I wanted to build an application based on Java EE 6, but the security mechanisms of Java EE are not sufficient and a pain to with for my needs. Spring Security seems the best way to secure my application. Now I wonder if Spring Security + EJB is a good combination or if I should be better use Spring only.
I need method interception, ACLs and possibly URL pattern access control. The main problem I see is to use EJB interception with Spring Security. It is a problem? What other areas could be problematic?
Would you prefer Spring Security + EJB or Spring Security + Spring (only)?
As skaffman said the real question is Java EE vs. Spring. There is a nice comparison from JBoss.
Spring Security is distinct from the Spring Framework. They work well together, but Spring Security does not require you to use the Spring Framework underneath.
So in a very real sense, it doesn't matter, it becomes a question of whether you prefer EJB3 or Spring, regardless of Spring Security.
I am not very familiar with EJB but my understanding has always been that it is essentially a data-access technology, or a way to distribute services.
Spring itself, and the Spring Security module, is designed to be very lightweight and unobtrusive. If you are building a web application and using Spring Security for logins/security, then it doesn't care or even know if you are using EJB vs JDBC vs remoting technologies etc.
After having spent a lot of days trying to find a way to only uses springsecurity to secure the ejb, I've adopted kind of hybrid solution: JAAS + springsecurity.
The client uses JAAS to be authenticated to the ejb on the sever, I've created a custom JAAS LoginModule which delegates authentication to the springsecurity code.
EJBs to perform their logic use methods which are annotated with jsr250 annotations (RolesAllowed), and this part is fully handled by spring security.
In this way I've achieved a clear separation between ejb and spring security so my business code, secured by springsecurity, is fully portable to any other kind of ApplicationServer or it can even run as standalone application.
Related
As I am trying to learn some framework J2EE, I am studying on spring framework.
The thing that confused me in some tutorial they mention Spring MVC as a part of the spring framework. But at some place they mentioned as like a different and independent framework. some people even compare Spring MVC with Struts (which is another framework as i understand ).
Now how actually should i take Spring MVC in mind as a different framework like Struts or as a part of Spring?
Spring has incredibly grown in the last decade, so nowadays the single word Spring means different things depending on the context in which it is used. In such context might be used the following Spring projects.
One of these projects is the Spring Framework: an open source application framework and inversion of control container for the Java platform which offers lots of features:
Dependency Injection
Aspect-Oriented Programming including Spring's declarative transaction management
Spring MVC web application and RESTful web service framework
Foundational support for JDBC, JPA, JMS
Much more...
each one of these features is designed in a Spring Framework's module grouped in layers, so among others, you can find:
in the core layer
The Core and Beans modules provide the fundamental parts of the framework, including the IoC and Dependency Injection features.
...
...
in the web layer
...
The Web-Servlet module contains Spring' s model-view-controller (MVC) implementation for web applications. Spring's MVC framework provides a clean separation between domain model code and web forms, and integrates with all the other features of the Spring Framework.
...
..
Your question
Now how actually should i take Spring MVC in mind as a different framework like Struts or as a part of Spring?
Both are right because of what summarized above: Spring includes Spring Projects and one of them is Spring Framework which contains Spring's MVC framework.
So if you think the single word Spring both as the most general and as the Spring Framework, Spring MVC is part of Spring.
Moreover you may consider Spring MVC like Struts, because Spring's MVC framework application domain is extremely closed to the Struts one.
I think your confusion comes up from considering a part (Spring's MVC framework) as different from the whole (the most general single word Spring or the Spring Framework) in which the part may be thought included.
Spring in common meaning is framework provided by spring-core artifact [http://mvnrepository.com/artifact/org.springframework/spring-core]. Contains IoC, Dependency Injections and other stuff.
Spring MVC using Spring to bootstrap application context, and add some functionality and features specified to MVC. You should think about Spring MVC as 'plugin' or 'extension' of Spring.
Spring is a Java EE-like stack. The core Spring framework provides Dependency injection, AOP, JDBC helpers etc. Also there are a couple of sub-projects: Spring MVC, Spring batch, Integration etc. (See the full stack here: http://spring.io/projects)
Yes Spring MVC is veri similar to Struts, as both are action oriented MVC frameworks. Usually the sub-projects depend on the core and not on the other sub-projects.
