Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC <br />JavaOne 2010<br />By<br />AbdelmonaimRemani<...
Creative Commons Attribution-NonCommercial 3.0 Unported<br />http://creativecommons.org/licenses/by-nc/3.0/<br />License<b...
Software Engineer at Overstock.com<br />Particularly interested in technology evangelism and enterprise software developme...
Warning<br />This presentation is very long and covers a lot of material<br />
Introduction<br />
Complex<br />In terms of requirements<br />Functional<br />Non-Functional<br />Execution<br />Performance<br />Reliability...
In the words of Edsger W. Dijkstra:<br />[…] The Separation of Concerns […] is yet the only available technique for effect...
The Architecture<br />Layered / N-Tiered<br />Presentation Layer<br />Web Layer<br />Service Layer<br />Persistence Layer<...
A Framework is an architecture<br />A well-defined structure to solve a problem<br />A pre-existing hierarchy to be extend...
Heavyweight vs. Lightweight<br />The need for a platform or a stack (JEE as example)<br />The ability to load in-demand ne...
The Spring Framework<br />
Application Framework<br />Java<br />Other implementations are available (Spring .NET)<br />Open-Source<br />Lightweight<b...
20 Modules<br />Spring<br />Source:  Spring 3.0.x Framework Reference<br />http://static.springsource.org/spring/docs/3.0....
Wrappers for most popular frameworks<br />Allowing injection of dependencies into standard implementation<br />Struts<br /...
The Address Book<br />
The Address Book from polymathic-coder.com<br />A web application for Contact management<br />The Address Book<br />
Details:<br />As a user I should be able to view, add, delete, and edit personal contacts data on my address book includin...
Business Rules<br />A First Names are required<br />Phone Numbers must be valid US phone numbers<br />Emails must be valid...
Details:<br />As an administrator I should be able to view, add, delete, and edit the user data including:<br />Username<b...
Business Rules<br />Username is required and must be unique<br />Passwords must be complex (The should contains at least 1...
Details:<br />As an administrator I should be able to view audit and health check reports<br />Primary Actors: Administrat...
RBAC (Role-based access control)<br />Authentication<br />Form-based<br />Http Basic<br />Authorization<br />Security Role...
Spring Core<br />
The problem:<br />Acquiring Resources via<br />Instantiation of a concrete class<br />Using a static method of a singleton...
The Solution:<br />Coding against Interfaces<br />Inversion of Control: Dependency Injection<br />Reflectively supply exte...
Container <br />POJO<br />Configuration Metadata<br />XML-Based<br />Annotation-Based<br />Java-based<br />Spring Core<br ...
JSR 330 – Dependency Injection for Java <br />JSR 330<br />@Inject<br />@Named<br />Spring Annotations<br />@Autowire<br /...
Used to mark a class that fulfills a role or a stereotype<br />Stereotyped classes can be automatically detected<br />Spri...
Domain Model<br />
Domain Model<br />
A model of the “concepts” involved in the system and their relationships<br />Anemic Domain Model<br />POJOs (Plain Old Ja...
Ensuring the correctness of data based on a set predefined rules<br />JSR 303 - Bean Validation<br />Source:  Hibernate Va...
javax.validation<br />Reference Implementation: Hibernate Validator<br />JSR 303 - Bean Validation<br />Source:  Hibernate...
Instantiation (Items 1 & 2 of Josh Bloch’s Effective Java)<br />Static Factories<br />Telescoping<br />Provide builders<br...
Persistence Layer<br />
A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:<br />Create, Read, Upda...
javax.persistence<br />Reference Implementation EclipseLink<br />Primer<br />A persistence entity is a POJO whose state is...
Beans Stereotyped with @Repository<br />Enables exception translation to a consistent exception hierarchy<br />Run-time ex...
Java Mail API<br />javax.mail<br />Spring Helpers for various Templating Engines<br />Velocity<br />FreeMarker<br />Spring...
Testing<br />JUnit<br />Take advantage of what JUnit 4.7 has to offer (Explore Theories, Rules, Etc…) <br />Libraries<br /...
