Building Enterprise Web Applications with Spring 3.0

and Spring 3.0 MVC 

JavaOne 2010

ByAbdelmonaim Remani

abdelmonaim.remani@gmail.com

Creative Commons Attribution-NonCommercial 3.0 Unported http://creativecommons.org/licenses/by-nc/3.0/

License

Software Engineer at Overstock.com Particularly interested in technology evangelism and

enterprise software development and architecture President and Founder of a number of organizations

The Chico Java User Group The Chico Flex User Group, The Chico Google Technology User Group.

LinkedIn http://www.linkedin.com/in/polymathiccoder

Twitter http://twitter.com/polymathiccoder

Who Am I?

WarningThis presentation is very long and covers a lot of

material

Introduction

Complex In terms of requirements

Functional Non-Functional

Execution Performance Reliability Security

Evolution Testability Maintainability Extendibility Scalability (Horizontal and Vertical)

Enterprise Application Software (EAS)

In the words of Edsger W. Dijkstra: […] The Separation of Concerns […] is yet the

only available technique for effective ordering of one’s thoughts […]

Artificially Reducing complexity by means of Abstraction Specific Choices of abstraction

Produces a architectures

Enterprise Application Software (EAS)

The Architecture Layered / N-Tiered

Presentation Layer Web Layer Service Layer Persistence Layer

Aspects Middleware Other

Modern Enterprise Application

A Framework is an architecture A well-defined structure to solve a problem A pre-existing hierarchy to be extended

Library Framework vs. Library

Invoking vs. being invoked Generic vs. specific

Tools Compiler, debugger, etc… Scaffolding and other utilities Etc…

Frameworks

Heavyweight vs. Lightweight The need for a platform or a stack (JEE as

example) The ability to load in-demand necessary

components The memory footprint The build size Deployment ease Etc…

Frameworks

The Spring Framework

Application Framework Java

Other implementations are available (Spring .NET) Open-Source Lightweight Non-Invasive (POJO Based) Extendible

A platform with well-defined extension points for other frameworks By Rod Johnson

Expert One-on-One J2EE Design and Development, 2002 J2EE without EJB, 2004

Became the De facto standard of Java Enterprise Applications

What is Spring?

20 Modules

Spring

Source: Spring 3.0.x Framework Referencehttp://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html

Wrappers for most popular frameworks Allowing injection of dependencies into

standard implementation Struts JSF Apache Tapestry Etc…

Full Integration with the JEE stack

Libraries

The Address Book

The Address Book from polymathic-coder.com A web application for Contact management

The Address Book

Details: As a user I should be able to view, add, delete, and edit personal

contacts data on my address book including: First Name Last Name Email Phone Number Image

Primary Actors: Regular user / Administrator Assumptions:

The user is authenticated and has proper privileges to access the Contact Management Area

Access is granted both through the web interface and a RESTful API

Functional RequirementsUse Case 1 - Contact Management

Business Rules A First Names are required Phone Numbers must be valid US phone

numbers Emails must be valid

Functional RequirementsUse Case 1 - Contact Management

Details: As an administrator I should be able to view, add, delete, and edit

the user data including: Username Password Role (Regular or Administrator) Whether the account is enabled or not Email

Primary Actors: Administrator Assumptions:

The user is authenticated and has proper privileges to access the User Administration Area

Access is granted through the web interface

Functional RequirementsUse Case 2 - User Management

Business Rules Username is required and must be unique Passwords must be complex (The should

contains at least 1 lowercase letter, 1 uppercase letter, 1 digit, and 1 special character)

Emails must be valid An email must be sent to the newly created

user

Functional RequirementsUse Case 2 - User Management

Details: As an administrator I should be able to view audit

and health check reports Primary Actors: Administrator Assumptions:

The user is authenticated and has proper privileges to access the Reporting Area

Access is granted through the web interface The reports are periodically generated by the

system

Functional RequirementsUse Case 3 - Reporting

RBAC (Role-based access control) Authentication

Form-based Http Basic

Authorization Security Roles

Regular User Access to personal contact management area

Administrators Access to personal contact management area Access to user administration area Access to reporting area

Access Control No Rules

Transport Security Not required

Non-Functional Requirements Security

Spring Core

The problem: Acquiring Resources via

Instantiation of a concrete class Using a static method of a singleton factory Using a Directory Services API that allows for

discovery and lookup (JNDI for example) Etc..

