RSS

Tag Archives: Spring

Spring Security Basics

30 Mar

Episode 63

Welcome to the next installment of the series about Spring-based web applications development. So far we have covered Angular JS fronted, Spring core, webservices, database access and unit tests. Today we are going to take care of our application security – basic authentication and authorization, users, roles, custom login form and method level security.

70d42d4aaa6aede4b84bde43e3dead63

Spring Security project started as Acegi security around 2004 and initially focused on custom authorization, using standard Java Enterprise Edition container managed authentication. Version 1.0.0 became official Spring sub-project in 2006 and year later was re-branded to Spring Security. Say hello to Alice, Bob and Eve.

Foundations

We should briefly clarify some security terminology, which might sometimes by confusing:

Identification is stating a subject identity, like user name, without yet providing any proof for that (Hi, I’m Alice). Read the rest of this entry »

 
Leave a comment

Posted by on March 30, 2017 in Spring, Technology

 

Tags: , , ,

Spring Web Basics

09 Mar

Episode 60

Here is the second part of Spring back-end series for beginners. Part zero appeared half year ago, and was focused on Angular front-end. Part one was two weeks ago, and consisted of some basic concepts of Spring framework including inversion of control, dependency injection, beans, configuration and profiles. Today we are going to look into Spring web, in particular web services and handling incoming HTTP requests. There will be no fancy front-end stuff this time, just naked request and response.

steampunk_spider_lamp_by_catherinetterings-d6ugb5v

As usual the introduction to the topic and going over basic concepts might well be at least one separate article but let’s try to do all at once. We will cover the concept of HTTP protocol, servlets, web services, REST and JSON. If you would like to play with complete application working out of the box, visit my GitHub project Spring Angular Intro. This tag corresponds to project state at the time of writing this article.

Foundations

HTTP or Hypertext Transfer Protocol, belongs to the application layer of Internet Protocol Suite, so it’s the highest-level layer above transport layer (like TCP), network layer (like IP) and link layer (like Ethernet). HTTP request contains Read the rest of this entry »

 
4 Comments

Posted by on March 9, 2017 in API, Spring, Technology

 

Tags: , , , , ,

Spring Core Basics

23 Feb

Episode 58

This week I was planning to publish introduction to Amazon Web Services, but since I’m working on preparing Spring-based web applications development course for Wrocław University of Technology students with my two colleagues, I decided to change the schedule a bit. I planned to write few articles about Spring framework anyway, but in order to fit everything before particular classes in March and April I need to start exactly now.

a1dac3474b1a296e8ec8b14647ec7798.jpg

I wrote a Spring Hello World article over two years ago actually, but today I wanted to talk a bit more about some fundamental concepts: Inversion of Control and dependency injection. Let us take a closer look at application structure, configuration, components and wiring. There will be quite a lot of code snippets. If you would like to play with complete application working out of the box, visit my GitHub project Spring Angular Intro. The application is based on the one I prepared for Angular Intro article in September 2016, but now we will focus on back-end exclusively. This tag corresponds to project state at the time of writing this article.

Concepts

Classic approach to program structure is that we write custom, high-level code which calls lower level code.  The flow of control goes from our code to a generic framework or libraries. Inversion of control is a technique, where Read the rest of this entry »

 
3 Comments

Posted by on February 23, 2017 in Spring, Technology

 

Tags: , , , ,

From Java Source to Bare Metal, Part One: An Unexpected Request

22 Dec

Episode 49

Imagine you are developing a web application based on a typical modern technology stack. In essence, the goal is to create something that receives requests from the network, processes them, and responds to them with some kind of structured data. It can be a fancy HTML webpage to be displayed in client’s web browser or it can be a raw text object to be consumed by another application web API. Have you ever wondered what exactly is going on behind the scenes? What is happening between the moment when the code you wrote is executed and the moment when electrical impulses jumps the network cable sticking out of that metal box in the data center? Let me take you on the journey along numerous layers of abstraction in modern software stack that must be bypassed to make things happen.

