Building enterprise web applications with spring 3 0 and spring 3 0 mvc
This presentation is the property of its rightful owner.
Sponsored Links
1 / 81

Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC PowerPoint PPT Presentation


  • 127 Views
  • Uploaded on
  • Presentation posted in: General

Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC. JavaOne 2010 By Abdelmonaim Remani [email protected] License. Creative Commons Attribution- NonCommercial 3.0 Unported http://creativecommons.org/licenses/by-nc/3.0 /. Who Am I?.

Download Presentation

Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Building enterprise web applications with spring 3 0 and spring 3 0 mvc

Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC

JavaOne 2010

By

AbdelmonaimRemani

[email protected]


License

License

  • Creative Commons Attribution-NonCommercial 3.0 Unported

    • http://creativecommons.org/licenses/by-nc/3.0/


Who am i

Who Am I?

  • Software Engineer at Overstock.com

  • Particularly interested in technology evangelism and enterprise software development and architecture

  • President and Founder of a number of organizations

    • The Chico Java User Group

    • The Chico Flex User Group,

    • The Chico Google Technology User Group.

  • LinkedIn

    • http://www.linkedin.com/in/polymathiccoder

  • Twitter

    • http://twitter.com/polymathiccoder


Warning

Warning

This presentation is very long and covers a lot of material


Introduction

Introduction


Enterprise application software eas

Enterprise Application Software (EAS)

  • Complex

    • In terms of requirements

      • Functional

      • Non-Functional

        • Execution

          • Performance

          • Reliability

          • Security

        • Evolution

          • Testability

          • Maintainability

          • Extendibility

          • Scalability (Horizontal and Vertical)


Enterprise application software eas1

Enterprise Application Software (EAS)

  • In the words of Edsger W. Dijkstra:

    • […] The Separation of Concerns […] is yet the only available technique for effective ordering of one’s thoughts […]

  • Artificially Reducing complexity by means of Abstraction

    • Specific Choices of abstraction

      • Produces a architectures


Modern enterprise application

Modern Enterprise Application

  • The Architecture

    • Layered / N-Tiered

      • Presentation Layer

      • Web Layer

      • Service Layer

      • Persistence Layer

    • Aspects

    • Middleware

    • Other


Frameworks

Frameworks

  • A Framework is an architecture

    • A well-defined structure to solve a problem

    • A pre-existing hierarchy to be extended

  • Library

    • Framework vs. Library

      • Invoking vs. being invoked

      • Generic vs. specific

  • Tools

    • Compiler, debugger, etc…

    • Scaffolding and other utilities

    • Etc…


Frameworks1

Frameworks

  • Heavyweight vs. Lightweight

    • The need for a platform or a stack (JEE as example)

    • The ability to load in-demand necessary components

    • The memory footprint

    • The build size

    • Deployment ease

    • Etc…


The spring framework

The Spring Framework


What is spring

What is Spring?

  • Application Framework

    • Java

      • Other implementations are available (Spring .NET)

      • Open-Source

    • Lightweight

    • Non-Invasive (POJO Based)

    • Extendible

      • A platform with well-defined extension points for other frameworks

  • By Rod Johnson

    • Expert One-on-One J2EE Design and Development, 2002

    • J2EE without EJB, 2004

  • Became the De facto standard of Java Enterprise Applications


Spring

Spring

Source: Spring 3.0.x Framework Reference

http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html

20 Modules


Libraries

Libraries

  • Wrappers for most popular frameworks

    • Allowing injection of dependencies into standard implementation

      • Struts

      • JSF

      • Apache Tapestry

      • Etc…

  • Full Integration with the JEE stack


The address book

The Address Book


The address book1

The Address Book

  • The Address Book from polymathic-coder.com

    • A web application for Contact management


Functional requirements use case 1 contact management

Functional RequirementsUse Case 1 - Contact Management

  • Details:

    • As a user I should be able to view, add, delete, and edit personal contacts data on my address book including:

      • First Name

      • Last Name

      • Email

      • Phone Number

      • Image

  • Primary Actors: Regular user / Administrator

  • Assumptions:

    • The user is authenticated and has proper privileges to access the Contact Management Area

    • Access is granted both through the web interface and a RESTful API


Functional requirements use case 1 contact management1

Functional RequirementsUse Case 1 - Contact Management

  • Business Rules

    • A First Names are required

    • Phone Numbers must be valid US phone numbers

    • Emails must be valid


Functional requirements use case 2 user management

Functional RequirementsUse Case 2 - User Management

  • Details:

    • As an administrator I should be able to view, add, delete, and edit the user data including:

      • Username

      • Password

      • Role (Regular or Administrator)

      • Whether the account is enabled or not

      • Email

  • Primary Actors: Administrator

  • Assumptions:

    • The user is authenticated and has proper privileges to access the User Administration Area

    • Access is granted through the web interface


Functional requirements use case 2 user management1

Functional RequirementsUse Case 2 - User Management

  • Business Rules

    • Username is required and must be unique

    • Passwords must be complex (The should contains at least 1 lowercase letter, 1 uppercase letter, 1 digit, and 1 special character)

    • Emails must be valid

    • An email must be sent to the newly created user


Functional requirements use case 3 reporting

Functional RequirementsUse Case 3 - Reporting

  • Details:

    • As an administrator I should be able to view audit and health check reports

  • Primary Actors: Administrator

  • Assumptions:

    • The user is authenticated and has proper privileges to access the Reporting Area

    • Access is granted through the web interface

    • The reports are periodically generated by the system


Non functional requirements security

Non-Functional Requirements Security

  • RBAC (Role-based access control)

  • Authentication

    • Form-based

    • Http Basic

  • Authorization

    • Security Roles

      • Regular User

        • Access to personal contact management area

      • Administrators

        • Access to personal contact management area

        • Access to user administration area

        • Access to reporting area

  • Access Control

    • No Rules

  • Transport Security

    • Not required


Spring core

Spring Core


Inversion of control

Inversion of Control

  • The problem:

    • Acquiring Resources via

      • Instantiation of a concrete class

      • Using a static method of a singleton factory

      • Using a Directory Services API that allows for discovery and lookup (JNDI for example)

      • Etc..

    • Creates hard dependencies

      • Coupled code is hard to reuse (DRYness)

      • Painful Unit Testing


Inversion of control1

Inversion of Control

  • The Solution:

    • Coding against Interfaces

    • Inversion of Control: Dependency Injection

      • Reflectively supply external dependency at runtime

    • The Hollywood principle: “Don’t call us, we’ll call you”

  • Wait a minute this a lot of work!

    • Spring to the rescue


Spring core1

Spring Core

Source: Spring 3.0.x Framework Reference

http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html

  • Container 

    • POJO

    • Configuration Metadata

      • XML-Based

      • Annotation-Based

      • Java-based


Jsr 330 dependency injection for java

JSR 330 – Dependency Injection for Java

Spring Annotations

@Autowire

@Qualifier

JSR 330

  • @Inject

  • @Named

  • JSR 250 -  Common Annotations

    • javax.annotation

  • JSR 299 – Contexts and Dependency Injection

    • Scopes and contexts: javax.context

    • Dependency injection service: javax.inject

    • Framework integration SPI: javax.inject.manager

    • Event notification service: javax.event


Stereotypical spring

Stereotypical Spring

  • Used to mark a class that fulfills a role or a stereotype

  • Stereotyped classes can be automatically detected

  • Spring Stereotypes

    • @Component

    • @Repository

    • @Service

    • @Controller


Domain model

Domain Model


Domain model1

Domain Model


Domain model2

Domain Model

  • A modelof the “concepts” involved in the system and their relationships

  • Anemic Domain Model

    • POJOs (Plain Old Java Objects) or VOs (Value Objects)