Creates hard dependencies Coupled code is hard to reuse (DRYness) Painful Unit Testing

Inversion of Control

The Solution: Coding against Interfaces Inversion of Control: Dependency Injection

Reflectively supply external dependency at runtime

The Hollywood principle: “Don’t call us, we’ll call you”

Wait a minute this a lot of work! Spring to the rescue

Inversion of Control

Container  POJO Configuration Metadata

XML-Based Annotation-Based Java-based

Spring Core

Source: Spring 3.0.x Framework Referencehttp://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html

JSR 330 – Dependency Injection for Java

JSR 330 @Inject @Named

Spring Annotations @Autowire @Qualifier

JSR 250 -  Common Annotations javax.annotation

JSR 299 – Contexts and Dependency Injection Scopes and contexts: javax.context Dependency injection service: javax.inject Framework integration SPI: javax.inject.manager Event notification service: javax.event

Used to mark a class that fulfills a role or a stereotype

Stereotyped classes can be automatically detected

Spring Stereotypes @Component @Repository @Service @Controller

Stereotypical Spring

Domain Model

Domain Model

A model of the “concepts” involved in the system and their relationships

Anemic Domain Model POJOs (Plain Old Java Objects) or VOs (Value Objects) Clear separation between logic and data

Parallel object hierarchies are evil Metadata is interpreted depending on the context as the

object moves across the layers of the application Object-Relational mapping to persistent entities Validation Marshaling / Un-marshaling Etc…

Domain Model

Ensuring the correctness of data based on a set predefined rules

JSR 303 - Bean Validation

Source: Hibernate Validator Reference Guide 4.1.0.Finalhttp://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/

javax.validation Reference Implementation: Hibernate

Validator

JSR 303 - Bean Validation

Source: Hibernate Validator Reference Guide 4.1.0.Finalhttp://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/

Instantiation (Items 1 & 2 of Josh Bloch’s Effective Java) Static Factories Telescoping Provide builders

Override the default implementations of hashCode(), toString(), and equals(Object) methods Use Pojomatic at http://pojomatic.sourceforge.net/

Be aware of any circular dependency in your model Versioning

@Version of JSR 317 – JPA 2.0

Domain Model

Persistence Layer

A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of: Create, Read, Update, and Delete (CRUD)

operations on persistence storage mechanisms such as file systems and Database Management Systems (DBMS)

Interacting with Message-Oriented Middleware (MOM) infrastructures or Message Transfer Agents (MTA) such as JMS or mail servers

Persistence Layer

javax.persistence Reference Implementation EclipseLink Primer

A persistence entity is a POJO whose state is persisted to a table in a relational database according to predefined ORM metadata

An entity is managed by an Entity Manager Do we still need a Persistence Layer?

Highlights Support for JSR 303 validation

JSR 317 – JPA 2.0

Beans Stereotyped with @Repository Enables exception translation to a consistent exception

hierarchy Run-time exceptions and do not have to be declared or caught

Use JPA annotations to inject EntityManager and EntityManagerFactory @PersistenceContext @PersistenceUnit

Follow a convention (I suggest CRUD) Declaring transaction semantics

@Transactional

Spring Data Access / Integration

Java Mail API javax.mail Spring Helpers for various Templating Engines

Velocity FreeMarker

Spring Data Access / Integration

Testing JUnit

Take advantage of what JUnit 4.7 has to offer (Explore Theories, Rules, Etc…)

Libraries DbUnit http://www.dbunit.org/ Dumpster http://quintanasoft.com/dumbster/

Consider HADES http://redmine.synyx.org/projects/show/hades

Persistence Layer

Service Layer

A logical encapsulation of classes and interfaces that provide the system functionality consolidating Units of work. Service layer classes should be: Transactional Stateless

Beans Stereotyped with @Service Follow a convention (I suggest VADER)

Service Layer

Web Layer

A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of: Navigational logic

Rendering page views in the proper order As simple as mapping a single URL to a single page As complex as a full work flow engine

Web concerns (Request variables, session variables, HTTP methods, HTTP response codes, Etc…) should be separated from business logic

Web Layer

Two types of Web Frameworks Request / Response Web Frameworks

Wrap the Servlet API Adopt push model

Compile result Push it out to be rendered in a view

Struts, Spring MVC, Etc… Component Web Frameworks

Dot only hide the Servlet API Event-driven component JSF, Tapestry, Etc…

Web Layer

Spring MVC

Request / Response Web Frameworks A Front Controller Pattern

One Dispatcher servlet Application Contexts

Application Context Web Application Context

Spring MVC

The promise Non-invasiveness Fully annotation-driven No extension of framework classes

No overriding methods

Controllers Beans (Spring Managed-POJOs) Stereotyped

with @Controller

Spring MVC - Controllers

Mapping Rules @RequestMapping By

Path HTTP method Query Parameters Request Headers

Spring MVC - Controllers

Handler Methods Parameters are request inputs

Request data @RequestParam @PathVariable @RequestHeader @CookieValue

Command Objects (Domain Objects) Injection of standard objects

Automatic Type Conversion Custom Type Conversion

JSR 303 Support @Valid

Exposing reference data to the views @ModelAttribute

Spring MVC - Controllers

RESTful Spring MVC 3.0

Representational State Transfer Architectural Style

Identifiable Resources Everything is a resource accessible URI

Uniform Interface based on HTTP methods GET /contacts reads all contacts GET /contacts/1 reads the contact whose id is 1 POST /contacts creates a contact PUT /contacts/1 updates the contact whose id is 1 DELETE /contacts/1 deletes the contact whose id is 1

