Boot your application with Spring Boot

This is the first Post in my series Developing a web application with Spring Boot, AngularJS and Java 8 and has been featured in This Week in Spring – April 15, 2014.

Spring Boot makes it very easy to get you up and running with the Spring ecosystem without the need for XML configuration and the like. The nice thing about Boot is: It doesn’t add aspects and doesn’t generate code. Instead it uses several conditional beans to configure sensible defaults that disappear as soon as you add your own beans. This document helps a lot to discover the defaults and properties to customize everything you need: How Do I Do That With Spring Boot?.

So we want to create a simple MVC app with a hand full of (REST) controllers. Therefor i use the “spring-boot-starter-parent” as my parent pom:

and then use “spring-boot-starter-web” as the dependencies that include everything that is needed for Spring MVC to work:

Another goodie i wanted to use is Spring Boots ability to create executable jar files with an embedded web container, Tomcat 7 by default, so i need the spring-boot-maven-plugin as well:

Given my Application.java as the “start-class” (defined in the properties of my pom), i can run this application via “mvn spring-boot:run” or create an executable jar file with mvn package.

So what is this Application class? It looks like this:

You’ll see that it is a Spring @Configuration class that tells Spring Boot to enable automatic configuration (@EnableAutoConfiguration) as well as scheduling (@EnableScheduling) and finally tells Spring to look for more components in this and all child packages (@ComponentScan). The main method initializes an application context via a factory method inside SpringApplication. The configure method inherited from SpringBootServletInitializer does essentially the same but only when deployed as a war file. The one additional bean “home” just didn’t fit anywhere else, but you see a nice @Value annotation around the two parameters that reads “take the required value ‘biking2.home.longitude’ from the environment and used id as a parameter”. Methods annotated with @Bean are subject to dependency injection for their parameters, either beans or values. The values here are taken from application.properties at the root of the classpath.

With just a bunch of code you’ll have a fully configured application including scheduled jobs.

I want to keep track of my milage so i need some kind of persistence. I opted for H2 and added com.h2database:h2 as a dependency. Without any version number as a lot of possible dependencies are already versioned and managed by the parent pom. As i added org.springframework:orm and org.springframework.data:spring-data-jpa i could stop here. Spring Boot would automatically create a data source for me. I want some control so i added the following to the application properties:

This is also a nice example of using SpEL and nested properties inside property files managed by spring. The colon inside spring.datasource.username means “take the value of biking2.database-username if exists, otherwise use biking2”. Nice detail. Given this data source, i wanted a little more control over JPA, see PersistenceConfig.java. For example, i wanted the Spring Data repository inside a given package (@EnableJpaRepositories(basePackages = “ac.simons.biking2.persistence.repositories”)) (otherwise they would have been initialized as well, but only in the default level), have some control over sql statements and adding the hibernateExceptionTranslator.

So, data source and repositories are ready? Nearly. I have an additional application-test.properties. This properties file is only evaluated with profile test being active. I’m configuring a test in-memory db. This would happen automatically as well but with the added DB_CLOSE_DELAY=-1 parameter to the database url which means: “Keep the content of this db inside memory until the VM closes, not only until the last connection closes.” I had problems with my tests. The builder automatically adds schema.sql and data.sql and that fails if a new tests forks and the database is reused. I’m not sure wether it’s a problem with my configuration or with the Spring test runner.

So i’ve created a bunch of entities together with a repository if needed. The basic idea behind the bike –< milage entities is to record the milage of my trip recorder each month and to be done. All calculations happens inside the app. JpaRepositories are just great. The following interface

will be instantiated at runtime and together with basic CRUD functionality, it maps two named queriers (“Bike.findActive” as #findActive(final @Param(“cutoffDate”) Calendar cutoffDate) and “Bike.getDateOfFirstRecord” as #getDateOfFirstRecord() both defined inside Bike and a dynamic query build by parsing “findByDecommissionedOnIsNull”.

So we have an application context, a data source including entities and repositories, we could throw in some services, but just keep it simple, i use the repository inside the following @RestController:

@RestControllers assume an implicit @ResponseBody at all methods annotated with @RequestMapping.

What do we see? First, an auto wired constructor. I opted for all dependency injection through constructors as i’m currently observing in another project when getter/setter injection get’s out of hands. People usually start to feel uncomfortable having a constructor more than 15 parameters (at least i hope). As an added benefits, most objects are immutable.