Service Layer<br />
A logical encapsulation of classes and interfaces that provide the system functionality consolidating Units of work. Servi...
Web Layer<br />
A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:<br />Navigational logic...
Two types of Web Frameworks<br />Request / Response Web Frameworks<br />Wrap the Servlet API<br />Adopt push model<br />Co...
Spring MVC<br />
Request / Response Web Frameworks<br />A Front Controller Pattern<br />One Dispatcher servlet<br />Application Contexts<br...
The promise Non-invasiveness<br />Fully annotation-driven<br />No extension of framework classes <br />No overriding metho...
Mapping Rules<br />@RequestMapping<br />By<br />Path<br />HTTP method<br />Query Parameters<br />Request  Headers<br />Spr...
Handler Methods<br />Parameters are request inputs<br />Request data<br />@RequestParam<br />@PathVariable<br />@RequestHe...
RESTfulSpring MVC 3.0<br />
Representational State Transfer<br />Architectural Style<br />Identifiable Resources<br />Everything is a resource accessi...
Architectural Style<br />Resource Representations<br />Multiple data representation (MIME types) can be specified<br />Req...
Annotations<br />@RequestMapping<br />@PathVariable<br />@RequestBody<br />@ResponceBody<br />Spring OXM (Object-XML Mappi...
Presentation Layer<br />
“Deciding to use Velocity or XSLT in place of an existing JSP is primarily a matter of configuration” Spring 3.0 Documenta...
Views are rendered based on handler methods return<br />@ResponseBody or ResponseEntity<T><br />Many HttpMessageConverters...
View Resolvers<br />InternalResourceViewResolver<br />ContentNegotiatingViewResolver<br />BeanNameViewResolver<br />Jasper...
JSP & JSTL<br />Spring Tag Library<br />Spring Form Tag Library<br />Refer to spring-form.tld<br />Themes<br />Overall loo...
Spring Web Flow<br />For Web Application that are<br />More dynamic<br />Non-linear without arbitrary end points<br />Spri...
Aspects<br />
Spring AOP<br />
OOP creates a hierarchical object model by nature<br />Cross cutting concerns<br />Are not necessarily a part of the appli...
The Problem<br />Code Tangling<br />No Cohesion<br />Code Scattering<br />Not DRY<br />The Solution<br />Aspect Oriented P...
Spring AOP<br />Java based AOP Framework<br />Built on top of AspectJ<br />Interception based<br />Spring APO<br />
Joint Point<br />A point in the execution of the program<br />Point Cut<br />An expression that selects one or more joint ...
Annotations<br />Before<br />AfterReturning<br />AfterThrowing<br />After<br />Around<br />Types of Advices<br />
Spring Security<br />
Authentication<br />the verification of the user identity<br />Authorization<br />Permissions granted to the identified us...
Realm<br />A Defined the authentication policy<br />User<br />A defined individual in the Application Server<br />Group<br...
Spring Security<br />JAAS (Java Authentication and Authorization Service)<br />jGuard<br />Apache Shiro<br />Available Fra...
Security is your responsibility<br />Features:<br />It is not the standard<br />No class loader authorization capabilities...
Authentication<br />Form-Based<br />Basic<br />Digest<br />LDAP<br />NTLM (NT LAN Manager)<br />SSO (Single Sign-On)<br />...
Mechanisms<br />Interact with the user<br />Providers<br />Check credentials<br />Bundles details in a Thread Local securi...
Web Authorization<br />URL-Based<br />Which URL patterns and HTTP methods are allowed to be accessed by which role<br />Me...
Other<br />
Job Scheduling<br />Bulk Processing <br />Integration<br />Etc…<br />Other<br />
If you are interested in<br />The full-source code of the Address Book Application<br />A Step-By-Step tutorial<br />Possi...
