Beginning Spring Forewords xxvii Introduction xxxi Chapter POJO Programming Model, Lightweight Containers, and Inversion of Control Chapter Dependency Injection with Spring 17 Chapter Building Web Applications Using Spring MVC 63 Chapter JDBC Data Access with Spring 103 Chapter Data Access with JPA Using Spring 137 Chapter Managing Transactions with Spring 175 Chapter Test‐Driven Development with Spring 209 Chapter Aspect‐Oriented Programming with Spring 237 Chapter Spring Expression Language 263 Chapter 10 Caching 285 Chapter 11 RESTful Web Services with Spring 305 Chapter 12 Securing Web Applications with Spring Security 331 Chapter 13 Next Stop: Spring 4.0 369 Appendix Solutions to Exercises 385 index 425 Beginning Spring Beginning Spring Mert ầalsákan Kenan Sevindik Beginning Spring Published by John Wiley & Sons, Inc 10475 Crosspoint Boulevard Indianapolis, IN 46256 www.wiley.com Copyright © 2015 by John Wiley & Sons, Inc., Indianapolis, Indiana Published simultaneously in Canada ISBN: 978-1-118-89292-3 ISBN: 978-1-118-89303-6 (ebk) ISBN: 978-1-118-89311-1 (ebk) Manufactured in the United States of America 10 No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose No warranty may be created or extended by sales or promotional materials The advice and strategies contained herein may not be suitable for every situation This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services If professional assistance is required, the services of a competent professional person should be sought Neither the publisher nor the author shall be liable for damages arising herefrom The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002 Wiley publishes in a variety of print and electronic formats and by print-on-demand Some material included with standard print versions of this book may not be included in e-books or in print-on-demand If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com For more information about Wiley products, visit www.wiley.com Library of Congress Control Number: 2014954686 Trademarks: Wiley, the Wiley logo, Wrox, the Wrox logo, Programmer to Programmer, and related trade dress are trademarks or registered trademarks of John Wiley & Sons, Inc and/or its affiliates, in the United States and other countries, and may not be used without written permission All other trademarks are the property of their respective owners John Wiley & Sons, Inc., is not associated with any product or vendor mentioned in this book This is for you, Love Mert ầalisákan To my Mom, and to the memory of my Dad —Kenan Sevindik Index A AcceptHeaderLocaleResolver bean, 95 AccessDecisionManager, 355–357 accountDao( ) method, 25 AccountDaoInMemoryImpl class, 24 AccountDaoJdbcImpl class, 112–113 AccountService bean, 25 ACID acronym atomicity, 176 consistency, 176 durability, 176 isolation, 176 advice in AOP, 238 Before, 244, 245 After (Finally), 244, 246–247 After Returning, 244, 245 After Throwing, 244, 245–246 AfterReturningAdvice, 242–244 Around, 244, 247–248 MethodBeforeAdvice, 242–244 ThrowsAdvice, 244 After (Finally) advice type, 244 @After annotation, 252 After Returning advice type, 244 After Throwing advice type, 244 @AfterReturning annotation, 252 AfterReturningAdvice, 242–244 @AfterThrowing annotation, 252–253 element, 44–45 aliases, 44–45 anemic domain model, annotations AOP @After, 252 @AfterReturning, 252 @AfterThrowing, 252–253 @Around, 253 @Aspect, 253 @Before, 250–251 @DeclareParents, 254–255 @Pointcut, 251–252 @Autowired, 19 @Bean, 20 @Cacheable, 290–291 @CacheEvict, 292 @CachePut, 292 @Caching, 293 caching abstraction, 289–290 @Component, 19, 266 @Configuration, 20 configuration, RESTful services, 319–320 @ContextConfiguration, 213, 225 @Controller, 84 @ControllerAdvice, 85 @CreditCardNumber, 86 @Description, 381 @Email, 86 @EnableTransactionManagement, 186 @Entity, 140 @ExceptionHandler, 85, 93–95 @Id, 140 @ImportResource, 213 @InitBinder, 85 @Inject, 219 @JoinColumn, 142 425 annotations (continued) – associations annotations (continued) @ManyToMany, 144 @ManyToOne, 143 @ModelAttribute, 84–85 MVC configuration, 71–72 @OneToMany, 143 @OneToOne, 142 @PathVariable, 85 @Pattern, 86 @PersistenceContext, 161 @PersistenceUnit, 161 @PostConstruct, 296–298 @Qualifier, 219 repeating, 379–381 @Repository, 19 @RequestMapping, 84, 317 @Resource, 219 @ResponseBody, 316 @RestController, 316, 381 @Service, 19 @Size, 86 @Table, 140 testing and, 232–233 @Transactional, 186, 190–191, 219 @WebAppConfiguration, 226 anonymous authentication, 333, 344 AOP (aspect-oriented programming), 184, 237–239 advice, 238 AfterReturningAdvice, 242–244 MethodBeforeAdvice, 242–244 ThrowsAdvice, 244 annotations @After, 252 @AfterReturning, 252 @AfterThrowing, 252–253 @Around, 253 @Aspect, 253 @Before, 250–251 configuration and, 259 @DeclareParents, 254–255 @Pointcut, 251–252 AspectJ, 239 caching and, 285–286 CGLIB proxy mechanism, 239 426 configuration, annotations and, 259 JDK dynamic proxy mechanism, 239 join-point, 238 methods, logging execution times, 240–243 point-cut, 238 alternative designators, 249 method signature expressions, 249 type signature expressions, 248–249 wildcards, 250 proxy objects, 239 Proxy pattern, 239 quick-start Maven archetype, 242 target, 238 weaving, 238 AOP (aspected-oriented programming), advice Before, 245 After (Finally), 246–247 After Returning, 245 After Throwing, 245–246 Around, 247–248 APIs (application programming interfaces) EJB2, JPA (Java Persistence API), 138 application exceptions, 186 ApplicationConfig class, 290 ApplicationContext, 21 caching, 216–217 configuration ApplicationContextInitializer interface, 214 Java-based, 210–214 XML-based, 210–214 JUnit, 210–214 ApplicationContext interface, 25 ApplicationContextInitializer interface, 214 arithmetic operators, SpEL, 276 Around advice type, 244 @Around annotation, 253 @Aspect annotation, 253 AspectJ, 239 methods, logging execution times, 255–258 association tables, 144 associations directionality, 142 atomicity – @CachePut annotation multiplicity, 142 objects directionality, 144–145 many-to-many, 143–144 many-to-one, 142–143 one-to-many, 143 one-to-one, 142 atomicity (ACID), 176 attributes depends-on, 38 destroy-method, 52–53 init-method, 52–53 lazy-init, 51 mapping to columns, 141–142 authenticate tag, 359 authentication, 332, 341 anonymous, 333, 344 basic, 352–353 CAS (Central Authentication Service), 333 login flow, 342–243 page customization, 344–345 OAuth, 333 AuthenticationManager, 342 authorization, 332 expression-based, 357–358 service methods, 359–364 web requests, 353–355 authorize tag, 359 automatic dirty checking, 154 @Autowired annotation, 19 autowired collections, 377–379 autowiring, 39–43 B batch operations, JdbcTemplate, 126 batchUpdate( ) method, 126 @Bean annotation, 20 bean scope, 48–51 Bean Validation 1.1, 374 Bean Validation API, 86–90 beans, 18 access, SpEL, 280–281 configuration, constructor injection and, 31–32 definition profiles, 54–56 definitions, overriding, 36–38 instantiation, 45–48 naming, 44–45 request-scoped, testing, 225–227 scopes, 25 session-scoped, testing, 225–227 element, 19 Before advice type, 244 @Before annotation, 250–251 between operator, 277 bidirectional associations, 138–139 BLOBs (binary large objects), 126–127 bootstrapping cache storage, 296–298 boundaries, transactions, 177–180 built-ins expressions, 358 