The repository is than used, depending on a request parameter, to retrieve a list of all bikes or of all active bikes and this list is returned. As jackson-core is on the class path, this list is automatically converted to a valid JSON representation. Given ” @RequestMapping(value = “/api/bikes”, method = GET)”, the method is exposed at the given endpoint.

Testing this method is an easy task. Just instantiate the controller with a mock repository, run your tests directly on the instance and be done. You can alternatively boot an application context or parts of a context to test methods with MockMvc, have a look at BikesControllerTest.java (More on that topic in a later post).

This method is actually used here for the list of bikes at the bottom of the page.

With a minimum effort, i’ve developed an API without nearly zero maintenance cost. I like this a lot.

Here is a short list of hints, that maybe help you:

Running behind a proxy

The app runs behind a proxy and needs to generate some links and therefore must know the proxy name.

Apart from seeing a Java 8 lambda, you’ll find a static Condition that checks the presence of a given property in the environment of the application context.

The following @Bean “embeddedServletContainerCustomizer” is only instantiated when the @Conditional matches and the property is present. The parameter proxyName uses this property name, the parameter proxyPort has a default of 80. The following just sets those two values on a TomcatEmbeddedServletContainerFactory.

Uploading files

To enable the Servlet 3.0 Multipart support, the Spring Boot Guides show here a bean of type MultipartConfigElement is enough. That’s true and works very well. But as many people just copy & paste code, the note the default configuration imposes no limits on the file size for an upload should really be a warning if you ever plan to run this in public. An authentication doesn’t protect you from big uploads. Those are send first, than the authentication is processed. So be sure the bean reads something like

This restricts uploads to 5Mb.

Multipart/form-data and UTF-8

To support UTF-8 in Multipart/form-data, add the following bean to your config:

The ServletContextInitializer is a special form of ServletContainerInitializer that works with Spring and Spring Boot. Here it’s used to add the CharacterEncodingFilter before all other filters. The before all other part is important, otherwise it doesn’t work for Multipart/form-data.

Customizing RequestMappingHandlerMapping

At the moment it is not possible to get hold of the default RequestMappingHandlerMapping and customize things like “useRegisteredSuffixPatternMatch” and the like. It’s not a conditional bean and adding your own will lead to double mappings.

So i’m using a classic beanPostProcessor to achieve this with Spring Boot 1.0.0.RC3:

Summary

At this point we have a working API, that can be used immediately in a JavaScript framework like Knockout.js or AngularJS.

Next post will be about Java 8 in the context of this application.

The whole source code at the point of writing this post is available at GitHub, the application is live right there biking.michael-simons.eu.

Filed in English posts | Comments (15) »

25-Feb-14

Developing a web application with Spring Boot, AngularJS and Java 8

And if you’re feeling
You’ve got everything you came for
If you got everything
And you don’t want no more

You’ve got to just
Keep on pushing
Keep on pushing
Push the sky away

“Push The Sky Away” by Nick Cave & The Bad Seeds.

This is gonna be a lengthy post about always learning new things and improving old ones.

This is gonna be the 1st post of a series about learning new things and creating a modern Java application from start. In the first part I’m gonna write about the idea, the tools and the project itself.

All posts

  1. Part 1: Boot your application with Spring Boot
  2. Part 2: Using Java 8 .now()
  3. Part 3: Messaging and Websockets with Spring 4
  4. Part 4: Spring Boot as a backend for AngularJS
  5. Bonus: Creating a JavaFX 8 frontend for a REST application

The idea and purpose of this thing

I had several reasons to create a project with well defined goals and requirements the way it should be.

The last weeks i had often discussions with current and possible future customers about the number or the price of my hours and i tried to tell them, that neither the price was too high or the number of estimated hours, especially the later, far from. I needed a reasonable sized and manageable project to prove this.

I also need to convince my colleges that near 100% test coverage and that database testing is possible and i also need to demonstrate that today a “one-guy-does-the-whole-stack” thing is nearly impossible if you don’t want to not sleep like me for about 2 weeks (or you’re just crazy about this stuff (also like me)).

And the most important reason for me is to learn something new, in this case learn about the new features in the upcoming release of Java 8.

Choosing the tools of the trade

Since 2010/11 i had real fun migration my daily picture project Daily Fratze from Ruby on Rails to Java, using the great Spring framework, so the first ingredient will be Spring but with it’s latest incarnation, Spring Boot: “Spring Boot favors convention over configuration and is designed to get you up and running as quickly as possible.”.