The Silicon Valley Spring User Group<br />http://www.meetup.com/sv-sug<br />
Q & A<br />
Thank You!<br />
Upcoming SlideShare
Loading in …5
×

Building enterprise web applications with spring 3

12,823 views

Published on

JavaOne 2010: Building enterprise web applications with spring 3

Spring is an open source, lightweight Java framework that has become the de facto standard of Java enterprise application development. This session will adopt a learn-by-example approach that combines the philosophy and theory behind Spring with concrete code examples. You'll be walked through building a full-featured Spring 3.0 enterprise Web application end to end. The basics of the Spring framework, design patterns, and best practices will be picked up along the way. Topic to be covered topics include: Dependency Injection, Spring MVC, Spring DAO, Spring ORM, Spring AOP, and Spring Security. This session is intended for developers at any level who are interested in writing Spring or Spring MVC Web applications.

Published in: Technology
  • Where can I get the source code. I tried the link (http://bit.ly/ad4VGh) but it only opens a survey.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • I couldn't get the full-source code.That link redirects to a survey :(
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here

Building enterprise web applications with spring 3

  1. 1. Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC <br />JavaOne 2010<br />By<br />AbdelmonaimRemani<br />abdelmonaim.remani@gmail.com<br />
  2. 2. Creative Commons Attribution-NonCommercial 3.0 Unported<br />http://creativecommons.org/licenses/by-nc/3.0/<br />License<br />
  3. 3. Software Engineer at Overstock.com<br />Particularly interested in technology evangelism and enterprise software development and architecture<br />President and Founder of a number of organizations<br />The Chico Java User Group<br />The Chico Flex User Group,<br />The Chico Google Technology User Group.<br />LinkedIn<br />http://www.linkedin.com/in/polymathiccoder<br />Twitter<br />http://twitter.com/polymathiccoder<br />Who Am I?<br />
  4. 4. Warning<br />This presentation is very long and covers a lot of material<br />
  5. 5. Introduction<br />
  6. 6. Complex<br />In terms of requirements<br />Functional<br />Non-Functional<br />Execution<br />Performance<br />Reliability<br />Security<br />Evolution<br />Testability<br />Maintainability<br />Extendibility<br />Scalability (Horizontal and Vertical)<br />Enterprise Application Software (EAS)<br />
  7. 7. In the words of Edsger W. Dijkstra:<br />[…] The Separation of Concerns […] is yet the only available technique for effective ordering of one’s thoughts […]<br />Artificially Reducing complexity by means of Abstraction<br />Specific Choices of abstraction<br />Produces a architectures<br />Enterprise Application Software (EAS)<br />
  8. 8. The Architecture<br />Layered / N-Tiered<br />Presentation Layer<br />Web Layer<br />Service Layer<br />Persistence Layer<br />Aspects<br />Middleware<br />Other<br />Modern Enterprise Application<br />
  9. 9. A Framework is an architecture<br />A well-defined structure to solve a problem<br />A pre-existing hierarchy to be extended<br />Library<br />Framework vs. Library<br />Invoking vs. being invoked<br />Generic vs. specific<br />Tools<br />Compiler, debugger, etc…<br />Scaffolding and other utilities<br />Etc…<br />Frameworks<br />
  10. 10. Heavyweight vs. Lightweight<br />The need for a platform or a stack (JEE as example)<br />The ability to load in-demand necessary components<br />The memory footprint<br />The build size<br />Deployment ease<br />Etc…<br />Frameworks<br />
  11. 11. The Spring Framework<br />
  12. 12. Application Framework<br />Java<br />Other implementations are available (Spring .NET)<br />Open-Source<br />Lightweight<br />Non-Invasive (POJO Based)<br />Extendible<br />A platform with well-defined extension points for other frameworks<br />By Rod Johnson<br />Expert One-on-One J2EE Design and Development, 2002<br />J2EE without EJB, 2004<br />Became the De facto standard of Java Enterprise Applications<br />What is Spring?<br />
