Post on 12-Jan-2015
description
Building Enterprise Web Applications with Spring 3.0
and Spring 3.0 MVC
JavaOne 2010
ByAbdelmonaim Remani
abdelmonaim.remani@gmail.com
Creative Commons Attribution-NonCommercial 3.0 Unported http://creativecommons.org/licenses/by-nc/3.0/
License
Software Engineer at Overstock.com Particularly interested in technology evangelism and
enterprise software development and architecture President and Founder of a number of organizations
The Chico Java User Group The Chico Flex User Group, The Chico Google Technology User Group.
LinkedIn http://www.linkedin.com/in/polymathiccoder
Twitter http://twitter.com/polymathiccoder
Who Am I?
WarningThis presentation is very long and covers a lot of
material
Introduction
Complex In terms of requirements
Functional Non-Functional
Execution Performance Reliability Security
Evolution Testability Maintainability Extendibility Scalability (Horizontal and Vertical)
Enterprise Application Software (EAS)
In the words of Edsger W. Dijkstra: […] The Separation of Concerns […] is yet the
only available technique for effective ordering of one’s thoughts […]
Artificially Reducing complexity by means of Abstraction Specific Choices of abstraction
Produces a architectures
Enterprise Application Software (EAS)
The Architecture Layered / N-Tiered
Presentation Layer Web Layer Service Layer Persistence Layer
Aspects Middleware Other
Modern Enterprise Application
A Framework is an architecture A well-defined structure to solve a problem A pre-existing hierarchy to be extended
Library Framework vs. Library
Invoking vs. being invoked Generic vs. specific
Tools Compiler, debugger, etc… Scaffolding and other utilities Etc…
Frameworks
Heavyweight vs. Lightweight The need for a platform or a stack (JEE as
example) The ability to load in-demand necessary
components The memory footprint The build size Deployment ease Etc…
Frameworks
The Spring Framework
Application Framework Java
Other implementations are available (Spring .NET) Open-Source Lightweight Non-Invasive (POJO Based) Extendible
A platform with well-defined extension points for other frameworks By Rod Johnson
Expert One-on-One J2EE Design and Development, 2002 J2EE without EJB, 2004
Became the De facto standard of Java Enterprise Applications
What is Spring?
20 Modules
Spring
Source: Spring 3.0.x Framework Referencehttp://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html
Wrappers for most popular frameworks Allowing injection of dependencies into
standard implementation Struts JSF Apache Tapestry Etc…
Full Integration with the JEE stack
Libraries
The Address Book
The Address Book from polymathic-coder.com A web application for Contact management
The Address Book
Details: As a user I should be able to view, add, delete, and edit personal
contacts data on my address book including: First Name Last Name Email Phone Number Image
Primary Actors: Regular user / Administrator Assumptions:
The user is authenticated and has proper privileges to access the Contact Management Area
Access is granted both through the web interface and a RESTful API
Functional RequirementsUse Case 1 - Contact Management
Business Rules A First Names are required Phone Numbers must be valid US phone
numbers Emails must be valid
Functional RequirementsUse Case 1 - Contact Management
Details: As an administrator I should be able to view, add, delete, and edit
the user data including: Username Password Role (Regular or Administrator) Whether the account is enabled or not Email
Primary Actors: Administrator Assumptions:
The user is authenticated and has proper privileges to access the User Administration Area
Access is granted through the web interface
Functional RequirementsUse Case 2 - User Management
Business Rules Username is required and must be unique Passwords must be complex (The should
contains at least 1 lowercase letter, 1 uppercase letter, 1 digit, and 1 special character)
Emails must be valid An email must be sent to the newly created
user
Functional RequirementsUse Case 2 - User Management
Details: As an administrator I should be able to view audit
and health check reports Primary Actors: Administrator Assumptions:
The user is authenticated and has proper privileges to access the Reporting Area
Access is granted through the web interface The reports are periodically generated by the
system
Functional RequirementsUse Case 3 - Reporting
RBAC (Role-based access control) Authentication
Form-based Http Basic
Authorization Security Roles
Regular User Access to personal contact management area
Administrators Access to personal contact management area Access to user administration area Access to reporting area
Access Control No Rules
Transport Security Not required
Non-Functional Requirements Security
Spring Core
The problem: Acquiring Resources via
Instantiation of a concrete class Using a static method of a singleton factory Using a Directory Services API that allows for
discovery and lookup (JNDI for example) Etc..
