This talk introduces Spring's REST stack - Spring MVC, Spring HATEOAS, Spring Data REST, Spring Security OAuth and Spring Social - while refining an API to move higher up the Richardson maturity model
Spring Data is a high level SpringSource project whose purpose is to unify and ease the access to different kinds of persistence stores, both relational database systems and NoSQL data stores.
This document discusses Spring Boot, an open source framework for building microservices and web applications. It provides scaffolding to help build Spring-based services more quickly. The author chose Spring Boot for a project because it integrates well with other frameworks like Jersey and allows building services quickly. Key Spring Boot components discussed include REST frameworks, embedded servers, logging frameworks, security, and metrics. The author outlines their Spring Boot stack and package structure. They discuss using Spring Data for persistence, Swagger for API documentation, and helper libraries like Lombok. The document also covers testing approaches using REST Assured and Spring Integration.
This document contains an agenda and slides for a presentation on Spring Boot. The presentation introduces Spring Boot, which allows developers to rapidly build production-grade Spring applications with minimal configuration. It demonstrates how to quickly create a "Hello World" application using Spring Boot and discusses some of the features it provides out-of-the-box like embedded servers and externalized configuration. The presentation also shows how to add additional functionality like Thymeleaf templates and actuator endpoints to monitor and manage applications.
Rasheed Amir presents on Spring Boot. He discusses how Spring Boot aims to help developers build production-grade Spring applications quickly with minimal configuration. It provides default functionality for tasks like embedding servers and externalizing configuration. Spring Boot favors convention over configuration and aims to get developers started quickly with a single focus. It also exposes auto-configuration for common Spring and related technologies so that applications can take advantage of them without needing to explicitly configure them.
Spring Boot is a framework for creating stand-alone, production-grade Spring based Applications that can be "just run". It provides starters for auto-configuration of common Spring and third-party libraries providing features like Thymeleaf, Spring Data JPA, Spring Security, and testing. It aims to remove boilerplate configuration and promote "convention over configuration" for quick development. The document then covers how to run a basic Spring Boot application, use Rest Controllers, Spring Data JPA, Spring Security, and testing. It also discusses deploying the application on a web server and customizing through properties files.
This document provides an overview of Spring Boot, including:
- Comparisons between Spring Boot, Spring, and Spring MVC.
- The advantages of Spring Boot like auto-configuration and ease of use.
- How to get started with Spring Boot using start.spring.io and key annotations.
- How Spring Boot handles dependencies, logging, exceptions, and databases.
- References additional resources on Spring Boot.
This document discusses Aspect Oriented Programming (AOP) using the Spring Framework. It defines AOP as a programming paradigm that extends OOP by enabling modularization of crosscutting concerns. It then discusses how AOP addresses common crosscutting concerns like logging, validation, caching, and transactions through aspects, pointcuts, and advice. It also compares Spring AOP and AspectJ, and shows how to implement AOP in Spring using annotations or XML.
This document provides an overview of Spring and Spring Boot frameworks. It discusses the history of Java and Spring, how Spring provides inversion of control and dependency injection. It also covers Spring MVC for web applications, Spring Data for data access, and how Spring Boot aims to simplify configuration. The document concludes with discussing some next steps including looking at Spring Security, Spring Cloud, and using Spring with other JVM languages.
This document provides an overview of Spring MVC including:
- The MVC design pattern and how Spring MVC implements it with a front controller and other components.
- Configuring Spring MVC in a web application using XML or Java configuration.
- Defining controllers with annotations like @Controller and @RequestMapping and mapping requests to controller methods.
- Other Spring MVC concepts covered include the DispatcherServlet, handler mappings, view resolution, form handling, and validation.
Spring Boot is a framework for creating stand-alone, production-grade Spring based applications that can be "just run". It takes an opinionated view of the Spring platform and third-party libraries so that new and existing Spring developers can quickly get started with minimal configuration. Spring Boot aims to get developers up and running as quickly as possible with features like embedded HTTP servers, automatic configuration, and opinions on structure and dependencies.
Building a REST Service in minutes with Spring BootOmri Spector
A walk through building a micro service using Spring Boot.
Deck presented at Java 2016
Source accompanying presentation can be found at https://github.com/ospector/sbdemo
The java persistence API provides a specification for persisting, reading, and managing data from your java object to your relational tables in the database. JPA specifies the set of rules and guidelines for developing interfaces that follow standards.
Introduction to the Spring Framework:
Generar description
IoC container
Dependency Injection
Beans scope and lifecycle
Autowiring
XML and annotation based configuration
Additional features
Spring Boot is a framework for developing Java applications that reduces configuration and provides production-ready features. It allows developing Spring applications with minimal configuration by automatically configuring Spring and third-party libraries. Spring Boot provides starter dependencies to simplify build configuration and modules for autoconfiguration, CLI, monitoring, and more.
The document discusses the Spring Framework, an open source application framework for Java. It provides inversion of control and dependency injection to manage application objects. The core package provides dependency injection while other packages provide additional features like transaction management, ORM integration, AOP, and MVC web development. The framework uses an IoC container to manage application objects called beans through configuration metadata.
JPA and Hibernate are specifications and frameworks for object-relational mapping (ORM) in Java. JPA is a specification for ORM that is vendor-neutral, while Hibernate is an open-source implementation of JPA. Both use annotations to map Java classes to database tables. JPA queries use JPAQL while Hibernate supports both JPAQL and its own HQL. Additional features covered include relationships, inheritance mapping strategies, custom types, and querying.
Spring boot is a great and relatively a new project from Spring.io. The presentation discusses about basics of spring boot to advance topics. Sample demo apps are available here : https://github.com/bhagwat/spring-boot-samples
Spring Boot is a framework that makes it easy to create stand-alone, production-grade Spring based Applications that can be "just run". It takes an opinionated view of the Spring platform and third-party libraries so that new and existing Spring developers can quickly get started with minimal configuration. Key features include automatic configuration of Spring, embedded HTTP servers, starters for common dependencies, and monitoring endpoints.
Josh Long is a Spring Developer Advocate at Pivotal. He discusses various Spring and microservices related topics including:
- The single responsibility principle and how it relates to microservices and Unix tools.
