty meanwhile isn't going anywhere.

Vertx is arguably larger than Jetty or at least NOT smaller. Vertx is used by Quarkus and other Redhat/IBM projects e.g. if you use the newer Keycloak you're using Vertx. It's been around for a long time and has received constant updates.

Vertx is also 1 of the top performs of Techempower Benchmarks keeping Java in the race for those that care.

Sure, but they don't support virtual threads yet afaik.
What's the fixation on virtual threads?

Vertx performed better than a lot of frameworks without it - both in less memory and faster performance.

>When you use the wrong annotation, nothing happens during startup of your application... but you don't even know at which point in time something should happen. Or if.

Probably worth noting that this depends entirely on the annotation - they can (and many do) run at compile time, and can provide very strong safety guarantees.

Many (most? all? I dunno) of the bloated server-side DI frameworks do not do this though, and I 100% agreed that it's can be a truly awful experience.

From my personal experience, the first example doesn't really happen: thankfully I rarely see people randomly throwing annotations at methods/classes hoping one of them will stick. For most of the time annotations are self-explanatory.

However, there are some real issues with annotations in Spring/Java: - Application will sometimes run just fine without annotation processor/interceptor. Think of `@EnableScheduling` in Spring: you won't know that `@Scheduled` is not working (because of missing `@EnableScheduling`) until you observe that method is not executed. In this case static code is a clear win. - Annotation order: not all annotation processors/interceptors in Spring support specifying order. Annotation order in the code doesn't matter: it is lost during compilation. Good luck figuring out what is applied first in a method with `@Retry`, `@Transactional` and `@Cached` - will retry be executed within transaction or each retry will have its own transaction? This also is easily solved with static code instead of annotations.

As for compile-time error vs runtime-error: personally I don't really care as long as there is any error (which is not always the case in the first example) during the build/test/init/assembly phase. When I'm writing SQL queries in the code, I'm getting SQL parsing/compilation errors during application runtime - but that's fine, because I've written SQL-s against DB execution engine. When I'm writing Spark SQL job, I'm getting errors during query planning phase - and that's also fine, because I'm writing code against Spark's execution engine. Writing annotations against "annotation execution engine" (annotation processor/interceptors) doesn't seem any different or wrong in principle. Although, there are things that could be improved.

Stacktraces: there are a few additional interceptor method calls in the stacktrace when annotations are in use, however, most of the complexity comes from library/framework structure and developer's familiarity with it. Spring covers a lot of use cases thus it has its share of complexity. I'm not sure if "Spring without annotations" would be noticeably easier to work with, although I assume that feature-parity with Spring (MVC) is not a goal of this project so it probably will be easier to understand.

> From my personal experience, the first example doesn't really happen:

It happens every day, all day. Other developers don't see it, because it doesn't even compile.

> I rarely see people randomly throwing annotations at methods/classes hoping one of them will stick.

I see it, plenty, in other projects. I have done it, trying to work around an arbitrary 3rd party restriction. I can't get something to work and see some old SO and hope it applies. Look at the arcane combination and through trial-and-error figure out what is relevant...then work backwards. Sometimes you can figure out what's going on without a blog explaining the opaque behavior or the overly-simplistic documentation explaining what something does...or used to do or doesn't always in some specific set of conditions, mainly mine. All you have to know is every bit of how each annotation works and why, and how that interacts with every possible element of your compilation and runtime. This is the unrealistic state of "understanding" annotations for the vast majority of java developers...or maybe it's just me and everyone I work with.

At least we're seeing a movement towards compile time annotation processing. E.g., Micronaut, Quarkus, Dagger2.

Much better it fails at compile time.

Spring WebClient pseudo streaming interface is atrocious. Java has switch expression with pattern matching, but no, they had to create something completely perpendicular to the language. "Hey, let's reinvent a wheel, but it will be our better wheel" - and now we have a square egg.
Java programming paradigm is dead in the modern day. You needlessly write way more code that is needed, all without any benefit, relying on third party libraries for main functionalities that may or may not have egregious vulnerabilities like log4shell.

The build system also takes needlessly long, because of how many hacks it involves (Groovy being a language designed to fix Java, being used in Gradle build system which runs a whole Java VM just to compile code)

Hardware is cheap these days, developer time is more expensive. Use Node or Python.

Gradle got WAY better with Kotlin DSL. Groovy is a great scripting language with incredibly powerful runtime meta-programming features. If you used Groovy for a project, you could get an experience close to Ruby or Python.

