Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC JavaOne 2010 By Abdelmonaim Remani
Creative Commons Attribution-NonCommercial 3.0 Unported
Software Engineer at Overstock.com Particularly interested in technology evangelism and enterprise software development and architecture President and Founder of a number of organizations The Chico Java User Group The Chico Flex User Group, The Chico Google Technology User Group. LinkedIn Twitter Who Am I?
Warning This presentation is very long and covers a lot of material
Introduction
Complex In terms of requirements Functional Non-Functional Execution Performance Reliability Security Evolution Testability Maintainability Extendibility Scalability (Horizontal and Vertical) Enterprise Application Software (EAS)
In the words of Edsger W. Dijkstra: […] The Separation of Concerns […] is yet the only available technique for effective ordering of one’s thoughts […] Artificially Reducing complexity by means of Abstraction Specific Choices of abstraction Produces a architectures Enterprise Application Software (EAS)
The Architecture Layered / N-Tiered Presentation Layer Web Layer Service Layer Persistence Layer Aspects Middleware Other Modern Enterprise Application
A Framework is an architecture A well-defined structure to solve a problem A pre-existing hierarchy to be extended Library Framework vs. Library Invoking vs. being invoked Generic vs. specific Tools Compiler, debugger, etc… Scaffolding and other utilities Etc… Frameworks
Heavyweight vs. Lightweight The need for a platform or a stack (JEE as example) The ability to load in-demand necessary components The memory footprint The build size Deployment ease Etc… Frameworks
The Spring Framework
Application Framework Java Other implementations are available (Spring.NET) Open-Source Lightweight Non-Invasive (POJO Based) Extendible A platform with well-defined extension points for other frameworks By Rod Johnson Expert One-on-One J2EE Design and Development, 2002 J2EE without EJB, 2004 Became the De facto standard of Java Enterprise Applications What is Spring?
20 Modules Spring Source: Spring 3.0.x Framework Reference
Wrappers for most popular frameworks Allowing injection of dependencies into standard implementation Struts JSF Apache Tapestry Etc… Full Integration with the JEE stack Libraries
The Address Book
The Address Book from polymathic-coder.com A web application for Contact management The Address Book
Details: As a user I should be able to view, add, delete, and edit personal contacts data on my address book including: First Name Last Name Phone Number Image Primary Actors: Regular user / Administrator Assumptions: The user is authenticated and has proper privileges to access the Contact Management Area Access is granted both through the web interface and a RESTful API Functional Requirements Use Case 1 - Contact Management
Business Rules A First Names are required Phone Numbers must be valid US phone numbers s must be valid Functional Requirements Use Case 1 - Contact Management
Details: As an administrator I should be able to view, add, delete, and edit the user data including: Username Password Role (Regular or Administrator) Whether the account is enabled or not Primary Actors: Administrator Assumptions: The user is authenticated and has proper privileges to access the User Administration Area Access is granted through the web interface Functional Requirements Use Case 2 - User Management
Business Rules Username is required and must be unique Passwords must be complex (The should contains at least 1 lowercase letter, 1 uppercase letter, 1 digit, and 1 special character) s must be valid An must be sent to the newly created user Functional Requirements Use Case 2 - User Management
Details: As an administrator I should be able to view audit and health check reports Primary Actors: Administrator Assumptions: The user is authenticated and has proper privileges to access the Reporting Area Access is granted through the web interface The reports are periodically generated by the system Functional Requirements Use Case 3 - Reporting
RBAC (Role-based access control) Authentication Form-based Http Basic Authorization Security Roles Regular User Access to personal contact management area Administrators Access to personal contact management area Access to user administration area Access to reporting area Access Control No Rules Transport Security Not required Non-Functional Requirements Security
Spring Core
The problem: Acquiring Resources via Instantiation of a concrete class Using a static method of a singleton factory Using a Directory Services API that allows for discovery and lookup (JNDI for example) Etc.. Creates hard dependencies Coupled code is hard to reuse (DRYness) Painful Unit Testing Inversion of Control
