Jump to content

Spring Framework

From Wikipedia, the free encyclopedia
(Redirected from CVE-2022-22965)
Spring Framework
Developer(s)VMware
Initial release1 October 2002; 22 years ago (2002-10-01)
Stable release
6.2.0[1] Edit this on Wikidata / 14 November 2024; 11 days ago (14 November 2024)
Repository
Written inJava
PlatformJava EE
TypeApplication framework
LicenseApache License 2.0
Websitespring.io/projects/spring-framework Edit this on Wikidata

The Spring Framework is an application framework and inversion of control container for the Java platform.[2] The framework's core features can be used by any Java application, but there are extensions for building web applications on top of the Java EE (Enterprise Edition) platform. The framework does not impose any specific programming model.[citation needed]. The framework has become popular in the Java community as an addition to the Enterprise JavaBeans (EJB) model.[3] The Spring Framework is free and open source software.[4]: 121–122 [5]

Version history

[edit]
Version Date Notes
0.9 2003
1.0 March 24, 2004 First production release.
2.0 2006
3.0 2009
4.0 2013
5.0 2017
6.0 November 22, 2022
6.1 November 16, 2023
6.2 November 14, 2024

The first version was written by Rod Johnson, who released the framework with the publication of his book Expert One-on-One J2EE Design and Development in October 2002. The framework was first released under the Apache 2.0 license in June 2003. The first production release, 1.0, was released in March 2004.[6] The Spring 1.2.6 framework won a Jolt productivity award and a JAX Innovation Award in 2006.[7][8] Spring 2.0 was released in October 2006, Spring 2.5 in November 2007, Spring 3.0 in December 2009, Spring 3.1 in December 2011, and Spring 3.2.5 in November 2013.[9] Spring Framework 4.0 was released in December 2013.[10] Notable improvements in Spring 4.0 included support for Java SE (Standard Edition) 8, Groovy 2,[11][12] some aspects of Java EE 7, and WebSocket.[13]

Spring Framework 4.2.0 was released on 31 July 2015 and was immediately upgraded to version 4.2.1, which was released on 01 Sept 2015.[14] It is "compatible with Java 6, 7 and 8, with a focus on core refinements and modern web capabilities".[15]

Spring Framework 4.3 has been released on 10 June 2016 and was supported until 2020.[16] It was announced to "be the final generation within the general Spring 4 system requirements (Java 6+, Servlet 2.5+), [...]".[15]

Spring 5 is announced to be built upon Reactive Streams compatible Reactor Core.[17][obsolete source]

Spring Framework 6.0 has been released on 16 November 2022 and came with a Java 17+ baseline and a move to Jakarta EE 9+ (in the jakarta namespace), with a focus on the recently released Jakarta EE 10 APIs such as Servlet 6.0 and JPA 3.1.[18]

Modules

[edit]

The Spring Framework includes several modules that provide a range of services:

Spring modules are packaged as JAR files.[46] These artifacts can be accessed via the Maven Central Repository using Maven[47] or Gradle.[48]

Inversion of control container

[edit]

The inversion of control (IoC) container is the core container in the Spring Framework.[2] It provides a consistent means of configuring and managing Java objects[2][4]: 127–131  using reflection.[49] The container is responsible for managing object lifecycles of specific objects:[4]: 128  creating these objects,[50] calling their initialization methods,[49] and configuring these objects by wiring them together.[51]

In many cases, one need not use the container when using other parts of the Spring Framework, although using it will likely make an application easier to configure and customize. The Spring container provides a consistent mechanism to configure applications[4]: 122  and integrates with almost all Java environments, from small-scale applications to large enterprise applications.

The programmer does not directly create an object, but describes how it should be created, by defining it in the Spring configuration file. Similarly, services and components are not called directly; instead a Spring configuration file defines which services and components must be called. This IoC is intended to increase the ease of maintenance and testing.

Creating and managing beans

[edit]

Objects created by the container are called managed objects or beans.[52] The container can be configured by loading XML (Extensible Markup Language) files[50][4]: 151–152  or detecting specific Java annotations on configuration classes. These data sources contain the bean definitions that provide the information required to create the beans.

The @Configuration is a Spring-specific annotation that marks a class as the configuration class. The configuration class provides the beans to the Spring ApplicationContext.[53] Each of the methods in the Spring configuration class is configured with the @Bean annotation. The ApplicationContext interface will then return the objects configured with the @Bean annotation as beans. The advantage of java-based configuration over XML-based configuration is better type safety and refactorability.[53]

Types of Inversion of Control

[edit]

There are several types of Inversion of Control. Dependency injection and dependency lookup are examples of Inversion of Control.[54] Objects can be obtained by means of either dependency lookup or dependency injection.[4]: 127 [55]

Dependency Injection
[edit]

Dependency injection is a pattern where the container passes objects[4]: 128  by name to other objects, via either constructors,[4]: 128  properties, or factory methods. There are several ways to implement dependency injection: constructor-based dependency injection, setter-based dependency injection and field-based dependency injection.[56]

Dependency Lookup
[edit]

Dependency lookup is a pattern where a caller asks the container object for an object with a specific name or of a specific type.

