Introduction To Building Enterprise Web Application With Spring Mvc


Published on

This the perfect introduction for people who have absolutely no experience with the Spring framework. The session adopts a learn-by-example approach and takes the form of a practical hands-on-lab with a lot of live coding. Attendees will be presented with a sample web application and various use-case scenarios, they will build an actual Spring MVC web application backed by a MySQL database end-to-end, They will Test it, and deploy it on an Apache TomCat web server. The basics of the Spring framework, design patterns, and best practices will be picked up by example along the way. Covered topics include: Inversion of Control (Dependency Injection), Spring MVC, Spring DAO, Spring ORM (iBatis), Aspect Oriented Programming in Spring, Basic Web Security, and the Mail API. Bring your laptop! Prerequisites: Familiarity with the architecture of Java web application and its technologies (Servlets, JSP, Java EL, JSTL, etc... )

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Introduction To Building Enterprise Web Application With Spring Mvc

  1. 1. Introduction to Building Enterprise Web Application with Spring MVC<br />By Abdelmonaim Remani<br /><br /><br />Silicon Valley Code Camp v 4.0<br />
  2. 2. Enterprise Application<br />Complex<br />Functional Requirements<br />Non-Functional Requirements<br />Execution<br />Performance<br />Reliability<br />Security<br />Evolution<br />Testability<br />Maintainability<br />Extensibility<br />Scalability (Horizontal and Vertical)<br />
  3. 3. Modern Enterprise Application<br />The Architecture<br />N-Tier Application<br />Presentation Layer<br />Micro-Architecture (Commands, Valuators, etc..)<br />MVC Pattern<br />Service / Business Layer<br />Data Access Layer<br />Naked Objects Pattern<br />Data<br />Middleware<br />Resource Lookup<br /><ul><li>Service locator pattern
  4. 4. Implicit Invocation
  5. 5. Cross-Cutting Concerns</li></ul>Aspect Oriented Programming<br />
  6. 6. Frameworks<br />An Architecture<br />A well defined structure to solve a problem<br />Library<br />Framework vs. Library<br />Invoking you vs. Being Invoked<br />Generic vs. Specific<br />Tools<br />Compiler, Debugger, Etc…<br />Scaffolding and other utilities<br />Etc…<br />
  7. 7. Frameworks<br />Heavyweight vs. Lightweight<br />The need for a platform or a stack (JEE as an example)<br />The ability to load in-demand the only the necessary components<br />The memory footprint<br />The build size<br />Deployment ease<br />Etc…<br />
  8. 8. The Spring Framework<br />
  9. 9. What is Spring?<br />Application Framework<br />Java<br />Other Implementations are available (Spring .NET)<br />Open-Source<br />Lightweight<br />POJO Based<br /> By Rod Johnson<br />Expert One-on-One J2EE Design and Development in, 2002<br />2EE without EJB, 2004<br />Becoming the De Facto Standard of Java Enterprise Applications<br />
  10. 10. Features: Inversion Control<br />The Problem<br />Resource acquiring via<br />Static method of a singleton factory<br />Instantiation of an concrete class<br />Directory Services API that allows for discorery and lookup (For example JNDI)<br />Hard Dependencies are created<br />Problems with reusing code with hard dependencies<br />Painful Unit Testing in isolation<br />
  11. 11. Features: Inversion Control<br /><ul><li>The solution</li></ul>Use parameterized classes<br />Dependencies are decoupled from classes<br />By Coding against interfaces<br />Inversion of Control: Dependency Injection<br />The Hollywood Principle “Don&apos;t call us, we&apos;ll call you.“<br />Wait a minute this a lot of work!<br />Spring to the rescue<br />
  12. 12. The Tradeoff<br />Resource injection is done at runtime<br />Usually done using reflection<br />No static type checking<br />
  13. 13. Features: Agility<br />If you read the Agile Manifesto, Agile is for the most part for a technical prospective<br />Frequent deliverables<br />Ability and ease of refactoring<br />Decoupling , DRY, and TDD are key makes’em easier<br />
  14. 14. Features: AOP<br />OOP creates a hierarchical object model by nature<br />Cross cutting concerns<br />are not necessary part of the application logic<br />Occur across the object model in unrelated parts<br />Logging<br />Security<br />Transaction management<br />Etc…<br />AOP (Aspect Oriented Programming)<br />Modularization of cross cutting concerns<br />