  13. 13. 20 Modules<br />Spring<br />Source: Spring 3.0.x Framework Reference<br />http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html<br />
  14. 14. Wrappers for most popular frameworks<br />Allowing injection of dependencies into standard implementation<br />Struts<br />JSF<br />Apache Tapestry<br />Etc…<br />Full Integration with the JEE stack<br />Libraries<br />
  15. 15. The Address Book<br />
  16. 16. The Address Book from polymathic-coder.com<br />A web application for Contact management<br />The Address Book<br />
  17. 17. Details:<br />As a user I should be able to view, add, delete, and edit personal contacts data on my address book including:<br />First Name<br />Last Name<br />Email<br />Phone Number<br />Image<br />Primary Actors: Regular user / Administrator<br />Assumptions: <br />The user is authenticated and has proper privileges to access the Contact Management Area<br />Access is granted both through the web interface and a RESTful API<br />Functional RequirementsUse Case 1 - Contact Management<br />
  18. 18. Business Rules<br />A First Names are required<br />Phone Numbers must be valid US phone numbers<br />Emails must be valid<br />Functional RequirementsUse Case 1 - Contact Management<br />
  19. 19. Details:<br />As an administrator I should be able to view, add, delete, and edit the user data including:<br />Username<br />Password<br />Role (Regular or Administrator)<br />Whether the account is enabled or not<br />Email<br />Primary Actors: Administrator<br />Assumptions:<br />The user is authenticated and has proper privileges to access the User Administration Area<br />Access is granted through the web interface<br />Functional RequirementsUse Case 2 - User Management<br />
  20. 20. Business Rules<br />Username is required and must be unique<br />Passwords must be complex (The should contains at least 1 lowercase letter, 1 uppercase letter, 1 digit, and 1 special character)<br />Emails must be valid<br />An email must be sent to the newly created user<br />Functional RequirementsUse Case 2 - User Management<br />
  21. 21. Details:<br />As an administrator I should be able to view audit and health check reports<br />Primary Actors: Administrator<br />Assumptions:<br />The user is authenticated and has proper privileges to access the Reporting Area<br />Access is granted through the web interface<br />The reports are periodically generated by the system<br />Functional RequirementsUse Case 3 - Reporting<br />
  22. 22. RBAC (Role-based access control)<br />Authentication<br />Form-based<br />Http Basic<br />Authorization<br />Security Roles<br />Regular User<br />Access to personal contact management area<br />Administrators<br />Access to personal contact management area<br />Access to user administration area<br />Access to reporting area<br />Access Control<br />No Rules<br />Transport Security<br />Not required<br />Non-Functional Requirements Security<br />
  23. 23. Spring Core<br />
  24. 24. The problem:<br />Acquiring Resources via<br />Instantiation of a concrete class<br />Using a static method of a singleton factory<br />Using a Directory Services API that allows for discovery and lookup (JNDI for example)<br />Etc..<br />Creates hard dependencies<br />Coupled code is hard to reuse (DRYness)<br />Painful Unit Testing<br />Inversion of Control<br />
  25. 25. The Solution:<br />Coding against Interfaces<br />Inversion of Control: Dependency Injection<br />Reflectively supply external dependency at runtime<br />The Hollywood principle: “Don’t call us, we’ll call you”<br />Wait a minute this a lot of work!<br />Spring to the rescue<br />Inversion of Control<br />
  26. 26. Container <br />POJO<br />Configuration Metadata<br />XML-Based<br />Annotation-Based<br />Java-based<br />Spring Core<br />Source: Spring 3.0.x Framework Reference<br />http://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html<br />