Autowiring

[edit]

The Spring framework has a feature known as autowiring, which uses the spring container to automatically satisfy the dependencies specified in the JavaBean properties to objects of the appropriate type in the current factory.[57] This can only occur if there is only one object with the appropriate type.[57]

There are several annotations that can be used for autowiring POJOs, including the Spring-specific annotation @Autowire (as well as several other Spring-specific annotations that help resolve autowire ambiguity such as the @Qualifier or @Primary annotations),[58][59] and the standard Java annotations @Resource and @Inject.[60]

The @Qualifier annotation can be used on a class that defines a bean to inform Spring to prioritize the bean creation when autowiring it by name.[59]

The @Primary annotation can be used on a class that defines a bean to inform Spring to prioritize the bean creation when autowiring it by type.[59]

The @Resource annotation is an annotation that conforms to JSR 250, or Common Annotations for the Java Platform. The @Resource annotation is used for autowiring references to POJOs by name.[60] The @Inject annotation is annotation that conforms to JSR 300, or Standard Annotations for injection. The @Inject annotation is used for autowiring references to POJOs by type.[60]

Aspect-oriented programming framework

[edit]

The Spring Framework has its own Aspect-oriented programming (AOP) framework that modularizes cross-cutting concerns in aspects.[61] The motivation for creating a separate AOP framework is to provide basic AOP features without too much complexity in either design, implementation, or configuration. The Spring AOP framework takes full advantage of the Spring container.

The Spring AOP framework is proxy pattern-based.[62][24] It is configured at run time.[citation needed] This removes the need for a compilation step or load-time weaving.[citation needed] On the other hand, interception only allows for public method-execution on existing objects at a join point.[citation needed]

Compared to the AspectJ framework, Spring AOP is less powerful, but also less complicated.[citation needed] Spring 1.2 includes support to configure AspectJ aspects in the container. Spring 2.0 added more integration with AspectJ; for example, the pointcut language is reused and can be mixed with Spring AOP-based aspects.[citation needed] Further, Spring 2.0 added a Spring Aspects library that uses AspectJ to offer common Spring features such as declarative transaction management[62] and dependency injection via AspectJ compile-time or load-time weaving.[63] SpringSource uses AspectJ AOP in other Spring projects such as Spring Roo and Spring Insight, with Spring Security offering an AspectJ-based aspect library.[citation needed]

Spring AOP has been designed to work with cross-cutting concerns inside the Spring Framework.[4]: 473  Any object which is created and configured by the container can be enriched using Spring AOP.

The Spring Framework uses Spring AOP internally for transaction management, security, remote access, and JMX.[citation needed]

Since version 2.0 of the framework, Spring provides two approaches to the AOP configuration:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:mvc="http://www.springframework.org/schema/mvc" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:aop="http://www.springframework.org/schema/aop" 
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/mvc
        http://www.springframework.org/schema/mvc/spring-mvc.xsd
        http://www.springframework.org/schema/aop 
        http://www.springframework.org/schema/aop/spring-aop.xsd">

The Spring team decided not to introduce new AOP-related terminology. Therefore, in the Spring reference documentation and API, terms such as aspect, join point, advice, pointcut, introduction, target object (advised object), AOP proxy, and weaving all have the same meanings[citation needed] as in most other AOP frameworks (particularly AspectJ).

Data access framework

[edit]

Spring's data access framework addresses common difficulties developers face when working with databases in applications. Support is provided for all popular data access frameworks in Java: JDBC, iBatis/MyBatis,[32] Hibernate,[32] Java Data Objects (JDO, discontinued since 5.x),[32] Jakarta Persistence API (JPA),[32] Oracle TopLink, Apache OJB, and Apache Cayenne, among others.

For all of these supported frameworks, Spring provides these features

  • Resource management – automatically acquiring and releasing database resources
  • Exception handling – translating data access related exception to a Spring data access hierarchy[66]
  • Transaction participation – transparent participation in ongoing transactions[4]: 290–291 
  • Resource unwrapping – retrieving database objects from connection pool wrappers
  • Abstraction for binary large object (BLOB) and character large object (CLOB) handling

All these features become available when using template classes provided by Spring for each supported framework.[67] Critics have said these template classes are intrusive and offer no advantage over using (for example) the Hibernate API directly.[68][failed verification] In response, the Spring developers have made it possible to use the Hibernate and JPA APIs directly. This however requires transparent transaction management, as application code no longer assumes the responsibility to obtain and close database resources,[69] and does not support exception translation.[70]

Together with Spring's transaction management, its data access framework offers a flexible abstraction for working with data access frameworks. The Spring Framework doesn't offer a common data access API; instead, the full power of the supported APIs is kept intact.[citation needed] The Spring Framework is the only framework available in Java that offers managed data access environments outside of an application server or container.[71][better source needed]

While using Spring for transaction management with Hibernate, the following beans may have to be configured:

  • A Datasource like com.mchange.v2.c3p0.ComboPooledDataSource or org.apache.commons.dbcp.BasicDataSource[32]
  • A SessionFactory like org.springframework.orm.hibernate3.LocalSessionFactoryBean with a DataSource attribute[72][4]: 173 
  • A HibernateProperties[4]: 173  like org.springframework.beans.factory.config.PropertiesFactoryBean
  • A TransactionManager like org.springframework.orm.hibernate3.HibernateTransactionManager with a SessionFactory attribute[72]

Other points of configuration include:

  • An AOP configuration of cutting points.
  • Transaction semantics of AOP advice[clarify].