scopes, 50 buttons on MVC forms, 79 C cache annotations @Cacheable, 290–291 conditional caching, 291–292 keys, 291 @CacheEvict, 292 @CachePut, 292 @Caching, 293 cache managers, 298 CompositeCacheManager, 294–295 ConcurrentMapCacheManager, 294 configuration, different name, 289 Ehcache, 299–302 Guava, 302 Hazelcast, 302–303 NoOpCacheManager, 294 SimpleCacheManager, 293–294 @Cacheable annotation, 290–291 conditional caching, 291–292 keys, 291 @CacheEvict annotation, 292 cacheManager, 286–289 @CachePut annotation, 292 427 caching – databases caching, 285 abstraction, annotations and configuration, 289–290 application building annotations and, 289–290 cache manager name, 289 service layer method caching, 286–289 ApplicationContext, 216–217 expressions in, 281 initialization, programmatically, 296–298 SpEL, 281 expressions, 295–296 storage bootstrapping, 296–298 @Caching annotation, 293 callback methods, life cycle callback methods, 52–53 callback objects, 116 capitalize method, 274–275 CAS (Central Authentication Service), 333 CGLIB proxying, 239 checkboxes in MVC forms, 78 checked exceptions, 186 circular dependencies, 34–35 CLOBs (character large objects), 126–127 collections autowired, 377–370 operators, 279–280 first and last element, 280 Command object, 74 Commons FileUpload, 90–93 @Component annotation, 19, 266 CompositeCacheManager, 294–295 conditional caching, @Cacheable annotation, 291–292 conditional dependency, injection and, 374–377 conditional operators, SpEL, 277–278 configuration annotations, RESTful services, 319–320 AOP, annotations and, 259 ApplicationContext ApplicationContextInitializer interface, 214 beans, constructor injection, 31–32 cache manager, different name, 289 context, 214 inheriting, 214–216 428 environments, at runtim, 56–59 MVC annotations and, 71–72 form tag library, 73–74 PlatformTransactionManager bean, 180–182 SpEL and, 264–266 Spring Container, 21–25 Spring Security, 334–340 @Configuration annotation, 20 configuration metadata, 18–20 consistency (ACID), 176 constructor injection, 11–12, 31–34 bean configuration, 31–32 element, 32–33 constructors, calling, 272 containers See also Spring Container lightweight, 8–9 context configuration, 214 inheriting, 214–216 context hierarchies, 225 @ContextConfiguration annotation, 213, 225 ContextLoaderListener, 225 @Controller annotation, 84 @ControllerAdvice annotation, 85 controllers, MVC, testing, 230 @CreditCardNumber annotation, 86 CRUD (Create, Read, Update, Delete), 139 objects and, 150–153 RESTful services and, 307–318 D data access, queries, 114–116 databases embedded, 108–109 initializing, 111 queries IN clause, 118–119 JdbcTemplate, 114–116 named parameters, 116–118 records deleting, 121–124 inserting, 121–124 updating, 121–124 DataNucleus – files stored functions, calling, 124–125 stored procedures, calling, 124–125 DataNucleus, 139 DataSource, 110–111 DataSource object, 106–108 dates, MVC forms, 76–77 DDL operations, 127–128 Declarative Transaction Management, 183–186, 238 @DeclareParents annotation, 254–255 DELETE method, 306 dependency injection, 10–11, 18 autowiring, 39–43 bean lookups, 43–44 overriding definitions, 36–38 circular dependencies, 34–35 conditional dependency, 374–377 constructor injection, 31–34 dependency resolution process, 35 depends-on attribute, 38 MVC and, 65 setter injection, 29–31 test fixtures, 217–219 dependency lookup, 10 depends-on attribute, 38 deployment, EJB model, @Description annotation, 381 destroy-method attribute, 52–53 devFoo( ) method, 58 directionality associations, 142, 144–145 Dispatcher Servlet, 65–66, 306 definition, 66–67 Servlet Context, 67 domain objects, anemic domain