However, Groovy is also a great scripting language with incredibly powerful runtime meta-programming features. In short, that means you're stuck inside often stripped down (Jenkins) or ill-conceived DSLs that you either know by heart, know someone who knows it, or are in for a world of hurt trying to do basically anything.

With Kotlin DSL - even though the stack got even more complex, including embedded scripting host inside embedded JVM and all that - you get auto-completion in the IDE and "go to definition". That resolves half the problem with Groovy, which is discoverability. The other half - the byzantine object model and PERL-like "there's more than 1 way to do it" - won't go away just by changing the scripting language. Still, it's better.

There's also the thing about versions and compatibility between Gradle versions, Kotlin versions, and plugins versions. Finding the right combination takes so much effort that seemingly nobody ever bother to update the build tools in projects. Unless there's a "build engineer", which sounds kind of dystopic, but after working with Gradle for half a year I have to admit that managing the builds properly is indeed a full-time job.

> Hardware is cheap these days, developer time is more expensive. Use Node or Python.

It's not that simple. Sometimes, latency matters. Sometimes you really need something to happen in 20ms. But then you won't be using Java, or what pjmpl would say, you wouldn't use the stock JVM, but something that provides AOT compilation.

There are so many dimensions you need to consider when choosing an implementation language for something, and Java can be an optimal choice in many situations. As unfortunate as I think it is, the problem is not technical, but cultural. People who started programming in Java will have this rigid, rule-based concept of what you can and cannot do. Their minds are semi-permanently stuck in Java-like mold. Since Java is so all-encompassing, they are never confronted on their beliefs. Echo chamber. Cargo culting. Prevalent in all monocultures. The problem is when they switch to another language and infect it with beliefs that stopped being well founded due to the changed circumstances. They do their best to fit the new language into Java-esque shape, no matter how pointless it seems.

Kotlin is the biggest victim of this. There's so clearly visible divide between "make Java great again" crowd vs. "it's actually a nice language, why not use it for what it is?" crowd. They produce drastically different libraries, have very different goals, and do very different projects. Different values, methods, and outcomes. In itself, it's maybe OK, but... try being stuck in the wrong camp... and stay sane.

This does nothing that important. I do detest annotation soup, but what would be more useful is to simply generate a competent rest service and client from the openai spec. There is nothing performant or magical about using Java here.

In fact the comments on performance are pretty dumb. The JIT compiler is the only source of performance in the jvm and you will never make a performance optimization that beats the JIT

Thanks for your feedback. My experience with code generation from an OpenAPI spec wasn't that great, to be honest.

The comments about performance are based on earlier experience with a similar scenario in which code generation _did_ improve performance. Mostly in that the generated code was "de-convoluted" to such an extent that the JIT could actually do its work. I'm expecting a similar thing here, especially with JSON serialization/deserialization, because of the heavy amount of reflection involved: The generated code would then no longer use reflection, but access fields and methods directly, and can therefore be optimized by the JIT.

Hey, I'd be interested in seeing what this looks like but the README.md is just a bunch of wordiness. I worked on a beanstalkd client for Node.js and Golang, here's an example of going straight to the point: https://github.com/getjackd/jackd

I'd say making a better README.md is your #1 priority.

Thanks for your feedback. The README has been criticized in another comment already, so I'll definitely take that serious.
Looks a bit like Spark - https://github.com/perwendel/spark
I don't know why this was downvoted. Spark was actually one of the alternatives I considered before I concluded that I couldn't find any framework that suits me, and started writing grumpyrest.

The main issue I had with spark was, from what I could see, the lack of good JSON support. A major part of grumpyrest is its JSON serialization/deserialization framework (it's roughly half of the whole codebase!) which applies the same principles as grumpyrest does for REST, to JSON. (I even called it grumpyjson in anticipation that I might one day break this out as a standalone project).

Now don't get me wrong, I consider Jackson a high-quality framework, and I like very much how its author takes care of even the smallest details. It's not at all like Spring. However, in making it work as I wanted there were too many things that I could not solve to my satisfaction -- I could not abstract them in a way that was truly re-usable, and every API method would have to deal with these things again. This was even more true for Gson. So in the end, I used them (Gson, to be precise) as a low-level JSON library that basically translates between a JSON AST and serialized JSON, and did the high-level mapping to application classes myself.