- Exposing services simply using REST which has no strict rules but embraces HTTP verbs and status codes.
- The Richardson Maturity Model for grading APIs on their REST compliance from Level 0 to Level 3.
- Security topics like OAuth, SSL/TLS, and ensuring applications are production ready with monitoring and management.
A presentation on how to implement RESTful Web Services with Spring MVC. This slide covers how to identify resources, use HTTP verbs, implement representations, use cache and so on.
The document discusses strategies for building scalable applications. It introduces the concept of a "scale cube" with three axes: horizontal duplication for scaling stateless apps, data partitioning, and bounded contexts. It provides examples of using various technologies like RabbitMQ, Redis, MongoDB, Neo4j, Couchbase, Hadoop, and Spring XD to address different areas of the scale cube. The document emphasizes that building adaptive, scalable applications is challenging and recommends approaches like microservices and separating applications into bounded contexts.
Building RESTful applications using Spring MVCIndicThreads
REST is an alternate and simpler approach for implementing WebServices. It is based on the HTTP protocol and hence leverages a lot of existing infrastructures. It uses an uniform interface thus making it easy to build client applications. In this session we will look at the fundamental concepts behind REST (Resource, URI, Stateless Conversation ..) and how to apply it in the context of a real applcation. We will also discuss the pros & cons of RESTful vs Soap based webservices. We will discuss the design of RESTful application and then look at how to implement it using Spring MVC.
Josh Long presents on Spring Boot, an approach to building stand-alone, production-grade Spring based applications. He discusses how Spring Boot makes it easy to create Spring applications with embedded Tomcat, Jetty or Undertow with minimum fuss. The presentation also covers how to easily add RESTful services, security, production-ready features like metrics, health checks and externalized configuration using Spring Boot.
Les Hazlewood, Stormpath co-founder and CTO and the Apache Shiro PMC Chair demonstrates how to design a beautiful REST + JSON API. Includes the principles of RESTful design, how REST differs from XML, tips for increasing adoption of your API, and security concerns.
Presentation video: https://www.youtube.com/watch?v=5WXYw4J4QOU
More info: http://www.stormpath.com/blog/designing-rest-json-apis
Further reading: http://www.stormpath.com/blog
Sign up for Stormpath: https://api.stormpath.com/register
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
SOAP Web Services have a well established role in the enterprise, but aside from the many benefits of the WS-* standards, SOAP and XML also carry additional baggage for developers. Consequently, REST Web Services are gaining tremendous popularity within the developer community. This session will begin by comparing and contrasting the basic concepts of both SOAP and REST Web Services. Building on that foundation, Sam Brannen will show attendees how to implement SOAP-based applications using Spring-WS 2.0. He will then demonstrate how to build a similar REST-ful application using Spring MVC 3.0. The session will conclude with an in-depth look at both server-side and client-side development as well as efficient integration testing of Web Services using the Spring Framework.
An introduction to REST and RESTful web services.
You can take the course below to learn about REST & RESTful web services.
https://www.udemy.com/building-php-restful-web-services/
The document discusses REST (REpresentational State Transfer), an architectural style for building distributed systems. It covers REST concepts like resources, representations, URIs, HTTP methods, caching, and versioning. It provides guidance on designing RESTful APIs, including determining resources, supported methods, and return codes. Content negotiation and tools for testing REST APIs are also mentioned.
Slides from my talk introducing Spring Boot. Unfortunately, this talk is 90% live-coding, so I'll post the relevant video recording here when it's available.
this is an old version. new version here: http://blog.apigee.com/detail/slides_for_restful_api_design_second_edition_webinar/
It's been 10 years since Fielding first defined REST. So, where are all the elegant REST APIs? While many claim REST has arrived, many APIs in the wild exhibit arbitrary, productivity-killing deviations from true REST. We'll start with a typical poorly-designed API and iterate it into a well-behaved RESTful API.
Spring Framework 4.0 - The Next Generation - Soft-Shake 2013Sam Brannen
Spring Framework 4.0 is the next generation of the popular open source framework for Enterprise Java developers, focusing on the future with support for Java SE 8 and Java EE 7. In this presentation core Spring committer Sam Brannen will provide attendees an overview of the new enterprise features in the framework as well as new programming models made possible with the adoption of JDK 8 language features and APIs.
Specifically, this talk will cover support for lambda expressions and method references against Spring callback interfaces, JSR-310 Date-Time value types for Spring data binding and formatting, Spring's new @Conditional mechanism for activation of bean definitions, and a new WebSocket endpoint model. Regarding enterprise APIs, the presentation will cover Spring 4.0's new support for JMS 2.0, JPA 2.1, Bean Validation 1.1, Servlet 3.1, JCache, and JSR-236 concurrency. Last but not least, Sam will discuss improvements to Spring's testing support and point out which deprecated APIs have been pruned from the framework.
This document summarizes the basics of Spring MVC, including the model-view-controller (MVC) pattern it uses. It describes the main components - the model which contains application data, the view which displays data to the user, and the controller which handles requests and coordinates the model and view. It provides examples of how controllers work using annotations like @RequestMapping and how they can return different types of responses. It also briefly mentions other related concepts like interceptors, exceptions, and static resources.
This document provides guidance on designing RESTful APIs. It recommends using nouns instead of verbs, keeping URLs simple with only two endpoints per resource, and following conventions from leading APIs. Complex variations and optional parameters should be "swept behind the '?'." The document emphasizes designing for application developers by making APIs intuitive, consistent and complete while also accommodating exceptional clients. It suggests adding an API virtualization layer to handle complexity.
ReST (Representational State Transfer) ExplainedDhananjay Nene
The document provides an overview of Representational State Transfer (REST), which is an architectural style for building distributed systems. It describes REST as a set of constraints or rules for designing web services, rather than a standard or framework. The key constraints outlined in the document include using a client-server model, being stateless, cacheable responses, a uniform interface, layered system, and code on demand. The document focuses on explaining the uniform interface constraint and its requirements around resource identification, manipulation through representations, self-descriptive messages, and hypermedia as the engine of application state.