  15. 15. Features: Libraries<br />POJO Wrappers for most popular frameworks<br />Allowing injection of dependencies into the standard implementation<br />Struts<br />JSF<br />Apache Tapestry<br />Etc…<br />Full support of JEE<br />Integration with other frameworks<br />
  16. 16. Features: Other<br />Source:<br />
  17. 17. Spring Core<br />
  18. 18. Spring Core<br />All you need to know is:<br />The Container<br />The Bean Factory<br />Manage bean instances (POJOs)’ life cycle<br />Configuring their dependencies<br />Etc…<br />Can be used a partially compliant EJB3 Container<br />Spring Pitchfork<br />
  19. 19. Spring MVC<br />
  20. 20. Spring MVC<br />A Front Controller Pattern<br />Dispatcher<br />Request Routing<br />Controllers are Spring beans (Managed POJOs)<br />No session scope for scalability<br />
  21. 21. Spring MVC<br />Views<br />JSP, JSF, Flex<br />Controllers<br />Many types<br />Custom controllers<br />Model<br />Service Layer<br />DAO for persistence<br />JDBC and ORM (Hibernate, iBATIS, etc...)<br />
  22. 22. Spring MVC Complements<br />Spring Web Flow<br />For Web Application that are<br />More dynamic<br />Non-linear without arbitrary end points<br />Spring Portlet MVC<br />A JSR 168 compliant Portlet environnent<br />Large web application composed with subcomponents on the same web page<br />
  23. 23. Spring SecurityFormally Known As Acegi<br />
  24. 24. Code Time!<br />
  25. 25. Spring Security (Acegi)<br />
  26. 26. Security Terminology<br />Authentication<br />the verification of the user identity<br />Authorization<br />Permissions granted to the identified user<br />Access Control<br />By arbitrary conditions that may depend to <br />Attributes of clients<br />Temporal and Local Condition<br />Human User Detection<br />Other<br />Channel or Transport Security<br />Encryption<br />
  27. 27. Security Terminology<br />Realm<br />A Defined the authentication policy<br />User<br />A defined individual in the Application Server<br />Group<br />A defined classification of users by common traits in the Application Server.<br />Role<br />An abstract name of the permissions to access a particular set of resources in an application<br />
  28. 28. Available Frameworks<br />Spring Security<br />Former Acegi<br />JAAS (Java Authentication and Authorization Service)<br />jGuard<br />Apache Shiro<br />
  29. 29. Spring Security<br />Security is your responsibility<br />Features:<br />It is not the standard<br />No class loader authorization capabilities<br />Simple configuration<br />Portable across containers<br />Customizable and extendable<br />Pluggable authentication and web request URI security<br />Support method interception, Single Sign-On, and Swing clients<br />
  30. 30. Authentication<br />Authentication<br />Form-Based<br />Basic<br />Digest<br />LDAP<br />NTLM (NT LAN Manager)<br />SSO (Single Sign-On)<br />JA-SIG CAS<br />Open ID<br />Atlassian Crowd<br />SiteMinder<br />X.509<br />
  31. 31. Authentication<br />Mechanisms<br />Interact with the user<br />Providers<br />Check credentials<br />Bundles details in a Thread Local security context holder<br />Repositories<br />Store roles and profile info<br />In Memory<br />JDBC<br />LDAP<br />Etc…<br />
  32. 32. Authorization<br />Web Authorization<br />URL-Based<br />Which URL patterns and HTTP methods are allowed to be accessed by which role<br />The rules are top-down with most specific at the top<br />Paths are in Ant format by default<br />Method authorization<br />Reusable<br />Protocol Angostic<br />Uses AOP<br />Annotations Support<br />JSR 250<br />Spring @Secured<br />Spring Security 2.5 EL<br />Support for Instance-based XML<br />
  33. 33. Spring AOP<br />
  34. 34. Cross Cutting Concerns<br />Logging<br />Transaction Management<br />Security<br />Cashing<br />Some Business Logic<br />Etc…<br />
  35. 35. Aspect Oriented Programming<br />The Problem<br />Code Tangling<br />No Cohesion<br />Code Scattering<br />Not DRY<br />The Solution<br />Aspect Oriented Programming<br />AspectJ<br />Modulation in Aspects and weaving into the application code<br />
  36. 36. Spring APO<br />Spring AOP<br />Java based AOP Framework<br />Built on top of AspectJ<br />Interception based<br />
  37. 37. AOP Terminology<br />Joint Point<br />A point in the execution of the program<br />Point Cut<br />An expression that selects one or more joint point<br />AspectJ Expression Language<br />Advice<br />The code to be weaved at a joint point<br />Aspect<br />Point Cut + Advice<br />
  38. 38. Types of Advices<br />Annotations<br />Before<br />AfterReturning<br />AfterThrowing<br />After<br />Around<br />
  39. 39. Q & A<br />
  40. 40. Thank You!<br />