Building enterprise web applications with spring 3

Building Enterprise Web Applications with Spring 3.0 and Spring 3.0 MVC JavaOne 2010ByAbdelmonaimRemaniabdelmonaim.remani@gmail.com

Creative Commons Attribution-NonCommercial 3.0 Unportedhttp://creativecommons.org/licenses/by-nc/3.0/License

Software Engineer at Overstock.comParticularly interested in technology evangelism and enterprise software development and architecturePresident and Founder of a number of organizationsThe Chico Java User GroupThe Chico Flex User Group,The Chico Google Technology User Group.LinkedInhttp://www.linkedin.com/in/polymathiccoderTwitterhttp://twitter.com/polymathiccoderWho Am I?

WarningThis presentation is very long and covers a lot of material

ComplexIn terms of requirementsFunctionalNon-FunctionalExecutionPerformanceReliabilitySecurityEvolutionTestabilityMaintainabilityExtendibilityScalability (Horizontal and Vertical)Enterprise Application Software (EAS)

In the words of Edsger W. Dijkstra:[…] The Separation of Concerns […] is yet the only available technique for effective ordering of one’s thoughts […]Artificially Reducing complexity by means of AbstractionSpecific Choices of abstractionProduces a architecturesEnterprise Application Software (EAS)

The ArchitectureLayered / N-TieredPresentation LayerWeb LayerService LayerPersistence LayerAspectsMiddlewareOtherModern Enterprise Application

A Framework is an architectureA well-defined structure to solve a problemA pre-existing hierarchy to be extendedLibraryFramework vs. LibraryInvoking vs. being invokedGeneric vs. specificToolsCompiler, debugger, etc…Scaffolding and other utilitiesEtc…Frameworks

Heavyweight vs. LightweightThe need for a platform or a stack (JEE as example)The ability to load in-demand necessary componentsThe memory footprintThe build sizeDeployment easeEtc…Frameworks

Application FrameworkJavaOther implementations are available (Spring .NET)Open-SourceLightweightNon-Invasive (POJO Based)ExtendibleA platform with well-defined extension points for other frameworksBy Rod JohnsonExpert One-on-One J2EE Design and Development, 2002J2EE without EJB, 2004Became the De facto standard of Java Enterprise ApplicationsWhat is Spring?

20 ModulesSpringSource: Spring 3.0.x Framework Referencehttp://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html

Wrappers for most popular frameworksAllowing injection of dependencies into standard implementationStrutsJSFApache TapestryEtc…Full Integration with the JEE stackLibraries

The Address Book from polymathic-coder.comA web application for Contact managementThe Address Book

Details:As a user I should be able to view, add, delete, and edit personal contacts data on my address book including:First NameLast NameEmailPhone NumberImagePrimary Actors: Regular user / AdministratorAssumptions: The user is authenticated and has proper privileges to access the Contact Management AreaAccess is granted both through the web interface and a RESTful APIFunctional RequirementsUse Case 1 - Contact Management

Business RulesA First Names are requiredPhone Numbers must be valid US phone numbersEmails must be validFunctional RequirementsUse Case 1 - Contact Management

Details:As an administrator I should be able to view, add, delete, and edit the user data including:UsernamePasswordRole (Regular or Administrator)Whether the account is enabled or notEmailPrimary Actors: AdministratorAssumptions:The user is authenticated and has proper privileges to access the User Administration AreaAccess is granted through the web interfaceFunctional RequirementsUse Case 2 - User Management

Business RulesUsername is required and must be uniquePasswords must be complex (The should contains at least 1 lowercase letter, 1 uppercase letter, 1 digit, and 1 special character)Emails must be validAn email must be sent to the newly created userFunctional RequirementsUse Case 2 - User Management

Details:As an administrator I should be able to view audit and health check reportsPrimary Actors: AdministratorAssumptions:The user is authenticated and has proper privileges to access the Reporting AreaAccess is granted through the web interfaceThe reports are periodically generated by the systemFunctional RequirementsUse Case 3 - Reporting

RBAC (Role-based access control)AuthenticationForm-basedHttp BasicAuthorizationSecurity RolesRegular UserAccess to personal contact management areaAdministratorsAccess to personal contact management areaAccess to user administration areaAccess to reporting areaAccess ControlNo RulesTransport SecurityNot requiredNon-Functional Requirements Security

The problem:Acquiring Resources viaInstantiation of a concrete classUsing a static method of a singleton factoryUsing a Directory Services API that allows for discovery and lookup (JNDI for example)Etc..Creates hard dependenciesCoupled code is hard to reuse (DRYness)Painful Unit TestingInversion of Control

The Solution:Coding against InterfacesInversion of Control: Dependency InjectionReflectively supply external dependency at runtimeThe Hollywood principle: “Don’t call us, we’ll call you”Wait a minute this a lot of work!Spring to the rescueInversion of Control