  27. 27. JSR 330 – Dependency Injection for Java <br />JSR 330<br />@Inject<br />@Named<br />Spring Annotations<br />@Autowire<br />@Qualifier<br />JSR 250 -  Common Annotations<br />javax.annotation<br />JSR 299 – Contexts and Dependency Injection<br />Scopes and contexts: javax.context<br />Dependency injection service: javax.inject<br />Framework integration SPI: javax.inject.manager<br />Event notification service: javax.event<br />
  28. 28. Used to mark a class that fulfills a role or a stereotype<br />Stereotyped classes can be automatically detected<br />Spring Stereotypes<br />@Component<br />@Repository<br />@Service<br />@Controller<br />Stereotypical Spring<br />
  29. 29. Domain Model<br />
  30. 30. Domain Model<br />
  31. 31. A model of the “concepts” involved in the system and their relationships<br />Anemic Domain Model<br />POJOs (Plain Old Java Objects) or VOs (Value Objects)<br />Clear separation between logic and data<br />Parallel object hierarchies are evil<br />Metadata is interpreted depending on the context as the object moves across the layers of the application<br />Object-Relational mapping to persistent entities<br />Validation<br />Marshaling / Un-marshaling<br />Etc…<br />Domain Model<br />
  32. 32. Ensuring the correctness of data based on a set predefined rules<br />JSR 303 - Bean Validation<br />Source: Hibernate Validator Reference Guide 4.1.0.Final<br />http://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/<br />
  33. 33. javax.validation<br />Reference Implementation: Hibernate Validator<br />JSR 303 - Bean Validation<br />Source: Hibernate Validator Reference Guide 4.1.0.Final<br />http://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/<br />
  34. 34. Instantiation (Items 1 & 2 of Josh Bloch’s Effective Java)<br />Static Factories<br />Telescoping<br />Provide builders<br />Override the default implementations of hashCode(), toString(), and equals(Object) methods<br />Use Pojomatic at http://pojomatic.sourceforge.net/<br />Be aware of any circular dependency in your model<br />Versioning<br />@Version of JSR 317 – JPA 2.0<br />Domain Model<br />
  35. 35. Persistence Layer<br />
  36. 36. A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:<br />Create, Read, Update, and Delete (CRUD) operations on persistence storage mechanisms such as file systems and Database Management Systems (DBMS)<br />Interacting with Message-Oriented Middleware (MOM) infrastructures or Message Transfer Agents (MTA) such as JMS or mail servers<br />Persistence Layer<br />
  37. 37. javax.persistence<br />Reference Implementation EclipseLink<br />Primer<br />A persistence entity is a POJO whose state is persisted to a table in a relational database according to predefined ORM metadata<br />An entity is managed by an Entity Manager<br />Do we still need a Persistence Layer?<br />Highlights<br />Support for JSR 303 validation<br />JSR 317 – JPA 2.0<br />
  38. 38. Beans Stereotyped with @Repository<br />Enables exception translation to a consistent exception hierarchy<br />Run-time exceptions and do not have to be declared or caught<br />Use JPA annotations to inject EntityManager and EntityManagerFactory<br />@PersistenceContext<br />@PersistenceUnit<br />Follow a convention (I suggest CRUD)<br />Declaring transaction semantics<br />@Transactional<br />Spring Data Access / Integration<br />
  39. 39. Java Mail API<br />javax.mail<br />Spring Helpers for various Templating Engines<br />Velocity<br />FreeMarker<br />Spring Data Access / Integration<br />
  40. 40. Testing<br />JUnit<br />Take advantage of what JUnit 4.7 has to offer (Explore Theories, Rules, Etc…) <br />Libraries<br />DbUnithttp://www.dbunit.org/<br />Dumpster http://quintanasoft.com/dumbster/<br />Consider HADES http://redmine.synyx.org/projects/show/hades<br />Persistence Layer<br />
  41. 41. Service Layer<br />
  42. 42. A logical encapsulation of classes and interfaces that provide the system functionality consolidating Units of work. Service layer classes should be:<br />Transactional <br />Stateless<br />Beans Stereotyped with @Service<br />Follow a convention (I suggest VADER)<br />Service Layer<br />