Transaction management

[edit]

Spring's transaction management framework brings an abstraction mechanism to the Java platform.[73] Its abstraction is capable of:

In comparison, Java Transaction API (JTA) only supports nested transactions and global transactions, and requires an application server (and in some cases, deployment of applications in an application server).

The Spring Framework ships a PlatformTransactionManager[75] for a number of transaction management strategies:

  • Transactions managed on a JDBC Connection[73]
  • Transactions managed on Object-relational mapping Units of Work[73]
  • Transactions managed via the JTA[73]JtaTransactionManager[76][4]: 255–257  and UserTransaction[4]: 234 
  • Transactions managed on other resources, like object databases

Next to this abstraction mechanism the framework provides two ways of adding transaction management to applications:

  • Procedurally, by using Spring's TransactionTemplate[77]
  • Declaratively, by using metadata like XML or Java annotations (@Transactional,[62] etc.)

Together with Spring's data access framework – which integrates the transaction management framework – it is possible to set up a transactional system through configuration without having to rely on JTA or EJB. The transactional framework also integrates with messaging[78] and caching[79] engines.

Model–view–controller framework

[edit]
Spring MVC/Web Reactive presentation given by Jürgen Höller

The Spring Framework features its own model–view–controller (MVC) web application framework,[35] which was not originally planned. The Spring developers decided to write their own Web framework as a reaction to what they perceived as the poor design of the (then) popular Jakarta Struts Web framework,[80][failed verification] as well as deficiencies in other available frameworks. In particular, they felt there was insufficient separation between the presentation and request handling layers, and between the request handling layer and the model.[81]

Like Struts, Spring MVC is a request-based framework.[4]: 375  The framework defines strategy interfaces[4]: 144  for all of the responsibilities that must be handled by a modern request-based framework. The goal of each interface is to be simple and clear so that it's easy for Spring MVC users to write their own implementations, if they so choose. MVC paves the way for cleaner front end code. All interfaces are tightly coupled to the Servlet API. This tight coupling to the Servlet API is seen by some as a failure on the part of the Spring developers to offer a high level of abstraction for Web-based applications [citation needed]. However, this coupling ensures that the features of the Servlet API remain available to developers while offering a high abstraction framework to ease working with it.

The DispatcherServlet class is the front controller[82] of the framework and is responsible for delegating control to the various interfaces during the execution phases of an HTTP request.[83]

The most important interfaces defined by Spring MVC, and their responsibilities, are listed below:[84]

  • Controller: comes between Model and View to manage incoming requests and redirect to proper response.[85] Controller will map the http request to corresponding methods.[86] It acts as a gate that directs the incoming information. It switches between going into Model or View.
  • HandlerAdapter: responsible for execution of objects that handle incoming requests.[87]
  • HandlerInterceptor: responsible for intercepting incoming requests.[87] Comparable, but not equal to Servlet filters[4]: 509  (use is optional[4]: 511  and not controlled by DispatcherServlet).
  • HandlerMapping: responsible for selecting objects that handle incoming requests (handlers) based on any attribute or condition internal or external to those requests[83]
  • LocaleResolver: responsible for resolving and optionally saving of the locale of an individual user.[88]
  • MultipartResolver: facilitate working with file uploads by wrapping incoming requests.[89]
  • View: responsible for returning a response to the client. The View should not contain any business logic and should only present the data encapsulated by the Model.[35] Some requests may go straight to View without going to the Model part; others may go through all three.
  • ViewResolver: responsible for selecting a View based on a logical name for the View[90][91] (use is not strictly required[4]: 511 ).
  • Model: responsible for encapsulating business data.[90] The Model is exposed to the view by the controller.[4]: 374  (use is not strictly required).

Each strategy interface above has an important responsibility in the overall framework. The abstractions offered by these interfaces are powerful, so to allow for a set of variations in their implementations.[4]: 144  Spring MVC ships with implementations of all these interfaces and offers a feature set on top of the Servlet API. However, developers and vendors are free to write other implementations. Spring MVC uses the Java java.util.Map interface as a data-oriented abstraction for the Model where keys are expected to be String values.[citation needed]

The ease of testing the implementations of these interfaces is one important advantage of the high level of abstraction offered by Spring MVC.[92][4]: 324  DispatcherServlet is tightly coupled to the Spring inversion of control container for configuring the web layers of applications. However, web applications can use other parts of the Spring Framework, including the container, and choose not to use Spring MVC.