Container POJOConfiguration MetadataXML-BasedAnnotation-BasedJava-basedSpring CoreSource: Spring 3.0.x Framework Referencehttp://static.springsource.org/spring/docs/3.0.x/spring-framework-reference/htmlsingle/spring-framework-reference.html

JSR 330 – Dependency Injection for Java JSR 330@Inject@NamedSpring Annotations@Autowire@QualifierJSR 250 - Common Annotationsjavax.annotationJSR 299 – Contexts and Dependency InjectionScopes and contexts: javax.contextDependency injection service: javax.injectFramework integration SPI: javax.inject.managerEvent notification service: javax.event

Used to mark a class that fulfills a role or a stereotypeStereotyped classes can be automatically detectedSpring Stereotypes@Component@Repository@Service@ControllerStereotypical Spring

A model of the “concepts” involved in the system and their relationshipsAnemic Domain ModelPOJOs (Plain Old Java Objects) or VOs (Value Objects)Clear separation between logic and dataParallel object hierarchies are evilMetadata is interpreted depending on the context as the object moves across the layers of the applicationObject-Relational mapping to persistent entitiesValidationMarshaling / Un-marshalingEtc…Domain Model

Ensuring the correctness of data based on a set predefined rulesJSR 303 - Bean ValidationSource: Hibernate Validator Reference Guide 4.1.0.Finalhttp://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/

javax.validationReference Implementation: Hibernate ValidatorJSR 303 - Bean ValidationSource: Hibernate Validator Reference Guide 4.1.0.Finalhttp://docs.jboss.org/hibernate/stable/validator/reference/en-US/html_single/

Instantiation (Items 1 & 2 of Josh Bloch’s Effective Java)Static FactoriesTelescopingProvide buildersOverride the default implementations of hashCode(), toString(), and equals(Object) methodsUse Pojomatic at http://pojomatic.sourceforge.net/Be aware of any circular dependency in your modelVersioning@Version of JSR 317 – JPA 2.0Domain Model

A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:Create, Read, Update, and Delete (CRUD) operations on persistence storage mechanisms such as file systems and Database Management Systems (DBMS)Interacting with Message-Oriented Middleware (MOM) infrastructures or Message Transfer Agents (MTA) such as JMS or mail serversPersistence Layer

javax.persistenceReference Implementation EclipseLinkPrimerA persistence entity is a POJO whose state is persisted to a table in a relational database according to predefined ORM metadataAn entity is managed by an Entity ManagerDo we still need a Persistence Layer?HighlightsSupport for JSR 303 validationJSR 317 – JPA 2.0

Beans Stereotyped with @RepositoryEnables exception translation to a consistent exception hierarchyRun-time exceptions and do not have to be declared or caughtUse JPA annotations to inject EntityManager and EntityManagerFactory@PersistenceContext@PersistenceUnitFollow a convention (I suggest CRUD)Declaring transaction semantics@TransactionalSpring Data Access / Integration

Java Mail APIjavax.mailSpring Helpers for various Templating EnginesVelocityFreeMarkerSpring Data Access / Integration

TestingJUnitTake advantage of what JUnit 4.7 has to offer (Explore Theories, Rules, Etc…) LibrariesDbUnithttp://www.dbunit.org/Dumpster http://quintanasoft.com/dumbster/Consider HADES http://redmine.synyx.org/projects/show/hadesPersistence Layer

A logical encapsulation of classes and interfaces that provide the system functionality consolidating Units of work. Service layer classes should be:Transactional StatelessBeans Stereotyped with @ServiceFollow a convention (I suggest VADER)Service Layer

A logical encapsulation of classes and interfaces whose responsibilities fall within the scope of:Navigational logicRendering page views in the proper orderAs simple as mapping a single URL to a single pageAs complex as a full work flow engineWeb concerns (Request variables, session variables, HTTP methods, HTTP response codes, Etc…) should be separated from business logicWeb Layer

Two types of Web FrameworksRequest / Response Web FrameworksWrap the Servlet APIAdopt push modelCompile resultPush it out to be rendered in a viewStruts, Spring MVC, Etc…Component Web FrameworksDot only hide the Servlet APIEvent-driven componentJSF, Tapestry, Etc…Web Layer

Request / Response Web FrameworksA Front Controller PatternOne Dispatcher servletApplication ContextsApplication ContextWeb Application ContextSpring MVC

The promise Non-invasivenessFully annotation-drivenNo extension of framework classes No overriding methodsControllersBeans (Spring Managed-POJOs) Stereotyped with @ControllerSpring MVC - Controllers

Mapping Rules@RequestMappingByPathHTTP methodQuery ParametersRequest HeadersSpring MVC - Controllers

Handler MethodsParameters are request inputsRequest data@RequestParam@PathVariable@RequestHeader@CookieValueCommand Objects (Domain Objects)Injection of standard objectsAutomatic Type ConversionCustom Type ConversionJSR 303 Support@ValidExposing reference data to the views@ModelAttributeSpring MVC - Controllers

