Monthly Archives: February 2005

Spring Framework 1.1.5 released

Posted on by Carlos Sanchez
Reply

The Spring Framework has released the 1.1.5 version, the last one before 1.2 release candidate comes out with major improvements as Hibernate 3 and JMX support. As with previous versions I have uploaded it to the maven repository at ibiblio, so maven users can download automatically.

Hi everybody,

I’m pleased to announce that Spring Framework 1.1.5 has just been released. This is the last bug fix and minor enhancement release in the 1.1.x series, featuring many minor improvements such as:

* added overloaded "reject" and "rejectValue" methods without default message to Errors interface and BindException
* added "lookup(name, requiredType)" convenience method to JndiTemplate, matching the JNDI object against the given type
* added "homeInterface" property to AbstractRemoteSlsbInvokerInterceptor, for specifying the home interface to narrow to
* introduced MailMessage interface as common interface for SimpleMailMessage and JavaMail MIME messages
* Log4jConfigurer accepts a "classpath:" URL or a "file:" URL as location too, not just a plain file path
* Log4jConfigurer accepts config files that do not reside in the file system, as long as there is no refresh interval

* added "int[] batchUpdate(String[] sql)" method to JdbcTemplate, for executing a group of SQL statements as a batch
* added C3P0NativeJdbcExtractor for C3P0 0.8.5 or later (for earlier C3P0 versions, use SimpleNativeJdbcExtractor)
* added "maxRows" bean property to JdbcTemplate, allowing to specify the maximum number of rows to be fetched
* added "fetchSize" and "maxRows" bean properties to RdbmsOperation, passing the values to the internal JdbcTemplate
* added ClobStringTypeHandler, BlobByteArrayTypeHandler and BlobSerializableTypeHandler for iBATIS SQL Maps 2.0.9
* ResourceHolderSupport throws TransactionTimedOutException if no time-to-live left (before attempting an operation)
* TransactionSynchronization objects can influence their execution order through implementing the Ordered interface
* JtaTransactionManager is able to work with a JTA TransactionManager only (i.e. without a UserTransaction handle)

* upgraded MockHttpServletRequest to Servlet API 2.4 (added getRemotePort, getLocalName, getLocalAddr, getLocalPort)
* upgraded MockPageContext to JSP API 2.0 (added getExpressionEvaluator, getVariableResolver, overloaded include)
* added "contextOverride" option to ServletContextPropertyPlaceholderConfigurer, letting web.xml override local settings
* added "searchContextAttributes" option to ServletContextPropertyPlaceholderConfigurer, resolving context attributes
* added "clear" and "isEmpty" methods to ModelAndView, allowing to clear the view of a given ModelAndView object
* added JasperReportsMultiFormatView, allowing to specify the output format dynamically via a discriminator in the model
* JSP EL expressions in Spring’s JSP tags will be parsed with JSP 2.0 ExpressionEvaluator on JSP 2.0 (Jakarta JSTL else)
* changed "spring:transform" tag’s "value" attribute from String to Object, to allow for expressions resolved by JSP 2.0

See the changelog for details.

Our next milestone is 1.2 RC1, which we intend to release as soon as possible: with Hibernate3 support, JMX support and further major new features. Nightly 1.2-dev snapshots with Hibernate3 support and JMX support will be available within a few days, so feel free to give 1.2 an early try 🙂

Cheers,
Juergen

Acegi Security: reducing configuration in web.xml

Posted on by Carlos Sanchez
Reply

Until now, to use Acegi Security System for Spring in your web application you needed to add at least three filters and filtermappings to your web.xml, eg. to secure an application using form based authentication these lines had to be present in every web.xml:

<filter>
  <filter-name>Acegi Authentication Processing Filter</filter-name>
  <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
  <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.ui.webapp.AuthenticationProcessingFilter</param-value>
  </init-param>
</filter>
<filter>
  <filter-name>Acegi Security System for Spring Http Session Integration Filter</filter-name>
  <filter-class>net.sf.acegisecurity.ui.webapp.HttpSessionIntegrationFilter</filter-class>
</filter>
<filter>
  <filter-name>Acegi HTTP Request Security Filter</filter-name>
  <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
  <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.intercept.web.SecurityEnforcementFilter</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>Acegi Authentication Processing Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
  <filter-name>Acegi Security System for Spring Http Session Integration Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>
filter-mapping>
  <filter-name>Acegi HTTP Request Security Filter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

With the latest changes in CVS (thanks Ben) you only need to add one filter and filter mapping to web.xml:

<filter>
  <filter-name>Acegi Filter Chain Proxy</filter-name>
  <filter-class>net.sf.acegisecurity.util.FilterToBeanProxy</filter-class>
  <init-param>
    <param-name>targetClass</param-name>
    <param-value>net.sf.acegisecurity.util.FilterChainProxy</param-value>
  </init-param>
</filter>

<filter-mapping>
  <filter-name>Acegi Filter Chain Proxy</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

And a bean definition to the Spring application context, specifying the actual filters and the urls to map. 