Hmm, a lot of my endpoints (in Spark) tend to look like

        public SomeService() {
           Spark.post("some/endpoint", this::someEndpoint, gson::toJson);
           Spark.get("another/endpoint/:id". this::anotherEndpoint, gson::toJson);
           //...
         }


        private ResponseType someEndpoint(Request request, Response response) {
           Something some = gson.fromJson(request.body(), Something.class);

           return new ResponseType(some.a, logic(some));
        }

        private ResponseType2 anotherEndpoint(Request request, Response response) {
           return new ResponseType2(otherLogic(request.param("id"));
        }
Like yeah I guess it could be have more well integrated json support, but it's not like this is heavy in boilerplate, and I do think it balances the need to occasionally access more low-level aspects of the HTTP stack well.

Not to detract from your project, of course.

Weird, usually gson is super straightforward for me. I don't think you should be working with the JSON AST. Rather, have a class that maps to the JSON, which is a DTO, and then translate that to your app layer.
I'm a dev with 10+ years professional Java experience and something more like this is what I wish Java had always had. Ignore the other commenters who are being predictably and characteristically harsh and uncharitable.
Frameworks such as Spring used to be much more like this, until the annotation hype started to kick in somewhere around 2010. I always thought this was a bad idea. Sure, annotations work nice in a small demo app, but in a large application you want to have everything explicit and under your direct control.
Spring used xml to configure that so no that similar.
The alternative was "effectively stringly-typed XML forest" that was only checked at runtime; even worse for tooling that the current annotation (and recursive/nested annotation in the case of Spring) thing modern Java is.
I think spring's giant XML config file was preferable to the annotation garbage that most people use these days. But both are shitty solutions in my book. I'm still not convinced that doing all this configuration and magic at runtime is a good idea. Most of what spring does in terms of dependency injection (and probably a bunch of configuration related things as well) should really be compile time steps. There are very few cases where you want to change the implementation of $foo at runtime, and being explicit about those few cases would be nice.
> Frameworks such as Spring used to be much more like this

Not really. Spring has always had problems with pointless complexity and turning what should be compile time errors into runtime ones. Its original schtick was DI, which you've always been able to do by just... sending dependencies in through the constructor, lol? No framework or magic needed. The emperor really has no clothes and I wish more people would admit that.

I find this article weird. Aping Sinatra is not an innovation. Java reflection is essentially zero cost after the JIt runs.

The idea of "this is what you type" to make a REST endpoint or client call is a non-starter and non-issue.

This code in any shop worth its salt has been generate for years off of metadata.

If you are typing in rest code into any language, you are holding it wrong.

> Java reflection is essentially zero cost after the JIt runs.

It is slower and it is cached so uses more memory.

In Spring apps the same reflection caches are also often duplicated many times.
All of the harm from reflection happens well before runtime.
This is quite similar to Takes (https://github.com/yegor256/takes).

I like both, look cleaner then all the annotation based ones.

I did not know Takes, and I'll definitely have a closer look. Thanks a lot!
Something that people are missing about annotations: in order to test the annotated class/method one needs to start running extra code, sometimes a lot of extra code.

Using spring as a toxic example, many things have to be tested using @SpringBootTest which is incredibly slow to start. On top of that because of the use/abuse of @MockBean tests stop being thread safe. So one ends up with slow test that need to be run sequencially. I'm working in a 'start up' that went the spring boot way and quite simple services take 15+ minutes to run all their tests, which is insane.

On top of that, annotations make it impossible/very dificcult to know what code is actually executed (and also it not possible to navigate to the code in an IDE). As I rule of thumb, I'm always happy to swap one annotation for one or two lines code.

> On top of that, annotations make it impossible/very dificcult to know what code is actually executed (and also it not possible to navigate to the code in an IDE)

I have never understood this argument. What is exactly the problem with identifying the executed code?

If you use a “dumber” imperative style framework, the way to find out what code is executed is to go-to-definition of the library code when you call it.

With an annotation-based framework, how do you do the same? You could find usages of the annotations, and then manually read the thousands of places “@GET” is referenced?

Search by usages is usually grouped by library/package, sk it is quite easy to identify the code in the framework responsible for processing it.
How do you identify the executed code? I don't even know how to start. You cannot single-step into it from the annotation, nor can you select the annotation, "go to definition" and see the code. You can "find usages" for the annotation which gives you a lot of places that may or may not be the code that gets executed.