This slide show is from my presentation on what JSON and REST are. It aims to provide a number of talking points by comparing apples and oranges (JSON vs. XML and REST vs. web services).
This document discusses WebSockets and Spring WebSockets. It begins by introducing WebSockets as a protocol for real-time full duplex communication over a single TCP connection. It then covers the WebSocket handshake process and JavaScript WebSocket API. Next, it discusses Java WebSocket implementations and how Spring 4 supports WebSockets and the fallback SockJS protocol. Finally, it introduces STOMP as a simple messaging protocol that can be used over WebSockets, and how Spring supports asynchronous messaging using STOMP over WebSockets.
This document discusses REST APIs using Spring MVC and Spring Data. It covers:
1. The REST constraints of being stateless, using HTTP caching, and having a uniform interface.
2. Implementing RESTful resources and operations in Spring MVC using request mappings, path variables, and response status codes.
3. Using Spring Data JPA repositories to access and query data from the persistence layer.
4. Testing REST services through both live tests of the deployed API and lower level integration and unit tests.
Multi Client Development with Spring for SpringOne 2GX 2013 with Roy ClarksonJoshua Long
The document discusses Representational State Transfer (REST), an architectural style for building distributed hypermedia systems. It describes REST as being based on HTTP and having no hard rules, instead focusing on using HTTP verbs like GET, POST, PUT, DELETE and status codes to transfer representations of resources between clients and servers. It also discusses content negotiation, HATEOAS, the Richardson Maturity Model for grading RESTful implementations, and how Spring frameworks like Spring MVC, Spring Data REST, and Spring Security can be used to build RESTful services and clients.
This document discusses using JDBC with Spring Boot to access relational data. It shows how to use the Spring JdbcTemplate to execute SQL queries and updates. The example sets up a Spring Boot project with H2 database dependency, defines a Customer entity, inserts sample customer data using JdbcTemplate.update(), and queries for a customer record using JdbcTemplate.query() with BeanPropertyRowMapper to map the result to a Customer object. Running mvn spring-boot:run executes this code to interact with the in-memory H2 database using JDBC through the Spring framework.
Spring 5 includes several major changes such as Java 9 compatibility, support for Java EE 8, and reactive programming support using WebFlux and router functions. It also upgrades dependencies to newer versions including JDK 8+, upgrades testing to support JUnit 5, and deprecates some older technologies. Performance has been enhanced through faster component scanning and other optimizations.
The document discusses socket applications and real-time communication. It describes common examples like chat, live feeds, and games. It then explains the typical solution of using AJAX requests and the problems with that approach. The proposed solution is to use a multi-threaded model with asynchronous I/O and the reactor pattern to process requests while waiting for network responses. Various tools for implementing this pattern in Ruby and JavaScript are also mentioned, including Pusher, Socket.IO, and SocketStream.
ForwardJS 2017 - Fullstack end-to-end Test Automation with node.jsMek Srunyu Stittri
Slide deck for ForwardJS 2017 in San Francisco - March 1st 2017
https://forwardjs.com/schedule#lecture-224
Airware builds hardware, software and cloud for commercial drones. We have transitioned to Node.js for cloud functional test automation in 2015. The purpose of this is to unite Fullstack developers and Automation engineers to speak in the same language which is JavaScript. With a year worth of lessons learnt, we will share the challenges involved with building a full-stack test automation framework with Node.js while using the latest and greatest in JavaScript tools.
This document discusses asynchronous I/O in Java and Scala using the Play Framework. It describes how LinkedIn uses a service-oriented architecture with hundreds of services making requests to each other. It then covers how Play supports non-blocking I/O using asynchronous code, promises, and futures to allow parallel requests without blocking threads. Key points covered include using map and flatMap to transform promises and futures, handling errors and timeouts, and the benefits of non-blocking I/O for scalability.
This document discusses using Scala for full stack development, with Scala in both the backend and frontend. It provides an overview of using Scala and Scala.js for backend and frontend development, including architectures, frameworks, and techniques. The backend is built with Scala and Spring Boot, using techniques like dependency injection and immutable data structures. The frontend is built with Scala.js and React for the UI, using Flux architecture and immutable data. It also discusses mobile development with Scala and React Native.
This document discusses Java libraries for building REST clients. It recommends libraries for dependency injection (Guice), HTTP clients (OkHttp), REST mapping (Retrofit), reactive programming (RxJava), testing (JUnitParams, Mockito), and reducing boilerplate code (Lombok). It provides code examples and summaries of each library's functionality.
This document provides an overview of new features in Java 8, including lambda expressions, default methods, and streams. Key points include:
- Lambda expressions allow for functional-style programming and remove boilerplate when passing operations as arguments.
- Default methods allow adding new methods to interfaces without breaking existing implementations. This enables adding new default behavior to existing interfaces.
- Streams provide a functional-style way to process collections of objects, and are lazy evaluated for efficiency. Common stream operations like map, filter, and forEach are demonstrated.
This talk was delivered at JavaOne 2013, together with Andrzej Grzesik. We mention the new Date APIs, changes to Collections as well as Streams APIs and of course... Lambdas!
How Bitbucket Pipelines Loads Connect UI Assets Super-fastAtlassian
Connect add-ons deliver better user experience when they load fast. Between CDN, server-side rendering, service workers, and code splitting, there are loads of techniques you can use to achieve this. In this session, Atlassian Developer Peter Plewa will reveal Bitbucket Pipelines' secret for fast loads, and what they can do in the future to make Pipelines even faster.
Peter Plewa, Development Principal, Atlassian
Writing code is cool, but see it generating automatically is even cooler! This talk will be a case study about possibilities of Annotation Preprocessing in Java development. Let's look into popular libraries and frameworks that are using Annotation Preprocessing (like Lombok, Dagger 2, Retrofit, MapStruct), talk about it pros and cons compared with Reflection / Runtime Code Generation and discuss how you can create your own library that will generate boilerplate code at compile time.
Cross Domain Web Mashups with JQuery and Google App EngineAndy McKay
This document discusses cross-domain mashups using jQuery and Google App Engine. It describes common techniques for dealing with the same-origin policy, including proxies, JSONP, and building sample applications that mashup Twitter data, geotagged tweets, and maps. Examples include parsing RSS feeds from Twitter into JSONP and displaying tweets on a map based on their geotagged locations. The document concludes by noting issues with trust, failures, and limitations for enterprise use.