RESTful Architecture

Architectural Style Resource Representations

Multiple data representation (MIME types) can be specified Request

Accept HTTP header field or file extension Response

Content-Type HTTP header field

Stateless Conversion No session

Scalable Loosely coupled

RESTful Architecture

Annotations @RequestMapping @PathVariable @RequestBody @ResponceBody

Spring OXM (Object-XML Mapping) Marshaling / Unmarshaling

RESTful Spring

Presentation Layer

“Deciding to use Velocity or XSLT in place of an existing JSP is primarily a matter of configuration” Spring 3.0 Documentation

View technologies JSP & JSTL Tiles Velocity FreeMarker XSLT JasperReports Etc…

Spring MVC - Views

Views are rendered based on handler methods return @ResponseBody or ResponseEntity<T>

Many HttpMessageConverters StringHttpMessageConverter Jaxb2RootElementHttpMessageConverter MappingJacksonHttpMessageConverter AtomFeed/RssChannelHttpMessageConverter Etc…

Register your own String

View Resolver and a View

Spring MVC - Views

View Resolvers InternalResourceViewResolver ContentNegotiatingViewResolver BeanNameViewResolver JasperReportsViewResolver TilesViewResolver Etc…

Spring MVC - Views

JSP & JSTL Spring Tag Library Spring Form Tag Library

Refer to spring-form.tld Themes

Overall look-and-feel of your application A collection of style sheets and images <spring:theme /> Theme resolvers

I18N

Spring MVC - Views

Spring Web Flow For Web Application that are

More dynamic Non-linear without arbitrary end points

Spring Portlet MVC A JSR 168 compliant Portlet environnent Large web application composed with

subcomponents on the same web page

Spring MVC Complements

Aspects

Spring AOP

OOP creates a hierarchical object model by nature Cross cutting concerns

Are not necessarily a part of the application logic Occur across the object hierarchy in unrelated parts Examples

Logging Security Transaction management Etc…

Aspect-Oriented Programming

The Problem Code Tangling

No Cohesion Code Scattering

Not DRY The Solution

Aspect Oriented Programming AspectJ

Modulation of Aspects and weaving into the application code

Aspect Oriented Programming

Spring AOP Java based AOP Framework Built on top of AspectJ Interception based

Spring APO

Joint Point A point in the execution of the program

Point Cut An expression that selects one or more joint point AspectJ Expression Language

Advice The code to be weaved at a joint point

Aspect Point Cut + Advice

AOP Terminology

Annotations Before AfterReturning AfterThrowing After Around

Types of Advices

Spring Security

Authentication the verification of the user identity

Authorization Permissions granted to the identified user

Access Control By arbitrary conditions that may depend to

Attributes of clients Temporal and Local Condition Human User Detection Other

Channel or Transport Security Encryption

Security Terminology

Realm A Defined the authentication policy

User A defined individual in the Application Server

Group A defined classification of users by common traits in

the Application Server. Role

An abstract name of the permissions to access a particular set of resources in an application

Security Terminology

Spring Security JAAS (Java Authentication and Authorization

Service) jGuard

Apache Shiro

Available Frameworks

Security is your responsibility Features:

It is not the standard No class loader authorization capabilities Simple configuration Portable across containers Customizable and extendable Pluggable authentication and web request URI security Support method interception, Single Sign-On, and

Swing clients

Spring Security

Authentication Form-Based Basic Digest LDAP NTLM (NT LAN Manager) SSO (Single Sign-On)

JA-SIG CAS Open ID Atlassian Crowd SiteMinder X.509

Authentication

Mechanisms Interact with the user

Providers Check credentials Bundles details in a Thread Local security context holder

Repositories Store roles and profile info

In Memory JDBC LDAP Etc…

Authentication

Web Authorization URL-Based

Which URL patterns and HTTP methods are allowed to be accessed by which role

Method Authorization Reusable

Protocol Agnostic Uses AOP Annotations Support

JSR 250 Spring @Secured Spring Security EL

Authorization

Other

Job Scheduling Bulk Processing Integration Etc…

Other

If you are interested in The full-source code of the Address Book

Application A Step-By-Step tutorial Possibly a screen cast

Go to

http://bit.ly/ad4VGh

Support Material

The Silicon Valley Spring User Group

http://www.meetup.com/sv-sug

Q & A

Thank You!