Creates hard dependencies Coupled code is hard to reuse (DRYness) Painful Unit Testing
Inversion of Control
The Solution: Coding against Interfaces Inversion of Control: Dependency Injection
Reflectively supply external dependency at runtime
The Hollywood principle: “Don’t call us, we’ll call you”
Wait a minute this a lot of work! Spring to the rescue
Inversion of Control
Container POJO Configuration Metadata
XML-Based Annotation-Based Java-based
Spring Core
Source: Spring 3.0.x Framework Referencehttp://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html
JSR 330 – Dependency Injection for Java
JSR 330 @Inject @Named
Spring Annotations @Autowire @Qualifier
JSR 250 - Common Annotations javax.annotation
JSR 299 – Contexts and Dependency Injection Scopes and contexts: javax.context Dependency injection service: javax.inject Framework integration SPI: javax.inject.manager Event notification service: javax.event
Used to mark a class that fulfills a role or a stereotype
Stereotyped classes can be automatically detected
Spring Stereotypes @Component @Repository @Service @Controller
Stereotypical Spring
Domain Model
Domain Model
A model of the “concepts” involved in the system and their relationships
Anemic Domain Model POJOs (Plain Old Java Objects) or VOs (Value Objects) Clear separation between logic and data
Parallel object hierarchies are evil Metadata is interpreted depending on the context as the
object moves across the layers of the application Object-Relational mapping to persistent entities Validation Marshaling / Un-marshaling Etc…
Domain Model
Ensuring the correctness of data based on a set predefined rules
JSR 303 - Bean Validation
Source: Hibernate Validator Reference Guide 4.1.0.Finalhttp://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/
javax.validation Reference Implementation: Hibernate
Validator
JSR 303 - Bean Validation
Source: Hibernate Validator Reference Guide 4.1.0.Finalhttp://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/
Instantiation (Items 1 & 2 of Josh Bloch’s Effective Java) Static Factories Telescoping Provide builders
Override the default implementations of hashCode(), toString(), and equals(Object) methods Use Pojomatic at http://pojomatic.sourceforge.net/
Be aware of any circular dependency in your model Versioning
@Version of JSR 317 – JPA 2.0
Domain Model
Persistence Layer
A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of: Create, Read, Update, and Delete (CRUD)
operations on persistence storage mechanisms such as file systems and Database Management Systems (DBMS)
Interacting with Message-Oriented Middleware (MOM) infrastructures or Message Transfer Agents (MTA) such as JMS or mail servers
Persistence Layer
javax.persistence Reference Implementation EclipseLink Primer
A persistence entity is a POJO whose state is persisted to a table in a relational database according to predefined ORM metadata
An entity is managed by an Entity Manager Do we still need a Persistence Layer?
Highlights Support for JSR 303 validation
JSR 317 – JPA 2.0
Beans Stereotyped with @Repository Enables exception translation to a consistent exception
hierarchy Run-time exceptions and do not have to be declared or caught
Use JPA annotations to inject EntityManager and EntityManagerFactory @PersistenceContext @PersistenceUnit
Follow a convention (I suggest CRUD) Declaring transaction semantics
@Transactional
Spring Data Access / Integration
Java Mail API javax.mail Spring Helpers for various Templating Engines
Velocity FreeMarker
Spring Data Access / Integration
Testing JUnit
Take advantage of what JUnit 4.7 has to offer (Explore Theories, Rules, Etc…)
Libraries DbUnit http://www.dbunit.org/ Dumpster http://quintanasoft.com/dumbster/
Consider HADES http://redmine.synyx.org/projects/show/hades
Persistence Layer
Service Layer
A logical encapsulation of classes and interfaces that provide the system functionality consolidating Units of work. Service layer classes should be: Transactional Stateless
Beans Stereotyped with @Service Follow a convention (I suggest VADER)
Service Layer
Web Layer
A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of: Navigational logic
Rendering page views in the proper order As simple as mapping a single URL to a single page As complex as a full work flow engine
Web concerns (Request variables, session variables, HTTP methods, HTTP response codes, Etc…) should be separated from business logic
Web Layer
Two types of Web Frameworks Request / Response Web Frameworks
Wrap the Servlet API Adopt push model
Compile result Push it out to be rendered in a view
Struts, Spring MVC, Etc… Component Web Frameworks
Dot only hide the Servlet API Event-driven component JSF, Tapestry, Etc…
Web Layer
Spring MVC
Request / Response Web Frameworks A Front Controller Pattern
One Dispatcher servlet Application Contexts
Application Context Web Application Context
Spring MVC
The promise Non-invasiveness Fully annotation-driven No extension of framework classes
No overriding methods
Controllers Beans (Spring Managed-POJOs) Stereotyped
with @Controller
Spring MVC - Controllers
Mapping Rules @RequestMapping By
Path HTTP method Query Parameters Request Headers
Spring MVC - Controllers