    • Clear separation between logic and data

  • Parallel object hierarchies are evil

    • Metadata is interpreted depending on the context as the object moves across the layers of the application

      • Object-Relational mapping to persistent entities

      • Validation

      • Marshaling / Un-marshaling

      • Etc…


Jsr 303 bean validation

JSR 303 - Bean Validation

Source: Hibernate Validator Reference Guide 4.1.0.Final

http://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/

Ensuring the correctness of data based on a set predefined rules


Jsr 303 bean validation1

JSR 303 - Bean Validation

Source: Hibernate Validator Reference Guide 4.1.0.Final

http://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/

javax.validation

Reference Implementation: Hibernate Validator


Domain model3

Domain Model

  • Instantiation (Items 1 & 2 of Josh Bloch’s Effective Java)

    • Static Factories

    • Telescoping

    • Provide builders

  • Override the default implementations of hashCode(), toString(), and equals(Object) methods

  • Use Pojomatic at http://pojomatic.sourceforge.net/

  • Be aware of any circular dependency in your model

  • Versioning

    • @Version of JSR 317 – JPA 2.0


  • Persistence layer

    Persistence Layer


    Persistence layer1

    Persistence Layer

    • A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:

      • Create, Read, Update, and Delete (CRUD) operations on persistence storage mechanisms such as file systems and Database Management Systems (DBMS)

      • Interacting with Message-Oriented Middleware (MOM) infrastructures or Message Transfer Agents (MTA) such as JMS or mail servers


    Jsr 317 jpa 2 0

    JSR 317 – JPA 2.0

    • javax.persistence

    • Reference Implementation EclipseLink

    • Primer

      • A persistence entity is a POJO whose state is persisted to a table in a relational database according to predefined ORM metadata

      • An entity is managed by an Entity Manager

        • Do we still need a Persistence Layer?

    • Highlights

      • Support for JSR 303 validation


    Spring data access integration

    Spring Data Access / Integration

    • Beans Stereotyped with @Repository

      • Enables exception translation to a consistent exception hierarchy

      • Run-time exceptions and do not have to be declared or caught

    • Use JPA annotations to inject EntityManager and EntityManagerFactory

      • @PersistenceContext

      • @PersistenceUnit

    • Follow a convention (I suggest CRUD)

    • Declaring transaction semantics

      • @Transactional


    Spring data access integration1

    Spring Data Access / Integration

    • Java Mail API

      • javax.mail

      • Spring Helpers for various Templating Engines

        • Velocity

        • FreeMarker


    Persistence layer2

    Persistence Layer

    • Testing

      • JUnit

        • Take advantage of what JUnit 4.7 has to offer (Explore Theories, Rules, Etc…)

      • Libraries

        • DbUnithttp://www.dbunit.org/

        • Dumpster http://quintanasoft.com/dumbster/

    • Consider HADES http://redmine.synyx.org/projects/show/hades


    Service layer

    Service Layer


    Service layer1

    Service Layer

    • A logical encapsulation of classes and interfaces that provide the system functionality consolidating Units of work. Service layer classes should be:

      • Transactional

      • Stateless

    • Beans Stereotyped with @Service

    • Follow a convention (I suggest VADER)


    Web layer

    Web Layer


    Web layer1

    Web Layer

    • A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:

      • Navigational logic

        • Rendering page views in the proper order

          • As simple as mapping a single URL to a single page

          • As complex as a full work flow engine

    • Web concerns (Request variables, session variables, HTTP methods, HTTP response codes, Etc…) should be separated from business logic


