This document provides an overview of the Spring Framework, including its core modules, advantages, and requirements for usage. It discusses the Spring runtime environment and modules for core container functionality, data access, web functionality, testing, and aspects/instrumentation. It also covers configuration through Maven dependencies, Java classes, XML files, and web.xml. Finally, it introduces Spring Security modules, the interaction flow, and configurations for security including the web.xml, password encoding, CSRF protection, Spring XML, and authentication providers.

1. Spring Framework

2. Context
Introduction to Spring Framework
Spring Framework Runtime
Advantages of using Spring
Requirements
Maven Dependency
Java Class
XML File
Spring-Web.xml
Integration Testing
Spring Security
Spring Security Modules

3. Context
Interaction Flow
Spring Security Web.xml Configuration
Password Encoder
CSRFHeader Filter
Spring XML
Authentication Provider

4. Introduction to Spring
Framework
Spring Framework is a Java platform
that provides support for developing
Java Application
Spring enables you to build
applications from POJO(plain old
Java objects) and to apply enterprise
service to non-invasively POJO’s.

5. Spring Framework
Runtime
Data access Web
Core Container
Test
JBDC ORM
OXM JMS
Transactions
WebSocket Servlet
Web Portlet
AOP Aspects Instrumentation
Messagin
g
Beans Core Context SpEL

6. Spring Framework
Runtime[Conti..]
CORE CONTAINER:-
The spring-core and spring-beans modules provide the fundamental parts of the framework, including
the IoC and Dependency Injection features.
The spring-context module builds on the solid base provided by the Core and Beans modules, it
means to access objects in a framework-style manner that is similar to a JNDI registry.
The spring-expression module provides a powerful Expression Language for querying and
manipulating an object graph at runtime.
AOP and Instrumentation:-
The spring-aop module provides an AOP Alliance-compliant aspect-oriented programming
implementation allowing you to define, for example, method interceptors and pointcuts to cleanly
decouple code that implements functionality that should be separated.
The separate spring-aspects module provides integration with AspectJ.
The spring-instrument module provides class instrumentation support and classloader
implementations to be used in certain application servers.
Messaging:-
Spring Framework 4 includes a spring-messaging module with key abstractions from the Spring
Integration project such as Message, MessageChannel, MessageHandler, and others to serve as a
foundation for messaging-based applications.

7. Spring Framework
Runtime[Conti..]DATA ACCESS:-
The Data Access/Integration layer consists of the JDBC, ORM, OXM, JMS, and Transaction
modules.
The spring-jdbc module provides a JDBC-abstraction layer that removes the need to do tedious
JDBC coding and parsing of database-vendor specific error codes.
The spring-tx module supports programmatic and declarative transaction management for
classes that implement special interfaces and for all your POJOs (Plain Old Java Objects).
The spring-orm module provides integration layers for popular object-relational mapping APIs,
including JPA, JDO, and Hibernate.
The spring-jms module (Java Messaging Service) contains features for producing and consuming
messages.
WEB:-
The spring-web module provides basic web-oriented integration.
The spring-webmvc module contains Spring’s model-view-controller (MVC) and REST Web
Services implementation for web applications. Spring’s MVC framework provides a clean
separation between domain model code and web forms and integrates with all of the other
features of the Spring Framework.
The spring-webmvc-portlet module provides the MVC implementation to be used in a Portlet
environment and mirrors the functionality of the spring-webmvc module.
TEST:-
The spring-test module supports the unit testing and integration testing of Spring components
with JUnit or TestNG. It provides consistent loading of Spring ApplicationContexts and caching of

8. Advantages of using
Spring
Simplifies your code
DAO implementation which leads to
CRUD
Beans are used in centralised
configuration

9. Requirements
Maven Dependencies
Class with Dao, Entity, Resources
etc.
XML file that provides values
Test cases

10. Maven Dependency
Spring:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring</artifactId>
<version>${org.springframework.version}</versi
on>
</dependency>
Spring-core:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${org.springframework.version}</versi
on>
</dependency>
Spring-web:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${org.springframework.version}</versi
on>
</dependency>
Spring-bean:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${org.springframework.version}</versi
on>
</dependency>
Spring-aop:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${org.springframework.version}</versi
on>
</dependency>
Spring-context:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${org.springframework.version}</version
>
</dependency>
Spring-security-web:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${org.springframework.version}</versi
on>
</dependency>
Spring-test:
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>${org.springframework.version}</versi
on>
</dependency>

11. Java Class
package dao;
import java.util.List;
import entity.AbstractEntity;
public interface Dao<T extends AbstractEntity, I>{
List<T> findAll();
T find(I id);
T save(T newEntry);
void delete(I id);
}