Imagine I'm looking at a class that is annotated. What is the next step to find the code that gets executed for the annotations?

Look at the annotation classes code? That’s how I do it. It can’t be anywhere else.
1. Download the source code of the framework (one click in IDE)

2. “Find usages” on annotation/annotation properties leads you to init stage, where metamodel is usually built

3. “Find usages” on metamodel classes leads you to the implementation of the behavior defined by annotation

4. Run your code with the breakpoint inside the annotated code. Check the stack trace at the breakpoint, look at the methods and fields of the framework classes in it to validate your understanding of how it works from step 3.

The RetentionPolicy.SOURCE annotations are handled by an annotation processor at compile time, so it is a bit different, but the general idea is the same.

Some of the aspect oriented stuff like cacheable will add a proxy to the annotated bean which can break reasoning about the code.

If you inject the bean and call the method you will get caching (because you are using the proxy). If you call the method from within the bean itself however you're not using the proxy and you won't get caching.

It's stuff like this on steroids when you start mixing annotations that makes it really difficult to reason about the code.

Hehe, that specific case is probably something that most people run into at least once. I've seen several cases of it in production too, where someone refactored something years in the past and accidentally disabled the cache without anyone noticing.
I know this case. Indeed it adds some complexity in debugging and it does require that the user of such annotation understands how it works and what are the side effects. However this is probably the only case that causes so much trouble and it would deserve a dedicated compiler or IDE warning* for inexperienced engineers. There are many ways to shoot in the leg by using some tool or API incorrectly - it doesn’t mean the tool is bad.

*I would do it by introducing a new annotation:

   @ProxyImplementation
   public @interface Cacheable {}
Compiler can trigger a warning when a method invokes another method of the same class which is annotated with annotation marked as implemented by proxy.

Maybe Sonar or similar tool already does this kind of analysis.

Annotations lead to an undocumented interface. IDE's are incredibly unreliable at finding implementations from compiled libs. That is 80% of my frustration around annotations. There are no standards, no patterns, almost nothing to find details on why some annotation isn't working as expected and what it expects from the developer.
>IDE's are incredibly unreliable at finding implementations from compiled libs

It’s usually one click in IDE to download the sources of an open-source lib like Spring and one click to find the usages of the annotation in those sources (or better, reads of the properties of that annotation). I do not think it is really a big problem to find how the code works both at init and at execution stage.

Hi Ivan!

From my exprience there are multiple reasons - The main one: I've learned tons from reading code. The ability to jump into code that does X to see how it's implemented is worth a lot to me. This is something I love about the jvm ecosystem which is unfortunately not present in many other languages. - Many libraries/frameworks (Spring Data comes to mind) provide very leaky abstractions. Understanding how the underlying technology is used can make a big difference. - Address questions when the documentation is not clear enough. - And last: to discover bugs in libraries. This is not common, but it happens.

My question is rather why it seems to be so difficult? The value of learning from the source code is indeed great and in modern IDEs it is easily accessible. Ever since annotations were added to Java, I've had no problem figuring out how some frameworks use them.
You would only use @SpringBootTest at the top of the testing pyramid.

Spring Boot provides "test slices", so you'd also be using @DataJpaTest or @WebMvcTest, which run a lot faster, as they don't boot the entire application.

On the other hand, Spring is one of those frameworks that you can probably test most of your stuff without those test fixtures and just use the annotated classes as if they are plain classes.

That of course means you're limited to constructor based dependency injection (but most people should be using constructor based dependency injection, right? The @Autowired/@Inject "magic" rarely really helps anyone most of the time) and requires isolating side effects (and therefore those pesky side effect inducing annotations) from the rest of the business logic.

> Unknown properties in records cause an error too.

This kills the forward compatibility.

It’s fail fast vs fail randomly because unknown property was expected by client to be handled in a certain way. Not every case deserves forward compatibility.
> Not every case deserves forward compatibility.

REST APIs do. SOAP has the same "feature" of failing on unknown properties and it made API evolution very hard.

Java is an OOP language, and OOP is enough to implement DI in a consistent way. It's how enterprise NodeJS projects are structured, too (without frameworks like NestJS).

We might not need annotation for DI stuffs, it's an overkill.

