Spring Boot in Action is an easily readable book, as we've now come to expect from Craig and Manning. From chapter 1's attention-getting introduction to Boot. This repository is having all Java related EBooks. - Innsmounth/JavaEBooks. A developer-focused guide to writing applications using Spring Boot. download of the print book includes a free eBook in PDF, Kindle, and ePub formats from.

Spring Boot In Action Pdf

Language:English, Portuguese, Arabic
Genre:Fiction & Literature
Published (Last):25.12.2015
ePub File Size:15.48 MB
PDF File Size:16.30 MB
Distribution:Free* [*Registration Required]
Uploaded by: BARB

Spring Boot in Action CHAPTER 2 Developing your first Spring Boot application To download their free eBook in PDF, ePub, and Kindle formats, owners. A developer-focused guide to writing applications using Spring Boot. You'll learn how to bypass the tedious configuration steps so that you can concentrate on. kaz-news.info - Download as PDF File .pdf), Text File .txt) or read online.

Spring expert Craig Walls uses interesting and practical examples to teach you both how to use the default settings effectively and how to override and customize Spring Boot for your unique environment. Along the way, you? Craig Walls is a software developer, author of the poplular book Spring in Action, Fourth Edition , and a frequent speaker at conferences. A lucid, real-world treatment of a valuable toolset.

The practical examples help bring agility and simplicity to application construction. Spring Boot in Action. Craig Walls Foreword by Andrew Glover.

Easy to digest and fun to read. Table of Contents takes you straight to the book detailed table of contents. Bootstarting Spring 1. Spring rebooted 1. Taking a fresh look at Spring. Examining Spring Boot essentials. Getting started with Spring Boot 1. Initializing a Spring Boot project with Spring Initializer. Developing your first Spring Boot application 2.

Putting Spring Boot to work 2. Examining a newly initialized Spring Boot project. Dissecting a Spring Boot project build. Using starter dependencies 2. Specifying facet-based dependencies.

Overriding starter transitive dependencies. Using automatic configuration 2. Focusing on application functionality. Customizing configuration 3. Overriding Boot auto-configuration 3.

Securing the application. Creating a custom security configuration. Taking another peek under the covers of auto-configuration. Externalizing configuration with properties 3. Fine-tuning auto-configuration. Externally configuring application beans. Customizing application error pages. Testing with Spring Boot 4. Integration testing auto-configuration.

Testing web applications 4. Mocking Spring MVC. Testing a running application 4. Starting the server on a random port. One option is to set the property in a profile. Groovy Templates. You can disable caching for your chosen template engine by setting its cache property to false. In the Taco Cloud application. Without a database to store this information. Although the user interface may provide interaction with an application.

Even though many alternative database types have emerged in recent years. To gain an appreciation of what JdbcTemplate does. When it comes to working with relational data.

What should be done here??? Reading and writing data with JDBC 57 3. Java developers have several options. JdbcTemplate provides a means by which developers can perform SQL operations against a relational database without all the ceremony and boilerplate typically required when working with JDBC.

Spring supports both of these with abstractions. In this section. Listing 3. To make matters worse. But the most common problems.

This requires that you catch a SQLException. SQLException is a checked exception. Your domain classes are now ready for persistence.

Lombok automatically generates the accessor methods. Your Ingredient class already has an id field. The following listing shows the new id and createdAt fields needed in the Taco class. If for some reason you choose not to use Lombok. Similar changes are required in the Order class. Listing Ingredient findOne String id.

Ingredient save Ingredient ingredient. I favor the H2 embedded database. For development purposes. The code shown next is the first step in writ- ing that implementation. The constructor assigns JdbcTemplate to an instance variable that will be used in other methods to query and insert into the database. Speaking of those other methods. This annotation is one of a handful of stereotype annotations that Spring defines.