Representational State TransferArchitectural StyleIdentifiable ResourcesEverything is a resource accessible URIUniform Interface based on HTTP methodsGET /contacts reads all contactsGET /contacts/1 reads the contact whose id is 1POST /contacts creates a contact PUT /contacts/1 updates the contact whose id is 1DELETE /contacts/1 deletes the contact whose id is 1 RESTful Architecture

Architectural StyleResource RepresentationsMultiple data representation (MIME types) can be specifiedRequestAccept HTTP header field or file extensionResponseContent-Type HTTP header fieldStateless ConversionNo sessionScalableLoosely coupledRESTful Architecture

Annotations@RequestMapping@PathVariable@RequestBody@ResponceBodySpring OXM (Object-XML Mapping)Marshaling / UnmarshalingRESTful Spring

“Deciding to use Velocity or XSLT in place of an existing JSP is primarily a matter of configuration” Spring 3.0 DocumentationView technologiesJSP & JSTLTilesVelocityFreeMarkerXSLTJasperReportsEtc…Spring MVC - Views

Views are rendered based on handler methods return@ResponseBody or ResponseEntity<T>Many HttpMessageConvertersStringHttpMessageConverterJaxb2RootElementHttpMessageConverterMappingJacksonHttpMessageConverterAtomFeed/RssChannelHttpMessageConverterEtc…Register your ownStringView Resolver and a ViewSpring MVC - Views

View ResolversInternalResourceViewResolverContentNegotiatingViewResolverBeanNameViewResolverJasperReportsViewResolverTilesViewResolverEtc…Spring MVC - Views

JSP & JSTLSpring Tag LibrarySpring Form Tag LibraryRefer to spring-form.tldThemesOverall look-and-feel of your applicationA collection of style sheets and images<spring:theme />Theme resolversI18NSpring MVC - Views

Spring Web FlowFor Web Application that areMore dynamicNon-linear without arbitrary end pointsSpring Portlet MVCA JSR 168 compliant Portlet environnentLarge web application composed with subcomponents on the same web pageSpring MVC Complements

OOP creates a hierarchical object model by natureCross cutting concernsAre not necessarily a part of the application logicOccur across the object hierarchy in unrelated partsExamplesLoggingSecurityTransaction managementEtc…Aspect-Oriented Programming

The ProblemCode TanglingNo CohesionCode ScatteringNot DRYThe SolutionAspect Oriented ProgrammingAspectJModulation of Aspects and weaving into the application codeAspect Oriented Programming

Spring AOPJava based AOP FrameworkBuilt on top of AspectJInterception basedSpring APO

Joint PointA point in the execution of the programPoint CutAn expression that selects one or more joint pointAspectJ Expression LanguageAdviceThe code to be weaved at a joint pointAspectPoint Cut + AdviceAOP Terminology

AnnotationsBeforeAfterReturningAfterThrowingAfterAroundTypes of Advices

Authenticationthe verification of the user identityAuthorizationPermissions granted to the identified userAccess ControlBy arbitrary conditions that may depend to Attributes of clientsTemporal and Local ConditionHuman User DetectionOtherChannel or Transport SecurityEncryptionSecurity Terminology

RealmA Defined the authentication policyUserA defined individual in the Application ServerGroupA defined classification of users by common traits in the Application Server.RoleAn abstract name of the permissions to access a particular set of resources in an applicationSecurity Terminology

Spring SecurityJAAS (Java Authentication and Authorization Service)jGuardApache ShiroAvailable Frameworks

Security is your responsibilityFeatures:It is not the standardNo class loader authorization capabilitiesSimple configurationPortable across containersCustomizable and extendablePluggable authentication and web request URI securitySupport method interception, Single Sign-On, and Swing clientsSpring Security

AuthenticationForm-BasedBasicDigestLDAPNTLM (NT LAN Manager)SSO (Single Sign-On)JA-SIG CASOpen IDAtlassian CrowdSiteMinderX.509Authentication

MechanismsInteract with the userProvidersCheck credentialsBundles details in a Thread Local security context holderRepositoriesStore roles and profile infoIn MemoryJDBCLDAPEtc…Authentication

Web AuthorizationURL-BasedWhich URL patterns and HTTP methods are allowed to be accessed by which roleMethod AuthorizationReusableProtocol AgnosticUses AOPAnnotations SupportJSR 250Spring @SecuredSpring Security ELAuthorization

Job SchedulingBulk Processing IntegrationEtc…Other

If you are interested inThe full-source code of the Address Book ApplicationA Step-By-Step tutorialPossibly a screen castGo tohttp://bit.ly/ad4VGhSupport Material

The Silicon Valley Spring User Grouphttp://www.meetup.com/sv-sug

Building enterprise web applications with spring 3

More Related Content

What's hot (20)

Similar to Building enterprise web applications with spring 3 (20)

More from Abdelmonaim Remani (6)

Recently uploaded (20)

Building enterprise web applications with spring 3

Editor's Notes