model, DriverManagerDataSource class, 107–108 drop-downs, forms, 77 DRY (Don’t Repeat Yourself), 238 durability (ACID), 176 E eager initialization, 18, 51 EBJ2 API, EclipseLink, 139 Ehcache cache manager, 299–302 EJB (Enterprise JavaBeans), 1–2 definitions, 4–5 deployment, EL (expression language), 263 operators, 275 SpEL (Spring Expression Language), 264 @Email annotation, 86 EmbededDatabase interface, 108–109 @EnableTransactionManagement annotation, 186 encapsulation, SQL queries, MappingSqlQuery class and, 128–132 encryption passwords, 349–350 Spring Security, 334 entities, ORM, 140–141 @Entity annotation, 140 EntityManager, 163 EntityManagerFactory, 161–163 environments, configuration, at runtime, 56–59 exception handling, 166–167 JDBC, 132–133 MVC, 93–95 testing, 230 RESTful services, 322–326 @ExceptionHandler annotation, 85, 93–95 exceptions application, 186 checked, 186 system, 186 unchecked, 186 execution keyword, 249 exercise solutions, 385–425 expression templates, 267 expression-based authorization, 357–358 expressions built-in, 358 caching, 281 lambda expressions, 370–374 ExpressParser interface, 267 F FactoryBean interface, 47–48 files, uploading, 90–93 429 filters – Java filters, Spring Security, 338 fixation attacks, Spring Security, 334 foo( ) method, 37 Form object, 74 form tab library (MVC), 73–74 form tag, 74–75 Form-Backing object, 74 forms, submitting, testing, 230 Front Controller, 65–66 functions registering, 274–275 SpEL, 273–275 stored, calling, 124–125 G GET method, 306 getBean( ) method, 37 getConnection( ) method, 107 getRemoteUser( ) method, 333–334 getValue( ) method, 267 global transactions, 182 Guava cache manager, 302 H handler mappings, 66 HandlerMapping interface, 66 Hazelcast cache manager, 302–303 Hello World MVC, 68–71 parsing, SpEL and, 268–270 Hibernate, 139, 147–150 HibernateTemplate class, 161–166 hierarchies, context, testing and, 225 HTML (HyperText Markup Language), 64 HTTP (HyperText Transfer Protocol), 64 status codes, RESTful services, 318 I @Id annotation, 140 @ImportResource annotation, 213 IN clause, 118–119 inheritance, context configuration, 214–216 430 @InitBinder annotation, 85 initialization caches, 296–298 eager initialization, 18, 51 lazy, 18, 51–52 init-method attribute, 52–53 @Inject annotation, 219 injection conditional dependency and, 374–377 constructor injection, 11–12 dependency injection, 10, 18 test fixtures, 217–219 setter methods, 11, 12 system properties, SpEL and, 264–266 inline lists, 274 input, validation, 86–90 input elements, MVC forms, 75–76 instanceof operator, 277 instantiation, beans, 45–48 interfaces ApplicationContext, 25 ApplicationContextInitializer, 214 EmbededDatabase, 108–109 ExpressParser, 267 FactoryBean, 47–48 HandlerMapping, 66 JpaDialect, 168 JpaVendorAdapter, 168 MethodInterceptor, 204 ServletContextAware, 67 UserDetailsService, 340–341 internationalization, MVC, 95–97 IoC (Inversion of Control), 8, 9–10 configuration metadata, 18–20 isolation (ACID), 176 isUserInRole( ) method, 333–334 J JAAS (Jave Authentication and Authorization Service), 332 Java EJB (Enterprise JavaBeans), 1–2 JNDI (Java Naming and Directory Interface), JSP (JavaServer Pages), Java – JSP mapping Java types to SQL types, 145–147 POJO (Plain Old Java Object), 1–2 Java 8, 370–374 Java Annotation-based configuration, 27–29 Java EE7, 370–374 Java-based configuration, 21–26 JDBC (Java Database Connectivity) batch operations, 126 BLOBs (binary large objects), 126–127 callback objects, 116 classes JdbcTemplate, 105 MappingSqlQuery, 105 NamedParameterJdbcTemplate, 105 SimpleJdbcCall, 105 SimpleJdbcInsert, 105 SqlUpdate, 105 StoredProcedure, 105 CLOBs (character large objects), 