There and Back Again: Abstractions

Programming is all about abstractions. We endlessly put one layer above the other in order to deal with tremendous complexity of software and hardware. Often, we ignore most of the layers to focus on solving the actual problem at hand. In principle, sending a JSON object over the network might seem like an easy task with modern tools and frameworks. You generate the project, tweak just a little bit here and there, write one method with few annotations and there you go, it works. But the engineering problem of making this possible in an easy, fast, secure, reliable, scalable and manageable way is gargantuan. Looking at the big picture, it’s probably an effort of hundreds of thousands of software developers, architects, electronic and electrical engineers, computer scientist and mathematicians, spanned over several decades of work. All that, to let you do the job in a single pomodoro.

248900

Of course, to develop decent software, you don’t necessary have to understand exactly how all this works, it’s probably not even possible for a single human being to grasp all that in every detail. I believe however Read the rest of this entry »

 
5 Comments

Posted by on December 22, 2016 in Spring, Technology

 

Tags: , , , , ,

Here be dragons

12 Aug

Entry 7, Day 11

It seems that I’m more of a writer than a coder in this little endeavour. Well, old habits die hard, I wrote quite a lot of stuff several years ago, although not really technical. Anyway, this is good. Before you sit to code in the new projects, there are some stuff, you need to discuss with other devs, the Product Owner, Stakeholders/Clients, right? (Yes, devs can talk to Stakeholders directly, even though the PO is their default world interface. It can be very beneficial to the project). So now, let’s wander into the unknown lands of dragons. The enterprise (and less enterprise) technologies. There will be a lot of links.

Usually, there is a number of so called “technologies”, you will want to use. Theoretically, you can write an application using almost pure Java on top of application server (or what the hell, even without the server, just play with sockets manually), but it is impractical to say the least.

Under normal circumstances, the technology choice depends on what you want to achieve, what are the skills in the team at your disposals or other external factors like deals with big nasty software corporations. Since I’m my own client, I’m free to do what I please. I will go for some healthy mix of things that are suitable, fun, that I want to learn, and that I already know, and want to know better. Using only unknown technologies might be more beneficial from the learning point of view, but being struck at every aspect of the application might not be funny (not that I’m a pessimist, but I’ve seen stuff…). So I need some fields, where I know I can go fast to repair my ego if needed.

So, the main technology I will use is Java 8 language, as I’ve mentioned in the previous post.

Of course, since we are talking web application, the backbone of everything is HTML, this is what the user receives at the end.

There must be some kind of presentation technology (unless you are writing some purely backend EDI system or something similar). If you are truly old school, you can go with JSP pages. A bit more modern approach would be JSF or Velocity. There are plenty fish in the sea.

Client likes the application to be responsive. So instead of reloading the entire page, you can do things in the browser, instead of on the server. We can go with JavaScript, Dart, or my favourite: GWT. Actually GWT will do the job with both static and dynamic web content, and it is a Java compiled to JavaScript. I’m a big fan.

Then there is (usually) the framework that simplifies things (or complicates, depending on the framework and usage). Spring is the choice here, since it’s tremendous popularity in recent times. I’ve used it quite a bit, but there is still much to learn for me.

There is an object-relational mapping framework, Hibernate being popular choice.

Those are the core technologies. There will probably be many more, but we are not doing Big Design Up Front, remember? I will add and comment on new stuff as needed.

By the way, I think the word technology is sometimes an overkill when it comes to software. Nuclear bomb is a technology. Internal combustion engine is a technology. Microprocessor is a technology. Although Wikipedia says that technology is “collection of tools, including machinery, modifications, arrangements and procedures used by humans”, it seems to me that a piece of software written by a guy over several evenings while drinking beer shouldn’t be called that. Not that I don’t respect contribution to mankind well being, but there is a matter of scale. Probably “library” is sometimes a better word than “technology”.

dragons

 

 
Leave a comment

Posted by on August 12, 2014 in BookSentry, Technology

 

Tags: , , ,