JdbcIngredientRepository is annotated with Repository. When Spring creates the JdbcIngredientRepository bean. By annotating JdbcIngredientRepository with Repository. As shown in listing 3. The findAll method. The findById method only expects to return a single Ingredient object. But if for some reason you want or need an explicit RowMapper. At some point. The changes to DesignTacoController are shown next.

With JdbcIngredientRepository complete. It only requires a String contain- ing the SQL to perform as well as values to assign to any query parameters.

Figure 3. But before you can start reading data from the Ingredient table referenced in the que- ries. The findAll method fetches all the ingredients from the database before filtering them into distinct types in the model. Spring Boot answers that question. The big question is where to put this schema definition. Although that was a good first example. Two ways to save data with JdbcTemplate include the following: When you get back.

Spring Boot will also execute a file named data. The save method in JdbcIngredientRepository used the update method of JdbcTemplate to save Ingredient objects to the database. To implement TacoRepository. To save Taco objects. Like- wise. This makes saving tacos and orders a bit more challeng- ing than what was required to save an ingredient. The following listing shows the complete JdbcTacoRepository class.

OrderRepository also declares a save method: Not so quick. As you can see from listing 3. When you insert a row into Taco. But in order to use it. Back in save. Start by creating a PreparedStatementCreatorFactory. Once the update is finished. With a PreparedStatementCreator in hand. The devil is in the details of saveTacoInfo. The following listing shows the changes necessary for injecting the repository. The update method. Then call newPrepared- StatementCreator on that factory.

As with the taco method. Speaking of the processDesign method. It assigns both to instance variables so that they can be used in the show- DesignForm and processDesign methods. But unlike the Taco object in the session. The next listing shows the new processDesign method. Errors errors. The class-level SessionAttributes annotation specifies any model. After checking for validation errors. Reading and writing data with JDBC 71 objects like the order attribute that should be kept in session and available across multiple requests.

The following listing shows JdbcOrderRepository without the save method. The real processing of a taco design happens in the processDesign method. But before you write the save method implementation. OrderController needs to call out to an implementation of OrderRepository to save the order.

When it comes to saving orders. At that point. But rather than use the cumbersome Prepared- StatementCreator. JdbcOrderRepository is injected with JdbcTemplate through its constructor.

The second instance. The next listing shows the save method. The first instance. But instead of assigning JdbcTemplate directly to an instance variable. With a Map full of order data ready. Because of that. This is necessary because Object- Mapper would otherwise convert the Date property into a long. SimpleJdbcInsert has a couple of useful methods for executing the insert: But Order has several properties. The map values are inserted into those columns.

It defines the flow for saving an Order and its associated Taco objects. Now you can inject OrderRepository into OrderController and start using it. The saveTacoToOrder method is significantly simpler. The following listing shows the complete OrderController. Rather than use the ObjectMapper to convert an object to a Map.

A few of the most popular Spring Data projects include these: Now you can fire up the Taco Cloud application and try it out. The default credentials should get you in. All of the JDBC persistence code is in place. But you may find that JPA makes it even easier.

You might also find it helpful to dig around in the database. Once logged in. Once the order is saved. Consult the documentation for your chosen JPA implementation for details.

First up is the Ingredient class. But unfortunately. Spring Data does some amazing things when it comes to creat- ing repositories. The Data implicitly adds a required arguments constructor. And because there are final properties that must be set. And its id property must be annotated with Id to designate it as the property that will uniquely identify the entity in the database.

In addition to the JPA-specific annotations. You also add a RequiredArgsConstructor. Ingredient must be annotated with Entity. JPA requires that entities have a no- arguments constructor. AUTO private Long id. To declare the relationship between a Taco and its associated Ingredient list. A Taco can have many Ingredient objects. The next listing shows the new Order class. But with Spring Data.

For IngredientRepository. Without it. JPA would default to persisting the entities to a table named Order. Now that the entities are properly annotated. You can similarly define the TacoRepository like this: Spring Data knows that this method is intended to find Orders. Date startDate. This means the repositories are ready to use from the get-go.

