Spring Framework Explained

Spring Framework
Developer:VMware
Platform:Java EE
Programming Language:Java
Genre:Application framework
License:Apache License 2.0

The Spring Framework is an application framework and inversion of control container for the Java platform. The framework's core features can be used by any Java application, but there are extensions for building web applications on top of the Java EE (Enterprise Edition) platform. The framework does not impose any specific programming model.. The framework has become popular in the Java community as an addition to the Enterprise JavaBeans (EJB) model. The Spring Framework is free and open source software.

Version history

VersionDateNotes
0.9 2003
1.0 March 24, 2004 First production release.
2.0 2006
3.0 2009
4.0 2013
5.0 2017
6.0 November 22, 2022
6.1 November 16, 2023
6.2 scheduled for release in November 2024

The first version was written by Rod Johnson, who released the framework with the publication of his book Expert One-on-One J2EE Design and Development in October 2002. The framework was first released under the Apache 2.0 license in June 2003. The first production release, 1.0, was released in March 2004.[1] The Spring 1.2.6 framework won a Jolt productivity award and a JAX Innovation Award in 2006.[2] [3] Spring 2.0 was released in October 2006, Spring 2.5 in November 2007, Spring 3.0 in December 2009, Spring 3.1 in December 2011, and Spring 3.2.5 in November 2013.[4] Spring Framework 4.0 was released in December 2013.[5] Notable improvements in Spring 4.0 included support for Java SE (Standard Edition) 8, Groovy 2, some aspects of Java EE 7, and WebSocket.

Spring Framework 4.2.0 was released on 31 July 2015 and was immediately upgraded to version 4.2.1, which was released on 01 Sept 2015.[6] It is "compatible with Java 6, 7 and 8, with a focus on core refinements and modern web capabilities".[7]

Spring Framework 4.3 has been released on 10 June 2016 and was supported until 2020.[8] It was announced to "be the final generation within the general Spring 4 system requirements (Java 6+, Servlet 2.5+), [...]".[7]

Spring 5 is announced to be built upon Reactive Streams compatible Reactor Core.[9]

Spring Framework 6.0 has been released on 16 November 2022 and came with a Java 17+ baseline and a move to Jakarta EE 9+ (in the jakarta namespace), with a focus on the recently released Jakarta EE 10 APIs such as Servlet 6.0 and JPA 3.1.[10]

Modules

The Spring Framework includes several modules that provide a range of services:

Spring modules are packaged as JAR files. These artifacts can be accessed via the Maven Central Repository using Maven or Gradle.

Inversion of control container

The inversion of control (IoC) container is the core container in the Spring Framework. It provides a consistent means of configuring and managing Java objects using reflection. The container is responsible for managing object lifecycles of specific objects: creating these objects, calling their initialization methods, and configuring these objects by wiring them together.

In many cases, one need not use the container when using other parts of the Spring Framework, although using it will likely make an application easier to configure and customize. The Spring container provides a consistent mechanism to configure applications and integrates with almost all Java environments, from small-scale applications to large enterprise applications.

The programmer does not directly create an object, but describes how it should be created, by defining it in the Spring configuration file. Similarly, services and components are not called directly; instead a Spring configuration file defines which services and components must be called. This IoC is intended to increase the ease of maintenance and testing.

Creating and managing beans

Objects created by the container are called managed objects or beans. The container can be configured by loading XML (Extensible Markup Language) files or detecting specific Java annotations on configuration classes. These data sources contain the bean definitions that provide the information required to create the beans.

The is a Spring-specific annotation that marks a class as the configuration class. The configuration class provides the beans to the Spring . Each of the methods in the Spring configuration class is configured with the annotation. The interface will then return the objects configured with the annotation as beans. The advantage of java-based configuration over XML-based configuration is better type safety and refactorability.