<bean id="filterChainProxy"
  class="net.sf.acegisecurity.util.FilterChainProxy">
  <property name="filterInvocationDefinitionSource">
    <value>
      CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
      PATTERN_TYPE_APACHE_ANT
      /**=authenticationProcessingFilter,httpSessionIntegrationFilter,securityEnforcementFilter
    </value>
  </property>
</bean>

This approach allow you to reuse the bean across all your applications, as it won’t change if you’re using the same authentication schema (eg. form based). As a sideeffect also allows using ant patterns or regular expresions in the url mappings.

Hibernate vs JDBC == Maven vs Ant

Posted on by Carlos Sanchez
4

While coding with JDBC directly provides powerful posibilities I
think no one could argue that it’s better coding at such low level in
the vast majority of the cases.

I think Maven does the same to
build systems. Maven doesn’t substitute Ant, abstracts and simplifies
it. For some cases you’ll still need to write Ant build files inside
Maven, as you can write SQL inside hibernate, but you will have the
power from both worlds.

Maven has made a risky bet, as Hibernate
has done, but fortunately both achieved a growing community. Currently
there are too much people asking for features compared to those
implementing them, so I encourage any of you to take the bull by the
horns and become actively involved.

And you should never forget
that behind high level tools and technologies there’re always low level
ones (Maven – Ant, Hibernate – JDBC, Struts – Servlets,…)

Five maven features you must love

Posted on by Carlos Sanchez
3

For those Maven haters out there there are five features that they must
love. Sure they may not like the implementation, but it can be
improved, the most important thing is the idea.

  • Automatic downloading of dependencies.
  • A consistent and standarized directory layout
  • A consistent naming of goals (targets): war, jar, javadoc,…
  • AOP like chain of goals (before invocation and after invocation pointcuts)
  • A declarative descriptor of dependencies and project settings

They can be implemented using Ant, but why reinvent the wheel?

Spring Framework 1.1.4 released

Posted on by Carlos Sanchez
Reply

Juergen Hoeller has announced the release of Spring Framework 1.1.4

I’m pleased to announce that Spring Framework 1.1.4 has finally been released. This is a bugfix and minor enhancement release in the 1.1 series.
Among the new features are:

* added LazyInitTargetSource, lazily accessing a singleton from a BeanFactory (lazily initializing on first call)
* added ServiceLocatorFactoryBean, allowing to map custom service locator interface methods to BeanFactory.getBean calls
* reworked ResourcePatternResolver to extend ResourceLoader, for ResourcePatternResolver checks in ResourceLoaderAware
* made BindException serializable, provided that the contained target object is serializable

* added LazyConnectionDataSourceProxy, for lazily fetching JDBC Connections with native JDBC or Hibernate transactions
* added "Sybase-jConnect" to default sql-error-codes.xml file, for database product name "Adaptive Server Enterprise"
* added overloaded "queryForList"/"queryForObject"/"queryForLong"/"queryForInt" methods with arg types to JdbcTemplate
* added "alwaysUseNewSession" flag to HibernateTemplate, enforcing a new Session even in case of a pre-bound Session
* HibernateTemplate proxies exposed Sessions by default, applying query cache settings and transaction timeouts

* added "isConnectFailure(RemoteException)" hook to AbstractRemoteSlsbInvokerInterceptor, for customized failure checks
* added "isConnectFailure(RemoteException)" hook to (Jndi)RmiClientInterceptor, for customized connect failure checks
* added JaxRpcServicePostProcessor interface, intended for reusable custom type mappings etc for a JAX-RPC service
* added "servicePostProcessors" property to LocalJaxRpcServiceFactory and subclasses (incl. JaxRpcPortProxyFactoryBean)

* added "messageIdEnabled" and "messageTimestampEnabled" properties to JmsTemplate, to disable id/timestamp on producer
* added "pubSubNoLocal" property to JmsTemplate, leading to the NoLocal flag being specified on MessageConsumer creation
* added "receiveSelected" and "receivedSelectedAndConvert" methods to JmsTemplate, accepting JMS message selectors
* added "schedulerListeners", "(global)JobListeners", "(global)TriggerListeners" bean properties to SchedulerFactoryBean
* added "jobListenerNames"/"triggerListenerNames" property to JobDetailBean, CronTriggerBean, SimpleTriggerBean (resp.)

* added ServletContextAttributeFactoryBean, exposing an existing ServletContext attribute for bean references
* added ServletContextAttributeExporter, taking Spring-defined objects and exposing them as ServletContext attributes
* added ServletContextPropertyPlaceholderConfigurer, a subclass that falls back to web.xml context-param entries
* added "publishEvents" init-param to FrameworkServlet, allowing to turn off the publishing of RequestHandledEvents
* Spring JSP tags work outside DispatcherServlet too, falling back to root WebApplicationContext and JSTL/request locale