Certainly a new app will be written using Java 8. Just have a look at this post “Everything about Java 8” if you need reasons.

I need a database and i’m still a huge fan of relational databases and so i need some JPA 2.1. To make my life easier, i chose Spring Data JPA together with a little embedded H2 Database.

And finally AngularJS. I’m a little bit old school, i like my html pages server generated but i wanted to know what all the cool kids are doing and learn something fresh. Also, i thought it would be useful in the goal of designing a nice api.

Putting it all together with: NetBeans. I’m an Eclipse user since about 2002 and it’s hard to teach an old dog new tricks, but Eclipse has no Java 8 support. The alternative, IntelliJ didn’t really click with my. It incredible slow on an 2012 iMac with 16Gb Ram, doesn’t feel right to me and has some things i really hate (for example, what’s with those xml files that are created for every maven dependency?) so i thought why not given NetBeans another try.

I remember NetBeans being slow (and ugly), but 7.4 just proved me wrong. It’s fast and snappy and as i mentioned, it’s Maven support just outstanding, namely: It just works. Just 2 additional config files in a Maven project and that’s it. All the pain i had to go through to make Eclipse m2e work with generated source file, assisted JPA classes and aspects: It just worked in NetBeans. Awesome.

The project

Simple, recreating my Ruby / Sinatra based biking application: biking.michael-simons.eu. The original application is a very condensed Ruby script, which worked very well, but it’s not very maintainable.

So goto biking.michael-simons.eu and have a look. The thing is live and runs on the Java 8 release candidate. The source code is available at GitHub.

I’d be more than happy about comments, recommendations and ideas.

Filed in English posts, Java | Comments (26) »

20-Feb-14

On my way to Java 8

This is a post where i want to collect some new expressions i’m learning on my way to Java 8. Hopefully i’ll keep updating it…

Use an IntStream to generate an Array with constant default values

// The "() -> 23" is a lambda that matches the functional interface of a Supplier 
// The the stream itself is infinite, but the array can certainly be not, so we must limit it
IntStream.generate(() -> 23).limit(42).toArray()

Use a similar construct to fill a list with constant values:

// The IntStream has a collect method that uses a supplier to instantiate a new target, 
// an accumulator to add to the new target and combiner to merge two targets to perform 
// a reduction of the given elements
IntStream.generate(() -> 23).limit(42).collect(ArrayList::new, ArrayList::add, ArrayList::addAll)

Use a range to zip elements of an indexable collection together:

List<Foobar> foobars = new ArrayList<>();
List<Double> differences = IntStream.range(1, foobars.size()) // create exclusive range
	.mapToObj(i -> { // map this to your result of pairwise combining elements
	    final Foobar left = foobars.get(i - 1);
	    return foobars.get(i).getAmount() - left.getAmount();
	}).collect(Collectors.toList()); // collect it in a list

Last update: 2014/02/12

Filed in English posts, Java | Comments (0) »

12-Feb-14

Modify memory settings of the Oracle Aurora JVM

Use the following class to view and modify the settings of the embedded JVM inside an Oracle database. The class has been tested on 10g and 11g, memory settings and information are in Megabyte.

SET DEFINE OFF
CREATE OR REPLACE AND COMPILE JAVA SOURCE NAMED "MemoryStatistics" AS
import oracle.aurora.vm.OracleRuntime;

public class MemoryStatistics {
    public final static int MB_MULTIPLICATOR = 1024*1024;

	public static String getStatistics() {
		final Runtime runtime = Runtime.getRuntime();
		
		final long totalMemory = runtime.totalMemory();
		final long maxMemory = runtime.maxMemory();
		final long usedMemory = totalMemory - runtime.freeMemory();

        return new StringBuffer()
        	.append(usedMemory/MB_MULTIPLICATOR)
        	.append(" / ")
        	.append(totalMemory/MB_MULTIPLICATOR)
        	.append(" MB (used / total), Maximum ")
        	.append(OracleRuntime.getMaxMemorySize()/MB_MULTIPLICATOR)
        	.append(", running on ")
        	.append(System.getProperty("java.version"))
        	.toString();
	}
    
    public static long getMaxMemorySize() {
        return OracleRuntime.getMaxMemorySize() / MB_MULTIPLICATOR;
    }
    
    public static void setMaxMemorySize(final long maxMemorySize) {
        OracleRuntime.setMaxMemorySize(maxMemorySize*MB_MULTIPLICATOR);
    }
}
/