This document provides instructions on how to build a search engine using the Norch framework with JavaScript and Node.js. It discusses setting up Norch, getting and formatting data, indexing the data, querying the search engine, and connecting a front-end interface. The document outlines features like faceting, filtering, paging, matchers and integrating Norch with an Angular app.
This document discusses Oracle Java certification paths. It provides an overview of Oracle's certification categories including Oracle Certified Associate, Professional, Master, and Expert. It then focuses on the steps to achieve the Oracle Certified Master certification for Java SE 6 Developer, which includes having a prior certification, completing training, an assignment, essay exam, and application form. The assignment and essay exam topics are also outlined. Breaking the certification process into steps helps applicants understand the requirements to advance their skills and achieve Oracle's highest certification level.
A complete boot camp for beginners who want to learn Spring Boot.
In this course, you'll learn how we can create web services and cover all the topics of Spring Boot, Spring Framework, and many others.
If you've some experience in Java and want to be a Software Engineer or Java Developer using Spring, you're on right way.
Just read and practice, in the end of this course you'll have a great knowledge of Spring boot, a backend knowledge.
Course outline:
JPA, Hibernate, Spring, Spring Framework, H2 Database, PostgreSQL, MySQL.
#SpringBoot
#SpringFramwork
#MySQL
#PostgreSQL
#MySQL
#H2
#JPA/Hibernate
#Webservices
Front End Development for Back End Developers - UberConf 2017Matt Raible
Are you a backend developer that’s being pushed into front end development? Are you frustrated with all JavaScript frameworks and build tools you have to learn to be a good UI developer? If so, this session is for you! We’ll explore the tools of the trade for frontend development (npm, yarn, Gulp, Webpack, Yeoman) and learn the basics of HTML, CSS, and JavaScript.
This presentation dives into the intricacies of Bootstrap, Material Design, ES6, and TypeScript. Finally, after getting you up to speed with all this new tech, I'll show how it can all be found and integrated through the fine and dandy JHipster project.
ActiveWeb: Chicago Java User Group Presentationipolevoy
- ActiveWeb is a Java web framework that aims to make web programming fun and productive again through its simplicity, support for TDD, and immediate feedback.
- It provides convention over configuration routing and views, dependency injection with Guice, and integrates well with testing frameworks like allowing parameters to be passed to controllers and inspecting HTML responses.
- ActiveWeb has no XML configuration and aims to have as few dependencies as possible while still providing a full-stack framework for building RESTful web services and traditional MVC applications.
The document discusses the capabilities of the Spring Framework component model and how it can be used to add functionality to POJO-based applications. It provides an overview of the Spring component model, services, patterns, integration capabilities, and portability. It describes how technologies like dependency injection and AOP enable simple POJO-based programming. It highlights several value adds provided out of the box by Spring, including exporting remote endpoints, JMX support, auditing with aspects, and user extension points. It also discusses XML configuration extensions introduced in Spring 2.0 for higher level abstraction and grouping related beans.
This document contains information about Josh Long, including his contact details, links to his work, and information about the Spring IO platform. It includes diagrams showing the architecture of Spring IO and its various modules. It also contains slides from one of Josh Long's presentations promoting Spring IO and its features, including Spring Boot, reactive programming, Java 8 support, REST design, security, and mobile development.
Spring, now part of Pivotal, continues to innovate and support next generation workloads. In this talk, I introduce some of the exciting new Spring technologies supporting websockets, Java 8, Java EE 7, data ingestion and stream processing, NoSQL and Hadoop, and production-ready REST, _and_ I introduce tools designed to expedite ramp-up time for teams who want to deliver, quickly.
This document summarizes Josh Long's presentation on updates to the Spring framework. It discusses:
- Spring Framework versions 3.1, 3.2, and the upcoming 4.0 release
- New features in Spring 3.1 including environment profiles, Java-based configuration, caching, and Servlet 3.0 support
- Plans for Spring 3.2 including a Gradle build, contribution model on GitHub, and asynchronous MVC processing
- Changes to plans for Spring 3.2 where support for Java EE 7 and Java SE 8 was postponed due to delays in those projects. Spring 3.2 will instead focus on core framework refinements with Java 8 and EE 7 features planned for Spring 3.
The document discusses tailoring Spring for custom usage. It explores extension points in the Spring framework and how to exploit lesser known but powerful hooks. The agenda includes demos of introducing the tool chain, basic dependency injection, BeanPostProcessor, AspectJ, life cycle callbacks, scopes, FactoryBeans, Spring Expression Language, profiles, proxies, resources, object to XML marshalling, REST, transactions, caching, custom views and view resolvers, writing adapters in Spring Integration, and more. QA is also on the agenda.
The document discusses Spring Framework updates including versions 3.1, 3.2, and 3.3. Key features of Spring 3.1 include environment profiles for activating bean definitions in different environments, Java-based application configuration, and declarative caching. Spring 3.2 will include a Gradle build system and GitHub contributions. Spring 3.3 will add support for Java SE 8 features like lambda expressions and the Java EE 7 API. The document provides code examples of using these new Spring features.
Today's applications don't live in a vacuum - you need to take the applications to where your users are. Let Spring's REST support along with its powerful client-side technology support, help you get there faster.
Integration and Batch Processing on Cloud FoundryJoshua Long
This talk explores the new possibilities for scale by using Spring Integration, Spring Batch and RabbitMQ on Cloud Foundry, the open source PaaS from VMWare.
using Spring and MongoDB on Cloud FoundryJoshua Long
This talk introduces how to build MongoDB applications with Spring Data MongoDB on Cloud Foundry. Spring Data provides rich support for easily building applications that work on multiple data stores.
The document provides an overview of getting started with Cloud Foundry. It discusses registering for a Cloud Foundry account, installing the vmc CLI tool on Windows and Mac, and the various ways Cloud Foundry can be used to deploy applications. It also covers key Cloud Foundry features like choice of runtimes, choice of cloud providers, scaling applications, developing applications using Eclipse/STS, and using services in applications.