Types of Inversion of Control

There are several types of Inversion of Control. Dependency injection and dependency lookup are examples of Inversion of Control. Objects can be obtained by means of either dependency lookup or dependency injection.[12]

Dependency Injection

See main article: article and Dependency injection. Dependency injection is a pattern where the container passes objects by name to other objects, via either constructors, properties, or factory methods. There are several ways to implement dependency injection: constructor-based dependency injection, setter-based dependency injection and field-based dependency injection.

Dependency Lookup

Dependency lookup is a pattern where a caller asks the container object for an object with a specific name or of a specific type.

Autowiring

The Spring framework has a feature known as autowiring, which uses the spring container to automatically satisfy the dependencies specified in the JavaBean properties to objects of the appropriate type in the current factory. This can only occur if there is only one object with the appropriate type.

There are several annotations that can be used for autowiring POJOs, including the Spring-specific annotation (as well as several other Spring-specific annotations that help resolve autowire ambiguity such as the or annotations), and the standard Java annotations and .

The annotation can be used on a class that defines a bean to inform Spring to prioritize the bean creation when autowiring it by name.

The annotation can be used on a class that defines a bean to inform Spring to prioritize the bean creation when autowiring it by type.

The annotation is an annotation that conforms to JSR 250, or Common Annotations for the Java Platform. The annotation is used for autowiring references to POJOs by name. The annotation is annotation that conforms to JSR 300, or Standard Annotations for injection. The annotation is used for autowiring references to POJOs by type.

Aspect-oriented programming framework

See main article: article and Aspect-oriented programming. The Spring Framework has its own Aspect-oriented programming (AOP) framework that modularizes cross-cutting concerns in aspects. The motivation for creating a separate AOP framework is to provide basic AOP features without too much complexity in either design, implementation, or configuration. The Spring AOP framework takes full advantage of the Spring container.

The Spring AOP framework is proxy pattern-based. It is configured at run time. This removes the need for a compilation step or load-time weaving. On the other hand, interception only allows for public method-execution on existing objects at a join point.

Compared to the AspectJ framework, Spring AOP is less powerful, but also less complicated. Spring 1.2 includes support to configure AspectJ aspects in the container. Spring 2.0 added more integration with AspectJ; for example, the pointcut language is reused and can be mixed with Spring AOP-based aspects. Further, Spring 2.0 added a Spring Aspects library that uses AspectJ to offer common Spring features such as declarative transaction management and dependency injection via AspectJ compile-time or load-time weaving. SpringSource uses AspectJ AOP in other Spring projects such as Spring Roo and Spring Insight, with Spring Security offering an AspectJ-based aspect library.

Spring AOP has been designed to work with cross-cutting concerns inside the Spring Framework. Any object which is created and configured by the container can be enriched using Spring AOP.

The Spring Framework uses Spring AOP internally for transaction management, security, remote access, and JMX.

Since version 2.0 of the framework, Spring provides two approaches to the AOP configuration:

The Spring team decided not to introduce new AOP-related terminology. Therefore, in the Spring reference documentation and API, terms such as aspect, join point, advice, pointcut, introduction, target object (advised object), AOP proxy, and weaving all have the same meanings as in most other AOP frameworks (particularly AspectJ).

Data access framework

Spring's data access framework addresses common difficulties developers face when working with databases in applications. Support is provided for all popular data access frameworks in Java: JDBC, iBatis/MyBatis, Hibernate, Java Data Objects (JDO, discontinued since 5.x), Jakarta Persistence API (JPA), Oracle TopLink, Apache OJB, and Apache Cayenne, among others.

For all of these supported frameworks, Spring provides these features

All these features become available when using template classes provided by Spring for each supported framework. Critics have said these template classes are intrusive and offer no advantage over using (for example) the Hibernate API directly.[15] In response, the Spring developers have made it possible to use the Hibernate and JPA APIs directly. This however requires transparent transaction management, as application code no longer assumes the responsibility to obtain and close database resources, and does not support exception translation.