A workflow of Spring MVC

[edit]

When a user clicks a link or submits a form in their web-browser, the request goes to the Spring DispatcherServlet. DispatcherServlet is a front-controller in Spring MVC.[83][93] The DispatcherServlet is highly customizable and flexible.[93] Specifically, it is capable of handling more types of handlers than any implementations of org. springframework.web.servlet.mvc.Controller or org. springframework.stereotype.Controller annotated classes.[93] It consults one or more handler mappings.[83] DispatcherServlet chooses an appropriate controller and forwards the request to it. The Controller processes the particular request and generates a result. It is known as Model. This information needs to be formatted in html or any front-end technology like Jakarta Server Pages (also known as JSP)[83][94] or Thymeleaf.[94] This is the View of an application.[83] All of the information is in the Model And View object. When the controller is not coupled to a particular view, DispatcherServlet finds the actual View (such as JSP) with the help of ViewResolver.[83][4]: 390–391 

Configuration of DispatcherServlet

[edit]

As of Servlet Specification version 3.0, there are a few ways of configuring the DispatcherServlet:[95]

  • By configuring it in web.xml as shown below:[95]
<servlet>
  <servlet-name>MyServlet</servlet-name>
  <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>

<servlet-mapping>
  <servlet-name>MyServlet</servlet-name>
  <url-pattern>/<url-pattern>
</servlet-mapping>
  • By configuring it in web-fragment.xml[95]
  • By using javax.servlet.ServletContainerInitializer[95]
  • By implementing the org.springframework.web.WebApplicationInitializer interface.[95]
  • By using the built-in autoconfiguration for Spring Boot, which uses the SpringBootServletInitializer class.lm[95]

Remote access framework

[edit]

Spring's Remote Access framework is an abstraction for working with various RPC (remote procedure call)-based technologies available on the Java platform both for client connectivity and marshalling objects on servers.[96] The most important feature offered by this framework is to ease configuration and usage of these technologies as much as possible by combining inversion of control and AOP.

The framework provides fault-recovery (automatic reconnection after connection failure) and some optimizations for client-side use of EJB remote stateless session beans.

Spring provides support for these protocols and products out of the box

  • HTTP-based protocols
    • Hessian: binary serialization protocol,[97][4]: 335  open-sourced[4]: 335  and maintained by CORBA-based protocols[citation needed]. Hessian is maintained by the company Caucho.[4]: 335  Hessian is suitable for stateless remoting needs, in particular, Java-to-Java communication.[4]: 335–336 
    • Burlap: An XML-based binary protocol that is open-sourced and also maintained by the company Caucho.[97][4]: 335  The only advantage of using Burlap instead of Hessian is that it is XML-parsable and human readable.[4]: 335  For Java-to-Java communication, the Hessian is preferred since it is more light-weight and efficient.[4]: 335 
    • RMI (1): method invocations using RMI infrastructure yet specific to Spring[96]
    • RMI (2): method invocations using RMI interfaces complying with regular RMI usage[96]
    • RMI-IIOP (CORBA): method invocations using RMI-IIOP/CORBA
  • Enterprise JavaBean client integration[98]
    • Local EJB stateless session bean connectivity: connecting to local stateless session beans
    • Remote EJB stateless session bean connectivity: connecting to remote stateless session beans
  • SOAP

Apache CXF provides integration with the Spring Framework for RPC-style exporting of objects on the server side.[99]

Both client and server setup for all RPC-style protocols and products supported by the Spring Remote access framework (except for the Apache Axis support) is configured in the Spring Core container.

There is an alternative open-source implementation (Cluster4Spring) of a remoting subsystem included in the Spring Framework that is intended to support various schemes of remoting (1-1, 1-many, dynamic services discovering).[citation needed]

Convention-over-configuration rapid application development

[edit]

Spring Boot

[edit]

Spring Boot Extension is Spring's convention-over-configuration solution for creating stand-alone, production-grade[100] Spring-based Applications that you can "just run".[101] It is preconfigured with the Spring team's "opinionated view"[102][103] of the best configuration and use of the Spring platform and third-party libraries so you can get started with minimum fuss. Most Spring Boot applications need very little Spring configuration.[104]

Key Features:

  • Create stand-alone Spring applications
  • Embed Tomcat or Jetty[105] directly (no need to deploy WAR files)
  • Provide opinionated 'starter' Project Object Models (POMs) to simplify your Maven/Gradle configuration[106]
  • Automatically configure Spring whenever possible[107]
  • Provide production-ready[100] features such as metrics,[108] health checks[108] and externalized configuration[109]
  • Absolutely no code generation[105] and no requirement[106] for XML configuration.[110]
  • Smooth Integration and supports all Enterprise Integration Patterns.