But what if you have some requirements beyond basic persistence? In essence. When generating the repository implementation.

Just inject them into the controllers like you did for the JDBC-based imple- mentations. In the case of findByDelivery- Zip.

Suppose that you need to query for all orders delivered to a given ZIP code within a given date range. Date endDate. The methods provided by CrudRepository are great for general-purpose persistence of entities.

The method name. In that case. The findByDeliveryZip method is simple enough. Repository methods are composed of a verb.


You might be thinking that you need to write the implementations for all three. Spring Data examines any methods in the repository interface. Spring Data JPA automatically gener- ates an implementation on the fly. Spring Data defines a sort of miniature domain-specific language DSL where persistence details are expressed in repository method signatures. Spring Data also understands find. The deliveryZip property must be equal to the value passed into the first parameter of the method.

Spring Data method signatures can also include any of these operators: Spring Data ignores most words in a subject. The predicate follows the word By in the method name and is the most interesting part of the method signature.. As you can see.

The keyword Between indicates that the value of deliveryZip must fall between the values passed into the last two parameters of the method. Although the subject of the method is optional.. In addition to an implicit Equals operation and the Between operation. But you can use Query to perform virtually any query you can dream up. In this simple usage of Query. String deliveryCity. Query "Order o where o. Although the naming convention can be useful for relatively simple queries.

In the days of Leave it to Beaver. Information is probably the most valuable item we now have. As software developers. Enabling Spring Security 85 4. Right-click on the pom. Figure 4. Check the Security entry under the Core category. The Starter Dependencies dialog box will appear.

It seems that securing Spring applications is pretty easy work. But before we get ahead of ourselves. If you want to try it out. To get past it. This is a good start. With the Taco Cloud application secured. By doing nothing more than adding the security starter to the project build.

The log entry will look something like this: Using default security password: The username is user. To meet your security needs for Taco Cloud. As for the password. I suppose I could end this chapter now and move on to the next topic. The homepage and registration pages.

Listing 4. But to get started. But instead of being prompted with an HTTP basic authentication dialog box. Configuring Spring Security 87 Before this chapter is finished. If you attempt to hit the Taco Cloud homepage again. This is a small improvement—prompting for login with a web page even if it is rather plain in appearance is always more user-friendly than an HTTP basic dialog box.

Suppose you have only a handful of users. You may find it useful to set your browser to private or incognito mode when manually testing security. Spring Security offers several options for configuring a user store.

The current task at hand. First up. As shown in listing 4. The in-memory user store is convenient for testing purposes or for very simple applications. The following listing shows how to configure Spring Security to authenticate against user information kept in a relational database with JDBC. Each call to withUser starts the configuration for a user.

User buzz is configured to have infinity as their password. If you need to add. Configuring Spring Security 89 auth. The value given to withUser is the username. The DataSource used here is provided by the magic of autowiring. This information is used to authenticate the user. It expects that certain tables exist where user data will be kept.

From there. The authorities query selects zero or more rows containing the user- name and a granted authority. When replacing the default SQL queries with those of your own design.

But if you encode the passwords in the database. The group authorities query selects zero or more rows. The authentication query selects the username. Configuring Spring Security 91 In this case. To remedy this problem. But you can also override the group authorities query by calling groupAuthoritiesBy- Username with a custom query. All of them take the username as their only parameter. The only problem with this is that if the passwords are stored in plain text. But you can choose any of the other implementations or even provide your own custom implementation if none of.

Rather than use jdbcAuthentication. The PasswordEncoder interface is rather simple: But you can change that by specifying a query base: But before we go there. The following configure method shows a simple configuration for LDAP authen- tication: String encodedPassword.

By default. Groups should be searched for where the organizational unit is groups. Because the comparison is done within the LDAP server.

Another option is to perform a comparison operation. Rather than search from the root. If the password is kept in a different attribute.