The main point is that Spring is a stack of technologies.
I am new to Spring. Can any one let me know what is the difference between Spring and Spring MVC Framework ?
Spring is a big framework, that contains a lot of components. One of these components is Spring MVC - it is a component that lets you implement your web application according to the model-view-controller design pattern.
1- Spring in abstract word is a framework
The Spring Framework is an open source application framework and inversion of control container for the Java platform.
Check this links for more information:
Spring Framework
Framework vs. Toolkit vs. Library
2- MVC architecture
it is an architecture that help the developer to separate the building block of web application.
Model View Controller or MVC as it is popularly called, is a software design pattern for developing web applications
check this link for more information:
Basic MVC Architecture
MVC is a Spring module. You use it for designing web applications. MVC in Spring implements the front controller design pattern. In your web.xml you'll define a single servlet (DispatcherServlet) and all your requests will pass through it and will be attended by Controllers you will define (#Controller).
Spring is a framework which helps to connect different components together. There are many modules for IOC, AOP, Web MVC etc.Spring Framework is an open source application framework and inversion of control container for the Java platform.
Spring MVC (Model–view–controller) is one component within the whole Spring Framework, to support development of web applications.
Spring MVC is one component within the whole Spring Framework, to support development of web applications. You can use any web containers, so it works fine with Tomcat. Just think that Spring is a third party library. You just need to put the necessary jar files in the lib directory, and define a few xml files.
So basically when you just say Spring it is a just a framework. And by framework I mean lot of functionalities/jars. Like you may have core which has core functionality or aspectj etc. Spring MVC i.e model view controller is one such functionality offered by Spring framework. You can deffer processing of request to various controllers based on the pattern of URL requested. You can refer
Spring MVC hello world example
Spring framework can be visualized as an alternative to, replacement for, or even addition to the Enterprise JavaBeans (EJB) model as mentioned here. That means a framework to develop distributed, scalable, secured, transactional application.
Spring MVC can be thought of as an replacement to Struts, Stripes, Tapestry etc, i.e. Presentation layer framework.
Spring framework is the super set of Spring MVC.
Spring
An umbrella term to denote various projects, one of which is Spring Framework.
Spring MVC
The Spring Framework project has several features. One of them is Spring MVC.
Features of Spring Framework are -
Core Technologies: Dependency Injection, validation, data binding, type conversion, SpEL, AOP etc.
Testing
Data Access: Transactions, DAO support, JDBC, ORM etc.
Spring MVC and Spring WebFlux web frameworks.
Integration: JMS, JMX, email, scheduling etc.
Languages: Kotlin, Groovy, dynamic languages.
So, the Spring MVC feature allows developers to build applications following Model-view-controller design pattern using Spring Framework.
Other Spring projects
Spring Boot: For creating stand-alone Spring applications using Convention over configuration design paradigm.
Spring Data: For creating Spring-based programming model for data access. It has various modules like Spring Data JDBC, Spring Data JPA, Spring Data MongoDB etc.
Spring Security: Powerful and highly customizable authentication and access-control framework for both Authentication and Authorization.
And many other projects.
NOTE
Spring, Spring Framework and Spring MVC these terms are often used interchangeably among developers which sometimes creates confusion for people who already don't know the details.
Can anyone recommend a Java Security Framework that supports authentication with OAuth and OAuth so that we can offer integration with the likes of Google/Twitter/Facebook etc. as well as other security features such as cryptography, password reset, security questions etc. I've looked at Apache Shiro which looks good but doesn't seem to have the Social side of things covered. I've also investigated Spring Security which seems to cover as lot of areas but I'm not sure whether you need to be using Spring MVC to use this (we're using Wicket + Spring for the service layer).
Any recommendations appreciated.
Spring Security covers all the areas you need (the social stuff is called Spring Social, you can have a look at it).
Also no you don't need to be using Spring MVC. Any web framework can use Spring Security.
Check Oracle Fusion Middleware (Oracle ADF 11g.)
I've been doing Java standard edition development for awhile, and the frameworks and solutions have been fairly obvious to me (Swing for GUI, etc). I've recently begun the task of building a server for my own needs and to host a web page (things the server will be doing in addition to hosting a web page would include personal SVN hosting and integrating more web functionality into existing and future applications). For coding for only a single computer (that is, distributed computing, etc. is not really a concern)- I'm not entirely certain between Spring, Hibernate and EJB and am not very knowledgeable as to the capabilities of each. Information would be appreciated. I know Spring is an alternative to EJB, and Hibernate is an object-relational mapping library, so does EJB combine the two?