Spring Roo

[edit]

Spring Roo is a community project which provides an alternative, code-generation based approach at using convention-over-configuration to rapidly build applications in Java. It currently supports Spring Framework, Spring Security and Spring Web Flow. Roo differs from other rapid application development frameworks by focusing on:

  • Extensibility (via add-ons)
  • Java platform productivity (as opposed to other languages)
  • Lock-in avoidance (Roo can be removed within a few minutes from any application)
  • Runtime avoidance (with associated deployment advantages)
  • Usability (particularly via the shell features and usage patterns)

Batch framework

[edit]

Spring Batch is a framework for batch processing that provides reusable functions that are essential in processing large volumes of records, including:

It provides more advanced technical services and features that enables extremely high-volume[112] and high-performance batch jobs[111] through optimizations and partitioning[111] techniques.

Spring Batch executes a series of jobs; a job consists of many steps and each step consists of a "READ-PROCESS-WRITE" task or single operation task (tasklet). A "single" operation task is also known as a tasklet.[113] It means doing a single task only, like cleaning up the resources before or after a step is started or completed.

The "READ-PROCESS-WRITE" process consists of these steps: "read" data from a resource (comma-separated values (CSV), XML, or database), "process" it, then "write" it to other resources (CSV, XML, or database). For example, a step may read data from a CSV file,[113] process it, and write it into the database. Spring Batch provides many classes to read/write CSV, XML, and database.[114]

The steps can be chained together to run as a job.[113]

Integration framework

[edit]

Spring Integration is a framework for Enterprise application integration that provides reusable functions essential to messaging or event-driven architectures.

  • routers – routes a message to a message channel based on conditions[115]
  • transformers – converts/transforms/changes the message payload and creates a new message with transformed payload[116]
  • adapters – integrates with other technologies and systems (HTTP, AMQP (Advanced Message Queuing Protocol),[117] JMS (Java Message Service), XMPP (Extensible Messaging and Presence Protocol), SMTP (Simple Mail Transfer Protocol),[118] IMAP (Internet Message Access Protocol), FTP (File Transfer Protocol) as well as FTPS/SFTP, file systems, etc.)
  • filters – filters a message based on criteria. If the criteria are not met, the message is dropped.[119]
  • service activators – invoke an operation on a service object. Spring supports the use of the annotation @ServiceActivator to declare the component that requires this functionality.[120]
  • management and auditing
  • gateways - exposes an interface to the client for the requested services. A messaging middleware is responsible for provisioning this interface. This interface decouples the messaging middleware from the client by hiding the underlying JMS or Spring Integration APIs. Gateways are related to the Facade pattern. Spring's Integration class, SimpleMessagingGateway, provides essential support for gateways. SimpleMessagingGateway enables the Spring application to specify the channel that sends requests, and the channel that expects to receive responses. The primary focus of SimpleMessagingGateway is to deal with payloads, which spares the client from the intricate details of the transmitted and received messages. SimpleMessagingGateway is used along with channels to enable integration with file systems, JMS, e-mail, or any other systems that require payloads and channels.[121]
  • splitter - Separates a large payload into smaller payloads to support different processing flows. The splitter is achieved in Spring using the splitter component. The splitter component usually forwards the messages to classes with more specialized functionality. Spring supports the @Splitter annotation to declare the component that requires this functionality.[122]
  • aggregator - Used for combining many messages into a single result. Loosely speaking, the aggregator is the reverse of the splitter. The aggregator publishes a single message for all components downstream. Spring supports the @Aggregator annotation to declare the component that requires this functionality.[122]

Spring Integration supports pipe-and-filter based architectures.

Spring WebSocket

[edit]

An essential rule for dealing with data streams effectively is to never block.[123] The WebSocket is a viable solution to this problem.[123] The WebSocket Protocol is a low-level transport protocol that allows full-duplex communication channels over a TCP connection. The WebSocket acts as an alternative to HTTP to enable two-way communication between the client and the server. The WebSocket is especially useful for applications that require frequent and fast exchanges of small data chunks, at a high speed and volume.[123]

Spring supports the WebSocket protocol by providing the WebSocket API for the reactive application. The @EnableWebSocket annotation gives Websocket request processing functionality when places in a Spring configuration class. A mandatory interface is the WebSocketConfigurer which grants access to the WebSocketConfigurer. Then, the Websocket URL is mapped to the relevant handlers by implementing the registerWebSocketHandlers(WebSocketHandlerRegistry) method.[124]

Spring WebFlux

[edit]

Spring WebFlux is a framework following the functional programming paradigm, designed for building reactive Spring applications. This framework uses functional programming and Reactive Streams extensively. A good use case for Spring WebFlux is for applications that require sending and receiving instantaneous information, such as a web application with chatting capabilities.[125]

Although applications using Spring WebFlux technology is usually less readable than their MVC counterparts, they are more resilient, and simpler to extend.[126] Spring WebFlux reduces the need to deal with the complications associated with synchronizing thread access.[126]