But the attempted password is still passed across the wire to the LDAP server. But if your LDAP server is on another machine.

This assumes that the passwords are also encrypted using bcrypt in the LDAP server. To prevent that. In the preceding example. Each record is composed of one or more lines, each containing a name: Records are separated from each other by blank lines. Here, you specifically ask the LDAP server to load its content from the users.

Buzz Lightyear sn: Lightyear uid: But the Taco Cloud application needs something a bit special. It would thus make sense to persist user data in the same way. If you do so, the data will ultimately reside in a relational database, so you could use JDBC-based authentication. First things first, though. This information can be used for a variety of purposes, including pre- populating the order form not to mention potential marketing opportunities.

Arrays; import java. Collection; import javax. Entity; import javax. GeneratedValue; import javax. GenerationType; import javax. Id; import org. GrantedAuthority; import org. SimpleGrantedAuthority; import org.

Related Searches

UserDetails; import lombok. AccessLevel; import lombok. Data; import lombok. NoArgsConstructor; import lombok. In addition to defining a handful of properties, User also implements the UserDetails interface from Spring Security. The getAuthorities method should return a collection of authorities granted to the user. And, at least for.

With the User entity defined, you now can define the repository interface: CrudRepository; import tacos. As you learned in chapter 3, Spring Data JPA will automatically generate the imple- mentation of this interface at runtime.

Autowired; import org. UserDetails; import org. UserDetailsService; import org. UsernameNotFoundException; import org. The loadByUsername method has one simple rule: Otherwise, the User that was found will be returned. Spring will automatically discover it and instantiate it as a bean. You do, however, still need to configure your custom user details service with Spring Security. This time, you simply make a call to the userDetailsService method, passing in the UserDetailsService instance that has been autowired into SecurityConfig.

As with JDBC-based authentication, you can and should also configure a pass- word encoder so that the password can be encoded in the database. It would appear that you call the encoder method and pass its return value to passwordEncoder. In reality, however, because the encoder method is annotated with Bean, it will be used to declare a PasswordEncoder bean in the Spring application context.

Any calls to encoder will then be intercepted to return the bean instance from the application context. Now that you have a custom user details service that reads user information via a JPA repository, you just need a way to get users into the database in the first place. You need to create a registration page for Taco Cloud patrons to register with the application. The RegistrationController class in the following listing presents and processes registration forms.

Spring Boot Complete Guide

PasswordEncoder; import org. PostMapping; import org. RequestMapping; import tacos. Like any typical Spring MVC controller, RegistrationController is annotated with Controller to designate it as a controller and to mark it for component scanning. The fol- lowing listing shows a Thymeleaf template that defines the registration view. The RegistrationForm object given to process- Registration is bound to the request data and is defined with the following class: PasswordEncoder; import lombok.

Data; import tacos. For the most part, RegistrationForm is just a basic Lombok-enabled class with a handful of properties. But the toUser method uses those properties to create a new User object, which is what processRegistration will save, using the injected User- Repository.

This is the exact same PasswordEncoder bean you declared before. When processing a form submission, RegistrationController passes it to the toUser method, which uses it to encode the password before saving it to the data- base. In this way, the submitted password is written in an encoded form, and the user details service will be able to authenticate against that encoded password.

Now the Taco Cloud application has complete user registration and authentication support.

But the homepage, login page, and registra- tion page should be available to unauthenticated users. This configure method accepts an HttpSecurity object, which can be used to con- figure how security is handled at the web level. Among the many things you can con- figure with HttpSecurity are these: The following con- figure implementation does exactly that: The call to authorizeRequests returns an object ExpressionInterceptUrlRegis- try on which you can specify URL paths and patterns and the security requirements for those paths.

In this case, you specify two security rules: The order of these rules is important. Security rules declared first take precedence over those declared lower down.