It's always nice to see projects attempting to explore something a bit different than the status quo (which in Java's case is Spring or hopefully at least Spring Boot). Personally, I've also had good experiences with Dropwizard: https://www.dropwizard.io/en/latest/ Any smaller project will suffer at least somewhat from a lack of documentation/examples, but Dropwizard takes many packages that might be considered idiomatic in the Java ecosystem (Jetty, Jersey, Jackson, Metrics, Logback, Hibernate/JDBI3 and others) and joins them without too much hidden complexity or "magic".

In contrast, something like Spring might suffer from too many examples, many of which are outdated, no longer relevant or considered best practices, as well as there are far too many ways to get something done, leading to lots of confusion. Though the last time I used Dropwizard, I still ran into some issues with adding dependency injection (which is optional), since I had to write some of the code for that myself and couldn't find something that worked nicely enough for my needs. Otherwise it was fine, though probably could benefit from additional tooling like Spring Initializr.

Either way, anything that lets you put a breakpoint on some initialization code is worth a look in my book, vs having multiple layers of indirection and logic dictated by annotations that are not easy to debug, or even understand. That's also why I'm not necessarily the biggest fun of Laravel, Rails (convention over configuration/code) or a few other frameworks, though I acknowledge their usefulness otherwise.

It is an interesting experiment that would require some work before I would see it in my production environments. First of all, in bigger projects dependency injection is going to happen one or another way. Having all controllers implementing some simple interface and thus avoiding overhead of runtime mapping is fine. How can we map 50-100 endpoints and wire persistence etc without a god class or a lot of user code? Looks like a case for at least compile-time reflection and source level annotations (micronaut).

Second, a small suggestion: the only difference between null and empty string or any other special value is that null fails faster. Client code that is not fully aware of all allowed special cases is going to fail at some more obscure point, so user of the data model must ensure that all cases are handled adequately. Offering to null of all those cases a preferential treatment with a special class is IMO just adding verbosity to the code with longer declarations and unwrapping. I would keep only OptionalField and rename it to Maybe<T> - it does have semantics justifying a wrapper. Constructors can enforce non-null constraint and user code can handle null or other cases in a traditional way.

Thanks for your feedback.

grumpyrest is not averse to dependency injection, but rather trying to "get out of the way". In particular it does not rely on (automatic) DI. My intention is that you can totally use it in a project that has a DI framework, and at worst it should require you to write the same few lines of glue code that you would need without the DI framework, i.e. calling some constructors.

> Offering to null of all those cases a preferential treatment with a special class is IMO just adding verbosity to the code with longer declarations and unwrapping.

There was a specific reason to give null / missing fields a preferential treatment. If you use a data class like Username that wraps a String, then that class can do all the validation necessary, before the Username reaches the handler method. _Except_ for null and missing fields because the two popular JSON frameworks, Jackson and Guice, already try to bypass that class in those cases. You can configure Jackson to pass null to a Deserializer, but you still cannot distinguish null/missing because they are both a null reference at that point.

Also, AFAIK you cannot say "pass null to the Deserializer only for this type". You have to configure it for the whole ObjectMapper, which is problematic in a DI context where that same ObjectMapper gets used by a lot of code.

(comment deleted)
This misses out on the main benefit of using annotations: The associated Java code is "just Java". Testing JAX-RS endpoints is just a matter of instantiating Java objects and calling methods on them. Testing grumpyrest endpoints would require mocking the requestCycle other low-level http-oriented classes.

Here's the JAX-RS equivalent of the demo:

    public class GreetingResource {
        @POST
        @Path("/make-greeting")
        public MakeGreetingResponse greet(final MakeGreetingRequest request) {
            if (request.addendum.isPresent()) {
                return new MakeGreetingResponse("Hello, " + request.name + "! " + request.addendum.getValue());
            } else {
                return new MakeGreetingResponse("Hello, " + request.name + "!");
            }
        }
    }
This is less noisy (no explicit parseBody) and much easier to test - you can just instantiate a GreetingResource and call the method, no mocking required.
Thanks for your feedback. I'll take that into account.

You are totally right about having to mock RequestCycle, which isn't good. Furthermore, RequestCycle isn't really mockable in its current state. I'm planning to solve both problems in a future version by making it mockable, providing standard mock implementations, and removing the dependency on other web objects (such as the servlet API) from code which is just using RequestCycle.

The main point behind grumpyrest is that a lot is _not_ "just Java": While the handler method you presented is, the way it is mounted isn't, nor how dependencies are located and injected, nor how the JSON is validated and mapped to objects and back.