Together with Spring's transaction management, its data access framework offers a flexible abstraction for working with data access frameworks. The Spring Framework doesn't offer a common data access API; instead, the full power of the supported APIs is kept intact. The Spring Framework is the only framework available in Java that offers managed data access environments outside of an application server or container.[16]

While using Spring for transaction management with Hibernate, the following beans may have to be configured:

Other points of configuration include:

Transaction management

Spring's transaction management framework brings an abstraction mechanism to the Java platform. Its abstraction is capable of:

In comparison, Java Transaction API (JTA) only supports nested transactions and global transactions, and requires an application server (and in some cases, deployment of applications in an application server).

The Spring Framework ships a PlatformTransactionManager for a number of transaction management strategies:

Next to this abstraction mechanism the framework provides two ways of adding transaction management to applications:

Together with Spring's data access framework  - which integrates the transaction management framework  - it is possible to set up a transactional system through configuration without having to rely on JTA or EJB. The transactional framework also integrates with messaging and caching engines.

Model–view–controller framework

The Spring Framework features its own model–view–controller (MVC) web application framework, which was not originally planned. The Spring developers decided to write their own Web framework as a reaction to what they perceived as the poor design of the (then) popular Jakarta Struts Web framework,[17] as well as deficiencies in other available frameworks. In particular, they felt there was insufficient separation between the presentation and request handling layers, and between the request handling layer and the model.[18]

Like Struts, Spring MVC is a request-based framework. The framework defines strategy interfaces for all of the responsibilities that must be handled by a modern request-based framework. The goal of each interface is to be simple and clear so that it's easy for Spring MVC users to write their own implementations, if they so choose. MVC paves the way for cleaner front end code. All interfaces are tightly coupled to the Servlet API. This tight coupling to the Servlet API is seen by some as a failure on the part of the Spring developers to offer a high level of abstraction for Web-based applications . However, this coupling ensures that the features of the Servlet API remain available to developers while offering a high abstraction framework to ease working with it.

The DispatcherServlet class is the front controller[19] of the framework and is responsible for delegating control to the various interfaces during the execution phases of an HTTP request.

The most important interfaces defined by Spring MVC, and their responsibilities, are listed below:

Each strategy interface above has an important responsibility in the overall framework. The abstractions offered by these interfaces are powerful, so to allow for a set of variations in their implementations. Spring MVC ships with implementations of all these interfaces and offers a feature set on top of the Servlet API. However, developers and vendors are free to write other implementations. Spring MVC uses the Java interface as a data-oriented abstraction for the Model where keys are expected to be values.

The ease of testing the implementations of these interfaces is one important advantage of the high level of abstraction offered by Spring MVC. DispatcherServlet is tightly coupled to the Spring inversion of control container for configuring the web layers of applications. However, web applications can use other parts of the Spring Framework, including the container, and choose not to use Spring MVC.

A workflow of Spring MVC

When a user clicks a link or submits a form in their web-browser, the request goes to the Spring DispatcherServlet. DispatcherServlet is a front-controller in Spring MVC. The DispatcherServlet is highly customizable and flexible. Specifically, it is capable of handling more types of handlers than any implementations of org. springframework.web.servlet.mvc.Controller or org. springframework.stereotype.Controller annotated classes. It consults one or more handler mappings. DispatcherServlet chooses an appropriate controller and forwards the request to it. The Controller processes the particular request and generates a result. It is known as Model. This information needs to be formatted in html or any front-end technology like Jakarta Server Pages (also known as JSP) or Thymeleaf. This is the View of an application. All of the information is in the Model And View object. When the controller is not coupled to a particular view, DispatcherServlet finds the actual View (such as JSP) with the help of ViewResolver.

Configuration of DispatcherServlet

As of Servlet Specification version 3.0, there are a few ways of configuring the DispatcherServlet:

MyServlet org.springframework.web.servlet.DispatcherServlet

MyServlet /

Remote access framework

Spring's Remote Access framework is an abstraction for working with various RPC (remote procedure call)-based technologies available on the Java platform both for client connectivity and marshalling objects on servers. The most important feature offered by this framework is to ease configuration and usage of these technologies as much as possible by combining inversion of control and AOP.

