This the perfect introduction for people who have absolutely no experience with the Spring framework. The session adopts a learn-by-example approach and takes the form of a practical hands-on-lab with a lot of live coding. Attendees will be presented with a sample web application and various use-case scenarios, they will build an actual Spring MVC web application backed by a MySQL database end-to-end, They will Test it, and deploy it on an Apache TomCat web server. The basics of the Spring framework, design patterns, and best practices will be picked up by example along the way. Covered topics include: Inversion of Control (Dependency Injection), Spring MVC, Spring DAO, Spring ORM (iBatis), Aspect Oriented Programming in Spring, Basic Web Security, and the Mail API. Bring your laptop! Prerequisites: Familiarity with the architecture of Java web application and its technologies (Servlets, JSP, Java EL, JSTL, etc... )

1. Introduction to Building Enterprise Web Application with Spring MVC By Abdelmonaim Remani abdelmonaim.remani@gmail.com Polymathic-coder.com Silicon Valley Code Camp v 4.0

2. Enterprise Application Complex Functional Requirements Non-Functional Requirements Execution Performance Reliability Security Evolution Testability Maintainability Extensibility Scalability (Horizontal and Vertical)

4. Implicit Invocation

5. Cross-Cutting ConcernsAspect Oriented Programming

6. Frameworks An Architecture A well defined structure to solve a problem Library Framework vs. Library Invoking you vs. Being Invoked Generic vs. Specific Tools Compiler, Debugger, Etc… Scaffolding and other utilities Etc…

7. Frameworks Heavyweight vs. Lightweight The need for a platform or a stack (JEE as an example) The ability to load in-demand the only the necessary components The memory footprint The build size Deployment ease Etc…

8. The Spring Framework

9. What is Spring? Application Framework Java Other Implementations are available (Spring .NET) Open-Source Lightweight POJO Based By Rod Johnson Expert One-on-One J2EE Design and Development in, 2002 2EE without EJB, 2004 Becoming the De Facto Standard of Java Enterprise Applications

10. Features: Inversion Control The Problem Resource acquiring via Static method of a singleton factory Instantiation of an concrete class Directory Services API that allows for discorery and lookup (For example JNDI) Hard Dependencies are created Problems with reusing code with hard dependencies Painful Unit Testing in isolation

12. The Tradeoff Resource injection is done at runtime Usually done using reflection No static type checking

13. Features: Agility If you read the Agile Manifesto, Agile is for the most part for a technical prospective Frequent deliverables Ability and ease of refactoring Decoupling , DRY, and TDD are key makes’em easier

14. Features: AOP OOP creates a hierarchical object model by nature Cross cutting concerns are not necessary part of the application logic Occur across the object model in unrelated parts Logging Security Transaction management Etc… AOP (Aspect Oriented Programming) Modularization of cross cutting concerns

15. Features: Libraries POJO Wrappers for most popular frameworks Allowing injection of dependencies into the standard implementation Struts JSF Apache Tapestry Etc… Full support of JEE Integration with other frameworks

16. Features: Other Source: http://www.developersbook.com/spring/images/SpringFrameworkModules.PNG

17. Spring Core

18. Spring Core All you need to know is: The Container The Bean Factory Manage bean instances (POJOs)’ life cycle Configuring their dependencies Etc… Can be used a partially compliant EJB3 Container Spring Pitchfork

19. Spring MVC

20. Spring MVC A Front Controller Pattern Dispatcher Request Routing Controllers are Spring beans (Managed POJOs) No session scope for scalability

21. Spring MVC Views JSP, JSF, Flex Controllers Many types Custom controllers Model Service Layer DAO for persistence JDBC and ORM (Hibernate, iBATIS, etc...)

22. Spring MVC Complements Spring Web Flow For Web Application that are More dynamic Non-linear without arbitrary end points Spring Portlet MVC A JSR 168 compliant Portlet environnent Large web application composed with subcomponents on the same web page

23. Spring SecurityFormally Known As Acegi

24. Code Time!

25. Spring Security (Acegi)

26. Security Terminology Authentication the verification of the user identity Authorization Permissions granted to the identified user Access Control By arbitrary conditions that may depend to Attributes of clients Temporal and Local Condition Human User Detection Other Channel or Transport Security Encryption

27. Security Terminology Realm A Defined the authentication policy User A defined individual in the Application Server Group A defined classification of users by common traits in the Application Server. Role An abstract name of the permissions to access a particular set of resources in an application

28. Available Frameworks Spring Security Former Acegi JAAS (Java Authentication and Authorization Service) jGuard Apache Shiro

29. Spring Security Security is your responsibility Features: It is not the standard No class loader authorization capabilities Simple configuration Portable across containers Customizable and extendable Pluggable authentication and web request URI security Support method interception, Single Sign-On, and Swing clients

30. Authentication Authentication Form-Based Basic Digest LDAP NTLM (NT LAN Manager) SSO (Single Sign-On) JA-SIG CAS Open ID Atlassian Crowd SiteMinder X.509

31. Authentication Mechanisms Interact with the user Providers Check credentials Bundles details in a Thread Local security context holder Repositories Store roles and profile info In Memory JDBC LDAP Etc…

32. Authorization Web Authorization URL-Based Which URL patterns and HTTP methods are allowed to be accessed by which role The rules are top-down with most specific at the top Paths are in Ant format by default Method authorization Reusable Protocol Angostic Uses AOP Annotations Support JSR 250 Spring @Secured Spring Security 2.5 EL Support for Instance-based XML

33. Spring AOP

34. Cross Cutting Concerns Logging Transaction Management Security Cashing Some Business Logic Etc…

35. Aspect Oriented Programming The Problem Code Tangling No Cohesion Code Scattering Not DRY The Solution Aspect Oriented Programming AspectJ Modulation in Aspects and weaving into the application code

36. Spring APO Spring AOP Java based AOP Framework Built on top of AspectJ Interception based

37. AOP Terminology Joint Point A point in the execution of the program Point Cut An expression that selects one or more joint point AspectJ Expression Language Advice The code to be weaved at a joint point Aspect Point Cut + Advice

38. Types of Advices Annotations Before AfterReturning AfterThrowing After Around

39. Q & A

40. Thank You!