> the way it is mounted isn't, nor how dependencies are located and injected, nor how the JSON is validated and mapped to objects and back.

the point of a framework is to hide some of that from you. The point of abstraction is that you _should not_ have to know how the server mounts the handlers, just that it does and it does it via a contract specified in the documentation.

Should things be abstracted one step further such that the REST endpoint class merely relays the right params to a Service class. So not much to test anyway (I’m not a 100% code coverage person, I test where it makes the most sense).

This way your service can be accessed via REST as well as any other type of endpoint if you wanted (gRPC, SOAP, RMI, CORBA, etc). Defeats the point of this project but this approach has saved me a lot of work in the past when switching RPC stacks.

> the way it is mounted isn't, nor how dependencies are located and injected, nor how the JSON is validated and mapped to objects and back.

These are problems that every web application has to solve. You can use an existing framework or you can write your own. It might seem like there's a "hand-wire everything" option but in any mature system that turns into "write your own framework" as developers get tired of typing the same boilerplate over and over.

For example, I can tell you right now that the team is going to get tired of typing `requestCycle.parseBody()` at the top of almost every method. Some clever sod will eventually figure out how to use AOP to make it implicit. Just like JAX-RS.

TL;DR This is a bad example as we're mixing content construction with http service layer concepts. It should probably be more like:

    public class GreetingResource {
        @POST
        @Path("/make-greeting")
        public MakeGreetingResponse greet(final MakeGreetingRequest request) {
            return MakeGreetingResponse(Greeting(request.name, request.addendum));
        }

        public Greeting(string name, Value addendum) {
            if (addendum.isPresent()) {
                return "Hello, " + request.name + "! " + addendum.getValue();
            } else {
                return "Hello, " + request.name + "!";
            }
        }
    }
I think this is actually a little problematic. This handler is a likely location to mix http service logic with application logic and the interface exposed, via automatic parameter injection etc, implies the code in here should be application level but it's actually in the seam between then application and the http service layer.

Testing custom http service logic should involve mocking as it depends on objects and behaviours owned by the http service layer.

Code that we want to easily test for application level logic can be extracted into application level concepts.

So how do you test that the method, the path and the body parser are correct? I have had bugs in all of these three.
These are not really server-side test concerns. I know your first reaction is "WHAT?!" but hear me out.

Let's say we add some server-side tests that verify that the method is POST and the path is /make-greeting. Have we now verified that the endpoint is correct? No - because the client was in fact posting to /create-greeting.

We know the @POST and @Path annotations work; they are covered by the JAX-RS implementation tests. We can look at those annotations and know that the endpoint is a POST to /make-greeting. Testing that brings minimal value.

The test we need is something that ensures the client and server both agree on the contract. By definition that can't be a server-side test, it's an e2e test. The good news is that it doesn't have to be a complicated e2e test; it just needs to ensure the method is called once.

Maybe you're publishing a pure API? Add swagger, auto-generate the openapi spec, and diff against that. This works especially well if openapi is how you're publishing your documentation.

> and the body parser

If you're really concerned, it's pretty easy to write explicit tests for JSON serialization/deserialization. The good news is that you only need one test (or two for bidirectional) for each class. In both large and small companies I've never found this necessary.

I agree to some degree on a basic e2e plus swagger diffs, but

> The good news is that you only need one test (or two for bidirectional) for each class. In both large and small companies I've never found this necessary.

this tells me you deal with very simplistic data. You are not testing advanced alternatives (algebraic data types), required/non required fields or default values. If you did, you would need at least 2 tests per case.

No. Field optionality and the content of values are server-side concerns that can be tested by making plain-old-Java method calls to the endpoint.

The shape of serialized JSON doesn't need more than simple verification. And if you just live with default serialization (ie java format is the same as json format), it probably doesn't need to be tested at all.

Imagine an authentication endpoint that accepts either a username/password or a SSH key.

If you go the optional fields route, your parser will accept invalid combinations, for example password+ssh key.

If you go the proper alternatives way, then you need a parser with two branches that parses user/password in one way, or ssh key the other way.

You tell me simple verification is enough, hence you either have a parser that accepts bad data, or deal only with simplistic data so that the parser can't have branches.

Not being snarky at all, and saying this as a compliment, this looks like a very pythonic way of building Java services, in particular the “explicit is better than implicit” core principle.

I love this.

I thought most Python web frameworks were heavily annotation driven?
True, but Python "annotations" (we call them decorators) are a different beast and very easy to understand and examine.
This framework looks wonderful.