Spring provides tools for building multi-client web applications, including support for mobile clients and REST APIs. It includes the Spring MVC framework for building web UIs, the RestTemplate for consuming REST services, and tools like Spring Android for building native Android apps that integrate with REST backends. Demos show consuming a Spring REST service from a web UI, Android app, and HTML5 app to demonstrate support for multiple client types from a single backend.
A Walking Tour of (almost) all of Springdom Joshua Long
this is the deck for my 3+ hour walking tour talk that I give as a workshop at various conferences. This talk introduces practically everything in Spring -- come into the talk unaware of the concepts or frameworks and leave with a working knowledge of all the frameworks, and of all the applications for the technologies.
This talk introduces the role that Spring MVC and REST can play as a service-side endpoint model that can be connected to from mobile, rich, and desktop applications.
A Spring Batch bootcamp! Spring Batch is the open source batch processing framework from SpringSource, makes of the Spring framework. http://www.springsource.org/spring-batch
The Cloud Foundry Bootcamp document provides an overview of a Cloud Foundry bootcamp presented in Portland in 2012. It was written by Chris Richardson and presented by Monica Wilkinson and Josh Long. The agenda covers why Platform as a Service (PaaS) matters to developers, an overview of Cloud Foundry, getting started with Cloud Foundry, the Cloud Foundry architecture, using Micro Cloud Foundry, and consuming Cloud Foundry services.
Spring in the Cloud - using Spring with Cloud FoundryJoshua Long
This talk's about using the power of the Spring framework with Cloud Foundry, the open source PaaS (platform as-a-service) from VMware. This is a bit more deep an introduction than my other Spring and Cloud Foundry talk, and so I've kept both, while encouraging people to check this one out, first.
Spring and Cloud Foundry; a Marriage Made in HeavenJoshua Long
Spring and Cloud Foundry: a Marriage Made in Heaven. This talk introduces how to build Spring applications on top of Cloud Foundry, the open source PaaS from VMware
The Spring framework packs a lot of punch, out of the box! The surface-level component model's extraordinarily flexible, and works well with in most situations, but the real power of Spring lays just underneath, in the numerous SPIs that Spring exposes, so that you can tailor the component model to your own use cases. Spring's SPI's are a great example of what Bob Martin describes as the open-closed principle, and it provides the solid underpinnings upon which the other Spring frameworks, including Spring Integration, Spring MVC and Spring Batch are built. In this talk, Josh Long, the Spring developer advocate from SpringSource, provides a walking tour of Spring's extension points.
In this talk, originally presented at JavaZone, in Oslo, Norway, I introduce the broad swath of supported inversion-of-control options in Spring's component model, and then introduce some more advanced features of the component model.
Transcript: Details of description part II: Describing images in practice - T...BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and slides: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Em...Erasmo Purificato
Slide of the tutorial entitled "Paradigm Shifts in User Modeling: A Journey from Historical Foundations to Emerging Trends" held at UMAP'24: 32nd ACM Conference on User Modeling, Adaptation and Personalization (July 1, 2024 | Cagliari, Italy)
How RPA Help in the Transportation and Logistics Industry.pptxSynapseIndia
Revolutionize your transportation processes with our cutting-edge RPA software. Automate repetitive tasks, reduce costs, and enhance efficiency in the logistics sector with our advanced solutions.
In this follow-up session on knowledge and prompt engineering, we will explore structured prompting, chain of thought prompting, iterative prompting, prompt optimization, emotional language prompts, and the inclusion of user signals and industry-specific data to enhance LLM performance.
Join EIS Founder & CEO Seth Earley and special guest Nick Usborne, Copywriter, Trainer, and Speaker, as they delve into these methodologies to improve AI-driven knowledge processes for employees and customers alike.
GDG Cloud Southlake #34: Neatsun Ziv: Automating AppsecJames Anderson
The lecture titled "Automating AppSec" delves into the critical challenges associated with manual application security (AppSec) processes and outlines strategic approaches for incorporating automation to enhance efficiency, accuracy, and scalability. The lecture is structured to highlight the inherent difficulties in traditional AppSec practices, emphasizing the labor-intensive triage of issues, the complexity of identifying responsible owners for security flaws, and the challenges of implementing security checks within CI/CD pipelines. Furthermore, it provides actionable insights on automating these processes to not only mitigate these pains but also to enable a more proactive and scalable security posture within development cycles.
The Pains of Manual AppSec:
This section will explore the time-consuming and error-prone nature of manually triaging security issues, including the difficulty of prioritizing vulnerabilities based on their actual risk to the organization. It will also discuss the challenges in determining ownership for remediation tasks, a process often complicated by cross-functional teams and microservices architectures. Additionally, the inefficiencies of manual checks within CI/CD gates will be examined, highlighting how they can delay deployments and introduce security risks.
Automating CI/CD Gates:
Here, the focus shifts to the automation of security within the CI/CD pipelines. The lecture will cover methods to seamlessly integrate security tools that automatically scan for vulnerabilities as part of the build process, thereby ensuring that security is a core component of the development lifecycle. Strategies for configuring automated gates that can block or flag builds based on the severity of detected issues will be discussed, ensuring that only secure code progresses through the pipeline.
Triaging Issues with Automation:
This segment addresses how automation can be leveraged to intelligently triage and prioritize security issues. It will cover technologies and methodologies for automatically assessing the context and potential impact of vulnerabilities, facilitating quicker and more accurate decision-making. The use of automated alerting and reporting mechanisms to ensure the right stakeholders are informed in a timely manner will also be discussed.
Identifying Ownership Automatically:
Automating the process of identifying who owns the responsibility for fixing specific security issues is critical for efficient remediation. This part of the lecture will explore tools and practices for mapping vulnerabilities to code owners, leveraging version control and project management tools.
Three Tips to Scale the Shift Left Program:
Finally, the lecture will offer three practical tips for organizations looking to scale their Shift Left security programs. These will include recommendations on fostering a security culture within development teams, employing DevSecOps principles to integrate security throughout the development
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
UiPath Community Day Kraków: Devs4Devs ConferenceUiPathCommunity
We are honored to launch and host this event for our UiPath Polish Community, with the help of our partners - Proservartner!
