SpringParadigm

In this Post I will Capture the following features: 1) Controller Advice with Custom Annotation 2) Capturing Attributes in ModelAndView with the help of ModelMap while forwarding request from One Controller to another.(Not a Spring 4 feature) Part1: By Using @ControllerAdvice annotation we can apply an Advice across all the controllers in an application. Here our objective is to apply an advice not to all the controllers in an Application Context, but to them annotated with a custom annotation @NoControllerAdviseAnnotated in this case. The advice that would be applied out here is @ExceptionHandler(Exception.class) for Exception class. Our Code for ControllerAdvice is as follows: @ControllerAdvice(annotations=NoControllerAdviseAnnotated.class) public class CustomControllerAdvice { @ExceptionHandler(Exception.class) public ModelAndView handleException(Exception exception,WebRequest request) { ModelAndView mv = new

Just Starting from the point where I left in the last POST The content of aspect-config.xml is: Here MyAspect is a AspectJ class: public aspect MyAspect { private DataInjectObject injectedData; public DataInjectObject getInjectedData() { return injectedData; } public void setInjectedData(DataInjectObject injectedData) { this.injectedData = injectedData; } pointcut incept1() : execution(* com.springjavaconfig.controller.BaseControllerNew.secureMethodNew(..,DataInjectObject)); pointcut incept2() : execution(* com.springjavaconfig.controller.BaseController.getEmployeeForm()); Object around() :incept2() { System.out.println("################################## \n\n"); System.out.println("####### ASPECTS IN ACTION ####### \n\n"); System.out.println("################################## \n\n"); System.out.println(" ****** Injected DATA:"+injectedData); return proce

The recent Spring Version is 4 , which is fully integrated with Java 8 . It has Got a lot of features in it bucket now. In this Blog I am going to explore some of its features with some insight. First thing that I will start with is: The Spring Java Config . Recently I have been working on Spring Java Config, I have been trying to migrate one of my existing Spring Projects (Which had Spring-Security 3.2, Aspects and other features) into a fully Java Based Configuration . My objective is,there is going to be no XML configuration, even web.xml . Spring Java config, though it is not a part of Spring 4. It has been introduced in Spring 3.2 . I will be creating a project with no .xml files bearing any Spring based configuration. All the configuration will be moved to Java. In the cloud there are actually a lot of posts bearing a lot of useful information regarding this Spring Java Based configuration and lot of them are really useful but I really had hard time in c

I this post, I am going to discuss about some issues that I faced while configuring method level security with Annotation like @PreAuthorize, @PostAuthorize etc. The scenario is that I am trying to secure the calls to my controller methods through Annotation Based Method level security of Spring Security module. One of the parameters of the @PreAuthorize is the method parameter of Spring controller which I am passing with the help of Expression language and the parameter is being confugured through WebArgumentResolver of Spring as discussed in my previous post. @PreAuthorize("hasPriviledge( #dataInj, 'TxnClm5013','read')") @RequestMapping(value="/SecureMethodNew" , method=RequestMethod.GET) public ModelAndView secureMethodNew(HttpServletRequest request,@DataInject("dataInject") String dataInject123, @DataInjectNew DataInjectObject dataInj ) throws Exception { I am going to discuss my discussion into two sections:

Recently I came across Argument Resolver in Spring. It has got two versions: 1) Spring 3.2 &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp&nbsp2) Spring 4.0 The scenario was such that for every handler method, I need a particular Object in every method. So, with the help of Spring Argument Resolver Architecture, I annotate that Particular Type with a Custom annotation for identifying that Particular Type and populating it. Without annotation By inspecting Only the type of the Parameter too, this end could be achieved. The configuration is as follows: Spring 3.2: &ltbean class="org.springframework.web.servlet.mvc.annotation