EJB3 in summary consists of 3 bean types; Message Driven Beans, Stateless/Stateful Session Beans and Entity Beans or JPA (Java Persistance Architecture). Hibernate can be used as a JPA provider, but it doesn't have to be used that way.
Spring has functionality that is roughly similar to Message Driven Beans and Stateless/Stateful session beans but it does not have an equivalent to JPA. Instead it allows you to utilize JPA or hibernate directly but if you do combine Spring with JPA you'll need an EJB container.
Another difference is that EJB is provided by 'containers' whereas spring is a framework that can be deployed into a java se application or a java servlet container web application like jetty or tomcat. Its an important distinction to make. Tomcat is not an EJB container, only a servlet container, hence if you were to only use basic tomcat, you couldn't use EJBs but you could use spring by including the required spring jar files in your web application (WEB-INF/lib). In that case you wouldn't use JPA either but you could use hibernate.
Some java servers that ARE EJB containers include weblogic, websphere, jboss, geronimo, and glassfish. Tomcat can become an EJB container if you combine it with OpenEJB.
In an application i'm developing at the moment, I'm using tomcat + openejb so I have an EJB container so I can use JPA with OpenJPA as the persistance provider. I'm using Spring MVC to do the web application development and will most likely use spring security as well down the track. I probably will also use Stateless Session EJBs as well to encapsulate business functionality but i could just as easily use Spring service/dao beans instead of statless session ejbs as well.
Its pretty confusing sometimes to work out what parts of which framework or container you should use and really comes down to either preference or using functionality in one that doesn't exist in the other or ease of use. Another consideration is memory utilization. Some of the ejb containers consume large amounts of memory just starting up with no applications running. This is one reason I ended up using tomcat + openejb. Hope this helps.
I need to start developing applications using the Spring framework, and am wondering what tools I need to download to have me up and running.
On the SpringSource website I am seeing all these applications to download and I am wondering, do I really need all this? And what versions should I use, especially for Spring Framework?
Spring Framework
SpringSource dm Server Samples
Spring Security
Spring Web Flow
Spring Web Services
Spring Dynamic Modules
Spring Integration
Spring Batch
Spring.NET
Spring JavaConfig
Spring LDAP
Spring Extensions
Spring IDE
Spring BlazeDS Integration
SpringSource Bundlor
Spring ROO
What other applications do I need to download (eg. Struts, Glassfish, Apache, etc.)?
This depends on what you want to use Spring for. Typically that's Web applications. If so you only need two things:
Spring framework (with minimal dependencies); and
A servlet container (eg Tomcat) or a full-blown application server (eg Glassfish, JBoss).
Everything else is optional. I believe the only required dependency is Apache Commons logging. Depending on what features you use, you may well need more.
If so, here is a [tutorial][1] that creates a barebones Spring MVC project. There are countless others around for that and other topics.
It's entirely possible to use Spring in, say, a Swing application in which case you obviously don't need a servlet container.
All you need from SpringSource is the Spring Framework.
Spring 3.0 is on the way, but for now, use 2.5.6.SEC01, the current production release.
You can get started with a simple servlet container (ie: Tomcat) rather than a full blown application server (eg: JBoss, Glassfish).
The Spring Framework comes bundled with jars for web development - ie: spring-web and spring-webmvc.
See #117535 for a simple example of using Spring MVC.
It mainly dependent on what you need Spring for. Each and every piece of Spring can, actually, be used in separation from the rest. You may use it only for IOC, in this case you don't need, for example, MVC and Servlets, etc...
The easiest way to start is to dowload the main package from http://www.springsource.com/download/community?project=Spring%20Framework
You can use Spring from any IDE
The best way is to use Maven with your project. Basically all you have to do is edit your pom.xml file and tell it that you want to use Spring. Then when you compile your code, Maven will go out and automatically download the Spring libraries you need from their public repository.
Here's an example:
http://pookey.co.uk/blog/archives/63-Getting-started-with-Maven-and-Spring.html