The framework provides fault-recovery (automatic reconnection after connection failure) and some optimizations for client-side use of EJB remote stateless session beans.

Spring provides support for these protocols and products out of the box

Apache CXF provides integration with the Spring Framework for RPC-style exporting of objects on the server side.

Both client and server setup for all RPC-style protocols and products supported by the Spring Remote access framework (except for the Apache Axis support) is configured in the Spring Core container.

There is an alternative open-source implementation (Cluster4Spring) of a remoting subsystem included in the Spring Framework that is intended to support various schemes of remoting (1-1, 1-many, dynamic services discovering).

Convention-over-configuration rapid application development

Spring Boot

See main article: article and Spring Boot. Spring Boot Extension is Spring's convention-over-configuration solution for creating stand-alone, production-grade Spring-based Applications that you can "just run".[20] It is preconfigured with the Spring team's "opinionated view" of the best configuration and use of the Spring platform and third-party libraries so you can get started with minimum fuss. Most Spring Boot applications need very little Spring configuration.

Key Features:

Spring Roo

See main article: article and Spring Roo. Spring Roo is a community project which provides an alternative, code-generation based approach at using convention-over-configuration to rapidly build applications in Java. It currently supports Spring Framework, Spring Security and Spring Web Flow. Roo differs from other rapid application development frameworks by focusing on:

Batch framework

See main article: article and Spring Batch. Spring Batch is a framework for batch processing that provides reusable functions that are essential in processing large volumes of records, including:

It provides more advanced technical services and features that enables extremely high-volume and high-performance batch jobs through optimizations and partitioning techniques.

Spring Batch executes a series of jobs; a job consists of many steps and each step consists of a "READ-PROCESS-WRITE" task or single operation task (tasklet). A "single" operation task is also known as a tasklet. It means doing a single task only, like cleaning up the resources before or after a step is started or completed.

The "READ-PROCESS-WRITE" process consists of these steps: "read" data from a resource (comma-separated values (CSV), XML, or database), "process" it, then "write" it to other resources (CSV, XML, or database). For example, a step may read data from a CSV file, process it, and write it into the database. Spring Batch provides many classes to read/write CSV, XML, and database.

The steps can be chained together to run as a job.

Integration framework

See main article: article and Spring Integration. Spring Integration is a framework for Enterprise application integration that provides reusable functions essential to messaging or event-driven architectures.

Spring Integration supports pipe-and-filter based architectures.

Spring WebSocket

An essential rule for dealing with data streams effectively is to never block. The WebSocket is a viable solution to this problem.The WebSocket Protocol is a low-level transport protocol that allows full-duplex communication channels over a TCP connection. The WebSocket acts as an alternative to HTTP to enable two-way communication between the client and the server. The WebSocket is especially useful for applications that require frequent and fast exchanges of small data chunks, at a high speed and volume.

Spring supports the WebSocket protocol by providing the WebSocket API for the reactive application. The @EnableWebSocket annotation gives Websocket request processing functionality when places in a Spring configuration class. A mandatory interface is the WebSocketConfigurer which grants access to the WebSocketConfigurer. Then, the Websocket URL is mapped to the relevant handlers by implementing the registerWebSocketHandlers(WebSocketHandlerRegistry) method .

Spring WebFlux

Spring WebFlux is a framework following the functional programming paradigm, designed for building reactive Spring applications. This framework uses functional programming and Reactive Streams extensively. A good use case for Spring WebFlux is for applications that require sending and receiving instantaneous information, such as a web application with chatting capabilities.

Although applications using Spring WebFlux technology is usually less readable than their MVC counterparts, they are more resilient, and simpler to extend. Spring WebFlux reduces the need to deal with the complications associated with synchronizing thread access.