Handler Methods Parameters are request inputs
Request data @RequestParam @PathVariable @RequestHeader @CookieValue
Command Objects (Domain Objects) Injection of standard objects
Automatic Type Conversion Custom Type Conversion
JSR 303 Support @Valid
Exposing reference data to the views @ModelAttribute
Spring MVC - Controllers
RESTful Spring MVC 3.0
Representational State Transfer Architectural Style
Identifiable Resources Everything is a resource accessible URI
Uniform Interface based on HTTP methods GET /contacts reads all contacts GET /contacts/1 reads the contact whose id is 1 POST /contacts creates a contact PUT /contacts/1 updates the contact whose id is 1 DELETE /contacts/1 deletes the contact whose id is 1
RESTful Architecture
Architectural Style Resource Representations
Multiple data representation (MIME types) can be specified Request
Accept HTTP header field or file extension Response
Content-Type HTTP header field
Stateless Conversion No session
Scalable Loosely coupled
RESTful Architecture
Annotations @RequestMapping @PathVariable @RequestBody @ResponceBody
Spring OXM (Object-XML Mapping) Marshaling / Unmarshaling
RESTful Spring
Presentation Layer
“Deciding to use Velocity or XSLT in place of an existing JSP is primarily a matter of configuration” Spring 3.0 Documentation
View technologies JSP & JSTL Tiles Velocity FreeMarker XSLT JasperReports Etc…
Spring MVC - Views
Views are rendered based on handler methods return @ResponseBody or ResponseEntity<T>
Many HttpMessageConverters StringHttpMessageConverter Jaxb2RootElementHttpMessageConverter MappingJacksonHttpMessageConverter AtomFeed/RssChannelHttpMessageConverter Etc…
Register your own String
View Resolver and a View
Spring MVC - Views
View Resolvers InternalResourceViewResolver ContentNegotiatingViewResolver BeanNameViewResolver JasperReportsViewResolver TilesViewResolver Etc…
Spring MVC - Views
JSP & JSTL Spring Tag Library Spring Form Tag Library
Refer to spring-form.tld Themes
Overall look-and-feel of your application A collection of style sheets and images <spring:theme /> Theme resolvers
I18N
Spring MVC - Views
Spring Web Flow For Web Application that are
More dynamic Non-linear without arbitrary end points
Spring Portlet MVC A JSR 168 compliant Portlet environnent Large web application composed with
subcomponents on the same web page
Spring MVC Complements
Aspects
Spring AOP
OOP creates a hierarchical object model by nature Cross cutting concerns
Are not necessarily a part of the application logic Occur across the object hierarchy in unrelated parts Examples
Logging Security Transaction management Etc…
Aspect-Oriented Programming
The Problem Code Tangling
No Cohesion Code Scattering
Not DRY The Solution
Aspect Oriented Programming AspectJ
Modulation of Aspects and weaving into the application code
Aspect Oriented Programming
Spring AOP Java based AOP Framework Built on top of AspectJ Interception based
Spring APO
Joint Point A point in the execution of the program
Point Cut An expression that selects one or more joint point AspectJ Expression Language
Advice The code to be weaved at a joint point
Aspect Point Cut + Advice
AOP Terminology
Annotations Before AfterReturning AfterThrowing After Around
Types of Advices
Spring Security
Authentication the verification of the user identity
Authorization Permissions granted to the identified user
Access Control By arbitrary conditions that may depend to
Attributes of clients Temporal and Local Condition Human User Detection Other
Channel or Transport Security Encryption
Security Terminology
Realm A Defined the authentication policy
User A defined individual in the Application Server
Group A defined classification of users by common traits in
the Application Server. Role
An abstract name of the permissions to access a particular set of resources in an application
Security Terminology
Spring Security JAAS (Java Authentication and Authorization
Service) jGuard
Apache Shiro
Available Frameworks
Security is your responsibility Features:
It is not the standard No class loader authorization capabilities Simple configuration Portable across containers Customizable and extendable Pluggable authentication and web request URI security Support method interception, Single Sign-On, and
Swing clients
Spring Security
Authentication Form-Based Basic Digest LDAP NTLM (NT LAN Manager) SSO (Single Sign-On)
JA-SIG CAS Open ID Atlassian Crowd SiteMinder X.509
Authentication
Mechanisms Interact with the user
Providers Check credentials Bundles details in a Thread Local security context holder
Repositories Store roles and profile info
In Memory JDBC LDAP Etc…
Authentication
Web Authorization URL-Based
Which URL patterns and HTTP methods are allowed to be accessed by which role
Method Authorization Reusable
Protocol Agnostic Uses AOP Annotations Support
JSR 250 Spring @Secured Spring Security EL
Authorization
Other
Job Scheduling Bulk Processing Integration Etc…
Other
If you are interested in The full-source code of the Address Book
Application A Step-By-Step tutorial Possibly a screen cast
Go to
http://bit.ly/ad4VGh
Support Material
The Silicon Valley Spring User Group
http://www.meetup.com/sv-sug
Q & A
Thank You!