We certainly hope we have managed to spike your interest in the subjects to be presented and the incredible networking opportunities at hand, too!
Check out our proposed agenda below 👇👇
08:30 ☕ Welcome coffee (30')
09:00 Opening note/ Intro to UiPath Community (10')
Cristina Vidu, Global Manager, Marketing Community @UiPath
Dawid Kot, Digital Transformation Lead @Proservartner
09:10 Cloud migration - Proservartner & DOVISTA case study (30')
Marcin Drozdowski, Automation CoE Manager @DOVISTA
Pawel Kamiński, RPA developer @DOVISTA
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
09:40 From bottlenecks to breakthroughs: Citizen Development in action (25')
Pawel Poplawski, Director, Improvement and Automation @McCormick & Company
Michał Cieślak, Senior Manager, Automation Programs @McCormick & Company
10:05 Next-level bots: API integration in UiPath Studio (30')
Mikolaj Zielinski, UiPath MVP, Senior Solutions Engineer @Proservartner
10:35 ☕ Coffee Break (15')
10:50 Document Understanding with my RPA Companion (45')
Ewa Gruszka, Enterprise Sales Specialist, AI & ML @UiPath
11:35 Power up your Robots: GenAI and GPT in REFramework (45')
Krzysztof Karaszewski, Global RPA Product Manager
12:20 🍕 Lunch Break (1hr)
13:20 From Concept to Quality: UiPath Test Suite for AI-powered Knowledge Bots (30')
Kamil Miśko, UiPath MVP, Senior RPA Developer @Zurich Insurance
13:50 Communications Mining - focus on AI capabilities (30')
Thomasz Wierzbicki, Business Analyst @Office Samurai
14:20 Polish MVP panel: Insights on MVP award achievements and career profiling
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
INDIAN AIR FORCE FIGHTER PLANES LIST.pdfjackson110191
These fighter aircraft have uses outside of traditional combat situations. They are essential in defending India's territorial integrity, averting dangers, and delivering aid to those in need during natural calamities. Additionally, the IAF improves its interoperability and fortifies international military alliances by working together and conducting joint exercises with other air forces.
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Video traffic on the Internet is constantly growing; networked multimedia applications consume a predominant share of the available Internet bandwidth. A major technical breakthrough and enabler in multimedia systems research and of industrial networked multimedia services certainly was the HTTP Adaptive Streaming (HAS) technique. This resulted in the standardization of MPEG Dynamic Adaptive Streaming over HTTP (MPEG-DASH) which, together with HTTP Live Streaming (HLS), is widely used for multimedia delivery in today’s networks. Existing challenges in multimedia systems research deal with the trade-off between (i) the ever-increasing content complexity, (ii) various requirements with respect to time (most importantly, latency), and (iii) quality of experience (QoE). Optimizing towards one aspect usually negatively impacts at least one of the other two aspects if not both. This situation sets the stage for our research work in the ATHENA Christian Doppler (CD) Laboratory (Adaptive Streaming over HTTP and Emerging Networked Multimedia Services; https://athena.itec.aau.at/), jointly funded by public sources and industry. In this talk, we will present selected novel approaches and research results of the first year of the ATHENA CD Lab’s operation. We will highlight HAS-related research on (i) multimedia content provisioning (machine learning for video encoding); (ii) multimedia content delivery (support of edge processing and virtualized network functions for video networking); (iii) multimedia content consumption and end-to-end aspects (player-triggered segment retransmissions to improve video playout quality); and (iv) novel QoE investigations (adaptive point cloud streaming). We will also put the work into the context of international multimedia systems research.
MYIR Product Brochure - A Global Provider of Embedded SOMs & SolutionsLinda Zhang
This brochure gives introduction of MYIR Electronics company and MYIR's products and services.
MYIR Electronics Limited (MYIR for short), established in 2011, is a global provider of embedded System-On-Modules (SOMs) and
comprehensive solutions based on various architectures such as ARM, FPGA, RISC-V, and AI. We cater to customers' needs for large-scale production, offering customized design, industry-specific application solutions, and one-stop OEM services.
MYIR, recognized as a national high-tech enterprise, is also listed among the "Specialized
and Special new" Enterprises in Shenzhen, China. Our core belief is that "Our success stems from our customers' success" and embraces the philosophy
of "Make Your Idea Real, then My Idea Realizing!"
Are you interested in dipping your toes in the cloud native observability waters, but as an engineer you are not sure where to get started with tracing problems through your microservices and application landscapes on Kubernetes? Then this is the session for you, where we take you on your first steps in an active open-source project that offers a buffet of languages, challenges, and opportunities for getting started with telemetry data.
The project is called openTelemetry, but before diving into the specifics, we’ll start with de-mystifying key concepts and terms such as observability, telemetry, instrumentation, cardinality, percentile to lay a foundation. After understanding the nuts and bolts of observability and distributed traces, we’ll explore the openTelemetry community; its Special Interest Groups (SIGs), repositories, and how to become not only an end-user, but possibly a contributor.We will wrap up with an overview of the components in this project, such as the Collector, the OpenTelemetry protocol (OTLP), its APIs, and its SDKs.
Attendees will leave with an understanding of key observability concepts, become grounded in distributed tracing terminology, be aware of the components of openTelemetry, and know how to take their first steps to an open-source contribution!
Key Takeaways: Open source, vendor neutral instrumentation is an exciting new reality as the industry standardizes on openTelemetry for observability. OpenTelemetry is on a mission to enable effective observability by making high-quality, portable telemetry ubiquitous. The world of observability and monitoring today has a steep learning curve and in order to achieve ubiquity, the project would benefit from growing our contributor community.
2. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
ABOUT ME
About Josh Long (⻰龙之春)
Spring Developer Advocate, Pivotal
Jean Claude
van Damme!
Java mascot Duke
@starbuxman
josh@joshlong.com
slideshare.net/joshlong
github.com/joshlong
speakerdeck.com/joshlong
some thing’s I’ve authored...