Spring WebFlux supports server-sent events (SSE), which is a server push technology that allows the client to get automatic updates from a server through an HTTP connection. This communication is unidirectional, and shares many similarities with the publish/subscribe model found in JMS.[123]

Relationship with Jakarta Enterprise Beans (EJB)

[edit]

The container can be turned into a partially compliant EJB (Enterprise JavaBeans) 3.0 container by means of the Pitchfork project.[citation needed] Some[who?] criticize the Spring Framework for not complying with standards.[127][failed verification] However, SpringSource doesn't see EJB 3 compliance as a major goal, and claims that the Spring Framework and the container allow for more powerful programming models.[128][failed verification]

Spring4Shell vulnerability

[edit]

A remote code execution vulnerability affecting certain versions of Spring Framework was published in April 2022 under CVE-2022-22965. It was given the name Spring4Shell in reference to the recent Log4Shell vulnerability, both having similar proofs-of-concept in which attackers could on vulnerable machines, gain shell access[129] or even full control.[130]

See also

[edit]

Citations

[edit]
  1. ^ "Release v6.2.0".
  2. ^ a b c Deinum et al. 2014, p. 47, §2 Spring Core Tasks.
  3. ^ Deinum et al. 2014, pp. 694–698, §16-2 Integrating Two Systems Using JMS.
  4. ^ a b c d e f g h i j k l m n o p q r s t u v w x y z aa ab ac ad ae Johnson & Hoeller 2004.
  5. ^ Deinum & Cosmina 2021, p. 1, §1 Setting up a Local Development Environment.
  6. ^ "Spring Framework 1.0 Final Released". Official Spring Framework blog. 24 March 2014. Retrieved 1 March 2021.
  7. ^ Jolt winners 2006
  8. ^ "JAX Innovation Award Gewinner 2006". Archived from the original on 2009-08-17. Retrieved 2009-08-12.
  9. ^ "Spring Framework 3.2.5 Released". Official Spring website. 7 Nov 2013. Retrieved 16 October 2016.
  10. ^ "Announcing Spring Framework 4.0 GA Release". Spring blog. 12 December 2013.
  11. ^ Walls 2016, pp. 92–106, §5.
  12. ^ Cosmina et al. 2017, pp. 125–126, §4 Spring Configuration in Detail and Spring Boot.
  13. ^ Cosmina et al. 2017, pp. 1–18, §1 Introducing Spring.
  14. ^ "Spring Framework 4.2 goes GA". Spring Blog. 31 July 2015.
  15. ^ a b "Spring Framework 4.2 goes GA". Spring Blog.
  16. ^ "Spring Framework Versions: Supported Versions". github.com.
  17. ^ "Reactive Spring". Spring Blog. 9 February 2016.
  18. ^ "Spring Framework 6.0 goes GA". Spring Blog. 16 November 2022.
  19. ^ Walls 2019, p. 48.
  20. ^ Spring Framework documentation for the Core Container
  21. ^ a b Johnson et al. 2005, Chapter §2 - The Bean Factory and ApplicationContext.
  22. ^ Deinum et al. 2014, p. 137, §3-1 Using Java Config to configure POJOs.
  23. ^ a b Johnson & Hoeller 2004, p. 150, Introducing the Spring Framework - The Core Bean Factory.
  24. ^ a b c d e f g Deinum & Cosmina 2021, pp. 22–25, §2 Spring Framework Fundamentals - The Spring Framework.
  25. ^ Walls 2016, p. 240, §Appendix D Spring Boot dependencies.
  26. ^ Johnson et al. 2005, Chapter §1 Introducing the Spring Framework - Module Summary.
  27. ^ Johnson et al. 2005, Chapter §4 - Spring and AOP.
  28. ^ Deinum et al. 2014, pp. 196–198, §3-17 AOP introductions for POJOs.
  29. ^ Johnson et al. 2005, Acegi Security System for Spring.
  30. ^ Deinum et al. 2014, p. 331, §7 Spring Security.
  31. ^ Walls 2019, pp. 56–59.
  32. ^ a b c d e f Deinum et al. 2014, pp. 419–426, §10 Data Access.
  33. ^ Deinum et al. 2014, pp. 677–681, §15-4 Create Message-Driven POJOs in Spring.
  34. ^ Johnson et al. 2005, Chapter §12 - Web MVC Framework.
  35. ^ a b c Deinum et al. 2014, p. 217, §4 Spring @MVC.
  36. ^ Deinum et al. 2014, pp. 525–534, §12-3 Writing a Custom ItemWriter and ItemReader.
  37. ^ Deinum et al. 2014, pp. 627–632, §14-7 Expose and Invoke Services through RMI; §14-8 Expose and Invoke Services through HTTP.
