As I've been working on this new web service layer it's becoming clearer that we need to separate our public model from our private model since we need to control serialization/deserialzation. A great example of this is the User password field. It's needed internally but should never be sent externally. The challenge we have right now is it's up to the persistence provider to annotate their objects with the proper serialization data (JAXB/JSON) so each provider could serialize/deserialize differently. There is also a challenge of deserializing into the right object type.
My suggestion is we create a separate model that is used for the web services that can be converted to the correct backend datatype. There is probably some ways to use inheritance and stuff to simplify this but I'll have to play and see what works. We'll also have to move away from the Spring OXM marshaling approach since that only works with Spring Web/MVC not JAX-RS. Does anyone have any concerns about this? Chris