3. T H E S P R I N G R E S T S TA C K
Starting with Spring
4. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
SPRING IO
XD
BOOT
GRAILS
Stream, Taps, Jobs
Bootable, Minimal, Ops-Ready
Full-stack, Web
INTEGRATION
BATCH
BIG DATA
WEB
Channels, Adapters,
Filters, Transformers
Jobs, Steps,
Readers, Writers
Ingestion, Export,
Orchestration, Hadoop
Controllers, REST,
WebSocket
DATA
RELATIONAL
NON-RELATIONAL
CORE
FRAMEWORK
SECURITY
GROOVY
REACTOR
5. A NEW HOME FOR SPRING
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
6. A NEW HOME FOR SPRING
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
15. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
MODEL VIEW CONTROLLER
stop me if
you’ve heard
this one before ...
incoming
requests
delegate
request
DispatcherServlet
model
delegate
rendering of
response
return
response
model
return
control
render
response
view
template
controller
17. INSTALLING SPRING MVC
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
WebApplicationInitializer ~= Java web.xml
!
public class SampleWebApplicationInitializer implements WebApplicationInitializer {
!
public void onStartup(ServletContext sc) throws ServletException {
AnnotationConfigWebApplicationContext ac = new AnnotationConfigWebApplicationContext();
ac.setServletContext(sc);
ac.scan( “a.package.full.of.services”, “a.package.full.of.controllers” );
!
sc.addServlet("spring", new DispatcherServlet(ac));
!
// register filters, other servlets, etc., to get Spring and Spring Boot working
}
}
18. INSTALLING SPRING MVC
or, just fill out the form...
public class SimplerDispatcherServletInitializer
extends AbstractAnnotationConfigDispatcherServletInitializer {
!
!
!
}
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class<?>[]{ ServiceConfiguration.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class<?>[]{ WebMvcConfiguration.class };
}
@Override
protected String[] getServletMappings() {
return new String[]{"/*"};
}
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
19. INSTALLING SPRING MVC
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
or, just use Spring Boot and never worry about it
@ComponentScan
@EnableAutoConfiguration
public class Application extends SpringBootServletInitializer {
!
private static Class< Application> applicationClass = Application.class;
!
!
}
!
public static void main(String[] args) {
SpringApplication.run(applicationClass);
}
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(applicationClass);
}
20. A RICH SERVLET TOOLKIT
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
other niceties Spring’s web support provides:
HttpRequestHandlers supports remoting technologies : Caucho, HTTP Invoker, etc.
DelegatingFilterProxy javax.filter.Filter that delegates to a Spring-managed bean
HandlerInterceptor wraps requests to HttpRequestHandlers
ServletWrappingController lets you force requests to a servlet through the Spring Handler chain
WebApplicationContextUtils look up the current ApplicationContext given a ServletContext
HiddenHttpMethodFilter routes HTTP requests to the appropriate endpoint
21. T H E S P R I N G R E S T S TA C K
REST Essentials
22. MOTIVATIONS FOR REST
meanwhile, in the enterprise,
somebody is using SOAP
because it’s “SIMPLE”
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
23. WHAT IS REST?
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
REST is an architectural constraint based on HTTP 1.1,
and created as part of Roy Fielding’s doctoral
dissertation in 2000.
It embraces HTTP.
It’s a style, not a standard
http://en.wikipedia.org/wiki/Representational_state_transfer
30. STATUS CODES
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
200 OK - Everything worked
!
201 Created - Returns a Location header for new resource
!
202 Accepted - server has accepted the request, but it is not yet
complete. Status URI optionally conveyed in Location header
31. STATUS CODES
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
400 Bad Request - Malformed Syntax. Retry with change.
!
401 Unauthorized - authentication is required
403 Forbidden - server has understood, but refuses request
404 Not Found - server can’t find a resource for URI
406 Incompatible - incompatible Accept headers specified
409 Conflict - resource conflicts with client request
40. THE MATURITY MODEL
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
The Richardson Maturity Model
Level 0: swamp of POX
Uses HTTP mainly as a tunnel through one URI
e.g., SOAP, XML-RPC
Usually features on HTTP verb (POST)
http://martinfowler.com/articles/richardsonMaturityModel.html
41. THE MATURITY MODEL
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
The Richardson Maturity Model
Level 1: resources
Multiple URIs to distinguish related nouns
e.g., /articles/1, /articles/2, vs. just /articles
http://martinfowler.com/articles/richardsonMaturityModel.html
42. THE MATURITY MODEL
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
The Richardson Maturity Model
Level 2: HTTP verbs
leverage transport-native properties to enhance service
e.g., HTTP GET and PUT and DELETE and POST
Uses idiomatic HTTP controls like status codes, headers
http://martinfowler.com/articles/richardsonMaturityModel.html
44. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
HATEOAS
The Richardson Maturity Model
Level 3: Hypermedia Controls (aka, HATEOAS)
No a priori knowledge of service required
Navigation options are provided by service and hypermedia controls
Promotes longevity through a uniform interface
http://martinfowler.com/articles/richardsonMaturityModel.html
45. HATEOAS
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Links provide possible navigations from a given resource
!
Links are dynamic, based on resource state.
!
<link href=“http://...:8080/users/232/customers”
rel= “customers”/>
!
{ href: “http://...:8080/users/232/customers”,
rel: “customers” }
47. SPRING DATA REST
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Spring Data REST simplifies the
generic data-centric @Controllers
!
Builds on top of Spring Data Repository support:
@RestResource (path = "users", rel = "users")
public interface UserRepository extends PagingAndSortingRepository<User, Long> {
!
!
User findByUsername(@Param ("username") String username);
48. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
SPRING DATA REST
Spring Data REST simplifies the
generic data-centric @Controllers
!
Builds on top of Spring Data Repository support:
@RestResource (path = "users", rel = "users")
public interface UserRepository extends PagingAndSortingRepository<User, Long> {
!
!
!
!
User findByUsername(@Param ("username") String username);
select u from User where u.username = ?
49. SPRING DATA REST
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Spring Data REST simplifies the
generic data-centric @Controllers
!
Builds on top of Spring Data Repository support:
@RestResource (path = "users", rel = "users")
public interface UserRepository extends PagingAndSortingRepository<User, Long> {
!