    Web layer2

    Web Layer

    • Two types of Web Frameworks

      • Request / Response Web Frameworks

        • Wrap the Servlet API

        • Adopt push model

          • Compile result

          • Push it out to be rendered in a view

        • Struts, Spring MVC, Etc…

      • Component Web Frameworks

        • Dot only hide the Servlet API

        • Event-driven component

        • JSF, Tapestry, Etc…


    Spring mvc

    Spring MVC


    Spring mvc1

    Spring MVC

    • Request / Response Web Frameworks

  • A Front Controller Pattern

    • One Dispatcher servlet

    • Application Contexts

      • Application Context

      • Web Application Context


  • Spring mvc controllers

    Spring MVC - Controllers

    • The promise Non-invasiveness

      • Fully annotation-driven

      • No extension of framework classes

        • No overriding methods

  • Controllers

    • Beans (Spring Managed-POJOs) Stereotyped with @Controller


  • Spring mvc controllers1

    Spring MVC - Controllers

    • Mapping Rules

      • @RequestMapping

      • By

        • Path

        • HTTP method

        • Query Parameters

        • Request Headers


    Spring mvc controllers2

    Spring MVC - Controllers

    • Handler Methods

      • Parameters are request inputs

        • Request data

          • @RequestParam

          • @PathVariable

          • @RequestHeader

          • @CookieValue

        • Command Objects (Domain Objects)

        • Injection of standard objects

    • Automatic Type Conversion

      • Custom Type Conversion

    • JSR 303 Support

      • @Valid

    • Exposing reference data to the views

      • @ModelAttribute


    Restful spring mvc 3 0

    RESTfulSpring MVC 3.0


    Restful architecture

    RESTful Architecture

    • Representational State Transfer

    • Architectural Style

      • Identifiable Resources

        • Everything is a resource accessible URI

      • Uniform Interface based on HTTP methods

        • GET /contacts reads all contacts

        • GET /contacts/1 reads the contact whose id is 1

        • POST /contactscreates a contact

        • PUT /contacts/1updates the contact whose id is 1

        • DELETE /contacts/1deletes the contact whose id is 1


    Restful architecture1

    RESTful Architecture

    • Architectural Style

      • Resource Representations

        • Multiple data representation (MIME types) can be specified

          • Request

            • Accept HTTP header field or file extension

          • Response

            • Content-Type HTTP header field

      • Stateless Conversion

        • No session

          • Scalable

          • Loosely coupled


    Restful spring

    RESTful Spring

    • Annotations

      • @RequestMapping

      • @PathVariable

      • @RequestBody

      • @ResponceBody

    • Spring OXM (Object-XML Mapping)

      • Marshaling / Unmarshaling


    Presentation layer

    Presentation Layer


    Spring mvc views

    Spring MVC - Views

    • “Deciding to use Velocity or XSLT in place of an existing JSP is primarily a matter of configuration” Spring 3.0 Documentation