126–127 connection management, 105–111 databases deleting records, 121–124 inserting records, 121–124 updating records, 121–124 DataSource instance, 110–111 DataSource object, 106–108 DDL operations, 127–128 embedded databases, 108–109 EmbededDatabase interface, 108–109 exception handling, 132–133 initializing databases, 111 JdbcTemplate, configuration, 112–113 methods, vendor-specific, 127 operations as Java objects, 128–132 problems with, 104–105 queries, 114–116 IN clause, 118–119 named parameters, 116–118 stored functions, calling, 124–125 stored procedures, calling, 124–125 transactions, boundaries, 177–180 JdbcTemplate, 370–374 batch operations, 126 callback objects, 116 configuration, 112–113 deleting records, 121–124 inserting records, 121–124 PreparedStatement, 119–121 queries, 114–116 updating records, 121–124 JdbcTemplate class, 105 JDK (Java Development Kit) caching, 286–289 proxying, 239 JNDI (Java Naming and Directory Interface), mock objects for testing, 232 @JoinColumn annotation, 142 join-point in AOP, 238 JPA (Java Persistence API), 138 associations, 150–153 configuration, 147–156 container setup, 156–160 DAO implementation, 161–166 deleting entities, 153–154 finding entities, 153–154 Hibernate, 147–150 implements, 139 load time weaving, 169–170 persistence, 150–153 QL (Query Language), 155–156 updating entities, 153–154 JpaDialect interface, 168 JpaTemplate class, 161–166 JpaVendorAdapter interface, 168 JRE (Java Runtime Environment), 332 JSON (JavaScript Object Notation), 320 JSP (JavaServer Pages), MVC forms, 73 binding, 74 buttons, 79 checkboxes, 78 classes, 76–77 dates, 76–77 drop-downs, 77 form tab library, 73–74 input elements, 75–76 labels, 78 radio buttons, 78 styles, 79–84 security tags, 358–359 431 JUnit – MVC JUnit, 3–4 ApplicationContext, 210–214 runner class, 212 K keys, primary keys natural primary keys, 141 surrogate primary keys, 141 synthetic primary keys, 141 keywords within, 248–249 execution, 249 L labels, MVC forms, 78 lambda expressions, 370–374 lazy initialization, 18, 51–52 lazy-init attribute, 51 life cycle callback methods, 52–53 lightweight containers, 8–9 lists, inline lists, 274 load time weaving, 169–170 local transactions, 182 LocalEntityManagerFactoryBean, 156–160 logical operators, SpEL, 276–277 login authentication, 342–243 customization, 344–345 logout, 346 lookups bean lookups, 43–44 dependency lookups, 10 M Main class, 24 main method, 24 MANDATORY propagation, 192 @ManyToMany annotation, 144 many-to-many associations, 143–144 @ManyToOne annotation, 143 many-to-one associations, 142–143 MappingSqlQuery class, 105 query encapsulation, 128–132 432 Maven project, 242 creating, 21–22 metadata, configuration metadata, 18–20 method references, 373–374 method signature expressions (AOP), 249 MethodBeforeAdvice, 242–244 MethodInterceptor interface, 204 methods accountDao( ), 25 batchUpdate( ), 126 callbacks, life cycle callback methods, 52–53 capitalize, 274–275 DELETE, 306 devFoo( ), 58 foo( ), 37 GET, 306 getBean( ), 37 getConnection( ), 107 getRemoteUser( ), 333–334 getValue( ), 267 isUserInRole( ), 333–334 logging execution times AOP, 240–243 AspectJ, 255–258 main, 24 parseExpression, 267 POST, 306 prodFoo( ), 58 PUT, 306 setRootObject( ), 273 setter methods, 11 setup, 220–221 setValue( ), 267 SpEL, 270–273 static, calling, 272–273 teardown, 220–221 vendor-specific, 127 mock objects, testing and, 231–232 @ModelAttribute annotation, 84–85 multiplicity associations, 142 MVC (Model View Controller), 64–65 annotations @Controller, 84 @ControllerAdvice, 85 NamedParameterJdbcTemplate class – operators @CreditCardNumber, 86 @Email, 86 @ExceptionHandler, 85, 93–95 @InitBinder, 85 @ModelAttribute, 84–85 @PathVariable, 85 @Pattern, 86 @RequestMapping, 84 @Size, 86 configuration, annotations and, 71–72 dependency injection and, 65 Dispatcher Servlet, 65–66 exception handling, 93–95 file uploads, 90–93 form tab library, 73–74 forms binding, 74 buttons, 79 checkboxes, 78 classes, 76–77 dates, 76–77 drop-downs and, 77 form tag, 74–75 input elements, 75–76 JSP and, 73–84 labels, 78 radio buttons, 78 styles, 79–84 Front Controller, 65–66 handler mappings, 66 Hello World application, 68–71 input validation, 86–90 internationalization, 95–97 mock reqest/response, printing, 231 testing controllers, 227–228 exception handlers, 230 form submission, 228–230 themes, 97–100 view resolvers, 66 N NamedParameterJdbcTemplate class, 105 naming beans, 44–45 natural primary keys, 141 navigation, safe navigation operator (SpEL), 278–279 NESTED propagation, 192 NEVER propagation, 192 NoOpCacheManager, 294 NOT_SUPPORTED propagation, 192 O OAuth, 333 object query language, 139 objects associations, 138–139 directionality, 144–145 many-to-many, 143–144 many-to-one, 142–143 one-to-many, 143 one-to-one, 142 BLOBs (binary large objects), 126–127 callback objects, 116 CLOBs (character large objects), 126–127 Command, 74 CRUD operations, 150–153 Form, 74 Form-Backing, 74 mock objects for testing, 231–232 TransactionSynchronization, 204–205 OGNL (Object Graph Navigation Language), 264 @OneToMany annotations, 143 one-to-many associations, 143 @OneToOne annotation, 142 one-to-one associations, 142 OpenID, 333 OpenJPA, 139 operators between, 277 EL (expression language), 275 instanceof, 277 SpEL arithmetic, 276 collection, 279–280 conditional, 277–278 logical, 276–277 projection, 279–280 433 operators (continued) – records operators (continued) regular expression, 278 relational, 276 safe navigation, 278–279 selection, 279–280 T( ), 272–273 ORM (object-relational mapping), 138 associations between objects, 142–145 entities, 140–141 framework, 139 Jave types to SQL types, 145–147 mapping attributes to columns, 141–142 mapping Java types to SQL types, 145–147 P PAM (pluggable authentication module), 332 parameters, queries, 116–118 parseExpression method, 267 parsing, SpEL and, 267–270 passwords encryption, 349–350 Spring Security, 334 @PathVariable annotation, 85 @Pattern annotation, 86 patterns, Template Method, 115 persistence, 153 persistence context, 150 persistence unit, 149 multiple, 170–171 @PersistenceContext annotation, 161 @PersistenceUnit annotation, 161 PlatformTransactionManager, 201–203 PlatformTransactionManager API, 180 implementations, 182–183 PlatformTransactionManager bean, configuration, 180–182 @Pointcut annotation, 251–252 point-cut in AOP, 238 alternative designators, 249 method signature expressions, 249 type signature expressions, 248–249 wildcards, 250 POJO (Plain Old Java Object), 1–2 programming model 434 benefits, 7–8 problems, 2–7 POST method, 306 @PostConstruct annotation, 296–298 PreparedStatement, 119–121 primary keys natural primary keys, 141 surrogate primary keys, 141 synthetic primary keys, 141 procedures, stored, calling, 124–125 prodFoo( ) method, 58 profiles, beans, 54–56 projection, operators, 279–280 projects, Maven, creating, 21–22 propagation rules MANDATORY, 192 NESTED, 192 NEVER, 192 NOT_SUPPORTED, 192 REQUIRED, 191––192 REQUIRED_NEW, 192 SUPPORTS, 192 element, 30 proxy objects, 239 Proxy pattern, 239 PUT method, 306 Q QL (Query Language), 155–156 @Qualifier annotation, 219 queries IN clause, 118–119 JdbcTemplate, 114–116 parameters, named, 116–118 SQL encapsulation, 128–132 MappingSqlQuery class and, 128–132 R radio buttons, MVC forms, 78 records (databases) deleting, 