  38. ^ Deinum et al. 2014, pp. 641–658, §14-10 Introduction to contract first SOAP Web Services,§14-11 Expose and invoke SOAP Web Services with Spring-WS,§14-12 Develop SOAP Web Services with Spring-WS and XML Marshalling.
  39. ^ Johnson et al. 2005, Chapter §8 - Lightweight Remoting.
  40. ^ a b Johnson et al. 2005, Chapter §9 - Supporting Services.
  41. ^ Deinum et al. 2014, p. 475, §11 Spring Transaction Management.
  42. ^ Deinum et al. 2014, p. 591, §14 Spring Java Enterprise Services and Remoting Technologies.
  43. ^ Deinum et al. 2014, pp. 737–739, §17-3 Unit Testing Spring MVC Controllers.
  44. ^ Deinum et al. 2014, pp. 739–743, §17-4 Managing Application Contexts in Integration Tests.
  45. ^ Musib 2022, p. 358, §8.3 Introducing Spring WebFlux.
  46. ^ Cosmina et al. 2017, p. 21-23.
  47. ^ Cosmina et al. 2017, pp. 24–25, §2 Accessing Spring Modules Using Maven.
  48. ^ Cosmina et al. 2017, p. 26, §2 Accessing Spring Modules Using Gradle.
  49. ^ a b Deinum et al. 2014, pp. 53–62, §2-2 Create POJOs by Invoking a Constructor.
  50. ^ a b Deinum et al. 2014, pp. 48–52, §2-1 Manage and Configure POJOs with the Spring IoC Container.
  51. ^ Deinum et al. 2014, pp. 59–67, §2-3 Use POJO References, Auto-Wiring, and Imports to Interact with Other POJOs.
  52. ^ Deinum et al. 2014, pp. 112–116, §2-16 Use Property Editors in Spring.
  53. ^ a b Walls 2019, pp. 4–6, §1.1 Getting started with Spring - What is Spring.
  54. ^ Cosmina et al. 2017, p. 37, §3 Introducing IoC and DI in Spring.
  55. ^ What is the difference between the depencylookup and dependency injection - Spring Forum. Forum.springsource.org (2009-10-28). Retrieved on 2013-11-24.
  56. ^ Deinum & Cosmina 2021, pp. 26–32, §2 Spring Framework Fundamentals - Dependency Injection.
  57. ^ a b Johnson & Hoeller 2004, pp. 135–137, §6 Lightweight Containers and Inversion of Control - IOC Containers.
  58. ^ Deinum et al. 2014, pp. 145–151, §3-3 Use POJO References and Auto-Wiring to Interact with other POJOs.
  59. ^ a b c Cosmina et al. 2017, pp. 112–120, §3 Introducing IoC and DI in Spring - Autowiring Your Beans.
  60. ^ a b c Deinum et al. 2014, pp. 151–154, §3-4 Auto-wire POJOs the @Resource and @Inject annotation.
  61. ^ Deinum et al. 2014, pp. 99–104, §2-12 Aspect Orientated Programming.
  62. ^ a b c Deinum et al. 2014, pp. 492–494, §11-6 Managing Transactions Declaratively with the @Transactional Annotation.
  63. ^ Deinum et al. 2014, pp. 509–510, §11-11 Managing Transactions with Load-Time Weaving.
  64. ^ Spring AOP XML Configuration
  65. ^ AspectJ Annotation Configuration
  66. ^ Deinum et al. 2014, pp. 441–446, §10-5 Handling Exceptions in the Spring JDBC Framework.
  67. ^ Deinum et al. 2014, pp. 426–441, 463–465.
  68. ^ Hibernate VS Spring
  69. ^ Deinum et al. 2014, pp. 463–466, §10-8 Persisting Objects with Spring's ORM Templates.
  70. ^ Deinum et al. 2014, pp. 446–462, §10-6 Problems with Using ORM Frameworks Directly.
  71. ^ "Spring Data JPA for Abstraction of Queries". 6 February 2018. Retrieved 2018-02-06.
  72. ^ a b Deinum et al. 2014, pp. 456–460, §10-7 Configuring ORM Resource Factories in Spring.
  73. ^ a b c d Deinum et al. 2014, pp. 464–468, §11-2 Choosing a Transaction Manager Implementation.
  74. ^ a b Deinum et al. 2014, pp. 494–499, §11-7 Setting the Propagation Transaction Attribute.
  75. ^ Deinum et al. 2014, pp. 482–484, §11-2 Choosing a Transaction Manager Implementation.
  76. ^ Deinum et al. 2014, pp. 484–486, §11-3 Managing Transactions Programmatically with the Transaction Manager API.
  77. ^ Deinum et al. 2014, pp. 486–489, §11-4 Managing Transactions Programmatically with a Transaction Template.
  78. ^ Deinum et al. 2014, pp. 677–685, §15-4 Create Message-Driven POJOs in Spring.
  79. ^ Deinum et al. 2014, pp. 685–686, §15-5 Cache and pool JMS connections.