Now lets explore the code a little deeper to get a better understanding of how Spring in a best way performs all the Task. So from the above configuration it is quite evident that at the heart lies the CustomMethodSecurityExpressionHandler , which incorporates a permissionEvaluator i.e. DefaultPermissionEvaluator and priviledgeEvaluator i.e. CustomPriviledgeEvaluator The code for permissionEvaluator is: public class DefaultPermissionEvaluator implements PermissionEvaluator { @Override public boolean hasPermission(Authentication auth, Object arg1, Object arg2) { // TODO Auto-generated method stub System.out.println(" *******1) The Authentication is:"+auth+"\n"+arg1+"\n"+arg2); return true; } @Override public boolean hasPermission(Authentication auth, Serializable arg1, String arg2, Object arg3) { // TODO Auto-generated method stub System.out.println(" ******* 2) The Authentication is:"+auth+":"

Introduction Spring Security 3, apart from securing URL’s based on priviledge i.e. roles (The basic authorization process), also provides the ample scope of implementing method level security with annotations at the business layer, and thus ensuring no unauthorized calls would be made at the methods at the corresponding layer. The implementation of method level security is being accomplished with the help of Spring managed AOP approach to recognize, evaluate and secure method invocations. The basic flow can be described as follows: • Spring AOP runtime intercept calls to the methods of interest by implemeting aspects with the help of MethodSecurityInterceptor. • The MethodSecurityInterceptor with the help of AccessDecisionManager, and the corresponding AccessDecisionVoters of the AccessDecisionManager makes the authorization decision. Generic Configuration Details The AOP proxying is not invoked for all Spring Mannaged Beans by default. Declaring in Spring Security

Annotation which is being primarily used for metadata purposes in Code needs to be parsed to imply the purpose they are intended for. Annotation Parsing is basically done at runtime with Reflections api. This is the usual approach which we generally folow. Apart from the above mentioned fact annotation parsing can also be done at Compile Time and in this post I am going to throw some light into that. Compile Time annotation Parsing follows the SPI (Service Provider Interface) architecture. To achieve this: I have declared a Custom annotation as follows: import java.lang.annotation.Inherited; import java.lang.annotation.Retention; import java.lang.annotation.RetentionPolicy; @Inherited @Retention(RetentionPolicy.SOURCE) public @interface CompileTimeParsing { } The main thing to look aout for in the above code is the Retention Policy, which is Source, which is normally Runtime when we use annotation parsing at runtime with Reflections. Now we define the a

In this post I am going to provide some insight regarding Spring Transaction (Annotation bases: "@Transaction") The Annotation based Spring Transaction can be configured in two modes: 1)proxy (default) 2)aspectj and this can be configured through mode attribute of Here I am going to discuss primarily regarding the proxy mode only. There are two types of proxy used in Spring configuration: 1) Jdk dynamic Proxy. 2) Cglib Proxy. Jdk dynamic Proxy: It is interface based proxy, and it is default configured as "proxy-target-class" attribute of is false (by default). The Proxy is created by implementing the interface specified and then delegating the calls to the target object. Cglib Proxy: It is class based proxy. The proxy is created by subclassing the target class. It is used when "proxy-target-class" attribute of is set to true. Each one has its own usage criteria Like 1) f

We are going to implement JTA IN Spring to support Distributed(XA) Transactions in our Module. The underlying JTA implementation that we will be using is Atomikos. It is Open Source. Let's first traverse through the configuration part for implementing JTA in Spring. The required list of jars are: 1) hibernate-core-3.6.0.Final.jar 2) transactions-jta-3.6.4.jar 3) atomikos-util-3.6.4.jar 4) transactions-3.6.4.jar 5) transactions-api-3.6.4.jar 6) transactions-hibernate3-3.6.4.jar 7) transactions-jdbc-3.6.4.jar 8) concurrent-1.3.4.jar 9) cglib-nodep-2.2.3.jar -------------------------------------------- Config Changes of Application Context.xml -------------------------------------------- &ltcontext:component-scan base-package="com.springRest.controllers"&gt&lt/context:component-scan&gt &ltcontext:annotation-config&gt&lt/context:annotation-config&gt &lttx:annotation-driven transaction-manager="transactionManager"/&a