121–124 regular expression operator – SpEL inserting, 121–124 updating, 121–124 regular expression operator, SpEL, 278 relational operators, SpEL, 276 remember-me support, 350–351 @Repository annotation, 19 @RequestMapping annotation, 84, 317 request-scoped beans, testing, 225–227 REQUIRED propagation, 191––192 REQUIRED_NEW propagation, 192 @Resource annotation, 219 @ResponseBody annotation, 316 REST (REpresentational State Transfer), 305 DELETE method, 306 GET method, 306 POST method, 306 PUT method, 306 @RestController annotation, 316 RestException class, 324 RestExceptionHandler class, 325 RESTful services, 306 annotation configuration, 319–320 CRUD operations, 307–318 exception handling, 322–326 HTTP, status codes, 318 unit testing, 326–328 web services, creating, 306–318 XML and, 320–322 RestTemplate class, 326–328 RMI (remote method invocation), #root, 273 RowMapper, 116 runtime, environment configuration, 56–59 S safe navigation operator (SpEL), 278–279 savepoints, 192 scopes bean scope, 48–51 built-in, 50 singleton, 25 security, 331–332 authentication, 332 authorization, 332 CAS (Central Authentication Service), 333 OAuth, 333 OpenID, 333 Siteminder, 333 web.xml, 332–333 SecurityContext object, 341 selection, operators, 279–280 first and last element, 280 @Service annotation, 19 service layers, caching methods, 286–289 Servlet Context, 67 Servlet Specification, web.xml security, 332–333 ServletContextAware interface, 67 session management in Spring Security, 351–352 SessionLocalResolver class, 95 session-scoped beans, testing, 225–227 setRootObject( ) method, 273 setter injection, 31–34 setter methods, 11, 12 setup methods, 220–221 setValue( ) method, 267 SimpleCacheManager, 293–294 SimpleJdbcCall, 124–125 SimpleJdbcCall class, 105 SimpleJdbcInsert class, 105 singleton scope, 24 Siteminder, 333 @Size annotation, 86 SoapUI, service methods, 306–307 SpEL (Spring Expression Language), 226, 264 authorization and, 357–358 caching, 281 expressions, 295–296 configuration and, 264–266 functions, 273–275 registering, 274–275 Hello World, parsing, 268–270 inline lists, 274 methods, invoking, 270–273 operators, 275 arithmetic, 276 collection, 279–280 conditional, 277–278 logical, 276–277 projection, 279–280 435 SpEL (Spring Expression Language) (continued) – TestContext framework SpEL (Spring Expression Language) (continued) regular expression, 278 relational, 276 safe navigation, 278–279 selection, 279–280 parsers, creating, 267–270 , 281 system properties, 274 system property injection, 264–266 utilities, bean access, 280–281 variables, 273–275 environment, 274 #root, 273 system properties, 274 #this, 274 SpelExpressionParser, 267 Spring 4.0, 369 Java 8, 370–374 Java EE7, 370–374 Spring Container configuration, 21–25 Java Annotation-based configuration, 27–29 standalone environment Java-based configuration, 21–26 XML-based configuration, 26–27 Spring Security authentication, 333, 341 anonymous, 333 basic, 352–353 login, 342–243 authorization, service methods, 359–364 CAS (Central Authentication Service), 333 configuration, 334–340 encryption, 334 passwords, 349–350 features, 333–334 filters, 338 fixation attacks, 334 integration support, 333–334 JSP tags, 358–359 logout, 346 OAuth, 333 OpenID, 333 436 passwords, 334 encrypting, 349–350 remember-me support, 333, 350–351 secure HTTP, 334 service method authorization, 359–364 session management, 351–352 Siteminder, 333 SSO solutions, 333 UserDetails, 346–347 UserDetailsService interface, 340 web requests, authorization, 353–355 , 281 SQL (Structured Query Language) DML operations, encapsulation, 130–131 mapping Java types to, 145–147 queries encapsulation, 128–132 