The Solution: Coding against Interfaces Inversion of Control: Dependency Injection Reflectively supply external dependency at runtime The Hollywood principle: “Don’t call us, we’ll call you” Wait a minute this a lot of work! Spring to the rescue Inversion of Control
Container POJO Configuration Metadata XML-Based Annotation-Based Java-based Spring Core Source: Spring 3.0.x Framework Reference
JSR 330 – Dependency Injection for Java JSR 330 Spring Annotations JSR Common Annotations javax.annotation JSR 299 – Contexts and Dependency Injection Scopes and contexts: javax.context Dependency injection service: javax.inject Framework integration SPI: javax.inject.manager Event notification service: javax.event
Used to mark a class that fulfills a role or a stereotype Stereotyped classes can be automatically detected Spring Stereotypes Stereotypical Spring
Domain Model
A model of the “concepts” involved in the system and their relationships Anemic Domain Model POJOs (Plain Old Java Objects) or VOs (Value Objects) Clear separation between logic and data Parallel object hierarchies are evil Metadata is interpreted depending on the context as the object moves across the layers of the application Object-Relational mapping to persistent entities Validation Marshaling / Un-marshaling Etc… Domain Model
Ensuring the correctness of data based on a set predefined rules JSR Bean Validation Source: Hibernate Validator Reference Guide Final
javax.validation Reference Implementation: Hibernate Validator JSR Bean Validation Source: Hibernate Validator Reference Guide Final
Instantiation (Items 1 & 2 of Josh Bloch’s Effective Java) Static Factories Telescoping Provide builders Override the default implementations of hashCode(), toString(), and equals(Object) methods Use Pojomatic at Be aware of any circular dependency in your model Versioning of JSR 317 – JPA 2.0 Domain Model
Persistence Layer
A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of: Create, Read, Update, and Delete (CRUD) operations on persistence storage mechanisms such as file systems and Database Management Systems (DBMS) Interacting with Message-Oriented Middleware (MOM) infrastructures or Message Transfer Agents (MTA) such as JMS or mail servers Persistence Layer
javax.persistence Reference Implementation EclipseLink Primer A persistence entity is a POJO whose state is persisted to a table in a relational database according to predefined ORM metadata An entity is managed by an Entity Manager Do we still need a Persistence Layer? Highlights Support for JSR 303 validation JSR 317 – JPA 2.0
Beans Stereotyped Enables exception translation to a consistent exception hierarchy Run-time exceptions and do not have to be declared or caught Use JPA annotations to inject EntityManager and EntityManagerFactory Follow a convention (I suggest CRUD) Declaring transaction semantics Spring Data Access / Integration
Java Mail API javax.mail Spring Helpers for various Templating Engines Velocity FreeMarker Spring Data Access / Integration
Testing JUnit Take advantage of what JUnit 4.7 has to offer (Explore Theories, Rules, Etc…) Libraries DbUnit Dumpster Consider HADES Persistence Layer
Service Layer
A logical encapsulation of classes and interfaces that provide the system functionality consolidating Units of work. Service layer classes should be: Transactional Stateless Beans Stereotyped Follow a convention (I suggest VADER) Service Layer
Web Layer
A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of: Navigational logic Rendering page views in the proper order As simple as mapping a single URL to a single page As complex as a full work flow engine Web concerns (Request variables, session variables, HTTP methods, HTTP response codes, Etc…) should be separated from business logic Web Layer
Two types of Web Frameworks Request / Response Web Frameworks Wrap the Servlet API Adopt push model Compile result Push it out to be rendered in a view Struts, Spring MVC, Etc… Component Web Frameworks Dot only hide the Servlet API Event-driven component JSF, Tapestry, Etc… Web Layer
Spring MVC
Request / Response Web Frameworks A Front Controller Pattern One Dispatcher servlet Application Contexts Application Context Web Application Context Spring MVC
The promise Non-invasiveness Fully annotation-driven No extension of framework classes No overriding methods Controllers Beans (Spring Managed-POJOs) Stereotyped Spring MVC - Controllers
Mapping Rules By Path HTTP method Query Parameters Request Headers Spring MVC - Controllers
Handler Methods Parameters are request inputs Request data Command Objects (Domain Objects) Injection of standard objects Automatic Type Conversion Custom Type Conversion JSR 303 Support Exposing reference data to the views Spring MVC - Controllers