}
List<User> findUsersByFirstNameOrLastNameOrUsername(
@Param ("firstName") String firstName,
@Param ("lastName") String lastName,
@Param ("username") String username);
50. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
SPRING DATA REST
Spring Data REST simplifies the
generic data-centric @Controllers
!
Builds on top of Spring Data Repository support:
@RestResource (path = "users", rel = "users")
public interface UserRepository extends PagingAndSortingRepository<User, Long> {
!
}
List<User> findUsersByFirstNameOrLastNameOrUsername(
@Param ("firstName") String firstName,
@Param ("lastName") String lastName,
@Param ("username") String username);
select u from User u
where u.username = ?
or u.firstName = ?
or u.lastName = ?
51. T H E S P R I N G R E S T S TA C K
Testing REST
53. T H E S P R I N G R E S T S TA C K
Error Handling
54. HANDLING ERRORS IN A REST API
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Developers learn to use an API through errors
Extreme programming and Test-Driven development
embrace this truth
!
Errors introduce transparency
55. STATUS CODES
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Status codes map to errors
pick a meaningful subset of the
70+ status codes
200 - OK
201 - Created
304 - Created - Not Modified
400 - Bad Request
401 - Unauthorized
403 - Forbidden
404 - Not Found
500 - Internal Server Error
https://blog.apigee.com/detail/restful_api_design_what_about_errors
56. DESCRIPTIVE ERRORS
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Send meaningful errors along with status codes
{
"message": "authentication failed",
"errors": [
{
"resource": "Issue",
"field": "title",
"code": "missing_field"
}
]
}
{
"type": "authentication",
"message": “the username and
password provided are invalid” ,
"status": “401”
}
https://blog.apigee.com/detail/restful_api_design_what_about_errors
63. SPRING SECURITY
Security is hard. Don’t reinvent
the wheel!
!
Things to worry about when developing
web applications? EVERYTHING
!
(cross-site scripting, session fixation, identification,
authorization, and authentication, encryption, and SO
much more.)
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
64. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
SPRING SECURITY
Spring Security is a modern security
framework for a modern age
!
Yes
client submits
authentication
credentials
Authentication
Mechanism
collects the details
No - retry!
Authentication is
valid?
Store Authentication in
SecurityContextHolder
process original request
65. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
SPRING SECURITY
Spring Security is a modern security
framework for a modern age
!
Yes
client submits
authentication
credentials
Authentication
Mechanism
collects the details
Authentication
Store Authentication in
SecurityContextHolder
Authentication is
valid?
Mechanism collects the details!
!
No AuthenticationRequest is sent to AuthenticationManager!
- retry!
!
(passes it through a chain of AuthenticationProviders)!
!
AuthenticationProvider asks a UserDetailsService for a UserDetails!
!
The UserDetails object is used to build an Authentication object!
!
!
process original request
67. SECURING REST SERVICES
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Usernames and Passwords
!
If you can trust the client to keep a secret like a password, then it
can send the password using:
...HTTP Basic - passwords are sent plaintext!
... HTTP Digest - hashed passwords, but still plaintext.
SSL/TLS encryption helps prevent man-in-the-middle attacks
69. SSL AND TLS
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
SSL/TLS is used routinely to verify the identify of servers.
!
Normally, the client confirms the server, but the server rarely requires the
client to transmit a certificate.
!
It’s easy enough to setup SSL/TLS on your web server.
!
71. SSL AND TLS
SSL/TLS can be used to
identify the client to the server,
through mutual authentication.
!
!
browser/client must send their
certificate, as well.
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
@Override
protected void configure(HttpSecurity http)
throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.x509();
}
74. THE TROUBLE WITH PASSWORDS
Tim Bray says: Passwords don’t scale
!
Too easy to compromise.
!
Updating all your clients whenever you change
your password would be a nightmare!
!
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
75. THE TROUBLE WITH PASSWORDS
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
78. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
OAUTH
OAuth is a way for one (automated) process to securely
identify itself to another
!
Assumes a user context:
!
!
“I authorize $CLIENTX to act on $USER_Y’s behalf”
OAuth is a way of authorizing a client with particular access (scopes)
!
92. GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
MICRO SERVICE ARCHITECTURE
Micro Services ...
!
Promote single responsibility principle
!
*
Promote loosely coupled, focused services.
!
(SOLID at the architecture level)
Don’t like it? Throw it away!
*
In object-oriented programming, the single responsibility principle states that every class
should have a single responsibility, and that responsibility should be entirely encapsulated by the
class. All its services should be narrowly aligned with that responsibility.!
http://en.wikipedia.org/wiki/Single_responsibility_principle
93. EMBEDDED WEB SERVERS
Spring Boot supports Apache Tomcat 7 by default.
!
Easy to switch to Jetty, or Tomcat 8
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
101. NEXT STEPS
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Spring IO Guides
http://spring.io/guides
!
Roy Fielding’s Dissertation introduces REST
http://www.ics.uci.edu/~fielding/pubs/dissertation/evaluation.htm#sec_6_1%7C
!
The Spring REST Shell
http://github.com/jbrisbin/rest-shell
!
Spring Security, Security OAuth, Spring Data REST, HATEOAS, Social
http://github.com/spring-projects
!
Spring MVC Test Framework
http://docs.spring.io/spring/docs/4.0.x/spring-framework-reference/html/testing.html
!
102. NEXT STEPS
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
Oliver Gierke’s talk on Hypermedia from Øredev
@ http://vimeo.com/53214577
Lez Hazelwood’s talk on designing a beautiful JSON+REST API
Ben Hale’s talk on REST API design with Spring from SpringOne2GX 2012
@ http://www.youtube.com/watch?v=wylViAqNiRA
My links:
github.com/joshlong/the-spring-rest-stack
slideshare.net/joshlong/rest-apis-with-spring
@starbuxman
!
103. REST DESIGN WITH SPRING
GITHUB.COM/JOSHLONG/THE-SPRING-REST-STACK
@starbuxman
josh@joshlong.com
slideshare.net/joshlong
github.com/joshlong
speakerdeck.com/joshlong
github.com/joshlong/the-spring-rest-stack