MappingSqlQuery class and, 128–132 stored procedures, encapsulations, 131–132 SqlUpdate class, 105, 130–131 SSO (single sign-on) solutions, 333 static methods, calling, 272–273 storage, cache bootstrapping, 296–298 stored functions, calling, 124–125 stored procedures, calling, 124–125 StoredProcedure class, 105 styles, MVC forms, 79–84 SUPPORTS propagation, 192 surrogate primary keys, 141 synthetic primary keys, 141 system exceptions, 186 system properties, injecting, SpEL and, 264–266 systemEnvironment variable, 274 systemProperties variable, 274 T T( ) operator, 272–273 @Table annotation, 140 target in AOP, 238 teardown methods, 220–221 Template Method pattern, 115 templates, expression templates, 267 TestContext framework, 219–225 testing – web applications testing annotations, 232–233 context hierarchies and, 225 dependency injection, 217–219 mock objects, 231–232 MVC controllers, 227–228 exception handlers, 230 form submission, 228–230 request-scoped beans, 225–227 RESTful services and, 326–328 session-scoped beans, 225–227 transaction management, 219–222 utilities, 232–233 web applications, 222–223 WebApplicationContext, 222–224 TextContext Framework, 204–205 themes, MVC, 97–100 #this, 274 ThrowsAdvice, 244 transaction abstraction model, 180–182 advantages, 183 transaction management ACID acronym, 176 boundaries, 177–180 data access layer separation, 186–189 declarative, 183–186 default behavior, 189–190 layer isolation, 186–189 programming PlatformTransactionManager, 201–203 TransactionTemplate, 198–200 propagation rules MANDATORY, 192 NESTED, 192 NEVER, 192 NOT_SUPPORTED, 192 REQUIRED, 191––192 REQUIRED_NEW, 192 SUPPORTS, 192 service layer separation, 186–189 , 195–197 @Transactional annotation, 186, 219 class level, 190–191 transactions, 176 local versus global, 182 logic execution, 203–205 PlatformTransactionManager bean, configuration, 180–182 transaction demarcation, 180–182 TransactionSynchronization object, 204–205 TransactionTemplate, 198–200 transferMoney method, 24 transitive persistence, 153 transparent persistence, 154 , 195–197 U UEL (Unified Expression Language), 264 unchecked exceptions, 186 unidirectional associations, 138–139 unit testing, RESTful services, 326–328 uploading files, 90–93 URI (Uniform Resource Identifier), 64 user input, validation, 86–90 UserDetails, 346–347 UserDetailsService, 340–341, 348 UserRestController class, 316 utilities SpEL, bean access, 280–281 for testing, 232–233 V validation, user input, 86–90 variables, SpEL, 273–275 vendor-specific methods, 127 view resolvers, 66 W weaving in AOP, 238 web applications, testing 222-223 WebApplicationContext, 222–224 437 web requests – XML-based configuration web requests, authorization, 353–355 web services, creating, 306–318 @WebAppConfiguration annotation, 226 WebApplicationContext, loading, 222–224 web.xml security, 332–333 wildcards, AOP, 250 438 within keyword, 248–249 World Wide Web, 64 X‑Y‑Z XML (eXtensible Markup Language), 19 RESTful services and, 320–322 XML-based configuration, 26–27 WILEY END USER LICENSE AGREEMENT Go to www.wiley.com/go/eula to access Wiley’s ebook EULA ... 425 Beginning Spring Beginning Spring Mert ầalsákan Kenan Sevindik Beginning Spring Published by John Wiley & Sons, Inc 10475 Crosspoint... 320 322 326 328 331 Why Spring Security? 332 Features of Spring Security 333 Configuring and Using Spring Security 334 Understanding the Fundamental Building Blocks of Spring Security 340 Authenticating... data access and transaction management; the use of AOP and Spring EL to customize application behavior; and how Spring 4.0 embraces the important language enhancements in Java Although Spring Security