Spring WebFlux supports server-sent events (SSE), which is a server push technology that allows the client to get automatic updates from a server through an HTTP connection. This communication is unidirectional, and shares many similarities with the publish/subscribe model found in JMS.

Relationship with Jakarta Enterprise Beans (EJB)

See main article: article and Jakarta Enterprise Beans. The container can be turned into a partially compliant EJB (Enterprise JavaBeans) 3.0 container by means of the Pitchfork project. Some criticize the Spring Framework for not complying with standards.[22] However, SpringSource doesn't see EJB 3 compliance as a major goal, and claims that the Spring Framework and the container allow for more powerful programming models.[23]

Spring4Shell vulnerability

See also: Log4Shell. A remote code execution vulnerability affecting certain versions of Spring Framework was published in April 2022 under . It was given the name Spring4Shell in reference to the recent Log4Shell vulnerability, both having similar proofs-of-concept in which attackers could on vulnerable machines, gain shell access[24] or even full control.[25]

See also

References

External links

Notes and References

  1. Web site: Spring Framework 1.0 Final Released . 24 March 2014 . Official Spring Framework blog . 1 March 2021.
  2. http://www.ddj.com/architect/187900423?pgno=10 Jolt winners 2006
  3. Web site: JAX Innovation Award Gewinner 2006 . 2009-08-12 . https://web.archive.org/web/20090817202514/http://jax-award.de/jax_award06/gewinner_de.php . 2009-08-17 . dead .
  4. Web site: Spring Framework 3.2.5 Released . 7 Nov 2013 . Official Spring website . 16 October 2016.
  5. Web site: Announcing Spring Framework 4.0 GA Release. Spring blog. 12 December 2013.
  6. Web site: Spring Framework 4.2 goes GA. Spring Blog. 31 July 2015.
  7. Web site: Spring Framework 4.2 goes GA. Spring Blog.
  8. Web site: Spring Framework Versions: Supported Versions. github.com.
  9. Web site: Reactive Spring. Spring Blog. 9 February 2016.
  10. Web site: Spring Framework 6.0 goes GA. Spring Blog. 16 November 2022.
  11. http://docs.spring.io/spring-framework/docs/current/spring-framework-reference/html/beans.html#beans-introduction Spring Framework documentation for the Core Container
  12. http://forum.springsource.org/showthread.php?79731-What-is-the-difference-between-the-depencylookup-and-dependency-injection What is the difference between the depencylookup and dependency injection - Spring Forum
  13. http://howtodoinjava.com/spring/spring-aop/spring-aop-aspectj-xml-configuration-example/ Spring AOP XML Configuration
  14. http://howtodoinjava.com/spring/spring-aop/spring-aop-aspectj-example-tutorial-using-annotation-config/ AspectJ Annotation Configuration
  15. http://houseofhaug.wordpress.com/2005/08/12/hibernate-hates-spring Hibernate VS Spring
  16. Web site: Spring Data JPA for Abstraction of Queries . 6 February 2018 . 2018-02-06.
  17. http://www.theserverside.com/tt/articles/article.tss?l=SpringFramework Introduction to the Spring Framework
  18. Johnson, Expert One-on-One J2EE Design and Development, Ch. 12. et al.
  19. Patterns of Enterprise Application Architecture: Front Controller
  20. Web site: Spring Boot. spring.io.
  21. Web site: About Spring Boot . 2020-03-18.
  22. http://www.andygibson.net/blog/index.php/2008/08/28/is-spring-between-the-devil-and-the-ejb Spring VS EJB3
  23. Web site: Pitchfork FAQ . 2006-06-06.
  24. Web site: Spring4Shell: critical vulnerability in Spring - Kaspersky official blog .
  25. News: Chirgwin . Richard . VMware sprung by Spring4shell vulnerability . https://web.archive.org/web/20240213052709/https://www.itnews.com.au/news/vmware-sprung-by-spring4shell-vulnerability-578267 . 13 February 2024 . 13 February 2024 . itnews.com.au . 4 April 2022.