The hasRole and permitAll methods are just a couple of the methods for declaring security requirements for request paths. Table 4. Securing web requests Table 4.

Spring Security extends SpEL to include several security- specific values and functions. After all. That can be done by calling formLogin on the HttpSecurity object passed into configure: The authorization needs for the Taco Cloud application are met by the simple use of access and the SpEL expressions in listing 4.

To replace the built-in login page. But expressions can be much more flexible. After the bridge. Check your username and password. The call to loginPage after that designates the path where your custom login page will be provided. Securing web requests Now you need to provide a controller that handles requests at that path. When Spring Security determines that the user is unauthenti- cated and needs to log in. But you can change that by specifying a default success page: If the user were to directly navigate to the login page.

This is configurable. It involves subjecting a user to code on a maliciously designed web page that automatically and usually secretly submits a form to another application on behalf of a user who is often the victim of the attack.

To enable logout.

You only. If the token matches. The user may not even know that the attack happened until they notice money missing from their account. To protect against such attacks. When the form is submitted. The request is then intercepted by the server and compared with the token that was originally generated.

It allows you to see inside an application. Since Spring Boot is all about auto-configuration it makes debugging difficult and at some point in time, you want to know which beans are created in Spring's Application Context and how Controllers are mapped. Spring Actuator provides all that information. It provides several endpoints e. It also provides a lot of insight and metrics about application health e. CPU and memory usage , number of threads etc.

It also comes with a remote shell which you can use to securely go inside Spring Boot application and run some command to expose the same set of data. You can even use JMX to control this behavior at runtime. Btw, it's important to secure your Spring Actuator endpoints because it exposes a lot of confidential information and a potentially dangerous one-two. But, don't worry. You can use Spring Security to secure Spring Actuator endpoints.

If you are not familiar with Spring Security then you can check out Spring Security Certification Class to learn about it. What are its benefits? Since it's used Groovy, it allows you to create Spring Boot application from the command line without ceremony e.

It's also very powerful and can auto-include a lot of library in Groovy's default package if you happen to use it. For example, if you use JdbcTempalte, it can automatically load that for you. Where do you define properties in Spring Boot application?

You can define both application and Spring boot related properties into a file called application. You can create this file manually or you can use Spring Initializer to create this file, albeit empty. You don't need to do any special configuration to instruct Spring Boot load this file.

If it exists in classpath then Spring Boot automatically loads it and configure itself and application code according. For example, you can use to define a property to change the embedded server port in Spring Boot, which is also our next question. Can you change the port of Embedded Tomcat server in Spring boot? If Yes, How? Yes, we can change the port of Embedded Tomcat Server in Spring Boot by adding a property called server.

As explained in the previous question, this property file is automatically loaded by Spring Boot and can be used to configure both Spring Boot as well as application code. If you need an example, you can see this step by step tutorial to change the port of Embedded Tomcat Server in Spring Boot. What is the difference between an embedded container and a WAR?

The main difference between an embedded container and a WAR file is that you can Spring Boot application as a JAR from the command prompt without setting up a web server. What embedded containers does Spring Boot support? Spring Boot support three embedded containers: Tomcat, Jetty, and Undertow. By default, it uses Tomcat as embedded containers but you can change it to Jetty or Undertow.

What are some common Spring Boot annotations? SpringBootTest is used to run unit test on Spring Boot environment. Some of the most common Spring Boot Start dependencies or POMs are spring-boot-starter, spring-boot-starter-web, spring-boot-starter-test.

Can you control logging with Spring Boot? Yes, we can control logging with Spring Boot by specifying log levels on application.There is another implementation of the same project for the Java developers.

Finally, the build specification ends with the Spring Boot plugin. Java Persistence with Hibernate, Second Edition. At this point, you can click Finish to generate the project and add it to your work- space.

This new edition includes all Spring 5. All of them take the username as their only parameter. Its primary purpose is to identify this class as a component for com- ponent scanning.