1 / 38

Introduction to Building Enterprise Web Application with Spring MVC

Introduction to Building Enterprise Web Application with Spring MVC. By Abdelmonaim Remani a bdelmonaim.remani@gmail.com Polymathic-coder.com Silicon Valley Code Camp v 4.0. Enterprise Application. Complex Functional Requirements Non-Functional Requirements Execution Performance

casey
Download Presentation

Introduction to Building Enterprise Web Application with Spring MVC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to Building Enterprise Web Application with Spring MVC By Abdelmonaim Remani abdelmonaim.remani@gmail.com Polymathic-coder.com Silicon Valley Code Camp v 4.0

  2. Enterprise Application • Complex • Functional Requirements • Non-Functional Requirements • Execution • Performance • Reliability • Security • Evolution • Testability • Maintainability • Extensibility • Scalability (Horizontal and Vertical)

  3. Modern Enterprise Application • The Architecture • N-Tier Application • Presentation Layer • Micro-Architecture (Commands, Valuators, etc..) • MVC Pattern • Service / Business Layer • Data Access Layer • Naked Objects Pattern • Data • Middleware • Resource Lookup • Service locator pattern • Implicit Invocation • Cross-Cutting Concerns • Aspect Oriented Programming

  4. Frameworks • An Architecture • A well defined structure to solve a problem • Library • Framework vs. Library • Invoking you vs. Being Invoked • Generic vs. Specific • Tools • Compiler, Debugger, Etc… • Scaffolding and other utilities • Etc…

  5. Frameworks • Heavyweight vs. Lightweight • The need for a platform or a stack (JEE as an example) • The ability to load in-demand the only the necessary components • The memory footprint • The build size • Deployment ease • Etc…

  6. The Spring Framework

  7. What is Spring? • Application Framework • Java • Other Implementations are available (Spring .NET) • Open-Source • Lightweight • POJO Based • By Rod Johnson • Expert One-on-One J2EE Design and Development in, 2002 • 2EE without EJB, 2004 • Becoming the De Facto Standard of Java Enterprise Applications

  8. Features: Inversion Control • The Problem • Resource acquiring via • Static method of a singleton factory • Instantiation of an concrete class • Directory Services API that allows for discorery and lookup (For example JNDI) • Hard Dependencies are created • Problems with reusing code with hard dependencies • Painful Unit Testing in isolation

  9. Features: Inversion Control • The solution • Use parameterized classes • Dependencies are decoupled from classes • By Coding against interfaces • Inversion of Control: Dependency Injection • The Hollywood Principle “Don't call us, we'll call you.“ • Wait a minute this a lot of work! • Spring to the rescue

  10. The Tradeoff • Resource injection is done at runtime • Usually done using reflection • No static type checking

  11. Features: Agility • If you read the Agile Manifesto, Agile is for the most part for a technical prospective • Frequent deliverables • Ability and ease of refactoring • Decoupling , DRY, and TDD are key makes’em easier

  12. Features: AOP • OOP creates a hierarchical object model by nature • Cross cutting concerns • are not necessary part of the application logic • Occur across the object model in unrelated parts • Logging • Security • Transaction management • Etc… • AOP (Aspect Oriented Programming) • Modularization of cross cutting concerns

  13. Features: Libraries • POJO Wrappers for most popular frameworks • Allowing injection of dependencies into the standard implementation • Struts • JSF • Apache Tapestry • Etc… • Full support of JEE • Integration with other frameworks

  14. Features: Other Source: http://www.developersbook.com/spring/images/SpringFrameworkModules.PNG

  15. Spring Core

  16. Spring Core • All you need to know is: • The Container • The Bean Factory • Manage bean instances (POJOs)’ life cycle • Configuring their dependencies • Etc… • Can be used a partially compliant EJB3 Container • Spring Pitchfork

  17. Spring MVC

  18. Spring MVC • A Front Controller Pattern • Dispatcher • Request Routing • Controllers are Spring beans (Managed POJOs) • No session scope for scalability

  19. Spring MVC • Views • JSP, JSF, Flex • Controllers • Many types • Custom controllers • Model • Service Layer • DAO for persistence • JDBC and ORM (Hibernate, iBATIS, etc...)

  20. Spring MVC Complements • Spring Web Flow • For Web Application that are • More dynamic • Non-linear without arbitrary end points • Spring Portlet MVC • A JSR 168 compliant Portlet environnent • Large web application composed with subcomponents on the same web page

  21. Spring SecurityFormally Known As Acegi

  22. Code Time!

  23. Spring Security (Acegi)

  24. Security Terminology • Authentication • the verification of the user identity • Authorization • Permissions granted to the identified user • Access Control • By arbitrary conditions that may depend to • Attributes of clients • Temporal and Local Condition • Human User Detection • Other • Channel or Transport Security • Encryption

  25. Security Terminology • Realm • A Defined the authentication policy • User • A defined individual in the Application Server • Group • A defined classification of users by common traits in the Application Server. • Role • An abstract name of the permissions to access a particular set of resources in an application

  26. Available Frameworks • Spring Security • Former Acegi • JAAS (Java Authentication and Authorization Service) • jGuard • Apache Shiro

  27. Spring Security • Security is your responsibility • Features: • It is not the standard • No class loader authorization capabilities • Simple configuration • Portable across containers • Customizable and extendable • Pluggable authentication and web request URI security • Support method interception, Single Sign-On, and Swing clients

  28. Authentication • Authentication • Form-Based • Basic • Digest • LDAP • NTLM (NT LAN Manager) • SSO (Single Sign-On) • JA-SIG CAS • Open ID • Atlassian Crowd • SiteMinder • X.509

  29. Authentication • Mechanisms • Interact with the user • Providers • Check credentials • Bundles details in a Thread Local security context holder • Repositories • Store roles and profile info • In Memory • JDBC • LDAP • Etc…

  30. Authorization • Web Authorization • URL-Based • Which URL patterns and HTTP methods are allowed to be accessed by which role • The rules are top-down with most specific at the top • Paths are in Ant format by default • Method authorization • Reusable • Protocol Angostic • Uses AOP • Annotations Support • JSR 250 • Spring @Secured • Spring Security 2.5 EL • Support for Instance-based XML

  31. Spring AOP

  32. Cross Cutting Concerns • Logging • Transaction Management • Security • Cashing • Some Business Logic • Etc…

  33. Aspect Oriented Programming • The Problem • Code Tangling • No Cohesion • Code Scattering • Not DRY • The Solution • Aspect Oriented Programming • AspectJ • Modulation in Aspects and weaving into the application code

  34. Spring APO • Spring AOP • Java based AOP Framework • Built on top of AspectJ • Interception based

  35. AOP Terminology • Joint Point • A point in the execution of the program • Point Cut • An expression that selects one or more joint point • AspectJ Expression Language • Advice • The code to be weaved at a joint point • Aspect • Point Cut + Advice

  36. Types of Advices • Annotations • Before • AfterReturning • AfterThrowing • After • Around

  37. Q & A

  38. Thank You!

More Related