  43. 43. Web Layer<br />
  44. 44. A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:<br />Navigational logic<br />Rendering page views in the proper order<br />As simple as mapping a single URL to a single page<br />As complex as a full work flow engine<br />Web concerns (Request variables, session variables, HTTP methods, HTTP response codes, Etc…) should be separated from business logic<br />Web Layer<br />
  45. 45. Two types of Web Frameworks<br />Request / Response Web Frameworks<br />Wrap the Servlet API<br />Adopt push model<br />Compile result<br />Push it out to be rendered in a view<br />Struts, Spring MVC, Etc…<br />Component Web Frameworks<br />Dot only hide the Servlet API<br />Event-driven component<br />JSF, Tapestry, Etc…<br />Web Layer<br />
  46. 46. Spring MVC<br />
  47. 47. Request / Response Web Frameworks<br />A Front Controller Pattern<br />One Dispatcher servlet<br />Application Contexts<br />Application Context<br />Web Application Context<br />Spring MVC<br />
  48. 48. The promise Non-invasiveness<br />Fully annotation-driven<br />No extension of framework classes <br />No overriding methods<br />Controllers<br />Beans (Spring Managed-POJOs) Stereotyped with @Controller<br />Spring MVC - Controllers<br />
  49. 49. Mapping Rules<br />@RequestMapping<br />By<br />Path<br />HTTP method<br />Query Parameters<br />Request Headers<br />Spring MVC - Controllers<br />
  50. 50. Handler Methods<br />Parameters are request inputs<br />Request data<br />@RequestParam<br />@PathVariable<br />@RequestHeader<br />@CookieValue<br />Command Objects (Domain Objects)<br />Injection of standard objects<br />Automatic Type Conversion<br />Custom Type Conversion<br />JSR 303 Support<br />@Valid<br />Exposing reference data to the views<br />@ModelAttribute<br />Spring MVC - Controllers<br />
  51. 51. RESTfulSpring MVC 3.0<br />
  52. 52. Representational State Transfer<br />Architectural Style<br />Identifiable Resources<br />Everything is a resource accessible URI<br />Uniform Interface based on HTTP methods<br />GET /contacts reads all contacts<br />GET /contacts/1 reads the contact whose id is 1<br />POST /contacts creates a contact <br />PUT /contacts/1 updates the contact whose id is 1<br />DELETE /contacts/1 deletes the contact whose id is 1 <br />RESTful Architecture<br />
  53. 53. Architectural Style<br />Resource Representations<br />Multiple data representation (MIME types) can be specified<br />Request<br />Accept HTTP header field or file extension<br />Response<br />Content-Type HTTP header field<br />Stateless Conversion<br />No session<br />Scalable<br />Loosely coupled<br />RESTful Architecture<br />
  54. 54. Annotations<br />@RequestMapping<br />@PathVariable<br />@RequestBody<br />@ResponceBody<br />Spring OXM (Object-XML Mapping)<br />Marshaling / Unmarshaling<br />RESTful Spring<br />
  55. 55. Presentation Layer<br />
  56. 56. “Deciding to use Velocity or XSLT in place of an existing JSP is primarily a matter of configuration” Spring 3.0 Documentation<br />View technologies<br />JSP & JSTL<br />Tiles<br />Velocity<br />FreeMarker<br />XSLT<br />JasperReports<br />Etc…<br />Spring MVC - Views<br />
  57. 57. Views are rendered based on handler methods return<br />@ResponseBody or ResponseEntity<T><br />Many HttpMessageConverters<br />StringHttpMessageConverter<br />Jaxb2RootElementHttpMessageConverter<br />MappingJacksonHttpMessageConverter<br />AtomFeed/RssChannelHttpMessageConverter<br />Etc…<br />Register your own<br />String<br />View Resolver and a View<br />Spring MVC - Views<br />
  58. 58. View Resolvers<br />InternalResourceViewResolver<br />ContentNegotiatingViewResolver<br />BeanNameViewResolver<br />JasperReportsViewResolver<br />TilesViewResolver<br />Etc…<br />Spring MVC - Views<br />
  59. 59. JSP & JSTL<br />Spring Tag Library<br />Spring Form Tag Library<br />Refer to spring-form.tld<br />Themes<br />Overall look-and-feel of your application<br />A collection of style sheets and images<br /><spring:theme /><br />Theme resolvers<br />I18N<br />Spring MVC - Views<br />