  80. ^ Introduction to the Spring Framework
  81. ^ Johnson, Expert One-on-One J2EE Design and Development, Ch. 12. et al.
  82. ^ Patterns of Enterprise Application Architecture: Front Controller
  83. ^ a b c d e f g Deinum et al. 2014, pp. 217–232, §4-1 Developing a Simple Web Application with Spring MVC.
  84. ^ Deinum & Cosmina 2021, pp. 82–83, §4 Spring MVC Architecture - The Request Processing Summary.
  85. ^ Deinum et al. 2014, pp. 217–219, §4-1 Developing a Simple Web Application with Spring MVC.
  86. ^ Walls 2019, pp. 18–19.
  87. ^ a b Deinum et al. 2014, pp. 236–239, §4-3 Intercepting Requests with Handler Interceptors.
  88. ^ Deinum et al. 2014, pp. 239–240, §4-4 Resolving User Locales.
  89. ^ Deinum & Cosmina 2021, pp. 75–76, §4 Spring MVC Architecture - Prepare a request.
  90. ^ a b Deinum et al. 2014, pp. 243–247, §4-6 Resolving Views by Names.
  91. ^ Deinum & Cosmina 2021, p. 81, §4 Spring MVC Architecture - Render a view.
  92. ^ Deinum et al. 2014, p. 723, §17 Spring Testing.
  93. ^ a b c Deinum & Cosmina 2021, pp. 73–74, §4 Spring MVC Architecture - DispatcherServlet Request Processing Workflow.
  94. ^ a b Walls 2019, p. 35.
  95. ^ a b c d e f Deinum & Cosmina 2021, pp. 84–90, §4 Spring MVC Architecture - Bootstrapping DispatcherServlet.
  96. ^ a b c Deinum et al. 2014, pp. 627–632, §14-7 Expose and Invoke Services through RMI.
  97. ^ a b Deinum et al. 2014, pp. 632–635, §14-8 Expose and Invoke Services through HTTP.
  98. ^ Deinum et al. 2014, pp. 692–694, §16-1 Integrating One System with Another Using EAI.
  99. ^ a b Deinum et al. 2014, pp. 635–641, §14-9 Expose and invoke SOAP Web Services with JAX-WS.
  100. ^ a b Walls 2016, p. vii, §foreword.
  101. ^ "Spring Boot". spring.io.
  102. ^ Walls 2016, p. 48, §2.4.
  103. ^ Deinum & Cosmina 2021, pp. 21–22, §2 Spring Framework Fundamentals.
  104. ^ Walls 2016, pp. 37–48, §2.3.
  105. ^ a b Walls 2016, p. 7, §1.1.3.
  106. ^ a b Walls 2016, p. x, §Preface.
  107. ^ Walls 2016, pp. 4–5, §1.1.2.
  108. ^ a b Walls 2016, pp. 124–139, §7.
  109. ^ Walls 2016, pp. 49–69, §3.1-§3.2.3.
  110. ^ "About Spring Boot". Retrieved 2020-03-18.
  111. ^ a b c Deinum et al. 2014, pp. 536–541, §12-7 Controlling Step Execution.
  112. ^ Deinum et al. 2014, pp. 714–717, §16-9 Staging Events Using Spring Batch.
  113. ^ a b c Deinum et al. 2014, pp. 518–524, §12-2 Reading and Writing.
  114. ^ Deinum et al. 2014, pp. 511–512, §12 Spring Batch.
  115. ^ Deinum et al. 2014, pp. 713–714, §16-8 Conditional Routing with Routers.
  116. ^ Deinum et al. 2014, pp. 704–707, §16-5 Transforming a Message from One Type to Another.
  117. ^ Deinum et al. 2014, pp. 686–690, §15-6 Send and Receive AMQP Messages with Spring.
  118. ^ Deinum et al. 2014, pp. 613–620, §14-4 Send E-mail with Spring’s E-mail Support.
  119. ^ Deinum et al. 2014, p. 406, §9-2 Using Spring in Your Servlets and Filters.
  120. ^ Deinum et al. 2014, pp. 695–698, §16-2 Integrating Two Systems Using JMS.
  121. ^ Deinum et al. 2014, pp. 717–722, §16-10 Using Gateways.
  122. ^ a b Deinum et al. 2014, pp. 710–713, §16-7 Forking Integration Control: Splitters and Aggregators.
  123. ^ a b c d Deinum & Cosmina 2021, pp. 422–425, §11 The WebSocket Protocol.
  124. ^ Deinum & Cosmina 2021, pp. 425–432, §11 The WebSocket Protocol.
  125. ^ Deinum & Cosmina 2021, p. 369, §10 Building Reactive Applications with Spring WebFlux.
  126. ^ a b Deinum & Cosmina 2021, p. 421, §11 Securing Spring WebFlux Applications.
  127. ^ Spring VS EJB3
  128. ^ "Pitchfork FAQ". Retrieved 2006-06-06.
  129. ^ "Spring4Shell: critical vulnerability in Spring - Kaspersky official blog".
  130. ^ Chirgwin, Richard (4 April 2022). "VMware sprung by Spring4shell vulnerability". itnews.com.au. Archived from the original on 13 February 2024. Retrieved 13 February 2024.

References

[edit]
[edit]