RESTful Spring MVC 3.0
Representational State Transfer Architectural Style Identifiable Resources Everything is a resource accessible URI Uniform Interface based on HTTP methods GET /contacts reads all contacts GET /contacts/1 reads the contact whose id is 1 POST /contactscreates a contact PUT /contacts/1updates the contact whose id is 1 DELETE /contacts/1deletes the contact whose id is 1 RESTful Architecture
Architectural Style Resource Representations Multiple data representation (MIME types) can be specified Request Accept HTTP header field or file extension Response Content-Type HTTP header field Stateless Conversion No session Scalable Loosely coupled RESTful Architecture
Annotations Spring OXM (Object-XML Mapping) Marshaling / Unmarshaling RESTful Spring
Presentation Layer
“Deciding to use Velocity or XSLT in place of an existing JSP is primarily a matter of configuration” Spring 3.0 Documentation View technologies JSP & JSTL Tiles Velocity FreeMarker XSLT JasperReports Etc… Spring MVC - Views
Views are rendered based on handler methods return or ResponseEntity Many HttpMessageConverters StringHttpMessageConverter Jaxb2RootElementHttpMessageConverter MappingJacksonHttpMessageConverter AtomFeed/RssChannelHttpMessageConverter Etc… Register your own String View Resolver and a View Spring MVC - Views
View Resolvers InternalResourceViewResolver ContentNegotiatingViewResolver BeanNameViewResolver JasperReportsViewResolver TilesViewResolver Etc… Spring MVC - Views
JSP & JSTL Spring Tag Library Spring Form Tag Library Refer to spring-form.tld Themes Overall look-and-feel of your application A collection of style sheets and images Theme resolvers I18N Spring MVC - Views
Spring Web Flow For Web Application that are More dynamic Non-linear without arbitrary end points Spring Portlet MVC A JSR 168 compliant Portlet environnent Large web application composed with subcomponents on the same web page Spring MVC Complements
Aspects
Spring AOP
OOP creates a hierarchical object model by nature Cross cutting concerns Are not necessarily a part of the application logic Occur across the object hierarchy in unrelated parts Examples Logging Security Transaction management Etc… Aspect-Oriented Programming
The Problem Code Tangling No Cohesion Code Scattering Not DRY The Solution Aspect Oriented Programming AspectJ Modulation of Aspects and weaving into the application code Aspect Oriented Programming
Spring AOP Java based AOP Framework Built on top of AspectJ Interception based Spring APO
Joint Point A point in the execution of the program Point Cut An expression that selects one or more joint point AspectJ Expression Language Advice The code to be weaved at a joint point Aspect Point Cut + Advice AOP Terminology
Annotations Before AfterReturning AfterThrowing After Around Types of Advices
Spring Security
Authentication the verification of the user identity Authorization Permissions granted to the identified user Access Control By arbitrary conditions that may depend to Attributes of clients Temporal and Local Condition Human User Detection Other Channel or Transport Security Encryption Security Terminology
Realm A Defined the authentication policy User A defined individual in the Application Server Group A defined classification of users by common traits in the Application Server. Role An abstract name of the permissions to access a particular set of resources in an application Security Terminology
Spring Security JAAS (Java Authentication and Authorization Service) jGuard Apache Shiro Available Frameworks
Security is your responsibility Features: It is not the standard No class loader authorization capabilities Simple configuration Portable across containers Customizable and extendable Pluggable authentication and web request URI security Support method interception, Single Sign-On, and Swing clients Spring Security
Authentication Form-Based Basic Digest LDAP NTLM (NT LAN Manager) SSO (Single Sign-On) JA-SIG CAS Open ID Atlassian Crowd SiteMinder X.509 Authentication
Mechanisms Interact with the user Providers Check credentials Bundles details in a Thread Local security context holder Repositories Store roles and profile info In Memory JDBC LDAP Etc… Authentication
Web Authorization URL-Based Which URL patterns and HTTP methods are allowed to be accessed by which role Method Authorization Reusable Protocol Agnostic Uses AOP Annotations Support JSR 250 Spring Security EL Authorization
Other
Job Scheduling Bulk Processing Integration Etc… Other
If you are interested in The full-source code of the Address Book Application A Step-By-Step tutorial Possibly a screen cast Go to Support Material
The Silicon Valley Spring User Group
Q & A
Thank You!