  60. 60. Spring Web Flow<br />For Web Application that are<br />More dynamic<br />Non-linear without arbitrary end points<br />Spring Portlet MVC<br />A JSR 168 compliant Portlet environnent<br />Large web application composed with subcomponents on the same web page<br />Spring MVC Complements<br />
  61. 61. Aspects<br />
  62. 62. Spring AOP<br />
  63. 63. OOP creates a hierarchical object model by nature<br />Cross cutting concerns<br />Are not necessarily a part of the application logic<br />Occur across the object hierarchy in unrelated parts<br />Examples<br />Logging<br />Security<br />Transaction management<br />Etc…<br />Aspect-Oriented Programming<br />
  64. 64. The Problem<br />Code Tangling<br />No Cohesion<br />Code Scattering<br />Not DRY<br />The Solution<br />Aspect Oriented Programming<br />AspectJ<br />Modulation of Aspects and weaving into the application code<br />Aspect Oriented Programming<br />
  65. 65. Spring AOP<br />Java based AOP Framework<br />Built on top of AspectJ<br />Interception based<br />Spring APO<br />
  66. 66. Joint Point<br />A point in the execution of the program<br />Point Cut<br />An expression that selects one or more joint point<br />AspectJ Expression Language<br />Advice<br />The code to be weaved at a joint point<br />Aspect<br />Point Cut + Advice<br />AOP Terminology<br />
  67. 67. Annotations<br />Before<br />AfterReturning<br />AfterThrowing<br />After<br />Around<br />Types of Advices<br />
  68. 68. Spring Security<br />
  69. 69. Authentication<br />the verification of the user identity<br />Authorization<br />Permissions granted to the identified user<br />Access Control<br />By arbitrary conditions that may depend to <br />Attributes of clients<br />Temporal and Local Condition<br />Human User Detection<br />Other<br />Channel or Transport Security<br />Encryption<br />Security Terminology<br />
  70. 70. Realm<br />A Defined the authentication policy<br />User<br />A defined individual in the Application Server<br />Group<br />A defined classification of users by common traits in the Application Server.<br />Role<br />An abstract name of the permissions to access a particular set of resources in an application<br />Security Terminology<br />
  71. 71. Spring Security<br />JAAS (Java Authentication and Authorization Service)<br />jGuard<br />Apache Shiro<br />Available Frameworks<br />
  72. 72. Security is your responsibility<br />Features:<br />It is not the standard<br />No class loader authorization capabilities<br />Simple configuration<br />Portable across containers<br />Customizable and extendable<br />Pluggable authentication and web request URI security<br />Support method interception, Single Sign-On, and Swing clients<br />Spring Security<br />
  73. 73. Authentication<br />Form-Based<br />Basic<br />Digest<br />LDAP<br />NTLM (NT LAN Manager)<br />SSO (Single Sign-On)<br />JA-SIG CAS<br />Open ID<br />Atlassian Crowd<br />SiteMinder<br />X.509<br />Authentication<br />
  74. 74. Mechanisms<br />Interact with the user<br />Providers<br />Check credentials<br />Bundles details in a Thread Local security context holder<br />Repositories<br />Store roles and profile info<br />In Memory<br />JDBC<br />LDAP<br />Etc…<br />Authentication<br />
  75. 75. Web Authorization<br />URL-Based<br />Which URL patterns and HTTP methods are allowed to be accessed by which role<br />Method Authorization<br />Reusable<br />Protocol Agnostic<br />Uses AOP<br />Annotations Support<br />JSR 250<br />Spring @Secured<br />Spring Security EL<br />Authorization<br />
  76. 76. Other<br />
  77. 77. Job Scheduling<br />Bulk Processing <br />Integration<br />Etc…<br />Other<br />
  78. 78. If you are interested in<br />The full-source code of the Address Book Application<br />A Step-By-Step tutorial<br />Possibly a screen cast<br />Go to<br />http://bit.ly/ad4VGh<br />Support Material<br />
  79. 79. The Silicon Valley Spring User Group<br />http://www.meetup.com/sv-sug<br />
  80. 80. Q & A<br />
  81. 81. Thank You!<br />

×