This document provides an overview of the Spring Framework, including its core modules, advantages, and requirements for usage. It discusses the Spring runtime environment and modules for core container functionality, data access, web functionality, testing, and aspects/instrumentation. It also covers configuration through Maven dependencies, Java classes, XML files, and web.xml. Finally, it introduces Spring Security modules, the interaction flow, and configurations for security including the web.xml, password encoding, CSRF protection, Spring XML, and authentication providers.
2. Context
Introduction to Spring Framework
Spring Framework Runtime
Advantages of using Spring
Requirements
Maven Dependency
Java Class
XML File
Spring-Web.xml
Integration Testing
Spring Security
Spring Security Modules
4. Introduction to Spring
Framework
Spring Framework is a Java platform
that provides support for developing
Java Application
Spring enables you to build
applications from POJO(plain old
Java objects) and to apply enterprise
service to non-invasively POJO’s.
5. Spring Framework
Runtime
Data access Web
Core Container
Test
JBDC ORM
OXM JMS
Transactions
WebSocket Servlet
Web Portlet
AOP Aspects Instrumentation
Messagin
g
Beans Core Context SpEL
6. Spring Framework
Runtime[Conti..]
CORE CONTAINER:-
The spring-core and spring-beans modules provide the fundamental parts of the framework, including
the IoC and Dependency Injection features.
The spring-context module builds on the solid base provided by the Core and Beans modules, it
means to access objects in a framework-style manner that is similar to a JNDI registry.
The spring-expression module provides a powerful Expression Language for querying and
manipulating an object graph at runtime.
AOP and Instrumentation:-
The spring-aop module provides an AOP Alliance-compliant aspect-oriented programming
implementation allowing you to define, for example, method interceptors and pointcuts to cleanly
decouple code that implements functionality that should be separated.
The separate spring-aspects module provides integration with AspectJ.
The spring-instrument module provides class instrumentation support and classloader
implementations to be used in certain application servers.
Messaging:-
Spring Framework 4 includes a spring-messaging module with key abstractions from the Spring
Integration project such as Message, MessageChannel, MessageHandler, and others to serve as a
foundation for messaging-based applications.
7. Spring Framework
Runtime[Conti..]DATA ACCESS:-
The Data Access/Integration layer consists of the JDBC, ORM, OXM, JMS, and Transaction
modules.
The spring-jdbc module provides a JDBC-abstraction layer that removes the need to do tedious
JDBC coding and parsing of database-vendor specific error codes.
The spring-tx module supports programmatic and declarative transaction management for
classes that implement special interfaces and for all your POJOs (Plain Old Java Objects).
The spring-orm module provides integration layers for popular object-relational mapping APIs,
including JPA, JDO, and Hibernate.
The spring-jms module (Java Messaging Service) contains features for producing and consuming
messages.
WEB:-
The spring-web module provides basic web-oriented integration.
The spring-webmvc module contains Spring’s model-view-controller (MVC) and REST Web
Services implementation for web applications. Spring’s MVC framework provides a clean
separation between domain model code and web forms and integrates with all of the other
features of the Spring Framework.
The spring-webmvc-portlet module provides the MVC implementation to be used in a Portlet
environment and mirrors the functionality of the spring-webmvc module.
TEST:-
The spring-test module supports the unit testing and integration testing of Spring components
with JUnit or TestNG. It provides consistent loading of Spring ApplicationContexts and caching of
15. Test Class
package com.model;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
public class Test {
public static void main(String[] args) {
Resource resource = new ClassPathResource("context.xml");
BeanFactory factory = new XmlBeanFactory(resource);
Phone phone = (Phone)factory.getBean("phonebean");
phone.display();
}
}
19. Spring Security
Spring security is the highly customizable authentication and
access-control framework.
The main focus of spring security is on Authentication and
Authorization:
Where authentication is the process of establishing a principal (user) who
claim to be
Where authorization is the process of deciding whether the logged in principal
(user) allowed to perform a certain actions.
20. Spring Security
Modules
Core – This module contains the APIs for basic authentication and access-
control related mechanism. This is mandatory for ant spring security
applications.
Remoting – This module provides integration to the Spring Remoting.
Web – This module contains APIs for servlet filters and any web based
authentication like access restriction for URLs.
Config – This module is needed while using the Spring Security XML
namespace for configuration.
LDAP – Required to use LDAP authentication or manage LDAP user entries.
ACL – Specialized domain object ACL implementation.
CAS – Spring Security’s CAS client integration.
OpenID – OpenID web authentication support.
22. Web.xml Configuration
<!-- Apply Spring Security Filter to all Requests -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
23. Password Encoder
Necessary steps to use Spring
Security’s to protect our site against
CSRF attacks
Use proper HTTP verbs
Configure CSRF Protection
Include the CSRF Token
24. Password
Encoder[Conti..]
Use proper HTTP verbs:
Before Spring Security’s CSRF support can be of use,
you need to be certain that your application is using
PATCH, POST, PUT, and/or DELETE for anything that
modifies state.
Configure CSRF Protection:
<http>
<!-- ... -->
<csrf disabled="true"/>
</http>