12. Java Class[Conti..]
package model;
import javax.persistence.Entity;
@Entity
@Table(name = "phone")
public class Phone {
@Column(name = "name")
private String name;
public String getName() { return name; }
public void setName(String name) { this.name = name; }
public void display(){
System.out.println("iTs: "+name);
}
}

13. XML File
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:jpa="http://www.springframework.org/schema/data/jpa" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:util="http://www.springframework.org/schema/util"
xmlns:tx="http://www.springframework.org/schema/tx" xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task" xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
http://www.springframework.org/schema/data/jpa http://www.springframework.org/schema/data/jpa/spring-jpa-1.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-4.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-4.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd”>
<bean id=“phonebean” class=“com.model.Phone">
<property name=“name" value=“HTC"> </property>
</bean>
</beans>

14. Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Phone</display-name>
<!-- Load Spring Context -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet-mapping>
<servlet-name>RestService</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>

15. Test Class
package com.model;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.xml.XmlBeanFactory;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.Resource;
public class Test {
public static void main(String[] args) {
Resource resource = new ClassPathResource("context.xml");
BeanFactory factory = new XmlBeanFactory(resource);
Phone phone = (Phone)factory.getBean("phonebean");
phone.display();
}
}

16. Integration Testing
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:annotation-config />
<context:component-scan base-package="com.phone"/>
</beans>

17. Integration
Testing[Conti..]

18. Integration
Testing[Conti..]

19. Spring Security
Spring security is the highly customizable authentication and
access-control framework.
The main focus of spring security is on Authentication and
Authorization:
Where authentication is the process of establishing a principal (user) who
claim to be
Where authorization is the process of deciding whether the logged in principal
(user) allowed to perform a certain actions.

20. Spring Security
Modules
Core – This module contains the APIs for basic authentication and access-
control related mechanism. This is mandatory for ant spring security
applications.
Remoting – This module provides integration to the Spring Remoting.
Web – This module contains APIs for servlet filters and any web based
authentication like access restriction for URLs.
Config – This module is needed while using the Spring Security XML
namespace for configuration.
LDAP – Required to use LDAP authentication or manage LDAP user entries.
ACL – Specialized domain object ACL implementation.
CAS – Spring Security’s CAS client integration.
OpenID – OpenID web authentication support.

21. Interaction Flow
Web.xml
Spring
Configuratio
n
Spring Framework
Database
User
Web Application

22. Web.xml Configuration
<!-- Apply Spring Security Filter to all Requests -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

23. Password Encoder
Necessary steps to use Spring
Security’s to protect our site against
CSRF attacks
Use proper HTTP verbs
Configure CSRF Protection
Include the CSRF Token

24. Password
Encoder[Conti..]
Use proper HTTP verbs:
Before Spring Security’s CSRF support can be of use,
you need to be certain that your application is using
PATCH, POST, PUT, and/or DELETE for anything that
modifies state.
Configure CSRF Protection:
<http>
<!-- ... -->
<csrf disabled="true"/>
</http>

25. CSRFHeader Filter

26. Spring XML
<security:authentication-manager id="authenticationManager">
<security:authentication-provider
user-service-ref="userDetailService">
<security:password-encoder ref="passwordEncoder"></security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:global-method-security
secured-annotations="enabled" pre-post-annotations="enabled" />
<security:http realm="Protected API" use-expressions="true"
auto-config="true" authentication-manager-ref="authenticationManager">
<security:intercept-url pattern="/" access="permitAll" />
<security:intercept-url pattern="/index.html"
access="permitAll" />
<security:intercept-url pattern="/login"
access="permitAll" />
<!-- <security:intercept-url method="GET"
pattern="/rest/v1.0/auth" access="permitAll" /> -->
<security:intercept-url pattern="/**"
access="isAuthenticated()" />
<security:csrf token-repository-ref="csrfTokenRepository" />
<security:custom-filter ref="csrfHeaderFilter"
after="CSRF_FILTER" />
<security:http-basic entry-point-ref="entryPoint" />
<security:logout />
</security:http>

27. Authentication
Provider
package service.impl;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import dao.UserDao;
import entity.User;
import security.UserDetail;
public class UserDetailServiceImpl implements UserDetailsService {
private UserDao userDao;
public UserDetailServiceImpl(UserDao userDao) {
this.userDao = userDao;
}
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserShared user = userDao.findByUsername(username);
if (null == user) {
throw new UsernameNotFoundException("The employee with username " + username + " was not found");
}
return new UserDetail(user);
}
}

28. The End