SHO ERR;

CREATE OR REPLACE PROCEDURE p_set_max_memory_size(p_max_memory_size IN NUMBER) IS LANGUAGE JAVA
    NAME 'MemoryStatistics.setMaxMemorySize(long)';
/
 
CREATE OR REPLACE FUNCTION f_get_max_memory_size RETURN NUMBER IS LANGUAGE JAVA
    NAME 'MemoryStatistics.getMaxMemorySize() return java.lang.Long';
/
 
CREATE OR REPLACE FUNCTION f_get_memory_statistics RETURN VARCHAR2 IS LANGUAGE JAVA
    NAME 'MemoryStatistics.getStatistics() return java.lang.String';
/
 
SELECT f_get_max_memory_size() FROM dual;
 
SELECT f_get_memory_statistics() FROM dual;
 
BEGIN
    p_set_max_memory_size(512);
END;
/
 
SELECT f_get_memory_statistics() FROM dual;

The memory settings is persistent across sessions, at least with my current setup.

Filed in Java, Oracle | Comments (0) »

07-Feb-14

CSRF protection with Spring Security revisited

At the end of last year, Spring Security 3.2 was released and brought a lot of new features, among them a built-in “Cross Site Request Forgery” protection”.

Nearly two years earlier i wrote my CSRF protection implementation with Spring Security 3.1, have a look here.

I really like the built-in implementation and most of it is very similar to my solution. The main difference is that the protection is at security filter level and not at application level like mine was. Also they use a token class for encapsulating the tokens name and value.

My solution can be very easily adapted to Spring Security 3.2.

First of all, configure it with the onliner

<csrf  />

or use the new annotation based configuration method.

Then throw away everything from my solution except the CSRFTokenTag. Edit the later one to contain the following code:

import java.io.IOException;
import java.util.Random;
 
import javax.servlet.http.HttpServletRequest;
import javax.servlet.jsp.JspException;
import javax.servlet.jsp.tagext.TagSupport;
 
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Configurable;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
 
/**
 * Creates a hidden input field with the CSRF Token
 * @author michael.simons, 2011-09-20
 */
@Configurable
public class CSRFTokenTag extends TagSupport {
	private final static Random random = new Random(System.currentTimeMillis());
 
	private static final long serialVersionUID = 745177955805541350L;
 
	private boolean plainToken = false;
	private String elementId;
 
	@Autowired
	private CsrfTokenRepository csrfTokenRepository;
 
	@Override
	public int doStartTag() throws JspException {		
		final CsrfToken token = csrfTokenRepository.loadToken((HttpServletRequest) super.pageContext.getRequest());
		if(token != null)
			try {
				if(plainToken)
					pageContext.getOut().write(token.getToken());
				else
					pageContext.getOut().write(String.format("<input type=\"hidden\" name=\"%s\" id=\"%s\" value=\"%s\" />", token.getParameterName(), StringUtils.isNotBlank(this.elementId) ? this.elementId : String.format("%s_%d", token.getParameterName(), random.nextInt()), token.getToken()));
			} catch (IOException e) {
			}
		return SKIP_BODY;
	}
 
	@Override
	public int doEndTag() throws JspException {
		return EVAL_PAGE;
	}
 
	public boolean isPlainToken() {
		return plainToken;
	}
 
	public void setPlainToken(boolean plainToken) {
		this.plainToken = plainToken;
	}
 
	public String getElementId() {
		return elementId;
	}
 
	public void setElementId(String elementId) {
		this.elementId = elementId;
	}	
}

The guys at Spring have a nice suggestions for including the token for AJAX/Jsons request. The new filter also validates request headers. The recommend adding the header name and token value to the pages meta information like so

  <meta name="_csrf" content="${_csrf.token}"/>
  <meta name="_csrf_header" content="${_csrf.headerName}"/>

and then manually add the header to each JavaScript request made with jQuery.

An alternative for jQuery users would be the following pre filter:

$.ajaxPrefilter(function(options, originalOptions, jqXHR) {
	var token = $("meta[name='_csrf']").attr("content");
	var header = $("meta[name='_csrf_header']").attr("content");		  
	jqXHR.setRequestHeader(header, token);
});

I’m happy to be able to get rid of some code of mine, though the solution worked quite well for 2 years now.

Filed in English posts, Java | Comments (1) »

29-Jan-14