Some people have an aversion to "goto" statements, and Java annotations are even worse, they're a "comefrom" statement, where you end up executing code before or after your function based on this annotation, so it makes the code really annoying to follow.

Java examples which show trivial code annotated with @POST or @Path are not representative of production systems, where you may have a lot more annotations for your DOM, documentation, and in some cases, you actually have more annotation boilerplate than you have code in the handler/controller.

Having annotations interleaved within your logic makes it difficult to provide good API documentation, and it's hard to automatically refactor, because your boilerplate is interleaved with real code. With an approach like this grumpyrest, you can put all your machine generated code into a package, and simply connect it to your hand written code with a little bit of glue. It makes spec-driven development much easier.

OpenAPI is very popular, and annotation based frameworks make it more difficult to integrate with it. If you generate API docs automatically from code, as with JAX-RS, it's easy to break things by accident because nobody audits machine generated docs. If you reverse the approach, and do spec-driven development, you code review the API behavior, and the code follows, which is a better model, in my opinion. Grumpyrest looks like it makes integration with spec-driven workflows quite easy.

A word of caution to the author; if this takes off, you will be inundated with issues and PR's, since people will use this in ways you never dreamed of. I'm experiencing that kind of onslaught in something I open-sourced for Go for REST API's.

> Some people have an aversion to "goto" statements, and Java annotations are even worse, they're a "comefrom" statement, where you end up executing code before or after your function based on this annotation, so it makes the code really annoying to follow.

I like this comment so much because I would have described annotations as a "comefrom" myself... but then I probably read that somewhere and forgot about it.

> Grumpyrest looks like it makes integration with spec-driven workflows quite easy.

This is interesting to me because I always thought about it the code-first-generate-documentation way, and I always wondered if/how I can derive all the meta-data from the code which, admitted, annotations make much easier because they are statically accessible.

Doing it the spec-first way is something I should definitely consider.

> A word of caution to the author; if this takes off, you will be inundated with issues and PR's, since people will use this in ways you never dreamed of. I'm experiencing that kind of onslaught in something I open-sourced for Go for REST API's.

Thank you for the warning. Do you have any advice on how to prepare for that?

> Some people have an aversion to "goto" statements

That's because 1 of the 1st things they teach at school is that "goto" is bad, but no 1 really gets why (at the time). It just goes into their brains and this carries forward.

> Java examples which show trivial code annotated with @POST or @Path are not representative of production systems

That happens with every language though. There are disasters everywhere.

Regarding api docs, my experiences have steered me to generate-docs-from-code. The problem with writing api docs first and generate code after, is that writing api docs is a 'business' collaboration, which eventually is not done by developers. The code is a 'technical' model of that api contract. The developers are limited by the api-to-code generator and even more importantly, the limitations of the coding language.

As a result, the 'business' comes up with the api contract, discussed and approved by multiple departments and committees, before the 'technical' developers have to show it is impossible to implement with current technology.

What was it that you open sourced for Go? I'd like to take a look at it.
Annotations are a great way to get rid of boilerplate and noisy code. For instance, I find Spring @Transactional a much more effective, less bug prone and productive way of dealing with db tx vs having to manual code and handle exceptions, rollback, connections etc .. Same goes with JAX-RS.

I would choose annotations over having to code all that manually any day.

You can easily test and debug. Yes, it will cost some time to understand how aspects work and how it is all wired up, but it is worth learning.

The amount of times I’ve put or seen @Transactional in the wrong place where it was never called and silently ignored is pretty high. It always led to very long debugging sessions. Especially if you touch that code once a year.
The problem with an annotation for that is it causes people to keep transactions open for too long. It's best practice in DB programming to keep tx's open for as short a time as possible. The longer it's open the more scope for deadlocks and contention. So we never use it in our prod code. We've put all the boiler plate code for creating the transaction, error handling, retires, etc in a helper function that takes a lambda as a param (that being the code to run in the tx). That way you can only wrap the code that needs to be in the tx, without copying and pasting all the boiler plate everywhere.
Transactional is funniest shit

All that magic causes weekly questions from people about how does this work or about debugging it

>You can easily test and debug.

As easy as putting breakpoint in actual code?

> weekly questions from people about how does this work

reading the spring documentation usually help :)

I do find projects like this interesting, even if I wouldn't use it. I found the bit of the codebase I read fairly clean and easy to read. Nice work.
So you replace annotation and di with callback hell, got it