    • View technologies

      • JSP & JSTL

      • Tiles

      • Velocity

      • FreeMarker

      • XSLT

      • JasperReports

      • Etc…


    Spring mvc views1

    Spring MVC - Views

    • Views are rendered based on handler methods return

      • @ResponseBody or ResponseEntity<T>

        • Many HttpMessageConverters

          • StringHttpMessageConverter

          • Jaxb2RootElementHttpMessageConverter

          • MappingJacksonHttpMessageConverter

          • AtomFeed/RssChannelHttpMessageConverter

          • Etc…

        • Register your own

      • String

        • View Resolver and a View


    Spring mvc views2

    Spring MVC - Views

    • View Resolvers

      • InternalResourceViewResolver

      • ContentNegotiatingViewResolver

      • BeanNameViewResolver

      • JasperReportsViewResolver

      • TilesViewResolver

      • Etc…


    Spring mvc views3

    Spring MVC - Views

    • JSP & JSTL

      • Spring Tag Library

      • Spring Form Tag Library

        • Refer to spring-form.tld

    • Themes

      • Overall look-and-feel of your application

      • A collection of style sheets and images

      • <spring:theme />

      • Theme resolvers

    • I18N


    Spring mvc complements

    Spring MVC Complements

    • Spring Web Flow

      • For Web Application that are

        • More dynamic

        • Non-linear without arbitrary end points

    • Spring Portlet MVC

      • A JSR 168 compliant Portlet environnent

      • Large web application composed with subcomponents on the same web page


    Aspects

    Aspects


    Spring aop

    Spring AOP


    Aspect oriented programming

    Aspect-Oriented Programming

    • OOP creates a hierarchical object model by nature

    • Cross cutting concerns

      • Are not necessarily a part of the application logic

      • Occur across the object hierarchy in unrelated parts

      • Examples

        • Logging

        • Security

        • Transaction management

        • Etc…


    Aspect oriented programming1

    Aspect Oriented Programming

    • The Problem

      • Code Tangling

        • No Cohesion

      • Code Scattering

        • Not DRY

    • The Solution

      • Aspect Oriented Programming

        • AspectJ

      • Modulation of Aspects and weaving into the application code


    Spring apo

    Spring APO

    • Spring AOP

      • Java based AOP Framework

      • Built on top of AspectJ

      • Interception based


    Aop terminology

    AOP Terminology

    • Joint Point

      • A point in the execution of the program

    • Point Cut

      • An expression that selects one or more joint point

      • AspectJ Expression Language

    • Advice

      • The code to be weaved at a joint point

    • Aspect

      • Point Cut + Advice


    Types of advices

    Types of Advices

    • Annotations

      • Before

      • AfterReturning

      • AfterThrowing

      • After

      • Around


    Spring security

    Spring Security


    Security terminology

    Security Terminology

    • Authentication

      • the verification of the user identity

    • Authorization

      • Permissions granted to the identified user

    • Access Control

      • By arbitrary conditions that may depend to

        • Attributes of clients

        • Temporal and Local Condition

        • Human User Detection

        • Other

    • Channel or Transport Security

      • Encryption


    Security terminology1

    Security Terminology

    • Realm

      • A Defined the authentication policy

    • User

      • A defined individual in the Application Server

    • Group

      • A defined classification of users by common traits in the Application Server.

    • Role

      • An abstract name of the permissions to access a particular set of resources in an application


    Available frameworks

    Available Frameworks

    • Spring Security

    • JAAS (Java Authentication and Authorization Service)

      • jGuard

    • Apache Shiro


    Spring security1

    Spring Security

    • Security is your responsibility

    • Features:

      • It is not the standard

      • No class loader authorization capabilities

      • Simple configuration

      • Portable across containers

      • Customizable and extendable

      • Pluggable authentication and web request URI security

      • Support method interception, Single Sign-On, and Swing clients


    Authentication

    Authentication

    • Authentication

      • Form-Based

      • Basic

      • Digest

      • LDAP

      • NTLM (NT LAN Manager)

      • SSO (Single Sign-On)

        • JA-SIG CAS

        • Open ID

        • Atlassian Crowd

        • SiteMinder

        • X.509


    Authentication1

    Authentication

    • Mechanisms

      • Interact with the user

    • Providers

      • Check credentials

      • Bundles details in a Thread Local security context holder

    • Repositories

      • Store roles and profile info

        • In Memory

        • JDBC

        • LDAP

        • Etc…


    Authorization

    Authorization

    • Web Authorization

      • URL-Based

        • Which URL patterns and HTTP methods are allowed to be accessed by which role

    • Method Authorization

      • Reusable

        • Protocol Agnostic

      • Uses AOP

      • Annotations Support

        • JSR 250

        • Spring @Secured

        • Spring Security EL


    Other

    Other


    Other1

    Other

    Job Scheduling

    Bulk Processing

    Integration

    Etc…


    Support material

    Support Material

    • If you are interested in

      • The full-source code of the Address Book Application

      • A Step-By-Step tutorial

      • Possibly a screen cast

    • Go to

      http://bit.ly/ad4VGh


    The silicon valley spring user group

    The Silicon Valley Spring User Group

    http://www.meetup.com/sv-sug


    Building enterprise web applications with spring 3 0 and spring 3 0 mvc

    Q & A


    Thank you

    Thank You!


  • Login